Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: bc02b255a83dbad98aa63a86b2cee82f1205e2e0
https://github.com/tianocore/edk2/commit/bc02b255a83dbad98aa63a86b2cee82f1205e2e0
Author: Pierre Gondois <pierre.gond...@arm.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M MdePkg/MdePkg.dec
M NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
M NetworkPkg/NetworkPkg.dec
Log Message:
-----------
MdePkg: Move PcdEnforceSecureRngAlgorithms from NetworkPkg
The PcdEnforceSecureRngAlgorithms Pcd enforces the use of RNG
algorithms defined by the UEFI spec. To re-use the Pcd in other
packages and have a generic mean to control the usage of unsecure
algorithms, move the Pcd to the MdePkg.
Continuous-integration-options: PatchCheck.ignore-multi-package
Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
Commit: c04c4534c4a5093c116b0670c34d11df9440dd7b
https://github.com/tianocore/edk2/commit/c04c4534c4a5093c116b0670c34d11df9440dd7b
Author: Pierre Gondois <pierre.gond...@arm.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M MdePkg/Library/DxeRngLib/DxeRngLib.c
M MdePkg/Library/DxeRngLib/DxeRngLib.inf
Log Message:
-----------
MdePkg/DxeRngLib: Refactor Rng algorithm selection
Add a library constructor which:
- locate the RNG prototocol and keep a reference to it in order to avoid
locating it multiple times (for each random number generation)
- check which secure algorithm is available on the platform.
This avoids to try each secure algorithm until finding one
available for each random number generation call.
Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
Commit: 5ed8f64647f57c993ea979db0c7803b949db4262
https://github.com/tianocore/edk2/commit/5ed8f64647f57c993ea979db0c7803b949db4262
Author: Pierre Gondois <pierre.gond...@arm.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M MdePkg/Library/DxeRngLib/DxeRngLib.c
M MdePkg/Library/DxeRngLib/DxeRngLib.inf
Log Message:
-----------
MdePkg/DxeRngLib: Use PcdEnforceSecureRngAlgorithms for default algorithm
Use PcdEnforceSecureRngAlgorithms to allow using the Rng protocol
with the default algorithm. All previous call to the Rng protocol
are requesting a secure Rng algorithm.
Not specifying the Rng algorithm GUID to use is considered unsecure.
Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
Commit: 273f43cec97c48890ddd1ce08de2ca9129a8c348
https://github.com/tianocore/edk2/commit/273f43cec97c48890ddd1ce08de2ca9129a8c348
Author: Pierre Gondois <pierre.gond...@arm.com>
Date: 2024-09-13 (Fri, 13 Sep 2024)
Changed paths:
M MdePkg/Library/DxeRngLib/DxeRngLib.c
M MdePkg/Library/DxeRngLib/DxeRngLib.inf
Log Message:
-----------
MdePkg/DxeRngLib: Add gEfiRngAlgorithmArmRndr to the secure algorithms
DxeRngLib iterates over a list of secure algorithms before trying
to use the default algorithm provided by the Rng protocol. Add
gEfiRngAlgorithmArmRndr to this list. The algorithm represented by
this GUID is a secure DRBG of an unknown type, implemented by the
aarch64 RNDR instruction.
On AARCH64 platform, use the RNDR instruction as the first option
if it is available.
Signed-off-by: Pierre Gondois <pierre.gond...@arm.com>
Compare: https://github.com/tianocore/edk2/compare/5c8bdb190f6d...273f43cec97c
To unsubscribe from these emails, change your notification settings at
https://github.com/tianocore/edk2/settings/notifications
_______________________________________________
edk2-commits mailing list
edk2-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-commits
