Skip to content

Commit

Permalink
NetworkPkg: Do not enforce secure RNG
Browse files Browse the repository at this point in the history 
Since edk2-stable202405 we require EFI_RNG_PROTOCOL for
various network stack drivers.

We can't avoid requiring the protocol, but we do not want to
insist that a secure algorithm is present. If we do leave the Pcd
TRUE, DxeNetLib logs at ERROR when using OVMF
`-device virtio-rng-pci`, and may do so with the available
Rng in various firmware too.
  • Loading branch information
@mikebeaton
mikebeaton committed Aug 11, 2024
1 parent 9b8affc commit 7f4f34c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion NetworkPkg/NetworkPkg.dec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@
# TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms.
# FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
# @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE|BOOLEAN|0x1000000D

[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).
Expand Down

0 comments on commit 7f4f34c

Please sign in to comment.