[PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[Rebecca Cran]

Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
the AARCH64 RNDR instruction.

Changes from v2 to v3:

o Fixed the default value of gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
  to be an empty GUID.
o Removed RNDRRS since it wasn't being used.
o Fixed the commit message to remove mention of BaseLib.

Rebecca Cran (2):
  MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
  SecurityPkg: Add support for RngDxe on AARCH64

 MdePkg/MdePkg.dec                                             |   9 +-
 SecurityPkg/SecurityPkg.dec                                   |   2 +
 MdePkg/MdePkg.dsc                                             |   4 +-
 SecurityPkg/SecurityPkg.dsc                                   |  11 +-
 MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |  23 ++-
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h                    |  43 +++++
 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |  78 +++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117 ++++++++++++++
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      | 139 ++++++++++++++++
 MdePkg/Library/BaseRngLib/BaseRng.c                           |  87 +++++-----
 MdePkg/Library/BaseRngLib/Rand/RdRand.c                       | 131 +++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127 +++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-----
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146 +++++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170 ++++++++------------
 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |  31 ++++
 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |  30 ++++
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S                    |  37 +++++
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm                  |  39 +++++
 MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |   6 +-
 24 files changed, 1086 insertions(+), 230 deletions(-)
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
 create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
 rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h (100%)
 rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h (72%)
 create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
 create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
 create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
 rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c (100%)
 rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c (71%)
 create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
 create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm

-- 
2.26.2

[PATCH v3 1/2] MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions

[Rebecca Cran]

Make BaseRngLib more generic by moving x86-specific functionality into
'Rand' and adding files under 'AArch64' to support the optional ARMv8.5
RNG instruction RNDR that is a part of FEAT_RNG.

Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
---
 MdePkg/MdePkg.dec                                    |   9 +-
 MdePkg/MdePkg.dsc                                    |   4 +-
 MdePkg/Library/BaseRngLib/BaseRngLib.inf             |  23 +++-
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h           |  43 ++++++
 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h      |  78 +++++++++++
 MdePkg/Library/BaseRngLib/AArch64/Rndr.c             | 139 ++++++++++++++++++++
 MdePkg/Library/BaseRngLib/BaseRng.c                  |  87 ++++++------
 MdePkg/Library/BaseRngLib/Rand/RdRand.c              | 131 ++++++++++++++++++
 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S   |  31 +++++
 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm |  30 +++++
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S           |  37 ++++++
 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm         |  39 ++++++
 MdePkg/Library/BaseRngLib/BaseRngLib.uni             |   6 +-
 13 files changed, 603 insertions(+), 54 deletions(-)

diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 8965e903e093..b49f88d8e18f 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -267,6 +267,11 @@ [LibraryClasses]
   #
   RegisterFilterLib|Include/Library/RegisterFilterLib.h
 
+[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
+  ##  @libraryclass  Provides services to generate random number.
+  #
+  RngLib|Include/Library/RngLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64]
   ##  @libraryclass  Abstracts both S/W SMI generation and detection.
   ##
@@ -288,10 +293,6 @@ [LibraryClasses.IA32, LibraryClasses.X64]
   #
   SmmPeriodicSmiLib|Include/Library/SmmPeriodicSmiLib.h
 
-  ##  @libraryclass  Provides services to generate random number.
-  #
-  RngLib|Include/Library/RngLib.h
-
   ##  @libraryclass  Provides services to log the SMI handler registration.
   SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h
 
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index d363419006ea..a94959169b2f 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -145,6 +145,9 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibSmm.inf
   MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibUefiShell.inf
 
+[Components.IA32, Components.X64, Components.AARCH64]
+  MdePkg/Library/BaseRngLib/BaseRngLib.inf
+
 [Components.IA32, Components.X64]
   MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
   MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
@@ -168,7 +171,6 @@ [Components.IA32, Components.X64]
   MdePkg/Library/BaseS3StallLib/BaseS3StallLib.inf
   MdePkg/Library/SmmMemLib/SmmMemLib.inf
   MdePkg/Library/SmmIoLib/SmmIoLib.inf
-  MdePkg/Library/BaseRngLib/BaseRngLib.inf
   MdePkg/Library/SmmPciExpressLib/SmmPciExpressLib.inf
   MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.inf
   MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
index 31740751c69c..1fcceb941495 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
@@ -1,9 +1,10 @@
 ## @file
 #  Instance of RNG (Random Number Generator) Library.
 #
-#  BaseRng Library that uses CPU RdRand instruction access to provide
-#  high-quality random numbers.
+#  BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
+#  provide random numbers.
 #
+#  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
 #  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
 #
 #  SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -22,11 +23,25 @@ [Defines]
   CONSTRUCTOR                    = BaseRngLibConstructor
 
 #
-#  VALID_ARCHITECTURES           = IA32 X64
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
 #
 
-[Sources.Ia32, Sources.X64]
+[Sources]
   BaseRng.c
+  BaseRngLibInternals.h
+
+[Sources.Ia32, Sources.X64]
+  Rand/RdRand.c
+
+[Sources.AARCH64]
+  AArch64/Rndr.c
+  AArch64/ArmRng.h
+
+  AArch64/ArmReadIdIsar0.S   | GCC
+  AArch64/ArmRng.S           | GCC
+
+  AArch64/ArmReadIdIsar0.asm | MSFT
+  AArch64/ArmRng.asm         | MSFT
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
new file mode 100644
index 000000000000..a597e98bf0d5
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
@@ -0,0 +1,43 @@
+/** @file
+  Random number generator service that uses the RNDR instruction
+  to provide pseudorandom numbers.
+
+  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef ARM_RNG_H_
+#define ARM_RNG_H_
+
+/**
+  Generates a random number using RNDR.
+  Returns TRUE on success; FALSE on failure.
+
+  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArmRndr (
+  OUT UINT64 *Rand
+  );
+
+/**
+  Reads the ID_AA64ISAR0 Register.
+
+  @return The contents of the ID_AA64ISAR0 register.
+
+**/
+UINT64
+EFIAPI
+ArmReadIdIsar0 (
+  VOID
+  );
+
+#endif /* ARM_RNG_H_ */
+
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
new file mode 100644
index 000000000000..b6b4e9eef227
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
@@ -0,0 +1,78 @@
+/** @file
+
+  Architecture specific interface to RNG functionality.
+
+Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef BASE_RNGLIB_INTERNALS_H_
+
+/**
+  Generates a 16-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 16-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+  OUT UINT16 *Rand
+  );
+
+/**
+  Generates a 32-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 32-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+  OUT UINT32 *Rand
+  );
+
+/**
+  Generates a 64-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+  OUT UINT64 *Rand
+  );
+
+/**
+  Checks whether the RNG instruction is supported.
+
+  @retval TRUE         RNG instruction is supported.
+  @retval FALSE        RNG instruction is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ArchIsRngSupported (
+  VOID
+  );
+
+#if defined (MDE_CPU_AARCH64)
+
+// RNDR, Random Number
+#define RNDR      S3_3_C2_C4_0
+
+#endif
+
+#endif    // BASE_RNGLIB_INTERNALS_H_
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
new file mode 100644
index 000000000000..c9f8c813ed35
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
@@ -0,0 +1,139 @@
+/** @file
+  Random number generator service that uses the RNDR instruction
+  to provide pseudorandom numbers.
+
+  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+
+#include "ArmRng.h"
+#include "BaseRngLibInternals.h"
+
+STATIC BOOLEAN mRndrSupported;
+
+//
+// Bit mask used to determine if RNDR instruction is supported.
+//
+#define RNDR_MASK                  ((UINT64)MAX_UINT16 << 60U)
+
+/**
+  The constructor function checks whether or not RNDR instruction is supported
+  by the host hardware.
+
+  The constructor function checks whether or not RNDR instruction is supported.
+  It will ASSERT() if RNDR instruction is not supported.
+  It will always return EFI_SUCCESS.
+
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseRngLibConstructor (
+  VOID
+  )
+{
+  UINT64 Isar0;
+  //
+  // Determine RNDR support by examining bits 63:60 of the ISAR0 register returned by
+  // MSR. A non-zero value indicates that the processor supports the RNDR instruction.
+  //
+  Isar0 = ArmReadIdIsar0 ();
+  ASSERT ((Isar0 & RNDR_MASK) != 0);
+
+  mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Generates a 16-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 16-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+  OUT     UINT16                    *Rand
+  )
+{
+  UINT64 Rand64;
+
+  if (ArchGetRandomNumber64 (&Rand64)) {
+    *Rand = Rand64 & MAX_UINT16;
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+  Generates a 32-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 32-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+  OUT     UINT32                    *Rand
+  )
+{
+  UINT64 Rand64;
+
+  if (ArchGetRandomNumber64 (&Rand64)) {
+    *Rand = Rand64 & MAX_UINT32;
+    return TRUE;
+  }
+
+  return FALSE;
+}
+
+/**
+  Generates a 64-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+  OUT     UINT64                    *Rand
+  )
+{
+  return ArmRndr (Rand);
+}
+
+/**
+  Checks whether RNDR is supported.
+
+  @retval TRUE         RNDR is supported.
+  @retval FALSE        RNDR is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ArchIsRngSupported (
+  VOID
+  )
+{
+  return mRndrSupported;
+}
diff --git a/MdePkg/Library/BaseRngLib/BaseRng.c b/MdePkg/Library/BaseRngLib/BaseRng.c
index 7ad7aec9d38f..5b63d8f7146b 100644
--- a/MdePkg/Library/BaseRngLib/BaseRng.c
+++ b/MdePkg/Library/BaseRngLib/BaseRng.c
@@ -1,8 +1,10 @@
 /** @file
-  Random number generator services that uses RdRand instruction access
-  to provide high-quality random numbers.
+  Random number generator services that uses CPU RNG instructions to
+  provide random numbers.
 
+Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -10,46 +12,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/BaseLib.h>
 #include <Library/DebugLib.h>
 
-//
-// Bit mask used to determine if RdRand instruction is supported.
-//
-#define RDRAND_MASK                  BIT30
+#include "BaseRngLibInternals.h"
 
 //
 // Limited retry number when valid random data is returned.
 // Uses the recommended value defined in Section 7.3.17 of "Intel 64 and IA-32
-// Architectures Software Developer's Mannual".
+// Architectures Software Developer's Manual".
 //
-#define RDRAND_RETRY_LIMIT           10
+#define GETRANDOM_RETRY_LIMIT           10
 
-/**
-  The constructor function checks whether or not RDRAND instruction is supported
-  by the host hardware.
-
-  The constructor function checks whether or not RDRAND instruction is supported.
-  It will ASSERT() if RDRAND instruction is not supported.
-  It will always return RETURN_SUCCESS.
-
-  @retval RETURN_SUCCESS   The constructor always returns EFI_SUCCESS.
-
-**/
-RETURN_STATUS
-EFIAPI
-BaseRngLibConstructor (
-  VOID
-  )
-{
-  UINT32  RegEcx;
-
-  //
-  // Determine RDRAND support by examining bit 30 of the ECX register returned by
-  // CPUID. A value of 1 indicates that processor support RDRAND instruction.
-  //
-  AsmCpuid (1, 0, 0, &RegEcx, 0);
-  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
-
-  return RETURN_SUCCESS;
-}
 
 /**
   Generates a 16-bit random number.
@@ -72,11 +43,19 @@ GetRandomNumber16 (
 
   ASSERT (Rand != NULL);
 
+  if (Rand == NULL) {
+    return FALSE;
+  }
+
+  if (!ArchIsRngSupported ()) {
+    return FALSE;
+  }
+
   //
   // A loop to fetch a 16 bit random value with a retry count limit.
   //
-  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
-    if (AsmRdRand16 (Rand)) {
+  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+    if (ArchGetRandomNumber16 (Rand)) {
       return TRUE;
     }
   }
@@ -105,11 +84,19 @@ GetRandomNumber32 (
 
   ASSERT (Rand != NULL);
 
+  if (Rand == NULL) {
+    return FALSE;
+  }
+
+  if (!ArchIsRngSupported ()) {
+    return FALSE;
+  }
+
   //
   // A loop to fetch a 32 bit random value with a retry count limit.
   //
-  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
-    if (AsmRdRand32 (Rand)) {
+  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+    if (ArchGetRandomNumber32 (Rand)) {
       return TRUE;
     }
   }
@@ -138,11 +125,19 @@ GetRandomNumber64 (
 
   ASSERT (Rand != NULL);
 
+  if (Rand == NULL) {
+    return FALSE;
+  }
+
+  if (!ArchIsRngSupported ()) {
+    return FALSE;
+  }
+
   //
   // A loop to fetch a 64 bit random value with a retry count limit.
   //
-  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
-    if (AsmRdRand64 (Rand)) {
+  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
+    if (ArchGetRandomNumber64 (Rand)) {
       return TRUE;
     }
   }
@@ -169,6 +164,14 @@ GetRandomNumber128 (
 {
   ASSERT (Rand != NULL);
 
+  if (Rand == NULL) {
+    return FALSE;
+  }
+
+  if (!ArchIsRngSupported ()) {
+    return FALSE;
+  }
+
   //
   // Read first 64 bits
   //
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
new file mode 100644
index 000000000000..09fb875ac3f9
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -0,0 +1,131 @@
+/** @file
+  Random number generator services that uses RdRand instruction access
+  to provide high-quality random numbers.
+
+Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+
+#include "BaseRngLibInternals.h"
+
+//
+// Bit mask used to determine if RdRand instruction is supported.
+//
+#define RDRAND_MASK                  BIT30
+
+
+STATIC BOOLEAN mRdRandSupported;
+
+/**
+  The constructor function checks whether or not RDRAND instruction is supported
+  by the host hardware.
+
+  The constructor function checks whether or not RDRAND instruction is supported.
+  It will ASSERT() if RDRAND instruction is not supported.
+  It will always return EFI_SUCCESS.
+
+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseRngLibConstructor (
+  VOID
+  )
+{
+  UINT32  RegEcx;
+
+  //
+  // Determine RDRAND support by examining bit 30 of the ECX register returned by
+  // CPUID. A value of 1 indicates that processor support RDRAND instruction.
+  //
+  AsmCpuid (1, 0, 0, &RegEcx, 0);
+  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+
+  mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Generates a 16-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 16-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber16 (
+  OUT     UINT16                    *Rand
+  )
+{
+  return AsmRdRand16 (Rand);
+}
+
+/**
+  Generates a 32-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 32-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber32 (
+  OUT     UINT32                    *Rand
+  )
+{
+  return AsmRdRand32 (Rand);
+}
+
+/**
+  Generates a 64-bit random number.
+
+  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+
+  @retval TRUE         Random number generated successfully.
+  @retval FALSE        Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+ArchGetRandomNumber64 (
+  OUT     UINT64                    *Rand
+  )
+{
+  return AsmRdRand64 (Rand);
+}
+
+/**
+  Checks whether RDRAND is supported.
+
+  @retval TRUE         RDRAND is supported.
+  @retval FALSE        RDRAND is not supported.
+
+**/
+BOOLEAN
+EFIAPI
+ArchIsRngSupported (
+  VOID
+  )
+{
+  /*
+     Existing software depends on this always returning TRUE, so for
+     now hard-code it.
+
+     return mRdRandSupported;
+  */
+  return TRUE;
+}
diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
new file mode 100644
index 000000000000..82a00d362212
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
@@ -0,0 +1,31 @@
+#------------------------------------------------------------------------------
+#
+# ArmReadIdIsar0() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#------------------------------------------------------------------------------
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmReadIdIsar0)
+
+#/**
+#  Reads the ID_AA64ISAR0 Register.
+#
+#  @return The contents of the ID_AA64ISAR0 register.
+#
+#**/
+#UINT64
+#EFIAPI
+#ArmReadIdIsar0 (
+#  VOID
+#  );
+#
+ASM_PFX(ArmReadIdIsar0):
+  mrs  x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+  ret
+
+
diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
new file mode 100644
index 000000000000..1d9f9a808c0c
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
@@ -0,0 +1,30 @@
+;------------------------------------------------------------------------------
+;
+; ArmReadIdIsar0() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;------------------------------------------------------------------------------
+
+  EXPORT ArmReadIdIsar0
+  AREA BaseLib_LowLevel, CODE, READONLY
+
+;/**
+;  Reads the ID_AA64ISAR0 Register.
+;
+; @return The contents of the ID_AA64ISAR0 register.
+;
+;**/
+;UINT64
+;EFIAPI
+;ArmReadIdIsar0 (
+;  VOID
+;  );
+;
+ArmReadIdIsar0
+  mrs  x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
+  ret
+
+  END
diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
new file mode 100644
index 000000000000..5159f467e3a6
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
@@ -0,0 +1,37 @@
+#------------------------------------------------------------------------------
+#
+# ArmRndr() for AArch64
+#
+# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#------------------------------------------------------------------------------
+
+#include "BaseRngLibInternals.h"
+
+.text
+.p2align 2
+GCC_ASM_EXPORT(ArmRndr)
+
+#/**
+#  Generates a random number using RNDR.
+#  Returns TRUE on success; FALSE on failure.
+#
+#  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+#
+#  @retval TRUE         Random number generated successfully.
+#  @retval FALSE        Failed to generate the random number.
+#
+#**/
+#BOOLEAN
+#EFIAPI
+#ArmRndr (
+#  OUT UINT64 *Rand
+#  );
+#
+ASM_PFX(ArmRndr):
+  mrs  x1, RNDR
+  str  x1, [x0]
+  cset x0, ne    // RNDR sets NZCV to 0b0100 on failure
+  ret
diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
new file mode 100644
index 000000000000..33144196cb54
--- /dev/null
+++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
@@ -0,0 +1,39 @@
+;------------------------------------------------------------------------------
+;
+; ArmRndr() for AArch64
+;
+; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+;
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;
+;------------------------------------------------------------------------------
+
+#include "BaseRngLibInternals.h"
+
+  EXPORT ArmRndr
+  AREA BaseLib_LowLevel, CODE, READONLY
+
+
+;/**
+;  Generates a random number using RNDR.
+;  Returns TRUE on success; FALSE on failure.
+;
+;  @param[out] Rand     Buffer pointer to store the 64-bit random value.
+;
+;  @retval TRUE         Random number generated successfully.
+;  @retval FALSE        Failed to generate the random number.
+;
+;**/
+;BOOLEAN
+;EFIAPI
+;ArmRndr (
+;  OUT UINT64 *Rand
+;  );
+;
+ArmRndr
+  mrs  x1, RNDR
+  str  x1, [x0]
+  cset x0, ne    // RNDR sets NZCV to 0b0100 on failure
+  ret
+
+  END
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.uni b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
index f3ed954c5209..de5d4f9dd869 100644
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.uni
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
@@ -1,8 +1,8 @@
 // /** @file
 // Instance of RNG (Random Number Generator) Library.
 //
-// BaseRng Library that uses CPU RdRand instruction access to provide
-// high-quality random numbers.
+// BaseRng Library that uses CPU RNG instructions to provide
+// random numbers.
 //
 // Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
 //
@@ -13,5 +13,5 @@
 
