Supports ARM Platforms without needing to disable PcdEnforceSecureRng…

…Algorithms (#855) # Preface Please ensure you have read the [contribution docs](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md) prior to submitting the pull request. In particular, [pull request guidelines](https://github.com/microsoft/mu/blob/master/CONTRIBUTING.md#pull-request-best-practices). ## Description <_Please include a description of the change and why this change was made._> For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [X] Impacts functionality? - Adds two new accceptable algorithms to NetworkPkg Secure list - [X] Impacts security? - Allows for additional ARM specific algorithm and RAW - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested Tested on ARM platform ## Integration Instructions N/A
microsoft · May 20, 2024 · 3ba6589 · 3ba6589
1 parent 2efe4b2
commit 3ba6589
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -139,9 +139,11 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH  mNetVlanDevicePathTemplate = {
 // then you should place that algorithm first in the array.
 //
 GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID  *mSecureHashAlgorithms[] = {
-  &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256
-  &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
-  &gEfiRngAlgorithmSp80090Hash256Guid  // SP800-90A DRBG Hash using SHA-256
+  &gEfiRngAlgorithmSp80090Ctr256Guid,   // SP800-90A DRBG CTR using AES-256
+  &gEfiRngAlgorithmSp80090Hmac256Guid,  // SP800-90A DRBG HMAC using SHA-256
+  &gEfiRngAlgorithmSp80090Hash256Guid,  // SP800-90A DRBG Hash using SHA-256
+  &gEfiRngAlgorithmArmRndr,             // SP800-90A DRBG unspecified algorithm via the Arm RNDR register
+  &gEfiRngAlgorithmRaw                  // Raw data from a NRBG (or a TRNG)
 };
 
 #define mSecureHashAlgorithmsSize  (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *))

diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
@@ -52,7 +52,9 @@
   gEfiRngAlgorithmSp80090Ctr256Guid             ## CONSUMES
   gEfiRngAlgorithmSp80090Hmac256Guid            ## CONSUMES
   gEfiRngAlgorithmSp80090Hash256Guid            ## CONSUMES
-
+  gEfiRngAlgorithmArmRndr                       ## CONSUMES
+  gEfiRngAlgorithmRaw                           ## CONSUMES
+
 [Protocols]
   gEfiSimpleNetworkProtocolGuid                 ## SOMETIMES_CONSUMES
   gEfiManagedNetworkProtocolGuid                ## SOMETIMES_CONSUMES