From nobody Tue Nov 26 16:45:04 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as
 permitted sender) client-ip=66.175.222.12;
 envelope-from=bounce+27952+50610+1787277+3901457@groups.io;
 helo=web01.groups.io;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+50610+1787277+3901457@groups.io;
	dmarc=fail(p=none dis=none)  header.from=intel.com
ARC-Seal: i=1; a=rsa-sha256; t=1573697875; cv=none;
	d=zoho.com; s=zohoarc;
	b=Ijnv4S63lMKYjCr6IDinuli5/BqJLvqgQrajtcTGT89iTU1tY0fNXgitn44WeFF2mDLBMQsr+YskPh7VZtVsOjJ1KV0dNsntgoAV+E68Ualh3ioz9j9PtueMJKD+/ueY9fcHtf+v3S/z9xQ2ey0lwah/gfInlCIddFrheeq/UCc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1573697875;
 h=Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:Message-ID:Reply-To:References:Sender:Subject:To;
	bh=eJkOZxjgOnA7+ASOfZHa9lSCPzRA6c2abwyVCS5VWhY=;
	b=olJVu2wUPZ/6Bl37n+xiiH6Sa9a5/GC1uJhw/FJinhGZEQqtwjYRv5urkS0M6JNWNbUuGAVnQeR/0M6aVwRIYR/nJ+j4dYXokP9pvaHe6YjGaexp4grIref9ciEjekQmjHynzpR4VZO14vGAvl0YExwmdPkFMsSClK+8uBlciAc=
ARC-Authentication-Results: i=1; mx.zoho.com;
	dkim=pass;
	spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted
 sender)  smtp.mailfrom=bounce+27952+50610+1787277+3901457@groups.io;
	dmarc=fail header.from=<jian.j.wang@intel.com> (p=none dis=none)
 header.from=<jian.j.wang@intel.com>
Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by
 mx.zohomail.com
	with SMTPS id 1573697875263725.7237404500319;
 Wed, 13 Nov 2019 18:17:55 -0800 (PST)
Return-Path: <bounce+27952+50610+1787277+3901457@groups.io>
X-Received: by 127.0.0.2 with SMTP id etDeYY1788612xSyY2KoDU5J;
 Wed, 13 Nov 2019 18:17:54 -0800
X-Received: from mga07.intel.com (mga07.intel.com [])
 by mx.groups.io with SMTP id smtpd.web10.830.1573697867801385708
 for <devel@edk2.groups.io>;
 Wed, 13 Nov 2019 18:17:53 -0800
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
X-Received: from fmsmga002.fm.intel.com ([10.253.24.26])
  by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 13 Nov 2019 18:17:53 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,302,1569308400";
   d="scan'208";a="235500492"
X-Received: from shwdeopenpsi777.ccr.corp.intel.com ([10.239.158.59])
  by fmsmga002.fm.intel.com with ESMTP; 13 Nov 2019 18:17:51 -0800
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <liming.gao@intel.com>,
	Ray Ni <ray.ni@intel.com>
Subject: [edk2-devel] [PATCH 04/11] MdePkg/BaseLib: add interface to wrap
 rdseed IA instruction
Date: Thu, 14 Nov 2019 10:17:36 +0800
Message-Id: <20191114021743.3876-5-jian.j.wang@intel.com>
In-Reply-To: <20191114021743.3876-1-jian.j.wang@intel.com>
References: <20191114021743.3876-1-jian.j.wang@intel.com>
Precedence: Bulk
List-Unsubscribe: <https://edk2.groups.io/g/devel/unsub>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,jian.j.wang@intel.com
X-Gm-Message-State: zM6guZLkmWVHptbLB9ztHDw7x1787277AA=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io;
 q=dns/txt; s=20140610; t=1573697874;
 bh=eBZa4jBW7u/VxlWgKQ0r6PtIxpi3sxUeNTr9+/RWKJU=;
 h=Cc:Date:From:Reply-To:Subject:To;
 b=w7h1aczeu1vcWW9++1EHSP1OQQJOPeYZBFsFGuVX5xbi9dIVnXer6bm5FSpHw0kX6Cc
 DoGIn1KYXs298OXFXmyMBJ4jCMl0W7iNHyPeqGVAURNe5hbECTnjU4VwhWq4+dv8v/OXk
 NpuasQ76AHMmU/MCzZMP5Vv4bfvFnsk8JLU=
X-ZohoMail-DKIM: pass (identity @groups.io)
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

BaseRngLib uses rdrand instruction to get random number from DRNG in the
processor, which is not a good candidate for seeding openssl rand
interface.

