AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.
Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
---
SecurityPkg/SecurityPkg.dsc | 11 +-
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 +++-
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | 0
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88 ++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 +++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108 ++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | 0
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120 ++++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117 ++++---------------
12 files changed, 450 insertions(+), 104 deletions(-)
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 12ccd1634941..bd4b810bce61 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,12 @@ [Components]
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
+[Components.IA32, Components.X64, Components.AARCH64]
+ #
+ # Random Number Generator
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
[Components.IA32, Components.X64]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
@@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
- #
- # Random Number Generator
- #
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-
#
# Opal Password solution
#
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 99d6f6b35fc2..c188b6076c00 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -26,15 +26,24 @@ [Defines]
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources.common]
RngDxe.c
- RdRand.c
- RdRand.h
- AesCore.c
- AesCore.h
+ RngDxeInternals.h
+
+[Sources.IA32, Sources.X64]
+ Rand/RngDxe.c
+ Rand/RdRand.c
+ Rand/RdRand.h
+ Rand/AesCore.c
+ Rand/AesCore.h
+
+[Sources.AARCH64]
+ AArch64/RngDxe.c
+ AArch64/Rndr.c
+ AArch64/Rndr.h
[Packages]
MdePkg/MdePkg.dec
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
new file mode 100644
index 000000000000..458faa834a3d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
@@ -0,0 +1,37 @@
+/** @file
+ Header for the RNDR APIs used by RNG DXE driver.
+
+ Support API definitions for RNDR instruction access.
+
+
+ Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNDR_H_
+#define RNDR_H_
+
+#include <Library/BaseLib.h>
+#include <Protocol/Rng.h>
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ );
+
+#endif // RNDR_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
new file mode 100644
index 000000000000..7e38fc2564f6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -0,0 +1,88 @@
+/** @file
+ Function prototypes for UEFI Random Number Generator protocol support.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNGDXE_INTERNALS_H_
+#define RNGDXE_INTERNALS_H_
+
+extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+ On output with a return code of EFI_SUCCESS, the size
+ in bytes of the data returned in RNGAlgorithmList. On output
+ with a return code of EFI_BUFFER_TOO_SMALL,
+ the size of RNGAlgorithmList required to obtain the list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
+ with one EFI_RNG_ALGORITHM element for each supported
+ RNG algorithm. The list must not change across multiple
+ calls to the same driver. The first algorithm in the list
+ is the default algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
+ hardware or firmware error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ );
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ );
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ );
+
+#endif // RNGDXE_INTERNALS_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
new file mode 100644
index 000000000000..36166a9cbc13
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
@@ -0,0 +1,54 @@
+/** @file
+ Support routines for RNDR instruction access.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
+
+#include "Rndr.h"
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ )
+{
+ BOOLEAN IsRandom;
+ UINT64 TempRand;
+
+ while (Length > 0) {
+ IsRandom = GetRandomNumber64 (&TempRand);
+ if (!IsRandom) {
+ return EFI_NOT_READY;
+ }
+ if (Length >= sizeof (TempRand)) {
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
+ RandBuffer += sizeof (UINT64);
+ Length -= sizeof (TempRand);
+ } else {
+ CopyMem (RandBuffer, &TempRand, Length);
+ Length = 0;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
new file mode 100644
index 000000000000..18cca825e72d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -0,0 +1,108 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RNDR instruction to produce high-quality, high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "Rndr.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmRaw;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ Status = RndrGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms are unsupported by this driver.
+ //
+ return EFI_UNSUPPORTED;
+}
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
new file mode 100644
index 000000000000..cf0bebd6a386
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -0,0 +1,120 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver will use the new RDRAND instruction to produce high-quality, high-performance
+ entropy and random number.
+
+ RNG Algorithms defined in UEFI 2.4:
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
+ (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
+ - EFI_RNG_ALGORITHM_RAW - Supported
+ (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "RdRand.h"
+
+//
+// Supported RNG Algorithms list by this driver.
+//
+EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
+ EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
+ EFI_RNG_ALGORITHM_RAW
+};
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
+ RNGValue. The driver shall return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random data available to satisfy the length
+ requested by RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ EFI_STATUS Status;
+
+ if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = EFI_UNSUPPORTED;
+ if (RNGAlgorithm == NULL) {
+ //
+ // Use the default RNG algorithm if RNGAlgorithm is NULL.
+ //
+ RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
+ }
+
+ //
+ // NIST SP800-90-AES-CTR-256 supported by RDRAND
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
+ Status = RdRandGetBytes (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // The "raw" algorithm is intended to provide entropy directly
+ //
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ //
+ // When a DRBG is used on the output of a entropy source,
+ // its security level must be at least 256 bits according to UEFI Spec.
+ //
+ if (RNGValueLength < 32) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
+ return Status;
+ }
+
+ //
+ // Other algorithms were unsupported by this driver.
+ //
+ return Status;
+}
+
+/**
+ Returns the size of the RNG algorithms list.
+
+ @return Size of the EFI_RNG_ALGORIGM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ )
+{
+ return sizeof (mSupportedRngAlgorithms);
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
index 13d3dbd0bfbe..0072e6b433e6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@@ -1,34 +1,38 @@
/** @file
RNG Driver to produce the UEFI Random Number Generator protocol.
- The driver will use the new RDRAND instruction to produce high-quality, high-performance
- entropy and random number.
+ The driver uses CPU RNG instructions to produce high-quality,
+ high-performance entropy and random number.
RNG Algorithms defined in UEFI 2.4:
- - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
- (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
- - EFI_RNG_ALGORITHM_RAW - Supported
- (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
- - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
- - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
+ - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+ - EFI_RNG_ALGORITHM_RAW
+ - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+ - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+ - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
+ - EFI_RNG_ALGORITHM_X9_31_AES_GUID
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "RngDxeInternals.h"
+
//
// Supported RNG Algorithms list by this driver.
//
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
- EFI_RNG_ALGORITHM_RAW
-};
+
+extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[];
/**
Returns information about the random number generation implementation.
@@ -68,7 +72,7 @@ RngGetInfo (
return EFI_INVALID_PARAMETER;
}
- RequiredSize = sizeof (mSupportedRngAlgorithms);
+ RequiredSize = ArchGetSupportedRngAlgorithmsSize ();
if (*RNGAlgorithmListSize < RequiredSize) {
Status = EFI_BUFFER_TOO_SMALL;
} else {
@@ -87,81 +91,6 @@ RngGetInfo (
return Status;
}
-/**
- Produces and returns an RNG value using either the default or specified RNG algorithm.
-
- @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
- @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
- algorithm to use. May be NULL in which case the function will
- use its default RNG algorithm.
- @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
- RNGValue. The driver shall return exactly this numbers of bytes.
- @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
- resulting RNG value.
-
- @retval EFI_SUCCESS The RNG value was returned successfully.
- @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
- this driver.
- @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
- firmware error.
- @retval EFI_NOT_READY There is not enough random data available to satisfy the length
- requested by RNGValueLength.
- @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
-
-**/
-EFI_STATUS
-EFIAPI
-RngGetRNG (
- IN EFI_RNG_PROTOCOL *This,
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
- IN UINTN RNGValueLength,
- OUT UINT8 *RNGValue
- )
-{
- EFI_STATUS Status;
-
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = EFI_UNSUPPORTED;
- if (RNGAlgorithm == NULL) {
- //
- // Use the default RNG algorithm if RNGAlgorithm is NULL.
- //
- RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
- }
-
- //
- // NIST SP800-90-AES-CTR-256 supported by RDRAND
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
- Status = RdRandGetBytes (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // The "raw" algorithm is intended to provide entropy directly
- //
- if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
- //
- // When a DRBG is used on the output of a entropy source,
- // its security level must be at least 256 bits according to UEFI Spec.
- //
- if (RNGValueLength < 32) {
- return EFI_INVALID_PARAMETER;
- }
-
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
- return Status;
- }
-
- //
- // Other algorithms were unsupported by this driver.
