Platform/ARM/Juno: Use RngDxeLib #202
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For a same MODELE_TYPE/ARCH LibraryClasses section, multiple libraries can be defined. E.g.: [LibraryClasses.AARCH64.DXE_DRIVER] ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf In such case, the latest defined library is used. DSC files can include other files. MdeLibs.dsc.inc is included after other .dsc.inc files in some ARM platforms, even though it provides NULL libraries and only aims to satisfy dependencies. For the Juno, not having MdeLibs.dsc.inc as the fist included file leads to overriding the ArmTrngLib with its NULL instance. Place MdeLibs.dsc.inc as the first file included for all ARM platforms. Signed-off-by: Pierre Gondois <[email protected]>
Reflect the deplacement of PcdEnforceSecureRngAlgorithms from the NetworkPkg to the MdePkg. Signed-off-by: Pierre Gondois <[email protected]>
Juno's RngLib implementation is: - BaseRngLib.inf if a secure RngLib is enforced - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction returns a DRBG-generated random number. The DRBG used is considered as secure. The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't support it. When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set), the Juno cannot generate secure random numbers through the RngLib. Secure random numbers could be generated by using the Juno's TRNG. This can be done by: - using the RngDxeLib implementation of the RngLib - RngDxeLib relies on the RngDxe - the RngDxe has access to the TRNG Signed-off-by: Pierre Gondois <[email protected]>
samimujawar
approved these changes
Sep 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Juno's RngLib implementation is:
BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.
When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by: