From: Pierre Gondois <pierre.gondois@arm.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function is added in a following patch.
Prepare GetRngGuid() return values and add GUIDs describing
Rng algorithms:
- gEfiRngAlgorithmArmRndr
to describe a Rng algorithm accessed through Arm's RNDR instruction.
[1] states that the implementation of this algorithm should be
compliant to NIST SP900-80. The compliance is not guaranteed.
- gEfiRngAlgorithmUnSafe
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
sK12.1 'Properties of the generated random number'
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
MdePkg/MdePkg.dec | 2 ++
2 files changed, 22 insertions(+)
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
index baf425587b3c..dfdaf36e41dc 100644
--- a/MdePkg/Include/Protocol/Rng.h
+++ b/MdePkg/Include/Protocol/Rng.h
@@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
{ \
0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
}
+///
+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
+/// inclusive of different geographies.
+///
+#define EFI_RNG_ALGORITHM_ARM_RNDR \
+ { \
+ 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
+ }
+///
+/// The implementation of a Random Number Generator might be unsafe, when using
+/// a dummy implementation for instance. Allow identifying such implementation
+/// with this GUID.
+///
+#define EFI_RNG_ALGORITHM_UNSAFE \
+ { \
+ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
+ }
/**
Returns information about the random number generation implementation.
@@ -146,5 +164,7 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
extern EFI_GUID gEfiRngAlgorithmRaw;
+extern EFI_GUID gEfiRngAlgorithmArmRndr;
+extern EFI_GUID gEfiRngAlgorithmUnSafe;
#endif
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 0ecfad5795e4..754085eaa55b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -633,6 +633,8 @@ [Guids]
gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
+ gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
+ gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
## Include/Protocol/AdapterInformation.h
gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104345): https://edk2.groups.io/g/devel/message/104345
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-Hi Pierre,
Thank you for this patch.
Please find my response inline marked [SAMI].
Other than the concern mentioned below, this patch looks good to me.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
On 09/05/2023 08:40 am, pierre.gondois@arm.com wrote:
> From: Pierre Gondois <pierre.gondois@arm.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
>
> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> To allow the RngDxe to detect when such implementation is used,
> a GetRngGuid() function is added in a following patch.
>
> Prepare GetRngGuid() return values and add GUIDs describing
> Rng algorithms:
> - gEfiRngAlgorithmArmRndr
> to describe a Rng algorithm accessed through Arm's RNDR instruction.
> [1] states that the implementation of this algorithm should be
> compliant to NIST SP900-80. The compliance is not guaranteed.
> - gEfiRngAlgorithmUnSafe
> to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
>
> [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
> sK12.1 'Properties of the generated random number'
>
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
> MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
> MdePkg/MdePkg.dec | 2 ++
> 2 files changed, 22 insertions(+)
>
> diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
> index baf425587b3c..dfdaf36e41dc 100644
> --- a/MdePkg/Include/Protocol/Rng.h
> +++ b/MdePkg/Include/Protocol/Rng.h
> @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
> { \
> 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
> }
> +///
> +/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
> +/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
> +/// inclusive of different geographies.
> +///
> +#define EFI_RNG_ALGORITHM_ARM_RNDR \
> + { \
> + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
> + }
> +///
> +/// The implementation of a Random Number Generator might be unsafe, when using
> +/// a dummy implementation for instance. Allow identifying such implementation
> +/// with this GUID.
> +///
> +#define EFI_RNG_ALGORITHM_UNSAFE \
> + { \
> + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
> + }
[SAMI] Unlike the EFI_RNG_ALGORITHM_ARM_RNDR which is backed by the code
first spec update at https://mantis.uefi.org/mantis/view.php?id=2386;
the EFI_RNG_ALGORITHM_UNSAFE is not backed by any specification.
Although I agree that a definition of the unsafe algorithm is required
to support some platforms, I am not sure if this file and the macro
prefix is right for this definition.
I would defer this decision, and any advice on how to proceed to the
MdePkg maintainers.
[/SAMI]
>
> /**
> Returns information about the random number generation implementation.
> @@ -146,5 +164,7 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
> extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
> extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
> extern EFI_GUID gEfiRngAlgorithmRaw;
> +extern EFI_GUID gEfiRngAlgorithmArmRndr;
> +extern EFI_GUID gEfiRngAlgorithmUnSafe;
>
> #endif
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 0ecfad5795e4..754085eaa55b 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -633,6 +633,8 @@ [Guids]
> gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
> gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
> gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
> + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
> + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
>
> ## Include/Protocol/AdapterInformation.h
> gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106509): https://edk2.groups.io/g/devel/message/106509
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Is this defined in UEFI spec? or approved in future UEFI spec?
