1 files changed, 10 insertions, 4 deletions

diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..cf875d7af3 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -133,10 +133,16 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH  mNetVlanDevicePathTemplate = {
 // These represent UEFI SPEC defined algorithms that should be supported by

 // the RNG protocol and are generally considered secure.

 //

-// The order of the algorithms in this array is important. This order is the order

-// in which the algorithms will be tried by the RNG protocol.

-// If your platform needs to use a specific algorithm for the random number generator,

-// then you should place that algorithm first in the array.

+// Assuming that PcdEnforceSecureRngAlgorithms is TRUE (the default) then

+// only the algorithms defined here will be used by the network stack, and

+// none of these being available will result in an error condition (even if

+// some other RNG implementation is available).

+//

+// If PcdEnforceSecureRngAlgorithms is FALSE this list is not consulted,

+// and the first available RNG algorithm is used.

+//

+// If your platform needs to use a specific algorithm for the random number

+// generator, then you should modify this array.

 //

 GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID  *mSecureHashAlgorithms[] = {

   &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256