From nobody Sun Apr 28 00:50:57 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+70584+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+70584+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=9elements.com ARC-Seal: i=1; a=rsa-sha256; t=1611157932; cv=none; d=zohomail.com; s=zohoarc; b=KwYlZYQR+oF2eLcMMTUj3rzzcs5gM/SmZCwqGRJdf/sgjB9j5BHYI3ysC3JYTw9KEWY3n9tqfDqbAZFNJSDFjrEPW7RUqKO3z7aVgyFdb33560hIVDkGKVn/t9u1siJrtAJTFzPk94LlWZ9BUah9qjaSpiqo3JJvSe6quj2BTCI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1611157932; h=Content-Transfer-Encoding:Cc:Date:From:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=LrP4wNCSDiVog4MxBamm0PjsC81QnFT7t33nO2SrH+A=; b=cbU6PJZH5PskDLjimOFBzgsj5mUk2kUDi78RVXuFEoCtEfvieNSVUnzO1ZNyjogxV9ybyWSL1BfceSq5vw80cg76MKjpGBD1NVyQtxG5OzBfN2xusPSWy6UFnSXCiTnfk6f6yCM0ponVS78PZO3PqDbXPvUZ0C866sZtVHm0Ios= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+70584+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1611157932570413.9356123691364; Wed, 20 Jan 2021 07:52:12 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 7DzmYY1788612xQJBlZhwWFL; Wed, 20 Jan 2021 07:52:12 -0800 X-Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) by mx.groups.io with SMTP id smtpd.web10.29815.1611157926381029831 for ; Wed, 20 Jan 2021 07:52:06 -0800 X-Received: by mail-ed1-f49.google.com with SMTP id n6so11238535edt.10 for ; Wed, 20 Jan 2021 07:52:06 -0800 (PST) X-Gm-Message-State: vzmJmmD8yAba4oya5aG1x2q9x1787277AA= X-Google-Smtp-Source: ABdhPJwjX0a38BwLUSH2MAHJ6+A4fhl4Il9LRk47krBC54j9ptOj+2XPlGzwWsTMTaVnLobdfYI+1g== X-Received: by 2002:aa7:d288:: with SMTP id w8mr7798909edq.241.1611157924896; Wed, 20 Jan 2021 07:52:04 -0800 (PST) X-Received: from rudolphp-notebook.9e.network (ip-95-222-8-167.hsi15.unitymediagroup.de. [95.222.8.167]) by smtp.gmail.com with ESMTPSA id k16sm1064261ejd.78.2021.01.20.07.52.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Jan 2021 07:52:04 -0800 (PST) From: "Patrick Rudolph" To: devel@edk2.groups.io Cc: maurice.ma@intel.com, guo.dong@intel.com, benjamin.you@intel.com Subject: [edk2-devel] [PATCH] UefiPayloadPkg: Add RNG support Date: Wed, 20 Jan 2021 16:52:03 +0100 Message-Id: <20210120155203.3342035-1-patrick.rudolph@9elements.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,patrick.rudolph@9elements.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1611157932; bh=C1B/mJaraZrQi68Th4hp+Gzz6zjJl7TKkVBgjHQdu5o=; h=Cc:Date:From:Reply-To:Subject:To; b=FMP6BM6t+NKXaI41i/4VVksfso9fK1WsK44SuXxZuUIlnE2zHbgeleNHeCp26rG7ZBQ aVoT1dt0q5S9czMeu18ZofzwGXcZMMP4W0VwWUEvLR2hBPvpEoDWjog66w9Tw7WGJFojm F/hLmUW8kdwQS5Q0IEFNxycqH2ejqkOh/fw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" Uses the RDRAND instruction if available and install EfiRngProtocol. The protocol may be used by iPXE or the Linux kernel to gather entropy. Signed-off-by: Patrick Rudolph --- UefiPayloadPkg/Library/BaseRngLib/BaseRng.c | 199 ++++++++++++++++++++ UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf | 32 ++++ UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni | 17 ++ UefiPayloadPkg/UefiPayloadPkg.dsc | 8 + UefiPayloadPkg/UefiPayloadPkg.fdf | 4 + 5 files changed, 260 insertions(+) diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRng.c b/UefiPayloadPkg/L= ibrary/BaseRngLib/BaseRng.c new file mode 100644 index 0000000000..1fe9e1dbe0 --- /dev/null +++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRng.c @@ -0,0 +1,199 @@ +/** @file + Random number generator services that uses RdRand instruction access + to provide high-quality random numbers. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +STATIC BOOLEAN mHasRdRand; + +// +// Bit mask used to determine if RdRand instruction is supported. +// +#define RDRAND_MASK BIT30 + +// +// Limited retry number when valid random data is returned. +// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and I= A-32 +// Architectures Software Developer's Mannual". +// +#define RDRAND_RETRY_LIMIT 10 + +/** + The constructor function checks whether or not RDRAND instruction is sup= ported + by the host hardware. + + The constructor function checks whether or not RDRAND instruction is sup= ported. + It will always return RETURN_SUCCESS. + + @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +RETURN_STATUS +EFIAPI +BaseRngLibConstructor ( + VOID + ) +{ + UINT32 RegEax; + UINT32 RegEcx; + + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); + if (RegEax < 1) { + mHasRdRand =3D FALSE; + return RETURN_SUCCESS; + } + + // + // Determine RDRAND support by examining bit 30 of the ECX register retu= rned by + // CPUID. A value of 1 indicates that processor support RDRAND instructi= on. + // + AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0); + + mHasRdRand =3D ((RegEcx & RDRAND_MASK) =3D=3D RDRAND_MASK); + + return RETURN_SUCCESS; +} + +/** + Generates a 16-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 16-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber16 ( + OUT UINT16 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 16 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand16 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 32-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 32-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber32 ( + OUT UINT32 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 32 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand32 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 64-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber64 ( + OUT UINT64 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 64 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand64 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 128-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 128-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber128 ( + OUT UINT64 *Rand + ) +{ + ASSERT (Rand !=3D NULL); + + // + // Read first 64 bits + // + if (!GetRandomNumber64 (Rand)) { + return FALSE; + } + + // + // Read second 64 bits + // + return GetRandomNumber64 (++Rand); +} diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf b/UefiPayload= Pkg/Library/BaseRngLib/BaseRngLib.inf new file mode 100644 index 0000000000..67a91ccfff --- /dev/null +++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf @@ -0,0 +1,32 @@ +## @file +# Instance of RNG (Random Number Generator) Library. +# +# Copyright (c) 2020 9elements Agency GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseRngLib + MODULE_UNI_FILE =3D BaseRngLib.uni + FILE_GUID =3D 05C48431-DE18-4550-931A-3350E8551498 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D RngLib + CONSTRUCTOR =3D BaseRngLibConstructor + +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources.Ia32, Sources.X64] + BaseRng.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + DebugLib diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni b/UefiPayload= Pkg/Library/BaseRngLib/BaseRngLib.uni new file mode 100644 index 0000000000..f3ed954c52 --- /dev/null +++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Instance of RNG (Random Number Generator) Library. +// +// BaseRng Library that uses CPU RdRand instruction access to provide +// high-quality random numbers. +// +// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG L= ibrary" + +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library t= hat uses CPU RdRand instruction access to provide high-quality random numbe= rs" + diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index ae62a9c4d6..78a475ea02 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -494,6 +494,14 @@ !endif UefiPayloadPkg/GraphicsOutputDxe/GraphicsOutputDxe.inf =20 + # + # Random Number Generator + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + RngLib|UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf + } + #------------------------------ # Build the shell #------------------------------ diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayload= Pkg.fdf index a97ace7395..57c06c8621 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -169,6 +169,10 @@ INF MdeModulePkg/Bus/Usb/UsbBusDxe/UsbBusDxe.inf INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf =20 +# +# Random Number Generator +# +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf =20 # # Shell --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#70584): https://edk2.groups.io/g/devel/message/70584 Mute This Topic: https://groups.io/mt/79981485/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-