From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.89])
by mx.groups.io with SMTP id smtpd.web10.13363.1637853825510419738
for <devel@edk2.groups.io>;
Thu, 25 Nov 2021 07:23:46 -0800
Authentication-Results: mx.groups.io;
dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=MyQBOTSf;
spf=pass (domain: arm.com, ip: 40.107.21.89, mailfrom: sami.mujawar@arm.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DDLiQBYofJrcy9XaTc3N8x5rCDn1kZzvOejwEV8dRRM=;
b=MyQBOTSfp0hOmMGguFu59zKu/KdOiIOjHFDiPjMT3Df3VcRMZC/rnA/4JMfH9redlGWEeFtp+b4zV372Rf5QXnX347Fr1w2jMlH98/F4ZbC0b2QUgA53Fd3usOJlpJ1WBYRYmYGu1g/jFe8xpkukOK9OtCD5dMfQuZEJV12W9gQ=
Received: from DB8P191CA0006.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::16)
by AM6PR08MB3256.eurprd08.prod.outlook.com (2603:10a6:209:47::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.24; Thu, 25 Nov
2021 15:23:42 +0000
Received: from DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com
(2603:10a6:10:130:cafe::d1) by DB8P191CA0006.outlook.office365.com
(2603:10a6:10:130::16) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.22 via Frontend
Transport; Thu, 25 Nov 2021 15:23:42 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
smtp.mailfrom=arm.com; dkim=pass (signature was verified)
header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
63.35.35.123 as permitted sender) receiver=protection.outlook.com;
client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
DB5EUR03FT032.mail.protection.outlook.com (10.152.20.162) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4713.19 via Frontend Transport; Thu, 25 Nov 2021 15:23:42 +0000
Received: ("Tessian outbound 1cd1a01725a6:v110"); Thu, 25 Nov 2021 15:23:42 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 1f3086cc7b840480
X-CR-MTA-TID: 64aa7808
Received: from 567d6547aef8.2
by 64aa7808-outbound-1.mta.getcheckrecipient.com id BFDCC830-92F8-4960-8F96-08BC1C7723A3.1;
Thu, 25 Nov 2021 15:23:16 +0000
Received: from EUR02-HE1-obe.outbound.protection.outlook.com
by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 567d6547aef8.2
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
Thu, 25 Nov 2021 15:23:16 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=TAxf3DjzjX7Vm4Lpal2zGlyNbqhAYoAFVSL34kV1qhfGVhf3MjGNj9o/SVq3MoR760sVmm9Yakt5vw573qvIRcXF7zldJYMB3xGI4boIlt5tBSGH1/GG5aVcWsAWLKqZE2Ug5lYOx3PBSbBMoHIJ9uo22OFNb7U1Dgo81WcTNqBysiqvFRaZTswQMu8vkJDBYcAl1TZizo4SkNEAq4MSqGPw/JCP2m8+QBoSQyrvV3afAn0ufXuRsTbCJOE0zL/tidec9Z+Ke7CpfyZZmHDW9bQgDeuqhgpSFUyIZqkmPLYoxYfk444AcEm3FTIZ4lyqhtm2Cpo8DYSXNiD847UMfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DDLiQBYofJrcy9XaTc3N8x5rCDn1kZzvOejwEV8dRRM=;
b=NQFwrHer1q8QnMnN42QBCsA27zOhwdygqbqNStngYmGEt48izQA1Rk7bzm/4RN6ZRtNhQNd0/hf3f4EmnFgoRfwDgroMR8BgRjNLYkR8PwCqKH3qlx3z3Qpm3ToW14Uc7YB/EbM8cmxQzRxDjvzAvYDhQpoSoJ4+Rf2s6K4sBNanZQFnWtQxqh45d/d3RgkeY4+sNS75zVMWzsI6bCQXR90CY9/n91Tm4NY7EMeRL6qh1J6+o+CBtiRtBouMwijxYSsHkAGg09Q5z6bmKDVy1NTwGB4uyavhVH51iZSA3F5pBt7OxwcyATFwWqLnQ3zTtwkxlb3zSfknm2WKqw2m9Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
s=selector2-armh-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DDLiQBYofJrcy9XaTc3N8x5rCDn1kZzvOejwEV8dRRM=;
b=MyQBOTSfp0hOmMGguFu59zKu/KdOiIOjHFDiPjMT3Df3VcRMZC/rnA/4JMfH9redlGWEeFtp+b4zV372Rf5QXnX347Fr1w2jMlH98/F4ZbC0b2QUgA53Fd3usOJlpJ1WBYRYmYGu1g/jFe8xpkukOK9OtCD5dMfQuZEJV12W9gQ=
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=arm.com;
Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12)
by AM6PR08MB3287.eurprd08.prod.outlook.com (2603:10a6:209:41::18) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4713.24; Thu, 25 Nov
2021 15:23:12 +0000
Received: from AS8PR08MB6806.eurprd08.prod.outlook.com
([fe80::54b5:239d:9896:ee65]) by AS8PR08MB6806.eurprd08.prod.outlook.com
