From 7f4f34cc2e5d70c5df624b569c275782fa9fa108 Mon Sep 17 00:00:00 2001 From: Mike Beaton Date: Sun, 11 Aug 2024 15:13:51 +0100 Subject: [PATCH] NetworkPkg: Do not enforce secure RNG Since edk2-stable202405 we require EFI_RNG_PROTOCOL for various network stack drivers. We can't avoid requiring the protocol, but we do not want to insist that a secure algorithm is present. If we do leave the Pcd TRUE, DxeNetLib logs at ERROR when using OVMF `-device virtio-rng-pci`, and may do so with the available Rng in various firmware too. --- NetworkPkg/NetworkPkg.dec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec index 7c4289b77b..015e445d37 100644 --- a/NetworkPkg/NetworkPkg.dec +++ b/NetworkPkg/NetworkPkg.dec @@ -135,7 +135,7 @@ # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms. # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider. # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms. - gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE|BOOLEAN|0x1000000D [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355).