- //
- return Status;
-}
-
//
// The Random Number Generator (RNG) protocol
//
--
2.26.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74581): https://edk2.groups.io/g/devel/message/74581
Mute This Topic: https://groups.io/mt/82440614/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On Wed, 28 Apr 2021 at 22:44, Rebecca Cran <rebecca@nuviainc.com> wrote:
>
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
> SecurityPkg/SecurityPkg.dsc | 11 +-
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 +++-
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88 ++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 +++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108 ++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120 ++++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117 ++++---------------
> 12 files changed, 450 insertions(+), 104 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
> [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> + #
> + # Random Number Generator
> + #
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
> [Components.IA32, Components.X64]
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
>
> - #
> - # Random Number Generator
> - #
> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
> #
> # Opal Password solution
> #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..c188b6076c00 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,24 @@ [Defines]
> #
> # The following information is for reference only and not required by the build tools.
> #
> -# VALID_ARCHITECTURES = IA32 X64
> +# VALID_ARCHITECTURES = IA32 X64 AARCH64
> #
>
> [Sources.common]
> RngDxe.c
> - RdRand.c
> - RdRand.h
> - AesCore.c
> - AesCore.h
> + RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> + Rand/RngDxe.c
> + Rand/RdRand.c
> + Rand/RdRand.h
> + Rand/AesCore.c
> + Rand/AesCore.h
> +
> +[Sources.AARCH64]
> + AArch64/RngDxe.c
> + AArch64/Rndr.c
> + AArch64/Rndr.h
>
> [Packages]
> MdePkg/MdePkg.dec
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> new file mode 100644
> index 000000000000..458faa834a3d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> @@ -0,0 +1,37 @@
> +/** @file
> + Header for the RNDR APIs used by RNG DXE driver.
> +
> + Support API definitions for RNDR instruction access.
> +
> +
> + Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNDR_H_
> +#define RNDR_H_
> +
> +#include <Library/BaseLib.h>
> +#include <Protocol/Rng.h>
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + );
> +
> +#endif // RNDR_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..7e38fc2564f6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,88 @@
> +/** @file
> + Function prototypes for UEFI Random Number Generator protocol support.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
> +
> +/**
> + Returns information about the random number generation implementation.
> +
> + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> + On output with a return code of EFI_SUCCESS, the size
> + in bytes of the data returned in RNGAlgorithmList. On output
> + with a return code of EFI_BUFFER_TOO_SMALL,
> + the size of RNGAlgorithmList required to obtain the list.
> + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
> + with one EFI_RNG_ALGORITHM element for each supported
> + RNG algorithm. The list must not change across multiple
> + calls to the same driver. The first algorithm in the list
> + is the default algorithm for the driver.
> +
> + @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
> + @retval EFI_UNSUPPORTED The services is not supported by this driver.
> + @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
> + hardware or firmware error.
> + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> + IN EFI_RNG_PROTOCOL *This,
> + IN OUT UINTN *RNGAlgorithmListSize,
> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
> + );
> +
> +/**
> + Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be NULL in which case the function will
> + use its default RNG algorithm.
> + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by
> + RNGValue. The driver shall return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random data available to satisfy the length
> + requested by RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + );
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + );
> +
> +#endif // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> new file mode 100644
> index 000000000000..36166a9cbc13
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> @@ -0,0 +1,54 @@
> +/** @file
> + Support routines for RNDR instruction access.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/RngLib.h>
> +
> +#include "Rndr.h"
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + )
> +{
> + BOOLEAN IsRandom;
> + UINT64 TempRand;
> +
> + while (Length > 0) {
> + IsRandom = GetRandomNumber64 (&TempRand);
> + if (!IsRandom) {
> + return EFI_NOT_READY;
> + }
> + if (Length >= sizeof (TempRand)) {
> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
> + RandBuffer += sizeof (UINT64);
> + Length -= sizeof (TempRand);
> + } else {
> + CopyMem (RandBuffer, &TempRand, Length);
> + Length = 0;
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..18cca825e72d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,108 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RNDR instruction to produce high-quality, high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "Rndr.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_RAW
This is incorrect. Both flavors of RNDR return the output of a DRBG,
the only difference is how often they are reseeded.
We might need a PCD here to define which exact DRBG implementation is
used in the hardware, and set this accordingly. We could use a VOID*
PTR PCD type to carry the GUID itself, in which case we could reuse
the same code for x86 as well, if I am not mistaken.
--
Ard.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74602): https://edk2.groups.io/g/devel/message/74602
Mute This Topic: https://groups.io/mt/82440614/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Rebecca:
> -----邮件原件-----
> 发件人: Rebecca Cran <rebecca@nuviainc.com>
> 发送时间: 2021年4月29日 4:44
> 收件人: devel@edk2.groups.io
> 抄送: Rebecca Cran <rebecca@nuviainc.com>; Jiewen Yao
> <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Michael D
> Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
> <Sami.Mujawar@arm.com>
> 主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64
>
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
> SecurityPkg/SecurityPkg.dsc |
> 11 +-
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf |
> 19 +++-
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h |
> 37 ++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h |
> 88 ++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c |
> 54 +++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c |
> 108 ++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c |
> 120 ++++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c |
> 117 ++++---------------
> 12 files changed, 450 insertions(+), 104 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
> [Components.IA32, Components.X64, Components.ARM,
> Components.AARCH64]
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> + #
> + # Random Number Generator
> + #
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
> [Components.IA32, Components.X64]
>
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> xe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence
> Lib.inf
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic
> alPresenceLib.inf
>
> - #
> - # Random Number Generator
> - #
> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
> #
> # Opal Password solution
> #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..c188b6076c00 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,24 @@ [Defines]
> #
> # The following information is for reference only and not required by the
> build tools.
> #
> -# VALID_ARCHITECTURES = IA32 X64
> +# VALID_ARCHITECTURES = IA32 X64 AARCH64
> #
>
> [Sources.common]
> RngDxe.c
> - RdRand.c
> - RdRand.h
> - AesCore.c
> - AesCore.h
> + RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> + Rand/RngDxe.c
> + Rand/RdRand.c
> + Rand/RdRand.h
> + Rand/AesCore.c
> + Rand/AesCore.h
> +
> +[Sources.AARCH64]
> + AArch64/RngDxe.c
> + AArch64/Rndr.c
> + AArch64/Rndr.h
>
> [Packages]
> MdePkg/MdePkg.dec
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> new file mode 100644
> index 000000000000..458faa834a3d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> @@ -0,0 +1,37 @@
> +/** @file
> + Header for the RNDR APIs used by RNG DXE driver.
> +
> + Support API definitions for RNDR instruction access.
> +
> +
> + Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNDR_H_
> +#define RNDR_H_
> +
> +#include <Library/BaseLib.h>
> +#include <Protocol/Rng.h>
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + );
> +
> +#endif // RNDR_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..7e38fc2564f6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,88 @@
> +/** @file
> + Function prototypes for UEFI Random Number Generator protocol
> support.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
> +
> +/**
> + Returns information about the random number generation
> implementation.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> + On output with a return code
> of EFI_SUCCESS, the size
> + in bytes of the data returned
> in RNGAlgorithmList. On output
> + with a return code of
> EFI_BUFFER_TOO_SMALL,
> + the size of RNGAlgorithmList
> required to obtain the list.
> + @param[out] RNGAlgorithmList A caller-allocated memory
> buffer filled by the driver
> + with one
> EFI_RNG_ALGORITHM element for each supported
> + RNG algorithm. The list must
> not change across multiple
> + calls to the same driver. The
> first algorithm in the list
> + is the default algorithm for
> the driver.
> +
> + @retval EFI_SUCCESS The RNG algorithm list was
> returned successfully.
> + @retval EFI_UNSUPPORTED The services is not supported
> by this driver.
> + @retval EFI_DEVICE_ERROR The list of algorithms could
> not be retrieved due to a
> + hardware or firmware error.
> + @retval EFI_INVALID_PARAMETER One or more of the
> parameters are incorrect.
> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList
> is too small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> + IN EFI_RNG_PROTOCOL *This,
> + IN OUT UINTN *RNGAlgorithmListSize,
> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
> + );
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + );
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + );
> +
> +#endif // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> new file mode 100644
> index 000000000000..36166a9cbc13
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> @@ -0,0 +1,54 @@
> +/** @file
> + Support routines for RNDR instruction access.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/RngLib.h>
> +
> +#include "Rndr.h"
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + )
> +{
> + BOOLEAN IsRandom;
> + UINT64 TempRand;
> +
> + while (Length > 0) {
> + IsRandom = GetRandomNumber64 (&TempRand);
> + if (!IsRandom) {
> + return EFI_NOT_READY;
> + }
> + if (Length >= sizeof (TempRand)) {
> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
> + RandBuffer += sizeof (UINT64);
> + Length -= sizeof (TempRand);
> + } else {
> + CopyMem (RandBuffer, &TempRand, Length);
> + Length = 0;
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
Can this function be shared between X86 and AARCH64?
Thanks
Liming
> diff --git
> a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..18cca825e72d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,108 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RNDR instruction to produce high-quality,
> high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "Rndr.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_RAW
> +};
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + )
> +{
> + EFI_STATUS Status;
> +
> + if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (RNGAlgorithm == NULL) {
> + //
> + // Use the default RNG algorithm if RNGAlgorithm is NULL.
> + //
> + RNGAlgorithm = &gEfiRngAlgorithmRaw;
> + }
> +
> + //
> + // The "raw" algorithm is intended to provide entropy directly
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> + Status = RndrGetBytes (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // Other algorithms are unsupported by this driver.
> + //
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + )
> +{
> + return sizeof (mSupportedRngAlgorithms);
> +}
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> new file mode 100644
> index 000000000000..cf0bebd6a386
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -0,0 +1,120 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
> + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
> DRBG)
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + (Structuring RDRAND invocation can be guaranteed as high-quality
> entropy source)
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RdRand.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> + EFI_RNG_ALGORITHM_RAW
> +};
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + )
> +{
> + EFI_STATUS Status;
> +
> + if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = EFI_UNSUPPORTED;
> + if (RNGAlgorithm == NULL) {
> + //
> + // Use the default RNG algorithm if RNGAlgorithm is NULL.
> + //
> + RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> + }
> +
> + //
> + // NIST SP800-90-AES-CTR-256 supported by RDRAND
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid))
> {
> + Status = RdRandGetBytes (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // The "raw" algorithm is intended to provide entropy directly
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> + //
> + // When a DRBG is used on the output of a entropy source,
> + // its security level must be at least 256 bits according to UEFI
Spec.
> + //
> + if (RNGValueLength < 32) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // Other algorithms were unsupported by this driver.
> + //
> + return Status;
> +}
> +
> +/**
> + Returns the size of the RNG algorithms list.
> +
> + @return Size of the EFI_RNG_ALGORIGM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + )
> +{
> + return sizeof (mSupportedRngAlgorithms);
> +}
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> index 13d3dbd0bfbe..0072e6b433e6 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> @@ -1,34 +1,38 @@
> /** @file
> RNG Driver to produce the UEFI Random Number Generator protocol.
>
> - The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> - entropy and random number.
> + The driver uses CPU RNG instructions to produce high-quality,
> + high-performance entropy and random number.
>
> RNG Algorithms defined in UEFI 2.4:
> - - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
> - (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
> DRBG)
> - - EFI_RNG_ALGORITHM_RAW - Supported
> - (Structuring RDRAND invocation can be guaranteed as high-quality
> entropy source)
> - - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> + - EFI_RNG_ALGORITHM_RAW
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> -#include "RdRand.h"
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "RngDxeInternals.h"
> +
>
> //
> // Supported RNG Algorithms list by this driver.
> //
> -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> - EFI_RNG_ALGORITHM_RAW
> -};
> +
> +extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[];
>
> /**
> Returns information about the random number generation
> implementation.
> @@ -68,7 +72,7 @@ RngGetInfo (
> return EFI_INVALID_PARAMETER;
> }
>
> - RequiredSize = sizeof (mSupportedRngAlgorithms);
> + RequiredSize = ArchGetSupportedRngAlgorithmsSize ();
> if (*RNGAlgorithmListSize < RequiredSize) {
> Status = EFI_BUFFER_TOO_SMALL;
> } else {
> @@ -87,81 +91,6 @@ RngGetInfo (
> return Status;
> }
>
> -/**
> - Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> -
> - @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> - @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> - algorithm to use. May be
> NULL in which case the function will
> - use its default RNG
> algorithm.
> - @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> - RNGValue. The driver shall
> return exactly this numbers of bytes.
> - @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> - resulting RNG value.
> -
> - @retval EFI_SUCCESS The RNG value was returned
> successfully.
> - @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> - this driver.
> - @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> - firmware error.
> - @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> - requested by
> RNGValueLength.
> - @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RngGetRNG (
> - IN EFI_RNG_PROTOCOL *This,
> - IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> - IN UINTN RNGValueLength,
> - OUT UINT8 *RNGValue
> - )
> -{
> - EFI_STATUS Status;
> -
> - if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Status = EFI_UNSUPPORTED;
> - if (RNGAlgorithm == NULL) {
> - //
> - // Use the default RNG algorithm if RNGAlgorithm is NULL.
> - //
> - RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> - }
> -
> - //
> - // NIST SP800-90-AES-CTR-256 supported by RDRAND
> - //
> - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> - Status = RdRandGetBytes (RNGValueLength, RNGValue);
> - return Status;
> - }
> -
> - //
> - // The "raw" algorithm is intended to provide entropy directly
> - //
> - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> - //
> - // When a DRBG is used on the output of a entropy source,
> - // its security level must be at least 256 bits according to UEFI
Spec.
> - //
> - if (RNGValueLength < 32) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> - return Status;
> - }
> -
> - //
> - // Other algorithms were unsupported by this driver.
> - //
> - return Status;
> -}
> -
> //
> // The Random Number Generator (RNG) protocol
> //
> --
> 2.26.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74589): https://edk2.groups.io/g/devel/message/74589
Mute This Topic: https://groups.io/mt/82445682/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
On 4/28/21 7:13 PM, gaoliming wrote:
> Rebecca:
>
>> -----邮件原件-----
>> 发件人: Rebecca Cran <rebecca@nuviainc.com>
>> 发送时间: 2021年4月29日 4:44
>> 收件人: devel@edk2.groups.io
>> 抄送: Rebecca Cran <rebecca@nuviainc.com>; Jiewen Yao
>> <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Michael D
>> Kinney <michael.d.kinney@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Ard
>> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
>> <Sami.Mujawar@arm.com>
>> 主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64
>>
>> AARCH64 support has been added to BaseRngLib via the optional
>> ARMv8.5 FEAT_RNG.
>>
>> Refactor RngDxe to support AARCH64, note support for it in the
>> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>>
>> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
>> ---
>> SecurityPkg/SecurityPkg.dsc |
>> 11 +-
>> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf |
>> 19 +++-
>> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h |
>> 37 ++++++
>> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
>> 0
>> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h |
>> 0
>> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h |
>> 88 ++++++++++++++
>> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c |
>> 54 +++++++++
>> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c |
>> 108 ++++++++++++++++++
>> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
>> 0
>> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c |
>> 0
>> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c |
>> 120 ++++++++++++++++++++
>> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c |
>> 117 ++++---------------
>> 12 files changed, 450 insertions(+), 104 deletions(-)
>>
>> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
>> index 12ccd1634941..bd4b810bce61 100644
>> --- a/SecurityPkg/SecurityPkg.dsc
>> +++ b/SecurityPkg/SecurityPkg.dsc
>> @@ -259,6 +259,12 @@ [Components]
>> [Components.IA32, Components.X64, Components.ARM,
>> Components.AARCH64]
>> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>>
>> +[Components.IA32, Components.X64, Components.AARCH64]
>> + #
>> + # Random Number Generator
>> + #
>> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> +
>> [Components.IA32, Components.X64]
>>
>> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
>> xe.inf
>>
>> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>>
>> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence
>> Lib.inf
>>
>> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic
>> alPresenceLib.inf
>>
>> - #
>> - # Random Number Generator
>> - #
>> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> -
>> #
>> # Opal Password solution
>> #
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> index 99d6f6b35fc2..c188b6076c00 100644
>> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>> @@ -26,15 +26,24 @@ [Defines]
>> #
>> # The following information is for reference only and not required by the
>> build tools.
>> #
>> -# VALID_ARCHITECTURES = IA32 X64
>> +# VALID_ARCHITECTURES = IA32 X64 AARCH64
>> #
>>
>> [Sources.common]
>> RngDxe.c
>> - RdRand.c
>> - RdRand.h
>> - AesCore.c
>> - AesCore.h
>> + RngDxeInternals.h
>> +
>> +[Sources.IA32, Sources.X64]
>> + Rand/RngDxe.c
>> + Rand/RdRand.c
>> + Rand/RdRand.h
>> + Rand/AesCore.c
>> + Rand/AesCore.h
>> +
>> +[Sources.AARCH64]
>> + AArch64/RngDxe.c
>> + AArch64/Rndr.c
>> + AArch64/Rndr.h
>>
>> [Packages]
>> MdePkg/MdePkg.dec
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
>> new file mode 100644
>> index 000000000000..458faa834a3d
>> --- /dev/null
>> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
>> @@ -0,0 +1,37 @@
>> +/** @file
>> + Header for the RNDR APIs used by RNG DXE driver.
>> +
>> + Support API definitions for RNDR instruction access.
>> +
>> +
>> + Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
>> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> +**/
>> +
>> +#ifndef RNDR_H_
>> +#define RNDR_H_
>> +
>> +#include <Library/BaseLib.h>
>> +#include <Protocol/Rng.h>
>> +
>> +/**
>> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
>> +
>> + @param[in] Length Size of the buffer, in bytes, to fill with.
>> + @param[out] RandBuffer Pointer to the buffer to store the random
>> result.
>> +
>> + @retval EFI_SUCCESS Random bytes generation succeeded.
>> + @retval EFI_NOT_READY Failed to request random bytes.
>> +
>> +**/
>> +EFI_STATUS
>> +EFIAPI
>> +RndrGetBytes (
>> + IN UINTN Length,
>> + OUT UINT8 *RandBuffer
>> + );
>> +
>> +#endif // RNDR_H_
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
>> similarity index 100%
>> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
>> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
>> similarity index 100%
>> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
>> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
>> new file mode 100644
>> index 000000000000..7e38fc2564f6
>> --- /dev/null
>> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
>> @@ -0,0 +1,88 @@
>> +/** @file
>> + Function prototypes for UEFI Random Number Generator protocol
>> support.
>> +
>> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> +**/
>> +
>> +#ifndef RNGDXE_INTERNALS_H_
>> +#define RNGDXE_INTERNALS_H_
>> +
>> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
>> +
>> +/**
>> + Returns information about the random number generation
>> implementation.
>> +
>> + @param[in] This A pointer to the
>> EFI_RNG_PROTOCOL instance.
>> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
>> RNGAlgorithmList.
>> + On output with a return code
>> of EFI_SUCCESS, the size
>> + in bytes of the data returned
>> in RNGAlgorithmList. On output
>> + with a return code of
>> EFI_BUFFER_TOO_SMALL,
>> + the size of RNGAlgorithmList
>> required to obtain the list.
>> + @param[out] RNGAlgorithmList A caller-allocated memory
>> buffer filled by the driver
>> + with one
>> EFI_RNG_ALGORITHM element for each supported
>> + RNG algorithm. The list must
>> not change across multiple
>> + calls to the same driver. The
>> first algorithm in the list
>> + is the default algorithm for
>> the driver.
>> +
>> + @retval EFI_SUCCESS The RNG algorithm list was
>> returned successfully.
>> + @retval EFI_UNSUPPORTED The services is not supported
>> by this driver.
>> + @retval EFI_DEVICE_ERROR The list of algorithms could
>> not be retrieved due to a
>> + hardware or firmware error.
>> + @retval EFI_INVALID_PARAMETER One or more of the
>> parameters are incorrect.
>> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList
>> is too small to hold the result.
>> +
>> +**/
>> +EFI_STATUS
>> +EFIAPI
>> +RngGetInfo (
>> + IN EFI_RNG_PROTOCOL *This,
>> + IN OUT UINTN *RNGAlgorithmListSize,
>> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
>> + );
>> +
>> +/**
>> + Produces and returns an RNG value using either the default or specified
>> RNG algorithm.
>> +
>> + @param[in] This A pointer to the
>> EFI_RNG_PROTOCOL instance.
>> + @param[in] RNGAlgorithm A pointer to the
>> EFI_RNG_ALGORITHM that identifies the RNG
>> + algorithm to use. May be
>> NULL in which case the function will
>> + use its default RNG
>> algorithm.
>> + @param[in] RNGValueLength The length in bytes of the
>> memory buffer pointed to by
>> + RNGValue. The driver shall
>> return exactly this numbers of bytes.
>> + @param[out] RNGValue A caller-allocated memory
>> buffer filled by the driver with the
>> + resulting RNG value.
>> +
>> + @retval EFI_SUCCESS The RNG value was returned
>> successfully.
>> + @retval EFI_UNSUPPORTED The algorithm specified by
>> RNGAlgorithm is not supported by
>> + this driver.
>> + @retval EFI_DEVICE_ERROR An RNG value could not be
>> retrieved due to a hardware or
>> + firmware error.
>> + @retval EFI_NOT_READY There is not enough random
>> data available to satisfy the length
>> + requested by
>> RNGValueLength.
>> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
>> RNGValueLength is zero.
>> +
>> +**/
>> +EFI_STATUS
>> +EFIAPI
>> +RngGetRNG (
>> + IN EFI_RNG_PROTOCOL *This,
>> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
>> + IN UINTN RNGValueLength,
>> + OUT UINT8 *RNGValue
>> + );
>> +
>> +/**
>> + Returns the size of the RNG algorithms structure.
>> +
>> + @return Size of the EFI_RNG_ALGORITHM list.
>> +**/
>> +UINTN
>> +EFIAPI
>> +ArchGetSupportedRngAlgorithmsSize (
>> + VOID
>> + );
>> +
>> +#endif // RNGDXE_INTERNALS_H_
>> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
>> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
>> new file mode 100644
>> index 000000000000..36166a9cbc13
>> --- /dev/null
>> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
>> @@ -0,0 +1,54 @@
>> +/** @file
>> + Support routines for RNDR instruction access.
>> +
>> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
>> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
>> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> +**/
>> +
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/RngLib.h>
>> +
>> +#include "Rndr.h"
>> +
>> +/**
>> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
>> +
>> + @param[in] Length Size of the buffer, in bytes, to fill with.
>> + @param[out] RandBuffer Pointer to the buffer to store the random
>> result.
>> +
>> + @retval EFI_SUCCESS Random bytes generation succeeded.
>> + @retval EFI_NOT_READY Failed to request random bytes.
>> +
>> +**/
>> +EFI_STATUS
>> +EFIAPI
>> +RndrGetBytes (
>> + IN UINTN Length,
>> + OUT UINT8 *RandBuffer
>> + )
>> +{
>> + BOOLEAN IsRandom;
>> + UINT64 TempRand;
>> +
>> + while (Length > 0) {
>> + IsRandom = GetRandomNumber64 (&TempRand);
>> + if (!IsRandom) {
>> + return EFI_NOT_READY;
>> + }
>> + if (Length >= sizeof (TempRand)) {
>> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
>> + RandBuffer += sizeof (UINT64);
>> + Length -= sizeof (TempRand);
>> + } else {
>> + CopyMem (RandBuffer, &TempRand, Length);
>> + Length = 0;
>> + }
>> + }
>> +
>> + return EFI_SUCCESS;
>> +}
>> +
>
> Can this function be shared between X86 and AARCH64?
Yes. I've removed it, and will send out a v2 series.
--
Rebecca Cran
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74605): https://edk2.groups.io/g/devel/message/74605
Mute This Topic: https://groups.io/mt/82445682/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2026 Red Hat, Inc.