MdePkg/Include/Library/RngLib.h | 17 ++++++ MdePkg/Include/Protocol/Rng.h | 20 +++++++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- MdePkg/MdePkg.dec | 7 +++ .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- SecurityPkg/SecurityPkg.dec | 2 - 14 files changed, 258 insertions(+), 37 deletions(-)
From: Pierre Gondois <pierre.gondois@arm.com> v3: - As the unsafe algorithm GUID will not be added to the UEFI specification, rename: - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE v2: [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation - Dropped [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm token number - Rename to SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib - Remove gEfiRngAlgorithmUnSafe from inf file - Split Guids definitions in arch specific sections [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib - Remove RngFindDefaultAlgo() and change logic accordingly. [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm - Dropped due to changes in [6/8] This patch also requires the following patch on top of the serie: - https://edk2.groups.io/g/devel/message/106546 This patchset follows the 'code first' approach and relates to [1]. This patchset follows the thread at [3] that aims to solve [2]. [1] and [2] are bound and this patchset aims to solve both. In this patchset: a- The RngDxe can rely on the RngLib. However the RngLib has no interface allowing to describe which Rng algorithm is implemented. The RngDxe must advertise the algorithm that are available through the RngGetInfo() callback. Add a GetRngGuid() for interface to the RngLib. b- The Arm Architecture states the RNDR that the DRBG algorithm should be compliant with NIST SP800-90A, while not mandating a particular algorithm, so as to be inclusive of different geographies. The RngLib can rely on this Arm RNDR instruction. In order to accurately describe the implementation using the RNDR instruction, add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. c- For the same reason as a/b, add a GUID describing unsafe RNG algorithms, allowing to accurately describe the BaseRngLibTimerLib. d- Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the Arm implementation of the RngDxe. [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 [3] https://edk2.groups.io/g/devel/message/100806 Pierre Gondois (6): SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg MdePkg/DxeRngLib: Request raw algorithm instead of default MdePkg/Rng: Add GUIDs to describe Rng algorithms MdePkg/Rng: Add GetRngGuid() to RngLib SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm MdePkg/Include/Library/RngLib.h | 17 ++++++ MdePkg/Include/Protocol/Rng.h | 20 +++++++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- MdePkg/MdePkg.dec | 7 +++ .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- SecurityPkg/SecurityPkg.dec | 2 - 14 files changed, 258 insertions(+), 37 deletions(-) -- 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106685): https://edk2.groups.io/g/devel/message/106685 Mute This Topic: https://groups.io/mt/99981851/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Dear MdePkg & SecurityPkg maintainers, This series and Kun's patch at https://edk2.groups.io/g/devel/message/106547 are both required to fix the RNG implementation for Arm. Is it possible to provide feedback for this series and Kun's patch, please? I plan to merge this series and Kun's patch, if there is no further feedback by end of next week. Regards, Sami Mujawar On 06/07/2023 09:51 am, pierre.gondois@arm.com wrote: > From: Pierre Gondois <pierre.gondois@arm.com> > > v3: > - As the unsafe algorithm GUID will not be added to the UEFI > specification, rename: > - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe > - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE > > v2: > [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation > - Dropped > [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg > - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm > token number > - Rename to SecurityPkg/SecurityPkg.dec: Move > PcdCpuRngSupportedAlgorithm to MdePkg > [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib > - Remove gEfiRngAlgorithmUnSafe from inf file > - Split Guids definitions in arch specific sections > [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > - Remove RngFindDefaultAlgo() and change logic accordingly. > [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm > - Dropped due to changes in [6/8] > > This patch also requires the following patch on top of the serie: > - https://edk2.groups.io/g/devel/message/106546 > > This patchset follows the 'code first' approach and relates to [1]. > This patchset follows the thread at [3] that aims to solve [2]. > [1] and [2] are bound and this patchset aims to solve both. > > In this patchset: > a- > The RngDxe can rely on the RngLib. However the RngLib has no > interface allowing to describe which Rng algorithm is implemented. > The RngDxe must advertise the algorithm that are available through > the RngGetInfo() callback. > Add a GetRngGuid() for interface to the RngLib. > > b- > The Arm Architecture states the RNDR that the DRBG algorithm should > be compliant with NIST SP800-90A, while not mandating a particular > algorithm, so as to be inclusive of different geographies. > The RngLib can rely on this Arm RNDR instruction. In order to > accurately describe the implementation using the RNDR instruction, > add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. > > c- > For the same reason as a/b, add a GUID describing unsafe RNG > algorithms, allowing to accurately describe the BaseRngLibTimerLib. > > d- > Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the > Arm implementation of the RngDxe. > > [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 > [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 > [3] https://edk2.groups.io/g/devel/message/100806 > > Pierre Gondois (6): > SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to > MdePkg > MdePkg/DxeRngLib: Request raw algorithm instead of default > MdePkg/Rng: Add GUIDs to describe Rng algorithms > MdePkg/Rng: Add GetRngGuid() to RngLib > SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm > > MdePkg/Include/Library/RngLib.h | 17 ++++++ > MdePkg/Include/Protocol/Rng.h | 20 +++++++ > MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ > MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ > MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ > .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ > .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ > .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ > MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- > MdePkg/MdePkg.dec | 7 +++ > .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- > .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- > SecurityPkg/SecurityPkg.dec | 2 - > 14 files changed, 258 insertions(+), 37 deletions(-) > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106722): https://edk2.groups.io/g/devel/message/106722 Mute This Topic: https://groups.io/mt/99981851/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hi Pierre, Thanks for sending the update. I tested on QEMU with this change (no TRNG from TFA), it works for me. Tested-by: Kun Qin <kun.qin@microsoft.com> Please note that the change below is still needed to avoid data abortion exception. It will be helpful if one of the maintainers can help merging it. [PATCH v2 1/1] SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator (groups.io) <https://edk2.groups.io/g/devel/message/106547> Regards, Kun On 7/6/2023 1:51 AM, pierre.gondois@arm.com wrote: > From: Pierre Gondois<pierre.gondois@arm.com> > > v3: > - As the unsafe algorithm GUID will not be added to the UEFI > specification, rename: > - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe > - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE > > v2: > [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation > - Dropped > [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg > - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm > token number > - Rename to SecurityPkg/SecurityPkg.dec: Move > PcdCpuRngSupportedAlgorithm to MdePkg > [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib > - Remove gEfiRngAlgorithmUnSafe from inf file > - Split Guids definitions in arch specific sections > [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > - Remove RngFindDefaultAlgo() and change logic accordingly. > [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm > - Dropped due to changes in [6/8] > > This patch also requires the following patch on top of the serie: > -https://edk2.groups.io/g/devel/message/106546 > > This patchset follows the 'code first' approach and relates to [1]. > This patchset follows the thread at [3] that aims to solve [2]. > [1] and [2] are bound and this patchset aims to solve both. > > In this patchset: > a- > The RngDxe can rely on the RngLib. However the RngLib has no > interface allowing to describe which Rng algorithm is implemented. > The RngDxe must advertise the algorithm that are available through > the RngGetInfo() callback. > Add a GetRngGuid() for interface to the RngLib. > > b- > The Arm Architecture states the RNDR that the DRBG algorithm should > be compliant with NIST SP800-90A, while not mandating a particular > algorithm, so as to be inclusive of different geographies. > The RngLib can rely on this Arm RNDR instruction. In order to > accurately describe the implementation using the RNDR instruction, > add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. > > c- > For the same reason as a/b, add a GUID describing unsafe RNG > algorithms, allowing to accurately describe the BaseRngLibTimerLib. > > d- > Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the > Arm implementation of the RngDxe. > > [1] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4441 > [2] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4151 > [3]https://edk2.groups.io/g/devel/message/100806 > > Pierre Gondois (6): > SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to > MdePkg > MdePkg/DxeRngLib: Request raw algorithm instead of default > MdePkg/Rng: Add GUIDs to describe Rng algorithms > MdePkg/Rng: Add GetRngGuid() to RngLib > SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm > > MdePkg/Include/Library/RngLib.h | 17 ++++++ > MdePkg/Include/Protocol/Rng.h | 20 +++++++ > MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ > MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ > MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ > .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ > .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ > .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ > MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- > MdePkg/MdePkg.dec | 7 +++ > .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- > .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- > SecurityPkg/SecurityPkg.dec | 2 - > 14 files changed, 258 insertions(+), 37 deletions(-) > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106711): https://edk2.groups.io/g/devel/message/106711 Mute This Topic: https://groups.io/mt/99981851/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
