From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104342+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104342+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618151; cv=none; d=zohomail.com; s=zohoarc; b=OLjesuZlnaCqxJzsJYIBuU/L+kWiqmd0EKhSkGMnJHfAdelY4IqAhUkjnAMplAg9sFRfA0jN36vIUWpvqMgGX3fgNgQjVsEoNfH41FI6Ewlje3V6OZG2aUGTHrfmQg2ewH8tgDb//vYikyd5OqInfIalA8h8AB8m4/4s/RvKM/o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618151; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=HjSBVVv+nhYPulDpNJXv/m/XQar/NqFJFw2As4AugDY=; b=fDqsn+4y7fpHJ2AzOklKeJtKxE2nG9VS+eaG0Vw9diIQXujWO/stFXY13ofovebsWK2DVjN6c1RpohKInuO6cUsFEFQYkp0HYBP43bSqrUIJNS+6XC1w6mFaO7Cc/lAIOJn3CNnTI7j76cvfjlH+N7fIxk4V0GmNVRMvaJm3f7A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104342+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618151958891.0370255137902; Tue, 9 May 2023 00:42:31 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id TQWgYY1788612xtIwS2U0m1z; Tue, 09 May 2023 00:42:31 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26284.1683618150990778641 for ; Tue, 09 May 2023 00:42:31 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 10EA9106F; Tue, 9 May 2023 00:43:15 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 062353F5A1; Tue, 9 May 2023 00:42:28 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation Date: Tue, 9 May 2023 09:40:35 +0200 Message-Id: <20230509074042.1523428-2-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: Rjvo5NbcELehiVHw56eQWpm4x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618151; bh=EZnNHEfpvPZ4VwmG6GlBuC0QN23cKuB+e6ssdvHAML0=; h=Cc:Date:From:Reply-To:Subject:To; b=q/T4JT+r3ceIP6JfnsvS6JRlBorcrPSpx8NgLWyS8uMfCx9SzCN8ydUy4vXKAYgDpEM jrINHGEjOEgYpHN+rwSS6NtfLAwJhX1JSObWDVdpo6U/IXi+Qe3kXCaBsHVB0iMKOrNAR tqWhRmn3OWQf9hNglWHn+M9/639cwLcNr68= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618152692100005 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois Remove ASSERTs to allow RngDxe probing the Null implementation of the TrngLib. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.c b/MdePk= g/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.c index 316d78bf5e83..0ea9aafa59f1 100644 --- a/MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.c +++ b/MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.c @@ -41,7 +41,6 @@ GetArmTrngVersion ( OUT UINT16 *MinorRevision ) { - ASSERT (FALSE); return RETURN_UNSUPPORTED; } =20 @@ -67,7 +66,6 @@ GetArmTrngUuid ( OUT GUID *Guid ) { - ASSERT (FALSE); return RETURN_UNSUPPORTED; } =20 @@ -83,7 +81,6 @@ GetArmTrngMaxSupportedEntropyBits ( VOID ) { - ASSERT (FALSE); return 0; } =20 @@ -116,6 +113,5 @@ GetArmTrngEntropy ( OUT UINT8 *Buffer ) { - ASSERT (FALSE); return RETURN_UNSUPPORTED; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104342): https://edk2.groups.io/g/devel/message/104342 Mute This Topic: https://groups.io/mt/98779038/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104343+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104343+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618153; cv=none; d=zohomail.com; s=zohoarc; b=ebQ0CVXwMACDpl7+9Lnpk2Ctx89t0bHfpCgCeFOJSVmtTI8qBhljYl29cCLsdDhFKsASCvI+1IOMviQEqfRWa3d/362N7EFbkf8R4jX24JyK8lgTNxaZhRSP6g1Hz2N2qsHOLQkEhYYRwcDgrcYP/6G3ue2WSNk/IW6T78oqAbM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618153; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Ewln4sK0Nej2qXFWWh8v+7bfsvrfRAiMJOg8T3AEFvU=; b=egiS1Gh8ehCx/O5srJ18heL10WW2L3CrtNFZqe44B6RcYUnlPuDi/iFZqelyIG3FR6Pv6lZuz0JSw9CEkYFd1M1/A4UyA5NZrvyfXwo+4sEesG8Firb0RX94OO8g+GSpW6ffgpyKLbv+fAcmbnAkfY+AYB52bg2+2oLMlexY18M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104343+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618153769532.585738932274; Tue, 9 May 2023 00:42:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id qmfXYY1788612xpgCBB09rtg; Tue, 09 May 2023 00:42:33 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26286.1683618152692661229 for ; Tue, 09 May 2023 00:42:32 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D04FE1576; Tue, 9 May 2023 00:43:16 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id D46133F5A1; Tue, 9 May 2023 00:42:30 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg Date: Tue, 9 May 2023 09:40:36 +0200 Message-Id: <20230509074042.1523428-3-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: XmDRWy0aoglr1EKIhIFhG9cEx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618153; bh=q34SRd5MnmnQIQbqE6A9VrHxqXhgMubesCY4T2YNNno=; h=Cc:Date:From:Reply-To:Subject:To; b=ZZUwrmoxsHIx2jy9lIkSUfqgUi/XxOLgHae4p4bJWUcU4+Vw3vzNLHr+5H/UaVPfDd0 0Vv3+Cs4e8LxtTBXwcMDAlfVNfadDr4Dl6TK8raEXlW97iumnyOGNlc9MR4MnG+S9kjuB kPC8HY9y7+lyDUIXwXUfP+orJ6s83yBjszA= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618154574100011 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a following patch and to avoid making the MdePkg dependent on another package, move PcdCpuRngSupportedAlgorithm to the MdePkg. As the Pcf is only used for AARCH64, place it in an AARCH64 specific sections. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/MdePkg.dec | 5 +++++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 4 ++-- SecurityPkg/SecurityPkg.dec | 2 -- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index d6c4179b2a48..0ecfad5795e4 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2357,6 +2357,11 @@ [PcdsFixedAtBuild,PcdsPatchableInModule] # @Prompt IPMI KCS Interface I/O Base Address gEfiMdePkgTokenSpaceGuid.PcdIpmiKcsIoBaseAddress|0xca2|UINT16|0x00000031 =20 +[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64] + ## GUID identifying the Rng algorithm implemented by CPU instruction. + # @Prompt CPU Rng algorithm's GUID. + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x0= 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x0000= 0032 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## This value is used to set the base address of PCI express hierarchy. # @Prompt PCI Express Base Address. diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index c8e0ee4ae5d9..d6c2d30195bf 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -79,8 +79,8 @@ [Guids] [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUM= ES +[Pcd.AARCH64] + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES =20 [Depex] TRUE diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 0a8042d63fe1..6bb02d58bdf0 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -325,8 +325,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A= |UINT32|0x00010030 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B= |UINT32|0x00010031 =20 - gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0= 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0= x00010032 - [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are va= lid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification= and has been removed.
--=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104343): https://edk2.groups.io/g/devel/message/104343 Mute This Topic: https://groups.io/mt/98779039/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104344+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104344+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618155; cv=none; d=zohomail.com; s=zohoarc; b=cB4/NEfZPNHnoMD/46ml2pg75XeBPdhqEwqjTwdj3XWIEPUaOTw7XO1MTz8xjgPNY8Hgs02ty4Zr/ntQ31tD4dt2O9I2n8C/K1hhe04ljZmO7wkC2ewCupNo8EpUPcncz/ZCYZaORs1dJPRPQWPz89sNtaCuxwilxPufSy2aQzo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618155; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=4Mgy+XHCE54GH0sd03pliTllzCs60BHY7hKYhXrh5N4=; b=VxwUhfOuXnpNsIwm4lFobi7RTqX9CIctCW/9iIn+CQzRuAp2f5rVE9hu9Hh6Zz6SL5F0Qn9/L9EVKrBOBNA2BG/MHYU3dWiFCr141QRuSW4ijvcCULSBMnl74U9yh6XG/OMERtnLvf7ZesADEhHr0ujwu1asIYJvmpscZhJgyFo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104344+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618155621440.1688915045472; Tue, 9 May 2023 00:42:35 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id wAgEYY1788612xGohG5lnthF; Tue, 09 May 2023 00:42:35 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.26217.1683618154542590095 for ; Tue, 09 May 2023 00:42:34 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9C9401595; Tue, 9 May 2023 00:43:18 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id A0A353F5A1; Tue, 9 May 2023 00:42:32 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 3/8] MdePkg/DxeRngLib: Request raw algorithm instead of default Date: Tue, 9 May 2023 09:40:37 +0200 Message-Id: <20230509074042.1523428-4-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: gyMdwKp8HXH9LLjJFSP8u4zUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618155; bh=o34i71gd4v2prdPYYJeIJvHucOTDOl3Xtwte5PeHUsE=; h=Cc:Date:From:Reply-To:Subject:To; b=fdii6738XMDTlFwbXkJq0DTSAMki1vIy6rO6fx3fdO6G/1eOnyOzrZNqkDS+Rn6rfFj CfAI7PpCwj1SKqK7FyuggPcrG3TaQxHDe87+HhXQUns3ZqBSqddeE2eIWfsD/yG1zlg6T DWiLHAGfL5WfAivlobUxLsMm4l2zigelyXU= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618156863100015 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The DxeRngLib tries to generate a random number using the 3 NIST SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. If none of the call is successful, the fallback option is the default RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might be an unsafe implementation. Try requesting the Raw algorithm before requesting the default one. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index 46aea515924f..a01b66ad7d20 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( return Status; } =20 + Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buffe= rSize, Buffer); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __func= __, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } + // If all the other methods have failed, use the default method from the= RngProtocol Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n", _= _func__, Status)); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", __= func__, Status)); if (!EFI_ERROR (Status)) { return Status; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104344): https://edk2.groups.io/g/devel/message/104344 Mute This Topic: https://groups.io/mt/98779040/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104345+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104345+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618157; cv=none; d=zohomail.com; s=zohoarc; b=fJY90qVgpJg9tNZq8NTxCFvwwyQc7We1AkUsLEvx7Z7FaGvf4YNrsC07PlPsVTJtYVHOQ0+XpFyPjPj29l9KI4qq9kWgIWwHgYrjjr1KYZAml9fukDdos4GqR/9tDIGMmRuePJ1wiLhv2KD/V+CD60rAYIpheVdWT/N4rjE9CU0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618157; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Gj6lOC3Dsp0AiYUOB3NmElTSmmCgH12b6HrKiCIIakg=; b=UPkAKSZTt+AzXYYVSTblFGsctrhxc8uiyHm2KfIZ0eIqNWNoMqGLkcUrJKkODGiehy4cni62mxqSTtxnMgvmQB3YhJeXQPoCVpfJ2T1cRYcjpUst20VFtLd7LUZdJEQgoqJuXkIrbKZuDqTXISDzCP7rxiLMpM4QcMDWow5TbNc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104345+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618157480159.32672406868562; Tue, 9 May 2023 00:42:37 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kCZkYY1788612xdJCTJKF08x; Tue, 09 May 2023 00:42:37 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26287.1683618156310093241 for ; Tue, 09 May 2023 00:42:36 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 673761596; Tue, 9 May 2023 00:43:20 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 6B1783F5A1; Tue, 9 May 2023 00:42:34 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms Date: Tue, 9 May 2023 09:40:38 +0200 Message-Id: <20230509074042.1523428-5-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: EurOH94Jhg8pisxDWn2MyXIex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618157; bh=QRxm81kFYuzXXlsb0L9EXokGX8tngFOE06NhTJv4lOw=; h=Cc:Date:From:Reply-To:Subject:To; b=JDX917xMyYbUygnGA+x+Nx/LW2D402GKRuXh8hrT07bQ7GE4ei/Iz4FEjSOeFEFXAP/ ULe+saTDv/FHEvD7kVuYXUC1s8KivBoj3MCZc1qD2bo0DYPuQmyn/Ho9+cP16AdJc1HYO JpDp6XDLEeZSlu0XQPetoPnpUWYu5th6Kjs= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618158596100019 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function is added in a following patch. Prepare GetRngGuid() return values and add GUIDs describing Rng algorithms: - gEfiRngAlgorithmArmRndr to describe a Rng algorithm accessed through Arm's RNDR instruction. [1] states that the implementation of this algorithm should be compliant to NIST SP900-80. The compliance is not guaranteed. - gEfiRngAlgorithmUnSafe to describe an unsafe implementation, cf. the BaseRngLibTimerLib. [1] Arm Architecture Reference Manual Armv8, for A-profile architecture sK12.1 'Properties of the generated random number' Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++ MdePkg/MdePkg.dec | 2 ++ 2 files changed, 22 insertions(+) diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h index baf425587b3c..dfdaf36e41dc 100644 --- a/MdePkg/Include/Protocol/Rng.h +++ b/MdePkg/Include/Protocol/Rng.h @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM; { \ 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,= 0x61 } \ } +/// +/// The Arm Architecture states the RNDR that the DRBG algorithm should be= compliant +/// with NIST SP800-90A, while not mandating a particular algorithm, so as= to be +/// inclusive of different geographies. +/// +#define EFI_RNG_ALGORITHM_ARM_RNDR \ + { \ + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08= , 0x41} \ + } +/// +/// The implementation of a Random Number Generator might be unsafe, when = using +/// a dummy implementation for instance. Allow identifying such implementa= tion +/// with this GUID. +/// +#define EFI_RNG_ALGORITHM_UNSAFE \ + { \ + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,= 0xf4 } \ + } =20 /** Returns information about the random number generation implementation. @@ -146,5 +164,7 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; extern EFI_GUID gEfiRngAlgorithmX931AesGuid; extern EFI_GUID gEfiRngAlgorithmRaw; +extern EFI_GUID gEfiRngAlgorithmArmRndr; +extern EFI_GUID gEfiRngAlgorithmUnSafe; =20 #endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 0ecfad5795e4..754085eaa55b 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -633,6 +633,8 @@ [Guids] gEfiRngAlgorithmX9313DesGuid =3D { 0x63c4785a, 0xca34, 0x4012, {0x= a3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }} gEfiRngAlgorithmX931AesGuid =3D { 0xacd03321, 0x777e, 0x4d3d, {0x= b1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }} gEfiRngAlgorithmRaw =3D { 0xe43176d7, 0xb6e8, 0x4827, {0x= b7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }} + gEfiRngAlgorithmArmRndr =3D { 0x43d2fde3, 0x9d4e, 0x4d79, {0x= 02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }} + gEfiRngAlgorithmUnSafe =3D { 0x869f728c, 0x409d, 0x4ab4, {0x= ac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }} =20 ## Include/Protocol/AdapterInformation.h gEfiAdapterInfoMediaStateGuid =3D { 0xD7C74207, 0xA831, 0x4A26, {0= xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }} --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104345): https://edk2.groups.io/g/devel/message/104345 Mute This Topic: https://groups.io/mt/98779041/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104346+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104346+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618158; cv=none; d=zohomail.com; s=zohoarc; b=KOl7yc0ND1ahTeTLkU73C3k3cS8kRfSRiiO/kvbcItUrjmJ7rK3cu78bYEa3q3ZzZ4IwMOm07JXZWjwm1hE7tBSQOX7Pc79NTgbvwvJQKJIhoO8YJ04kUvi8ikFsSTye5xU5eavPuvcLk0KvYT7Ob+D8MOfz7hD/0XXGzuiOQzg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618158; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WTwiKG09IvScLe0fCycg2tI8UBuHPrHjQ2dzXKshcIc=; b=OkkrL1cNv4rBLiIGuby/ckhEg2Rw5YKzdyVCwG2gn0ipI5XVDOcM6cToM+vkq1lZao9snDKlXBACL9wUzd6/iwzFkblgdQ8/pHxN8sgNrRRCpJ5sXgId2hVC3HoXzZcfHXw9xbh3QsUt34bta5+2kBYuyN32XntOV1xd09mDsSE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104346+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618158961527.663774219274; Tue, 9 May 2023 00:42:38 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5c6ZYY1788612x4IVFQRRwWR; Tue, 09 May 2023 00:42:38 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.26221.1683618158032495765 for ; Tue, 09 May 2023 00:42:38 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F8841063; Tue, 9 May 2023 00:43:22 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 348843F5A1; Tue, 9 May 2023 00:42:36 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 5/8] MdePkg/Rng: Add GetRngGuid() to RngLib Date: Tue, 9 May 2023 09:40:39 +0200 Message-Id: <20230509074042.1523428-6-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: tTGQS750TPhNmc2z9FREhcmIx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618158; bh=XSCXxVulmjmfl28eeCbcfLIkwAEUldFfJgCfc4PrSh0=; h=Cc:Date:From:Reply-To:Subject:To; b=I+8kjSGggotTqjQgxGJVID1I4aWGuTIpde2SM57kb6vi3QvWKRDvSsT87aZ4U6tM8js Y5IwMgmRhDAqFthfIJCczS1xKppAzmX1vBIsZuD7M6WErBHBc0bTPd+CjtHJqgEBv80Bb /0lXNQmcX4hgiAk+FIWr8IwNWZNaioXPA4M= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618160937100002 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, add a GetRngGuid() function to the RngLib. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- MdePkg/Include/Library/RngLib.h | 17 ++++++++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 9 ++++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++ 8 files changed, 175 insertions(+) diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLi= b.h index 429ed19e287e..945482cd5e56 100644 --- a/MdePkg/Include/Library/RngLib.h +++ b/MdePkg/Include/Library/RngLib.h @@ -1,6 +1,7 @@ /** @file Provides random number generator services. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -77,4 +78,20 @@ GetRandomNumber128 ( OUT UINT64 *Rand ); =20 +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ); + #endif // __RNG_LIB_H__ diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/Base= RngLib/AArch64/Rndr.c index 20811bf3ebf3..d39db62153ee 100644 --- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c @@ -2,6 +2,7 @@ Random number generator service that uses the RNDR instruction to provide pseudorandom numbers. =20 + Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2021, NUVIA Inc. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
