[edk2-devel] [RFC PATCH v1 30/30] ArmVirtPkg: Kvmtool: Switch to use BaseRng for AArch64

Sami Mujawar Tue, 25 Apr 2023 09:05:21 -0700

The kvmtool guest firmware is using the default RNG library
defined in ArmVirtPkg.dsc.inc which is BaseRngLibTimerLib.


BaseRngLibTimerLib is only present to use for test purposes on
platforms that do not have a suitable RNG source and must not be
used for production purposes.

Armv8.5 introduces random number instructions (e.g., RNDR) which
return a 64-bit random number. Although, this feature is optional,
it can be assumed that most modern platforms will implement this
support. This feature i.e. FEAT_RNG can be discovered by examining
the processor feature registers.

It is therefore desirable to use the RNDR instructions instead of
using the default BaseRngLibTimerLib which is unsafe.

The BaseRngLib in MdePkg already implements the RNG support using
RNDR. However, it is worth noting that FEAT_RNG is supported in
AArch64 state only. Therefore, switch to using the BaseRngLib
instance for AArch64 firmware builds. The AArch32 firmware builds
will continue to use BaseRngLibTimerLib.

Note: The guest firmware already supports Virtio RNG. So, should
the processor not implement FEAT_RNG, the guest firmware can fall
back to use Virtio RNG.

Signed-off-by: Sami Mujawar <sami.muja...@arm.com>
---
 ArmVirtPkg/ArmVirtKvmTool.dsc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
index 
d9dd7a67307ffed5da16837301f18e7715187450..829a378a8dcfdbb5045db3610104a0f5c43431dc
 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.dsc
+++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
@@ -89,6 +89,7 @@ [LibraryClasses.common]
 [LibraryClasses.AARCH64]
   ArmCcaLib|ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf
   ArmCcaRsiLib|ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.inf
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
 
 [LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE, 
LibraryClasses.common.PEIM]
   PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf
@@ -170,6 +171,10 @@ [PcdsFixedAtBuild.common]
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
 !endif
 
+  # Define a UUID that represents the CPU based RNG algorithm implemented by 
RNDR
+  # {BABE3B70-6474-4C0C-AFD8-3B8A32482C40}
+  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{ 0xba, 0xbe, 
0x3b, 0x70, 0x64, 0x74, 0x4c, 0x0c, 0xaf, 0xd8, 0x3b, 0x8a, 0x32, 0x48, 0x2c, 
0x40}
+
 [PcdsPatchableInModule.common]
   #
   # This will be overridden in the code
-- 
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#103575): https://edk2.groups.io/g/devel/message/103575
Mute This Topic: https://groups.io/mt/98495988/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [RFC PATCH v1 30/30] ArmVirtPkg: Kvmtool: Switch to use BaseRng for AArch64

Reply via email to