From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 1FE7A9413CF for ; Fri, 17 May 2024 09:48:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=UJomaOI5cUrKPFana01bGmNK5eewuflkvm9SwrWeryo=; c=relaxed/simple; d=groups.io; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Disposition; s=20240206; t=1715939303; v=1; b=ZyyUcuHXmY2gfhj7KdzE+UO2Sx/D63xaQA8vCDETkRx3Cigu9Y6q46BG8pvIDq5xNXWxYkoA Ruu/jlUZzobWdLqr8CsSZgnt6TeqsyfPJGik3kpawEnsvKY3S0uJfRH9FyiJMTwd8HBX6oQFVE7 3sPj/gWUtw8MnoahuXBIGYdafps5vjAgbGhEVD2/be3rbBW8DRlxiTAHsUX8F24foZ7w9fDypJx 7TS3iCIeeRURaQMIGTmxg3GUhbf3ACNK6F0pPk+WIzytS11SCVZb4YgZsgg84WLxcUFw3lfCNqU wzLsEcvFK+ZRG1qa72+Lzw8PLO1ZKHnmbTkBqEoIeSPDQ== X-Received: by 127.0.0.2 with SMTP id lm6LYY7687511xQ0FoliMJa4; Fri, 17 May 2024 02:48:23 -0700 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.36589.1715939302678162232 for ; Fri, 17 May 2024 02:48:22 -0700 X-Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-421-4XA5v-qvOY2TlerGlinavQ-1; Fri, 17 May 2024 05:48:19 -0400 X-MC-Unique: 4XA5v-qvOY2TlerGlinavQ-1 X-Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DCDBB185AD2D; Fri, 17 May 2024 09:48:18 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.193.34]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A8FFA2866; Fri, 17 May 2024 09:48:18 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 45F87180099B; Fri, 17 May 2024 11:48:17 +0200 (CEST) Date: Fri, 17 May 2024 11:48:17 +0200 From: "Gerd Hoffmann" To: devel@edk2.groups.io, ardb@kernel.org Cc: Doug Flick , Jiewen Yao , "Liming Gao (Byosoft address)" Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtlZGsyLWRldmVsXSBbUEFUQ0ggdjIgMDMvMTNdIE92bWZQa2c6UGxhdGZvcm1DSTogU3VwcG9ydCB2aXJ0aW8tcm5nLXBjaQ==?= Message-ID: References: <10155.1715916473037445818@groups.io> MIME-Version: 1.0 In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 17 May 2024 02:48:22 -0700 Resent-From: kraxel@redhat.com Reply-To: devel@edk2.groups.io,kraxel@redhat.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: XoLcESpeLL75MkYjyXOr7G6fx7686176AA= Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=ZyyUcuHX; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=redhat.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Fri, May 17, 2024 at 09:27:53AM GMT, Ard Biesheuvel wrote: > On Fri, 17 May 2024 at 05:27, Doug Flick via groups.io > wrote: > > > > On ARM, we can actually do better than this: I have taken Doug's v2 and applied some changes on top to make it work with ArmVirtQemu. > > > > https://github.com/ardbiesheuvel/edk2/tree/doug-v2 > > > > Ard, would you be comfortable with this patch series if I take the commits you're suggesting? I'm being asked to see what it would take to get these commits in for this release. > > I won't object to that, but I'd like Gerd's take as well, given that a > similar concern appears to apply to OVMF/x86 IIUC. I think including RngDxe in OvmfPkg is not an option. That would be a silent regression on the random number quality delivered by EFI_RNG_PROTOCOL because OvmfPkg uses BaseRngLibTimerLib. Switching to BaseRngLib is an easy way out for physical platforms with a sufficient recent processor. OVMF can not assume the rdrand instruction is available, so that is not possible. So short-term (i.e. 2024-05 stable tag) the only option I see is depending on virtio-rng. Which is a regression too (network booting without '-device virtio-rng-pci' breaks), but it is an obvious failure with an easy fix. Not an ideal solution, but much better than a regression which can easily go unnoticed. Longer term it probably makes sense to have a EFI_RNG_PROTOCOL driver using the rdrand instruction and runtime detection whenever the instruction is available or not. Either by adapting RngDxe accordingly, or by having an OVMF-specific driver handling the runtime detection. take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119016): https://edk2.groups.io/g/devel/message/119016 Mute This Topic: https://groups.io/mt/106013302/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-