=20 @@ -11,6 +12,7 @@ =20 #include #include +#include #include #include =20 @@ -138,3 +140,43 @@ ArchIsRngSupported ( { return mRndrSupported; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + GUID *RngLibGuid; + + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!mRndrSupported) { + return EFI_UNSUPPORTED; + } + + // + // If the platform advertises the algorithm behind RNDR instruction, + // use it. Otherwise use gEfiRngAlgorithmArmRndr. + // + RngLibGuid =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); + if (!IsZeroGuid (RngLibGuid)) { + CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid)); + } else { + CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid)); + } + + return EFI_SUCCESS; +} diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/Base= RngLib/BaseRngLib.inf index 1fcceb941495..a79fbf03d74c 100644 --- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf +++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -4,6 +4,7 @@ # BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to # provide random numbers. # +# Copyright (c) 2023, Arm Limited. All rights reserved.
# Copyright (c) 2021, NUVIA Inc. All rights reserved.
# Copyright (c) 2015, Intel Corporation. All rights reserved.
# @@ -43,9 +44,17 @@ [Sources.AARCH64] AArch64/ArmReadIdIsar0.asm | MSFT AArch64/ArmRng.asm | MSFT =20 +[Guids] + gEfiRngAlgorithmArmRndr + gEfiRngAlgorithmSp80090Ctr256Guid + gEfiRngAlgorithmUnSafe + [Packages] MdePkg/MdePkg.dec =20 +[Pcd.AARCH64] + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm + [LibraryClasses] BaseLib DebugLib diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseR= ngLib/Rand/RdRand.c index 070d41e2555f..9bd68352f9f7 100644 --- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c +++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c @@ -2,6 +2,7 @@ Random number generator services that uses RdRand instruction access to provide high-quality random numbers. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2021, NUVIA Inc. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
=20 @@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include #include +#include #include =20 #include "BaseRngLibInternals.h" @@ -128,3 +130,27 @@ ArchIsRngSupported ( */ return TRUE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid)); + return EFI_SUCCESS; +} diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Librar= y/BaseRngLibNull/BaseRngLibNull.c index efba5c851ead..af5e8eb8f72a 100644 --- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c +++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c @@ -1,13 +1,16 @@ /** @file Null version of Random number generator services. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include #include #include +#include =20 /** Generates a 16-bit random number. @@ -92,3 +95,22 @@ GetRandomNumber128 ( ASSERT (FALSE); return FALSE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/Mde= Pkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf index f857290e823b..13e10141fad0 100644 --- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf @@ -30,6 +30,9 @@ [Sources] [Packages] MdePkg/MdePkg.dec =20 +[Guids] + gEfiRngAlgorithmUnSafe + [LibraryClasses] BaseLib DebugLib diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Libra= ry/BaseRngLibTimerLib/RngLibTimer.c index 980854d67b72..fc9f7e31a333 100644 --- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c @@ -2,14 +2,18 @@ BaseRng Library that uses the TimerLib to provide reasonably random numb= ers. Do not use this on a production system. =20 + Copyright (c) 2023, Arm Limited. All rights reserved. Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include +#include #include +#include #include #include +#include =20 #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 =20 @@ -190,3 +194,27 @@ GetRandomNumber128 ( // Read second 64 bits return GetRandomNumber64 (++Rand); } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + CopyMem (RngGuid, &gEfiRngAlgorithmUnSafe, sizeof (*RngGuid)); + return EFI_SUCCESS; +} diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index a01b66ad7d20..cd23859e3112 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -1,6 +1,7 @@ /** @file Provides an implementation of the library class RngLib that uses the Rng = protocol. =20 + Copyright (c) 2023, Arm Limited. All rights reserved. Copyright (c) Microsoft Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -207,3 +208,30 @@ GetRandomNumber128 ( =20 return TRUE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + /* It is not possible to know beforehand which Rng algorithm will + be used by this library. + This API is mainly used by RngDxe. RngDxe relies on the RngLib. + The RngLib|DxeRngLib.inf implementation locates and uses an installed + EFI_RNG_PROTOCOL. + It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf. + and it is ok not to support this API. + */ + return EFI_UNSUPPORTED; +} --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104346): https://edk2.groups.io/g/devel/message/104346 Mute This Topic: https://groups.io/mt/98779042/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104347+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104347+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618160; cv=none; d=zohomail.com; s=zohoarc; b=GpauyWria8kw13AZZ42/23jUnQpu3+yi1SYVSCeLoTjWZzySpLaq/294HqK2+IpgpqF3zwKrpSrBV0S6knJ1DHjWVVrRAKvmDMGAMw5aHGqlilpn7HyHQspJ+SjL86yr1Zbl4Vm/Cm6eB+yBhrkxqyn/NDrUKcDQVm8ldEZPlpE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618160; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ZS/ldhsO+fIP4fJc2kjunpg/VI7CzyM8oYF44KgV4u4=; b=neWPKwzOfHNj4qdlUyzTXXQrXf4NNg2Dcu6BPiDV/5aExFrT6goKcPxa5Fb/DidpzX15noK6px/Z5hmMnuNqxOWtb1svv5xrZcnCl3vJJTuTa8hL7vSsNJ9/WZzkFt1UPHciKXNeqPlg7oJeAAr1tfDqM62DsSRP3BABAzFJnGI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104347+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618160918484.0928101204403; Tue, 9 May 2023 00:42:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9tUGYY1788612xXmNVMVBoPB; Tue, 09 May 2023 00:42:40 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.26223.1683618159859161693 for ; Tue, 09 May 2023 00:42:40 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EEF7415A1; Tue, 9 May 2023 00:43:23 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F39783F5A1; Tue, 9 May 2023 00:42:37 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib Date: Tue, 9 May 2023 09:40:40 +0200 Message-Id: <20230509074042.1523428-7-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: LT6etLZ6sOqT3oR7tCMGkizhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618160; bh=qL4AMM2igo1Tyh7eNG6Lk6oVvlr40ruVeUebA7HMyrw=; h=Cc:Date:From:Reply-To:Subject:To; b=CvHGRKqX7BPrhnZxvGV4zyZpC4M+3QkaLEF8McpEVw6CByg7ICBKdvAaPwt1qVHfeaj Gwng7itBA+d9s64sNksrBWsa6IqSQYpsJ3RHuL+TkT6HabubW8qNtR2XlZabIOjduuz2R 91WaNXOqGi990taq1qK2bvOuIVZ8xudJRiM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618162990100006 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function. Signed-off-by: Pierre Gondois --- .../RngDxe/AArch64/AArch64Algo.c | 24 +++++++++---------- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 ++++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++-- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c= b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index e8be217f8a8c..a1ff7bd58fda 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -10,6 +10,7 @@ #include #include #include +#include =20 #include "RngDxeInternals.h" =20 @@ -28,9 +29,10 @@ GetAvailableAlgorithms ( VOID ) { - UINT64 DummyRand; - UINT16 MajorRevision; - UINT16 MinorRevision; + EFI_STATUS Status; + UINT16 MajorRevision; + UINT16 MinorRevision; + GUID RngGuid; =20 // Rng algorithms 2 times, one for the allocation, one to populate. mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); @@ -38,24 +40,22 @@ GetAvailableAlgorithms ( return EFI_OUT_OF_RESOURCES; } =20 - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) { + // Identify RngLib algorithm. + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status)) { CopyMem ( &mAvailableAlgoArray[mAvailableAlgoArrayCount], - PcdGetPtr (PcdCpuRngSupportedAlgorithm), - sizeof (EFI_RNG_ALGORITHM) + RngGuid, + sizeof (RngGuid) ); mAvailableAlgoArrayCount++; =20 - DEBUG_CODE_BEGIN (); - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { + if (IsZeroGuid (&RngGuid)) { DEBUG (( DEBUG_WARN, - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" + "RngLib should have a non-zero