From nobody Tue Feb 10 09:58:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+74581+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74581+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1619642676; cv=none; d=zohomail.com; s=zohoarc; b=As5xSdTDXlO5Brk3hOSK/KFzGDn0DyYdZ3dZ/UyU1BN63cWiVgyth5zyD5ZynpCIsnfNsgausZ7mbjaLuruU4F9j+vXF3ZygxCyZyF9H2C+zv1+eYbW2L32JoPfPYVQgFMjdnuR0N6FlSkjtLhWHluLuIyqe4SsWrmjFvGR5BmI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1619642676; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=XwJ6z9H48Pfxn2Ng87XMI015IvstfQOE3AfNy5U61VE=; b=NupsAYgN7CwY2YKZXvOXRQMGEQVfWn0Jg5u4shHXqC7VjEnfV4dv0YVKtjzP+Bhc2kCkFHC+UeiOXjkqw5fRxzllHR86j42QWP61xJnpMzbxiRHKeUyU56usszRFLqUcZ4f+LsF+rE/oyLFp3azMhKVzh7MzoFZ4XITrnFPrmyM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+74581+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1619642676931232.35446359203456; Wed, 28 Apr 2021 13:44:36 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id FOCTYY1788612xDJFROJiZT8; Wed, 28 Apr 2021 13:44:35 -0700 X-Received: from mail-il1-f170.google.com (mail-il1-f170.google.com [209.85.166.170]) by mx.groups.io with SMTP id smtpd.web12.2477.1619642669744207812 for ; Wed, 28 Apr 2021 13:44:29 -0700 X-Received: by mail-il1-f170.google.com with SMTP id l19so12369294ilk.13 for ; Wed, 28 Apr 2021 13:44:29 -0700 (PDT) X-Gm-Message-State: qJ7PXyU6mmVA1mD8K4Gu5CBbx1787277AA= X-Google-Smtp-Source: ABdhPJxO4YqwJB44/yxSmkIS5+qiZzFpdB6ZsbRPHXlzBd1NtQYfX8VSA9OwU1psEEr8wV0BKzXRbA== X-Received: by 2002:a92:c90d:: with SMTP id t13mr12868624ilp.246.1619642668537; Wed, 28 Apr 2021 13:44:28 -0700 (PDT) X-Received: from cube.int.bluestop.org (c-174-52-16-57.hsd1.ut.comcast.net. [174.52.16.57]) by smtp.gmail.com with ESMTPSA id 7sm352437ilj.59.2021.04.28.13.44.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Apr 2021 13:44:28 -0700 (PDT) From: "Rebecca Cran" To: devel@edk2.groups.io Cc: Rebecca Cran , Jiewen Yao , Jian J Wang , Michael D Kinney , Liming Gao , Zhiguang Liu , Ard Biesheuvel , Sami Mujawar Subject: [edk2-devel] [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64 Date: Wed, 28 Apr 2021 14:44:15 -0600 Message-Id: <20210428204415.25454-4-rebecca@nuviainc.com> In-Reply-To: <20210428204415.25454-1-rebecca@nuviainc.com> References: <20210428204415.25454-1-rebecca@nuviainc.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,rebecca@nuviainc.com Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1619642675; bh=RLjkSMQRI8M5b4ULHbLWhfMUR7WDVC/nP58ZwFylZpg=; h=Cc:Date:From:Reply-To:Subject:To; b=KoKzismShWQyukCrDKQEUIsRNe2cVFPpCcu1fOFDc6DA8cl9YVjB/AmPER1XqoHQex7 V9EHorinm+v4846yVzO0il7frJfjqIa2S864kuIGpovMsjhz60xFslv4TDISA47eeKcC5 04teP3RKYXgIJC0ycErzGKQ/lEG9DVC004E= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" AARCH64 support has been added to BaseRngLib via the optional ARMv8.5 FEAT_RNG. Refactor RngDxe to support AARCH64, note support for it in the VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc. Signed-off-by: Rebecca Cran --- SecurityPkg/SecurityPkg.dsc | 11 +- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 +++- SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++ SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/AesCore.h | 0 SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/RdRand.h | 0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88 ++++++= ++++++++ SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 ++++++= +++ SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108 ++++++= ++++++++++++ SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/AesCore.c | 0 SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/RdRand.c | 0 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120 ++++++= ++++++++++++++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117 ++++--= ------------- 12 files changed, 450 insertions(+), 104 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 12ccd1634941..bd4b810bce61 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -259,6 +259,12 @@ [Components] [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf =20 +[Components.IA32, Components.X64, Components.AARCH64] + # + # Random Number Generator + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + [Components.IA32, Components.X64] SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx= e.inf =20 @@ -334,11 +340,6 @@ [Components.IA32, Components.X64] SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLi= b.inf SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP= resenceLib.inf =20 - # - # Random Number Generator - # - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf - # # Opal Password solution # diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 99d6f6b35fc2..c188b6076c00 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -26,15 +26,24 @@ [Defines] # # The following information is for reference only and not required by the = build tools. # -# VALID_ARCHITECTURES =3D IA32 X64 +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 # =20 [Sources.common] RngDxe.c - RdRand.c - RdRand.h - AesCore.c - AesCore.h + RngDxeInternals.h + +[Sources.IA32, Sources.X64] + Rand/RngDxe.c + Rand/RdRand.c + Rand/RdRand.h + Rand/AesCore.c + Rand/AesCore.h + +[Sources.AARCH64] + AArch64/RngDxe.c + AArch64/Rndr.c + AArch64/Rndr.h =20 [Packages] MdePkg/MdePkg.dec diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h b/Secu= rityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h new file mode 100644 index 000000000000..458faa834a3d --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h @@ -0,0 +1,37 @@ +/** @file + Header for the RNDR APIs used by RNG DXE driver. + + Support API definitions for RNDR instruction access. + + + Copyright (c) 2013, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef RNDR_H_ +#define RNDR_H_ + +#include +#include + +/** + Calls RNDR to fill a buffer of arbitrary size with random bytes. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] RandBuffer Pointer to the buffer to store the random res= ult. + + @retval EFI_SUCCESS Random bytes generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RndrGetBytes ( + IN UINTN Length, + OUT UINT8 *RandBuffer + ); + +#endif // RNDR_H_ diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityP= kg/RandomNumberGenerator/RngDxe/Rand/AesCore.h similarity index 100% rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPk= g/RandomNumberGenerator/RngDxe/Rand/RdRand.h similarity index 100% rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/S= ecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h new file mode 100644 index 000000000000..7e38fc2564f6 --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -0,0 +1,88 @@ +/** @file + Function prototypes for UEFI Random Number Generator protocol support. + + Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef RNGDXE_INTERNALS_H_ +#define RNGDXE_INTERNALS_H_ + +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms; + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL in= stance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAl= gorithmList. + On output with a return code of EFI_= SUCCESS, the size + in bytes of the data returned in RNG= AlgorithmList. On output + with a return code of EFI_BUFFER_TOO= _SMALL, + the size of RNGAlgorithmList require= d to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer fil= led by the driver + with one EFI_RNG_ALGORITHM element f= or each supported + RNG algorithm. The list must not cha= nge across multiple + calls to the same driver. The first = algorithm in the list + is the default algorithm for the dri= ver. + + @retval EFI_SUCCESS The RNG algorithm list was returned = successfully. + @retval EFI_UNSUPPORTED The services is not supported by thi= s driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be = retrieved due to a + hardware or firmware error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are in= correct. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too s= mall to hold the result. + +**/ +EFI_STATUS +EFIAPI +RngGetInfo ( + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ); + +/** + Produces and returns an RNG value using either the default or specified = RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL in= stance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM t= hat identifies the RNG + algorithm to use. May be NULL in whi= ch case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory bu= ffer pointed to by + RNGValue. The driver shall return ex= actly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer fil= led by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfu= lly. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgori= thm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved = due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data avai= lable to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength i= s zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ); + +/** + Returns the size of the RNG algorithms structure. + + @return Size of the EFI_RNG_ALGORITHM list. +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithmsSize ( + VOID + ); + +#endif // RNGDXE_INTERNALS_H_ diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c b/Secu= rityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c new file mode 100644 index 000000000000..36166a9cbc13 --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c @@ -0,0 +1,54 @@ +/** @file + Support routines for RNDR instruction access. + + Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include "Rndr.h" + +/** + Calls RNDR to fill a buffer of arbitrary size with random bytes. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] RandBuffer Pointer to the buffer to store the random res= ult. + + @retval EFI_SUCCESS Random bytes generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RndrGetBytes ( + IN UINTN Length, + OUT UINT8 *RandBuffer + ) +{ + BOOLEAN IsRandom; + UINT64 TempRand; + + while (Length > 0) { + IsRandom =3D GetRandomNumber64 (&TempRand); + if (!IsRandom) { + return EFI_NOT_READY; + } + if (Length >=3D sizeof (TempRand)) { + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand); + RandBuffer +=3D sizeof (UINT64); + Length -=3D sizeof (TempRand); + } else { + CopyMem (RandBuffer, &TempRand, Length); + Length =3D 0; + } + } + + return EFI_SUCCESS; +} + diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/Se= curityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c new file mode 100644 index 000000000000..18cca825e72d --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -0,0 +1,108 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver will use the new RNDR instruction to produce high-quality, hi= gh-performance + entropy and random number. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_RAW - Supported + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + + Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +#include "Rndr.h" + +// +// Supported RNG Algorithms list by this driver. +// +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] =3D { + EFI_RNG_ALGORITHM_RAW +}; + +/** + Produces and returns an RNG value using either the default or specified = RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL in= stance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM t= hat identifies the RNG + algorithm to use. May be NULL in whi= ch case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory bu= ffer pointed to by + RNGValue. The driver shall return ex= actly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer fil= led by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfu= lly. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgori= thm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved = due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data avai= lable to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength i= s zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + + if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (RNGAlgorithm =3D=3D NULL) { + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // + RNGAlgorithm =3D &gEfiRngAlgorithmRaw; + } + + // + // The "raw" algorithm is intended to provide entropy directly + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + Status =3D RndrGetBytes (RNGValueLength, RNGValue); + return Status; + } + + // + // Other algorithms are unsupported by this driver. + // + return EFI_UNSUPPORTED; +} + +/** + Returns the size of the RNG algorithms structure. + + @return Size of the EFI_RNG_ALGORITHM list. +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithmsSize ( + VOID + ) +{ + return sizeof (mSupportedRngAlgorithms); +} diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityP= kg/RandomNumberGenerator/RngDxe/Rand/AesCore.c similarity index 100% rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPk= g/RandomNumberGenerator/RngDxe/Rand/RdRand.c similarity index 100% rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Secur= ityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c new file mode 100644 index 000000000000..cf0bebd6a386 --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -0,0 +1,120 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver will use the new RDRAND instruction to produce high-quality, = high-performance + entropy and random number. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) + - EFI_RNG_ALGORITHM_RAW - Supported + (Structuring RDRAND invocation can be guaranteed as high-quality entr= opy source) + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "RdRand.h" + +// +// Supported RNG Algorithms list by this driver. +// +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] =3D { + EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID, + EFI_RNG_ALGORITHM_RAW +}; + +/** + Produces and returns an RNG value using either the default or specified = RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL in= stance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM t= hat identifies the RNG + algorithm to use. May be NULL in whi= ch case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory bu= ffer pointed to by + RNGValue. The driver shall return ex= actly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer fil= led by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfu= lly. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgori= thm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved = due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data avai= lable to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength i= s zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + + if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status =3D EFI_UNSUPPORTED; + if (RNGAlgorithm =3D=3D NULL) { + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // + RNGAlgorithm =3D &gEfiRngAlgorithmSp80090Ctr256Guid; + } + + // + // NIST SP800-90-AES-CTR-256 supported by RDRAND + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { + Status =3D RdRandGetBytes (RNGValueLength, RNGValue); + return Status; + } + + // + // The "raw" algorithm is intended to provide entropy directly + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + // + // When a DRBG is used on the output of a entropy source, + // its security level must be at least 256 bits according to UEFI Spec. + // + if (RNGValueLength < 32) { + return EFI_INVALID_PARAMETER; + } + + Status =3D RdRandGenerateEntropy (RNGValueLength, RNGValue); + return Status; + } + + // + // Other algorithms were unsupported by this driver. + // + return Status; +} + +/** + Returns the size of the RNG algorithms list. + + @return Size of the EFI_RNG_ALGORIGM list. +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithmsSize ( + VOID + ) +{ + return sizeof (mSupportedRngAlgorithms); +} diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPk= g/RandomNumberGenerator/RngDxe/RngDxe.c index 13d3dbd0bfbe..0072e6b433e6 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -1,34 +1,38 @@ /** @file RNG Driver to produce the UEFI Random Number Generator protocol. =20 - The driver will use the new RDRAND instruction to produce high-quality, = high-performance - entropy and random number. + The driver uses CPU RNG instructions to produce high-quality, + high-performance entropy and random number. =20 RNG Algorithms defined in UEFI 2.4: - - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported - (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) - - EFI_RNG_ALGORITHM_RAW - Supported - (Structuring RDRAND invocation can be guaranteed as high-quality entr= opy source) - - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported - - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported - - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported - - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID + - EFI_RNG_ALGORITHM_RAW + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID + - EFI_RNG_ALGORITHM_X9_31_AES_GUID =20 -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
-(C) Copyright 2015 Hewlett Packard Enterprise Development LP
-SPDX-License-Identifier: BSD-2-Clause-Patent + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+ + SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 -#include "RdRand.h" +#include +#include +#include +#include +#include + +#include "RngDxeInternals.h" + =20 // // Supported RNG Algorithms list by this driver. // -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] =3D { - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID, - EFI_RNG_ALGORITHM_RAW -}; + +extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[]; =20 /** Returns information about the random number generation implementation. @@ -68,7 +72,7 @@ RngGetInfo ( return EFI_INVALID_PARAMETER; } =20 - RequiredSize =3D sizeof (mSupportedRngAlgorithms); + RequiredSize =3D ArchGetSupportedRngAlgorithmsSize (); if (*RNGAlgorithmListSize < RequiredSize) { Status =3D EFI_BUFFER_TOO_SMALL; } else { @@ -87,81 +91,6 @@ RngGetInfo ( return Status; } =20 -/** - Produces and returns an RNG value using either the default or specified = RNG algorithm. - - @param[in] This A pointer to the EFI_RNG_PROTOCOL in= stance. - @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM t= hat identifies the RNG - algorithm to use. May be NULL in whi= ch case the function will - use its default RNG algorithm. - @param[in] RNGValueLength The length in bytes of the memory bu= ffer pointed to by - RNGValue. The driver shall return ex= actly this numbers of bytes. - @param[out] RNGValue A caller-allocated memory buffer fil= led by the driver with the - resulting RNG value. - - @retval EFI_SUCCESS The RNG value was returned successfu= lly. - @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgori= thm is not supported by - this driver. - @retval EFI_DEVICE_ERROR An RNG value could not be retrieved = due to a hardware or - firmware error. - @retval EFI_NOT_READY There is not enough random data avai= lable to satisfy the length - requested by RNGValueLength. - @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength i= s zero. - -**/ -EFI_STATUS -EFIAPI -RngGetRNG ( - IN EFI_RNG_PROTOCOL *This, - IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL - IN UINTN RNGValueLength, - OUT UINT8 *RNGValue - ) -{ - EFI_STATUS Status; - - if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { - return EFI_INVALID_PARAMETER; - } - - Status =3D EFI_UNSUPPORTED; - if (RNGAlgorithm =3D=3D NULL) { - // - // Use the default RNG algorithm if RNGAlgorithm is NULL. - // - RNGAlgorithm =3D &gEfiRngAlgorithmSp80090Ctr256Guid; - } - - // - // NIST SP800-90-AES-CTR-256 supported by RDRAND - // - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { - Status =3D RdRandGetBytes (RNGValueLength, RNGValue); - return Status; - } - - // - // The "raw" algorithm is intended to provide entropy directly - // - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { - // - // When a DRBG is used on the output of a entropy source, - // its security level must be at least 256 bits according to UEFI Spec. - // - if (RNGValueLength < 32) { - return EFI_INVALID_PARAMETER; - } - - Status =3D RdRandGenerateEntropy (RNGValueLength, RNGValue); - return Status; - } - - // - // Other algorithms were unsupported by this driver. - // - return Status; -} - // // The Random Number Generator (RNG) protocol // --=20 2.26.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#74581): https://edk2.groups.io/g/devel/message/74581 Mute This Topic: https://groups.io/mt/82440614/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-