SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function and place the unsage algorithm at the last position in the mAvailableAlgoArray. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Jiewen Yao <Jiewen.yao@intel.com> Tested-by: Kun Qin <kun.qin@microsoft.com>
This commit is contained in:
committed by
mergify[bot]
parent
5443c2dc31
commit
19438cff97
@@ -78,6 +78,7 @@ RngGetRNG (
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
UINTN Index;
|
||||
GUID RngGuid;
|
||||
|
||||
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -102,7 +103,10 @@ RngGetRNG (
|
||||
}
|
||||
|
||||
FoundAlgo:
|
||||
if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
Status = GetRngGuid (&RngGuid);
|
||||
if (!EFI_ERROR (Status) &&
|
||||
CompareGuid (RNGAlgorithm, &RngGuid))
|
||||
{
|
||||
Status = RngGetBytes (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
}
|
||||
|
Reference in New Issue
Block a user