> -----Original Message-----
> From: pierre.gondois@arm.com <pierre.gondois@arm.com>
> Sent: Tuesday, May 9, 2023 3:41 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
> <sami.mujawar@arm.com>; Jose Marinho <Jose.Marinho@arm.com>;
> Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> Subject: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms
>
> From: Pierre Gondois <pierre.gondois@arm.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
>
> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> To allow the RngDxe to detect when such implementation is used,
> a GetRngGuid() function is added in a following patch.
>
> Prepare GetRngGuid() return values and add GUIDs describing
> Rng algorithms:
> - gEfiRngAlgorithmArmRndr
> to describe a Rng algorithm accessed through Arm's RNDR instruction.
> [1] states that the implementation of this algorithm should be
> compliant to NIST SP900-80. The compliance is not guaranteed.
> - gEfiRngAlgorithmUnSafe
> to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
>
> [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
> sK12.1 'Properties of the generated random number'
>
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
> MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
> MdePkg/MdePkg.dec | 2 ++
> 2 files changed, 22 insertions(+)
>
> diff --git a/MdePkg/Include/Protocol/Rng.h
> b/MdePkg/Include/Protocol/Rng.h
> index baf425587b3c..dfdaf36e41dc 100644
> --- a/MdePkg/Include/Protocol/Rng.h
> +++ b/MdePkg/Include/Protocol/Rng.h
> @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
> { \
> 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,
> 0x61 } \
> }
> +///
> +/// The Arm Architecture states the RNDR that the DRBG algorithm should
> be compliant
> +/// with NIST SP800-90A, while not mandating a particular algorithm, so as
> to be
> +/// inclusive of different geographies.
> +///
> +#define EFI_RNG_ALGORITHM_ARM_RNDR \
> + { \
> + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08,
> 0x41} \
> + }
> +///
> +/// The implementation of a Random Number Generator might be unsafe,
> when using
> +/// a dummy implementation for instance. Allow identifying such
> implementation
> +/// with this GUID.
> +///
> +#define EFI_RNG_ALGORITHM_UNSAFE \
> + { \
> + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,
> 0xf4 } \
> + }
>
> /**
> Returns information about the random number generation implementation.
> @@ -146,5 +164,7 @@ extern EFI_GUID
> gEfiRngAlgorithmSp80090Ctr256Guid;
> extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
> extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
> extern EFI_GUID gEfiRngAlgorithmRaw;
> +extern EFI_GUID gEfiRngAlgorithmArmRndr;
> +extern EFI_GUID gEfiRngAlgorithmUnSafe;
>
> #endif
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 0ecfad5795e4..754085eaa55b 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -633,6 +633,8 @@ [Guids]
> gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3,
> 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
> gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1,
> 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
> gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7,
> 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
> + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02,
> 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
> + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac,
> 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
>
> ## Include/Protocol/AdapterInformation.h
> gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26,
> {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
> --
> 2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104371): https://edk2.groups.io/g/devel/message/104371
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hi Jiewen,
There is an open ECR for UEFI spec review: https://bugzilla.tianocore.org/show_bug.cgi?id=4441. These patches can wait on the list until the ECR is reviewed by UEFI Forum and the decision is documented in the BZ. If approved, then the code patches should be able to proceed.
Thanks,
--Samer
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, May 9, 2023 9:46 AM
> To: Pierre Gondois <Pierre.Gondois@arm.com>; devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Wang,
> Jian J <jian.j.wang@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
> Sami Mujawar <Sami.Mujawar@arm.com>; Jose Marinho
> <Jose.Marinho@arm.com>; Samer El-Haj-Mahmoud <Samer.El-Haj-
> Mahmoud@arm.com>
> Subject: RE: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms
>
> Is this defined in UEFI spec? or approved in future UEFI spec?
>
> > -----Original Message-----
> > From: pierre.gondois@arm.com <pierre.gondois@arm.com>
> > Sent: Tuesday, May 9, 2023 3:41 PM
> > To: devel@edk2.groups.io
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Yao,
> > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Ard
> > Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
> > <sami.mujawar@arm.com>; Jose Marinho <Jose.Marinho@arm.com>;
> > Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> > Subject: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms
> >
> > From: Pierre Gondois <pierre.gondois@arm.com>
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
> >
> > The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> > implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> > To allow the RngDxe to detect when such implementation is used,
> > a GetRngGuid() function is added in a following patch.
