From: "gaoliming" <gaoliming@byosoft.com.cn>
To: "'Rebecca Cran'" <rebecca@nuviainc.com>, <devel@edk2.groups.io>
Cc: "'Jiewen Yao'" <jiewen.yao@intel.com>,
"'Jian J Wang'" <jian.j.wang@intel.com>,
"'Michael D Kinney'" <michael.d.kinney@intel.com>,
"'Zhiguang Liu'" <zhiguang.liu@intel.com>,
"'Ard Biesheuvel'" <ardb+tianocore@kernel.org>,
"'Sami Mujawar'" <Sami.Mujawar@arm.com>
Subject: 回复: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64
Date: Thu, 29 Apr 2021 09:13:02 +0800 [thread overview]
Message-ID: <004301d73c94$cd734930$6859db90$@byosoft.com.cn> (raw)
In-Reply-To: <20210428204415.25454-4-rebecca@nuviainc.com>
Rebecca:
> -----邮件原件-----
> 发件人: Rebecca Cran <rebecca@nuviainc.com>
> 发送时间: 2021年4月29日 4:44
> 收件人: devel@edk2.groups.io
> 抄送: Rebecca Cran <rebecca@nuviainc.com>; Jiewen Yao
> <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Michael D
> Kinney <michael.d.kinney@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Ard
> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
> <Sami.Mujawar@arm.com>
> 主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64
>
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
> SecurityPkg/SecurityPkg.dsc |
> 11 +-
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf |
> 19 +++-
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h |
> 37 ++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h |
> 88 ++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c |
> 54 +++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c |
> 108 ++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c |
> 0
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c |
> 120 ++++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c |
> 117 ++++---------------
> 12 files changed, 450 insertions(+), 104 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
> [Components.IA32, Components.X64, Components.ARM,
> Components.AARCH64]
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> + #
> + # Random Number Generator
> + #
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
> [Components.IA32, Components.X64]
>
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
> xe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence
> Lib.inf
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic
> alPresenceLib.inf
>
> - #
> - # Random Number Generator
> - #
> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
> #
> # Opal Password solution
> #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..c188b6076c00 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,24 @@ [Defines]
> #
> # The following information is for reference only and not required by the
> build tools.
> #
> -# VALID_ARCHITECTURES = IA32 X64
> +# VALID_ARCHITECTURES = IA32 X64 AARCH64
> #
>
> [Sources.common]
> RngDxe.c
> - RdRand.c
> - RdRand.h
> - AesCore.c
> - AesCore.h
> + RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> + Rand/RngDxe.c
> + Rand/RdRand.c
> + Rand/RdRand.h
> + Rand/AesCore.c
> + Rand/AesCore.h
> +
> +[Sources.AARCH64]
> + AArch64/RngDxe.c
> + AArch64/Rndr.c
> + AArch64/Rndr.h
>
> [Packages]
> MdePkg/MdePkg.dec
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> new file mode 100644
> index 000000000000..458faa834a3d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> @@ -0,0 +1,37 @@
> +/** @file
> + Header for the RNDR APIs used by RNG DXE driver.
> +
> + Support API definitions for RNDR instruction access.
> +
> +
> + Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNDR_H_
> +#define RNDR_H_
> +
> +#include <Library/BaseLib.h>
> +#include <Protocol/Rng.h>
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + );
> +
> +#endif // RNDR_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..7e38fc2564f6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,88 @@
> +/** @file
> + Function prototypes for UEFI Random Number Generator protocol
> support.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
> +
> +/**
> + Returns information about the random number generation
> implementation.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> + On output with a return code
> of EFI_SUCCESS, the size
> + in bytes of the data returned
> in RNGAlgorithmList. On output
> + with a return code of
> EFI_BUFFER_TOO_SMALL,
> + the size of RNGAlgorithmList
> required to obtain the list.
> + @param[out] RNGAlgorithmList A caller-allocated memory
> buffer filled by the driver
> + with one
> EFI_RNG_ALGORITHM element for each supported
> + RNG algorithm. The list must
> not change across multiple
> + calls to the same driver. The
> first algorithm in the list
> + is the default algorithm for
> the driver.
> +
> + @retval EFI_SUCCESS The RNG algorithm list was
> returned successfully.
> + @retval EFI_UNSUPPORTED The services is not supported
> by this driver.
> + @retval EFI_DEVICE_ERROR The list of algorithms could
> not be retrieved due to a
> + hardware or firmware error.
> + @retval EFI_INVALID_PARAMETER One or more of the
> parameters are incorrect.
> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList
> is too small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> + IN EFI_RNG_PROTOCOL *This,
> + IN OUT UINTN *RNGAlgorithmListSize,
> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
> + );
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + );
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + );
> +
> +#endif // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> new file mode 100644
> index 000000000000..36166a9cbc13
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> @@ -0,0 +1,54 @@
> +/** @file
> + Support routines for RNDR instruction access.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/RngLib.h>
> +
> +#include "Rndr.h"
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + )
> +{
> + BOOLEAN IsRandom;
> + UINT64 TempRand;
> +
> + while (Length > 0) {
> + IsRandom = GetRandomNumber64 (&TempRand);
> + if (!IsRandom) {
> + return EFI_NOT_READY;
> + }
> + if (Length >= sizeof (TempRand)) {
> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
> + RandBuffer += sizeof (UINT64);
> + Length -= sizeof (TempRand);
> + } else {
> + CopyMem (RandBuffer, &TempRand, Length);
> + Length = 0;
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
Can this function be shared between X86 and AARCH64?
Thanks
Liming
> diff --git
> a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..18cca825e72d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,108 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RNDR instruction to produce high-quality,
> high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "Rndr.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_RAW
> +};
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + )
> +{
> + EFI_STATUS Status;
> +
> + if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + if (RNGAlgorithm == NULL) {
> + //
> + // Use the default RNG algorithm if RNGAlgorithm is NULL.
> + //
> + RNGAlgorithm = &gEfiRngAlgorithmRaw;
> + }
> +
> + //
> + // The "raw" algorithm is intended to provide entropy directly
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> + Status = RndrGetBytes (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // Other algorithms are unsupported by this driver.
> + //
> + return EFI_UNSUPPORTED;
> +}
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + )
> +{
> + return sizeof (mSupportedRngAlgorithms);
> +}
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> new file mode 100644
> index 000000000000..cf0bebd6a386
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -0,0 +1,120 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
> + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
> DRBG)
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + (Structuring RDRAND invocation can be guaranteed as high-quality
> entropy source)
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RdRand.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> + EFI_RNG_ALGORITHM_RAW
> +};
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> + @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> + algorithm to use. May be
> NULL in which case the function will
> + use its default RNG
> algorithm.
> + @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> + RNGValue. The driver shall
> return exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> + requested by
> RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + )
> +{
> + EFI_STATUS Status;
> +
> + if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = EFI_UNSUPPORTED;
> + if (RNGAlgorithm == NULL) {
> + //
> + // Use the default RNG algorithm if RNGAlgorithm is NULL.
> + //
> + RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> + }
> +
> + //
> + // NIST SP800-90-AES-CTR-256 supported by RDRAND
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid))
> {
> + Status = RdRandGetBytes (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // The "raw" algorithm is intended to provide entropy directly
> + //
> + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> + //
> + // When a DRBG is used on the output of a entropy source,
> + // its security level must be at least 256 bits according to UEFI
Spec.
> + //
> + if (RNGValueLength < 32) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> + return Status;
> + }
> +
> + //
> + // Other algorithms were unsupported by this driver.
> + //
> + return Status;
> +}
> +
> +/**
> + Returns the size of the RNG algorithms list.
> +
> + @return Size of the EFI_RNG_ALGORIGM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + )
> +{
> + return sizeof (mSupportedRngAlgorithms);
> +}
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> index 13d3dbd0bfbe..0072e6b433e6 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> @@ -1,34 +1,38 @@
> /** @file
> RNG Driver to produce the UEFI Random Number Generator protocol.
>
> - The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> - entropy and random number.
> + The driver uses CPU RNG instructions to produce high-quality,
> + high-performance entropy and random number.
>
> RNG Algorithms defined in UEFI 2.4:
> - - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported
> - (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
> DRBG)
> - - EFI_RNG_ALGORITHM_RAW - Supported
> - (Structuring RDRAND invocation can be guaranteed as high-quality
> entropy source)
> - - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> - - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> + - EFI_RNG_ALGORITHM_RAW
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> -(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> -SPDX-License-Identifier: BSD-2-Clause-Patent
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
>
> -#include "RdRand.h"
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "RngDxeInternals.h"
> +
>
> //
> // Supported RNG Algorithms list by this driver.
> //
> -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> - EFI_RNG_ALGORITHM_RAW
> -};
> +
> +extern EFI_RNG_ALGORITHM mSupportedRngAlgorithms[];
>
> /**
> Returns information about the random number generation
> implementation.
> @@ -68,7 +72,7 @@ RngGetInfo (
> return EFI_INVALID_PARAMETER;
> }
>
> - RequiredSize = sizeof (mSupportedRngAlgorithms);
> + RequiredSize = ArchGetSupportedRngAlgorithmsSize ();
> if (*RNGAlgorithmListSize < RequiredSize) {
> Status = EFI_BUFFER_TOO_SMALL;
> } else {
> @@ -87,81 +91,6 @@ RngGetInfo (
> return Status;
> }
>
> -/**
> - Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> -
> - @param[in] This A pointer to the
> EFI_RNG_PROTOCOL instance.
> - @param[in] RNGAlgorithm A pointer to the
> EFI_RNG_ALGORITHM that identifies the RNG
> - algorithm to use. May be
> NULL in which case the function will
> - use its default RNG
> algorithm.
> - @param[in] RNGValueLength The length in bytes of the
> memory buffer pointed to by
> - RNGValue. The driver shall
> return exactly this numbers of bytes.
> - @param[out] RNGValue A caller-allocated memory
> buffer filled by the driver with the
> - resulting RNG value.
> -
> - @retval EFI_SUCCESS The RNG value was returned
> successfully.
> - @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> - this driver.
> - @retval EFI_DEVICE_ERROR An RNG value could not be
> retrieved due to a hardware or
> - firmware error.
> - @retval EFI_NOT_READY There is not enough random
> data available to satisfy the length
> - requested by
> RNGValueLength.
> - @retval EFI_INVALID_PARAMETER RNGValue is NULL or
> RNGValueLength is zero.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RngGetRNG (
> - IN EFI_RNG_PROTOCOL *This,
> - IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> - IN UINTN RNGValueLength,
> - OUT UINT8 *RNGValue
> - )
> -{
> - EFI_STATUS Status;
> -
> - if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Status = EFI_UNSUPPORTED;
> - if (RNGAlgorithm == NULL) {
> - //
> - // Use the default RNG algorithm if RNGAlgorithm is NULL.
> - //
> - RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> - }
> -
> - //
> - // NIST SP800-90-AES-CTR-256 supported by RDRAND
> - //
> - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> - Status = RdRandGetBytes (RNGValueLength, RNGValue);
> - return Status;
> - }
> -
> - //
> - // The "raw" algorithm is intended to provide entropy directly
> - //
> - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> - //
> - // When a DRBG is used on the output of a entropy source,
> - // its security level must be at least 256 bits according to UEFI
Spec.
> - //
> - if (RNGValueLength < 32) {
> - return EFI_INVALID_PARAMETER;
> - }
> -
> - Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> - return Status;
> - }
> -
> - //
> - // Other algorithms were unsupported by this driver.
> - //
> - return Status;
> -}
> -
> //
> // The Random Number Generator (RNG) protocol
> //
> --
> 2.26.2
next prev parent reply other threads:[~2021-04-29 1:13 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-28 20:44 [PATCH 0/3] MdePkg,SecurityPkg: Update BaseRngLib and RngDxe to support ARMv8.5 FEAT_RNG Rebecca Cran
2021-04-28 20:44 ` [PATCH 1/3] MdePkg/BaseLib: Add support for ARMv8.5 RNG instructions Rebecca Cran
2021-04-29 1:08 ` 回复: " gaoliming
2021-05-05 21:02 ` [edk2-devel] " Rebecca Cran
2021-05-04 21:06 ` Sami Mujawar
2021-05-04 21:42 ` Rebecca Cran
2021-04-28 20:44 ` [PATCH 2/3] MdePkg: Refactor BaseRngLib to support AARCH64 in addition to X86 Rebecca Cran
2021-04-29 1:10 ` 回复: " gaoliming
2021-04-29 3:01 ` [edk2-devel] " Rebecca Cran
2021-05-04 21:09 ` Sami Mujawar
2021-05-05 19:27 ` [edk2-devel] " Rebecca Cran
2021-05-06 21:47 ` Rebecca Cran
2021-04-28 20:44 ` [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64 Rebecca Cran
2021-04-29 1:13 ` gaoliming [this message]
2021-04-29 15:50 ` [edk2-devel] 回复: " Rebecca Cran
2021-04-29 10:35 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004301d73c94$cd734930$6859db90$@byosoft.com.cn' \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox