On 08/05/2024 22:19, Ard Biesheuvel wrote:
I've always found that logic rather bizarre - there is no way the
implementation of the raw protocol can ensure that the caller uses it
correctly, and so enforcing a minimum read size is pointless and
arbitrary. And as you note, it has no basis in the UEFI spec either.
So this should just be removed imo.
For what it's worth, I agree that it should be removed.
iPXE has the following comment:
/** Minimum number of bytes to request from RNG
*
* The UEFI spec states (for no apparently good reason) that "When a
* Deterministic Random Bit Generator (DRBG) is used on the output of
* a (raw) entropy source, its security level must be at least 256
* bits." The EDK2 codebase (mis)interprets this to mean that the
* call to GetRNG() should fail if given a buffer less than 32 bytes.
*
* Incidentally, nothing in the EFI RNG protocol provides any way to
* report the actual amount of entropy returned by GetRNG().
*/
#define EFIRNG_LEN 32
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118705): https://edk2.groups.io/g/devel/message/118705
Mute This Topic: https://groups.io/mt/105983246/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
