From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107008+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107008+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681155; cv=none; d=zohomail.com; s=zohoarc; b=kN1i60ZUg0xwUxx2V/xhhUsUkYzrl2oVvq4o75epqyJM1BgDppPfwPJRinCCiMq++I6tgxQanzKXckD+5J65j9mJbrUg+6HvynvBhWDBri55mM80ZarS2lsbvYMMUtHfUJGnSBH1XwNV0JoQxjkkyL8dbC95tXxuvTm5CbrtqqM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681155; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=m3rp3IfBgNpGkOfWMz5AsvDARhLMj3Wi/+8pVd7K4a4=; b=QTEg5zPeXI4HrvEIEu5IvDDYjHea2Ueo0aQXS5U62XyNjFq/0iYbxQ2wanFM5shETEyTvKC/KWTT92qn/ecD0He2IYTbvVGYIgAW854pkBh4dOhm/NtAm61x/YuEUs4C5ZUPjkmwBULJ0jEtHDte9VwPElO9yDuJ9SI4VTNKRE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107008+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681155853290.06672568061447; Tue, 18 Jul 2023 04:52:35 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=ojICbBBtS7hJSHI1BLtmmYZuwgqklJTV7JPwqHULKRY=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681155; v=1; b=VcJVFUHqp/ypuGTTjTt63x08dTaeWz66G4ixOnerlAHnlyZf5fRsSLreM+BWCRdJlqRFi/yR Y8jOv3/QTEdY9N2qV0q2QxHvIHpmu1GXHKCENQAL1XwTTCaKWg68wZkcjoCP5IXsI4UlwcFo7Lr +DlJ1s+jKFbO6gxn9PRWaLfw= X-Received: by 127.0.0.2 with SMTP id mikkYY1788612xknyz0mrdF5; Tue, 18 Jul 2023 04:52:35 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.5634.1689681154809327154 for ; Tue, 18 Jul 2023 04:52:34 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EFFC9D75; Tue, 18 Jul 2023 04:53:17 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CEB1B3F6C4; Tue, 18 Jul 2023 04:52:32 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 1/9] MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg Date: Tue, 18 Jul 2023 13:51:48 +0200 Message-Id: <20230718115156.1224842-2-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: 2D7Pfjjn1R2DT9OzT14B46ZNx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681156826100007 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4504 The BaseRngLibTimerLib allows to generate number based on a timer. This mechanism allows to have a basic non-secure implementation for non-production platforms. To bind and identify Random Number Generators implementations with a GUID, an unsafe GUID should be added. This GUID cannot be added to the MdePkg unless it is also added to a specification. To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to the MdeModulePkg. This will allow to define an unsafe Rng GUID in a later patch in the MdeModulePkg. The MdePkg implementation will be removed later. This allows to give some time to platform owners to switch to the MdeModulePkg implementation. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- ArmVirtPkg/ArmVirt.dsc.inc | 2 +- EmulatorPkg/EmulatorPkg.dsc | 2 +- .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 36 ++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 ++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 192 ++++++++++++++++++ MdeModulePkg/MdeModulePkg.dsc | 1 + NetworkPkg/NetworkPkg.dsc | 4 +- OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- OvmfPkg/Bhyve/BhyveX64.dsc | 2 +- OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/OvmfXen.dsc | 2 +- OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 2 +- SecurityPkg/SecurityPkg.dsc | 4 +- SignedCapsulePkg/SignedCapsulePkg.dsc | 4 +- 19 files changed, 262 insertions(+), 18 deletions(-) create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimer= Lib.inf create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimer= Lib.uni create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 2443e8351c99..3f7bac6bf33a 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -154,7 +154,7 @@ [LibraryClasses.common] OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 # # Secure Boot dependencies diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index b44435d7e6ee..b14654739b54 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -128,7 +128,7 @@ [LibraryClasses] FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecu= reLibNull.inf diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf= b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf new file mode 100644 index 000000000000..f857290e823b --- /dev/null +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf @@ -0,0 +1,36 @@ +## @file +# Instance of RNG (Random Number Generator) Library. +# +# BaseRng Library that uses the TimerLib to provide reasonably random num= bers. +# Do NOT use this on a production system as this uses the system performa= nce +# counter rather than a true source of random in addition to having a weak +# random algorithm. This is provided primarily as a source of entropy for +# OpenSSL for platforms that do not have a good built in RngLib as this +# emulates what was done before (though it isn't perfect). +# +# Copyright (c) Microsoft Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# +## + +[Defines] + INF_VERSION =3D 1.27 + BASE_NAME =3D BaseRngLibTimerLib + MODULE_UNI_FILE =3D BaseRngLibTimerLib.uni + FILE_GUID =3D 74950C45-10FC-4AB5-B114-49C87C17409B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D RngLib + +[Sources] + RngLibTimer.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + DebugLib + TimerLib diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni= b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni new file mode 100644 index 000000000000..fde24b9f0107 --- /dev/null +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni @@ -0,0 +1,15 @@ +// @file +// Instance of RNG (Random Number Generator) Library. +// +// RngLib that uses TimerLib's performance counter to provide random numbe= rs. +// +// Copyright (c) Microsoft Corporation. +// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG Library" + +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses= the TimerLib to provide low-entropy random numbers" + diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeMod= ulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c new file mode 100644 index 000000000000..980854d67b72 --- /dev/null +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c @@ -0,0 +1,192 @@ +/** @file + BaseRng Library that uses the TimerLib to provide reasonably random numb= ers. + Do not use this on a production system. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include +#include + +#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 + +/** + Using the TimerLib GetPerformanceCounterProperties() we delay + for enough time for the PerformanceCounter to increment. + + If the return value from GetPerformanceCounterProperties (TimerLib) + is zero, this function will return 10 and attempt to assert. + **/ +STATIC +UINT32 +CalculateMinimumDecentDelayInMicroseconds ( + VOID + ) +{ + UINT64 CounterHz; + + // Get the counter properties + CounterHz =3D GetPerformanceCounterProperties (NULL, NULL); + // Make sure we won't divide by zero + if (CounterHz =3D=3D 0) { + ASSERT (CounterHz !=3D 0); // Assert so the developer knows something = is wrong + return DEFAULT_DELAY_TIME_IN_MICROSECONDS; + } + + // Calculate the minimum delay based on 1.5 microseconds divided by the = hertz. + // We calculate the length of a cycle (1/CounterHz) and multiply it by 1= .5 microseconds + // This ensures that the performance counter has increased by at least o= ne + return (UINT32)(MAX (DivU64x64Remainder (1500000, CounterHz, NULL), 1)); +} + +/** + Generates a 16-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 16-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber16 ( + OUT UINT16 *Rand + ) +{ + UINT32 Index; + UINT8 *RandPtr; + UINT32 DelayInMicroSeconds; + + ASSERT (Rand !=3D NULL); + + if (Rand =3D=3D NULL) { + return FALSE; + } + + DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseconds (); + RandPtr =3D (UINT8 *)Rand; + // Get 2 bytes of random ish data + for (Index =3D 0; Index < sizeof (UINT16); Index++) { + *RandPtr =3D (UINT8)(GetPerformanceCounter () & 0xFF); + // Delay to give the performance counter a chance to change + MicroSecondDelay (DelayInMicroSeconds); + RandPtr++; + } + + return TRUE; +} + +/** + Generates a 32-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 32-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber32 ( + OUT UINT32 *Rand + ) +{ + UINT32 Index; + UINT8 *RandPtr; + UINT32 DelayInMicroSeconds; + + ASSERT (Rand !=3D NULL); + + if (NULL =3D=3D Rand) { + return FALSE; + } + + RandPtr =3D (UINT8 *)Rand; + DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseconds (); + // Get 4 bytes of random ish data + for (Index =3D 0; Index < sizeof (UINT32); Index++) { + *RandPtr =3D (UINT8)(GetPerformanceCounter () & 0xFF); + // Delay to give the performance counter a chance to change + MicroSecondDelay (DelayInMicroSeconds); + RandPtr++; + } + + return TRUE; +} + +/** + Generates a 64-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber64 ( + OUT UINT64 *Rand + ) +{ + UINT32 Index; + UINT8 *RandPtr; + UINT32 DelayInMicroSeconds; + + ASSERT (Rand !=3D NULL); + + if (NULL =3D=3D Rand) { + return FALSE; + } + + RandPtr =3D (UINT8 *)Rand; + DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseconds (); + // Get 8 bytes of random ish data + for (Index =3D 0; Index < sizeof (UINT64); Index++) { + *RandPtr =3D (UINT8)(GetPerformanceCounter () & 0xFF); + // Delay to give the performance counter a chance to change + MicroSecondDelay (DelayInMicroSeconds); + RandPtr++; + } + + return TRUE; +} + +/** + Generates a 128-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 128-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber128 ( + OUT UINT64 *Rand + ) +{ + ASSERT (Rand !=3D NULL); + // This should take around 80ms + + // Read first 64 bits + if (!GetRandomNumber64 (Rand)) { + return FALSE; + } + + // Read second 64 bits + return GetRandomNumber64 (++Rand); +} diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index 1aedfe280ae1..ca16c7f8d552 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -341,6 +341,7 @@ [Components] MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf MdeModulePkg/Library/DisplayUpdateProgressLibGraphics/DisplayUpdateProgr= essLibGraphics.inf MdeModulePkg/Library/DisplayUpdateProgressLibText/DisplayUpdateProgressL= ibText.inf + MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 MdeModulePkg/Universal/BdsDxe/BdsDxe.inf MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc index 6c231c97b544..808c6bffce2c 100644 --- a/NetworkPkg/NetworkPkg.dsc +++ b/NetworkPkg/NetworkPkg.dsc @@ -82,10 +82,10 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf =20 [LibraryClasses.ARM] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [LibraryClasses.RISCV64] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [PcdsFeatureFlag] gEfiMdePkgTokenSpaceGuid.PcdComponentName2Disable|TRUE diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 2c6ed7c9745f..022104dfdce6 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -185,7 +185,7 @@ [LibraryClasses] =20 IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 7fa40998ae80..cc1f85d1be50 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -196,7 +196,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index e000deed9e4d..35942e02df93 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -206,7 +206,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX6= 4.dsc index 193657ff2d61..bbf218488127 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -184,7 +184,7 @@ [LibraryClasses] =20 IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 2f7585639374..d5c1a2fe3a91 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -203,7 +203,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index ed36935770f3..c1f1733a483d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -210,7 +210,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 919315e4cb33..bdd6c3bc96ae 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -215,7 +215,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 823de0d0f9e0..a54e17dd087d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -231,7 +231,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 210578c1d74d..26d2a6963de5 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -194,7 +194,7 @@ [LibraryClasses] !else OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLib= Null.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVV= irt.dsc.inc index 731f54f73f81..8da89ef09f62 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -117,7 +117,7 @@ [LibraryClasses.common] OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf !endif BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 # # Secure Boot dependencies diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3c62205162ce..7682066cd9fe 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -92,10 +92,10 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf =20 [LibraryClasses.ARM] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [LibraryClasses.RISCV64] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [LibraryClasses.X64.SEC] HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf diff --git a/SignedCapsulePkg/SignedCapsulePkg.dsc b/SignedCapsulePkg/Signe= dCapsulePkg.dsc index 8a27207a6f20..4c656666e981 100644 --- a/SignedCapsulePkg/SignedCapsulePkg.dsc +++ b/SignedCapsulePkg/SignedCapsulePkg.dsc @@ -110,10 +110,10 @@ [LibraryClasses.AARCH64, LibraryClasses.ARM] NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf =20 [LibraryClasses.ARM] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [LibraryClasses.RISCV64] - RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107008): https://edk2.groups.io/g/devel/message/107008 Mute This Topic: https://groups.io/mt/100213728/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107009+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107009+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681157; cv=none; d=zohomail.com; s=zohoarc; b=ii+JlrnLumQoWMa4L1pFcSAO2RVvBFlexuo1lwEs/g+eFfXTkFEPLbkC1GRbkq5HgQcQ9b9rDx1oH5osG8OWHZXGTffG0R9N6DBO4Ohp1Pd7T1RgKoInvsu+bGEzkN3RTVOg2pf7LF0lfSBRCDlQ+fu3nmY9Byfp56DteDRf9v8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681157; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=W7IASZAH/QmxmqxhrtjMJcmVkNxCLv45fBkWwYpr8S4=; b=B2WzGqFtzKh6Q/jnhsr63YLTNsePydbDHTOahJwB1htPaYNwUBrkbPvQRgR+9xEI3W1zlgBwm0jBVuiiAr6EGWzb2OafnOCABOUhyMj427ScEXJswYb0qp8pbV6sEvE7BNTtzJU5C/xXMwXbRPVarM5IlcO7gFqxIIYEea4HXOc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107009+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681157867521.5796062029253; Tue, 18 Jul 2023 04:52:37 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=1gK977ls1mbYbpWxlF0DYUNW2m1koGUzwhOfOPEcUNw=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681157; v=1; b=ARTYvsGoD0DzGXTfkpn8uSJB0s6Tmh4owaVxxtODiQeHn4CKv9uG77tnaECGnP4Iq4zz6TwD 