 #string STR_MODULE_ABSTRACT             #language en-US "Instance of RNG Library"
 
-#string STR_MODULE_DESCRIPTION          #language en-US "BaseRng Library that uses CPU RdRand instruction access to provide high-quality random numbers"
+#string STR_MODULE_DESCRIPTION          #language en-US "BaseRng Library that uses CPU RNG instructions to provide random numbers"
 
-- 
2.26.2

Re: [PATCH v3 1/2] MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions

[Sami Mujawar]

This patch looks good to me.

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar


On 10/05/2021 10:53 PM, Rebecca Cran wrote:
> Make BaseRngLib more generic by moving x86-specific functionality into
> 'Rand' and adding files under 'AArch64' to support the optional ARMv8.5
> RNG instruction RNDR that is a part of FEAT_RNG.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
>   MdePkg/MdePkg.dec                                    |   9 +-
>   MdePkg/MdePkg.dsc                                    |   4 +-
>   MdePkg/Library/BaseRngLib/BaseRngLib.inf             |  23 +++-
>   MdePkg/Library/BaseRngLib/AArch64/ArmRng.h           |  43 ++++++
>   MdePkg/Library/BaseRngLib/BaseRngLibInternals.h      |  78 +++++++++++
>   MdePkg/Library/BaseRngLib/AArch64/Rndr.c             | 139 ++++++++++++++++++++
>   MdePkg/Library/BaseRngLib/BaseRng.c                  |  87 ++++++------
>   MdePkg/Library/BaseRngLib/Rand/RdRand.c              | 131 ++++++++++++++++++
>   MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S   |  31 +++++
>   MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm |  30 +++++
>   MdePkg/Library/BaseRngLib/AArch64/ArmRng.S           |  37 ++++++
>   MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm         |  39 ++++++
>   MdePkg/Library/BaseRngLib/BaseRngLib.uni             |   6 +-
>   13 files changed, 603 insertions(+), 54 deletions(-)
>
> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
> index 8965e903e093..b49f88d8e18f 100644
> --- a/MdePkg/MdePkg.dec
> +++ b/MdePkg/MdePkg.dec
> @@ -267,6 +267,11 @@ [LibraryClasses]
>     #
>     RegisterFilterLib|Include/Library/RegisterFilterLib.h
>
> +[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
> +  ##  @libraryclass  Provides services to generate random number.
> +  #
> +  RngLib|Include/Library/RngLib.h
> +
>   [LibraryClasses.IA32, LibraryClasses.X64]
>     ##  @libraryclass  Abstracts both S/W SMI generation and detection.
>     ##
> @@ -288,10 +293,6 @@ [LibraryClasses.IA32, LibraryClasses.X64]
>     #
>     SmmPeriodicSmiLib|Include/Library/SmmPeriodicSmiLib.h
>
> -  ##  @libraryclass  Provides services to generate random number.
> -  #
> -  RngLib|Include/Library/RngLib.h
> -
>     ##  @libraryclass  Provides services to log the SMI handler registration.
>     SmiHandlerProfileLib|Include/Library/SmiHandlerProfileLib.h
>
> diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
> index d363419006ea..a94959169b2f 100644
> --- a/MdePkg/MdePkg.dsc
> +++ b/MdePkg/MdePkg.dsc
> @@ -145,6 +145,9 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
>     MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibSmm.inf
>     MdePkg/Test/UnitTest/Library/BaseSafeIntLib/TestBaseSafeIntLibUefiShell.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> +  MdePkg/Library/BaseRngLib/BaseRngLib.inf
> +
>   [Components.IA32, Components.X64]
>     MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf
>     MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicSev.inf
> @@ -168,7 +171,6 @@ [Components.IA32, Components.X64]
>     MdePkg/Library/BaseS3StallLib/BaseS3StallLib.inf
>     MdePkg/Library/SmmMemLib/SmmMemLib.inf
>     MdePkg/Library/SmmIoLib/SmmIoLib.inf
> -  MdePkg/Library/BaseRngLib/BaseRngLib.inf
>     MdePkg/Library/SmmPciExpressLib/SmmPciExpressLib.inf
>     MdePkg/Library/SmiHandlerProfileLibNull/SmiHandlerProfileLibNull.inf
>     MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf
> diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
> index 31740751c69c..1fcceb941495 100644
> --- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
> +++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
> @@ -1,9 +1,10 @@
>   ## @file
>   #  Instance of RNG (Random Number Generator) Library.
>   #
> -#  BaseRng Library that uses CPU RdRand instruction access to provide
> -#  high-quality random numbers.
> +#  BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
> +#  provide random numbers.
>   #
> +#  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
>   #  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
>   #
>   #  SPDX-License-Identifier: BSD-2-Clause-Patent
> @@ -22,11 +23,25 @@ [Defines]
>     CONSTRUCTOR                    = BaseRngLibConstructor
>
>   #
> -#  VALID_ARCHITECTURES           = IA32 X64
> +#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
>   #
>
> -[Sources.Ia32, Sources.X64]
> +[Sources]
>     BaseRng.c
> +  BaseRngLibInternals.h
> +
> +[Sources.Ia32, Sources.X64]
> +  Rand/RdRand.c
> +
> +[Sources.AARCH64]
> +  AArch64/Rndr.c
> +  AArch64/ArmRng.h
> +
> +  AArch64/ArmReadIdIsar0.S   | GCC
> +  AArch64/ArmRng.S           | GCC
> +
> +  AArch64/ArmReadIdIsar0.asm | MSFT
> +  AArch64/ArmRng.asm         | MSFT
>
>   [Packages]
>     MdePkg/MdePkg.dec
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> new file mode 100644
> index 000000000000..a597e98bf0d5
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> @@ -0,0 +1,43 @@
> +/** @file
> +  Random number generator service that uses the RNDR instruction
> +  to provide pseudorandom numbers.
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef ARM_RNG_H_
> +#define ARM_RNG_H_
> +
> +/**
> +  Generates a random number using RNDR.
> +  Returns TRUE on success; FALSE on failure.
> +
> +  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArmRndr (
> +  OUT UINT64 *Rand
> +  );
> +
> +/**
> +  Reads the ID_AA64ISAR0 Register.
> +
> +  @return The contents of the ID_AA64ISAR0 register.
> +
> +**/
> +UINT64
> +EFIAPI
> +ArmReadIdIsar0 (
> +  VOID
> +  );
> +
> +#endif /* ARM_RNG_H_ */
> +
> diff --git a/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
> new file mode 100644
> index 000000000000..b6b4e9eef227
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
> @@ -0,0 +1,78 @@
> +/** @file
> +
> +  Architecture specific interface to RNG functionality.
> +
> +Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef BASE_RNGLIB_INTERNALS_H_
> +
> +/**
> +  Generates a 16-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 16-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber16 (
> +  OUT UINT16 *Rand
> +  );
> +
> +/**
> +  Generates a 32-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 32-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber32 (
> +  OUT UINT32 *Rand
> +  );
> +
> +/**
> +  Generates a 64-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber64 (
> +  OUT UINT64 *Rand
> +  );
> +
> +/**
> +  Checks whether the RNG instruction is supported.
> +
> +  @retval TRUE         RNG instruction is supported.
> +  @retval FALSE        RNG instruction is not supported.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchIsRngSupported (
> +  VOID
> +  );
> +
> +#if defined (MDE_CPU_AARCH64)
> +
> +// RNDR, Random Number
> +#define RNDR      S3_3_C2_C4_0
> +
> +#endif
> +
> +#endif    // BASE_RNGLIB_INTERNALS_H_
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> new file mode 100644
> index 000000000000..c9f8c813ed35
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> @@ -0,0 +1,139 @@
> +/** @file
> +  Random number generator service that uses the RNDR instruction
> +  to provide pseudorandom numbers.
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Uefi.h>
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +#include <Library/RngLib.h>
> +
> +#include "ArmRng.h"
> +#include "BaseRngLibInternals.h"
> +
> +STATIC BOOLEAN mRndrSupported;
> +
> +//
> +// Bit mask used to determine if RNDR instruction is supported.
> +//
> +#define RNDR_MASK                  ((UINT64)MAX_UINT16 << 60U)
> +
> +/**
> +  The constructor function checks whether or not RNDR instruction is supported
> +  by the host hardware.
> +
> +  The constructor function checks whether or not RNDR instruction is supported.
> +  It will ASSERT() if RNDR instruction is not supported.
> +  It will always return EFI_SUCCESS.
> +
> +  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +BaseRngLibConstructor (
> +  VOID
> +  )
> +{
> +  UINT64 Isar0;
> +  //
> +  // Determine RNDR support by examining bits 63:60 of the ISAR0 register returned by
> +  // MSR. A non-zero value indicates that the processor supports the RNDR instruction.
> +  //
> +  Isar0 = ArmReadIdIsar0 ();
> +  ASSERT ((Isar0 & RNDR_MASK) != 0);
> +
> +  mRndrSupported = ((Isar0 & RNDR_MASK) != 0);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Generates a 16-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 16-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber16 (
> +  OUT     UINT16                    *Rand
> +  )
> +{
> +  UINT64 Rand64;
> +
> +  if (ArchGetRandomNumber64 (&Rand64)) {
> +    *Rand = Rand64 & MAX_UINT16;
> +    return TRUE;
> +  }
> +
> +  return FALSE;
> +}
> +
> +/**
> +  Generates a 32-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 32-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber32 (
> +  OUT     UINT32                    *Rand
> +  )
> +{
> +  UINT64 Rand64;
> +
> +  if (ArchGetRandomNumber64 (&Rand64)) {
> +    *Rand = Rand64 & MAX_UINT32;
> +    return TRUE;
> +  }
> +
> +  return FALSE;
> +}
> +
> +/**
> +  Generates a 64-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber64 (
> +  OUT     UINT64                    *Rand
> +  )
> +{
> +  return ArmRndr (Rand);
> +}
> +
> +/**
> +  Checks whether RNDR is supported.
> +
> +  @retval TRUE         RNDR is supported.
> +  @retval FALSE        RNDR is not supported.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchIsRngSupported (
> +  VOID
> +  )
> +{
> +  return mRndrSupported;
> +}
> diff --git a/MdePkg/Library/BaseRngLib/BaseRng.c b/MdePkg/Library/BaseRngLib/BaseRng.c
> index 7ad7aec9d38f..5b63d8f7146b 100644
> --- a/MdePkg/Library/BaseRngLib/BaseRng.c
> +++ b/MdePkg/Library/BaseRngLib/BaseRng.c
> @@ -1,8 +1,10 @@
>   /** @file
> -  Random number generator services that uses RdRand instruction access
> -  to provide high-quality random numbers.
> +  Random number generator services that uses CPU RNG instructions to
> +  provide random numbers.
>
> +Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
>   Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +
>   SPDX-License-Identifier: BSD-2-Clause-Patent
>
>   **/
> @@ -10,46 +12,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>   #include <Library/BaseLib.h>
>   #include <Library/DebugLib.h>
>
> -//
> -// Bit mask used to determine if RdRand instruction is supported.
> -//
> -#define RDRAND_MASK                  BIT30
> +#include "BaseRngLibInternals.h"
>
>   //
>   // Limited retry number when valid random data is returned.
>   // Uses the recommended value defined in Section 7.3.17 of "Intel 64 and IA-32
> -// Architectures Software Developer's Mannual".
> +// Architectures Software Developer's Manual".
>   //
> -#define RDRAND_RETRY_LIMIT           10
> +#define GETRANDOM_RETRY_LIMIT           10
>
> -/**
> -  The constructor function checks whether or not RDRAND instruction is supported
> -  by the host hardware.
> -
> -  The constructor function checks whether or not RDRAND instruction is supported.
> -  It will ASSERT() if RDRAND instruction is not supported.
> -  It will always return RETURN_SUCCESS.
> -
> -  @retval RETURN_SUCCESS   The constructor always returns EFI_SUCCESS.
> -
> -**/
> -RETURN_STATUS
> -EFIAPI
> -BaseRngLibConstructor (
> -  VOID
> -  )
> -{
> -  UINT32  RegEcx;
> -
> -  //
> -  // Determine RDRAND support by examining bit 30 of the ECX register returned by
> -  // CPUID. A value of 1 indicates that processor support RDRAND instruction.
> -  //
> -  AsmCpuid (1, 0, 0, &RegEcx, 0);
> -  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
> -
> -  return RETURN_SUCCESS;
> -}
>
>   /**
>     Generates a 16-bit random number.
> @@ -72,11 +43,19 @@ GetRandomNumber16 (
>
>     ASSERT (Rand != NULL);
>
> +  if (Rand == NULL) {
> +    return FALSE;
> +  }
> +
> +  if (!ArchIsRngSupported ()) {
> +    return FALSE;
> +  }
> +
>     //
>     // A loop to fetch a 16 bit random value with a retry count limit.
>     //
> -  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
> -    if (AsmRdRand16 (Rand)) {
> +  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
> +    if (ArchGetRandomNumber16 (Rand)) {
>         return TRUE;
>       }
>     }
> @@ -105,11 +84,19 @@ GetRandomNumber32 (
>
>     ASSERT (Rand != NULL);
>
> +  if (Rand == NULL) {
> +    return FALSE;
> +  }
> +
> +  if (!ArchIsRngSupported ()) {
> +    return FALSE;
> +  }
> +
>     //
>     // A loop to fetch a 32 bit random value with a retry count limit.
>     //
> -  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
> -    if (AsmRdRand32 (Rand)) {
> +  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
> +    if (ArchGetRandomNumber32 (Rand)) {
>         return TRUE;
>       }
>     }
> @@ -138,11 +125,19 @@ GetRandomNumber64 (
>
>     ASSERT (Rand != NULL);
>
> +  if (Rand == NULL) {
> +    return FALSE;
> +  }
> +
> +  if (!ArchIsRngSupported ()) {
> +    return FALSE;
> +  }
> +
>     //
>     // A loop to fetch a 64 bit random value with a retry count limit.
>     //
> -  for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
> -    if (AsmRdRand64 (Rand)) {
> +  for (Index = 0; Index < GETRANDOM_RETRY_LIMIT; Index++) {
> +    if (ArchGetRandomNumber64 (Rand)) {
>         return TRUE;
>       }
>     }
> @@ -169,6 +164,14 @@ GetRandomNumber128 (
>   {
>     ASSERT (Rand != NULL);
>
> +  if (Rand == NULL) {
> +    return FALSE;
> +  }
> +
> +  if (!ArchIsRngSupported ()) {
> +    return FALSE;
> +  }
> +
>     //
>     // Read first 64 bits
>     //
> diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
> new file mode 100644
> index 000000000000..09fb875ac3f9
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
> @@ -0,0 +1,131 @@
> +/** @file
> +  Random number generator services that uses RdRand instruction access
> +  to provide high-quality random numbers.
> +
> +Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Uefi.h>
> +#include <Library/BaseLib.h>
> +#include <Library/DebugLib.h>
> +
> +#include "BaseRngLibInternals.h"
> +
> +//
> +// Bit mask used to determine if RdRand instruction is supported.
> +//
> +#define RDRAND_MASK                  BIT30
> +
> +
> +STATIC BOOLEAN mRdRandSupported;
> +
> +/**
> +  The constructor function checks whether or not RDRAND instruction is supported
> +  by the host hardware.
> +
> +  The constructor function checks whether or not RDRAND instruction is supported.
> +  It will ASSERT() if RDRAND instruction is not supported.
> +  It will always return EFI_SUCCESS.
> +
> +  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +BaseRngLibConstructor (
> +  VOID
> +  )
> +{
> +  UINT32  RegEcx;
> +
> +  //
> +  // Determine RDRAND support by examining bit 30 of the ECX register returned by
> +  // CPUID. A value of 1 indicates that processor support RDRAND instruction.
> +  //
> +  AsmCpuid (1, 0, 0, &RegEcx, 0);
> +  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
> +
> +  mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
> +
> +  return EFI_SUCCESS;
> +}
> +
> +/**
> +  Generates a 16-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 16-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber16 (
> +  OUT     UINT16                    *Rand
> +  )
> +{
> +  return AsmRdRand16 (Rand);
> +}
> +
> +/**
> +  Generates a 32-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 32-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber32 (
> +  OUT     UINT32                    *Rand
> +  )
> +{
> +  return AsmRdRand32 (Rand);
> +}
> +
> +/**
> +  Generates a 64-bit random number.
> +
> +  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +
> +  @retval TRUE         Random number generated successfully.
> +  @retval FALSE        Failed to generate the random number.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchGetRandomNumber64 (
> +  OUT     UINT64                    *Rand
> +  )
> +{
> +  return AsmRdRand64 (Rand);
> +}
> +
> +/**
> +  Checks whether RDRAND is supported.
> +
> +  @retval TRUE         RDRAND is supported.
> +  @retval FALSE        RDRAND is not supported.
> +
> +**/
> +BOOLEAN
> +EFIAPI
> +ArchIsRngSupported (
> +  VOID
> +  )
> +{
> +  /*
> +     Existing software depends on this always returning TRUE, so for
> +     now hard-code it.
> +
> +     return mRdRandSupported;
> +  */
> +  return TRUE;
> +}
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
> new file mode 100644
> index 000000000000..82a00d362212
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
> @@ -0,0 +1,31 @@
> +#------------------------------------------------------------------------------
> +#
> +# ArmReadIdIsar0() for AArch64
> +#
> +# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +#------------------------------------------------------------------------------
> +
> +.text
> +.p2align 2
> +GCC_ASM_EXPORT(ArmReadIdIsar0)
> +
> +#/**
> +#  Reads the ID_AA64ISAR0 Register.
> +#
> +#  @return The contents of the ID_AA64ISAR0 register.
> +#
> +#**/
> +#UINT64
> +#EFIAPI
> +#ArmReadIdIsar0 (
> +#  VOID
> +#  );
> +#
> +ASM_PFX(ArmReadIdIsar0):
> +  mrs  x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
> +  ret
> +
> +
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
> new file mode 100644
> index 000000000000..1d9f9a808c0c
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
> @@ -0,0 +1,30 @@
> +;------------------------------------------------------------------------------
> +;
> +; ArmReadIdIsar0() for AArch64
> +;
> +; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +;
> +; SPDX-License-Identifier: BSD-2-Clause-Patent
> +;
> +;------------------------------------------------------------------------------
> +
> +  EXPORT ArmReadIdIsar0
> +  AREA BaseLib_LowLevel, CODE, READONLY
> +
> +;/**
> +;  Reads the ID_AA64ISAR0 Register.
> +;
> +; @return The contents of the ID_AA64ISAR0 register.
> +;
> +;**/
> +;UINT64
> +;EFIAPI
> +;ArmReadIdIsar0 (
> +;  VOID
> +;  );
> +;
> +ArmReadIdIsar0
> +  mrs  x0, id_aa64isar0_el1 // Read ID_AA64ISAR0 Register
> +  ret
> +
> +  END
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> new file mode 100644
> index 000000000000..5159f467e3a6
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> @@ -0,0 +1,37 @@
> +#------------------------------------------------------------------------------
> +#
> +# ArmRndr() for AArch64
> +#
> +# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +#
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> +#
> +#------------------------------------------------------------------------------
> +
> +#include "BaseRngLibInternals.h"
> +
> +.text
> +.p2align 2
> +GCC_ASM_EXPORT(ArmRndr)
> +
> +#/**
> +#  Generates a random number using RNDR.
> +#  Returns TRUE on success; FALSE on failure.
> +#
> +#  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +#
> +#  @retval TRUE         Random number generated successfully.
> +#  @retval FALSE        Failed to generate the random number.
> +#
> +#**/
> +#BOOLEAN
> +#EFIAPI
> +#ArmRndr (
> +#  OUT UINT64 *Rand
> +#  );
> +#
> +ASM_PFX(ArmRndr):
> +  mrs  x1, RNDR
> +  str  x1, [x0]
> +  cset x0, ne    // RNDR sets NZCV to 0b0100 on failure
> +  ret
> diff --git a/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> new file mode 100644
> index 000000000000..33144196cb54
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> @@ -0,0 +1,39 @@
> +;------------------------------------------------------------------------------
> +;
> +; ArmRndr() for AArch64
> +;
> +; Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +;
> +; SPDX-License-Identifier: BSD-2-Clause-Patent
> +;
> +;------------------------------------------------------------------------------
> +
> +#include "BaseRngLibInternals.h"
> +
> +  EXPORT ArmRndr
> +  AREA BaseLib_LowLevel, CODE, READONLY
> +
> +
> +;/**
> +;  Generates a random number using RNDR.
> +;  Returns TRUE on success; FALSE on failure.
> +;
> +;  @param[out] Rand     Buffer pointer to store the 64-bit random value.
> +;
> +;  @retval TRUE         Random number generated successfully.
> +;  @retval FALSE        Failed to generate the random number.
> +;
> +;**/
> +;BOOLEAN
> +;EFIAPI
> +;ArmRndr (
> +;  OUT UINT64 *Rand
> +;  );
> +;
> +ArmRndr
> +  mrs  x1, RNDR
> +  str  x1, [x0]
> +  cset x0, ne    // RNDR sets NZCV to 0b0100 on failure
> +  ret
> +
> +  END
> diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.uni b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
> index f3ed954c5209..de5d4f9dd869 100644
> --- a/MdePkg/Library/BaseRngLib/BaseRngLib.uni
> +++ b/MdePkg/Library/BaseRngLib/BaseRngLib.uni
> @@ -1,8 +1,8 @@
>   // /** @file
>   // Instance of RNG (Random Number Generator) Library.
>   //
> -// BaseRng Library that uses CPU RdRand instruction access to provide
> -// high-quality random numbers.
> +// BaseRng Library that uses CPU RNG instructions to provide
> +// random numbers.
>   //
>   // Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
>   //
> @@ -13,5 +13,5 @@
>
>   #string STR_MODULE_ABSTRACT             #language en-US "Instance of RNG Library"
>
> -#string STR_MODULE_DESCRIPTION          #language en-US "BaseRng Library that uses CPU RdRand instruction access to provide high-quality random numbers"
> +#string STR_MODULE_DESCRIPTION          #language en-US "BaseRng Library that uses CPU RNG instructions to provide random numbers"
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

