diff options
| -rw-r--r-- | MdePkg/Library/DxeRngLib/DxeRngLib.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c index 4c1b5721ea..fcd489aabd 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -204,7 +204,10 @@ GenerateRandomNumberViaNist800Algorithm ( }
}
- if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
+ if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
+ // Platform does not permit the use of the default (insecure) algorithm.
+ Status = EFI_SECURITY_VIOLATION;
+ } else {
// If all the other methods have failed, use the default method from the RngProtocol
Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);
DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
|