Comment 22656

Date: 2024-02-26 13:00:06 +0000
From: @jkmathews

• Industry Specification: ---
• Release Observed: edk2-stable202302
• Releases to Fix: EDK II Master
• Target OS: ---
• Bugzilla Assignee(s): @nate-desimone

The RdRandGenerateEntropy() function is not up to date with versions of this same function in EDK2 code:
SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c

This copy of RdRandGenerateEntropy() function has multiple problems. It should be removed if not needed, or replaced with the updated EDK2 code.

There are at least 4 problems in this copy of RdRandGenerateEntropy() function:
(1) BlockCount = Lenth / 64 -> should be 16 (128 bit / 8) or sizeof(Seed)
(2) Status from GetRandomNumber128 is a BOOLEAN not Return Status. If the call is successful it will result in an error as it returns TRUE (EFI_SUCCESS is 0).
(3) Copymem copies part of the stack -> sizeof Seed is 16 not 64 (same for both instances unless Length is less than 16)
(4) Copymem will produce repeatable stack pattern with longer requested random data (reduced entropy)

Comment 22698

Date: 2024-03-05 21:47:50 +0000
From: @lgao4

nathaniel.l.desimone@intel.com: please check this issue first.