From nobody Mon May 13 04:46:14 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+86731+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86731+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1645120849; cv=none; d=zohomail.com; s=zohoarc; b=l1b+LuH/zZmKBjLAj68x0TN5mbzj3rhW7trqMMCbuneFdahRVm7Q+xDLyjorh9FXrtizYqt097Ut7ze/Huupze5kdY4syIYURVC7ZCQa33HCWilJKAHwExxa5Y7wu8PS/vKREd/hHCkyvMjxz5r6HI3BaL5F5wTgMGQ3IkXuhPM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1645120849; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=XkBvtCn/zuzC7JI0BJB7OjkGy+ILIq1HdJo8xLQFVlI=; b=l3TYuEY3tw+qkrdZ1W1Jim8Ucb8reIkH3LpTjg/SGgCS7VNTVFxw72HSb10CVIvE2ddRPrJnaLGSh2QABfUUpnOshBEpsPgZQjW/1+9hEkeFexcW+C72YocHMmSOX3HeKw39SOYL+aPepY/+jerdCBkTJcnVn7ZF6jZ9du1CCLI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+86731+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1645120848930494.8483186951561; Thu, 17 Feb 2022 10:00:48 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id BdYYYY1788612xMDTyfprmmi; Thu, 17 Feb 2022 10:00:48 -0800 X-Received: from smarthost01c.sbp.mail.zen.net.uk (smarthost01c.sbp.mail.zen.net.uk [212.23.1.5]) by mx.groups.io with SMTP id smtpd.web08.100.1645120847319834974 for ; Thu, 17 Feb 2022 10:00:47 -0800 X-Received: from [217.155.46.38] (helo=sean-StarBook.lan) by smarthost01c.sbp.mail.zen.net.uk with esmtp (Exim 4.90_1) (envelope-from ) id 1nKl57-0005Zz-Cs; Thu, 17 Feb 2022 18:00:41 +0000 From: "Sean Rhodes" To: devel@edk2.groups.io Cc: guo.dong@intel.com, Patrick Rudolph , Jiewen Yao , Jian J Wang , Ray Ni , Maurice Ma , Benjamin You Subject: [edk2-devel] [PATCH] UefiPayloadPkg: Add RNG support Date: Thu, 17 Feb 2022 18:00:39 +0000 Message-Id: MIME-Version: 1.0 X-Originating-smarthost01c-IP: [217.155.46.38] Feedback-ID: 217.155.46.38 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,sean@starlabs.systems X-Gm-Message-State: Yjd15956mWnTCmkQ4zaCcga1x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1645120848; bh=+EQNWTMjjWzwngs3eSz5CymO11zILfihSkbW1veYwzU=; h=Cc:Date:From:Reply-To:Subject:To; b=XowsB84YYMNF1wIKJuZuAanULHMBWrUbqKNpXDv7MciDAP+eY337GMs7AqUmtDMwmQJ z6DDAHKDycgblMxylGh002XUXudDYPKwARazeaCypE40DXrt7FDbStuSNnNakdm/5uoXb egBiubbx0HbsT/a8Duw90jylGt5a/v2urFc= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1645120852261100001 Content-Type: text/plain; charset="utf-8" From: Patrick Rudolph Uses the RDRAND instruction if available and install EfiRngProtocol. The protocol may be used by iPXE or the Linux kernel to gather entropy. Cc: Jiewen Yao Cc: Jian J Wang Cc: Guo Dong Cc: Ray Ni Cc: Maurice Ma Cc: Benjamin You Signed-off-by: Patrick Rudolph --- SecurityPkg/Library/BaseRngLib/BaseRng.c | 199 ++++++++++++++++++ SecurityPkg/Library/BaseRngLib/BaseRngLib.inf | 32 +++ SecurityPkg/Library/BaseRngLib/BaseRngLib.uni | 17 ++ UefiPayloadPkg/UefiPayloadPkg.dsc | 8 + UefiPayloadPkg/UefiPayloadPkg.fdf | 4 + 5 files changed, 260 insertions(+) create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRng.c create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.inf create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.uni diff --git a/SecurityPkg/Library/BaseRngLib/BaseRng.c b/SecurityPkg/Library= /BaseRngLib/BaseRng.c new file mode 100644 index 0000000000..c21e713cb0 --- /dev/null +++ b/SecurityPkg/Library/BaseRngLib/BaseRng.c @@ -0,0 +1,199 @@ +/** @file + Random number generator services that uses RdRand instruction access + to provide high-quality random numbers. + +Copyright (c) 2015, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include + +STATIC BOOLEAN mHasRdRand; + +// +// Bit mask used to determine if RdRand instruction is supported. +// +#define RDRAND_MASK BIT30 + +// +// Limited retry number when valid random data is returned. +// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and I= A-32 +// Architectures Software Developer's Mannual". +// +#define RDRAND_RETRY_LIMIT 10 + +/** + The constructor function checks whether or not RDRAND instruction is sup= ported + by the host hardware. + + The constructor function checks whether or not RDRAND instruction is sup= ported. + It will always return RETURN_SUCCESS. + + @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +RETURN_STATUS +EFIAPI +BaseRngLibConstructor ( + VOID + ) +{ + UINT32 RegEax; + UINT32 RegEcx; + + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); + if (RegEax < 1) { + mHasRdRand =3D FALSE; + return RETURN_SUCCESS; + } + + // + // Determine RDRAND support by examining bit 30 of the ECX register retu= rned by + // CPUID. A value of 1 indicates that processor support RDRAND instructi= on. + // + AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0); + + mHasRdRand =3D ((RegEcx & RDRAND_MASK) =3D=3D RDRAND_MASK); + + return RETURN_SUCCESS; +} + +/** + Generates a 16-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 16-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber16 ( + OUT UINT16 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 16 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand16 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 32-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 32-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber32 ( + OUT UINT32 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 32 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand32 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 64-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber64 ( + OUT UINT64 *Rand + ) +{ + UINT32 Index; + + ASSERT (Rand !=3D NULL); + + if (mHasRdRand) { + // + // A loop to fetch a 64 bit random value with a retry count limit. + // + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { + if (AsmRdRand64 (Rand)) { + return TRUE; + } + } + } + + return FALSE; +} + +/** + Generates a 128-bit random number. + + if Rand is NULL, then ASSERT(). + + @param[out] Rand Buffer pointer to store the 128-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + +**/ +BOOLEAN +EFIAPI +GetRandomNumber128 ( + OUT UINT64 *Rand + ) +{ + ASSERT (Rand !=3D NULL); + + // + // Read first 64 bits + // + if (!GetRandomNumber64 (Rand)) { + return FALSE; + } + + // + // Read second 64 bits + // + return GetRandomNumber64 (++Rand); +} diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf b/SecurityPkg/Li= brary/BaseRngLib/BaseRngLib.inf new file mode 100644 index 0000000000..67a91ccfff --- /dev/null +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf @@ -0,0 +1,32 @@ +## @file +# Instance of RNG (Random Number Generator) Library. +# +# Copyright (c) 2020 9elements Agency GmbH.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D BaseRngLib + MODULE_UNI_FILE =3D BaseRngLib.uni + FILE_GUID =3D 05C48431-DE18-4550-931A-3350E8551498 + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D RngLib + CONSTRUCTOR =3D BaseRngLibConstructor + +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources.Ia32, Sources.X64] + BaseRng.c + +[Packages] + MdePkg/MdePkg.dec + +[LibraryClasses] + BaseLib + DebugLib diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni b/SecurityPkg/Li= brary/BaseRngLib/BaseRngLib.uni new file mode 100644 index 0000000000..f3ed954c52 --- /dev/null +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Instance of RNG (Random Number Generator) Library. +// +// BaseRng Library that uses CPU RdRand instruction access to provide +// high-quality random numbers. +// +// Copyright (c) 2015, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG L= ibrary" + +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library t= hat uses CPU RdRand instruction access to provide high-quality random numbe= rs" + diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload= Pkg.dsc index 1ce96a51c1..0d4b4da24f 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -703,6 +703,14 @@ MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf !endif =20 + # + # Random Number Generator + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + RngLib|SecurityPkg/Library/BaseRngLib/BaseRngLib.inf + } + #------------------------------ # Build the shell #------------------------------ diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayload= Pkg.fdf index c7b04978ad..6af1a8c8aa 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.fdf +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf @@ -229,6 +229,10 @@ INF MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf # INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf =20 +# Random Number Generator +# +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + # # UEFI network modules # --=20 2.32.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#86731): https://edk2.groups.io/g/devel/message/86731 Mute This Topic: https://groups.io/mt/89215230/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-