On Mon, May 06, 2024 at 10:22:07PM GMT, Doug Flick wrote: > All, > > In order to patch Tianocore Bugzilla issues and CVEs: > 4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs > (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4541> > and > 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator > (tianocore.org)<https://bugzilla.tianocore.org/show_bug.cgi?id=4542> > > I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've > been able to add the relevant libraries to the DSCs of OvmfPkg and > EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg. > > Would someone more knowledgeable with ArmVirtPkg take a look this PR.
Both OVMF and ArmVirt use the virtio random number device as source for random numbers. Driver: OvmfPkg/VirtioRngDxe Some Background: https://wiki.qemu.org/Features/VirtIORNG Typically the virtio rng device is present in virtual machine configurations. It might be missing though. I'd recommend: (1) Do *not* add RngDxe to OvmfPkg and ArmVirtPkg dsc files, instead continue to depend on VirtioRngDxe. (2) Keep the time-based not-really-random RNG generator as fallback in case EFI_RNG_PROTOCOL is not present (possibly requiring a PCD being set so the fallback option can be disabled at build time). HTH & take care, Gerd -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118642): https://edk2.groups.io/g/devel/message/118642 Mute This Topic: https://groups.io/mt/105949609/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