GUID\n" )); } - - DEBUG_CODE_END (); } =20 // Raw algorithm (Trng) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index ce49ff7ae661..78a18c5e1177 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -78,6 +78,7 @@ RngGetRNG ( { EFI_STATUS Status; UINTN Index; + GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D = NULL)) { return EFI_INVALID_PARAMETER; @@ -102,7 +103,10 @@ RngGetRNG ( } =20 FoundAlgo: - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)))= { + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status) && + CompareGuid (RNGAlgorithm, &RngGuid)) + { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index d6c2d30195bf..aa5743387ed9 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -75,13 +75,12 @@ [Guids] gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG =20 [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd.AARCH64] - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES - [Depex] TRUE =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104347): https://edk2.groups.io/g/devel/message/104347 Mute This Topic: https://groups.io/mt/98779043/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104348+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104348+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618162; cv=none; d=zohomail.com; s=zohoarc; b=IgbMmylD8fxnQnJzgFoAFl/Zef1WSsNelq3Rfg7iejVk2GsyFuLq+yyx/ffRjy7hX5wQZDtbrsi/p4QHakJbJKKo09Xi5Q/1wxtJsDFVc6k6VIwaYb774ZVxcp78XL4Xq4a8Vkt5rGKWiRjuReYHTTaF3+QPBmBEsLSLosY98Mc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618162; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=6i3KwVcaPcqV13q8VBq7Ku6B2yAtbjRb3V33HggtHSA=; b=ZPb4v0AOK5spUbeSBXAuKi6FJtaJKHxZeQi/L1lD3lzsZcY5jqJTzdwpx8QxGZrg1JH1f1icbO9c9cfcuHst+DolvR1XlLV14Ybjcj0pYk/9Qjzz5I6PXoOabn8cs5PGIpu3lAE4RBVCAnb+KeJzEgBkZRvRaSPIyxxv0/Em4zg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104348+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618162444226.44405083760319; Tue, 9 May 2023 00:42:42 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id AVR5YY1788612xxYvluufM0i; Tue, 09 May 2023 00:42:42 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.26224.1683618161647445005 for ; Tue, 09 May 2023 00:42:41 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BA2F71576; Tue, 9 May 2023 00:43:25 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BEA6B3F5A1; Tue, 9 May 2023 00:42:39 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm Date: Tue, 9 May 2023 09:40:41 +0200 Message-Id: <20230509074042.1523428-8-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: t7gN6TxNw8uyphkwmNK5WCWPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618162; bh=M37f6ybtYEDEwvonKBwoLdtjbnVKDbFeWWMd2WFwQjA=; h=Cc:Date:From:Reply-To:Subject:To; b=mVF6WtIVEMZWd/JLZ2BAhgfu5/uZbetTrTbiuIdRNfZ+l/3DIfFWNPDma2SwpL6ZDba DAHygmt/ooO7SSWoXhgxsZuFY1Vo4+2YKd6Sip5s3rTZRshEtctBF5tjdUVFOucs8yqTo pgU39KE8hxXv5B7/MwUpehInmBJ5FUY1Ukg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618162894100005 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The first element of mAvailableAlgoArray should be the default algorithm to avoid going through a selection process at each RngGetRNG() call. Once all the available Rng algorithms have been probed, place a safe Rng algorithm at the first position of mAvailableAlgoArray. Signed-off-by: Pierre Gondois --- .../RngDxe/AArch64/AArch64Algo.c | 48 ++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c= b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index a1ff7bd58fda..ed236b2e8141 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -17,6 +17,50 @@ // Maximum number of Rng algorithms. #define RNG_AVAILABLE_ALGO_MAX 2 =20 +/** mAvailableAlgoArray[0] should contain the default Rng algorithm. + The Rng algorithm at the first index might be unsafe. + If a safe algorithm is available, choose it as the default one. +**/ +VOID +EFIAPI +RngFindDefaultAlgo ( + VOID + ) +{ + EFI_RNG_ALGORITHM *CurAlgo; + EFI_RNG_ALGORITHM TmpGuid; + UINTN Index; + + CurAlgo =3D &mAvailableAlgoArray[0]; + + if (IsZeroGuid (CurAlgo) || + !CompareGuid (CurAlgo, &gEfiRngAlgorithmUnSafe)) + { + // mAvailableAlgoArray[0] is a valid Rng algorithm. + return; + } + + for (Index =3D 1; Index < mAvailableAlgoArrayCount; Index++) { + CurAlgo =3D &mAvailableAlgoArray[Index]; + if (!IsZeroGuid (CurAlgo) || + CompareGuid (CurAlgo, &gEfiRngAlgorithmUnSafe)) + { + break; + } + } + + if (Index =3D=3D mAvailableAlgoArrayCount) { + // No