On Wed, 4 Sept 2024 at 13:39, <pierre.gond...@arm.com> wrote: > > From: Pierre Gondois <pierre.gond...@arm.com> > > Juno's RngLib implementation is: > > - BaseRngLib.inf if a secure RngLib is enforced > - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated > > BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction > returns a DRBG-generated random number. The DRBG used is considered > as secure. > The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't > support it. > > When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set), > the Juno cannot generate secure random numbers through the RngLib. > Secure random numbers could be generated by using the Juno's TRNG. > This can be done by: > > - using the RngDxeLib implementation of the RngLib > - RngDxeLib relies on the RngDxe > - the RngDxe has access to the TRNG > > Pierre Gondois (3): > Platform/ARM: Place MdeLibs.dsc.inc as the first include > Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg > Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation >
Reviewed-by: Ard Biesheuvel <a...@kernel.org> Please ping me when this can be merged. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120494): https://edk2.groups.io/g/devel/message/120494 Mute This Topic: https://groups.io/mt/108262991/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