[PATCH v3 2/2] SecurityPkg: Add support for RngDxe on AARCH64

[Rebecca Cran]

AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
---
 SecurityPkg/SecurityPkg.dec                                   |   2 +
 SecurityPkg/SecurityPkg.dsc                                   |  11 +-
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117 ++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127 +++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
 SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-----
 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146 +++++++++++++++++
 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170 ++++++++------------
 11 files changed, 483 insertions(+), 176 deletions(-)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index dfbbb0365a2b..4001650fa28e 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -297,6 +297,8 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
 
+  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
   #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 12ccd1634941..bd4b810bce61 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,12 @@ [Components]
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
 
+[Components.IA32, Components.X64, Components.AARCH64]
+  #
+  # Random Number Generator
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
 [Components.IA32, Components.X64]
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 
@@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
   SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
   SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
 
-  #
-  # Random Number Generator
-  #
-  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-
   #
   # Opal Password solution
   #
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 99d6f6b35fc2..f3300971993f 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -26,15 +26,22 @@ [Defines]
 #
 # The following information is for reference only and not required by the build tools.
 #
-#  VALID_ARCHITECTURES           = IA32 X64
+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
 #
 
 [Sources.common]
   RngDxe.c
-  RdRand.c
-  RdRand.h
-  AesCore.c
-  AesCore.h
+  RngDxeInternals.h
+
+[Sources.IA32, Sources.X64]
+  Rand/RngDxe.c
+  Rand/RdRand.c
+  Rand/RdRand.h
+  Rand/AesCore.c
+  Rand/AesCore.h
+
+[Sources.AARCH64]
+  AArch64/RngDxe.c
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -50,12 +57,19 @@ [LibraryClasses]
   RngLib
 
 [Guids]
+  gEfiRngAlgorithmSp80090Hash256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
+  gEfiRngAlgorithmSp80090Hmac256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
   gEfiRngAlgorithmSp80090Ctr256Guid   ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
+  gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
+  gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
   gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
 
 [Protocols]
   gEfiRngProtocolGuid                ## PRODUCES
 
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ## CONSUMES
+
 [Depex]
   TRUE
 
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
similarity index 72%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
index 12ab1f34ec6d..072378e062e7 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
@@ -23,23 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/TimerLib.h>
 #include <Protocol/Rng.h>
 
-/**
-  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
-
-  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
-  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
-
-  @retval EFI_SUCCESS        Random bytes generation succeeded.
-  @retval EFI_NOT_READY      Failed to request random bytes.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGetBytes (
-  IN UINTN         Length,
-  OUT UINT8        *RandBuffer
-  );
-
 /**
   Generate high-quality entropy source through RDRAND.
 
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
new file mode 100644
index 000000000000..2660ed5875e0
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -0,0 +1,117 @@
+/** @file
+  Function prototypes for UEFI Random Number Generator protocol support.
+
+  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNGDXE_INTERNALS_H_
+#define RNGDXE_INTERNALS_H_
+
+/**
+  Returns information about the random number generation implementation.
+
+  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL instance.
+  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+                                      On output with a return code of EFI_SUCCESS, the size
+                                      in bytes of the data returned in RNGAlgorithmList. On output
+                                      with a return code of EFI_BUFFER_TOO_SMALL,
+                                      the size of RNGAlgorithmList required to obtain the list.
+  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
+                                      with one EFI_RNG_ALGORITHM element for each supported
+                                      RNG algorithm. The list must not change across multiple
+                                      calls to the same driver. The first algorithm in the list
+                                      is the default algorithm for the driver.
+
+  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
+  @retval EFI_UNSUPPORTED             The services is not supported by this driver.
+  @retval EFI_DEVICE_ERROR            The list of algorithms could not be retrieved due to a
+                                      hardware or firmware error.
+  @retval EFI_INVALID_PARAMETER       One or more of the parameters are incorrect.
+  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetInfo (
+  IN EFI_RNG_PROTOCOL             *This,
+  IN OUT UINTN                    *RNGAlgorithmListSize,
+  OUT EFI_RNG_ALGORITHM           *RNGAlgorithmList
+  );
+
+/**
+  Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
+  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+                                      algorithm to use. May be NULL in which case the function will
+                                      use its default RNG algorithm.
+  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
+                                      RNGValue. The driver shall return exactly this numbers of bytes.
+  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
+                                      resulting RNG value.
+
+  @retval EFI_SUCCESS                 The RNG value was returned successfully.
+  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
+                                      this driver.
+  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
+                                      firmware error.
+  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
+                                      requested by RNGValueLength.
+  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+  IN EFI_RNG_PROTOCOL            *This,
+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
+  IN UINTN                       RNGValueLength,
+  OUT UINT8                      *RNGValue
+  );
+
+/**
+  Returns information about the random number generation implementation.
+
+  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+                                      On output with a return code of EFI_SUCCESS, the size
+                                      in bytes of the data returned in RNGAlgorithmList. On output
+                                      with a return code of EFI_BUFFER_TOO_SMALL,
+                                      the size of RNGAlgorithmList required to obtain the list.
+  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
+                                      with one EFI_RNG_ALGORITHM element for each supported
+                                      RNG algorithm. The list must not change across multiple
+                                      calls to the same driver. The first algorithm in the list
+                                      is the default algorithm for the driver.
+
+  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
+  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithms (
+  IN OUT UINTN                     *RNGAlgorithmListSize,
+  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
+  );
+
+/**
+  Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
+
+  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
+  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
+
+  @retval EFI_SUCCESS        Random bytes generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetBytes (
+  IN UINTN         Length,
+  OUT UINT8        *RandBuffer
+  );
+
+#endif  // RNGDXE_INTERNALS_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
new file mode 100644
index 000000000000..2810a9eb94ad
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -0,0 +1,127 @@
+/** @file
+  RNG Driver to produce the UEFI Random Number Generator protocol.
+
+  The driver will use the RNDR instruction to produce random numbers.
+
+  RNG Algorithms defined in UEFI 2.4:
+   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+   - EFI_RNG_ALGORITHM_RAW                    - Unsupported
+   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
+   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
+
+  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
+
+#include "RngDxeInternals.h"
+
+/**
+  Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
+  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+                                      algorithm to use. May be NULL in which case the function will
+                                      use its default RNG algorithm.
+  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
+                                      RNGValue. The driver shall return exactly this numbers of bytes.
+  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
+                                      resulting RNG value.
+
+  @retval EFI_SUCCESS                 The RNG value was returned successfully.
+  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
+                                      this driver.
+  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
+                                      firmware error.
+  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
+                                      requested by RNGValueLength.
+  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+  IN EFI_RNG_PROTOCOL            *This,
+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
+  IN UINTN                       RNGValueLength,
+  OUT UINT8                      *RNGValue
+  )
+{
+  EFI_STATUS    Status;
+
+  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (RNGAlgorithm == NULL) {
+    //
+    // Use the default RNG algorithm if RNGAlgorithm is NULL.
+    //
+    RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
+  }
+
+  if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+    Status = RngGetBytes (RNGValueLength, RNGValue);
+    return Status;
+  }
+
+  //
+  // Other algorithms are unsupported by this driver.
+  //
+  return EFI_UNSUPPORTED;
+}
+
+/**
+  Returns information about the random number generation implementation.
+
+  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+                                      On output with a return code of EFI_SUCCESS, the size
+                                      in bytes of the data returned in RNGAlgorithmList. On output
+                                      with a return code of EFI_BUFFER_TOO_SMALL,
+                                      the size of RNGAlgorithmList required to obtain the list.
+  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
+                                      with one EFI_RNG_ALGORITHM element for each supported
+                                      RNG algorithm. The list must not change across multiple
+                                      calls to the same driver. The first algorithm in the list
+                                      is the default algorithm for the driver.
+
+  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
+  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithms (
+  IN OUT UINTN                     *RNGAlgorithmListSize,
+  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
+  )
+{
+  UINTN RequiredSize;
+  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
+
+  RequiredSize = sizeof (EFI_RNG_ALGORITHM);
+
+  if (*RNGAlgorithmListSize < RequiredSize) {
+    *RNGAlgorithmListSize = RequiredSize;
+    return EFI_BUFFER_TOO_SMALL;
+  }
+
+  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
+
+  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
+
+  *RNGAlgorithmListSize = RequiredSize;
+  return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
similarity index 71%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
index e7dd5ab18111..83025a47d43d 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
@@ -8,48 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 **/
 #include <Library/RngLib.h>
 
