summaryrefslogtreecommitdiff
path: root/NetworkPkg
diff options
context:
space:
mode:
authorMike Beaton <mjsbeaton@gmail.com>2024-09-08 13:33:43 +0300
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-09-09 20:53:44 +0300
commit3885a3edad618861168fe7081027867f1753ed42 (patch)
treef5b4a209a920b65ea8d73d0bd5687f2036a87f17 /NetworkPkg
parente5715711a41b3a323b1605e41e5875d377e7c9c2 (diff)
downloadedk2-3885a3edad618861168fe7081027867f1753ed42.tar.xz
NetworkPkg/DxeNetLib: Update misleading comment
Commit 6862b9d538d96363635677198899e1669e591259 makes more explicit the previous logic of the code anyway, which is that it is (and was) only a fatal error if all secure algorithms fail. However the comment updated by this commit seems somewhat incompatible with that change, and even with the previous code (which operated as now, just logging different error messages). This updates the comment to be more compatible with how the code operates. Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
Diffstat (limited to 'NetworkPkg')
-rw-r--r--NetworkPkg/Library/DxeNetLib/DxeNetLib.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..cf875d7af3 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -133,10 +133,16 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = {
// These represent UEFI SPEC defined algorithms that should be supported by
// the RNG protocol and are generally considered secure.
//
-// The order of the algorithms in this array is important. This order is the order
-// in which the algorithms will be tried by the RNG protocol.
-// If your platform needs to use a specific algorithm for the random number generator,
-// then you should place that algorithm first in the array.
+// Assuming that PcdEnforceSecureRngAlgorithms is TRUE (the default) then
+// only the algorithms defined here will be used by the network stack, and
+// none of these being available will result in an error condition (even if
+// some other RNG implementation is available).
+//
+// If PcdEnforceSecureRngAlgorithms is FALSE this list is not consulted,
+// and the first available RNG algorithm is used.
+//
+// If your platform needs to use a specific algorithm for the random number
+// generator, then you should modify this array.
//
GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = {
&gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256