From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (EUR04-DB3-obe.outbound.protection.outlook.com [40.107.6.76])
 by mx.groups.io with SMTP id smtpd.web10.5173.1688034543978978628
 for <devel@edk2.groups.io>;
 Thu, 29 Jun 2023 03:29:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=FZMlc3Ed;
 spf=pass (domain: arm.com, ip: 40.107.6.76, mailfrom: sami.mujawar@arm.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KQYHYJ387GmHhD7t4KlAsCl4Jvjj4U5Yh4o5otUhfO4=;
 b=FZMlc3EdzSNnRencOP1vDX/DwPEREV6UUcCEOFCQplSpYRK2iSoRGVNIXtEFBr1e8Jisvrek45phpqluRYoULP2fcytNIVSSzsbBOKg2ISGwb8TnxNAftvoC1gWW8KULUUiATzgqx+n6GtnFOSDTJnDS4s5Nc8rXz9NIx7ERDXY=
Received: from AS9PR05CA0278.eurprd05.prod.outlook.com (2603:10a6:20b:492::18)
 by PR3PR08MB5611.eurprd08.prod.outlook.com (2603:10a6:102:85::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Thu, 29 Jun
 2023 10:28:59 +0000
Received: from AM7EUR03FT021.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:20b:492:cafe::e4) by AS9PR05CA0278.outlook.office365.com
 (2603:10a6:20b:492::18) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.22 via Frontend
 Transport; Thu, 29 Jun 2023 10:28:59 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 AM7EUR03FT021.mail.protection.outlook.com (100.127.140.243) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6544.22 via Frontend Transport; Thu, 29 Jun 2023 10:28:59 +0000
Received: ("Tessian outbound 7c913606c6e6:v142"); Thu, 29 Jun 2023 10:28:58 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 6c057d4f9fb49e3d
X-CR-MTA-TID: 64aa7808
Received: from 971cf06ca0f4.2
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7B58B462-E9F8-4E11-88A9-4F4DC5FE3AF0.1;
	Thu, 29 Jun 2023 10:28:52 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 971cf06ca0f4.2
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Thu, 29 Jun 2023 10:28:52 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=c7vMNF/oiFk1buv1YkWXqLauIGq/MJX7fSYqwc8auO6O0qLL5fJuUsN523VqXEMYPobuDGJIhGPvA4n1gJP97WdBUWXwgS4EkEuFLV9dJc8ecM8q5R5NgsphGPTk39Y4+Fz1aAmSwAkpIRDrNpiypXX0ObhhrPrtxqdbG9VLWImHlTfDO3wdy/J+xEASnqz7lUSNv8N90H0wxqdarOZwBAu9wK59AbbWnvxrswsSxDB6Rph7geBXHxOrH7zPLcq3zYKsMLi2ztcP7YKm/DLoLqgD6KkdUpSh+ya/BJWSTyn1FivZ8lqnmGm6L4lnYX9copNkrQ2MKItrjyJrzjcc8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=KQYHYJ387GmHhD7t4KlAsCl4Jvjj4U5Yh4o5otUhfO4=;
 b=BdkYEMWXHx0FNmtyPJn2bmtxxrWtDeLgMgp93cIS22w5IVy7BLMYi4beooF6G8NiJ9fE5Uh7uCdNTTAnnHVTFVDfs/YJFRZmjdJLZmPODWBKDR2sxqLzdbxUeO7Os2XesnCkbdpDydvBF/UP7WbyKB3DnWvY6Yh4kNS7AEHVd++WV5DLACx1XNotQ9AJkHvKZdCABMUORbNhXEXxBeHaWp6QlU4C412T9Zzqv1bBgYYEFkqkAKJlqPNsxreP2qjnzl6OerLMa+BjaYRBNhjxfnTCd+FeUH2suUp6ZCeMZrabCWujOuJxWsBSn5mACB5OkxaMpl/TysypipLpmQQfXQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KQYHYJ387GmHhD7t4KlAsCl4Jvjj4U5Yh4o5otUhfO4=;
 b=FZMlc3EdzSNnRencOP1vDX/DwPEREV6UUcCEOFCQplSpYRK2iSoRGVNIXtEFBr1e8Jisvrek45phpqluRYoULP2fcytNIVSSzsbBOKg2ISGwb8TnxNAftvoC1gWW8KULUUiATzgqx+n6GtnFOSDTJnDS4s5Nc8rXz9NIx7ERDXY=
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12)
 by DU0PR08MB9050.eurprd08.prod.outlook.com (2603:10a6:10:47a::17) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Thu, 29 Jun
 2023 10:28:50 +0000
Received: from AS8PR08MB6806.eurprd08.prod.outlook.com
 ([fe80::8ef4:aa57:6248:7850]) by AS8PR08MB6806.eurprd08.prod.outlook.com
 ([fe80::8ef4:aa57:6248:7850%4]) with mapi id 15.20.6544.019; Thu, 29 Jun 2023
 10:28:49 +0000
Message-ID: <ea513603-063c-e84f-6c30-ea1ad55f6e0a@arm.com>
Date: Thu, 29 Jun 2023 11:28:48 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.12.0
Subject: Re: [PATCH v1 7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm
To: pierre.gondois@arm.com, devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>, Zhiguang Liu
 <zhiguang.liu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Jose Marinho <Jose.Marinho@arm.com>,
 Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>, "nd@arm.com"
 <nd@arm.com>
References: <20230509074042.1523428-1-pierre.gondois@arm.com>
 <20230509074042.1523428-8-pierre.gondois@arm.com>
From: "Sami Mujawar" <sami.mujawar@arm.com>
In-Reply-To: <20230509074042.1523428-8-pierre.gondois@arm.com>
X-ClientProxiedBy: LO4P123CA0627.GBRP123.PROD.OUTLOOK.COM
 (2603:10a6:600:294::15) To AS8PR08MB6806.eurprd08.prod.outlook.com
 (2603:10a6:20b:39b::12)
MIME-Version: 1.0
X-MS-TrafficTypeDiagnostic: 
	AS8PR08MB6806:EE_|DU0PR08MB9050:EE_|AM7EUR03FT021:EE_|PR3PR08MB5611:EE_
X-MS-Office365-Filtering-Correlation-Id: ca10040b-b5cc-436c-7151-08db788ba679
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 wndA2y1tQ+FnnSvKQN8yMZg74b8v+rtze/Ed2ofeXpFM/P1AHfDFhvxMG9RdkQRwb/xOMZK+FVUWxUxuUqHKs7C0WO/5GAL6eY9RcebDOXkbbqeA0aR53kcB52RYEzxZPGminsOGzx5ZEv1TUePsQXxDMJqpCF7QB0Bce0kcq0Jui+lAPTBH9JKWp3GBTLK7/WI6ANrxNtcE8cKH9NljihJzUEZWQ4jh6zo5GRznA/A+vTjJBUn/fq5ci6VRNSrKEE71G5YjrUpdfblPuFSC0IQ2JxrCVEirksl+5B+v5owiGGu+1IFw4Le3kCjlvjoUkTiIys2+hk52KpJaTPH1gOQ7fpF2a71PsO2WlxK1iUVtwi0c9e7McSN7s3u3WHpfOht87IOhUryOkbfFpcz9eLqQ7cSZZQi4dJdw1zfH/R+lKkB3P+m8hfr8KNsnJsiSwboeDwHqbiEUorsmG0Jml82k1hBEonNTEliFlBfVnw4Y6pWtJXoQ0/Fw5mNloRz7aIKWRolZcKpbwrIICiENgiKB1UwUXlZScdOycOVL9eI64gTF/2gmIjz7jZ2faLv5cHQOv6GRUnZRf8k7wwfGp7Musd9tWM9XuDOgATbRuCF4BvKJy2s/Wbxc4VIhgjkzNj8Yx4zYESrVkjk/g0AslQ==
X-Forefront-Antispam-Report-Untrusted: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(366004)(396003)(346002)(376002)(136003)(39860400002)(451199021)(26005)(54906003)(2906002)(6486002)(186003)(2616005)(38100700002)(83380400001)(53546011)(6506007)(86362001)(19627235002)(31696002)(41300700001)(478600001)(66556008)(66476007)(316002)(4326008)(36756003)(8936002)(66946007)(6512007)(31686004)(44832011)(5660300002)(8676002)(15650500001)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB9050
Original-Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Return-Path: Sami.Mujawar@arm.com
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 AM7EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
	28360cef-71ce-446a-54be-08db788ba0bb
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	bAEwSsiM7t/vEQKSksAZNfcfxteDVCiknzJ9YMeAuOhEerXd/O3g18ud7c+3Io82hh2Mb7mjNbdQ4jB1n8C1aoD18r7Ko45Z9kErLKZXA+7+oWttowVfpeceNCvC3pkRjo+6Ij8oPRIUX+yCcHiLaegDxcMCPvPt0x3+IaThwYq4Xkie5X/V69e3Bp56FDNWs0CpgoAtY4GHMNVfS1lVPNOyNOA6O7dKifTPTVvz7do3LC/+YmeKSApTMfefShVQq3A/EZCOPfJP7uj/lpVZ3oSrrA74Es6IgjnyQNXphM/uTobRjuttUOts0SA9241e37KOhfOtXwkLwxvoQgMDvvc0H3Wjs1d3ydcB4DUf3fRLS39P5S4Bs0vWcM200sALC1kyT1rNkQU0LvAyVsl1facBOy7lSW3yF2gRRKsLZdnhiahRzNnvJ5k/gAS7Vt24tW2K4sre0irw8CrrOMvF6SCWOecF7ylnxowYXT8D1EynunOkNUjALyH2XRlZhyvskd0IepR1o7SNvXTmuMAUfDfQxC4d0BmKi/rWeOWThK5dB60NaBKer5D5WMaPaPXSCriMYCmwsc7uP7lHCDLXenifo9B7RIUTPYnxKF7gdosDSkOTuVFAONVlSOXKsu9WDcHqZT0njinXuwykzv3c4ahkjs6GH+/NgJdTyoQohEmvjZL4O8585Rj73nT1Tvg3aZ9nRqmUzey4LadK1KTcvi4Kav4uvQcqpXubfOA0cnHXkctRO0iDf4FpiEuNE7EI+O1wffYzjBdbLb5dRg1KmA==
X-Forefront-Antispam-Report: 
	CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(346002)(136003)(39860400002)(376002)(396003)(451199021)(40470700004)(36840700001)(46966006)(6512007)(26005)(2906002)(86362001)(356005)(82310400005)(6486002)(83380400001)(53546011)(2616005)(81166007)(186003)(47076005)(82740400003)(336012)(36860700001)(40460700003)(54906003)(31696002)(41300700001)(40480700001)(19627235002)(4326008)(478600001)(36756003)(70586007)(316002)(15650500001)(70206006)(31686004)(5660300002)(44832011)(8936002)(8676002)(6506007)(43740500002);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jun 2023 10:28:59.1196
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: ca10040b-b5cc-436c-7151-08db788ba679
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	AM7EUR03FT021.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5611
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi Pierre,

I think this patch would not be required if my suggestions for patch 6/8 
are adopted.

Regards,

Sami Mujawar

On 09/05/2023 08:40 am, pierre.gondois@arm.com wrote:
> From: Pierre Gondois <pierre.gondois@arm.com>
>
> The first element of mAvailableAlgoArray should be the default
> algorithm to avoid going through a selection process at each
> RngGetRNG() call.
> Once all the available Rng algorithms have been probed, place
> a safe Rng algorithm at the first position of mAvailableAlgoArray.
>
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
>   .../RngDxe/AArch64/AArch64Algo.c              | 48 ++++++++++++++++++-
>   1 file changed, 47 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> index a1ff7bd58fda..ed236b2e8141 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> @@ -17,6 +17,50 @@
>   // Maximum number of Rng algorithms.
>   #define RNG_AVAILABLE_ALGO_MAX  2
>   
> +/** mAvailableAlgoArray[0] should contain the default Rng algorithm.
> +    The Rng algorithm at the first index might be unsafe.
> +    If a safe algorithm is available, choose it as the default one.
> +**/
> +VOID
> +EFIAPI
> +RngFindDefaultAlgo (
> +  VOID
> +  )
> +{
> +  EFI_RNG_ALGORITHM  *CurAlgo;
> +  EFI_RNG_ALGORITHM  TmpGuid;
> +  UINTN              Index;
> +
> +  CurAlgo = &mAvailableAlgoArray[0];
> +
> +  if (IsZeroGuid (CurAlgo) ||
> +      !CompareGuid (CurAlgo, &gEfiRngAlgorithmUnSafe))
> +  {
> +    // mAvailableAlgoArray[0] is a valid Rng algorithm.
> +    return;
> +  }
> +
> +  for (Index = 1; Index < mAvailableAlgoArrayCount; Index++) {
> +    CurAlgo = &mAvailableAlgoArray[Index];
> +    if (!IsZeroGuid (CurAlgo) ||
> +        CompareGuid (CurAlgo, &gEfiRngAlgorithmUnSafe))
> +    {
> +      break;
> +    }
> +  }
> +
> +  if (Index == mAvailableAlgoArrayCount) {
> +    // No valid Rng algorithm available.
> +    return;
> +  }
> +
> +  CopyMem (&TmpGuid, CurAlgo, sizeof (EFI_RNG_ALGORITHM));
> +  CopyMem (CurAlgo, &mAvailableAlgoArray[0], sizeof (EFI_RNG_ALGORITHM));
> +  CopyMem (&mAvailableAlgoArray[0], &TmpGuid, sizeof (EFI_RNG_ALGORITHM));
> +
> +  return;
> +}
> +
>   /** Allocate and initialize mAvailableAlgoArray with the available
>       Rng algorithms. Also update mAvailableAlgoArrayCount.
>   
> @@ -45,7 +89,7 @@ GetAvailableAlgorithms (
>     if (!EFI_ERROR (Status)) {
>       CopyMem (
>         &mAvailableAlgoArray[mAvailableAlgoArrayCount],
> -      RngGuid,
> +      &RngGuid,
>         sizeof (RngGuid)
>         );
>       mAvailableAlgoArrayCount++;
> @@ -68,5 +112,7 @@ GetAvailableAlgorithms (
>       mAvailableAlgoArrayCount++;
>     }
>   
> +  RngFindDefaultAlgo ();
> +
>     return EFI_SUCCESS;
>   }