-#include "RdRand.h"
 #include "AesCore.h"
-
-/**
-  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
-
-  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
-  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
-
-  @retval EFI_SUCCESS        Random bytes generation succeeded.
-  @retval EFI_NOT_READY      Failed to request random bytes.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGetBytes (
-  IN UINTN         Length,
-  OUT UINT8        *RandBuffer
-  )
-{
-  BOOLEAN     IsRandom;
-  UINT64      TempRand[2];
-
-  while (Length > 0) {
-    IsRandom = GetRandomNumber128 (TempRand);
-    if (!IsRandom) {
-      return EFI_NOT_READY;
-    }
-    if (Length >= sizeof (TempRand)) {
-      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
-      RandBuffer += sizeof (UINT64);
-      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
-      RandBuffer += sizeof (UINT64);
-      Length -= sizeof (TempRand);
-    } else {
-      CopyMem (RandBuffer, TempRand, Length);
-      Length = 0;
-    }
-  }
-
-  return EFI_SUCCESS;
-}
+#include "RdRand.h"
+#include "RngDxeInternals.h"
 
 /**
   Creates a 128bit random value that is fully forward and backward prediction resistant,
@@ -92,7 +53,7 @@ RdRandGetSeed128 (
   //
   for (Index = 0; Index < 32; Index++) {
     MicroSecondDelay (10);
-    Status = RdRandGetBytes (16, RandByte);
+    Status = RngGetBytes (16, RandByte);
     if (EFI_ERROR (Status)) {
       return Status;
     }
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
new file mode 100644
index 000000000000..6b628a9f8bc6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -0,0 +1,146 @@
+/** @file
+  RNG Driver to produce the UEFI Random Number Generator protocol.
+
+  The driver will use the new RDRAND instruction to produce high-quality, high-performance
+  entropy and random number.
+
+  RNG Algorithms defined in UEFI 2.4:
+   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
+     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
+   - EFI_RNG_ALGORITHM_RAW                    - Supported
+     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
+   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
+   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
+   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
+   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
+
+  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "RdRand.h"
+#include "RngDxeInternals.h"
+
+/**
+  Produces and returns an RNG value using either the default or specified RNG algorithm.
+
+  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
+  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
+                                      algorithm to use. May be NULL in which case the function will
+                                      use its default RNG algorithm.
+  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
+                                      RNGValue. The driver shall return exactly this numbers of bytes.
+  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
+                                      resulting RNG value.
+
+  @retval EFI_SUCCESS                 The RNG value was returned successfully.
+  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
+                                      this driver.
+  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
+                                      firmware error.
+  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
+                                      requested by RNGValueLength.
+  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+  IN EFI_RNG_PROTOCOL            *This,
+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
+  IN UINTN                       RNGValueLength,
+  OUT UINT8                      *RNGValue
+  )
+{
+  EFI_STATUS    Status;
+
+  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = EFI_UNSUPPORTED;
+  if (RNGAlgorithm == NULL) {
+    //
+    // Use the default RNG algorithm if RNGAlgorithm is NULL.
+    //
+    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
+  }
+
+  //
+  // NIST SP800-90-AES-CTR-256 supported by RDRAND
+  //
+  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
+    Status = RngGetBytes (RNGValueLength, RNGValue);
+    return Status;
+  }
+
+  //
+  // The "raw" algorithm is intended to provide entropy directly
+  //
+  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+    //
+    // When a DRBG is used on the output of a entropy source,
+    // its security level must be at least 256 bits according to UEFI Spec.
+    //
+    if (RNGValueLength < 32) {
+      return EFI_INVALID_PARAMETER;
+    }
+
+    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
+    return Status;
+  }
+
+  //
+  // Other algorithms were unsupported by this driver.
+  //
+  return Status;
+}
+
+/**
+  Returns information about the random number generation implementation.
+
+  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
+                                      On output with a return code of EFI_SUCCESS, the size
+                                      in bytes of the data returned in RNGAlgorithmList. On output
+                                      with a return code of EFI_BUFFER_TOO_SMALL,
+                                      the size of RNGAlgorithmList required to obtain the list.
+  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
+                                      with one EFI_RNG_ALGORITHM element for each supported
+                                      RNG algorithm. The list must not change across multiple
+                                      calls to the same driver. The first algorithm in the list
+                                      is the default algorithm for the driver.
+
+  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
+  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
+
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithms (
+  IN OUT UINTN                     *RNGAlgorithmListSize,
+  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
+  )
+{
+  UINTN RequiredSize;
+  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
+
+  RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
+
+  if (*RNGAlgorithmListSize < RequiredSize) {
+    *RNGAlgorithmListSize = RequiredSize;
+    return EFI_BUFFER_TOO_SMALL;
+  }
+
+  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
+
+  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
+
+  // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
+  CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
+
+  *RNGAlgorithmListSize = RequiredSize;
+  return EFI_SUCCESS;
+}
+
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
index 13d3dbd0bfbe..b959c70536ea 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
@@ -1,34 +1,32 @@
 /** @file
   RNG Driver to produce the UEFI Random Number Generator protocol.
 
-  The driver will use the new RDRAND instruction to produce high-quality, high-performance
-  entropy and random number.
+  The driver uses CPU RNG instructions to produce high-quality,
+  high-performance entropy and random number.
 
   RNG Algorithms defined in UEFI 2.4:
-   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
-     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
-   - EFI_RNG_ALGORITHM_RAW                    - Supported
-     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
-   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
-   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
-   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
-   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
+   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
+   - EFI_RNG_ALGORITHM_RAW
+   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
+   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
+   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
+   - EFI_RNG_ALGORITHM_X9_31_AES_GUID
 
 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
 (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 
-#include "RdRand.h"
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/RngLib.h>
+#include <Library/TimerLib.h>
+#include <Protocol/Rng.h>
 
-//
-// Supported RNG Algorithms list by this driver.
-//
-EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
-  EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
-  EFI_RNG_ALGORITHM_RAW
-};
+#include "RngDxeInternals.h"
 
 /**
   Returns information about the random number generation implementation.
@@ -62,106 +60,23 @@ RngGetInfo (
   )
 {
   EFI_STATUS    Status;
-  UINTN         RequiredSize;
 
   if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
     return EFI_INVALID_PARAMETER;
   }
 
-  RequiredSize = sizeof (mSupportedRngAlgorithms);
-  if (*RNGAlgorithmListSize < RequiredSize) {
-    Status = EFI_BUFFER_TOO_SMALL;
+  //
+  // Return algorithm list supported by driver.
+  //
+  if (RNGAlgorithmList != NULL) {
+    Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
   } else {
-    //
-    // Return algorithm list supported by driver.
-    //
-    if (RNGAlgorithmList != NULL) {
-      CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
-      Status = EFI_SUCCESS;
-    } else {
-      Status = EFI_INVALID_PARAMETER;
-    }
+    Status = EFI_INVALID_PARAMETER;
   }
-  *RNGAlgorithmListSize = RequiredSize;
 
   return Status;
 }
 
-/**
-  Produces and returns an RNG value using either the default or specified RNG algorithm.
-
-  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
-  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
-                                      algorithm to use. May be NULL in which case the function will
-                                      use its default RNG algorithm.
-  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
-                                      RNGValue. The driver shall return exactly this numbers of bytes.
-  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
-                                      resulting RNG value.
-
-  @retval EFI_SUCCESS                 The RNG value was returned successfully.
-  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
-                                      this driver.
-  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
-                                      firmware error.
-  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
-                                      requested by RNGValueLength.
-  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
-
-**/
-EFI_STATUS
-EFIAPI
-RngGetRNG (
-  IN EFI_RNG_PROTOCOL            *This,
-  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-  IN UINTN                       RNGValueLength,
-  OUT UINT8                      *RNGValue
-  )
-{
-  EFI_STATUS    Status;
-
-  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
-    return EFI_INVALID_PARAMETER;
-  }
-
-  Status = EFI_UNSUPPORTED;
-  if (RNGAlgorithm == NULL) {
-    //
-    // Use the default RNG algorithm if RNGAlgorithm is NULL.
-    //
-    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
-  }
-
-  //
-  // NIST SP800-90-AES-CTR-256 supported by RDRAND
-  //
-  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
-    Status = RdRandGetBytes (RNGValueLength, RNGValue);
-    return Status;
-  }
-
-  //
-  // The "raw" algorithm is intended to provide entropy directly
-  //
-  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
-    //
-    // When a DRBG is used on the output of a entropy source,
-    // its security level must be at least 256 bits according to UEFI Spec.
-    //
-    if (RNGValueLength < 32) {
-      return EFI_INVALID_PARAMETER;
-    }
-
-    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
-    return Status;
-  }
-
-  //
-  // Other algorithms were unsupported by this driver.
-  //
-  return Status;
-}
-
 //
 // The Random Number Generator (RNG) protocol
 //
@@ -204,3 +119,44 @@ RngDriverEntry (
 
   return Status;
 }
+
+
+/**
+  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
+
+  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
+  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
+
+  @retval EFI_SUCCESS        Random bytes generation succeeded.
+  @retval EFI_NOT_READY      Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetBytes (
+  IN UINTN         Length,
+  OUT UINT8        *RandBuffer
+  )
+{
+  BOOLEAN     IsRandom;
+  UINT64      TempRand[2];
+
+  while (Length > 0) {
+    IsRandom = GetRandomNumber128 (TempRand);
+    if (!IsRandom) {
+      return EFI_NOT_READY;
+    }
+    if (Length >= sizeof (TempRand)) {
+      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
+      RandBuffer += sizeof (UINT64);
+      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
+      RandBuffer += sizeof (UINT64);
+      Length -= sizeof (TempRand);
+    } else {
+      CopyMem (RandBuffer, TempRand, Length);
+      Length = 0;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
-- 
2.26.2

Re: [PATCH v3 2/2] SecurityPkg: Add support for RngDxe on AARCH64

[Ard Biesheuvel]

On Mon, 10 May 2021 at 23:53, Rebecca Cran <rebecca@nuviainc.com> wrote:
>
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>

I'm happy to take these and merge them if I can get an ack from a
SecurityPkg maintainer.


