Ard,
> -----Original Message----- > From: Ard Biesheuvel <ard.biesheu...@linaro.org> > Sent: Thursday, November 14, 2019 4:14 PM > To: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J > <jian.j.w...@intel.com> > Cc: Leif Lindholm <leif.lindh...@linaro.org>; Laszlo Ersek <ler...@redhat.com> > Subject: Re: [edk2-devel] [PATCH 09/11] ArmVirtPkg/ArmVirt.dsc.inc: specify > RngLib instances in dsc files > > On Thu, 14 Nov 2019 at 08:03, Wang, Jian J <jian.j.w...@intel.com> wrote: > > > > Ard, > > > > > > > -----Original Message----- > > > From: Ard Biesheuvel <ard.biesheu...@linaro.org> > > > Sent: Thursday, November 14, 2019 3:41 PM > > > To: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J > > > <jian.j.w...@intel.com> > > > Cc: Leif Lindholm <leif.lindh...@linaro.org>; Laszlo Ersek > <ler...@redhat.com> > > > Subject: Re: [edk2-devel] [PATCH 09/11] ArmVirtPkg/ArmVirt.dsc.inc: > > > specify > > > RngLib instances in dsc files > > > > > > On Thu, 14 Nov 2019 at 02:18, Wang, Jian J <jian.j.w...@intel.com> wrote: > > > > > > > > Per BZ1871, OpensslLib will depend on RngLib instead of TimerLib. Update > > > > ArmVirt.dsc.inc file to accommodate the coming changes. It's supposed > > > > that only TlsDxe needs random number. The RngDxeLib is added for it. For > > > > all other drivers, RngLibNull is used by default. > > > > > > > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > > Cc: Leif Lindholm <leif.lindh...@linaro.org> > > > > Cc: Laszlo Ersek <ler...@redhat.com> > > > > Cc: Ard Biesheuvel <ard.biesheu...@linaro.org> > > > > Signed-off-by: Jian J Wang <jian.j.w...@intel.com> > > > > > > Does this mean we lose the ability to do HTTPS boot if we lack an > > > implementation of EFI_RNG_PROTOCOL? > > > > The ArmVirtQemuXxx.dsc have EFI_RNG_PROTOCOL implemented. The > > only one having problem is ArmVirtXen.dsc. > > > > No, it applies to all of them. The fact that a driver is available > does not mean the virtual hardware is being provided. > I see. Do you still want me to add the VirtioRngDxe into it? > > What's your suggestion? Implementing one (RngLib or EFI_RNG_PROTOCOL) > > for ARM particually (you guys need to do it) or add a general RngLib (like > > cpu jitter) this time (I can do that)? > > > > How does this work today? How does TLS obtain the entropy to generate > the symmetric key for encryption? > I'm not expert of this area. I just read the code to find out the usages. Here're some use cases (maybe more): - session id - IV for encryption - fill hello random data - generate RFC5077 ticket key - post-handshake auth Regards, Jian > > > > > > > --- > > > > ArmVirtPkg/ArmVirt.dsc.inc | 2 ++ > > > > 1 file changed, 2 insertions(+) > > > > > > > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc > > > > index 10037c938e..10e0890699 100644 > > > > --- a/ArmVirtPkg/ArmVirt.dsc.inc > > > > +++ b/ArmVirtPkg/ArmVirt.dsc.inc > > > > @@ -156,8 +156,10 @@ > > > > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > > > > !if $(NETWORK_TLS_ENABLE) == TRUE > > > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > > > + > > > > RngLib|SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRng > > > LibRngProtocol.inf > > > > !else > > > > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf > > > > + RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > > !endif > > > > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > > > > > > > > -- > > > > 2.17.1.windows.2 > > > > > > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#50653): https://edk2.groups.io/g/devel/message/50653 Mute This Topic: https://groups.io/mt/56714162/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
