From 066da6bd6625afdd5a2a37f9efc6a24be498ef71 Mon Sep 17 00:00:00 2001 From: Pierre Gondois Date: Fri, 30 Aug 2024 13:42:52 +0200 Subject: [PATCH] MdePkg/DxeRngLib: Add gEfiRngAlgorithmArmRndr to the secure algorithms DxeRngLib iterates over a list of secure algorithms before trying to use the default algorithm provided by the Rng protocol. Add gEfiRngAlgorithmArmRndr to this list. The algorithm represented by this GUID is a secure DRBG of an unknown type, implemented by the aarch64 RNDR instruction. On AARCH64 platform, use the RNDR instruction as the first option if it is available. Signed-off-by: Pierre Gondois --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 7 +++++++ MdePkg/Library/DxeRngLib/DxeRngLib.inf | 3 +++ 2 files changed, 10 insertions(+) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c index 17c932d802c7..3092d3ebcf80 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -33,6 +33,13 @@ typedef struct { // the RNG protocol and are generally considered secure. // GLOBAL_REMOVE_IF_UNREFERENCED SECURE_RNG_ALGO_ARRAY mSecureHashAlgorithms[] = { + #ifdef MDE_CPU_AARCH64 + { + &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG (through RNDR instr.) + "ARM-RNDR", + FALSE, + }, + #endif { &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256 "DRBG-CTR", diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.inf b/MdePkg/Library/DxeRngLib/DxeRngLib.inf index 0eff20d98886..f430b12586eb 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.inf +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.inf @@ -40,5 +40,8 @@ gEfiRngAlgorithmSp80090Hmac256Guid gEfiRngAlgorithmRaw +[Guids.AARCH64] + gEfiRngAlgorithmArmRndr + [FixedPcd] gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES