MdePkg/DxeRngLib: Add gEfiRngAlgorithmArmRndr to the secure algorithms

DxeRngLib iterates over a list of secure algorithms before trying
to use the default algorithm provided by the Rng protocol. Add
gEfiRngAlgorithmArmRndr to this list. The algorithm represented by
this GUID is a secure DRBG of an unknown type, implemented by the
aarch64 RNDR instruction.
On AARCH64 platform, use the RNDR instruction as the first option
if it is available.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
index 17c932d802c78051c33d3fd1e9bfe1ca4aaf1513..3092d3ebcf802f347c722a506c83e94770a74be5 100644 (file)
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
@@ -33,6 +33,13 @@ typedef struct {
 // the RNG protocol and are generally considered secure.\r
 //\r
 GLOBAL_REMOVE_IF_UNREFERENCED SECURE_RNG_ALGO_ARRAY  mSecureHashAlgorithms[] = {\r
+ #ifdef MDE_CPU_AARCH64\r
+  {\r
+    &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG (through RNDR instr.)\r
+    "ARM-RNDR",\r
+    FALSE,\r
+  },\r
+ #endif\r
   {\r
     &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256\r
     "DRBG-CTR",\r

diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.inf b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
index 0eff20d98886f40c6f1d56c13bb003db361b2a1b..f430b12586ebf141d1e8634c25a5e6b9fa033651 100644 (file)
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.inf
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.inf
@@ -40,5 +40,8 @@
   gEfiRngAlgorithmSp80090Hmac256Guid\r
   gEfiRngAlgorithmRaw\r
 \r
+[Guids.AARCH64]\r
+  gEfiRngAlgorithmArmRndr\r
+\r
 [FixedPcd]\r
   gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES\r