([fe80::54b5:239d:9896:ee65%4]) with mapi id 15.20.4713.025; Thu, 25 Nov 2021
15:23:12 +0000
Subject: Re: [edk2-devel] [PATCH v2 3/8] ArmPkg: Add Arm Firmware TRNG library
To: Leif Lindholm <leif@nuviainc.com>, devel@edk2.groups.io
Cc: ardb+tianocore@kernel.org, rebecca@bsdio.com, kraxel@redhat.com,
michael.d.kinney@intel.com, gaoliming@byosoft.com.cn,
zhiguang.liu@intel.com, jiewen.yao@intel.com, jian.j.wang@intel.com,
Matteo.Carlini@arm.com, Akanksha.Jain2@arm.com, Ben.Adderson@arm.com,
nd@arm.com
References: <20211116113301.31088-1-sami.mujawar@arm.com>
<20211116113301.31088-4-sami.mujawar@arm.com> <YZ43w/aKaDH99wjc@leviathan>
From: "Sami Mujawar" <sami.mujawar@arm.com>
Message-ID: <15621f6b-8df4-a65b-9996-92b68c1ae3c1@arm.com>
Date: Thu, 25 Nov 2021 15:23:13 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.0.1
In-Reply-To: <YZ43w/aKaDH99wjc@leviathan>
X-ClientProxiedBy: LNXP265CA0023.GBRP265.PROD.OUTLOOK.COM
(2603:10a6:600:5e::35) To AS8PR08MB6806.eurprd08.prod.outlook.com
(2603:10a6:20b:39b::12)
MIME-Version: 1.0
Received: from [10.1.196.43] (217.140.106.52) by LNXP265CA0023.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:5e::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4734.22 via Frontend Transport; Thu, 25 Nov 2021 15:23:11 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 372a2391-9d68-4141-78ae-08d9b0279065
X-MS-TrafficTypeDiagnostic: AM6PR08MB3287:|AM6PR08MB3256:
X-Microsoft-Antispam-PRVS:
<AM6PR08MB3256F847975D5F0BCA0CD81284629@AM6PR08MB3256.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Oob-TLC-OOBClassifiers: OLM:5797;OLM:5797;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
IpBB8dXXwNkHEr+Zd21D5Fxnv/a1bdeso9RLFfxf8dXaxbfW1RAmIfTFiu0vLJ3OscLM6btdqSjCI1dVwkB46c7D2d3pHWe2GVvrs/KfE/3if5m9YcytguNuFgY+DdCGlS4evVg0i4y9LWwmi9FrEQF169KHK7bhuEKkca1vfzNDSShaEzZbMyLDVQJwbh5Puxy1rxJdxG19FM3miWVLmpK6/CXMd2d65FOdU7JpCuLwfADkwTaWni2zJsW6GEWFqmgIEwckSh6R9C6JYbQlxDRQ1suQVIbuDS6Lh7HVobjTvXgjhKC/LTaymfuzynRPMLJP+EIf7UsQBCKfhGR+YczO0r8bErebXUv7ZmaLK821UGCVdJa+KwxrzdwYULoik9MWXvUt7KpfKJCb2G4algw5SIhd3/joxtbg7/++6knlIgFfE1K9dDVEwq2Gslh09okBGfZVchPzZgcj/5rlPufOBSAfDHd3FmOQR4Ezr5ECyETztgeaACY3R0Flzh++G9RNTb8DkJkucxE21+lPfC2k3M+lKrQ+651dhHj/fxqQjwCrKyvjQI1HjId6VrvPgGgSpf2Sd6wVLNdi2dGfPg3jIUdfdl43xN332YpHBOhHAOoDZMVFjViZpYPR3H4McQOqgFPqdDsmd907fGeDB/hohdZYn0MQFevXvOFbTwznZ71o93mskDK/rj3/pFD8szaxyGGpI6JvvBytk7oMROLfFtEN2nSdpyIGKrzpjhCu/LFF6UJn8Vhz/jGDgr1NXby3Gs3Ota83pPJlUde1/wrI64ebZ5ZAH4dMX0kLy215Alq2Bkk3/SFS2E6C3LRPEeWSuj3U+3VjrNnOKXZbXd3OsOvxAl5br3KSeAs8WKc3hPCjBwyijxUjGbmZV/NtESKBCNUksSg4T/6pz3fnxw==
X-Forefront-Antispam-Report-Untrusted:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(7416002)(4326008)(2616005)(508600001)(26005)(956004)(186003)(66556008)(83380400001)(16576012)(30864003)(44832011)(2906002)(31686004)(966005)(38100700002)(316002)(5660300002)(53546011)(6486002)(66946007)(31696002)(66476007)(8936002)(8676002)(38350700002)(52116002)(86362001)(36756003)(45980500001)(43740500002);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3287
Original-Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=arm.com;
Return-Path: Sami.Mujawar@arm.com
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs:
4da43730-c8d6-4ea3-cf20-08d9b0277e3c
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
s3zrNelbq5WPkp+vZwuFWRA73Vzub6qn9N3x01MCdA+WpMfevtE48c+YpHqPcpxJyQQuF4uzwJDv8EeO9uDXiWegNP+D/VHdc8UGtU2m43Fuwu0PTj9fwYR/U2Mx+0NgeXYCVVgJFYYhi58qMpNuuxneQBOmU06GkAM1lhX76tbIsN/Rbdg5+DVT0EonppUhEKEg3T41E7K7sukG5XSkeubj4bOatjJ/5ZVBFxA4/4XsGH2Qy8K6zyTlCVovJc4+IywrT+vakqcCfxRCkhEiGLBIftxcXXBY3FnAcXXaUyvzmqollBiXE8fwY0n7GpiHDHHltQbw8L0OZP2UJZwTM7Rrv9Dq0cDXpuLvw2YwdPA9QSU25dgsHfVaq+jvqyZcxL7cNDb/H8XQe9e3l+2G5xL4mmKlfQA5bbaJlRhTIc31oqD9mSvCavNMOsSwjjfK3wH9oN2HapuwwFa1qmowz4g320q/6+5k+GqdlEfnOJA8Hc61h/PMetDYAgSV4mAwOJXWTS7s7JYL0GChPHGkn+burfyvE+yl+JaFiL6djYjiQzU/uDi0tbzvmlT6S0aZ+1KG6mk00ModZVvD5a5Um+6q1TPSkiXbbTyffYg/iYw33LFrg2ZO7XtSyOQZDY7a0hPiSr4lJrt6ye2Kk3a73ppfmyUvNdyjE233mU0Yte6TplGu48UtGSvyBhLph1+Lt9+pmdKmdh++MfsEs972/1QyLyFuPTh/CCpl3rEOx67mKSo33fueVGTFDCF5bPKpTSlQusLmCvMT+385s78erok0YlDfz+LbpvNJSBi5nHQqeSrnTVn3t0pcWZbkDDnFibyY6mE0hUaDmX+C/QZ2S6ddki5RGwYYQfVSb2Sypvo=
X-Forefront-Antispam-Report:
CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(36840700001)(46966006)(316002)(508600001)(16576012)(26005)(81166007)(8676002)(356005)(6486002)(53546011)(5660300002)(2616005)(86362001)(44832011)(8936002)(31696002)(83380400001)(186003)(82310400004)(336012)(966005)(36756003)(30864003)(956004)(36860700001)(70586007)(31686004)(2906002)(4326008)(47076005)(70206006)(43740500002);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Nov 2021 15:23:42.2318
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 372a2391-9d68-4141-78ae-08d9b0279065
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
DB5EUR03FT032.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3256
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Hi Leif,
Thank you for the feedback.
Please find my response inline marked [SAMI].
Regards,
Sami Mujawar
On 24/11/2021 01:01 PM, Leif Lindholm wrote:
> Hi Sami,
>
> On Tue, Nov 16, 2021 at 11:32:55 +0000, Sami Mujawar wrote:
>> Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
>>
>> The Arm True Random Number Generator Firmware, Interface 1.0,
>> Platform Design Document
>> (https://developer.arm.com/documentation/den0098/latest/)
>> defines an interface between an Operating System (OS) executing
>> at EL1 and Firmware (FW) exposing a conditioned entropy source
>> that is provided by a TRNG back end.
>>
>> The conditioned entropy, that is provided by the TRNG FW interface,
>> is commonly used to seed deterministic random number generators.
>>
>> This patch adds a TrngLib library that implements the Arm TRNG
>> firmware interface.
>>
>> Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
>> ---
>>
>> Notes:
>> v2:
>> - MdePkg\Include\Library\TrngLib.h is base type [LIMING]
>> library. It can use RETURN_STATUS instead of
>> EFI_STATUS.
>> - Replaced EFI_STATUS with RETURN_STATUS. [SAMI]
>> - MdePkg\Include\Library\TrngLib.h API parameter [LIMING]
>> doesn't require CONST. CONST means the value
>> specified by the input pointer will not be
>> changed in API implementation.
>> - Removed the use of constant pointers in the [SAMI]
>> TRNG API.
>>
>> ArmPkg/ArmPkg.dsc | 1 +
>> ArmPkg/Library/ArmFwTrngLib/ArmFwTrngDefs.h | 64 +++
>> ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.c | 483 ++++++++++++++++++++
>> ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf | 34 ++
>> 4 files changed, 582 insertions(+)
>>
>> diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc
>> index 59fd8f295d4f614cc68ee1021e691f94e279ab81..23df68c5eb53df11de5d96bde4949f3c833c9b2c 100644
>> --- a/ArmPkg/ArmPkg.dsc
>> +++ b/ArmPkg/ArmPkg.dsc
>> @@ -156,6 +156,7 @@ [Components.common]
>> ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.inf
>> ArmPkg/Drivers/ArmScmiDxe/ArmScmiDxe.inf
>>
>> + ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
>> ArmPkg/Universal/Smbios/ProcessorSubClassDxe/ProcessorSubClassDxe.inf
>> ArmPkg/Universal/Smbios/SmbiosMiscDxe/SmbiosMiscDxe.inf
>> ArmPkg/Universal/Smbios/OemMiscLibNull/OemMiscLibNull.inf
>> diff --git a/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngDefs.h b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngDefs.h
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..42236e743d972df0df205b1565496afeff5785f3
>> --- /dev/null
>> +++ b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngDefs.h
>> @@ -0,0 +1,64 @@
>> +/** @file
>> + Arm Firmware TRNG definitions.
>> +
>> + Copyright (c) 2021, Arm Limited. All rights reserved.<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> + @par Reference(s):
>> + - [1] Arm True Random Number Generator Firmware, Interface 1.0,
>> + Platform Design Document.
>> + (https://developer.arm.com/documentation/den0098/latest/)
>> +
>> + @par Glossary:
>> + - TRNG - True Random Number Generator
>> + - FID - Function ID
>> +**/
>> +
>> +#ifndef ARM_FW_TRNG_DEFS_H_
>> +#define ARM_FW_TRNG_DEFS_H_
>> +
>> +// Firmware TRNG interface Function IDs
>> +#define FID_TRNG_VERSION 0x84000050
>> +#define FID_TRNG_FEATURES 0x84000051
>> +#define FID_TRNG_GET_UUID 0x84000052
>> +#define FID_TRNG_RND_AARCH32 0x84000053
>> +#define FID_TRNG_RND_AARCH64 0xC4000053
> Do these belong in ArmStdSmc.h?
[SAMI] I will fix this in the next version.
>
>> +
>> +// Firmware TRNG revision mask and shift
>> +#define TRNG_REV_MAJOR_MASK 0x7FFF
>> +#define TRNG_REV_MINOR_MASK 0xFFFF
>> +#define TRNG_REV_MAJOR_SHIFT 16
>> +#define TRNG_REV_MINOR_SHIFT 0
>> +
>> +// Firmware TRNG status codes
>> +#define TRNG_STATUS_SUCCESS (INT32)(0)
>> +#define TRNG_NOT_SUPPORTED (INT32)(-1)
>> +#define TRNG_INVALID_PARAMETER (INT32)(-2)
>> +#define TRNG_NO_ENTROPY (INT32)(-3)
> And the rest of the stuff to here, really?
[SAMI] I will fix this in the next version.
>
>> +#if defined (MDE_CPU_ARM)
>> +/** FID to use on AArch32 platform to request entropy.
>> +*/
>> +#define FID_TRNG_RND FID_TRNG_RND_AARCH32
>> +
>> +/** Maximum bits of entropy supported on AArch32.
>> +*/
>> +#define MAX_ENTROPY_BITS 96
>> +#elif defined (MDE_CPU_AARCH64)
>> +/** FID to use on AArch64 platform to request entropy.
>> +*/
>> +#define FID_TRNG_RND FID_TRNG_RND_AARCH64
>> +
>> +/** Maximum bits of entropy supported on AArch64.
>> +*/
>> +#define MAX_ENTROPY_BITS 192
>> +#else
>> +#error "Firmware TRNG not supported. Unknown chipset."
>> +#endif
>> +
>> +/** Typedef for SMC or HVC arguments.
>> +*/
>> +typedef ARM_SMC_ARGS ARM_MONITOR_ARGS;
>> +
>> +#endif // ARM_FW_TRNG_DEFS_H_
>> diff --git a/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.c b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.c
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..314e7ffbc232ae90bbb77306f9c7113ce63012c8
>> --- /dev/null
>> +++ b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.c
>> @@ -0,0 +1,483 @@
>> +/** @file
>> + Arm Firmware TRNG interface library.
>> +
>> + Copyright (c) 2021, Arm Limited. All rights reserved.<BR>
>> +
>> + SPDX-License-Identifier: BSD-2-Clause-Patent
>> +
>> + @par Reference(s):
>> + - [1] Arm True Random Number Generator Firmware, Interface 1.0,
>> + Platform Design Document.
>> + (https://developer.arm.com/documentation/den0098/latest/)
>> + - [2] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
>> + for Random Number Generation Using Deterministic Random Bit Generators.
>> + (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
>> + - [3] NIST Special Publication 800-90B, Recommendation for the Entropy
>> + Sources Used for Random Bit Generation.
>> + (https://csrc.nist.gov/publications/detail/sp/800-90b/final)
>> + - [4] (Second Draft) NIST Special Publication 800-90C, Recommendation for
>> + Random Bit Generator (RBG) Constructions.
>> + (https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
>> +
>> + @par Glossary:
>> + - TRNG - True Random Number Generator
>> + - FID - Function ID
>> +**/
>> +
>> +#include <Base.h>
>> +#include <Library/ArmHvcLib.h>
>> +#include <Library/ArmLib.h>
>> +#include <Library/ArmSmcLib.h>
>> +#include <Library/BaseMemoryLib.h>
>> +#include <Library/DebugLib.h>
>> +
>> +#include "ArmFwTrngDefs.h"
>> +
>> +/** Convert TRNG status codes to EFI status codes.
>> +
>> + @param [in] TrngStatus TRNG status code.
>> +
>> + @retval RETURN_SUCCESS Success.
>> + @retval RETURN_UNSUPPORTED Function not implemented.
>> + @retval RETURN_INVALID_PARAMETER A parameter is invalid.
>> + @retval RETURN_NOT_READY No Entropy available.
>> +**/
>> +STATIC
>> +RETURN_STATUS
>> +TrngStatusToEfiStatus (
>> + IN INT32 TrngStatus
>> + )
>> +{
>> + switch (TrngStatus) {
>> + case TRNG_NOT_SUPPORTED:
>> + return RETURN_UNSUPPORTED;
>> +
>> + case TRNG_INVALID_PARAMETER:
>> + return RETURN_INVALID_PARAMETER;
>> +
>> + case TRNG_NO_ENTROPY:
>> + return RETURN_NOT_READY;
>> +
>> + case TRNG_STATUS_SUCCESS:
>> + default:
>> + return RETURN_SUCCESS;
>> + }
>> +}
>> +
>> +/** Invoke the monitor call using the appropriate conduit.
>> + If PcdMonitorConduitHvc is TRUE use the HVC conduit else use SMC conduit.
>> +
>> + @param [in, out] Args Arguments passed to and returned from the monitor.
>> +
>> + @return VOID
>> +**/
>> +STATIC
>> +VOID
>> +ArmCallMonitor (
>> + IN OUT ARM_MONITOR_ARGS *Args
>> + )
>> +{
>> + if (FeaturePcdGet (PcdMonitorConduitHvc)) {
>> + ArmCallHvc ((ARM_HVC_ARGS*)Args);
>> + } else {
>> + ArmCallSmc ((ARM_SMC_ARGS*)Args);
>> + }
>> +}
> Should this be in (a potentially renamed) ArmSmcLib?
[SAMI] Looking at ArmSmcLib and ArmHvcLib libraries there is not much
difference in the code other than the SMC/HVC call. Please let me know
if I should submit a patch to unify these in ArmMonitorLib?
The ArmCall<Smc|Hvc> APIs would still remain the same but moved to
ArmMonitorLib.
>
>> +
>> +/** Get the version of the TRNG backend.
>> +
>> + A TRNG may be implemented by the system firmware, in which case this
>> + function shall return the version of the TRNG backend.
>> + The implementation must return NOT_SUPPORTED if a Back end is not present.
>> +
>> + @param [out] MajorRevision Major revision.
>> + @param [out] MinorRevision Minor revision.
>> +
>> + @retval RETURN_SUCCESS The function completed successfully.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Backend not present.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +GetTrngVersion (
>> + OUT UINT16 *MajorRevision,
>> + OUT UINT16 *MinorRevision
>> + )
>> +{
>> + RETURN_STATUS Status;
>> + ARM_MONITOR_ARGS Parameters;
>> + INT32 Revision;
>> +
>> + if ((MajorRevision == NULL) || (MinorRevision == NULL)) {
>> + return RETURN_INVALID_PARAMETER;
>> + }
>> +
>> + ZeroMem (&Parameters, sizeof (Parameters));
>> +
>> + /*
>> + Cf. [1], 2.1 TRNG_VERSION
>> + Function ID (W0) 0x8400_0050
>> + Parameters
>> + W1-W7 Reserved (MBZ)
>> + Returns
>> + Success (W0 > 0) W0[31] MBZ
>> + W0[30:16] Major revision
>> + W0[15:0] Minor revision
>> + W1 - W3 Reserved (MBZ)
>> + Error (W0 < 0)
>> + NOT_SUPPORTED Function not implemented
>> + */
> I have a comment on the placement of API descriptions further down.
>
>> + Parameters.Arg0 = FID_TRNG_VERSION;
>> + ArmCallMonitor (&Parameters);
>> +
>> + Revision = (INT32)Parameters.Arg0;
>> + // Convert status codes to EFI status codes.
>> + Status = TrngStatusToEfiStatus (Revision);
>> + if (EFI_ERROR (Status)) {
>> + return Status;
>> + }
>> +
>> + *MinorRevision = (Revision & TRNG_REV_MINOR_MASK);
>> + *MajorRevision = ((Revision >> TRNG_REV_MAJOR_SHIFT) & TRNG_REV_MAJOR_MASK);
>> + return RETURN_SUCCESS;
>> +}
>> +
>> +#ifndef MDEPKG_NDEBUG
>> +/** Get the features supported by the TRNG backend.
>> +
>> + The caller can determine if functions defined in the TRNG ABI are
>> + present in the ABI implementation.
>> +
>> + @param [in] FunctionId Function Id.
>> + @param [out] Capability Function specific capability if present
>> + otherwise Zero is returned.
>> +
>> + @retval RETURN_SUCCESS The function completed successfully.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Function not implemented.
>> +**/
>> +STATIC
>> +RETURN_STATUS
>> +EFIAPI
>> +GetTrngFeatures (
>> + IN CONST UINT32 FunctionId,
>> + OUT UINT32 *Capability OPTIONAL
>> + )
>> +{
>> + ARM_MONITOR_ARGS Parameters;
>> +
>> + ZeroMem (&Parameters, sizeof (Parameters));
>> +
>> + /*
>> + Cf. [1], Section 2.2 TRNG_FEATURES
>> + Function ID (W0) 0x8400_0051
>> + Parameters
>> + W1 trng_func_id
>> + W2-W7 Reserved (MBZ)
>> + Returns
>> + Success (W0 >= 0)
>> + SUCCESS Function is implemented.
>> + > 0 Function is implemented and
>> + has specific capabilities,
>> + see function definition.
>> + Error (W0 < 0)
>> + NOT_SUPPORTED Function with FID=trng_func_id
>> + is not implemented
>> + */
> I have a comment on the placement of API descriptions further down.
>
>> + Parameters.Arg0 = FID_TRNG_FEATURES;
>> + Parameters.Arg1 = FunctionId;
>> + ArmCallMonitor (&Parameters);
>> + if (Parameters.Arg0 < TRNG_STATUS_SUCCESS) {
>> + return RETURN_UNSUPPORTED;
>> + }
>> +
>> + if (Capability != NULL) {
>> + *Capability = Parameters.Arg0;
>> + }
>> +
>> + return RETURN_SUCCESS;
>> +}
>> +#endif //MDEPKG_NDEBUG
>> +
>> +/** Get the UUID of the TRNG backend.
>> +
>> + A TRNG may be implemented by the system firmware, in which case this
>> + function shall return the UUID of the TRNG backend.
>> + Returning the TRNG UUID is optional and if not implemented, RETURN_UNSUPPORTED
>> + shall be returned.
>> +
>> + Note: The caller must not rely on the returned UUID as a trustworthy TRNG
>> + Back end identity
>> +
>> + @param [out] Guid UUID of the TRNG backend.
>> +
>> + @retval RETURN_SUCCESS The function completed successfully.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Function not implemented.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +GetTrngUuid (
>> + OUT GUID *Guid
>> + )
>> +{
>> + RETURN_STATUS Status;
>> + ARM_MONITOR_ARGS Parameters;
>> +
>> + ZeroMem (&Parameters, sizeof (Parameters));
>> +
>> + /*
>> + Cf. [1], Section 2.3 TRNG_GET_UUID
>> + Function ID (W0) 0x8400_0052
>> + Parameters
>> + W1-W7 Reserved (MBZ)
>> + Returns
>> + Success (W0 != -1)
>> + W0 UUID[31:0]
>> + W1 UUID[63:32]
>> + W2 UUID[95:64]
>> + W3 UUID[127:96]
>> + Error (W0 = -1)
>> + W0 NOT_SUPPORTED
>> + */
>> + Parameters.Arg0 = FID_TRNG_GET_UUID;
>> + ArmCallMonitor (&Parameters);
>> +
>> + // Convert status codes to EFI status codes.
>> + Status = TrngStatusToEfiStatus ((INT32)Parameters.Arg0);
>> + if (EFI_ERROR (Status)) {
>> + return Status;
>> + }
>> +
>> + Guid->Data1 = (Parameters.Arg0 & MAX_UINT32);
>> + Guid->Data2 = (Parameters.Arg1 & MAX_UINT16);
>> + Guid->Data3 = ((Parameters.Arg1 >> 16) & MAX_UINT16);
>> +
>> + Guid->Data4[0] = (Parameters.Arg2 & MAX_UINT8);
>> + Guid->Data4[1] = ((Parameters.Arg2 >> 8) & MAX_UINT8);
>> + Guid->Data4[2] = ((Parameters.Arg2 >> 16) & MAX_UINT8);
>> + Guid->Data4[3] = ((Parameters.Arg2 >> 24) & MAX_UINT8);
>> +
>> + Guid->Data4[4] = (Parameters.Arg3 & MAX_UINT8);
>> + Guid->Data4[5] = ((Parameters.Arg3 >> 8) & MAX_UINT8);
>> + Guid->Data4[6] = ((Parameters.Arg3 >> 16) & MAX_UINT8);
>> + Guid->Data4[7] = ((Parameters.Arg3 >> 24) & MAX_UINT8);
>> +
>> + DEBUG ((DEBUG_INFO, "FW-TRNG: UUID %g\n", Guid));
>> +
>> + return RETURN_SUCCESS;
>> +}
>> +
>> +/** Returns maximum number of entropy bits that can be returned in a single
>> + call.
>> +
>> + @return Returns the maximum number of Entropy bits that can be returned
>> + in a single call to GetEntropy().
>> +**/
>> +UINTN
>> +EFIAPI
>> +GetTrngMaxSupportedEntropyBits (
>> + VOID
>> + )
>> +{
>> + return MAX_ENTROPY_BITS;
>> +}
>> +
>> +/** Returns N bits of conditioned entropy.
>> +
>> + See [3] Section 2.3.1 GetEntropy: An Interface to the Entropy Source
>> + GetEntropy
>> + Input:
>> + bits_of_entropy: the requested amount of entropy
>> + Output:
>> + entropy_bitstring: The string that provides the requested entropy.
>> + status: A Boolean value that is TRUE if the request has been satisfied,
>> + and is FALSE otherwise.
>> +
>> + Note: In this implementation this function returns a status code instead
>> + of a boolean value.
>> + This is also compatible with the definition of Get_Entropy, see [2]
>> + Section 7.4 Entropy Source Calls.
>> + (status, entropy_bitstring) = Get_Entropy (
>> + requested_entropy,
>> + max_length
>> + )
>> +
>> + @param [in] EntropyBits Number of entropy bits requested.
>> + @param [out] Buffer Buffer to return the entropy bits.
>> + @param [in] BufferSize Size of the Buffer in bytes.
