Acked-by: Jiewe Yao <[email protected]> BTW: This patch is already got RB from below people. I suggest you can put them in commit directly.
Reviewed-by: Pierre Gondois <[email protected]> Reviewed-by: Ard Biesheuvel <[email protected]> Thank you Yao, Jiewen > -----Original Message----- > From: Flickdm <[email protected]> > Sent: Friday, May 24, 2024 1:45 PM > To: [email protected] > Cc: Yao, Jiewen <[email protected]> > Subject: [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on > GetRng > > Removed from gEfiRngAlgorithmRaw an incorrect assumption that > Raw cannot return less than 256 bits. The DRNG Algorithms > should always use a 256 bit seed as per nist standards > however a caller is free to request less than 256 bits. > > > > // > > // When a DRBG is used on the output of a entropy source, > > // its security level must be at least 256 bits according to UEFI > Spec. > > // > > if (RNGValueLength < 32) { > > return EFI_INVALID_PARAMETER; > > } > > > > AARCH64 platforms do not have this limitation and this brings both > implementations into alignment with each other and the spec. > > Cc: Jiewen Yao <[email protected]> > > Signed-off-by: Doug Flick [MSFT] <[email protected]> > Reviewed-by: Ard Biesheuvel <[email protected]> > --- > SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -------- > 1 file changed, 8 deletions(-) > > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > index 7e06e16e4b..5723ed6957 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > @@ -116,14 +116,6 @@ RngGetRNG ( > // The "raw" algorithm is intended to provide entropy directly > > // > > if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { > > - // > > - // When a DRBG is used on the output of a entropy source, > > - // its security level must be at least 256 bits according to UEFI Spec. > > - // > > - if (RNGValueLength < 32) { > > - return EFI_INVALID_PARAMETER; > > - } > > - > > Status = GenerateEntropy (RNGValueLength, RNGValue); > > return Status; > > } > > -- > 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119246): https://edk2.groups.io/g/devel/message/119246 Mute This Topic: https://groups.io/mt/106276859/21656 Group Owner: [email protected] Unsubscribe: https://edk2.groups.io/g/devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
