summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Beaton <mjsbeaton@gmail.com>2024-09-08 11:33:43 +0100
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-09-09 17:53:44 +0000
commit3885a3edad618861168fe7081027867f1753ed42 (patch)
treef5b4a209a920b65ea8d73d0bd5687f2036a87f17
parente5715711a41b3a323b1605e41e5875d377e7c9c2 (diff)
downloadedk2-3885a3edad618861168fe7081027867f1753ed42.tar.gz
edk2-3885a3edad618861168fe7081027867f1753ed42.tar.bz2
edk2-3885a3edad618861168fe7081027867f1753ed42.zip
NetworkPkg/DxeNetLib: Update misleading comment
Commit 6862b9d538d96363635677198899e1669e591259 makes more explicit the previous logic of the code anyway, which is that it is (and was) only a fatal error if all secure algorithms fail. However the comment updated by this commit seems somewhat incompatible with that change, and even with the previous code (which operated as now, just logging different error messages). This updates the comment to be more compatible with how the code operates. Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
-rw-r--r--NetworkPkg/Library/DxeNetLib/DxeNetLib.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..cf875d7af3 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -133,10 +133,16 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
// These represent UEFI SPEC defined algorithms that should be supported by
// the RNG protocol and are generally considered secure.
//
-// The order of the algorithms in this array is important. This order is the order
-// in which the algorithms will be tried by the RNG protocol.
-// If your platform needs to use a specific algorithm for the random number generator,
-// then you should place that algorithm first in the array.
+// Assuming that PcdEnforceSecureRngAlgorithms is TRUE (the default) then
+// only the algorithms defined here will be used by the network stack, and
+// none of these being available will result in an error condition (even if
+// some other RNG implementation is available).
+//
+// If PcdEnforceSecureRngAlgorithms is FALSE this list is not consulted,
+// and the first available RNG algorithm is used.
+//
+// If your platform needs to use a specific algorithm for the random number
+// generator, then you should modify this array.
//
GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
&gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256