Re: [edk2-devel] [PATCH 0/3] OVMF: support EFI_RNG_PROTOCOL without virtio-rng

Could we get this merged? -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#98254): https://edk2.groups.io/g/devel/message/98254 Mute This Topic: https://groups.io/mt/94935839/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https:

Re: [edk2-devel] [PATCH v2 1/1] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID

On Tue, Nov 22, 2022 at 4:56 PM Pedro Falcato wrote: > > On Tue, Nov 22, 2022 at 3:39 PM Jason A. Donenfeld wrote: >> >> On Tue, Nov 22, 2022 at 4:32 PM Pedro Falcato >> wrote: >> > + // Testing algorithm inspired by linux's >> > arch/x86/kernel/cpu/rdrand.c:x86_init_rdrand >> > + // as reli

Re: [edk2-devel] [PATCH v2 1/1] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID

On Tue, Nov 22, 2022 at 4:32 PM Pedro Falcato wrote: > + // Testing algorithm inspired by linux's > arch/x86/kernel/cpu/rdrand.c:x86_init_rdrand > + // as relicensed by the author, Jason Donenfeld, in the EDK2 mailing list. > + // As is, the algorithm samples rdrand $RDRAND_TEST_SAMPLES times

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation

Hi again, On Tue, Nov 22, 2022 at 11:35:06AM +, Pedro Falcato wrote: > We should probably also test for stupidly broken rdrand implementations > like the notorious Zen 3 which always return 0x (per xkcd 221 ;)). On this topic, if you did want to improve this part of that DXE, the kern

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation

Hi, On Tue, Nov 22, 2022 at 3:17 PM Pedro Falcato wrote: > I have sent out a patch (https://edk2.groups.io/g/devel/message/96552) fixing > the CPUID checks with a naive attempt to sniff out RDRAND issues. > Your Linux snippet is probably better but I couldn't look at it due to > licensing conce

Re: [edk2-devel] [PATCH 1/1] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID

Hi, On Tue, Nov 22, 2022 at 02:01:21PM +, Pedro Falcato wrote: > RDRAND has notoriously been broken many times over its lifespan. > Add a smoketest to RDRAND, in order to better sniff out potential > security concerns. > > Also add a proper CPUID test in order to support older CPUs which may

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation

Hi Pedro, On 11/22/22, Pedro Falcato wrote: > I am aware, but I'm more scared when it comes to very early boot (think > linux's EFI stub or some other bootloader) I can see how > an ill-advised RNG_PROTOCOL user can try to exclusively rely on it (if it's > available, which I don't believe it is a

Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation

Hi Pedro, On Tue, Nov 22, 2022 at 12:35 PM Pedro Falcato wrote: > Given this patch plus the corresponding linux-efi patches wrt RNG, I'm > mildly concerned about buggy RDRAND implementations compromising the > kernel's RNG. Is this not a concern? Speaking with my kernel RNG maintainer hat on, no

Re: [edk2-devel] [PATCH 0/3] OVMF: support EFI_RNG_PROTOCOL without virtio-rng

Hi Ard, On Thu, Nov 10, 2022 at 2:48 PM Ard Biesheuvel wrote: > > Currently, we only expose EFI_RNG_PROTOCOL when running under QEMU if it > exposes a virtio-rng device. This means that generic EFI apps or > loaders have no access to an entropy source if this device is > unavailable, unless they

Re: [edk2-devel] [PATCH 0/3] OVMF: support EFI_RNG_PROTOCOL without virtio-rng

Hi Ard, On Fri, Nov 11, 2022 at 8:47 AM Ard Biesheuvel wrote: > > On Fri, 11 Nov 2022 at 03:41, Jason A. Donenfeld wrote: > > > > Hi Ard, > > > > On Thu, Nov 10, 2022 at 2:48 PM Ard Biesheuvel wrote: > > > > > > Currently, we only expose EFI_RNG_PROTOCOL when running under QEMU if it > > > expo