[edk2-devel] [PATCH v6 0/9] SecurityPkg/MdePkg: Update RngLib GUID identification

PierreGondois posted 9 patches 8 months, 2 weeks ago
Failed in applying to current master (apply log)
ArmVirtPkg/ArmVirt.dsc.inc                    |  2 +-
EmulatorPkg/EmulatorPkg.dsc                   |  2 +-
MdeModulePkg/Include/Guid/RngAlgorithm.h      | 23 ++++++++
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  6 +-
.../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 +++++
.../Library/BaseRngLibTimerLib/RngLibTimer.c  | 28 ++++++++++
MdeModulePkg/MdeModulePkg.dec                 |  3 +
MdeModulePkg/MdeModulePkg.dsc                 |  1 +
MdePkg/Include/Library/RngLib.h               | 17 ++++++
MdePkg/Include/Protocol/Rng.h                 | 10 ++++
MdePkg/Library/BaseRngLib/AArch64/Rndr.c      | 42 ++++++++++++++
MdePkg/Library/BaseRngLib/BaseRngLib.inf      | 10 ++++
MdePkg/Library/BaseRngLib/Rand/RdRand.c       | 26 +++++++++
.../Library/BaseRngLibNull/BaseRngLibNull.c   | 22 ++++++++
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  1 +
.../Library/BaseRngLibTimerLib/RngLibTimer.c  | 45 +++++++++++++++
MdePkg/Library/DxeRngLib/DxeRngLib.c          | 36 +++++++++++-
MdePkg/MdePkg.dec                             |  6 ++
NetworkPkg/NetworkPkg.dsc                     |  4 +-
OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +-
OvmfPkg/Bhyve/BhyveX64.dsc                    |  2 +-
OvmfPkg/CloudHv/CloudHvX64.dsc                |  2 +-
OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  2 +-
OvmfPkg/Microvm/MicrovmX64.dsc                |  2 +-
OvmfPkg/OvmfPkgIa32.dsc                       |  2 +-
OvmfPkg/OvmfPkgIa32X64.dsc                    |  2 +-
OvmfPkg/OvmfPkgX64.dsc                        |  2 +-
OvmfPkg/OvmfXen.dsc                           |  2 +-
OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc           |  2 +-
.../RngDxe/AArch64/AArch64Algo.c              | 55 +++++++++++++------
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c  | 23 +++-----
.../RandomNumberGenerator/RngDxe/RngDxe.inf   |  4 +-
SecurityPkg/SecurityPkg.dec                   |  2 -
SecurityPkg/SecurityPkg.dsc                   |  4 +-
SignedCapsulePkg/SignedCapsulePkg.dsc         |  4 +-
35 files changed, 355 insertions(+), 56 deletions(-)
create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
copy {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf (85%)
create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni
copy {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/RngLibTimer.c (83%)
[edk2-devel] [PATCH v6 0/9] SecurityPkg/MdePkg: Update RngLib GUID identification
Posted by PierreGondois 8 months, 2 weeks ago
From: Pierre Gondois <pierre.gondois@arm.com>

v6:
- Added Tested/Reviewed-by
- [8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
  - Remove unused gEfiRngAlgorithmArmRndr definition in 

v5:
- Let an implementation of BaseRngLibTimer in MdePkg to give some
  time to platform owners to use the MdeModulePkg implementation. [4]
- New patch:
  - [2/8] MdePkg: Add deprecated warning to BaseRngLibTimer

v4:
- New patches:
  - [1/8] MdePkg: Move BaseRngLibTimerLib to MdeModulePkg
  - [5/8] MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
- This patch-set now requires to be accepted along an edk-platforms patch
  moving the BaseRngLibTimerLib to MdeModulePkg

v3:
- As the unsafe algorithm GUID will not be added to the UEFI
  specification, rename:
  - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe
  - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE

v2:
[1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation
- Dropped
[2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
- Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
  token number
- Rename to SecurityPkg/SecurityPkg.dec: Move
  PcdCpuRngSupportedAlgorithm to MdePkg
[5/8] MdePkg/Rng: Add GetRngGuid() to RngLib
- Remove gEfiRngAlgorithmUnSafe from inf file
- Split Guids definitions in arch specific sections
[6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
- Remove RngFindDefaultAlgo() and change logic accordingly.
[7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm
- Dropped due to changes in [6/8]

This patch also requires the following patch on top of the serie:
- https://edk2.groups.io/g/devel/message/106546

This patchset follows the 'code first' approach and relates to [1].
This patchset follows the thread at [3] that aims to solve [2].
[1] and [2] are bound and this patchset aims to solve both.