>> +
>> + @retval RETURN_SUCCESS The function completed successfully.
>> + @retval RETURN_INVALID_PARAMETER Invalid parameter.
>> + @retval RETURN_UNSUPPORTED Function not implemented.
>> + @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small.
>> + @retval RETURN_NOT_READY No Entropy available.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +GetEntropy (
>> + IN CONST UINTN EntropyBits,
>> + OUT UINT8 *Buffer,
>> + IN CONST UINTN BufferSize
>> + )
>> +{
>> + RETURN_STATUS Status;
>> + ARM_MONITOR_ARGS Parameters;
>> + UINTN EntropyBytes;
>> + UINTN LastValidBits;
>> + UINTN ArgSelector;
>> + UINTN BytesToClear;
>> +
>> + // [1] Section 2.4.3 Caller responsibilities.
>> + // The caller cannot request more than MAX_BITS bits of conditioned
>> + // entropy per call.
> Comment is redundant, code is clearer without it.
>
>> + if ((EntropyBits == 0) || (EntropyBits > MAX_ENTROPY_BITS)) {
>> + return RETURN_INVALID_PARAMETER;
>> + }
>> +
>> + EntropyBytes = (EntropyBits + 7) >> 3;
>> + if (EntropyBytes > BufferSize) {
> Not for later: we're verifying the value of EntropyBytes here - if
> there are more aspects of it that need verifying, that should also be
> done here.
>
>> + return RETURN_BAD_BUFFER_SIZE;
>> + }
>> +
>> + ZeroMem (Buffer, BufferSize);
>> + ZeroMem (&Parameters, sizeof (Parameters));
>> +
>> + /*
>> + Cf. [1], Section 2.4 TRNG_RND
>> + Function ID (W0) 0x8400_0053
>> + 0xC400_0053
>> + SMC32 Parameters
>> + W1 N bits of entropy (1 6 N 6 96)
>> + W2-W7 Reserved (MBZ)
>> + SMC64 Parameters
>> + X1 N bits of entropy (1 6 N 6 192)
>> + X2-X7 Reserved (MBZ)
>> + SMC32 Returns
>> + Success (W0 = 0):
>> + W0 MBZ
>> + W1 Entropy[95:64]
>> + W2 Entropy[63:32]
>> + W3 Entropy[31:0]
>> + Error (W0 < 0)
>> + W0 NOT_SUPPORTED
>> + NO_ENTROPY
>> + INVALID_PARAMETERS
>> + W1 - W3 Reserved (MBZ)
>> + SMC64 Returns
>> + Success (X0 = 0):
>> + X0 MBZ
>> + X1 Entropy[191:128]
>> + X2 Entropy[127:64]
>> + X3 Entropy[63:0]
>> + Error (X0 < 0)
>> + X0 NOT_SUPPORTED
>> + NO_ENTROPY
>> + INVALID_PARAMETERS
>> + X1 - X3 Reserved (MBZ)
>> + */
> The above comment block completely wrecks the readability of the
> function.
>
> Would suggest putting it in the header file describing the monitor
> call. For our SIP SVC calls, we've done this in the following form:
>
> /*
> * SMC call to retrieve number of CPUs present in the system.
> * Input values:
> * x0: NUVIA_SIP_GET_NUM_CPUS
> * Return values:
> * x0: SMC_OK
> * x1: Number of CPUs present
> */
> #define NUVIA_SIP_GET_NUM_CPUS SIP_FUNCTION_ID(0x20)
>
> (Where SIP_FUNCTION_ID is one of a set of macros I should submit for
> addition to ArmStdSmc.h)
>
>> + Parameters.Arg0 = FID_TRNG_RND;
>> + Parameters.Arg1 = EntropyBits;
>> + ArmCallMonitor (&Parameters);
>> +
>> + // Convert status codes to EFI status codes.
> Function name already says this, comment redundant.
>
>> + Status = TrngStatusToEfiStatus ((INT32)Parameters.Arg0);
>> + if (EFI_ERROR (Status)) {
>> + return Status;
>> + }
>> +
> From here
>
>> + // Extract Data
>> + // ArgSelector = ((EntropyBytes + 3) >> 2); for AArch32
>> + // ArgSelector = ((EntropyBytes + 7) >> 3); for AArch64
>> + // ((sizeof (UINTN) >> 2) + 1) is 3 or 2 depending on size of UINTN
>> + ArgSelector = ((EntropyBytes + (sizeof (UINTN) - 1)) >>
>> + ((sizeof (UINTN) >> 2) + 1));
>> +
>> + switch (ArgSelector) {
>> + case 3:
>> + CopyMem (&Buffer[(sizeof (UINTN) * 2)], &Parameters.Arg1, sizeof (UINTN));
>> +
>> + case 2:
>> + CopyMem (&Buffer[sizeof (UINTN)], &Parameters.Arg2, sizeof (UINTN));
>> +
>> + case 1:
>> + CopyMem (&Buffer[0], &Parameters.Arg3, sizeof (UINTN));
>> + break;
>> +
>> + default:
>> + ASSERT (0);
>> + return RETURN_INVALID_PARAMETER;
>> + } // switch
> to here ... I'm not convinced you yourself would be able to read or
> explain this code a few months down the line.
