public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "PierreGondois" <pierre.gondois@arm.com>
To: Ard Biesheuvel <ardb@kernel.org>, "Yao, Jiewen" <jiewen.yao@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
	Leif Lindholm <leif@nuviainc.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	"Wang, Jian J" <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe
Date: Mon, 6 Mar 2023 18:09:10 +0100	[thread overview]
Message-ID: <a5a30666-6f61-0de5-c426-9d9250d1d623@arm.com> (raw)
In-Reply-To: <CAMj1kXH_V89-smbOxwt8jXbnLA42Jp0t=6m_CvFj8Jn=S3azXw@mail.gmail.com>

Hello Jiewen, Ard,
Thanks for the review.

On 3/6/23 17:22, Ard Biesheuvel wrote:
> On Mon, 6 Mar 2023 at 16:42, Yao, Jiewen <jiewen.yao@intel.com> wrote:
>>
>> Hi Pierre
>> I don’t have strong opinion.
>>
>> For ARM specific patch, would you please get R-B from ARM expert?
>>
>> I think we need to wait for the response from Ard to confirm.
>>
> 
> These patches
> 
>    SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
>    SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
> 
> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> 
> Jiewen, if you don't mind, I will merge those right away.
> 
> For the remaining patch, I am not sure I understand why the behavior
> regarding the zero GUID is correct. Perhaps we could
> revisit/resend/review that patch in isolation?

About the zero GUID, the PcdCpuRngSupportedAlgorithm allows to describe
the platform specific rng algorithm used. However KvmTool could run
on any platform, so PcdCpuRngSupportedAlgorithm cannot be set to a proper
GUID value.
A zero GUID is not really compliant to the UEFI spec (s37.5.1 EFI RNG
Algorithm Definitions), but I am not sure which other choice could be
made,

I'm not sure this was your question, please let know if it wasn't,

Regards,
Pierre


> 
> Thanks,
> Ard.
> 
> 
> 
> 
>>
>>> -----Original Message-----
>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>> Sent: Monday, March 6, 2023 11:38 PM
>>> To: devel@edk2.groups.io
>>> Cc: Leif Lindholm <leif@nuviainc.com>; Sami Mujawar
>>> <sami.mujawar@arm.com>; Yao, Jiewen <jiewen.yao@intel.com>; Wang,
>>> Jian J <jian.j.wang@intel.com>; Ard Biesheuvel <ardb@kernel.org>
>>> Subject: Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for
>>> ArmTrngLib/RngDxe
>>>
>>> Hello Jiewen, Jian,
>>> Do these patches in this set look ok to you ?
>>> - SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
>>> - SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
>>> - SecurityPkg/RngDxe: Fix Rng algo selection for Arm
>>>
>>> Regards,
>>> Pierre
>>>
>>> On 2/10/23 10:26, PierreGondois via groups.io wrote:
>>>> Hello Jiewen, Jian,
>>>> Just a reminder in case this was forgotten,
>>>> Regards,
>>>> Pierre
>>>>
>>>> On 1/9/23 13:26, Pierre Gondois wrote:
>>>>> Hello,
>>>>> I was wondering if I should re-arrange the patch in any way/there was any
>>>>> concern with the patch set. The first patch of serie was taken, but the
>>> other
>>>>> ones are pending,
>>>>>
>>>>> Regards,
>>>>> Pierre
>>>>>
>>>>> On 11/28/22 14:34, PierreGondois via groups.io wrote:
>>>>>> Hello Ard,
>>>>>>
>>>>>> On 11/26/22 15:33, Ard Biesheuvel wrote:
>>>>>>> On Thu, 24 Nov 2022 at 17:18, <Pierre.Gondois@arm.com> wrote:
>>>>>>>>
>>>>>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>>>>>>
>>>>>>>> v1:
>>>>>>>> - https://edk2.groups.io/g/devel/message/96356
>>>>>>>> v2:
>>>>>>>> - https://edk2.groups.io/g/devel/message/96434
>>>>>>>> - Reformulate commit message.
>>>>>>>> - Do not warn if no algorithm is found as the message
>>>>>>>>        would be printed on non-Arm platforms.
>>>>>>>> v3:
>>>>>>>> - Add the following patches:
>>>>>>>>        1. ArmPkg/ArmTrngLib: Remove ASSERTs in
>>> ArmTrngLibConstructor()
>>>>>>>>           Requested by Ard.
>>>>>>>>           Cf https://edk2.groups.io/g/devel/message/96495
>>>>>>>>        2. SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
>>>>>>>>           Do not install EFI_RNG_PROTOCOL if no RNG algorithm is
>>> available.
>>>>>>>>           Cf. https://edk2.groups.io/g/devel/message/96494
>>>>>>>>        3. SecurityPkg/RngDxe: Fix Rng algo selection for Arm
>>>>>>>>           Coming from v2 patch being split.
>>>>>>>>
>>>>>>>> Some issues were found by Ard/Sami on the RngDxe/ArmTrngLib after
>>>>>>>> recent patches were merged. This patch serie intends to fix them.
>>>>>>>>
>>>>>>>> Pierre Gondois (4):
>>>>>>>>        ArmPkg/ArmTrngLib: Remove ASSERTs in ArmTrngLibConstructor()
>>>>>>>
>>>>>>> Thanks for the fixed
>>>>>>>
>>>>>>> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
>>>>>>>
>>>>>>> I pushed this one as #3663 (pending CI verification atm)
>>>>>>>
>>>>>>>>        SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
>>>>>>>>        SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
>>>>>>>>        SecurityPkg/RngDxe: Fix Rng algo selection for Arm
>>>>>>>>
>>>>>>>
>>>>>>> The remaining code still looks a bit clunky to me. Can't we just
>>>>>>> return an error from the library constructor of the library cannot
>>>>>>> initialize due to a missing prerequisite?
>>>>>>
>>>>>> In RngDriverEntry(), GetAvailableAlgorithms() probe the available
>>>>>> RNG algorithms. If there are none, then we return an error code.
>>>>>> Otherwise we install EFI_RNG_PROTOCOL.
>>>>>>
>>>>>> I assume the prerequisite you a referring to is 'checking there is
>>>>>> at least one available RNG algorithm that RngDxe can use', so if
>>>>>> ArmTrngLib's constructor fails, we should not prevent RngDxe to be
>>>>>> loaded (as the RngLib could be used for instance).
>>>>>>
>>>>>> Does it answer your question, or did I understand it incorrectly ?
>>>>>>
>>>>>> Regards,
>>>>>> Pierre
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>       ArmPkg/Library/ArmTrngLib/ArmTrngLib.c        |  5 -----
>>>>>>>>       .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  | 18 +++++---
>>> ----------
>>>>>>>>       .../RngDxe/Rand/RngDxe.c                      |  9 ++++++++-
>>>>>>>>       .../RandomNumberGenerator/RngDxe/RngDxe.c     | 19
>>> ++++++++++++++-----
>>>>>>>>       4 files changed, 27 insertions(+), 24 deletions(-)
>>>>>>>>
>>>>>>>> --
>>>>>>>> 2.25.1
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>> 
>>>>
>>>>

  reply	other threads:[~2023-03-06 17:09 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-24 16:17 [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe PierreGondois
2022-11-24 16:17 ` [PATCH v3 1/4] ArmPkg/ArmTrngLib: Remove ASSERTs in ArmTrngLibConstructor() PierreGondois
2022-11-24 16:17 ` [PATCH v3 2/4] SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount PierreGondois
2022-11-24 16:17 ` [PATCH v3 3/4] SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL PierreGondois
2022-11-24 16:17 ` [PATCH v3 4/4] SecurityPkg/RngDxe: Fix Rng algo selection for Arm PierreGondois
2022-11-26 14:33 ` [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe Ard Biesheuvel
2022-11-28 13:34   ` PierreGondois
2022-12-07  8:53   ` [edk2-devel] " Sami Mujawar
2022-12-07  9:04     ` Sami Mujawar
     [not found]   ` <172BC2FE233A5592.368@groups.io>
2023-01-09 12:26     ` PierreGondois
2023-02-10  9:26       ` PierreGondois
     [not found]       ` <17426C66FE22D73E.5513@groups.io>
2023-03-06 15:37         ` PierreGondois
2023-03-06 15:42           ` Yao, Jiewen
2023-03-06 16:22             ` Ard Biesheuvel
2023-03-06 17:09               ` PierreGondois [this message]
2023-03-06 17:36                 ` Ard Biesheuvel
2023-03-07  7:53               ` Yao, Jiewen
2023-03-07 15:38                 ` Ard Biesheuvel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=a5a30666-6f61-0de5-c426-9d9250d1d623@arm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox