Apologies, I meant this as a reply to the ArmVirtPkg change, not the OVMF one.
On Thu, 9 May 2024 at 10:45, Ard Biesheuvel <a...@kernel.org> wrote:
>
> So this patch is necessary as otherwise, QEMU fails to boot due to a
> missing source of randomness in the network drivers, right?
>
> Does this imply that all QEMU deployments that rely on the bundled
> firmware images (e.g., for micro-VMs and container use cases) will now
> fail to boot if the pre-existing QEMU launch script happens to omit
> the virtio-rng device?
>
> If so, we absolutely need a fallback here - RngDxe based on TRNG (for
> KVM use cases) as well as RNDR (for TCG with CPU max). This may still
> break some deployments, but the vast majority should be covered.
>
> RNDR raises another interesting problem, by the way - the ARM arch
> spec requires RNDR to be backed by an appropriate DRBG that complies
> with the NIST spec but it does not specify which one. IOW, it is
> backed by a DRBG not by a raw entropy source, but specifying which
> DRBG (by GUID) is not generally feasible, as the guest VM firmware
> cannot interrogate the host about which DRBG is behind RNDR.
>
> TL;DR there are a couple of loose ends here, and so rushing it through
> doesn't seem wise imho. I'd rather leave ARM behind with these CVE
> fixes than break many different use cases in different ways.
>
>
>
> On Thu, 9 May 2024 at 07:56, Doug Flick <doug.e...@gmail.com> wrote:
> >
> > This patch adds "virtio-rng-pci" to the PlatformBuildLib.py
> > This adds Rng services to the guest VM
> >
> > Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
> > Cc: Jiewen Yao <jiewen....@intel.com>
> > Cc: Gerd Hoffmann <kra...@redhat.com>
> >
> > Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com>
> > ---
> > OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > index 00d454954bff..3fe80f5c1caa 100644
> > --- a/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > +++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py
> > @@ -208,6 +208,8 @@ class PlatformBuilder( UefiBuilder,
> > BuildSettingsManager):
> > args += " -net none"
> > # turn off network
> > args += " -smp 4"
> > args += f" -drive
> > file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with
> > startup.nsh
> > + # Provides Rng services to the Guest VM
> > + args += " -device virtio-rng-pci"
> >
> > if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"):
> > args += " -display none" # no graphics
> > --
> > 2.34.1
> >
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118754): https://edk2.groups.io/g/devel/message/118754
Mute This Topic: https://groups.io/mt/105996580/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