rdseed in x86 cpu provides non-deterministic random number (NRBG) which
meets NIST SP 800-90B and NIST SP800-90C standards and can be used as
seed for other software DRNG. This patch adds a C interface AsmRdSeed()
to wrap it in BaseLib so that we can add a new RngLib for users to choose
in their platform, if their processor support rdseed instruction.

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1871
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 MdePkg/Include/Library/BaseLib.h          | 51 +++++++++++++
 MdePkg/Library/BaseLib/BaseLib.inf        |  4 ++
 MdePkg/Library/BaseLib/BaseLibInternals.h | 46 ++++++++++++
 MdePkg/Library/BaseLib/Ia32/RdSeed.nasm   | 87 +++++++++++++++++++++++
 MdePkg/Library/BaseLib/X64/RdSeed.nasm    | 80 +++++++++++++++++++++
 MdePkg/Library/BaseLib/X86RdSeed.c        | 73 +++++++++++++++++++
 6 files changed, 341 insertions(+)
 create mode 100644 MdePkg/Library/BaseLib/Ia32/RdSeed.nasm
 create mode 100644 MdePkg/Library/BaseLib/X64/RdSeed.nasm
 create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c

diff --git a/MdePkg/Include/Library/BaseLib.h b/MdePkg/Include/Library/Base=
Lib.h
index 2a75bc023f..e2f9bf121e 100644
--- a/MdePkg/Include/Library/BaseLib.h
+++ b/MdePkg/Include/Library/BaseLib.h
@@ -7856,6 +7856,57 @@ AsmRdRand64  (
   OUT     UINT64                    *Rand
   );
=20
+/**
+  Generates a 16-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+ **/
+BOOLEAN
+EFIAPI
+AsmRdSeed16 (
+  OUT     UINT16                    *Seed
+  );
+
+/**
+  Generates a 32-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+AsmRdSeed32 (
+  OUT     UINT32                    *Seed
+  );
+
+/**
+  Generates a 64-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+AsmRdSeed64  (
+  OUT     UINT64                    *Seed
+  );
+
 /**
   Load given selector into TR register.
=20
diff --git a/MdePkg/Library/BaseLib/BaseLib.inf b/MdePkg/Library/BaseLib/Ba=
seLib.inf
index 3586beb0ab..5e12093ba3 100644
--- a/MdePkg/Library/BaseLib/BaseLib.inf
+++ b/MdePkg/Library/BaseLib/BaseLib.inf
@@ -181,6 +181,7 @@
   Ia32/EnableCache.nasm| GCC
   Ia32/DisableCache.nasm| GCC
   Ia32/RdRand.nasm
+  Ia32/RdSeed.nasm
=20
   Ia32/DivS64x64Remainder.c
   Ia32/InternalSwitchStack.c | MSFT
@@ -202,6 +203,7 @@
   X86DisablePaging64.c
   X86DisablePaging32.c
   X86RdRand.c
+  X86RdSeed.c
   X86PatchInstruction.c
   X86SpeculationBarrier.c
=20
@@ -306,12 +308,14 @@
   X86DisablePaging64.c
   X86DisablePaging32.c
   X86RdRand.c
+  X86RdSeed.c
   X86PatchInstruction.c
   X86SpeculationBarrier.c
   X64/GccInline.c | GCC
   X64/EnableDisableInterrupts.nasm
   X64/DisablePaging64.nasm
   X64/RdRand.nasm
+  X64/RdSeed.nasm
   ChkStkGcc.c  | GCC
=20
 [Sources.EBC]
diff --git a/MdePkg/Library/BaseLib/BaseLibInternals.h b/MdePkg/Library/Bas=
eLib/BaseLibInternals.h
index 6837d67d90..7b18b192c9 100644
--- a/MdePkg/Library/BaseLib/BaseLibInternals.h
+++ b/MdePkg/Library/BaseLib/BaseLibInternals.h
@@ -862,6 +862,52 @@ InternalX86RdRand64  (
   OUT     UINT64                    *Rand
   );
=20
+/**
+  Generates a 16-bit random seed through RDSEED instruction.
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+ **/
+BOOLEAN
+EFIAPI
+InternalX86RdSeed16 (
+  OUT     UINT16                    *Seed
+  );
+
+/**
+  Generates a 32-bit random seed through RDSEED instruction.
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+InternalX86RdSeed32 (
+  OUT     UINT32                    *Seed
+  );
+
+/**
+  Generates a 64-bit random seed through RDSEED instruction.
+
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+InternalX86RdSeed64  (
+  OUT     UINT64                    *Seed
+  );
+
 #else
=20
 #endif
diff --git a/MdePkg/Library/BaseLib/Ia32/RdSeed.nasm b/MdePkg/Library/BaseL=
ib/Ia32/RdSeed.nasm
new file mode 100644
index 0000000000..0a4de30db6
--- /dev/null
+++ b/MdePkg/Library/BaseLib/Ia32/RdSeed.nasm
@@ -0,0 +1,87 @@
+;-------------------------------------------------------------------------=
-----
+;
+; Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+;   RdSeed.nasm
+;
+; Abstract:
+;
+;   Generates random seed through CPU RdSeed instruction under 32-bit plat=
form.
+;
+; Notes:
+;
+;-------------------------------------------------------------------------=
-----
+
+SECTION .text
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 16 bit random seed through RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed16 (UINT16 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed16)
+ASM_PFX(InternalX86RdSeed16):
+    ; rdseed   ax                  ; generate a 16 bit RN into ax
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0xf, 0xc7, 0xf8         ; rdseed r16: "0f c7 /7  ModRM:r/m(w)"
+    jc     rn16_ok                 ; jmp if CF=3D1
+    xor    eax, eax                ; reg=3D0 if CF=3D0
+    pause
+    ret                            ; return with failure status
+rn16_ok:
+    mov    edx, dword [esp + 4]
+    mov    [edx], ax
+    mov    eax,  1
+    ret
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 32 bit random seed through RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed32 (UINT32 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed32)
+ASM_PFX(InternalX86RdSeed32):
+    ; rdseed   eax                 ; generate a 32 bit RN into eax
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0xf, 0xc7, 0xf8         ; rdseed r32: "0f c7 /7  ModRM:r/m(w)"
+    jc     rn32_ok                 ; jmp if CF=3D1
+    xor    eax, eax                ; reg=3D0 if CF=3D0
+    pause
+    ret                            ; return with failure status
+rn32_ok:
+    mov    edx, dword [esp + 4]
+    mov    [edx], eax
+    mov    eax,  1
+    ret
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 64 bit random seed through RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed64 (UINT64 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed64)
+ASM_PFX(InternalX86RdSeed64):
+    ; rdseed   eax                 ; generate a 32 bit RN into eax
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0xf, 0xc7, 0xf8         ; rdseed r32: "0f c7 /7  ModRM:r/m(w)"
+    jnc    rn64_ret                ; jmp if CF=3D0
+    mov    edx, dword [esp + 4]
+    mov    [edx], eax
+
+    db     0xf, 0xc7, 0xf0         ; generate another 32 bit RN
+    jnc    rn64_ret                ; jmp if CF=3D0
+    mov    [edx + 4], eax
+
+    mov    eax,  1
+    ret
+rn64_ret:
+    xor    eax, eax
+    pause
+    ret                            ; return with failure status
+
diff --git a/MdePkg/Library/BaseLib/X64/RdSeed.nasm b/MdePkg/Library/BaseLi=
b/X64/RdSeed.nasm
new file mode 100644
index 0000000000..a60acfeace
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X64/RdSeed.nasm
@@ -0,0 +1,80 @@
+;-------------------------------------------------------------------------=
-----
+;
+; Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+; Module Name:
+;
+;   RdSeed.nasm
+;
+; Abstract:
+;
+;   Generates random seed through CPU RdSeed instruction under 64-bit plat=
form.
+;
+; Notes:
+;
+;-------------------------------------------------------------------------=
-----
+
+    DEFAULT REL
+    SECTION .text
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 16 bit random seed through RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed16 (UINT16 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed16)
+ASM_PFX(InternalX86RdSeed16):
+    ; rdseed   ax                  ; generate a 16 bit RN into eax,
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0xf, 0xc7, 0xf8         ; rdseed r16: "0f c7 /7  ModRM:r/m(w)"
+    jc     rn16_ok                 ; jmp if CF=3D1
+    xor    rax, rax                ; reg=3D0 if CF=3D0
+    pause
+    ret                            ; return with failure status
+rn16_ok:
+    mov    [rcx], ax
+    mov    rax,  1
+    ret
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 32 bit random seed through RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed32 (UINT32 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed32)
+ASM_PFX(InternalX86RdSeed32):
+    ; rdseed   eax                 ; generate a 32 bit RN into eax,
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0xf, 0xc7, 0xf8         ; rdseed r32: "0f c7 /7  ModRM:r/m(w)"
+    jc     rn32_ok                 ; jmp if CF=3D1
+    xor    rax, rax                ; reg=3D0 if CF=3D0
+    pause
+    ret                            ; return with failure status
+rn32_ok:
+    mov    [rcx], eax
+    mov    rax,  1
+    ret
+
+;-------------------------------------------------------------------------=
-----
+;  Generates a 64 bit random seed through one RDSEED instruction.
+;  Return TRUE if Seed generated successfully, or FALSE if not.
+;
+;  BOOLEAN EFIAPI InternalX86RdSeed64 (UINT64 *Seed);
+;-------------------------------------------------------------------------=
-----
+global ASM_PFX(InternalX86RdSeed64)
+ASM_PFX(InternalX86RdSeed64):
+    ; rdseed   rax                 ; generate a 64 bit RN into rax,
+                                   ; CF=3D1 if RN generated ok, otherwise =
CF=3D0
+    db     0x48, 0xf, 0xc7, 0xf8   ; rdseed r64: "REX.W + 0f c7 /7 ModRM:r=
/m(w)"
+    jc     rn64_ok                 ; jmp if CF=3D1
+    xor    rax, rax                ; reg=3D0 if CF=3D0
+    pause
+    ret                            ; return with failure status
+rn64_ok:
+    mov    [rcx], rax
+    mov    rax, 1
+    ret
+
diff --git a/MdePkg/Library/BaseLib/X86RdSeed.c b/MdePkg/Library/BaseLib/X8=
6RdSeed.c
new file mode 100644
index 0000000000..9fa7948ff1
--- /dev/null
+++ b/MdePkg/Library/BaseLib/X86RdSeed.c
@@ -0,0 +1,73 @@
+/** @file
+  IA-32/x64 AsmRdSeedxx()
+  Generates random seed through CPU RdSeed instruction.
+
+  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "BaseLibInternals.h"
+
+/**
+  Generates a 16-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+ **/
+BOOLEAN
+EFIAPI
+AsmRdSeed16 (
+  OUT     UINT16                    *Seed
+  )
+{
+  ASSERT (Seed !=3D NULL);
+  return InternalX86RdSeed16 (Seed);
+}
+
+/**
+  Generates a 32-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+AsmRdSeed32 (
+  OUT     UINT32                    *Seed
+  )
+{
+  ASSERT (Seed !=3D NULL);
+  return InternalX86RdSeed32 (Seed);
+}
+
+/**
+  Generates a 64-bit random seed through RDSEED instruction.
+
+  if Seed is NULL, then ASSERT().
+
+  @param[out]  Seed     Buffer pointer to store the seed data.
+
+  @retval TRUE          RDSEED call was successful.
+  @retval FALSE         Failed attempts to call RDSEED.
+
+**/
+BOOLEAN
+EFIAPI
+AsmRdSeed64  (
+  OUT     UINT64                    *Seed
+  )
+{
+  ASSERT (Seed !=3D NULL);
+  return InternalX86RdSeed64 (Seed);
+}
--=20
2.17.1.windows.2


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#50610): https://edk2.groups.io/g/devel/message/50610
Mute This Topic: https://groups.io/mt/56714069/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-