> ---
>  SecurityPkg/SecurityPkg.dec                                   |   2 +
>  SecurityPkg/SecurityPkg.dsc                                   |  11 +-
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117 ++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127 +++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-----
>  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146 +++++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170 ++++++++------------
>  11 files changed, 483 insertions(+), 176 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index dfbbb0365a2b..4001650fa28e 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -297,6 +297,8 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
>    gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
>    gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
>
> +  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
> +
>  [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>    ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
>    #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
>  [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
>    SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> +  #
> +  # Random Number Generator
> +  #
> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
>  [Components.IA32, Components.X64]
>    SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>    SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
>    SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
>
> -  #
> -  # Random Number Generator
> -  #
> -  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
>    #
>    # Opal Password solution
>    #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..f3300971993f 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,22 @@ [Defines]
>  #
>  # The following information is for reference only and not required by the build tools.
>  #
> -#  VALID_ARCHITECTURES           = IA32 X64
> +#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
>  #
>
>  [Sources.common]
>    RngDxe.c
> -  RdRand.c
> -  RdRand.h
> -  AesCore.c
> -  AesCore.h
> +  RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> +  Rand/RngDxe.c
> +  Rand/RdRand.c
> +  Rand/RdRand.h
> +  Rand/AesCore.c
> +  Rand/AesCore.h
> +
> +[Sources.AARCH64]
> +  AArch64/RngDxe.c
>
>  [Packages]
>    MdePkg/MdePkg.dec
> @@ -50,12 +57,19 @@ [LibraryClasses]
>    RngLib
>
>  [Guids]
> +  gEfiRngAlgorithmSp80090Hash256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmSp80090Hmac256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>    gEfiRngAlgorithmSp80090Ctr256Guid   ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>    gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>
>  [Protocols]
>    gEfiRngProtocolGuid                ## PRODUCES
>
> +[Pcd]
> +  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ## CONSUMES
> +
>  [Depex]
>    TRUE
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 72%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> index 12ab1f34ec6d..072378e062e7 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> @@ -23,23 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Library/TimerLib.h>
>  #include <Protocol/Rng.h>
>
> -/**
> -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> -
> -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> -
> -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> -  @retval EFI_NOT_READY      Failed to request random bytes.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RdRandGetBytes (
> -  IN UINTN         Length,
> -  OUT UINT8        *RandBuffer
> -  );
> -
>  /**
>    Generate high-quality entropy source through RDRAND.
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..2660ed5875e0
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,117 @@
> +/** @file
> +  Function prototypes for UEFI Random Number Generator protocol support.
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_UNSUPPORTED             The services is not supported by this driver.
> +  @retval EFI_DEVICE_ERROR            The list of algorithms could not be retrieved due to a
> +                                      hardware or firmware error.
> +  @retval EFI_INVALID_PARAMETER       One or more of the parameters are incorrect.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> +  IN EFI_RNG_PROTOCOL             *This,
> +  IN OUT UINTN                    *RNGAlgorithmListSize,
> +  OUT EFI_RNG_ALGORITHM           *RNGAlgorithmList
> +  );
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  );
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  );
> +
> +/**
> +  Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
> +
> +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> +
> +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> +  @retval EFI_NOT_READY      Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetBytes (
> +  IN UINTN         Length,
> +  OUT UINT8        *RandBuffer
> +  );
> +
> +#endif  // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..2810a9eb94ad
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,127 @@
> +/** @file
> +  RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> +  The driver will use the RNDR instruction to produce random numbers.
> +
> +  RNG Algorithms defined in UEFI 2.4:
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> +   - EFI_RNG_ALGORITHM_RAW                    - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "RngDxeInternals.h"
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  )
> +{
> +  EFI_STATUS    Status;
> +
> +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  if (RNGAlgorithm == NULL) {
> +    //
> +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> +    //
> +    RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +  }
> +
> +  if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> +    Status = RngGetBytes (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // Other algorithms are unsupported by this driver.
> +  //
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  )
> +{
> +  UINTN RequiredSize;
> +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> +
> +  RequiredSize = sizeof (EFI_RNG_ALGORITHM);
> +
> +  if (*RNGAlgorithmListSize < RequiredSize) {
> +    *RNGAlgorithmListSize = RequiredSize;
> +    return EFI_BUFFER_TOO_SMALL;
> +  }
> +
> +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +
> +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
> +
> +  *RNGAlgorithmListSize = RequiredSize;
> +  return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> similarity index 71%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> index e7dd5ab18111..83025a47d43d 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> @@ -8,48 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  **/
>  #include <Library/RngLib.h>
>
> -#include "RdRand.h"
>  #include "AesCore.h"
> -
> -/**
> -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> -
> -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> -
> -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> -  @retval EFI_NOT_READY      Failed to request random bytes.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RdRandGetBytes (
> -  IN UINTN         Length,
> -  OUT UINT8        *RandBuffer
> -  )
> -{
> -  BOOLEAN     IsRandom;
> -  UINT64      TempRand[2];
> -
> -  while (Length > 0) {
> -    IsRandom = GetRandomNumber128 (TempRand);
> -    if (!IsRandom) {
> -      return EFI_NOT_READY;
> -    }
> -    if (Length >= sizeof (TempRand)) {
> -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> -      RandBuffer += sizeof (UINT64);
> -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> -      RandBuffer += sizeof (UINT64);
> -      Length -= sizeof (TempRand);
> -    } else {
> -      CopyMem (RandBuffer, TempRand, Length);
> -      Length = 0;
> -    }
> -  }
> -
> -  return EFI_SUCCESS;
> -}
> +#include "RdRand.h"
> +#include "RngDxeInternals.h"
>
>  /**
>    Creates a 128bit random value that is fully forward and backward prediction resistant,
> @@ -92,7 +53,7 @@ RdRandGetSeed128 (
>    //
>    for (Index = 0; Index < 32; Index++) {
>      MicroSecondDelay (10);
> -    Status = RdRandGetBytes (16, RandByte);
> +    Status = RngGetBytes (16, RandByte);
>      if (EFI_ERROR (Status)) {
>        return Status;
>      }
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> new file mode 100644
> index 000000000000..6b628a9f8bc6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -0,0 +1,146 @@
> +/** @file
> +  RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> +  The driver will use the new RDRAND instruction to produce high-quality, high-performance
> +  entropy and random number.
> +
> +  RNG Algorithms defined in UEFI 2.4:
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> +     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
> +   - EFI_RNG_ALGORITHM_RAW                    - Supported
> +     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +
> +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RdRand.h"
> +#include "RngDxeInternals.h"
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  )
> +{
> +  EFI_STATUS    Status;
> +
> +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  Status = EFI_UNSUPPORTED;
> +  if (RNGAlgorithm == NULL) {
> +    //
> +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> +    //
> +    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> +  }
> +
> +  //
> +  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> +  //
> +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> +    Status = RngGetBytes (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // The "raw" algorithm is intended to provide entropy directly
> +  //
> +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> +    //
> +    // When a DRBG is used on the output of a entropy source,
> +    // its security level must be at least 256 bits according to UEFI Spec.
> +    //
> +    if (RNGValueLength < 32) {
> +      return EFI_INVALID_PARAMETER;
> +    }
> +
> +    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // Other algorithms were unsupported by this driver.
> +  //
> +  return Status;
> +}
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  )
> +{
> +  UINTN RequiredSize;
> +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> +
> +  RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
> +
> +  if (*RNGAlgorithmListSize < RequiredSize) {
> +    *RNGAlgorithmListSize = RequiredSize;
> +    return EFI_BUFFER_TOO_SMALL;
> +  }
> +
> +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +
> +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
> +
> +  // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
> +  CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
> +
> +  *RNGAlgorithmListSize = RequiredSize;
> +  return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> index 13d3dbd0bfbe..b959c70536ea 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> @@ -1,34 +1,32 @@
>  /** @file
>    RNG Driver to produce the UEFI Random Number Generator protocol.
>
> -  The driver will use the new RDRAND instruction to produce high-quality, high-performance
> -  entropy and random number.
> +  The driver uses CPU RNG instructions to produce high-quality,
> +  high-performance entropy and random number.
>
>    RNG Algorithms defined in UEFI 2.4:
> -   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> -     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
> -   - EFI_RNG_ALGORITHM_RAW                    - Supported
> -     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
> -   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> -   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> -   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> -   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> +   - EFI_RNG_ALGORITHM_RAW
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID
>
>  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
>  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
>
> -#include "RdRand.h"
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/RngLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
>
> -//
> -// Supported RNG Algorithms list by this driver.
> -//
> -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> -  EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> -  EFI_RNG_ALGORITHM_RAW
> -};
> +#include "RngDxeInternals.h"
>
>  /**
>    Returns information about the random number generation implementation.
> @@ -62,106 +60,23 @@ RngGetInfo (
>    )
>  {
>    EFI_STATUS    Status;
> -  UINTN         RequiredSize;
>
>    if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
>      return EFI_INVALID_PARAMETER;
>    }
>
> -  RequiredSize = sizeof (mSupportedRngAlgorithms);
> -  if (*RNGAlgorithmListSize < RequiredSize) {
> -    Status = EFI_BUFFER_TOO_SMALL;
> +  //
> +  // Return algorithm list supported by driver.
> +  //
> +  if (RNGAlgorithmList != NULL) {
> +    Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
>    } else {
> -    //
> -    // Return algorithm list supported by driver.
> -    //
> -    if (RNGAlgorithmList != NULL) {
> -      CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
> -      Status = EFI_SUCCESS;
> -    } else {
> -      Status = EFI_INVALID_PARAMETER;
> -    }
> +    Status = EFI_INVALID_PARAMETER;
>    }
> -  *RNGAlgorithmListSize = RequiredSize;
>
>    return Status;
>  }
>
> -/**
> -  Produces and returns an RNG value using either the default or specified RNG algorithm.
> -
> -  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> -  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> -                                      algorithm to use. May be NULL in which case the function will
> -                                      use its default RNG algorithm.
> -  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> -                                      RNGValue. The driver shall return exactly this numbers of bytes.
> -  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> -                                      resulting RNG value.
> -
> -  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> -  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> -                                      this driver.
> -  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> -                                      firmware error.
> -  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> -                                      requested by RNGValueLength.
> -  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RngGetRNG (
> -  IN EFI_RNG_PROTOCOL            *This,
> -  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> -  IN UINTN                       RNGValueLength,
> -  OUT UINT8                      *RNGValue
> -  )
> -{
> -  EFI_STATUS    Status;
> -
> -  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> -    return EFI_INVALID_PARAMETER;
> -  }
> -
> -  Status = EFI_UNSUPPORTED;
> -  if (RNGAlgorithm == NULL) {
> -    //
> -    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> -    //
> -    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> -  }
> -
> -  //
> -  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> -  //
> -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> -    Status = RdRandGetBytes (RNGValueLength, RNGValue);
> -    return Status;
> -  }
> -
> -  //
> -  // The "raw" algorithm is intended to provide entropy directly
> -  //
> -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> -    //
> -    // When a DRBG is used on the output of a entropy source,
> -    // its security level must be at least 256 bits according to UEFI Spec.
> -    //
> -    if (RNGValueLength < 32) {
> -      return EFI_INVALID_PARAMETER;
> -    }
> -
> -    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> -    return Status;
> -  }
> -
> -  //
> -  // Other algorithms were unsupported by this driver.
> -  //
> -  return Status;
> -}
> -
>  //
>  // The Random Number Generator (RNG) protocol
>  //
> @@ -204,3 +119,44 @@ RngDriverEntry (
>
>    return Status;
>  }
> +
> +
> +/**
> +  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> +
> +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> +
> +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> +  @retval EFI_NOT_READY      Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetBytes (
> +  IN UINTN         Length,
> +  OUT UINT8        *RandBuffer
> +  )
> +{
> +  BOOLEAN     IsRandom;
> +  UINT64      TempRand[2];
> +
> +  while (Length > 0) {
> +    IsRandom = GetRandomNumber128 (TempRand);
> +    if (!IsRandom) {
> +      return EFI_NOT_READY;
> +    }
> +    if (Length >= sizeof (TempRand)) {
> +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> +      RandBuffer += sizeof (UINT64);
> +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> +      RandBuffer += sizeof (UINT64);
> +      Length -= sizeof (TempRand);
> +    } else {
> +      CopyMem (RandBuffer, TempRand, Length);
> +      Length = 0;
> +    }
> +  }
> +
> +  return EFI_SUCCESS;
> +}
> --
> 2.26.2
>

Re: [edk2-devel] [PATCH v3 2/2] SecurityPkg: Add support for RngDxe on AARCH64

[Yao, Jiewen]

Acked-by: Jiewen Yao <Jiewen.yao@intel.com>

Need ARM expert to double confirm.