Hello Kun, As I made some small changes to the patch-set, I didn't include your tested-by tag, but the changes should be quite small, The v4 is available at: - https://edk2.groups.io/g/devel/message/106856 Regards, Pierre On 7/6/23 21:01, Kun Qin wrote: > Hi Pierre, > > Thanks for sending the update. I tested on QEMU with this change (no TRNG from TFA), it works for me. > Tested-by: Kun Qin <kun.qin@microsoft.com> > > Please note that the change below is still needed to avoid data abortion exception. It will be helpful if one > of the maintainers can help merging it. > [PATCH v2 1/1] SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator (groups.io) <https://edk2.groups.io/g/devel/message/106547> > > Regards, > Kun > > On 7/6/2023 1:51 AM, pierre.gondois@arm.com wrote: >> From: Pierre Gondois<pierre.gondois@arm.com> >> >> v3: >> - As the unsafe algorithm GUID will not be added to the UEFI >> specification, rename: >> - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe >> - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE >> >> v2: >> [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation >> - Dropped >> [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg >> - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm >> token number >> - Rename to SecurityPkg/SecurityPkg.dec: Move >> PcdCpuRngSupportedAlgorithm to MdePkg >> [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib >> - Remove gEfiRngAlgorithmUnSafe from inf file >> - Split Guids definitions in arch specific sections >> [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib >> - Remove RngFindDefaultAlgo() and change logic accordingly. >> [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm >> - Dropped due to changes in [6/8] >> >> This patch also requires the following patch on top of the serie: >> -https://edk2.groups.io/g/devel/message/106546 >> >> This patchset follows the 'code first' approach and relates to [1]. >> This patchset follows the thread at [3] that aims to solve [2]. >> [1] and [2] are bound and this patchset aims to solve both. >> >> In this patchset: >> a- >> The RngDxe can rely on the RngLib. However the RngLib has no >> interface allowing to describe which Rng algorithm is implemented. >> The RngDxe must advertise the algorithm that are available through >> the RngGetInfo() callback. >> Add a GetRngGuid() for interface to the RngLib. >> >> b- >> The Arm Architecture states the RNDR that the DRBG algorithm should >> be compliant with NIST SP800-90A, while not mandating a particular >> algorithm, so as to be inclusive of different geographies. >> The RngLib can rely on this Arm RNDR instruction. In order to >> accurately describe the implementation using the RNDR instruction, >> add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. >> >> c- >> For the same reason as a/b, add a GUID describing unsafe RNG >> algorithms, allowing to accurately describe the BaseRngLibTimerLib. >> >> d- >> Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the >> Arm implementation of the RngDxe. >> >> [1] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4441 >> [2] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4151 >> [3]https://edk2.groups.io/g/devel/message/100806 >> >> Pierre Gondois (6): >> SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to >> MdePkg >> MdePkg/DxeRngLib: Request raw algorithm instead of default >> MdePkg/Rng: Add GUIDs to describe Rng algorithms >> MdePkg/Rng: Add GetRngGuid() to RngLib >> SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib >> SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm >> >> MdePkg/Include/Library/RngLib.h | 17 ++++++ >> MdePkg/Include/Protocol/Rng.h | 20 +++++++ >> MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ >> MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ >> MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ >> .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ >> .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ >> .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ >> MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- >> MdePkg/MdePkg.dec | 7 +++ >> .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ >> .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- >> .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- >> SecurityPkg/SecurityPkg.dec | 2 - >> 14 files changed, 258 insertions(+), 37 deletions(-) >> -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106868): https://edk2.groups.io/g/devel/message/106868 Mute This Topic: https://groups.io/mt/99981851/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.