From: "Laszlo Ersek" <lersek@redhat.com>
To: devel@edk2.groups.io, ard.biesheuvel@arm.com, matthewfcarlson@gmail.com
Cc: Jordan Justen <jordan.l.justen@intel.com>,
Anthony Perard <anthony.perard@citrix.com>,
Julien Grall <julien@xen.org>
Subject: Re: [edk2-devel] [PATCH v4 3/5] OvmfPkg: Add RngLib based on TimerLib for Crypto
Date: Tue, 11 Aug 2020 18:09:42 +0200 [thread overview]
Message-ID: <f812e3f6-d36e-f0b3-7fe4-ece7bb101cf0@redhat.com> (raw)
In-Reply-To: <4f495f30-5dfc-8d91-b1eb-c36ce0447268@arm.com>
Hi Ard!
On 08/11/20 10:22, Ard Biesheuvel wrote:
> On 8/11/20 4:21 AM, matthewfcarlson@gmail.com wrote:
>> From: Matthew Carlson <macarl@microsoft.com>
>>
>
> How am I supposed to review this change? The commit log is empty and I
> was not cc'ed on the cover letter.
Cover letter:
[edk2-devel] [PATCH v4 0/5] Use RngLib instead of TimerLib for OpensslLib
https://edk2.groups.io/g/devel/message/63944
http://mid.mail-archive.com/20200811022200.1087-1-matthewfcarlson@gmail.com
Bugzilla:
https://bugzilla.tianocore.org/show_bug.cgi?id=1871
Unfortunately, the cover letter doesn't much explain the approach
either. The latest comments in the BZ should be helpful though.
My understanding is that the timer-based "pseudo-random" generation is
factored out of "CryptoPkg/Library/OpensslLib/rand_pool_noise*" to the
new BaseRngLibTimerLib instance (see patches #1 and #5). In the middle,
platforms native to the edk2 tree and currently using "rand_pool_noise*"
are diverted to the new lib instance. (Patches #3 and #4.)
So I think the intent is to introduce no change in behavior for those
platforms, only make OpensslLib depend on the RngLib class.
Patch#2 adds BaseRngLibDxe, which depends on gEfiRngProtocolGuid.
I think the structure of the series is correct.
--*--
In edk2, we have two RNG protocol implementations,
"OvmfPkg/VirtioRngDxe" and "SecurityPkg/RandomNumberGenerator/RngDxe".
While it would be nice to use the "BaseRngLibDxe" instance in OvmfPkg
and ArmVirtPkg, *in the longer term*, I have some doubts:
- I don't know whether or how "SecurityPkg/RandomNumberGenerator/RngDxe"
applies to virtual machines.
- OvmfPkg/VirtioRngDxe does not produce gEfiRngProtocolGuid if there is
no virtio-rng-(pci|device) device configured in QEMU. So a strict depex
would not work; we'd again need some kind of OR depex.
- The ArmVirtQemu and OVMF PlatformBootManagerLib instances connect
virtio-rng-(pci|device) devices after signaling EndOfDxe. That's good
enough for boot loaders and the Linux kernel's UEFI stub, but possibly
not good enough for platform DXE drivers that need randomness before
EndOfDxe.
- The "BaseRngLibDxe" instance from patch#2 only accepts one of the
"Sp80090Ctr256", "Sp80090Hmac256", and "Sp80090Hash256" algorithms, and
"OvmfPkg/VirtioRngDxe" provides none of those.
("SecurityPkg/RandomNumberGenerator/RngDxe" seems to provide
"Sp80090Ctr256".)
But, anyway, these are just longer-term points for OvmfPkg and
ArmVirtPkg; they aren't a problem with this patch set.
> In general, please try to muster up the energy to write at least one
> sentence that describes *why* the patch is needed, complementing the
> subject line, which in this case summarizes correctly *what* the patch
> does.
Agreed.
And, in addition to the minimally one-sentence commit message body, each
commit message should reference
<https://bugzilla.tianocore.org/show_bug.cgi?id=1871>.
I'd be very happy if you could review this patch series; personally I
can only formally review patches #3 and #4.
Thanks!
Laszlo
next prev parent reply other threads:[~2020-08-11 16:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-11 2:21 [PATCH v4 0/5] Use RngLib instead of TimerLib for OpensslLib Matthew Carlson
2020-08-11 2:21 ` [PATCH v4 1/5] MdePkg: TimerRngLib: Added RngLib that uses TimerLib Matthew Carlson
2020-08-11 2:21 ` [PATCH v4 2/5] MdePkg: BaseRngLibDxe: Add RngLib that uses RngDxe Matthew Carlson
2020-08-11 2:21 ` [PATCH v4 3/5] OvmfPkg: Add RngLib based on TimerLib for Crypto Matthew Carlson
2020-08-11 8:22 ` Ard Biesheuvel
2020-08-11 16:09 ` Laszlo Ersek [this message]
2020-08-11 16:15 ` [edk2-devel] " Laszlo Ersek
2020-08-12 2:27 ` Matthew Carlson
2020-08-12 10:05 ` Laszlo Ersek
2020-08-15 5:33 ` Rebecca Cran
2020-08-11 2:21 ` [PATCH v4 4/5] ArmVirtPkg: Add RngLib based on TimerLib for CryptoPkg Matthew Carlson
2020-08-11 16:13 ` [edk2-devel] " Laszlo Ersek
2020-08-11 2:22 ` [PATCH v4 5/5] CryptoPkg: OpensslLib: Use RngLib to generate entropy in rand_pool Matthew Carlson
2020-08-11 11:33 ` [edk2-devel] [PATCH v4 0/5] Use RngLib instead of TimerLib for OpensslLib Guomin Jiang
2020-08-12 2:21 ` Matthew Carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f812e3f6-d36e-f0b3-7fe4-ece7bb101cf0@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox