From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
 by mx.groups.io with SMTP id smtpd.web09.2048.1573705279410393256
 for <devel@edk2.groups.io>;
 Wed, 13 Nov 2019 20:21:19 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: michael.d.kinney@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Nov 2019 20:21:18 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,302,1569308400"; 
   d="scan'208";a="216619773"
Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128])
  by orsmga002.jf.intel.com with ESMTP; 13 Nov 2019 20:21:18 -0800
Received: from orsmsx121.amr.corp.intel.com (10.22.225.226) by
 ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 13 Nov 2019 20:21:18 -0800
Received: from orsmsx113.amr.corp.intel.com ([169.254.9.200]) by
 ORSMSX121.amr.corp.intel.com ([169.254.10.169]) with mapi id 14.03.0439.000;
 Wed, 13 Nov 2019 20:21:17 -0800
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Wang, Jian J"
	<jian.j.wang@intel.com>, "Kinney, Michael D" <michael.d.kinney@intel.com>
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>, Bret Barkelew
	<bret.barkelew@microsoft.com>, "Zhang, Chao B" <chao.b.zhang@intel.com>,
	"Wu, Jiaxin" <jiaxin.wu@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>,
	"Justen, Jordan L" <jordan.l.justen@intel.com>, Laszlo Ersek
	<lersek@redhat.com>, Leif Lindholm <leif.lindholm@linaro.org>, "Gao, Liming"
	<liming.gao@intel.com>, "Rabeda, Maciej" <maciej.rabeda@intel.com>, "Matthew
 Carlson" <macarl@microsoft.com>, "Ni, Ray" <ray.ni@intel.com>, Sean Brogan
	<sean.brogan@microsoft.com>, "Fu, Siyuan" <siyuan.fu@intel.com>, "Lu,
 XiaoyuX" <xiaoyux.lu@intel.com>
Subject: Re: [edk2-devel] [PATCH 00/11] Use proper entropy sources
Thread-Topic: [edk2-devel] [PATCH 00/11] Use proper entropy sources
Thread-Index: AQHVmpG+rJRvm5s61UKuc1ds9uclPqeKEClQ
Date: Thu, 14 Nov 2019 04:21:17 +0000
Message-ID: <E92EE9817A31E24EB0585FDF735412F5B9E1D1AC@ORSMSX113.amr.corp.intel.com>
References: <20191114021743.3876-1-jian.j.wang@intel.com>
In-Reply-To: <20191114021743.3876-1-jian.j.wang@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [10.22.254.139]
MIME-Version: 1.0
Return-Path: michael.d.kinney@intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Jian,

In this patch series I see mixed use of different RngLib instances.

How does a platform developer working on their DSC file know if the
BaseCryptLib services they are using require a Null or a complete
implementation of the RngLib?  How does a platform developer know
if they made the wrong choice.