9ZGpgDQc9nakjJnnaPnCD1b0bi6Z9oP6uGo/0vUHEc0sCLpRPK0ReE8fdIdlWfnLhN9OUbQNWYb 3qyREzTZP31APm6wi3cWRjWA= X-Received: by 127.0.0.2 with SMTP id 19Y4YY1788612xJH4sXFJPLH; Tue, 18 Jul 2023 04:52:37 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5677.1689681156672296133 for ; Tue, 18 Jul 2023 04:52:36 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id B807EFEC; Tue, 18 Jul 2023 04:53:19 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id B6F6B3F6C4; Tue, 18 Jul 2023 04:52:34 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 2/9] MdePkg: Add deprecated warning to BaseRngLibTimer Date: Tue, 18 Jul 2023 13:51:49 +0200 Message-Id: <20230718115156.1224842-3-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: SaYOxwka7X8r3e7HWw2icThvx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681158790100009 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4504 To keep the MdePkg self-contained and avoid dependencies on GUIDs defined in other packages, the BaseRngLibTimer was moved to the MdePkg. Add a constructor to warn and request to use the MdeModulePkg implementation. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/Mde= Pkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf index f857290e823b..96c90db63f6f 100644 --- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf @@ -23,6 +23,7 @@ [Defines] MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D RngLib + CONSTRUCTOR =3D BaseRngLibTimerConstructor =20 [Sources] RngLibTimer.c diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Libra= ry/BaseRngLibTimerLib/RngLibTimer.c index 980854d67b72..c4fdd1df68d3 100644 --- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c @@ -13,6 +13,28 @@ =20 #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 =20 +/** + This implementation is to be replaced by its MdeModulePkg copy. + The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot + be defined in the MdePkg. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. +**/ +RETURN_STATUS +EFIAPI +BaseRngLibTimerConstructor ( + VOID + ) +{ + DEBUG (( + DEBUG_WARN, + "Warning: This BaseRngTimerLib implementation will be deprecated. " + "Please use the MdeModulePkg implementation equivalent.\n" + )); + + return RETURN_SUCCESS; +} + /** Using the TimerLib GetPerformanceCounterProperties() we delay for enough time for the PerformanceCounter to increment. --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107009): https://edk2.groups.io/g/devel/message/107009 Mute This Topic: https://groups.io/mt/100213729/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107010+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107010+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681159; cv=none; d=zohomail.com; s=zohoarc; b=Bmth8bbDVLxhLhoUrMhMxiRw0Ve1ZePjBcLgA8YrLrmRLc3GnH+5H9RKZ50fhH9TkEBH2sGZmM36S0iriibAlwc0Aof4KzJD9p0Ywtxy+4j+xm6JfLhPT41mmpkbMCtb6mZlFh2J6SOVVXWU8tjkicYLVrU2WwirWmlhF/hy3/8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681159; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=NTrWvLr9CiSATVsQVAspUwaSOXhl23lLk2rA4tgG6LI=; b=UWPUSZ7AEdVBMmRryZrdRSiZCGI88u5Aq7XFx7pYKAfEtL0AmHgzNX3GJj6crLBVcLl1ItXJPwwvI6Sv3NxCPm1wdts5c5zN7MqBbIiBkB6snyq+P5OKYQOLdDKrYem6XYkP51oR3Olx16Y05HNKADnfNqQUytaR7UzgXO136Tw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107010+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681159433464.4775189709326; Tue, 18 Jul 2023 04:52:39 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=lB8BLL8nOyGU+hZjvPoQoaqoW0Rsu7+yKJLM/uti4nM=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681159; v=1; b=BXi21FY/Gag/BXQJpmhjVLM9IdXTGrNeMDkTCHVZMoH47v1DwXhPANWXfq+tI2sAKKQsk27Z r2scx2cr1eh8AI3uYrwVe7jUGBH5+L5Mt0uN3PximegzHKwTk+kpj44mKRUZKHklTPZ+sFNNjj8 D7FwjJW2EnFLMAQBndCymlbQ= X-Received: by 127.0.0.2 with SMTP id U3jWYY1788612xnqNGulK79t; Tue, 18 Jul 2023 04:52:39 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5678.1689681158392873857 for ; Tue, 18 Jul 2023 04:52:38 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 82EDA11FB; Tue, 18 Jul 2023 04:53:21 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7F29A3F6C4; Tue, 18 Jul 2023 04:52:36 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 3/9] SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg Date: Tue, 18 Jul 2023 13:51:50 +0200 Message-Id: <20230718115156.1224842-4-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: chejgtK8yVupDNbSuQ0bTfV4x1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681160811100013 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a following patch and to avoid making the MdePkg dependent on another package, move PcdCpuRngSupportedAlgorithm to the MdePkg. As the Pcd is only used for AARCH64, place it in an AARCH64 specific sections. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- .../Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 2 +- MdePkg/MdePkg.dec | 5 +++++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 4 ++-- SecurityPkg/SecurityPkg.dec | 2 -- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf= b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf index f857290e823b..f7290010604f 100644 --- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf @@ -19,7 +19,7 @@ [Defines] INF_VERSION =3D 1.27 BASE_NAME =3D BaseRngLibTimerLib MODULE_UNI_FILE =3D BaseRngLibTimerLib.uni - FILE_GUID =3D 74950C45-10FC-4AB5-B114-49C87C17409B + FILE_GUID =3D B3E66B05-D218-4B9A-AC33-EF0F83D6A513 MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 LIBRARY_CLASS =3D RngLib diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index b85614992b94..5b8477f4cb8f 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2393,6 +2393,11 @@ [PcdsFixedAtBuild,PcdsPatchableInModule] # @Prompt Time-out for a response, internal gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifResponseRetryIntervalMicrosecond|600= 00|UINT32|0x00000036 =20 +[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64] + ## GUID identifying the Rng algorithm implemented by CPU instruction. + # @Prompt CPU Rng algorithm's GUID. + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x0= 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x0000= 0037 + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## This value is used to set the base address of PCI express hierarchy. # @Prompt PCI Express Base Address. diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index c8e0ee4ae5d9..d6c2d30195bf 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -79,8 +79,8 @@ [Guids] [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUM= ES +[Pcd.AARCH64] + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES =20 [Depex] TRUE diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 53aa7ec43557..00c4ebdbed59 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -325,8 +325,6 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A= |UINT32|0x00010030 gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B= |UINT32|0x00010031 =20 - gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0= 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0= x00010032 - [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] ## Image verification policy for OptionRom. Only following values are va= lid:

# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification= and has been removed.