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Ard
> Biesheuvel
> Sent: Tuesday, May 11, 2021 10:44 PM
> To: Rebecca Cran <rebecca@nuviainc.com>; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Cc: edk2-devel-groups-io <devel@edk2.groups.io>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>
> Subject: Re: [edk2-devel] [PATCH v3 2/2] SecurityPkg: Add support for RngDxe
> on AARCH64
> 
> On Mon, 10 May 2021 at 23:53, Rebecca Cran <rebecca@nuviainc.com> wrote:
> >
> > AARCH64 support has been added to BaseRngLib via the optional
> > ARMv8.5 FEAT_RNG.
> >
> > Refactor RngDxe to support AARCH64, note support for it in the
> > VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
> >
> > Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> 
> I'm happy to take these and merge them if I can get an ack from a
> SecurityPkg maintainer.
> 
> 
> > ---
> >  SecurityPkg/SecurityPkg.dec                                   |   2 +
> >  SecurityPkg/SecurityPkg.dsc                                   |  11 +-
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117
> ++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127
> +++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-
> ----
> >  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146
> +++++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170
> ++++++++------------
> >  11 files changed, 483 insertions(+), 176 deletions(-)
> >
> > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> > index dfbbb0365a2b..4001650fa28e 100644
> > --- a/SecurityPkg/SecurityPkg.dec
> > +++ b/SecurityPkg/SecurityPkg.dec
> > @@ -297,6 +297,8 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
> >
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|
> UINT32|0x00010030
> >
> gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|
> UINT32|0x00010031
> >
> > +
> gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x0
> 0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID
> *|0x00010032
> > +
> >  [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> >    ## Image verification policy for OptionRom. Only following values are
> valid:<BR><BR>
> >    #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and
> has been removed.<BR>
> > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> > index 12ccd1634941..bd4b810bce61 100644
> > --- a/SecurityPkg/SecurityPkg.dsc
> > +++ b/SecurityPkg/SecurityPkg.dsc
> > @@ -259,6 +259,12 @@ [Components]
> >  [Components.IA32, Components.X64, Components.ARM,
> Components.AARCH64]
> >    SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
> >
> > +[Components.IA32, Components.X64, Components.AARCH64]
> > +  #
> > +  # Random Number Generator
> > +  #
> > +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > +
> >  [Components.IA32, Components.X64]
> >
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDx
> e.inf
> >
> > @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
> >
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib
> .inf
> >
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalP
> resenceLib.inf
> >
> > -  #
> > -  # Random Number Generator
> > -  #
> > -  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > -
> >    #
> >    # Opal Password solution
> >    #
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > index 99d6f6b35fc2..f3300971993f 100644
> > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > @@ -26,15 +26,22 @@ [Defines]
> >  #
> >  # The following information is for reference only and not required by the build
> tools.
> >  #
> > -#  VALID_ARCHITECTURES           = IA32 X64
> > +#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
> >  #
> >
> >  [Sources.common]
> >    RngDxe.c
> > -  RdRand.c
> > -  RdRand.h
> > -  AesCore.c
> > -  AesCore.h
> > +  RngDxeInternals.h
> > +
> > +[Sources.IA32, Sources.X64]
> > +  Rand/RngDxe.c
> > +  Rand/RdRand.c
> > +  Rand/RdRand.h
> > +  Rand/AesCore.c
> > +  Rand/AesCore.h
> > +
> > +[Sources.AARCH64]
> > +  AArch64/RngDxe.c
> >
> >  [Packages]
> >    MdePkg/MdePkg.dec
> > @@ -50,12 +57,19 @@ [LibraryClasses]
> >    RngLib
> >
> >  [Guids]
> > +  gEfiRngAlgorithmSp80090Hash256Guid  ## SOMETIMES_PRODUCES    ##
> GUID        # Unique ID of the algorithm for RNG
> > +  gEfiRngAlgorithmSp80090Hmac256Guid  ## SOMETIMES_PRODUCES    ##
> GUID        # Unique ID of the algorithm for RNG
> >    gEfiRngAlgorithmSp80090Ctr256Guid   ## SOMETIMES_PRODUCES    ## GUID
> # Unique ID of the algorithm for RNG
> > +  gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID
> # Unique ID of the algorithm for RNG
> > +  gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID
> # Unique ID of the algorithm for RNG
> >    gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID        #
> Unique ID of the algorithm for RNG
> >
> >  [Protocols]
> >    gEfiRngProtocolGuid                ## PRODUCES
> >
> > +[Pcd]
> > +  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ##
> CONSUMES
> > +
> >  [Depex]
> >    TRUE
> >
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> > similarity index 100%
> > rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> > similarity index 72%
> > rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> > index 12ab1f34ec6d..072378e062e7 100644
> > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> > @@ -23,23 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >  #include <Library/TimerLib.h>
> >  #include <Protocol/Rng.h>
> >
> > -/**
> > -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> > -
> > -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> > -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> > -
> > -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> > -  @retval EFI_NOT_READY      Failed to request random bytes.
> > -
> > -**/
> > -EFI_STATUS
> > -EFIAPI
> > -RdRandGetBytes (
> > -  IN UINTN         Length,
> > -  OUT UINT8        *RandBuffer
> > -  );
> > -
> >  /**
> >    Generate high-quality entropy source through RDRAND.
> >
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> > new file mode 100644
> > index 000000000000..2660ed5875e0
> > --- /dev/null
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> > @@ -0,0 +1,117 @@
> > +/** @file
> > +  Function prototypes for UEFI Random Number Generator protocol support.
> > +
> > +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> > +
> > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#ifndef RNGDXE_INTERNALS_H_
> > +#define RNGDXE_INTERNALS_H_
> > +
> > +/**
> > +  Returns information about the random number generation implementation.
> > +
> > +  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL instance.
> > +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> > +                                      On output with a return code of EFI_SUCCESS, the size
> > +                                      in bytes of the data returned in RNGAlgorithmList. On
> output
> > +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> > +                                      the size of RNGAlgorithmList required to obtain the list.
> > +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
> by the driver
> > +                                      with one EFI_RNG_ALGORITHM element for each
> supported
> > +                                      RNG algorithm. The list must not change across multiple
> > +                                      calls to the same driver. The first algorithm in the list
> > +                                      is the default algorithm for the driver.
> > +
> > +  @retval EFI_SUCCESS                 The RNG algorithm list was returned
> successfully.
> > +  @retval EFI_UNSUPPORTED             The services is not supported by this
> driver.
> > +  @retval EFI_DEVICE_ERROR            The list of algorithms could not be
> retrieved due to a
> > +                                      hardware or firmware error.
> > +  @retval EFI_INVALID_PARAMETER       One or more of the parameters are
> incorrect.
> > +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too
> small to hold the result.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetInfo (
> > +  IN EFI_RNG_PROTOCOL             *This,
> > +  IN OUT UINTN                    *RNGAlgorithmListSize,
> > +  OUT EFI_RNG_ALGORITHM           *RNGAlgorithmList
> > +  );
> > +
> > +/**
> > +  Produces and returns an RNG value using either the default or specified RNG
> algorithm.
> > +
> > +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> > +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM
> that identifies the RNG
> > +                                      algorithm to use. May be NULL in which case the
> function will
> > +                                      use its default RNG algorithm.
> > +  @param[in]  RNGValueLength          The length in bytes of the memory
> buffer pointed to by
> > +                                      RNGValue. The driver shall return exactly this numbers
> of bytes.
> > +  @param[out] RNGValue                A caller-allocated memory buffer filled by
> the driver with the
> > +                                      resulting RNG value.
> > +
> > +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> > +  @retval EFI_UNSUPPORTED             The algorithm specified by
> RNGAlgorithm is not supported by
> > +                                      this driver.
> > +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
> to a hardware or
> > +                                      firmware error.
> > +  @retval EFI_NOT_READY               There is not enough random data available
> to satisfy the length
> > +                                      requested by RNGValueLength.
> > +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or
> RNGValueLength is zero.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetRNG (
> > +  IN EFI_RNG_PROTOCOL            *This,
> > +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> > +  IN UINTN                       RNGValueLength,
> > +  OUT UINT8                      *RNGValue
> > +  );
> > +
> > +/**
> > +  Returns information about the random number generation implementation.
> > +
> > +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> > +                                      On output with a return code of EFI_SUCCESS, the size
> > +                                      in bytes of the data returned in RNGAlgorithmList. On
> output
> > +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> > +                                      the size of RNGAlgorithmList required to obtain the list.
> > +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
> by the driver
> > +                                      with one EFI_RNG_ALGORITHM element for each
> supported
> > +                                      RNG algorithm. The list must not change across multiple
> > +                                      calls to the same driver. The first algorithm in the list
> > +                                      is the default algorithm for the driver.
> > +
> > +  @retval EFI_SUCCESS                 The RNG algorithm list was returned
> successfully.
> > +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too
> small to hold the result.
> > +
> > +**/
> > +UINTN
> > +EFIAPI
> > +ArchGetSupportedRngAlgorithms (
> > +  IN OUT UINTN                     *RNGAlgorithmListSize,
> > +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> > +  );
> > +
> > +/**
> > +  Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
> > +
> > +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> > +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> > +
> > +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> > +  @retval EFI_NOT_READY      Failed to request random bytes.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetBytes (
> > +  IN UINTN         Length,
> > +  OUT UINT8        *RandBuffer
> > +  );
> > +
> > +#endif  // RNGDXE_INTERNALS_H_
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> > new file mode 100644
> > index 000000000000..2810a9eb94ad
> > --- /dev/null
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> > @@ -0,0 +1,127 @@
> > +/** @file
> > +  RNG Driver to produce the UEFI Random Number Generator protocol.
> > +
> > +  The driver will use the RNDR instruction to produce random numbers.
> > +
> > +  RNG Algorithms defined in UEFI 2.4:
> > +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> > +   - EFI_RNG_ALGORITHM_RAW                    - Unsupported
> > +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> > +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> > +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> > +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> > +
> > +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> > +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> > +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> > +
> > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include <Library/BaseLib.h>
> > +#include <Library/BaseMemoryLib.h>
> > +#include <Library/UefiBootServicesTableLib.h>
> > +#include <Library/TimerLib.h>
> > +#include <Protocol/Rng.h>
> > +
> > +#include "RngDxeInternals.h"
> > +
> > +/**
> > +  Produces and returns an RNG value using either the default or specified RNG
> algorithm.
> > +
> > +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> > +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM
> that identifies the RNG
> > +                                      algorithm to use. May be NULL in which case the
> function will
> > +                                      use its default RNG algorithm.
> > +  @param[in]  RNGValueLength          The length in bytes of the memory
> buffer pointed to by
> > +                                      RNGValue. The driver shall return exactly this numbers
> of bytes.
> > +  @param[out] RNGValue                A caller-allocated memory buffer filled by
> the driver with the
> > +                                      resulting RNG value.
> > +
> > +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> > +  @retval EFI_UNSUPPORTED             The algorithm specified by
> RNGAlgorithm is not supported by
> > +                                      this driver.
> > +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
> to a hardware or
> > +                                      firmware error.
> > +  @retval EFI_NOT_READY               There is not enough random data available
> to satisfy the length
> > +                                      requested by RNGValueLength.
> > +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or
> RNGValueLength is zero.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetRNG (
> > +  IN EFI_RNG_PROTOCOL            *This,
> > +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> > +  IN UINTN                       RNGValueLength,
> > +  OUT UINT8                      *RNGValue
> > +  )
> > +{
> > +  EFI_STATUS    Status;
> > +
> > +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> > +    return EFI_INVALID_PARAMETER;
> > +  }
> > +
> > +  if (RNGAlgorithm == NULL) {
> > +    //
> > +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> > +    //
> > +    RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> > +  }
> > +
> > +  if (CompareGuid (RNGAlgorithm, PcdGetPtr
> (PcdCpuRngSupportedAlgorithm))) {
> > +    Status = RngGetBytes (RNGValueLength, RNGValue);
> > +    return Status;
> > +  }
> > +
> > +  //
> > +  // Other algorithms are unsupported by this driver.
> > +  //
> > +  return EFI_UNSUPPORTED;
> > +}
> > +
> > +/**
> > +  Returns information about the random number generation implementation.
> > +
> > +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> > +                                      On output with a return code of EFI_SUCCESS, the size
> > +                                      in bytes of the data returned in RNGAlgorithmList. On
> output
> > +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> > +                                      the size of RNGAlgorithmList required to obtain the list.
> > +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
> by the driver
> > +                                      with one EFI_RNG_ALGORITHM element for each
> supported
> > +                                      RNG algorithm. The list must not change across multiple
> > +                                      calls to the same driver. The first algorithm in the list
> > +                                      is the default algorithm for the driver.
> > +
> > +  @retval EFI_SUCCESS                 The RNG algorithm list was returned
> successfully.
> > +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too
> small to hold the result.
> > +
> > +**/
> > +UINTN
> > +EFIAPI
> > +ArchGetSupportedRngAlgorithms (
> > +  IN OUT UINTN                     *RNGAlgorithmListSize,
> > +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> > +  )
> > +{
> > +  UINTN RequiredSize;
> > +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> > +
> > +  RequiredSize = sizeof (EFI_RNG_ALGORITHM);
> > +
> > +  if (*RNGAlgorithmListSize < RequiredSize) {
> > +    *RNGAlgorithmListSize = RequiredSize;
> > +    return EFI_BUFFER_TOO_SMALL;
> > +  }
> > +
> > +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> > +
> > +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof
> (EFI_RNG_ALGORITHM));
> > +
> > +  *RNGAlgorithmListSize = RequiredSize;
> > +  return EFI_SUCCESS;
> > +}
> > +
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> > similarity index 100%
> > rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> > similarity index 71%
> > rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> > index e7dd5ab18111..83025a47d43d 100644
> > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> > @@ -8,48 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> >  **/
> >  #include <Library/RngLib.h>
> >
> > -#include "RdRand.h"
> >  #include "AesCore.h"
> > -
> > -/**
> > -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> > -
> > -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> > -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> > -
> > -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> > -  @retval EFI_NOT_READY      Failed to request random bytes.
> > -
> > -**/
> > -EFI_STATUS
> > -EFIAPI
> > -RdRandGetBytes (
> > -  IN UINTN         Length,
> > -  OUT UINT8        *RandBuffer
> > -  )
> > -{
> > -  BOOLEAN     IsRandom;
> > -  UINT64      TempRand[2];
> > -
> > -  while (Length > 0) {
> > -    IsRandom = GetRandomNumber128 (TempRand);
> > -    if (!IsRandom) {
> > -      return EFI_NOT_READY;
> > -    }
> > -    if (Length >= sizeof (TempRand)) {
> > -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> > -      RandBuffer += sizeof (UINT64);
> > -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> > -      RandBuffer += sizeof (UINT64);
> > -      Length -= sizeof (TempRand);
> > -    } else {
> > -      CopyMem (RandBuffer, TempRand, Length);
> > -      Length = 0;
> > -    }
> > -  }
> > -
> > -  return EFI_SUCCESS;
> > -}
> > +#include "RdRand.h"
> > +#include "RngDxeInternals.h"
> >
> >  /**
> >    Creates a 128bit random value that is fully forward and backward prediction
> resistant,
> > @@ -92,7 +53,7 @@ RdRandGetSeed128 (
> >    //
> >    for (Index = 0; Index < 32; Index++) {
> >      MicroSecondDelay (10);
> > -    Status = RdRandGetBytes (16, RandByte);
> > +    Status = RngGetBytes (16, RandByte);
> >      if (EFI_ERROR (Status)) {
> >        return Status;
> >      }
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> > new file mode 100644
> > index 000000000000..6b628a9f8bc6
> > --- /dev/null
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> > @@ -0,0 +1,146 @@
> > +/** @file
> > +  RNG Driver to produce the UEFI Random Number Generator protocol.
> > +
> > +  The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> > +  entropy and random number.
> > +
> > +  RNG Algorithms defined in UEFI 2.4:
> > +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> > +     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based
> DRBG)
> > +   - EFI_RNG_ALGORITHM_RAW                    - Supported
> > +     (Structuring RDRAND invocation can be guaranteed as high-quality entropy
> source)
> > +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> > +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> > +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> > +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> > +
> > +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> > +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> > +  SPDX-License-Identifier: BSD-2-Clause-Patent
> > +
> > +**/
> > +
> > +#include "RdRand.h"
> > +#include "RngDxeInternals.h"
> > +
> > +/**
> > +  Produces and returns an RNG value using either the default or specified RNG
> algorithm.
> > +
> > +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> > +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM
> that identifies the RNG
> > +                                      algorithm to use. May be NULL in which case the
> function will
> > +                                      use its default RNG algorithm.
> > +  @param[in]  RNGValueLength          The length in bytes of the memory
> buffer pointed to by
> > +                                      RNGValue. The driver shall return exactly this numbers
> of bytes.
> > +  @param[out] RNGValue                A caller-allocated memory buffer filled by
> the driver with the
> > +                                      resulting RNG value.
> > +
> > +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> > +  @retval EFI_UNSUPPORTED             The algorithm specified by
> RNGAlgorithm is not supported by
> > +                                      this driver.
> > +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
> to a hardware or
> > +                                      firmware error.
> > +  @retval EFI_NOT_READY               There is not enough random data available
> to satisfy the length
> > +                                      requested by RNGValueLength.
> > +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or
> RNGValueLength is zero.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetRNG (
> > +  IN EFI_RNG_PROTOCOL            *This,
> > +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> > +  IN UINTN                       RNGValueLength,
> > +  OUT UINT8                      *RNGValue
> > +  )
> > +{
> > +  EFI_STATUS    Status;
> > +
> > +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> > +    return EFI_INVALID_PARAMETER;
> > +  }
> > +
> > +  Status = EFI_UNSUPPORTED;
> > +  if (RNGAlgorithm == NULL) {
> > +    //
> > +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> > +    //
> > +    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> > +  }
> > +
> > +  //
> > +  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> > +  //
> > +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> > +    Status = RngGetBytes (RNGValueLength, RNGValue);
> > +    return Status;
> > +  }
> > +
> > +  //
> > +  // The "raw" algorithm is intended to provide entropy directly
> > +  //
> > +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> > +    //
> > +    // When a DRBG is used on the output of a entropy source,
> > +    // its security level must be at least 256 bits according to UEFI Spec.
> > +    //
> > +    if (RNGValueLength < 32) {
> > +      return EFI_INVALID_PARAMETER;
> > +    }
> > +
> > +    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> > +    return Status;
> > +  }
> > +
> > +  //
> > +  // Other algorithms were unsupported by this driver.
> > +  //
> > +  return Status;
> > +}
> > +
> > +/**
> > +  Returns information about the random number generation implementation.
> > +
> > +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> > +                                      On output with a return code of EFI_SUCCESS, the size
> > +                                      in bytes of the data returned in RNGAlgorithmList. On
> output
> > +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> > +                                      the size of RNGAlgorithmList required to obtain the list.
> > +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
> by the driver
> > +                                      with one EFI_RNG_ALGORITHM element for each
> supported
> > +                                      RNG algorithm. The list must not change across multiple
> > +                                      calls to the same driver. The first algorithm in the list
> > +                                      is the default algorithm for the driver.
> > +
> > +  @retval EFI_SUCCESS                 The RNG algorithm list was returned
> successfully.
> > +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too
> small to hold the result.
> > +
> > +**/
> > +UINTN
> > +EFIAPI
> > +ArchGetSupportedRngAlgorithms (
> > +  IN OUT UINTN                     *RNGAlgorithmListSize,
> > +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> > +  )
> > +{
> > +  UINTN RequiredSize;
> > +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> > +
> > +  RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
> > +
> > +  if (*RNGAlgorithmListSize < RequiredSize) {
> > +    *RNGAlgorithmListSize = RequiredSize;
> > +    return EFI_BUFFER_TOO_SMALL;
> > +  }
> > +
> > +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> > +
> > +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof
> (EFI_RNG_ALGORITHM));
> > +
> > +  // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
> > +  CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof
> (EFI_RNG_ALGORITHM));
> > +
> > +  *RNGAlgorithmListSize = RequiredSize;
> > +  return EFI_SUCCESS;
> > +}
> > +
> > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> > index 13d3dbd0bfbe..b959c70536ea 100644
> > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> > @@ -1,34 +1,32 @@
> >  /** @file
> >    RNG Driver to produce the UEFI Random Number Generator protocol.
> >
> > -  The driver will use the new RDRAND instruction to produce high-quality,
> high-performance
> > -  entropy and random number.
> > +  The driver uses CPU RNG instructions to produce high-quality,
> > +  high-performance entropy and random number.
> >
> >    RNG Algorithms defined in UEFI 2.4:
> > -   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> > -     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
> > -   - EFI_RNG_ALGORITHM_RAW                    - Supported
> > -     (Structuring RDRAND invocation can be guaranteed as high-quality entropy
> source)
> > -   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> > -   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> > -   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> > -   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> > +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> > +   - EFI_RNG_ALGORITHM_RAW
> > +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> > +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> > +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
> > +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID
> >
> >  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> >  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> > +
> >  SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> >  **/
> >
> > -#include "RdRand.h"
> > +#include <Library/BaseLib.h>
> > +#include <Library/BaseMemoryLib.h>
> > +#include <Library/UefiBootServicesTableLib.h>
> > +#include <Library/RngLib.h>
> > +#include <Library/TimerLib.h>
> > +#include <Protocol/Rng.h>
> >
> > -//
> > -// Supported RNG Algorithms list by this driver.
> > -//
> > -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> > -  EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> > -  EFI_RNG_ALGORITHM_RAW
> > -};
> > +#include "RngDxeInternals.h"
> >
> >  /**
> >    Returns information about the random number generation implementation.
> > @@ -62,106 +60,23 @@ RngGetInfo (
> >    )
> >  {
> >    EFI_STATUS    Status;
> > -  UINTN         RequiredSize;
> >
> >    if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
> >      return EFI_INVALID_PARAMETER;
> >    }
> >
> > -  RequiredSize = sizeof (mSupportedRngAlgorithms);
> > -  if (*RNGAlgorithmListSize < RequiredSize) {
> > -    Status = EFI_BUFFER_TOO_SMALL;
> > +  //
> > +  // Return algorithm list supported by driver.
> > +  //
> > +  if (RNGAlgorithmList != NULL) {
> > +    Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize,
> RNGAlgorithmList);
> >    } else {
> > -    //
> > -    // Return algorithm list supported by driver.
> > -    //
> > -    if (RNGAlgorithmList != NULL) {
> > -      CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
> > -      Status = EFI_SUCCESS;
> > -    } else {
> > -      Status = EFI_INVALID_PARAMETER;
> > -    }
> > +    Status = EFI_INVALID_PARAMETER;
> >    }
> > -  *RNGAlgorithmListSize = RequiredSize;
> >
> >    return Status;
> >  }
> >
> > -/**
> > -  Produces and returns an RNG value using either the default or specified RNG
> algorithm.
> > -
> > -  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> > -  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM
> that identifies the RNG
> > -                                      algorithm to use. May be NULL in which case the
> function will
> > -                                      use its default RNG algorithm.
> > -  @param[in]  RNGValueLength          The length in bytes of the memory buffer
> pointed to by
> > -                                      RNGValue. The driver shall return exactly this numbers of
> bytes.
> > -  @param[out] RNGValue                A caller-allocated memory buffer filled by
> the driver with the
> > -                                      resulting RNG value.
> > -
> > -  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> > -  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm
> is not supported by
> > -                                      this driver.
> > -  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
> to a hardware or
> > -                                      firmware error.
> > -  @retval EFI_NOT_READY               There is not enough random data available
> to satisfy the length
> > -                                      requested by RNGValueLength.
> > -  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or
> RNGValueLength is zero.
> > -
> > -**/
> > -EFI_STATUS
> > -EFIAPI
> > -RngGetRNG (
> > -  IN EFI_RNG_PROTOCOL            *This,
> > -  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> > -  IN UINTN                       RNGValueLength,
> > -  OUT UINT8                      *RNGValue
> > -  )
> > -{
> > -  EFI_STATUS    Status;
> > -
> > -  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> > -    return EFI_INVALID_PARAMETER;
> > -  }
> > -
> > -  Status = EFI_UNSUPPORTED;
> > -  if (RNGAlgorithm == NULL) {
> > -    //
> > -    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> > -    //
> > -    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> > -  }
> > -
> > -  //
> > -  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> > -  //
> > -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> > -    Status = RdRandGetBytes (RNGValueLength, RNGValue);
> > -    return Status;
> > -  }
> > -
> > -  //
> > -  // The "raw" algorithm is intended to provide entropy directly
> > -  //
> > -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> > -    //
> > -    // When a DRBG is used on the output of a entropy source,
> > -    // its security level must be at least 256 bits according to UEFI Spec.
> > -    //
> > -    if (RNGValueLength < 32) {
> > -      return EFI_INVALID_PARAMETER;
> > -    }
> > -
> > -    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> > -    return Status;
> > -  }
> > -
> > -  //
> > -  // Other algorithms were unsupported by this driver.
> > -  //
> > -  return Status;
> > -}
> > -
> >  //
> >  // The Random Number Generator (RNG) protocol
> >  //
> > @@ -204,3 +119,44 @@ RngDriverEntry (
> >
> >    return Status;
> >  }
> > +
> > +
> > +/**
> > +  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> > +
> > +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> > +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> > +
> > +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> > +  @retval EFI_NOT_READY      Failed to request random bytes.
> > +
> > +**/
> > +EFI_STATUS
> > +EFIAPI
> > +RngGetBytes (
> > +  IN UINTN         Length,
> > +  OUT UINT8        *RandBuffer
> > +  )
> > +{
> > +  BOOLEAN     IsRandom;
> > +  UINT64      TempRand[2];
> > +
> > +  while (Length > 0) {
> > +    IsRandom = GetRandomNumber128 (TempRand);
> > +    if (!IsRandom) {
> > +      return EFI_NOT_READY;
> > +    }
> > +    if (Length >= sizeof (TempRand)) {
> > +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> > +      RandBuffer += sizeof (UINT64);
> > +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> > +      RandBuffer += sizeof (UINT64);
> > +      Length -= sizeof (TempRand);
> > +    } else {
> > +      CopyMem (RandBuffer, TempRand, Length);
> > +      Length = 0;
> > +    }
> > +  }
> > +
> > +  return EFI_SUCCESS;
> > +}
> > --
> > 2.26.2
> >
> 
> 
> 
> 

Re: [PATCH v3 2/2] SecurityPkg: Add support for RngDxe on AARCH64

[Sami Mujawar]

This patch looks good to me.

