From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (EUR04-DB3-obe.outbound.protection.outlook.com [40.107.6.74]) by mx.groups.io with SMTP id smtpd.web10.7968.1688718402377122030 for ; Fri, 07 Jul 2023 01:26:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=hH8lJdX7; spf=pass (domain: arm.com, ip: 40.107.6.74, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R5onXtC4gcnVmTbnBv1ifmFWKohDYjMNPvTkKv7IEOs=; b=hH8lJdX7FertFMBGdj2hI9Ylq9A3nzSjmUDgrXkJexWkR/VQz5l14Ek4NQLSuJr/+kanyxc44f3Ls9HNSt2pT8IPmn38XKLPFd8NgD+mmBBYCUzFPA76JHw9XSnqcWDtR8oO9Pbqvb1lO07rbEa4v11weRvuKRWOlNnOUWT1CRw= Received: from DU2PR04CA0040.eurprd04.prod.outlook.com (2603:10a6:10:234::15) by DB9PR08MB7674.eurprd08.prod.outlook.com (2603:10a6:10:37d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 08:26:36 +0000 Received: from DBAEUR03FT065.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:234:cafe::25) by DU2PR04CA0040.outlook.office365.com (2603:10a6:10:234::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.25 via Frontend Transport; Fri, 7 Jul 2023 08:26:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT065.mail.protection.outlook.com (100.127.142.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.25 via Frontend Transport; Fri, 7 Jul 2023 08:26:35 +0000 Received: ("Tessian outbound f9124736ff4f:v145"); Fri, 07 Jul 2023 08:26:35 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 691bb4b5dbc17765 X-CR-MTA-TID: 64aa7808 Received: from 0e5a92ab68d9.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id BE9AE5EF-DB8E-4975-BF65-83CF04F20B0D.1; Fri, 07 Jul 2023 08:26:29 +0000 Received: from EUR03-AM7-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0e5a92ab68d9.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 07 Jul 2023 08:26:29 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WLSxB104nHNLh+KPwNLUiI7UlmjTi+3Joe8gSzIP3WC1xPYz2XiqsG1V6+7RuZR70ccyza9BID4I+TKvi/DOWpRf6Kqri+qYQ4eg+Aoh8do+Q0WQjmtO7F9kDwZMkD/YY0OTJ1PYWzYCm7ErlLCDEApfiWziyhxaPjtrmr28g7a2oj5W1XDGfBNk9wsw3VKpOSAxWuDv12iv0AzdCKDVcYwTK1T0eDMKyXwGwaMfJpoMv5IVgktF+l74SepJDyMTE8fjVU8tnNjLe0EFEgBXHo+0CepqM0Eu2FZoL8Zq2BjTZq0aPt1POrdEVLwfyKsAhsieMA8pEGM0QcR8VwATqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=R5onXtC4gcnVmTbnBv1ifmFWKohDYjMNPvTkKv7IEOs=; b=n1INsWLpPj/ZdrWqrEMjord0EQUVJcKjFd66GpLBQ07KMkyUamjSYOVPu49EBfS66nQAg1czNZ3U13ne3OzTqggjiABov+iL1gmZ2us8QGlUnCWBCwbJfIFaz+T5qRbCtedLfvQtKSiaZT12ken1YBO+dcwAXN2KQRoMH8PnWMKNk75/E2I+ojVyVaB78A2LjLmlcMPCB82BUW2OfoNqTtyBmOBtmWW0OOWc60Q9VPc/wvxZV2Yo1ainxW8q57A0Y+VpyfVWor5BBw2YzAca8rUIqW/k13nIFhV6LiriXHjApVsdgN2ilhLHqoNhCa94th8lf2sC1D1S+Sqvt/zVTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=R5onXtC4gcnVmTbnBv1ifmFWKohDYjMNPvTkKv7IEOs=; b=hH8lJdX7FertFMBGdj2hI9Ylq9A3nzSjmUDgrXkJexWkR/VQz5l14Ek4NQLSuJr/+kanyxc44f3Ls9HNSt2pT8IPmn38XKLPFd8NgD+mmBBYCUzFPA76JHw9XSnqcWDtR8oO9Pbqvb1lO07rbEa4v11weRvuKRWOlNnOUWT1CRw= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by DB9PR08MB8507.eurprd08.prod.outlook.com (2603:10a6:10:3d4::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 08:26:26 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850%4]) with mapi id 15.20.6565.016; Fri, 7 Jul 2023 08:26:26 +0000 Message-ID: Date: Fri, 7 Jul 2023 09:26:23 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 0/6] SecurityPkg/MdePkg: Update RngLib GUID identification To: pierre.gondois@arm.com, devel@edk2.groups.io, Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel Cc: Jose Marinho , Kun Qin , "nd@arm.com" References: <20230706085159.626374-1-pierre.gondois@arm.com> From: "Sami Mujawar" In-Reply-To: <20230706085159.626374-1-pierre.gondois@arm.com> X-ClientProxiedBy: LO4P123CA0459.