On Thu, 14 Nov 2019 at 08:03, Wang, Jian J <jian.j.w...@intel.com> wrote: > > Ard, > > > > -----Original Message----- > > From: Ard Biesheuvel <ard.biesheu...@linaro.org> > > Sent: Thursday, November 14, 2019 3:41 PM > > To: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J > > <jian.j.w...@intel.com> > > Cc: Leif Lindholm <leif.lindh...@linaro.org>; Laszlo Ersek > > <ler...@redhat.com> > > Subject: Re: [edk2-devel] [PATCH 09/11] ArmVirtPkg/ArmVirt.dsc.inc: specify > > RngLib instances in dsc files > > > > On Thu, 14 Nov 2019 at 02:18, Wang, Jian J <jian.j.w...@intel.com> wrote: > > > > > > Per BZ1871, OpensslLib will depend on RngLib instead of TimerLib. Update > > > ArmVirt.dsc.inc file to accommodate the coming changes. It's supposed > > > that only TlsDxe needs random number. The RngDxeLib is added for it. For > > > all other drivers, RngLibNull is used by default. > > > > > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > Cc: Leif Lindholm <leif.lindh...@linaro.org> > > > Cc: Laszlo Ersek <ler...@redhat.com> > > > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > > > Signed-off-by: Jian J Wang <jian.j.w...@intel.com> > > > > Does this mean we lose the ability to do HTTPS boot if we lack an > > implementation of EFI_RNG_PROTOCOL? > > The ArmVirtQemuXxx.dsc have EFI_RNG_PROTOCOL implemented. The > only one having problem is ArmVirtXen.dsc. >
No, it applies to all of them. The fact that a driver is available does not mean the virtual hardware is being provided. > What's your suggestion? Implementing one (RngLib or EFI_RNG_PROTOCOL) > for ARM particually (you guys need to do it) or add a general RngLib (like > cpu jitter) this time (I can do that)? > How does this work today? How does TLS obtain the entropy to generate the symmetric key for encryption? > > > > > --- > > > ArmVirtPkg/ArmVirt.dsc.inc | 2 ++ > > > 1 file changed, 2 insertions(+) > > > > > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > > > index 10037c938e..10e0890699 100644 > > > --- a/ArmVirtPkg/ArmVirt.dsc.inc > > > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > > > @@ -156,8 +156,10 @@ > > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > > !if $(NETWORK_TLS_ENABLE) == TRUE > > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > + > > RngLib|SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRng > > LibRngProtocol.inf > > > !else > > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > !endif > > > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > > > > > -- > > > 2.17.1.windows.2 > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#50646): https://edk2.groups.io/g/devel/message/50646 Mute This Topic: https://groups.io/mt/56714162/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