valid Rng algorithm available. + return; + } + + CopyMem (&TmpGuid, CurAlgo, sizeof (EFI_RNG_ALGORITHM)); + CopyMem (CurAlgo, &mAvailableAlgoArray[0], sizeof (EFI_RNG_ALGORITHM)); + CopyMem (&mAvailableAlgoArray[0], &TmpGuid, sizeof (EFI_RNG_ALGORITHM)); + + return; +} + /** Allocate and initialize mAvailableAlgoArray with the available Rng algorithms. Also update mAvailableAlgoArrayCount. =20 @@ -45,7 +89,7 @@ GetAvailableAlgorithms ( if (!EFI_ERROR (Status)) { CopyMem ( &mAvailableAlgoArray[mAvailableAlgoArrayCount], - RngGuid, + &RngGuid, sizeof (RngGuid) ); mAvailableAlgoArrayCount++; @@ -68,5 +112,7 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++; } =20 + RngFindDefaultAlgo (); + return EFI_SUCCESS; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104348): https://edk2.groups.io/g/devel/message/104348 Mute This Topic: https://groups.io/mt/98779044/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 19:48:11 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+104349+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104349+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1683618164; cv=none; d=zohomail.com; s=zohoarc; b=livNhc7mcWBDPhwtFc4i0Ley2INpIZvVtRXbExQLvMKWn/cQisV1sKu/cYn2zP/wcR9Xe6WA67cl1K/XNkwyGFLKs/mFrGLk/60MsG4Tj1nUbprsANNg893qKsn+qV91bQgbzGCFPOwwGloLjRDb+hF+QhccUxpakJf6HbXn8Bg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1683618164; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QgVxULAH2y6Mk1pVeL0ZMHomMYv9PnTl32JNNdSY4mk=; b=bmNOBqqpYZh7Lg/AIqjD7krIrHjEPTB6UKMd/Zum2xLZDQq6g69gG6GcwhK31Qj+i5/p2dMmWl0qT+x1EQcosvSpvdc8oL8du5qKJVHnbBhDhfHpEGFgmFRcoYYbRzwhrcuOsgeXzn5zp9d5fL8c28ViYbxTjZ2HA/uG5oG+ZIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+104349+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1683618164182230.3664421208066; Tue, 9 May 2023 00:42:44 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id C8AhYY1788612xeYggyaHe18; Tue, 09 May 2023 00:42:43 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26291.1683618163349760589 for ; Tue, 09 May 2023 00:42:43 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 830B41595; Tue, 9 May 2023 00:43:27 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 87CCB3F5A1; Tue, 9 May 2023 00:42:41 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [edk2-devel] [PATCH v1 8/8] SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm Date: Tue, 9 May 2023 09:40:42 +0200 Message-Id: <20230509074042.1523428-9-pierre.gondois@arm.com> In-Reply-To: <20230509074042.1523428-1-pierre.gondois@arm.com> References: <20230509074042.1523428-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: oF1FNUwYLFnchFK3By61Mwqjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1683618163; bh=oB6EHBirLx7G/Qy3oSD5ZSdKJRQfcxeo+wEWhWV4w5w=; h=Cc:Date:From:Reply-To:Subject:To; b=M6rYhTo0u6rBt3gQFTKZDeZCAQvGq2cPd443zJUtMViFV2QwPOFa08ycRcNDJPCm1TA jiOJuKXuDx9o1X+dtMFG8R1kG7s6v7JAepy0AMXjvJtShQD2Wf3ash5RFxEt4DTWZuW5w EQv+FN2cvGbo+zlgsSBqA7DSfLut+g5vhCQ= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1683618164882100015 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The first element of mAvailableAlgoArray is defined as the default Rng algorithm to use. Don't go through the array at each RngGetRNG() call and just return the first element of the array. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index 78a18c5e1177..7a42e3cbe3d2 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -77,7 +77,6 @@ RngGetRNG ( ) { EFI_STATUS Status; - UINTN Index; GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D = NULL)) { @@ -88,21 +87,13 @@ RngGetRNG ( // // Use the default RNG algorithm if RNGAlgorithm is NULL. // - for (Index =3D 0; Index < mAvailableAlgoArrayCount; Index++) { - if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { - RNGAlgorithm =3D &mAvailableAlgoArray[Index]; - goto FoundAlgo; - } - } - - if (Index =3D=3D mAvailableAlgoArrayCount) { - // No algorithm available. - ASSERT (Index !=3D mAvailableAlgoArrayCount); - return EFI_DEVICE_ERROR; + if (mAvailableAlgoArrayCount !=3D 0) { + RNGAlgorithm =3D &mAvailableAlgoArray[0]; + } else { + return EFI_UNSUPPORTED; } } =20 -FoundAlgo: Status =3D GetRngGuid (&RngGuid); if (!EFI_ERROR (Status) && CompareGuid (RNGAlgorithm, &RngGuid)) --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#104349): https://edk2.groups.io/g/devel/message/104349 Mute This Topic: https://groups.io/mt/98779045/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-