> >
> > Prepare GetRngGuid() return values and add GUIDs describing
> > Rng algorithms:
> > - gEfiRngAlgorithmArmRndr
> > to describe a Rng algorithm accessed through Arm's RNDR instruction.
> > [1] states that the implementation of this algorithm should be
> > compliant to NIST SP900-80. The compliance is not guaranteed.
> > - gEfiRngAlgorithmUnSafe
> > to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
> >
> > [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
> > sK12.1 'Properties of the generated random number'
> >
> > Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> > ---
> > MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
> > MdePkg/MdePkg.dec | 2 ++
> > 2 files changed, 22 insertions(+)
> >
> > diff --git a/MdePkg/Include/Protocol/Rng.h
> > b/MdePkg/Include/Protocol/Rng.h
> > index baf425587b3c..dfdaf36e41dc 100644
> > --- a/MdePkg/Include/Protocol/Rng.h
> > +++ b/MdePkg/Include/Protocol/Rng.h
> > @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
> > { \
> > 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,
> > 0x61 } \
> > }
> > +///
> > +/// The Arm Architecture states the RNDR that the DRBG algorithm should
> > be compliant
> > +/// with NIST SP800-90A, while not mandating a particular algorithm, so as
> > to be
> > +/// inclusive of different geographies.
> > +///
> > +#define EFI_RNG_ALGORITHM_ARM_RNDR \
> > + { \
> > + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08,
> > 0x41} \
> > + }
> > +///
> > +/// The implementation of a Random Number Generator might be unsafe,
> > when using
> > +/// a dummy implementation for instance. Allow identifying such
> > implementation
> > +/// with this GUID.
> > +///
> > +#define EFI_RNG_ALGORITHM_UNSAFE \
> > + { \
> > + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,
> > 0xf4 } \
> > + }
> >
> > /**
> > Returns information about the random number generation implementation.
> > @@ -146,5 +164,7 @@ extern EFI_GUID
> > gEfiRngAlgorithmSp80090Ctr256Guid;
> > extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
> > extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
> > extern EFI_GUID gEfiRngAlgorithmRaw;
> > +extern EFI_GUID gEfiRngAlgorithmArmRndr;
> > +extern EFI_GUID gEfiRngAlgorithmUnSafe;
> >
> > #endif
> > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> > index 0ecfad5795e4..754085eaa55b 100644
> > --- a/MdePkg/MdePkg.dec
> > +++ b/MdePkg/MdePkg.dec
> > @@ -633,6 +633,8 @@ [Guids]
> > gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3,
> > 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
> > gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1,
> > 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
> > gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7,
> > 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
> > + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02,
> > 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
> > + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac,
> > 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
> >
> > ## Include/Protocol/AdapterInformation.h
> > gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26,
> > {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
> > --
> > 2.25.1
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104372): https://edk2.groups.io/g/devel/message/104372
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Hello,
The mantis ticket (created by Jose Marinho) is available at:
https://mantis.uefi.org/mantis/view.php?id=2386
Also, are there any comments on the patch-set ?
Regards,
Pierre
On 5/9/23 15:50, Samer El-Haj-Mahmoud wrote:
> Hi Jiewen,
>
> There is an open ECR for UEFI spec review: https://bugzilla.tianocore.org/show_bug.cgi?id=4441. These patches can wait on the list until the ECR is reviewed by UEFI Forum and the decision is documented in the BZ. If approved, then the code patches should be able to proceed.
>
> Thanks,
> --Samer
>
>
>
>> -----Original Message-----
>> From: Yao, Jiewen <jiewen.yao@intel.com>
>> Sent: Tuesday, May 9, 2023 9:46 AM
>> To: Pierre Gondois <Pierre.Gondois@arm.com>; devel@edk2.groups.io
>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
>> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Wang,
>> Jian J <jian.j.wang@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Sami Mujawar <Sami.Mujawar@arm.com>; Jose Marinho
>> <Jose.Marinho@arm.com>; Samer El-Haj-Mahmoud <Samer.El-Haj-
>> Mahmoud@arm.com>
>> Subject: RE: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms
>>
>> Is this defined in UEFI spec? or approved in future UEFI spec?
>>
>>> -----Original Message-----
>>> From: pierre.gondois@arm.com <pierre.gondois@arm.com>
>>> Sent: Tuesday, May 9, 2023 3:41 PM
>>> To: devel@edk2.groups.io
>>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
>>> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Yao,
>>> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Ard
>>> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
>>> <sami.mujawar@arm.com>; Jose Marinho <Jose.Marinho@arm.com>;
>>> Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
>>> Subject: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms
>>>
>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>
>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
>>>
>>> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
>>> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
>>> To allow the RngDxe to detect when such implementation is used,
>>> a GetRngGuid() function is added in a following patch.
>>>
>>> Prepare GetRngGuid() return values and add GUIDs describing
>>> Rng algorithms:
>>> - gEfiRngAlgorithmArmRndr
>>> to describe a Rng algorithm accessed through Arm's RNDR instruction.
>>> [1] states that the implementation of this algorithm should be
>>> compliant to NIST SP900-80. The compliance is not guaranteed.
>>> - gEfiRngAlgorithmUnSafe
>>> to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
>>>
>>> [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
>>> sK12.1 'Properties of the generated random number'
>>>
>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>> ---
>>> MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
>>> MdePkg/MdePkg.dec | 2 ++
>>> 2 files changed, 22 insertions(+)
>>>
>>> diff --git a/MdePkg/Include/Protocol/Rng.h
>>> b/MdePkg/Include/Protocol/Rng.h
>>> index baf425587b3c..dfdaf36e41dc 100644
>>> --- a/MdePkg/Include/Protocol/Rng.h
>>> +++ b/MdePkg/Include/Protocol/Rng.h
>>> @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
>>> { \
>>> 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,
>>> 0x61 } \
>>> }
>>> +///
>>> +/// The Arm Architecture states the RNDR that the DRBG algorithm should
>>> be compliant
>>> +/// with NIST SP800-90A, while not mandating a particular algorithm, so as
>>> to be
>>> +/// inclusive of different geographies.
>>> +///
>>> +#define EFI_RNG_ALGORITHM_ARM_RNDR \
>>> + { \
>>> + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08,
>>> 0x41} \
>>> + }
>>> +///
>>> +/// The implementation of a Random Number Generator might be unsafe,
>>> when using
>>> +/// a dummy implementation for instance. Allow identifying such
>>> implementation
>>> +/// with this GUID.
>>> +///
>>> +#define EFI_RNG_ALGORITHM_UNSAFE \
>>> + { \
>>> + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,
>>> 0xf4 } \
>>> + }
>>>
>>> /**
>>> Returns information about the random number generation implementation.
>>> @@ -146,5 +164,7 @@ extern EFI_GUID
>>> gEfiRngAlgorithmSp80090Ctr256Guid;
>>> extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
>>> extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
>>> extern EFI_GUID gEfiRngAlgorithmRaw;
>>> +extern EFI_GUID gEfiRngAlgorithmArmRndr;
>>> +extern EFI_GUID gEfiRngAlgorithmUnSafe;
>>>
>>> #endif
>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>> index 0ecfad5795e4..754085eaa55b 100644
>>> --- a/MdePkg/MdePkg.dec
>>> +++ b/MdePkg/MdePkg.dec
>>> @@ -633,6 +633,8 @@ [Guids]
>>> gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3,
>>> 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
>>> gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1,
>>> 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
>>> gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7,
>>> 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
>>> + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02,
>>> 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
>>> + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac,
>>> 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
>>>
>>> ## Include/Protocol/AdapterInformation.h
>>> gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26,
>>> {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
>>> --
>>> 2.25.1
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#105806): https://edk2.groups.io/g/devel/message/105806
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Got it. Before that, I believe you can add the extension in MdeModulePkg or SecurityPkg.
> -----Original Message-----
> From: Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> Sent: Tuesday, May 9, 2023 9:50 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; Pierre Gondois
> <Pierre.Gondois@arm.com>; devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Sami Mujawar <Sami.Mujawar@arm.com>;
> Jose Marinho <Jose.Marinho@arm.com>; Samer El-Haj-Mahmoud
> <Samer.El-Haj-Mahmoud@arm.com>
> Subject: RE: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng
> algorithms
>
> Hi Jiewen,
>
> There is an open ECR for UEFI spec review:
> https://bugzilla.tianocore.org/show_bug.cgi?id=4441. These patches can
> wait on the list until the ECR is reviewed by UEFI Forum and the decision is
> documented in the BZ. If approved, then the code patches should be able to
> proceed.
>
> Thanks,
> --Samer
>
>
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Tuesday, May 9, 2023 9:46 AM
> > To: Pierre Gondois <Pierre.Gondois@arm.com>; devel@edk2.groups.io
> > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Wang,
> > Jian J <jian.j.wang@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>;
> > Sami Mujawar <Sami.Mujawar@arm.com>; Jose Marinho
> > <Jose.Marinho@arm.com>; Samer El-Haj-Mahmoud <Samer.El-Haj-
> > Mahmoud@arm.com>
> > Subject: RE: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng
> algorithms
> >
> > Is this defined in UEFI spec? or approved in future UEFI spec?
> >
> > > -----Original Message-----
> > > From: pierre.gondois@arm.com <pierre.gondois@arm.com>
> > > Sent: Tuesday, May 9, 2023 3:41 PM
> > > To: devel@edk2.groups.io
> > > Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
> > > <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>;
> Yao,
> > > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Ard
> > > Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
> > > <sami.mujawar@arm.com>; Jose Marinho <Jose.Marinho@arm.com>;
> > > Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>
> > > Subject: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng
> algorithms
> > >
> > > From: Pierre Gondois <pierre.gondois@arm.com>
> > >
> > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
> > >
> > > The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> > > implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> > > To allow the RngDxe to detect when such implementation is used,
> > > a GetRngGuid() function is added in a following patch.
> > >
> > > Prepare GetRngGuid() return values and add GUIDs describing
> > > Rng algorithms:
> > > - gEfiRngAlgorithmArmRndr
> > > to describe a Rng algorithm accessed through Arm's RNDR instruction.
> > > [1] states that the implementation of this algorithm should be
> > > compliant to NIST SP900-80. The compliance is not guaranteed.
> > > - gEfiRngAlgorithmUnSafe
> > > to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
> > >
> > > [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
> > > sK12.1 'Properties of the generated random number'
> > >
> > > Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> > > ---
> > > MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
> > > MdePkg/MdePkg.dec | 2 ++
> > > 2 files changed, 22 insertions(+)
> > >
> > > diff --git a/MdePkg/Include/Protocol/Rng.h
> > > b/MdePkg/Include/Protocol/Rng.h
> > > index baf425587b3c..dfdaf36e41dc 100644
> > > --- a/MdePkg/Include/Protocol/Rng.h
> > > +++ b/MdePkg/Include/Protocol/Rng.h
> > > @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
> > > { \
> > > 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6,
> 0x85,
> > > 0x61 } \
> > > }
> > > +///
> > > +/// The Arm Architecture states the RNDR that the DRBG algorithm
> should
> > > be compliant
> > > +/// with NIST SP800-90A, while not mandating a particular algorithm, so
> as
> > > to be
> > > +/// inclusive of different geographies.
> > > +///
> > > +#define EFI_RNG_ALGORITHM_ARM_RNDR \
> > > + { \
> > > + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78,
> 0x08,
> > > 0x41} \
> > > + }
> > > +///
> > > +/// The implementation of a Random Number Generator might be
> unsafe,
> > > when using
> > > +/// a dummy implementation for instance. Allow identifying such
> > > implementation
> > > +/// with this GUID.
> > > +///
> > > +#define EFI_RNG_ALGORITHM_UNSAFE \
> > > + { \
> > > + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1,
> 0xb3,
> > > 0xf4 } \
> > > + }
> > >
> > > /**
> > > Returns information about the random number generation
> implementation.
> > > @@ -146,5 +164,7 @@ extern EFI_GUID
> > > gEfiRngAlgorithmSp80090Ctr256Guid;
> > > extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
> > > extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
> > > extern EFI_GUID gEfiRngAlgorithmRaw;
> > > +extern EFI_GUID gEfiRngAlgorithmArmRndr;
> > > +extern EFI_GUID gEfiRngAlgorithmUnSafe;
> > >
> > > #endif
> > > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> > > index 0ecfad5795e4..754085eaa55b 100644
> > > --- a/MdePkg/MdePkg.dec
> > > +++ b/MdePkg/MdePkg.dec
> > > @@ -633,6 +633,8 @@ [Guids]
> > > gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012,
> {0xa3,
> > > 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
> > > gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d,
> {0xb1,
> > > 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
> > > gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7,
> > > 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
> > > + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79,
> {0x02,
> > > 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
> > > + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac,
> > > 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
> > >
> > > ## Include/Protocol/AdapterInformation.h
> > > gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26,
> > > {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
> > > --
> > > 2.25.1
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#104373): https://edk2.groups.io/g/devel/message/104373
Mute This Topic: https://groups.io/mt/98779041/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.