[edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe
Ard Biesheuvel
ardb at kernel.org
Mon Mar 6 17:36:57 UTC 2023
On Mon, 6 Mar 2023 at 18:09, Pierre Gondois <pierre.gondois at arm.com> wrote:
>
> Hello Jiewen, Ard,
> Thanks for the review.
>
> On 3/6/23 17:22, Ard Biesheuvel wrote:
> > On Mon, 6 Mar 2023 at 16:42, Yao, Jiewen <jiewen.yao at intel.com> wrote:
> >>
> >> Hi Pierre
> >> I don’t have strong opinion.
> >>
> >> For ARM specific patch, would you please get R-B from ARM expert?
> >>
> >> I think we need to wait for the response from Ard to confirm.
> >>
> >
> > These patches
> >
> > SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
> > SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
> >
> > Reviewed-by: Ard Biesheuvel <ardb at kernel.org>
> >
> > Jiewen, if you don't mind, I will merge those right away.
> >
> > For the remaining patch, I am not sure I understand why the behavior
> > regarding the zero GUID is correct. Perhaps we could
> > revisit/resend/review that patch in isolation?
>
> About the zero GUID, the PcdCpuRngSupportedAlgorithm allows to describe
> the platform specific rng algorithm used. However KvmTool could run
> on any platform, so PcdCpuRngSupportedAlgorithm cannot be set to a proper
> GUID value.
OK so the problem is that we don't know which exact algorithm is being
used to back the RNDR/RNDRRS system registers?
In that case, we just invent a GUID and document it as 'unspecified
NIST SP800-90A Rev 1 conformant algorithm', and use that as the
default.
Then, we can treat the zero guid as 'not implemented', and ignore it.
That means not installing the RNG protocol at all if neither the
system register nor the hypercall based RNG is available.
> A zero GUID is not really compliant to the UEFI spec (s37.5.1 EFI RNG
> Algorithm Definitions), but I am not sure which other choice could be
> made,
>
> I'm not sure this was your question, please let know if it wasn't,
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#100757): https://edk2.groups.io/g/devel/message/100757
Mute This Topic: https://groups.io/mt/95240503/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list