--=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107010): https://edk2.groups.io/g/devel/message/107010 Mute This Topic: https://groups.io/mt/100213730/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107011+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107011+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681161; cv=none; d=zohomail.com; s=zohoarc; b=Su40XrJdY+QhBZZuX+Z2bt4+TL/HP0vw6mmCSd135gN9CsiKe7sJZFjuB79dOofbQH7ewxMGhnrTkIwBphgxWdMquVzdpFs8Vb2Qheasj6ww2h9vsTU1VwxTeS+GgAS/a1j5v+QAnUXdtoHHXP91W/A1MemvT1imcAR1GtsUlfg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681161; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=g/WnEfscXPvorZ1SAmpEPgaFaoowhRK7SvT9YUW5Vyw=; b=lFfiUt3U0Yv/XWGx/JwlzgGIrGAnUbyYwtJwvIh9N7dN9QgwAN0v14vjwisLaHWWdGx03QXT9xhh/Dw9gOwSjmKI9TGuwdHMY3AT27lAk3DdCKhXOc2iZEG7NMoUipygONtWgYAPkNXgmcsAHRxePX5bNIkfRNEWBsekeMlvV90= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107011+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681161140527.9338343781798; Tue, 18 Jul 2023 04:52:41 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=eDpsD7+MavDXhKbK8osqlGy2wZKsrrpYIhm7M+3Zdgo=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681160; v=1; b=nW1dmrWky6j+m+crhx3JGYusdKkVxOBCbwOc9Ai3rMvR25q3M4qbOjKiGZl0bfeIla7tOAaa AqoALg9S24vPtQFr7WX3gUHu9cARSGByg8ryXsh4gYlKrQylXQgKFRdLpnBM5Lpzy7UqoZRpM6U GFYycejS0A+w/VtP5irozsOQ= X-Received: by 127.0.0.2 with SMTP id lPh0YY1788612xxCuy0XNizy; Tue, 18 Jul 2023 04:52:40 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5680.1689681160314585989 for ; Tue, 18 Jul 2023 04:52:40 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4BF8F12FC; Tue, 18 Jul 2023 04:53:23 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 4A8A23F6C4; Tue, 18 Jul 2023 04:52:38 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 4/9] MdePkg/DxeRngLib: Request raw algorithm instead of default Date: Tue, 18 Jul 2023 13:51:51 +0200 Message-Id: <20230718115156.1224842-5-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: TI31tkHJHVNWh2d5qlfiPTv3x1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681163173100019 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The DxeRngLib tries to generate a random number using the 3 NIST SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. If none of the call is successful, the fallback option is the default RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might be an unsafe implementation. Try requesting the Raw algorithm before requesting the default one. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index 46aea515924f..a01b66ad7d20 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( return Status; } =20 + Status =3D RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, Buffe= rSize, Buffer); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status =3D %r\n", __func= __, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } + // If all the other methods have failed, use the default method from the= RngProtocol Status =3D RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); - DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status =3D %r\n", _= _func__, Status)); + DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status =3D %r\n", __= func__, Status)); if (!EFI_ERROR (Status)) { return Status; } --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107011): https://edk2.groups.io/g/devel/message/107011 Mute This Topic: https://groups.io/mt/100213731/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107012+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107012+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681162; cv=none; d=zohomail.com; s=zohoarc; b=csNy62hhDKNLAqm9Npf4ovTIzsq2aG+XPNqYcwPTA0WEAooNtogxS8l3GihAje/QTNqYKEXGCY33AuVM8Q0C6sLv2v0V7lNGRqQAhWPvoxBVckTCpzLCPmC9HCUb/gVwtAzr/Exd6mWs+S5IMw48BrnANFuK4jsz18LeGapa0S0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681162; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=OF2V9P3oxVmN4FjLR06SJ4nP53eY2jsMmXJS4+3I1gE=; b=IqnQgJ9fX005LjX/zXTBw+fuJ7pScCT4H9SNn+k8JWUdipd3EuEmwRY4eC8NqHA7jZ3xqEx7iSLqUVRbyjneGje84+moHXDDd5+Zgsb3sgvOMGPw+oqNxVBbrJGNEAhJHQLRRT9CFuRBeqr5zgqccOzGHCCWQvVouVee3bnbW9I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107012+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 168968116273153.12260821248549; Tue, 18 Jul 2023 04:52:42 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=6cFBGp9e8Dnz0rvMCU6CwawYER634/7+Cj0m0DUH1rQ=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681162; v=1; b=YKnzaecOsZ0LHFDwJ54JX7yeO8hu7K+Wq9AbpsjAeL9pCsBh4tIMv9fpwUwXKjqooasNTiqg K47qSijAJMJMgRDCr/l5CDCNmCB04vjRAs+G83316pcnGYNDfSKxkPBg0iuriNycVD7U0JHtrZ0 PE0eoo6KJTUviqQ0sKRvRgxI= X-Received: by 127.0.0.2 with SMTP id qCWFYY1788612xs6UWzcRZuT; Tue, 18 Jul 2023 04:52:42 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.5635.1689681161858440048 for ; Tue, 18 Jul 2023 04:52:42 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 14747139F; Tue, 18 Jul 2023 04:53:25 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 137193F6C4; Tue, 18 Jul 2023 04:52:39 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 5/9] MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms Date: Tue, 18 Jul 2023 13:51:52 +0200 Message-Id: <20230718115156.1224842-6-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: ahaDpc8XeTixubzv2jxHoBNNx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681164975100027 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function is added in a following patch. Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr to describe a Rng algorithm accessed through Arm's RNDR instruction. [1] states that the implementation of this algorithm should be compliant to NIST SP900-80. The compliance is not guaranteed. [1] Arm Architecture Reference Manual Armv8, for A-profile architecture sK12.1 'Properties of the generated random number' Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- MdePkg/Include/Protocol/Rng.h | 10 ++++++++++ MdePkg/MdePkg.dec | 1 + 2 files changed, 11 insertions(+) diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h index baf425587b3c..38bde53240d1 100644 --- a/MdePkg/Include/Protocol/Rng.h +++ b/MdePkg/Include/Protocol/Rng.h @@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM; { \ 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,= 0x61 } \ } +/// +/// The Arm Architecture states the RNDR that the DRBG algorithm should be= compliant +/// with NIST SP800-90A, while not mandating a particular algorithm, so as= to be +/// inclusive of different geographies. +/// +#define EFI_RNG_ALGORITHM_ARM_RNDR \ + { \ + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08= , 0x41} \ + } =20 /** Returns information about the random number generation implementation. @@ -146,5 +155,6 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; extern EFI_GUID gEfiRngAlgorithmX931AesGuid; extern EFI_GUID gEfiRngAlgorithmRaw; +extern EFI_GUID gEfiRngAlgorithmArmRndr; =20 #endif diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 5b8477f4cb8f..ac54338089e8 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -643,6 +643,7 @@ [Guids] gEfiRngAlgorithmX9313DesGuid =3D { 0x63c4785a, 0xca34, 0x4012, {0x= a3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }} gEfiRngAlgorithmX931AesGuid =3D { 0xacd03321, 0x777e, 0x4d3d, {0x= b1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }} gEfiRngAlgorithmRaw =3D { 0xe43176d7, 0xb6e8, 0x4827, {0x= b7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }} + gEfiRngAlgorithmArmRndr =3D { 0x43d2fde3, 0x9d4e, 0x4d79, {0x= 02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }} =20 ## Include/Protocol/AdapterInformation.h gEfiAdapterInfoMediaStateGuid =3D { 0xD7C74207, 0xA831, 0x4A26, {0= xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }} --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107012): https://edk2.groups.io/g/devel/message/107012 Mute This Topic: https://groups.io/mt/100213732/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107013+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107013+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681164; cv=none; d=zohomail.com; s=zohoarc; b=UHjfYYkLK2qnxVgvz5VgBR8moI4v7Z40XDfGZNlNJrCHQDTriaTXSNNgvWpg8qu4o93AIbVw48eWNXT0vuBCXj2z5XWBJNgsUuk7mrxQX2tWVwX3OZdCfOEHmNXnwxfwmYzRhESZ1Poxkp1v7wnMbVL4/3Uo64Zlt7MkX+ssU6Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681164; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=3tfpFwz/UziD74VRVvzHabOF8PthAEhuO0CtutqbWgE=; b=KXlpoZ7uwEUp1R45Mc/x5fp5e5SvcrT84FEyMzgcSC28T9u3zIvsDcn9vRfeFyuJp9kjhkyn3KSsd53sfmhFL3vKeymtgldl3C/VWW17hnD/1uP5g3ammkWvC1HnyaTTiKYW/cEn7FP/7zP+RefnMu7z0R234e19sJHZufnt6cY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107013+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681164545646.2704635596376; Tue, 18 Jul 2023 04:52:44 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=F9ZNlhrt61GluNLXJpWauupYflTQHlfvy4A2kDOfZ8A=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681164; v=1; b=hXONzVRQP7WcKEIbvXgkP1EaUIBQPYmwoPgMPgL+5b6vHbZA0FbbK11wB76pmh5Z/rjM3yAb yPwZqzx3f9dbxc+dHydkx5XbIOY5FQgPdADyYuEPzoL9vx+RhNFAANAUVaGGkK6MuQgph6+5W8n /a2dlREU9yPzIONdmVjkaOZs= X-Received: by 127.0.0.2 with SMTP id YhLnYY1788612xiG0G3IrG1R; Tue, 18 Jul 2023 04:52:44 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5681.1689681163652479730 for ; Tue, 18 Jul 2023 04:52:43 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D090F13D5; Tue, 18 Jul 2023 04:53:26 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id CF86A3F6C4; Tue, 18 Jul 2023 04:52:41 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 6/9] MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms Date: Tue, 18 Jul 2023 13:51:53 +0200 Message-Id: <20230718115156.1224842-7-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: uz9vMXAIUFujfr742rtZ3lX2x1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681164828100023 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function is added in a following patch. Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe to describe an unsafe implementation, cf. the BaseRngLibTimerLib. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++ MdeModulePkg/MdeModulePkg.dec | 3 +++ 2 files changed, 26 insertions(+) create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Includ= e/Guid/RngAlgorithm.h new file mode 100644 index 000000000000..e2ac2ba3e5c6 --- /dev/null +++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h @@ -0,0 +1,23 @@ +/** @file + Rng Algorithm + + Copyright (c) 2023, Arm Limited. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef RNG_ALGORITHM_GUID_H_ +#define RNG_ALGORITHM_GUID_H_ + +/// +/// The implementation of a Random Number Generator might be unsafe, when = using +/// a dummy implementation for instance. Allow identifying such implementa= tion +/// with this GUID. +/// +#define EDKII_RNG_ALGORITHM_UNSAFE \ + { \ + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,= 0xf4 } \ + } + +extern EFI_GUID gEdkiiRngAlgorithmUnSafe; + +#endif // #ifndef RNG_ALGORITHM_GUID_H_ diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index d65dae18aa81..55617c3f9bd2 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -418,6 +418,9 @@ [Guids] ## Include/Guid/MigratedFvInfo.h gEdkiiMigratedFvInfoGuid =3D { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4,= 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } } =20 + ## Include/Guid/RngAlgorithm.h + gEdkiiRngAlgorithmUnSafe =3D { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, = 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }} + # # GUID defined in UniversalPayload # --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107013): https://edk2.groups.io/g/devel/message/107013 Mute This Topic: https://groups.io/mt/100213734/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107014+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107014+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681166; cv=none; d=zohomail.com; s=zohoarc; b=Zzlxl3G67swXhae385iHqHs6aQ2g0eriOLAEcSSmOumfqnXLWPsi/IZl7730UB6JmojMp8gsRky23cvYKiYig+gHPBYKyyQvlguIzYrAffr60jRCxh1FUYp2xO/isJa23JPhWb4V7DDYUvDBOugp/nlEQMvBxGt3Ib6+ImdGAiE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681166; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=7ZQMmBwi6MLTaMQ8QIIHH0kNotXiGPYAxAxDSDjSTGk=; b=iAR4yJpKKy401shMnZySdCIg3Jpjld7D73OTq0BCeUFY278baVPwvivo8UnnhLaCWhhS4AKm2OfYWduswx6YNG6K+1KTTxe42z3kcJMEJOqlNoOyJN18RTWjmQh/LVMNX1ibQMzwUMVnu08/+Q3ICMoEx3XU2esOruPHaF5Acxc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107014+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681166311431.67617038726746; Tue, 18 Jul 2023 04:52:46 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=qCRmTPQx11nHrkv0Opo7M7oFj0+IIca/YcCo3Rm1HjQ=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681166; v=1; b=PmLfC+wtorF3swAc+iuSto2ZMkVyrJ41iKN7sUTfyg/E+piXCUkYJhiyCbwmJq/iA3/YgyRK tS7jJyT/7Hyd7ANO+AG8sbJdvYNzcUpaFbQKJVn9X8TOIwAaCQtjFRhFtILZc3le7LZ5IDSiHPg fC001k8BsfJEBxliPTXiqiio= X-Received: by 127.0.0.2 with SMTP id xzSBYY1788612xzMIpp42mYl; Tue, 18 Jul 2023 04:52:46 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5682.1689681165397964477 for ; Tue, 18 Jul 2023 04:52:45 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 995BCD75; Tue, 18 Jul 2023 04:53:28 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 97F8D3F6C4; Tue, 18 Jul 2023 04:52:43 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 7/9] MdePkg/Rng: Add GetRngGuid() to RngLib Date: Tue, 18 Jul 2023 13:51:54 +0200 Message-Id: <20230718115156.1224842-8-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: Ez3b82ldwzMzkxb8n82iDSOzx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681166906100029 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, add a GetRngGuid() function to the RngLib. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++ MdePkg/Include/Library/RngLib.h | 17 ++++++++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 +++++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 23 ++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++ 9 files changed, 200 insertions(+) diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf= b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf index f7290010604f..8461260cc812 100644 --- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf @@ -29,6 +29,10 @@ [Sources] =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[Guids] + gEdkiiRngAlgorithmUnSafe =20 [LibraryClasses] BaseLib diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeMod= ulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c index 980854d67b72..28ff46c71fa2 100644 --- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c @@ -2,14 +2,18 @@ BaseRng Library that uses the TimerLib to provide reasonably random numb= ers. Do not use this on a production system. =20 + Copyright (c) 2023, Arm Limited. All rights reserved. Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include +#include #include +#include #include #include +#include =20 #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 =20 @@ -190,3 +194,27 @@ GetRandomNumber128 ( // Read second 64 bits return GetRandomNumber64 (++Rand); } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid)); + return EFI_SUCCESS; +} diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLi= b.h index 429ed19e287e..945482cd5e56 100644 --- a/MdePkg/Include/Library/RngLib.h +++ b/MdePkg/Include/Library/RngLib.h @@ -1,6 +1,7 @@ /** @file Provides random number generator services. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -77,4 +78,20 @@ GetRandomNumber128 ( OUT UINT64 *Rand ); =20 +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ); + #endif // __RNG_LIB_H__ diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/Base= RngLib/AArch64/Rndr.c index 20811bf3ebf3..d39db62153ee 100644 --- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c @@ -2,6 +2,7 @@ Random number generator service that uses the RNDR instruction to provide pseudorandom numbers. =20 + Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2021, NUVIA Inc. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
=20 @@ -11,6 +12,7 @@ =20 #include #include +#include #include #include =20 @@ -138,3 +140,43 @@ ArchIsRngSupported ( { return mRndrSupported; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + GUID *RngLibGuid; + + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!mRndrSupported) { + return EFI_UNSUPPORTED; + } + + // + // If the platform advertises the algorithm behind RNDR instruction, + // use it. Otherwise use gEfiRngAlgorithmArmRndr. + // + RngLibGuid =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); + if (!IsZeroGuid (RngLibGuid)) { + CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid)); + } else { + CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid)); + } + + return EFI_SUCCESS; +} diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/Base= RngLib/BaseRngLib.inf index 1fcceb941495..49503b139be9 100644 --- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf +++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -4,6 +4,7 @@ # BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to # provide random numbers. # +# Copyright (c) 2023, Arm Limited. All rights reserved.