>
> Is there a strong reason for why Buffer cannot be a UINTN *?
[SAMI] The specification allows to request minimum 1 bit of entropy
(although I don't think there would be a use case for this). Therefore,
I selected UINT8.
However, I agree the logic is complex. I will simplify this code.
>
> I think what this code is doing can equally be written as:
>
> Buffer[0] = Parameters.Arg3;
> if ((EntropyBytes / sizeof (UINTN)) > 1) {
> Buffer[1] = Parameters.Arg2;
> }
> if ((EntropyBytes / sizeof (UINTN)) > 2) {
> Buffer[2] = Parameters.Arg1;
> }
>
>> +
>> +
>> + // [1] Section 2.4.3 Caller responsibilities.
>> + // The caller must ensure that only the value in Entropy[N-1:0] is consumed
>> + // and that the remaining bits in Entropy[MAX_BITS-1:N] are ignored.
>> + // Therefore, Clear the unused upper bytes.
> This is source code, not the specification.
>
> // Mask off any unused top bytes, in accordance with specification
>
> is sufficient as a comment.
[SAMI] I will fix this and the other comments in the next revision.
>
> /
> Leif
>
>> + BytesToClear = (sizeof (UINTN) * ArgSelector) - EntropyBytes;
>> + if (BytesToClear != 0) {
>> + ZeroMem (&Buffer[EntropyBytes], BytesToClear);
>> + }
>> +
>> + // Clear the unused MSB bits of the last byte.
>> + LastValidBits = EntropyBits & 0x7;
>> + if (LastValidBits != 0) {
>> + Buffer[EntropyBytes - 1] &= (0xFF >> (8 - LastValidBits));
>> + }
>> +
>> + return Status;
>> +}
>> +
>> +/** The constructor checks that the FW-TRNG interface is supported
>> + by the host firmware.
>> +
>> + It will ASSERT() if FW-TRNG is not supported.
>> + It will always return RETURN_SUCCESS.
>> +
>> + @retval RETURN_SUCCESS The constructor always returns RETURN_SUCCESS.
>> +**/
>> +RETURN_STATUS
>> +EFIAPI
>> +ArmFwTrngLibConstructor (
>> + VOID
>> + )
>> +{
>> + RETURN_STATUS Status;
>> + UINT16 MajorRev;
>> + UINT16 MinorRev;
>> + GUID Guid;
>> +
>> + Status = GetTrngVersion (&MajorRev, &MinorRev);
>> + if (EFI_ERROR (Status)) {
>> + return RETURN_SUCCESS;
>> + }
>> +
>> +#ifndef MDEPKG_NDEBUG
>> + // Check that the required features are present.
>> + Status = GetTrngFeatures (FID_TRNG_RND, NULL);
>> + if (EFI_ERROR (Status)) {
>> + return RETURN_SUCCESS;
>> + }
>> +
>> + // Check if TRNG UUID is supported and if so trace the GUID.
>> + Status = GetTrngFeatures (FID_TRNG_GET_UUID, NULL);
>> + if (EFI_ERROR (Status)) {
>> + return RETURN_SUCCESS;
>> + }
>> +#endif
>> +
>> + Status = GetTrngUuid (&Guid);
>> + if (EFI_ERROR (Status)) {
>> + return RETURN_SUCCESS;
>> + }
>> +
>> + DEBUG ((
>> + DEBUG_INFO,
>> + "FW-TRNG: Version %d.%d, GUID {%g}\n",
>> + MajorRev,
>> + MinorRev,
>> + Guid
>> + ));
>> +
>> + return RETURN_SUCCESS;
>> +}
>> diff --git a/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
>> new file mode 100644
>> index 0000000000000000000000000000000000000000..4b2c58251fbe8fbcb5af308736db014e8d954720
>> --- /dev/null
>> +++ b/ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
>> @@ -0,0 +1,34 @@
>> +## @file
>> +# Arm Firmware TRNG interface library.
>> +#
>> +# Copyright (c) 2021, Arm Limited. All rights reserved.<BR>
>> +#
>> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>> +##
>> +
>> +[Defines]
>> + INF_VERSION = 0x0001001B
>> + BASE_NAME = ArmFwTrngLib
>> + FILE_GUID = 10DE97C9-28E4-4C9B-A53E-8D7D1B0DD4E0
>> + VERSION_STRING = 1.0
>> + MODULE_TYPE = BASE
>> + LIBRARY_CLASS = TrngLib
>> + CONSTRUCTOR = ArmFwTrngLibConstructor
>> +
>> +[Sources]
>> + ArmFwTrngDefs.h
>> + ArmFwTrngLib.c
>> +
>> +[Packages]
>> + ArmPkg/ArmPkg.dec
>> + MdePkg/MdePkg.dec
>> +
>> +[LibraryClasses]
>> + ArmSmcLib
>> + ArmHvcLib
>> + BaseLib
>> + BaseMemoryLib
>> +
>> +[Pcd]
>> + gArmTokenSpaceGuid.PcdMonitorConduitHvc
>> +
>> --
>> 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
>>
>>
>>
>>
>>
>>