In this patchset:
a-
The RngDxe can rely on the RngLib. However the RngLib has no
interface allowing to describe which Rng algorithm is implemented.
The RngDxe must advertise the algorithm that are available through
the RngGetInfo() callback.
Add a GetRngGuid() for interface to the RngLib.

b-
The Arm Architecture states the RNDR that the DRBG algorithm should
be compliant with NIST SP800-90A, while not mandating a particular
algorithm, so as to be inclusive of different geographies.
The RngLib can rely on this Arm RNDR instruction. In order to
accurately describe the implementation using the RNDR instruction,
add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1].

c-
For the same reason as a/b, add a GUID describing unsafe RNG
algorithms, allowing to accurately describe the BaseRngLibTimerLib.

d-
Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the
Arm implementation of the RngDxe.

[1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
[2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
[3] https://edk2.groups.io/g/devel/message/100806
[4] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504

Pierre Gondois (9):
  MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg
  MdePkg: Add deprecated warning to BaseRngLibTimer
  SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to
    MdePkg
  MdePkg/DxeRngLib: Request raw algorithm instead of default
  MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
  MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
  MdePkg/Rng: Add GetRngGuid() to RngLib
  SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
  SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm

 ArmVirtPkg/ArmVirt.dsc.inc                    |  2 +-
 EmulatorPkg/EmulatorPkg.dsc                   |  2 +-
 MdeModulePkg/Include/Guid/RngAlgorithm.h      | 23 ++++++++
 .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  6 +-
 .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 +++++
 .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 28 ++++++++++
 MdeModulePkg/MdeModulePkg.dec                 |  3 +
 MdeModulePkg/MdeModulePkg.dsc                 |  1 +
 MdePkg/Include/Library/RngLib.h               | 17 ++++++
 MdePkg/Include/Protocol/Rng.h                 | 10 ++++
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c      | 42 ++++++++++++++
 MdePkg/Library/BaseRngLib/BaseRngLib.inf      | 10 ++++
 MdePkg/Library/BaseRngLib/Rand/RdRand.c       | 26 +++++++++
 .../Library/BaseRngLibNull/BaseRngLibNull.c   | 22 ++++++++
 .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  1 +
 .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 45 +++++++++++++++
 MdePkg/Library/DxeRngLib/DxeRngLib.c          | 36 +++++++++++-
 MdePkg/MdePkg.dec                             |  6 ++
 NetworkPkg/NetworkPkg.dsc                     |  4 +-
 OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +-
 OvmfPkg/Bhyve/BhyveX64.dsc                    |  2 +-
 OvmfPkg/CloudHv/CloudHvX64.dsc                |  2 +-
 OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  2 +-
 OvmfPkg/Microvm/MicrovmX64.dsc                |  2 +-
 OvmfPkg/OvmfPkgIa32.dsc                       |  2 +-
 OvmfPkg/OvmfPkgIa32X64.dsc                    |  2 +-
 OvmfPkg/OvmfPkgX64.dsc                        |  2 +-
 OvmfPkg/OvmfXen.dsc                           |  2 +-
 OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc           |  2 +-
 .../RngDxe/AArch64/AArch64Algo.c              | 55 +++++++++++++------
 .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  | 23 +++-----
 .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  4 +-
 SecurityPkg/SecurityPkg.dec                   |  2 -
 SecurityPkg/SecurityPkg.dsc                   |  4 +-
 SignedCapsulePkg/SignedCapsulePkg.dsc         |  4 +-
 35 files changed, 355 insertions(+), 56 deletions(-)
 create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
 copy {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf (85%)
 create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni
 copy {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/RngLibTimer.c (83%)

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107709): https://edk2.groups.io/g/devel/message/107709
Mute This Topic: https://groups.io/mt/100684678/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-