[edk2-devel] [PATCH 3/3] Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation

Wed, 04 Sep 2024 04:39:41 -0700 

From: Pierre Gondois <pierre.gond...@arm.com>

Juno's RngLib implementation is:
- BaseRngLib.inf if a secure RngLib is enforced
- BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated

BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.

When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by:
- using the RngDxeLib implementation of the RngLib
- RngDxeLib relies on the RngDxe
- the RngDxe has access to the TRNG

Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
---
 Platform/ARM/JunoPkg/ArmJuno.dsc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index b0edecdc399c..ea665fd2b481 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -45,6 +45,8 @@ [LibraryClasses.common]
   # Trng Supports.
   ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
   ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
+  # Rng
+  RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
 
   
NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.inf
   
NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFlashJunoLib.inf
@@ -407,6 +409,18 @@ [Components.common]
   # SCMI Driver
   ArmPkg/Drivers/ArmScmiDxe/ArmScmiDxe.inf
 
+  #
+  # Rng
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+    <LibraryClasses>
+    !if $(ENABLE_UNSAFE_RNGLIB) == TRUE
+      RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+    !else
+      RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+    !endif
+  }
+
 [Components.AARCH64]
   #
   # EBC
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120493): https://edk2.groups.io/g/devel/message/120493
Mute This Topic: https://groups.io/mt/108262994/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to