Thanks to confirm that.
I am OK on what you have said.
Since the ARM part is added by Pierre Gondois
pierre.gondois@arm.com, I will let him comment if there is any concern on the change for ARM.
Thank you
Yao, Jiewen
From: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
Sent: Saturday, May 11, 2024 5:12 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng
So, I'm trying to consult with some RNG experts because I'm by no means an expert and anything I say should be taken with huge grain of salt. When I get the experts take, I'll share it.
Basically, the way I read this code is that it by no means tries to enforce any entropy requirement outside of what you ask for.
My understanding is the 256 Bit Entropy requirements comes from when you are using a DRNG algorithm such as:
#define EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID \
{0xa7af67cb, 0x603b, 0x4d42,\
{0xba, 0x21, 0x70, 0xbf, 0xb6, 0x29, 0x3f, 0x96}}
#define EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID \
{0xc5149b43, 0xae85, 0x4f53,\
{0x99, 0x82, 0xb9, 0x43, 0x35, 0xd3, 0xa9, 0xe7}}
#define EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID \
{0x44f0de6e, 0x4d8c, 0x4045, \
{0xa8, 0xc7, 0x4d, 0xd1, 0x68, 0x85, 0x6b, 0x9e}}
"When a Deterministic Random Bit Generator (DRBG) is used on the output of a (raw) entropy source, its security level must be at least 256 bits."
https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol
That is, the seed of these algorithms must be at a minimum 256 bits from your entropy source.
Now when you call for instance EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
On an INTEL CPU it uses the Intel RDRAND Instruction
Which from what I can tell the generator takes pairs of 256-bit raw entropy samples generated by the hardware entropy source and applies them to an Advanced Encryption Standard (AES) (in CBC-MAC mode) conditioner which reduces them to a single 256-bit conditioned
entropy sample.
https://en.wikipedia.org/wiki/RDRAND
Which means, if you are implementing these algorithms in software, you must comply with the 256 bit entropy requirement for your source. However in our case the CPU is performing that requirement for us.
Again I'm no expert. So if an expert is reading this and I'm completely wrong please let me know :)