Thanks,

Mike

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On
> Behalf Of Wang, Jian J
> Sent: Wednesday, November 13, 2019 6:18 PM
> To: devel@edk2.groups.io
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Bret
> Barkelew <bret.barkelew@microsoft.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>; Wu, Jiaxin
> <jiaxin.wu@intel.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Justen, Jordan L
> <jordan.l.justen@intel.com>; Laszlo Ersek
> <lersek@redhat.com>; Leif Lindholm
> <leif.lindholm@linaro.org>; Gao, Liming
> <liming.gao@intel.com>; Rabeda, Maciej
> <maciej.rabeda@intel.com>; Matthew Carlson
> <macarl@microsoft.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Ni, Ray
> <ray.ni@intel.com>; Sean Brogan
> <sean.brogan@microsoft.com>; Fu, Siyuan
> <siyuan.fu@intel.com>; Lu, XiaoyuX
> <xiaoyux.lu@intel.com>
> Subject: [edk2-devel] [PATCH 00/11] Use proper entropy
> sources
>=20
> REF:
> https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871
>=20
> Patch series summary:
>  - Add BaseRngLibNull to package dsc
>  - Add DxeRngLibRngProtocol to make use
> EFI_RNG_PROTOCOL
>  - Add RdSeed interface and RngLibRdSeed for IA32/X64
> arch
>  - Remove following files
>     rand_pool_noise.h
>     rand_pool_noise_tsc.c
>     rand_pool_noise.c
>  - Update rand_pool.c to use RngLib interface directly
>    and the drop the TimerLib depenency from OpensslLib
>  - Update OVMF platform dsc to use DxeRngLibRngProtocol
>    when necessary
>=20
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Bret Barkelew <bret.barkelew@microsoft.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Leif Lindholm <leif.lindholm@linaro.org>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@intel.com>
> Cc: Matthew Carlson <macarl@microsoft.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Brogan <sean.brogan@microsoft.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
>=20
> Jian J Wang (11):
>   NetworkPkg/NetworkPkg.dsc: specify RngLib instance
> for build
>   SignedCapsulePkg/SignedCapsulePkg.dsc: specify RngLib
> instances
>   FmpDevicePkg/FmpDevicePkg.dsc: specify RngLib
> instances in dsc files
>   MdePkg/BaseLib: add interface to wrap rdseed IA
> instruction
>   SecurityPkg/RngLibRdSeed: add an instance of RngLib
> to make use rdseed
>   SecurityPkg/DxeRngLibRngProtocol: add RNG protocol
> version of RngLib
>   SecurityPkg/SecurityPkg.dsc: add new RngLib instances
> for build
>   OvmfPkg: specify RngLib instances in dsc files
>   ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances
> in dsc files
>   CryptoPkg/OpensslLib: use RngLib to get high quality
> random entropy
>   FmpDevicePkg/FmpDevicePkg.dsc: remove TimerLib
> instance
>=20
>  ArmVirtPkg/ArmVirt.dsc.inc                    |   2 +
>  CryptoPkg/CryptoPkg.dsc                       |   1 +
>  CryptoPkg/Library/OpensslLib/OpensslLib.inf   |  15 +-
>  .../Library/OpensslLib/OpensslLibCrypto.inf   |  15 +-
>  CryptoPkg/Library/OpensslLib/rand_pool.c      | 253
> ++----------------
>  .../Library/OpensslLib/rand_pool_noise.c      |  29 --
>  .../Library/OpensslLib/rand_pool_noise.h      |  29 --
>  .../Library/OpensslLib/rand_pool_noise_tsc.c  |  43 --
> -
>  FmpDevicePkg/FmpDevicePkg.dsc                 |   2 +-
>  MdePkg/Include/Library/BaseLib.h              |  51
> ++++
>  MdePkg/Library/BaseLib/BaseLib.inf            |   4 +
>  MdePkg/Library/BaseLib/BaseLibInternals.h     |  46
> ++++
>  MdePkg/Library/BaseLib/Ia32/RdSeed.nasm       |  87
> ++++++
>  MdePkg/Library/BaseLib/X64/RdSeed.nasm        |  80
> ++++++
>  MdePkg/Library/BaseLib/X86RdSeed.c            |  73
> +++++
>  NetworkPkg/NetworkPkg.dsc                     |   1 +
>  OvmfPkg/OvmfPkgIa32.dsc                       |   5 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                    |   5 +
>  OvmfPkg/OvmfPkgX64.dsc                        |   5 +
>  OvmfPkg/OvmfXen.dsc                           |   5 +
>  .../DxeRngLibRngProtocol.c                    | 200
> ++++++++++++++
>  .../DxeRngLibRngProtocol.inf                  |  42
> +++
>  .../DxeRngLibRngProtocol.uni                  |  14 +
>  .../RngLibRdSeed/RngLibRdSeed.inf             |  37
> +++
>  .../RngLibRdSeed/RngLibRdSeed.uni             |  18 ++
>  .../RngLibRdSeed/RngRdSeed.c                  | 189
> +++++++++++++
>  SecurityPkg/SecurityPkg.dsc                   |   6 +
>  SignedCapsulePkg/SignedCapsulePkg.dsc         |   6 +
>  28 files changed, 909 insertions(+), 354 deletions(-)
> delete mode 100644
> CryptoPkg/Library/OpensslLib/rand_pool_noise.c
>  delete mode 100644
> CryptoPkg/Library/OpensslLib/rand_pool_noise.h
>  delete mode 100644
> CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
>  create mode 100644
> MdePkg/Library/BaseLib/Ia32/RdSeed.nasm
>  create mode 100644
> MdePkg/Library/BaseLib/X64/RdSeed.nasm
>  create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/
> DxeRngLibRngProtocol.c
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/
> DxeRngLibRngProtocol.inf
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/
> DxeRngLibRngProtocol.uni
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd
> Seed.inf
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd
> Seed.uni
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSee
> d.c
>=20
> --
> 2.17.1.windows.2
>=20
>=20
>=20