summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPierre Gondois <pierre.gondois@arm.com>2024-08-30 13:42:52 +0200
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-09-13 14:34:21 +0000
commit273f43cec97c48890ddd1ce08de2ca9129a8c348 (patch)
tree7c91defe9835b64ef2bae773b35cdaf9c5eceb78
parent5ed8f64647f57c993ea979db0c7803b949db4262 (diff)
downloadedk2-273f43cec97c48890ddd1ce08de2ca9129a8c348.tar.gz
edk2-273f43cec97c48890ddd1ce08de2ca9129a8c348.tar.bz2
edk2-273f43cec97c48890ddd1ce08de2ca9129a8c348.zip
MdePkg/DxeRngLib: Add gEfiRngAlgorithmArmRndr to the secure algorithms
DxeRngLib iterates over a list of secure algorithms before trying to use the default algorithm provided by the Rng protocol. Add gEfiRngAlgorithmArmRndr to this list. The algorithm represented by this GUID is a secure DRBG of an unknown type, implemented by the aarch64 RNDR instruction. On AARCH64 platform, use the RNDR instruction as the first option if it is available. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-rw-r--r--MdePkg/Library/DxeRngLib/DxeRngLib.c7
-rw-r--r--MdePkg/Library/DxeRngLib/DxeRngLib.inf3
2 files changed, 10 insertions, 0 deletions
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
index 17c932d802..3092d3ebcf 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -33,6 +33,13 @@ typedef struct {
// the RNG protocol and are generally considered secure.
//
GLOBAL_REMOVE_IF_UNREFERENCED SECURE_RNG_ALGO_ARRAY mSecureHashAlgorithms[] = {
+ #ifdef MDE_CPU_AARCH64
+ {
+ &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG (through RNDR instr.)
+ "ARM-RNDR",
+ FALSE,
+ },
+ #endif
{
&gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256
"DRBG-CTR",
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.inf b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
index 0eff20d988..f430b12586 100644
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.inf
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
@@ -40,5 +40,8 @@
gEfiRngAlgorithmSp80090Hmac256Guid
gEfiRngAlgorithmRaw
+[Guids.AARCH64]
+ gEfiRngAlgorithmArmRndr
+
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES