From nobody Tue Feb 10 19:15:26 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+107015+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107015+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=arm.com ARC-Seal: i=1; a=rsa-sha256; t=1689681168; cv=none; d=zohomail.com; s=zohoarc; b=m4oqULH2/mbKJoL8XYPdciPR7TYMSas97eF3C9ewhZhw/betNL/yz9bfYPlUK7XWkcln52Xq3bEZCf+tLxkGzr/NKZgKe2nHn/mUWSF8ozM7XOuffWLg1SAf9XfQ1ASsVAU+pQ1VhIdNO9xIy/ZU9wnAkM32BXNpi2Z5kbWv0Gg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689681168; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=A67vVX7DX1gm/mIJ4woi5ibHmPacAiWrd8Ps4FbnQpg=; b=fV4DBqrbcGFCsy8hsIKhq4CR0TKb7NjrE3zbjHRJANa8NktqDr4Ws0DYu/EUhiARR6N9DfpACqB7N3ZkR5dq3TydVn9Qtonm4ka6aEm7CtJyBkdjelJ12kXzQC+65FMyGNPRqUufuBmd7sHwhdplwgUrz+V6OTgAnWjFnPBcpiI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+107015+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1689681168208737.3794149786587; Tue, 18 Jul 2023 04:52:48 -0700 (PDT) Return-Path: DKIM-Signature: a=rsa-sha256; bh=mK0br7bBwqLmGUhJjZB5mP8EmA32xxoUWBE9yF/EIJg=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding; s=20140610; t=1689681167; v=1; b=U3AQRiHm4eFHx0SbC+Aut1D2NwVvZEkgaef5xRd4EDYlKhv5acSrQVKGyPZpLnvUyE1Qf3eH a9N2iTa16V4xpg2WOzwBLVlpVERuCJQQT4TOj+TdFww9UW11SazWaP4QGr9Gt5/QW6kQ5RFjnOY ChlW31J1JFmI16nr/8/xNBsI= X-Received: by 127.0.0.2 with SMTP id HvESYY1788612xUfGfM2PD6Z; Tue, 18 Jul 2023 04:52:47 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.5683.1689681167282406532 for ; Tue, 18 Jul 2023 04:52:47 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 67DA62F4; Tue, 18 Jul 2023 04:53:30 -0700 (PDT) X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 66C323F6C4; Tue, 18 Jul 2023 04:52:45 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [edk2-devel] [PATCH v5 8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib Date: Tue, 18 Jul 2023 13:51:55 +0200 Message-Id: <20230718115156.1224842-9-pierre.gondois@arm.com> In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com> References: <20230718115156.1224842-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com X-Gm-Message-State: 8ApAlr3hk3h6Z1n3NmkUISZex1787277AA= Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1689681169513100035 Content-Type: text/plain; charset="utf-8" From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function and place the unsage algorithm at the last position in the mAvailableAlgoArray. Signed-off-by: Pierre Gondois Reviewed-by: Sami Mujawar --- .../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 +- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- 3 files changed, 45 insertions(+), 21 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c= b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index e8be217f8a8c..a270441ebba0 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -10,6 +10,8 @@ #include #include #include +#include +#include =20 #include "RngDxeInternals.h" =20 @@ -28,9 +30,13 @@ GetAvailableAlgorithms ( VOID ) { - UINT64 DummyRand; - UINT16 MajorRevision; - UINT16 MinorRevision; + EFI_STATUS Status; + UINT16 MajorRevision; + UINT16 MinorRevision; + GUID RngGuid; + BOOLEAN UnSafeAlgo; + + UnSafeAlgo =3D FALSE; =20 // Rng algorithms 2 times, one for the allocation, one to populate. mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); @@ -38,24 +44,29 @@ GetAvailableAlgorithms ( return EFI_OUT_OF_RESOURCES; } =20 - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) { - CopyMem ( - &mAvailableAlgoArray[mAvailableAlgoArrayCount], - PcdGetPtr (PcdCpuRngSupportedAlgorithm), - sizeof (EFI_RNG_ALGORITHM) - ); - mAvailableAlgoArrayCount++; - - DEBUG_CODE_BEGIN (); - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { + // Identify RngLib algorithm. + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status)) { + if (IsZeroGuid (&RngGuid) || + CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe)) + { + // Treat zero GUID as an unsafe algorithm DEBUG (( DEBUG_WARN, - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" + "RngLib uses an Unsafe algorithm and " + "must not be used for production builds.\n" )); + // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found + // so that it can be added at the end of the algorithm list. + UnSafeAlgo =3D TRUE; + } else { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &RngGuid, + sizeof (RngGuid) + ); + mAvailableAlgoArrayCount++; } - - DEBUG_CODE_END (); } =20 // Raw algorithm (Trng) @@ -68,5 +79,15 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++; } =20 + // Add unsafe algorithm at the end of the list. + if (UnSafeAlgo) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEdkiiRngAlgorithmUnSafe, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + return EFI_SUCCESS; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index ce49ff7ae661..78a18c5e1177 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -78,6 +78,7 @@ RngGetRNG ( { EFI_STATUS Status; UINTN Index; + GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D = NULL)) { return EFI_INVALID_PARAMETER; @@ -102,7 +103,10 @@ RngGetRNG ( } =20 FoundAlgo: - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)))= { + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status) && + CompareGuid (RNGAlgorithm, &RngGuid)) + { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.inf index d6c2d30195bf..27d3e39a675b 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -75,13 +75,12 @@ [Guids] gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG =20 [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd.AARCH64] - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES - [Depex] TRUE =20 --=20 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107015): https://edk2.groups.io/g/devel/message/107015 Mute This Topic: https://groups.io/mt/100213737/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-