MdePkg/DxeRngLib: Use PcdEnforceSecureRngAlgorithms for default algorithm

Use PcdEnforceSecureRngAlgorithms to allow using the Rng protocol
with the default algorithm. All previous call to the Rng protocol
are requesting a secure Rng algorithm.
Not specifying the Rng algorithm GUID to use is considered unsecure.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>

MdePkg/Library/DxeRngLib/DxeRngLib.c

@@ -197,12 +197,14 @@ GenerateRandomNumberViaNist800Algorithm (
     }
   }
 
+  if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
     // If all the other methods have failed, use the default method from the RngProtocol
     Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);
     DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
     if (!EFI_ERROR (Status)) {
       return Status;
     }
+  }
 
   // If we get to this point, we have failed
   DEBUG ((DEBUG_ERROR, "%a: GetRNG() failed, Status = %r\n", __func__, Status));

MdePkg/Library/DxeRngLib/DxeRngLib.inf

@@ -39,3 +39,6 @@
   gEfiRngAlgorithmSp80090Hash256Guid
   gEfiRngAlgorithmSp80090Hmac256Guid
   gEfiRngAlgorithmRaw
+
+[FixedPcd]
+  gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES