From f27e204cfeb2b7edb852cc934d3d86db4fd9828d Mon Sep 17 00:00:00 2001 From: Pierre Gondois Date: Tue, 3 Sep 2024 17:23:35 +0200 Subject: [PATCH] Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation Juno's RngLib implementation is: - BaseRngLib.inf if a secure RngLib is enforced - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction returns a DRBG-generated random number. The DRBG used is considered as secure. The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't support it. When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set), the Juno cannot generate secure random numbers through the RngLib. Secure random numbers could be generated by using the Juno's TRNG. This can be done by: - using the RngDxeLib implementation of the RngLib - RngDxeLib relies on the RngDxe - the RngDxe has access to the TRNG Signed-off-by: Pierre Gondois --- Platform/ARM/JunoPkg/ArmJuno.dsc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc index b0edecdc39..ea665fd2b4 100644 --- a/Platform/ARM/JunoPkg/ArmJuno.dsc +++ b/Platform/ARM/JunoPkg/ArmJuno.dsc @@ -45,6 +45,8 @@ # Trng Supports. ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf + # Rng + RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.inf NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFlashJunoLib.inf @@ -407,6 +409,18 @@ # SCMI Driver ArmPkg/Drivers/ArmScmiDxe/ArmScmiDxe.inf + # + # Rng + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + !if $(ENABLE_UNSAFE_RNGLIB) == TRUE + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + !else + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + !endif + } + [Components.AARCH64] # # EBC