ArmVirtPkg: Reorganize crypto dependencies #6147
Conversation
tianocore-assign-reviewers
bot
requested review from
kraxel,
leiflindholm and
samimujawar
ardbiesheuvel
requested review from
pierregondois
and removed request for
kraxel
ardbiesheuvel
force-pushed
the
arm-virt-accel-crypto
branch
from
acf7629 to
1f081bb
Compare
ardbiesheuvel
force-pushed
the
arm-virt-accel-crypto
branch
from
1f081bb to
73bae72
Compare
|
Hmm, this patch does a bunch of different changes. Can we untangle this please? Change 1 is switching ARM (32-bit) to mbedtls, to allow dropping the softfloat library. No objections here. Change 2 is switching AARCH64 to mbed tls too in some cases. I'd very much prefer to stick to openssl here, or at least have the option to build all components against openssl. First because mbedtls is problematic for linux distros downstream. Second because using openssl in PEI should not be too much of a problem. On x86 I've checked the size impact openssl has, and with PEI needing only some hash functions for TPM measurements the size impact is quite small due to LTO removing >90% of openssl. Third because having the asm-accelerated openssl hash function for measurements should improve boot performance. Change 3 is switching to the crypto driver. That makes sense, but should IMO be a separate PR request. I have an outdated patch series to switch ovmf to the crypto driver, including some changes for cryptopkg such as creating include files for the PCD-based crypto driver feature configuration. See https://github.com/kraxel/edk2/commits/ovmf-crypto/, feel free to pick changes from there. |
|
While being at it a slightly related issue I've trapped into: We have an RNG problem with openssl. RngDxe supports both trng and rndr, by switching between RngLib (handling rndr) and ArmTrngLib (handling trng) at runtime. RngLib supports rngr only, which is not supported by kvm. OpensslLib uses RngLib -> rng not working for openssl on kvm -> breaks TlsDxe -> breaks https boot. |
Fair point.
Ack
Is this because of of silly FIPS/certification concerns?
Good point.
I'll take a look.
Could we use MdePkg/Library/DxeRngLib/DxeRngLib.inf instead? |
IIRC RNDR is supported by kvm. I think it worked while testing it with kvmtool. Did you face some issue on that front, or am I not remembering well ? I agree that using DxeRngLib would be better and give much more flexibility. If Right now the RngDxe (which is called through DxeRngLib) can provide:
The RngLib is also used at many places without safety check (i.e. checking that the implementation is safe, meaning not the Timerlib). I was briefly working on something around that. |
Yes. Distros, especially the enterprise ones, try to minimize the number of crypto libs they are using. The certification process needed for crypto stuff is one of the reasons. |
The behavior I see is the rndr bit in isar0 not being set, which leads to |
If the RNDR bit is not set, would it be possible that the emulated CPU doesn't support RNDR instruction ? Meaning that a more recent CPU being emulated would support it. Is is possible to get the command line you are using ? |
|
Is it possible to try the qemu '-cpu max' option, please? |
Whether or not we might be able to emulate a CPU that does support RNDR is rather immaterial: emulation is a development tool with 1-2 orders of magnitude worse performance whereas virtualization is the production use case for this firmware. Note that the same applies to kvmtool, which does not implement emulation at all. In those VMs, RNDR is also entirely unsupported unless the host CPU has support for it. |
Yes right. I was not getting the sentence below. It is not that RNDR is not supported by kvm, it's that the underlying hardware doesn't have FEAT_RNG then.
Assuming we all agree on this, using the |
Yes, it's kvm + Host machines I've tries are an raspberry pi 4 and a macbook (with M2). |
should include |
No |
Not surpising: check Marcin's ARM CPU feature table: https://gpages.juszkiewicz.com.pl/arm-socs-table/arm-socs.html, this has just started getting rolled out only on the most recent designs. |
Move all BaseCryptLib resolutions for 32-bit ARM to MbedTls, which does not require a softfloat library, which can therefore be dropped from EDK2 entirely going forward. Note that this implies no TLS networking for 32-bit ARM, as this code has a direct dependency on OpenSSL, so move the TlsLib resolution to a AARCH64-only section to force the build to fail early when attempting to build 32-bit ARM targets with NETWORK_TLS_ENABLE set. Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
ardbiesheuvel
force-pushed
the
arm-virt-accel-crypto
branch
from
73bae72 to
54353d3
Compare
|
I've dropped the CryptoDxe changes for now, and focused on moving 32-bit ARM to MbedTls so we can get rid of ArmSoftFloatLib |
Alternative approach to enabling h/w accelerated OpenSSL on ArmVirtPkg, switching to MbedTls in cases where OpenSSL is either overkill, or should be avoided due to its dependency on floating point (32-bit ARM)