I've always found that logic rather bizarre - there is no way the implementation of the raw protocol can ensure that the caller uses it correctly, and so enforcing a minimum read size is pointless and arbitrary. And as you note, it has no basis in the UEFI spec either.
So this should just be removed imo. On Wed, 8 May 2024 at 22:40, Doug Flick via groups.io <dougflick=microsoft....@groups.io> wrote: > > Ard, > > I went ahead an added your suggestion to use gEfiRngAlgorithmRaw. This > however led me to discover a difference in behavior in x86 based platforms > and Arm based platforms and I'm usure which is the correct behavior. > > On x86 based platforms, if the RngValueLength being requested is less than 32 > (256bits). Then it returns EFI_INVALID_PARAMETER (despite the function header > not indicating that's possible) > https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c#L123 > > and it assumes that "When a Deterministic Random Bit Generator (DRBG) is used > on the output of a (raw) entropy source, its security level must be at least > 256 bits." means it shouldn't support requests smaller than 32 bytes. > https://uefi.org/specs/UEFI/2.10/37_Secure_Technologies.html#random-number-generator-protocol > > On Arm based Platforms it doesn't make this assumption and behaves according > to the specification. > https://github.com/tianocore/edk2/blob/b82c9631da39ca5a1f0702185a46fea60446dd0a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L106C35-L106C54 > > Right now my thought is that x86 machines are making an incorrect assumption > where the seed to a DRNG needs to be at least 256 bits by nist > recommendations but a caller should be free to request values smaller than 32 > bytes. > > Would you assume the same before I make a change to the x86 code to remove > that check? > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118704): https://edk2.groups.io/g/devel/message/118704 Mute This Topic: https://groups.io/mt/105983246/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