# Copyright (c) 2021, NUVIA Inc. All rights reserved.
# Copyright (c) 2015, Intel Corporation. All rights reserved.
# @@ -43,9 +44,18 @@ [Sources.AARCH64] AArch64/ArmReadIdIsar0.asm | MSFT AArch64/ArmRng.asm | MSFT =20 +[Guids.AARCH64] + gEfiRngAlgorithmArmRndr + +[Guids.Ia32, Guids.X64] + gEfiRngAlgorithmSp80090Ctr256Guid + [Packages] MdePkg/MdePkg.dec =20 +[Pcd.AARCH64] + gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm + [LibraryClasses] BaseLib DebugLib diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseR= ngLib/Rand/RdRand.c index 070d41e2555f..9bd68352f9f7 100644 --- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c +++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c @@ -2,6 +2,7 @@ Random number generator services that uses RdRand instruction access to provide high-quality random numbers. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2021, NUVIA Inc. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
=20 @@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include #include +#include #include =20 #include "BaseRngLibInternals.h" @@ -128,3 +130,27 @@ ArchIsRngSupported ( */ return TRUE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + if (RngGuid =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } + + CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid)); + return EFI_SUCCESS; +} diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Librar= y/BaseRngLibNull/BaseRngLibNull.c index efba5c851ead..af5e8eb8f72a 100644 --- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c +++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c @@ -1,13 +1,16 @@ /** @file Null version of Random number generator services. =20 +Copyright (c) 2023, Arm Limited. All rights reserved.
Copyright (c) 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include #include #include +#include =20 /** Generates a 16-bit random number. @@ -92,3 +95,22 @@ GetRandomNumber128 ( ASSERT (FALSE); return FALSE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Libra= ry/BaseRngLibTimerLib/RngLibTimer.c index c4fdd1df68d3..4a7cae78f85c 100644 --- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c @@ -212,3 +212,26 @@ GetRandomNumber128 ( // Read second 64 bits return GetRandomNumber64 (++Rand); } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +RETURN_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + /* This implementation is to be replaced by its MdeModulePkg copy. + * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot + * be defined in the MdePkg. + */ + return RETURN_UNSUPPORTED; +} diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLi= b/DxeRngLib.c index a01b66ad7d20..05c795759b9a 100644 --- a/MdePkg/Library/DxeRngLib/DxeRngLib.c +++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c @@ -1,6 +1,7 @@ /** @file Provides an implementation of the library class RngLib that uses the Rng = protocol. =20 + Copyright (c) 2023, Arm Limited. All rights reserved. Copyright (c) Microsoft Corporation. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -207,3 +208,30 @@ GetRandomNumber128 ( =20 return TRUE; } + +/** + Get a GUID identifying the RNG algorithm implementation. + + @param [out] RngGuid If success, contains the GUID identifying + the RNG algorithm implementation. + + @retval EFI_SUCCESS Success. + @retval EFI_UNSUPPORTED Not supported. + @retval EFI_INVALID_PARAMETER Invalid parameter. +**/ +EFI_STATUS +EFIAPI +GetRngGuid ( + GUID *RngGuid + ) +{ + /* It is not possible to know beforehand which Rng algorithm will + * be used by this library. + * This API is mainly used by RngDxe. RngDxe relies on the RngLib. + * The RngLib|DxeRngLib.inf implementation locates and uses an installed + * EFI_RNG_PROTOCOL. + * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf. + * and it is ok not to support this API. + */ + return EFI_UNSUPPORTED; +} --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107014): https://edk2.groups.io/g/devel/message/107014 Mute This Topic: https://groups.io/mt/100213735/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107015+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107015+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681168; cv=none; d=zohomail.com; s=zohoarc; b=m4oqULH2/mbKJoL8XYPdciPR7TYMSas97eF3C9ewhZhw/betNL/yz9bfYPlUK7XWkcln52Xq3bEZCf+tLxkGzr/NKZgKe2nHn/mUWSF8ozM7XOuffWLg1SAf9XfQ1ASsVAU+pQ1VhIdNO9xIy/ZU9wnAkM32BXNpi2Z5kbWv0Gg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681168; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=A67vVX7DX1gm/mIJ4woi5ibHmPacAiWrd8Ps4FbnQpg=; b=fV4DBqrbcGFCsy8hsIKhq4CR0TKb7NjrE3zbjHRJANa8NktqDr4Ws0DYu/EUhiARR6N9DfpACqB7N3ZkR5dq3TydVn9Qtonm4ka6aEm7CtJyBkdjelJ12kXzQC+65FMyGNPRqUufuBmd7sHwhdplwgUrz+V6OTgAnWjFnPBcpiI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107015+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681168208737.3794149786587; Tue, 18 Jul 2023 04:52:48 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=mK0br7bBwqLmGUhJjZB5mP8EmA32xxoUWBE9yF/EIJg=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681167; v=1; b=U3AQRiHm4eFHx0SbC+Aut1D2NwVvZEkgaef5xRd4EDYlKhv5acSrQVKGyPZpLnvUyE1Qf3eH a9N2iTa16V4xpg2WOzwBLVlpVERuCJQQT4TOj+TdFww9UW11SazWaP4QGr9Gt5/QW6kQ5RFjnOY ChlW31J1JFmI16nr/8/xNBsI= X-Received: by 127.0.0.2 with SMTP id HvESYY1788612xUfGfM2PD6Z; Tue, 18 Jul 2023 04:52:47 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5683.1689681167282406532 for ; Tue, 18 Jul 2023 04:52:47 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 67DA62F4; Tue, 18 Jul 2023 04:53:30 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 66C323F6C4; Tue, 18 Jul 2023 04:52:45 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib Date: Tue, 18 Jul 2023 13:51:55 +0200 Message-Id: <20230718115156.1224842-9-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: 8ApAlr3hk3h6Z1n3NmkUISZex1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681169513100035 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function and place the unsage algorithm at the last position in the mAvailableAlgoArray. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- .../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 +- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- 3 files changed, 45 insertions(+), 21 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c= b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index e8be217f8a8c..a270441ebba0 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -10,6 +10,8 @@ #include #include #include +#include +#include =20 #include "RngDxeInternals.h" =20 @@ -28,9 +30,13 @@ GetAvailableAlgorithms ( VOID ) { - UINT64 DummyRand; - UINT16 MajorRevision; - UINT16 MinorRevision; + EFI_STATUS Status; + UINT16 MajorRevision; + UINT16 MinorRevision; + GUID RngGuid; + BOOLEAN UnSafeAlgo; + + UnSafeAlgo =3D FALSE; =20 // Rng algorithms 2 times, one for the allocation, one to populate. mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); @@ -38,24 +44,29 @@ GetAvailableAlgorithms ( return EFI_OUT_OF_RESOURCES; } =20 - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) { - CopyMem ( - &mAvailableAlgoArray[mAvailableAlgoArrayCount], - PcdGetPtr (PcdCpuRngSupportedAlgorithm), - sizeof (EFI_RNG_ALGORITHM) - ); - mAvailableAlgoArrayCount++; - - DEBUG_CODE_BEGIN (); - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { + // Identify RngLib algorithm. + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status)) { + if (IsZeroGuid (&RngGuid) || + CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe)) + { + // Treat zero GUID as an unsafe algorithm DEBUG (( DEBUG_WARN, - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" + "RngLib uses an Unsafe algorithm and " + "must not be used for production builds.\n" )); + // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found + // so that it can be added at the end of the algorithm list. + UnSafeAlgo =3D TRUE; + } else { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &RngGuid, + sizeof (RngGuid) + ); + mAvailableAlgoArrayCount++; } - - DEBUG_CODE_END (); } =20 // Raw algorithm (Trng) @@ -68,5 +79,15 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++; } =20 + // Add unsafe algorithm at the end of the list. + if (UnSafeAlgo) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEdkiiRngAlgorithmUnSafe, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + return EFI_SUCCESS; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index ce49ff7ae661..78a18c5e1177 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -78,6 +78,7 @@ RngGetRNG ( { EFI_STATUS Status; UINTN Index; + GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D = NULL)) { return EFI_INVALID_PARAMETER; @@ -102,7 +103,10 @@ RngGetRNG ( } =20 FoundAlgo: - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)))= { + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status) && + CompareGuid (RNGAlgorithm, &RngGuid)) + { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index d6c2d30195bf..27d3e39a675b 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -75,13 +75,12 @@ [Guids] gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG =20 [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd.AARCH64] - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES - [Depex] TRUE =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107015): https://edk2.groups.io/g/devel/message/107015 Mute This Topic: https://groups.io/mt/100213737/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 17 15:52:18 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107016+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107016+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681169; cv=none; d=zohomail.com; s=zohoarc; b=RPUVNl4tRf6B3qSLKpkpCgJujhdCbUhjQLcYMsk2nkcHJ2Kf3DVwyQEkp4XqYuxcfTC3IhF7xoqyyP43vn9L2Ngrg+nmkpDSv8/dTbmeJcwZgPVDrV68qiGiqfPqAzuhITQaUeh1hKEoTriCZ39tS/Vs1jdvSAyCv7A4s1TAlCg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681169; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fXeLwAyIvu4RIHaP/GNUUkWg6QwM+egKLaqzhvxfZqk=; b=U7NjWnnejRJpoMz1WvHXWuAEjcTysdGCnD81/GW0fAnGUBXjwYl8EUUKvVba6lR8cF0SdfBxTiqcsPZ1e5C15zE1UyNVboEh66gW8B9fsMQZnq0S8eMZQdHb+f9cOBIJrMEshqlyxAEGACRKZmHLzaQEDDOBmEqZqJVHWiChpvY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107016+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681169920797.5676052512385; Tue, 18 Jul 2023 04:52:49 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=Oe2zqVpMpGlGfHQnftiJuR3WoknfYFoFPHAIo4xk9n0=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681169; v=1; b=g+dARX+irE1Tx6lJY+Y5fg0Hj+tUoJJoInHshbXCpHIv1Mr0gN5+MppR0Rb8Ay4N2R+8gh1R GSzvPIGws7CTWSamzlqmnv/L1H4doKhX3O+BjsRzY28jh/TRzH/Dl58OO3/Tpm7OgilgNomdo15 NLsMCZK4uiPAPCLE+6i+PYpQ= X-Received: by 127.0.0.2 with SMTP id 8XLqYY1788612xFjL4KkCz6X; Tue, 18 Jul 2023 04:52:49 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.5640.1689681168985377167 for ; Tue, 18 Jul 2023 04:52:49 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 31128FEC; Tue, 18 Jul 2023 04:53:32 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 2F9413F6C4; Tue, 18 Jul 2023 04:52:47 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 9/9] SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm Date: Tue, 18 Jul 2023 13:51:56 +0200 Message-Id: <20230718115156.1224842-10-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: YQGrfZJMX6nZeJYkCRmYnAjGx1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681170839100037 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois The first element of mAvailableAlgoArray is defined as the default Rng algorithm to use. Don't go through the array at each RngGetRNG() call and just return the first element of the array. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar Tested-by: Kun Qin --- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index 78a18c5e1177..7a42e3cbe3d2 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -77,7 +77,6 @@ RngGetRNG ( ) { EFI_STATUS Status; - UINTN Index; GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D = NULL)) { @@ -88,21 +87,13 @@ RngGetRNG ( // // Use the default RNG algorithm if RNGAlgorithm is NULL. // - for (Index =3D 0; Index < mAvailableAlgoArrayCount; Index++) { - if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { - RNGAlgorithm =3D &mAvailableAlgoArray[Index]; - goto FoundAlgo; - } - } - - if (Index =3D=3D mAvailableAlgoArrayCount) { - // No algorithm available. - ASSERT (Index !=3D mAvailableAlgoArrayCount); - return EFI_DEVICE_ERROR; + if (mAvailableAlgoArrayCount !=3D 0) { + RNGAlgorithm =3D &mAvailableAlgoArray[0]; + } else { + return EFI_UNSUPPORTED; } } =20 -FoundAlgo: Status =3D GetRngGuid (&RngGuid); if (!EFI_ERROR (Status) && CompareGuid (RNGAlgorithm, &RngGuid)) --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107016): https://edk2.groups.io/g/devel/message/107016 Mute This Topic: https://groups.io/mt/100213738/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-