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1aa::14) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: AS8PR08MB6806:EE_|DB9PR08MB8507:EE_|DBAEUR03FT065:EE_|DB9PR08MB7674:EE_ X-MS-Office365-Filtering-Correlation-Id: b9c7e98c-04bf-407d-17f7-08db7ec3e0d4 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: 1UmI/uKKKuetmDNTSaP6NhOzuKYCA5wlHezBpShvaqdJhZauHiQ4HdS8KbJpfBWZEQxntgQTB+5dw+OWBD2Tbw75HRNLJZD9Nrb5gAnsJa5w+NFtTpm94bPDBpKq7D4eAKcdxBeVmFpUzdQFIeSTtayZVZs1DAJ9lwcZScedpoYSCSjnig7Kf4AWgWwah8jccMHqmIe/an8iZ9NCXvBMMqCPYU9CHNr76MG4kJI5lfxsGi1omiBSjqXImVbNbOYU/Fb0LLix5tXZyPqoxtAr4eHsQWP22rktAVr9W+08GJvJ8m/GexCv6UZQlDqp1mI3RIybC/xH+EtwHeoM3uKrlTPvVqPX0W77u7QihGqXIenpGgh+SBJATkv+0FxJKAqkaC9Y2q1rgFr8Mtd9H8KmqOmAyZJ7ZaxUAhFf/niIxtWazy1nDjGUP2fHBqaOVkVJMqSR/AYDJNu3H3s5znUvvlSZ5bjxD0GDq8nDYFoh9rFxnCTYXiw4I5A838YRT9qNEvlZvsRgOkqP6nmk7MZx91E76l/IHWOj/ahXYiKpzWlWS7QoS4YDF1jqY1Lp8vauwLnGlSYDblaAgQpMrotsCgPsKyuMNL5I+hpP+F6Q06fu6beNL2UAzTfpW6M4ZFCdXSKrQEtBsHM0X4J9uSEpQdfEiiLv2m36ZqSNny99BH6QRxR73QTRmaL7x/W5SCW9 X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(376002)(136003)(366004)(346002)(39860400002)(396003)(451199021)(41300700001)(2906002)(5660300002)(15650500001)(44832011)(8676002)(8936002)(36756003)(31696002)(86362001)(31686004)(186003)(2616005)(6666004)(478600001)(54906003)(66476007)(966005)(53546011)(6506007)(26005)(6512007)(66946007)(4326008)(66556008)(110136005)(83380400001)(6486002)(316002)(38100700002)(19627235002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB8507 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT065.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: e1ae815c-0def-4a3e-ee9b-08db7ec3dafe X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: GhR1x4AIgORNSSzvdLktqpABcz7ENcBShTQ2IvWRnIQQzwWhj4t4fvggaHvW7CAgIGqIz4kW/36OrHbLABX5kWgT/ks9zjyhbXuYBySi+5rzemzZdZsDvb4Ru+fFB7EFTHzL9A7o2QC/j6PwsnAkpjwZG3gfgOcQsmCSpKV3edJXKqi9990Q4hXhQyJj5I42TeCXo5ul0yVSMlS6mYsYcTU6H8eobRnJPnpucYs+0Apjt1w60QBNmuuQVUvqh8t1pTVBhCrL1EEoT6j/AzfWO2b8RLTRTWmVdk+2BUqMgNN7tXTSfbj4qfBrBrQsqhqxwlOHpRbMQ06KEpcFt+lfbB3L3Se7RR4i6JeKUWTZrqhiL2U3xZIcXiGbX1EsBJIuaV7TbFx377EcFbtEOlnLCoR16Q0/+UPB6mu+2HKIDP/F8SanDj6QsCKoIXqP19nxqGGumIA+aWeXgGEnA9DVnry2Ws+DY32qqhplZZZ6UIph5hoSXGCW3XtVEnx2qAVAuyBOogvQkWDANWkmG75xXYfhQAJ3L+n7noBF8+0bJsMdCLo75K3hAaEVT4xqn+M6OYfjGwO4fBQRvtiMIemlI3BIo6EX50pCEuDFTNBf607euZOFFofxD+qXOLQ7+K4tJpTmq96gfDt6/hjhkaL+6coYTm6JmIPVkuIcz/9iL6IZuyhMi8NrwmNYPcyO9GeTtqn7TIc98l+xgrY9CHTMyXpftnSfIrTmz2VfXJWROku8BTwiKPyBNJ1KsOP3ULICl+wUKXRpDRcQLjLt8W4WN3SJJdEfn1OsQy0VayJOKaA= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(376002)(396003)(136003)(39860400002)(346002)(451199021)(40470700004)(46966006)(36840700001)(31686004)(82740400003)(40460700003)(44832011)(966005)(70586007)(36860700001)(26005)(86362001)(31696002)(36756003)(40480700001)(316002)(356005)(82310400005)(70206006)(6512007)(47076005)(186003)(2616005)(336012)(83380400001)(478600001)(53546011)(6506007)(6666004)(6486002)(19627235002)(4326008)(81166007)(54906003)(41300700001)(110136005)(5660300002)(8936002)(8676002)(15650500001)(2906002)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2023 08:26:35.8463 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b9c7e98c-04bf-407d-17f7-08db7ec3e0d4 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT065.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB7674 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Dear MdePkg & SecurityPkg maintainers, This series and Kun's patch at https://edk2.groups.io/g/devel/message/106547 are both required to fix the RNG implementation for Arm. Is it possible to provide feedback for this series and Kun's patch, please? I plan to merge this series and Kun's patch, if there is no further feedback by end of next week. Regards, Sami Mujawar On 06/07/2023 09:51 am, pierre.gondois@arm.com wrote: > From: Pierre Gondois > > v3: > - As the unsafe algorithm GUID will not be added to the UEFI > specification, rename: > - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe > - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE > > v2: > [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation > - Dropped > [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg > - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm > token number > - Rename to SecurityPkg/SecurityPkg.dec: Move > PcdCpuRngSupportedAlgorithm to MdePkg > [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib > - Remove gEfiRngAlgorithmUnSafe from inf file > - Split Guids definitions in arch specific sections > [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > - Remove RngFindDefaultAlgo() and change logic accordingly. > [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm > - Dropped due to changes in [6/8] > > This patch also requires the following patch on top of the serie: > - https://edk2.groups.io/g/devel/message/106546 > > This patchset follows the 'code first' approach and relates to [1]. > This patchset follows the thread at [3] that aims to solve [2]. > [1] and [2] are bound and this patchset aims to solve both. > > In this patchset: > a- > The RngDxe can rely on the RngLib. However the RngLib has no > interface allowing to describe which Rng algorithm is implemented. > The RngDxe must advertise the algorithm that are available through > the RngGetInfo() callback. > Add a GetRngGuid() for interface to the RngLib. > > b- > The Arm Architecture states the RNDR that the DRBG algorithm should > be compliant with NIST SP800-90A, while not mandating a particular > algorithm, so as to be inclusive of different geographies. > The RngLib can rely on this Arm RNDR instruction. In order to > accurately describe the implementation using the RNDR instruction, > add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. > > c- > For the same reason as a/b, add a GUID describing unsafe RNG > algorithms, allowing to accurately describe the BaseRngLibTimerLib. > > d- > Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the > Arm implementation of the RngDxe. > > [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 > [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 > [3] https://edk2.groups.io/g/devel/message/100806 > > Pierre Gondois (6): > SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to > MdePkg > MdePkg/DxeRngLib: Request raw algorithm instead of default > MdePkg/Rng: Add GUIDs to describe Rng algorithms > MdePkg/Rng: Add GetRngGuid() to RngLib > SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm > > MdePkg/Include/Library/RngLib.h | 17 ++++++ > MdePkg/Include/Protocol/Rng.h | 20 +++++++ > MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ > MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ > MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ > .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ > .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ > .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ > MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- > MdePkg/MdePkg.dec | 7 +++ > .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- > .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- > SecurityPkg/SecurityPkg.dec | 2 - > 14 files changed, 258 insertions(+), 37 deletions(-) >