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar


On 10/05/2021 10:53 PM, Rebecca Cran wrote:
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
> ---
>   SecurityPkg/SecurityPkg.dec                                   |   2 +
>   SecurityPkg/SecurityPkg.dsc                                   |  11 +-
>   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
>   SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
>   SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
>   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117 ++++++++++++++
>   SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127 +++++++++++++++
>   SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
>   SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-----
>   SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146 +++++++++++++++++
>   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170 ++++++++------------
>   11 files changed, 483 insertions(+), 176 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index dfbbb0365a2b..4001650fa28e 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -297,6 +297,8 @@ [PcdsFixedAtBuild, PcdsPatchableInModule]
>     gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
>     gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
>
> +  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
> +
>   [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
>     ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
>     #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
>   [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
>     SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> +  #
> +  # Random Number Generator
> +  #
> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
>   [Components.IA32, Components.X64]
>     SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>     SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
>     SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
>
> -  #
> -  # Random Number Generator
> -  #
> -  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
>     #
>     # Opal Password solution
>     #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..f3300971993f 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,22 @@ [Defines]
>   #
>   # The following information is for reference only and not required by the build tools.
>   #
> -#  VALID_ARCHITECTURES           = IA32 X64
> +#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
>   #
>
>   [Sources.common]
>     RngDxe.c
> -  RdRand.c
> -  RdRand.h
> -  AesCore.c
> -  AesCore.h
> +  RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> +  Rand/RngDxe.c
> +  Rand/RdRand.c
> +  Rand/RdRand.h
> +  Rand/AesCore.c
> +  Rand/AesCore.h
> +
> +[Sources.AARCH64]
> +  AArch64/RngDxe.c
>
>   [Packages]
>     MdePkg/MdePkg.dec
> @@ -50,12 +57,19 @@ [LibraryClasses]
>     RngLib
>
>   [Guids]
> +  gEfiRngAlgorithmSp80090Hash256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmSp80090Hmac256Guid  ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>     gEfiRngAlgorithmSp80090Ctr256Guid   ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>     gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>
>   [Protocols]
>     gEfiRngProtocolGuid                ## PRODUCES
>
> +[Pcd]
> +  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ## CONSUMES
> +
>   [Depex]
>     TRUE
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 72%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> index 12ab1f34ec6d..072378e062e7 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> @@ -23,23 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>   #include <Library/TimerLib.h>
>   #include <Protocol/Rng.h>
>
> -/**
> -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> -
> -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> -
> -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> -  @retval EFI_NOT_READY      Failed to request random bytes.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RdRandGetBytes (
> -  IN UINTN         Length,
> -  OUT UINT8        *RandBuffer
> -  );
> -
>   /**
>     Generate high-quality entropy source through RDRAND.
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..2660ed5875e0
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,117 @@
> +/** @file
> +  Function prototypes for UEFI Random Number Generator protocol support.
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_UNSUPPORTED             The services is not supported by this driver.
> +  @retval EFI_DEVICE_ERROR            The list of algorithms could not be retrieved due to a
> +                                      hardware or firmware error.
> +  @retval EFI_INVALID_PARAMETER       One or more of the parameters are incorrect.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> +  IN EFI_RNG_PROTOCOL             *This,
> +  IN OUT UINTN                    *RNGAlgorithmListSize,
> +  OUT EFI_RNG_ALGORITHM           *RNGAlgorithmList
> +  );
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  );
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  );
> +
> +/**
> +  Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
> +
> +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> +
> +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> +  @retval EFI_NOT_READY      Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetBytes (
> +  IN UINTN         Length,
> +  OUT UINT8        *RandBuffer
> +  );
> +
> +#endif  // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..2810a9eb94ad
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,127 @@
> +/** @file
> +  RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> +  The driver will use the RNDR instruction to produce random numbers.
> +
> +  RNG Algorithms defined in UEFI 2.4:
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> +   - EFI_RNG_ALGORITHM_RAW                    - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +
> +  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "RngDxeInternals.h"
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  )
> +{
> +  EFI_STATUS    Status;
> +
> +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  if (RNGAlgorithm == NULL) {
> +    //
> +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> +    //
> +    RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +  }
> +
> +  if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> +    Status = RngGetBytes (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // Other algorithms are unsupported by this driver.
> +  //
> +  return EFI_UNSUPPORTED;
> +}
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  )
> +{
> +  UINTN RequiredSize;
> +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> +
> +  RequiredSize = sizeof (EFI_RNG_ALGORITHM);
> +
> +  if (*RNGAlgorithmListSize < RequiredSize) {
> +    *RNGAlgorithmListSize = RequiredSize;
> +    return EFI_BUFFER_TOO_SMALL;
> +  }
> +
> +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +
> +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
> +
> +  *RNGAlgorithmListSize = RequiredSize;
> +  return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> similarity index 71%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> index e7dd5ab18111..83025a47d43d 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
> @@ -8,48 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>   **/
>   #include <Library/RngLib.h>
>
> -#include "RdRand.h"
>   #include "AesCore.h"
> -
> -/**
> -  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> -
> -  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> -  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> -
> -  @retval EFI_SUCCESS        Random bytes generation succeeded.
> -  @retval EFI_NOT_READY      Failed to request random bytes.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RdRandGetBytes (
> -  IN UINTN         Length,
> -  OUT UINT8        *RandBuffer
> -  )
> -{
> -  BOOLEAN     IsRandom;
> -  UINT64      TempRand[2];
> -
> -  while (Length > 0) {
> -    IsRandom = GetRandomNumber128 (TempRand);
> -    if (!IsRandom) {
> -      return EFI_NOT_READY;
> -    }
> -    if (Length >= sizeof (TempRand)) {
> -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> -      RandBuffer += sizeof (UINT64);
> -      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> -      RandBuffer += sizeof (UINT64);
> -      Length -= sizeof (TempRand);
> -    } else {
> -      CopyMem (RandBuffer, TempRand, Length);
> -      Length = 0;
> -    }
> -  }
> -
> -  return EFI_SUCCESS;
> -}
> +#include "RdRand.h"
> +#include "RngDxeInternals.h"
>
>   /**
>     Creates a 128bit random value that is fully forward and backward prediction resistant,
> @@ -92,7 +53,7 @@ RdRandGetSeed128 (
>     //
>     for (Index = 0; Index < 32; Index++) {
>       MicroSecondDelay (10);
> -    Status = RdRandGetBytes (16, RandByte);
> +    Status = RngGetBytes (16, RandByte);
>       if (EFI_ERROR (Status)) {
>         return Status;
>       }
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> new file mode 100644
> index 000000000000..6b628a9f8bc6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> @@ -0,0 +1,146 @@
> +/** @file
> +  RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> +  The driver will use the new RDRAND instruction to produce high-quality, high-performance
> +  entropy and random number.
> +
> +  RNG Algorithms defined in UEFI 2.4:
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> +     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
> +   - EFI_RNG_ALGORITHM_RAW                    - Supported
> +     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +
> +  Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> +  (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include "RdRand.h"
> +#include "RngDxeInternals.h"
> +
> +/**
> +  Produces and returns an RNG value using either the default or specified RNG algorithm.
> +
> +  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> +  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> +                                      algorithm to use. May be NULL in which case the function will
> +                                      use its default RNG algorithm.
> +  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> +                                      RNGValue. The driver shall return exactly this numbers of bytes.
> +  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> +                                      resulting RNG value.
> +
> +  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> +  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> +                                      this driver.
> +  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> +                                      firmware error.
> +  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> +                                      requested by RNGValueLength.
> +  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> +  IN EFI_RNG_PROTOCOL            *This,
> +  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> +  IN UINTN                       RNGValueLength,
> +  OUT UINT8                      *RNGValue
> +  )
> +{
> +  EFI_STATUS    Status;
> +
> +  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  Status = EFI_UNSUPPORTED;
> +  if (RNGAlgorithm == NULL) {
> +    //
> +    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> +    //
> +    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> +  }
> +
> +  //
> +  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> +  //
> +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> +    Status = RngGetBytes (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // The "raw" algorithm is intended to provide entropy directly
> +  //
> +  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> +    //
> +    // When a DRBG is used on the output of a entropy source,
> +    // its security level must be at least 256 bits according to UEFI Spec.
> +    //
> +    if (RNGValueLength < 32) {
> +      return EFI_INVALID_PARAMETER;
> +    }
> +
> +    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> +    return Status;
> +  }
> +
> +  //
> +  // Other algorithms were unsupported by this driver.
> +  //
> +  return Status;
> +}
> +
> +/**
> +  Returns information about the random number generation implementation.
> +
> +  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
> +                                      On output with a return code of EFI_SUCCESS, the size
> +                                      in bytes of the data returned in RNGAlgorithmList. On output
> +                                      with a return code of EFI_BUFFER_TOO_SMALL,
> +                                      the size of RNGAlgorithmList required to obtain the list.
> +  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled by the driver
> +                                      with one EFI_RNG_ALGORITHM element for each supported
> +                                      RNG algorithm. The list must not change across multiple
> +                                      calls to the same driver. The first algorithm in the list
> +                                      is the default algorithm for the driver.
> +
> +  @retval EFI_SUCCESS                 The RNG algorithm list was returned successfully.
> +  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small to hold the result.
> +
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithms (
> +  IN OUT UINTN                     *RNGAlgorithmListSize,
> +  OUT    EFI_RNG_ALGORITHM         *RNGAlgorithmList
> +  )
> +{
> +  UINTN RequiredSize;
> +  EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
> +
> +  RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
> +
> +  if (*RNGAlgorithmListSize < RequiredSize) {
> +    *RNGAlgorithmListSize = RequiredSize;
> +    return EFI_BUFFER_TOO_SMALL;
> +  }
> +
> +  CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
> +
> +  CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
> +
> +  // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
> +  CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
> +
> +  *RNGAlgorithmListSize = RequiredSize;
> +  return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> index 13d3dbd0bfbe..b959c70536ea 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> @@ -1,34 +1,32 @@
>   /** @file
>     RNG Driver to produce the UEFI Random Number Generator protocol.
>
> -  The driver will use the new RDRAND instruction to produce high-quality, high-performance
> -  entropy and random number.
> +  The driver uses CPU RNG instructions to produce high-quality,
> +  high-performance entropy and random number.
>
>     RNG Algorithms defined in UEFI 2.4:
> -   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
> -     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
> -   - EFI_RNG_ALGORITHM_RAW                    - Supported
> -     (Structuring RDRAND invocation can be guaranteed as high-quality entropy source)
> -   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> -   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> -   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID        - Unsupported
> -   - EFI_RNG_ALGORITHM_X9_31_AES_GUID         - Unsupported
> +   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
> +   - EFI_RNG_ALGORITHM_RAW
> +   - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
> +   - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_3DES_GUID
> +   - EFI_RNG_ALGORITHM_X9_31_AES_GUID
>
>   Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
>   (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
>   SPDX-License-Identifier: BSD-2-Clause-Patent
>
>   **/
>
> -#include "RdRand.h"
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/RngLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
>
> -//
> -// Supported RNG Algorithms list by this driver.
> -//
> -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> -  EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID,
> -  EFI_RNG_ALGORITHM_RAW
> -};
> +#include "RngDxeInternals.h"
>
>   /**
>     Returns information about the random number generation implementation.
> @@ -62,106 +60,23 @@ RngGetInfo (
>     )
>   {
>     EFI_STATUS    Status;
> -  UINTN         RequiredSize;
>
>     if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
>       return EFI_INVALID_PARAMETER;
>     }
>
> -  RequiredSize = sizeof (mSupportedRngAlgorithms);
> -  if (*RNGAlgorithmListSize < RequiredSize) {
> -    Status = EFI_BUFFER_TOO_SMALL;
> +  //
> +  // Return algorithm list supported by driver.
> +  //
> +  if (RNGAlgorithmList != NULL) {
> +    Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
>     } else {
> -    //
> -    // Return algorithm list supported by driver.
> -    //
> -    if (RNGAlgorithmList != NULL) {
> -      CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize);
> -      Status = EFI_SUCCESS;
> -    } else {
> -      Status = EFI_INVALID_PARAMETER;
> -    }
> +    Status = EFI_INVALID_PARAMETER;
>     }
> -  *RNGAlgorithmListSize = RequiredSize;
>
>     return Status;
>   }
>
> -/**
> -  Produces and returns an RNG value using either the default or specified RNG algorithm.
> -
> -  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL instance.
> -  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that identifies the RNG
> -                                      algorithm to use. May be NULL in which case the function will
> -                                      use its default RNG algorithm.
> -  @param[in]  RNGValueLength          The length in bytes of the memory buffer pointed to by
> -                                      RNGValue. The driver shall return exactly this numbers of bytes.
> -  @param[out] RNGValue                A caller-allocated memory buffer filled by the driver with the
> -                                      resulting RNG value.
> -
> -  @retval EFI_SUCCESS                 The RNG value was returned successfully.
> -  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm is not supported by
> -                                      this driver.
> -  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due to a hardware or
> -                                      firmware error.
> -  @retval EFI_NOT_READY               There is not enough random data available to satisfy the length
> -                                      requested by RNGValueLength.
> -  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is zero.
> -
> -**/
> -EFI_STATUS
> -EFIAPI
> -RngGetRNG (
> -  IN EFI_RNG_PROTOCOL            *This,
> -  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
> -  IN UINTN                       RNGValueLength,
> -  OUT UINT8                      *RNGValue
> -  )
> -{
> -  EFI_STATUS    Status;
> -
> -  if ((RNGValueLength == 0) || (RNGValue == NULL)) {
> -    return EFI_INVALID_PARAMETER;
> -  }
> -
> -  Status = EFI_UNSUPPORTED;
> -  if (RNGAlgorithm == NULL) {
> -    //
> -    // Use the default RNG algorithm if RNGAlgorithm is NULL.
> -    //
> -    RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid;
> -  }
> -
> -  //
> -  // NIST SP800-90-AES-CTR-256 supported by RDRAND
> -  //
> -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) {
> -    Status = RdRandGetBytes (RNGValueLength, RNGValue);
> -    return Status;
> -  }
> -
> -  //
> -  // The "raw" algorithm is intended to provide entropy directly
> -  //
> -  if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
> -    //
> -    // When a DRBG is used on the output of a entropy source,
> -    // its security level must be at least 256 bits according to UEFI Spec.
> -    //
> -    if (RNGValueLength < 32) {
> -      return EFI_INVALID_PARAMETER;
> -    }
> -
> -    Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
> -    return Status;
> -  }
> -
> -  //
> -  // Other algorithms were unsupported by this driver.
> -  //
> -  return Status;
> -}
> -
>   //
>   // The Random Number Generator (RNG) protocol
>   //
> @@ -204,3 +119,44 @@ RngDriverEntry (
>
>     return Status;
>   }
> +
> +
> +/**
> +  Calls RDRAND to fill a buffer of arbitrary size with random bytes.
> +
> +  @param[in]   Length        Size of the buffer, in bytes,  to fill with.
> +  @param[out]  RandBuffer    Pointer to the buffer to store the random result.
> +
> +  @retval EFI_SUCCESS        Random bytes generation succeeded.
> +  @retval EFI_NOT_READY      Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetBytes (
> +  IN UINTN         Length,
> +  OUT UINT8        *RandBuffer
> +  )
> +{
> +  BOOLEAN     IsRandom;
> +  UINT64      TempRand[2];
> +
> +  while (Length > 0) {
> +    IsRandom = GetRandomNumber128 (TempRand);
> +    if (!IsRandom) {
> +      return EFI_NOT_READY;
> +    }
> +    if (Length >= sizeof (TempRand)) {
> +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]);
> +      RandBuffer += sizeof (UINT64);
> +      WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]);
> +      RandBuffer += sizeof (UINT64);
> +      Length -= sizeof (TempRand);
> +    } else {
> +      CopyMem (RandBuffer, TempRand, Length);
> +      Length = 0;
> +    }
> +  }
> +
> +  return EFI_SUCCESS;
> +}

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

回复: [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[gaoliming]

Thanks for your update. This version patches are good to me. 

Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

> -----邮件原件-----
> 发件人: Rebecca Cran <rebecca@nuviainc.com>
> 发送时间: 2021年5月11日 5:53
> 收件人: devel@edk2.groups.io; Jiewen Yao <jiewen.yao@intel.com>; Jian J
> Wang <jian.j.wang@intel.com>; Michael D Kinney
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Zhiguang Liu <zhiguang.liu@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>
> 抄送: Rebecca Cran <rebecca@nuviainc.com>
> 主题: [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and
> BaseRngLib for AARCH64 RNDR
> 
> Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
> the AARCH64 RNDR instruction.
> 
> Changes from v2 to v3:
> 
> o Fixed the default value of
> gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
>   to be an empty GUID.
> o Removed RNDRRS since it wasn't being used.
> o Fixed the commit message to remove mention of BaseLib.
> 
> Rebecca Cran (2):
>   MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
>   SecurityPkg: Add support for RngDxe on AARCH64
> 
>  MdePkg/MdePkg.dec
> |   9 +-
>  SecurityPkg/SecurityPkg.dec                                   |
> 2 +
>  MdePkg/MdePkg.dsc
> |   4 +-
>  SecurityPkg/SecurityPkg.dsc                                   |
> 11 +-
>  MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |
> 23 ++-
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |
> 24 ++-
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.h                    |
> 43 +++++
>  MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |
> 78 +++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> 0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |
> 17 --
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    |
> 117 ++++++++++++++
>  MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      |
> 139 ++++++++++++++++
>  MdePkg/Library/BaseRngLib/BaseRng.c                           |
> 87 +++++-----
>  MdePkg/Library/BaseRngLib/Rand/RdRand.c                       |
> 131 +++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     |
> 127 +++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> 0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |
> 45 +-----
>  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        |
> 146 +++++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             |
> 170 ++++++++------------
>  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |
> 31 ++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |
> 30 ++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.S                    |
> 37 +++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm                  |
> 39 +++++
>  MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |
> 6 +-
>  24 files changed, 1086 insertions(+), 230 deletions(-)
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
>  create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/AesCore.h (100%)
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/RdRand.h (72%)
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
>  create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/AesCore.c (100%)
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/RdRand.c (71%)
>  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
>  create mode 100644
> MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
>  create mode 100644
> MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> 
> --
> 2.26.2

Re: [edk2-devel] 回复: [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[Ard Biesheuvel]

On Tue, 11 May 2021 at 05:03, gaoliming <gaoliming@byosoft.com.cn> wrote:
>
> Thanks for your update. This version patches are good to me.
>
> Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
>

Merged as #1633

Thanks all,

> > -----邮件原件-----
> > 发件人: Rebecca Cran <rebecca@nuviainc.com>
> > 发送时间: 2021年5月11日 5:53
> > 收件人: devel@edk2.groups.io; Jiewen Yao <jiewen.yao@intel.com>; Jian J
> > Wang <jian.j.wang@intel.com>; Michael D Kinney
> > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> > Zhiguang Liu <zhiguang.liu@intel.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>
> > 抄送: Rebecca Cran <rebecca@nuviainc.com>
> > 主题: [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and
> > BaseRngLib for AARCH64 RNDR
> >
> > Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
> > the AARCH64 RNDR instruction.
> >
> > Changes from v2 to v3:
> >
> > o Fixed the default value of
> > gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
> >   to be an empty GUID.
> > o Removed RNDRRS since it wasn't being used.
> > o Fixed the commit message to remove mention of BaseLib.
> >
> > Rebecca Cran (2):
> >   MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
> >   SecurityPkg: Add support for RngDxe on AARCH64
> >
> >  MdePkg/MdePkg.dec
> > |   9 +-
> >  SecurityPkg/SecurityPkg.dec                                   |
> > 2 +
> >  MdePkg/MdePkg.dsc
> > |   4 +-
> >  SecurityPkg/SecurityPkg.dsc                                   |
> > 11 +-
> >  MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |
> > 23 ++-
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |
> > 24 ++-
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.h                    |
> > 43 +++++
> >  MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |
> > 78 +++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> > 0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |
> > 17 --
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    |
> > 117 ++++++++++++++
> >  MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      |
> > 139 ++++++++++++++++
> >  MdePkg/Library/BaseRngLib/BaseRng.c                           |
> > 87 +++++-----
> >  MdePkg/Library/BaseRngLib/Rand/RdRand.c                       |
> > 131 +++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     |
> > 127 +++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> > 0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |
> > 45 +-----
> >  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        |
> > 146 +++++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             |
> > 170 ++++++++------------
> >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |
> > 31 ++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |
> > 30 ++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.S                    |
> > 37 +++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm                  |
> > 39 +++++
> >  MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |
> > 6 +-
> >  24 files changed, 1086 insertions(+), 230 deletions(-)
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> >  create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/AesCore.h (100%)
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/RdRand.h (72%)
> >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> >  create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
> >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/AesCore.c (100%)
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/RdRand.c (71%)
> >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> >  create mode 100644
> > MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
> >  create mode 100644
> > MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> >
> > --
> > 2.26.2
>
>
>
>
>
> 
>
>

Re: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[PierreGondois]

Hello all,
I have a question about the this patch, and more generically the organization
of the MdePkg. The current organization, for the BaseRngLib, is as:
 - the BaseRngLib implements the library functions of
   MdePkg/Include/Library/RngLib.h
 - the BaseRngLib contains Ia32, X64 and AARCH64 implementations

This means the BaseRngLib contains arch specific functions. It comes that I
would like to re-use one of these arch specific functions. My question is
then, shouldn't the BaseRngLib contains an arch agnostic implementation,
and the arch specific implementation be placed in arch specific folders
(ArmPkg for arm, I am not sure for other architectures) ?

Another possibility for me is to me is to move the function that I want
to use to the ArmPkg, but this means the MdePkg would be dependent
on the ArmPkg. Would this be a viable option ?

Regards,
Pierre

On 5/10/21 11:53 PM, Rebecca Cran via groups.io wrote:
> Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
> the AARCH64 RNDR instruction.
>
> Changes from v2 to v3:
>
> o Fixed the default value of gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
>   to be an empty GUID.
> o Removed RNDRRS since it wasn't being used.
> o Fixed the commit message to remove mention of BaseLib.
>
> Rebecca Cran (2):
>   MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
>   SecurityPkg: Add support for RngDxe on AARCH64
>
>  MdePkg/MdePkg.dec                                             |   9 +-
>  SecurityPkg/SecurityPkg.dec                                   |   2 +
>  MdePkg/MdePkg.dsc                                             |   4 +-
>  SecurityPkg/SecurityPkg.dsc                                   |  11 +-
>  MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |  23 ++-
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf           |  24 ++-
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.h                    |  43 +++++
>  MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |  78 +++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |   0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |  17 --
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    | 117 ++++++++++++++
>  MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      | 139 ++++++++++++++++
>  MdePkg/Library/BaseRngLib/BaseRng.c                           |  87 +++++-----
>  MdePkg/Library/BaseRngLib/Rand/RdRand.c                       | 131 +++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c     | 127 +++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |   0
>  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |  45 +-----
>  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c        | 146 +++++++++++++++++
>  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c             | 170 ++++++++------------
>  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |  31 ++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |  30 ++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.S                    |  37 +++++
>  MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm                  |  39 +++++
>  MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |   6 +-
>  24 files changed, 1086 insertions(+), 230 deletions(-)
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
>  create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h (100%)
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h (72%)
>  create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
>  create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
>  create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c (100%)
>  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c (71%)
>  create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
>  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
>

回复: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[gaoliming]

Pierre:
  MdePkg can provide the arch specific implementation. BaseRngLib places the arch specific code into its Arch directory. If the arch logic is generic enough, new API can be defined in BaseLib.

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表
> PierreGondois
> 发送时间: 2022年1月18日 17:24
> 收件人: devel@edk2.groups.io; Jiewen Yao <jiewen.yao@intel.com>; Jian J
> Wang <jian.j.wang@intel.com>; Michael D Kinney
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> Zhiguang Liu <zhiguang.liu@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>;
> Rebecca Cran <quic_rcran@quicinc.com>
> 主题: Re: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to
> RngDxe and BaseRngLib for AARCH64 RNDR
> 
> Hello all,
> I have a question about the this patch, and more generically the organization
> of the MdePkg. The current organization, for the BaseRngLib, is as:
>  - the BaseRngLib implements the library functions of
>    MdePkg/Include/Library/RngLib.h
>  - the BaseRngLib contains Ia32, X64 and AARCH64 implementations
> 
> This means the BaseRngLib contains arch specific functions. It comes that I
> would like to re-use one of these arch specific functions. My question is
> then, shouldn't the BaseRngLib contains an arch agnostic implementation,
> and the arch specific implementation be placed in arch specific folders
> (ArmPkg for arm, I am not sure for other architectures) ?
> 
> Another possibility for me is to me is to move the function that I want
> to use to the ArmPkg, but this means the MdePkg would be dependent
> on the ArmPkg. Would this be a viable option ?
> 
> Regards,
> Pierre
> 
> On 5/10/21 11:53 PM, Rebecca Cran via groups.io wrote:
> > Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
> > the AARCH64 RNDR instruction.
> >
> > Changes from v2 to v3:
> >
> > o Fixed the default value of
> gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
> >   to be an empty GUID.
> > o Removed RNDRRS since it wasn't being used.
> > o Fixed the commit message to remove mention of BaseLib.
> >
> > Rebecca Cran (2):
> >   MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
> >   SecurityPkg: Add support for RngDxe on AARCH64
> >
> >  MdePkg/MdePkg.dec
> |   9 +-
> >  SecurityPkg/SecurityPkg.dec                                   |
> 2 +
> >  MdePkg/MdePkg.dsc
> |   4 +-
> >  SecurityPkg/SecurityPkg.dsc                                   |
> 11 +-
> >  MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |
> 23 ++-
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> |  24 ++-
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> |  43 +++++
> >  MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |
> 78 +++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> 0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |
> 17 --
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    |
> 117 ++++++++++++++
> >  MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      |
> 139 ++++++++++++++++
> >  MdePkg/Library/BaseRngLib/BaseRng.c
> |  87 +++++-----
> >  MdePkg/Library/BaseRngLib/Rand/RdRand.c
> | 131 +++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> | 127 +++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> 0
> >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |
> 45 +-----
> >  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> | 146 +++++++++++++++++
> >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> | 170 ++++++++------------
> >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |
> 31 ++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |
> 30 ++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> |  37 +++++
> >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> |  39 +++++
> >  MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |
> 6 +-
> >  24 files changed, 1086 insertions(+), 230 deletions(-)
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> >  create mode 100644 MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/AesCore.h (100%)
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/RdRand.h (72%)
> >  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> >  create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
> >  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/AesCore.c (100%)
> >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> Rand}/RdRand.c (71%)
> >  create mode 100644
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> >  create mode 100644
> MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
> >  create mode 100644
> MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> >
> 
> 
> 
> 

Re: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add support to RngDxe and BaseRngLib for AARCH64 RNDR

[Yao, Jiewen]

MdePkg *can* provide implementation. But usually, it is for a generic interface, which may be implemented by multiple architecture.

But here the TrngLib is very ARM specific, what it follows is "ARM TRNG firmware interface". For example, GetVersion, GetUUID.

As such, I suggest to name it ArmTrngLib and move to ArmPkg.

Thank you
Yao, Jiewen

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> gaoliming
> Sent: Wednesday, January 19, 2022 2:44 PM
> To: devel@edk2.groups.io; pierre.gondois@arm.com; Yao, Jiewen
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Kinney,
> Michael D <michael.d.kinney@intel.com>; Liu, Zhiguang
> <zhiguang.liu@intel.com>; 'Ard Biesheuvel' <ardb+tianocore@kernel.org>;
> 'Sami Mujawar' <sami.mujawar@arm.com>; 'Rebecca Cran'
> <quic_rcran@quicinc.com>
> Subject: 回复: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add
> support to RngDxe and BaseRngLib for AARCH64 RNDR
> 
> Pierre:
>   MdePkg can provide the arch specific implementation. BaseRngLib places
> the arch specific code into its Arch directory. If the arch logic is generic
> enough, new API can be defined in BaseLib.
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表
> > PierreGondois
> > 发送时间: 2022年1月18日 17:24
> > 收件人: devel@edk2.groups.io; Jiewen Yao <jiewen.yao@intel.com>; Jian
> J
> > Wang <jian.j.wang@intel.com>; Michael D Kinney
> > <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>;
> > Zhiguang Liu <zhiguang.liu@intel.com>; Ard Biesheuvel
> > <ardb+tianocore@kernel.org>; Sami Mujawar <sami.mujawar@arm.com>;
> > Rebecca Cran <quic_rcran@quicinc.com>
> > 主题: Re: [edk2-devel] [PATCH v3 0/2] MdePkg,SecurityPkg: Add support
> to
> > RngDxe and BaseRngLib for AARCH64 RNDR
> >
> > Hello all,
> > I have a question about the this patch, and more generically the
> organization
> > of the MdePkg. The current organization, for the BaseRngLib, is as:
> >  - the BaseRngLib implements the library functions of
> >    MdePkg/Include/Library/RngLib.h
> >  - the BaseRngLib contains Ia32, X64 and AARCH64 implementations
> >
> > This means the BaseRngLib contains arch specific functions. It comes that I
> > would like to re-use one of these arch specific functions. My question is
> > then, shouldn't the BaseRngLib contains an arch agnostic implementation,
> > and the arch specific implementation be placed in arch specific folders
> > (ArmPkg for arm, I am not sure for other architectures) ?
> >
> > Another possibility for me is to me is to move the function that I want
> > to use to the ArmPkg, but this means the MdePkg would be dependent
> > on the ArmPkg. Would this be a viable option ?
> >
> > Regards,
> > Pierre
> >
> > On 5/10/21 11:53 PM, Rebecca Cran via groups.io wrote:
> > > Update MdePkg BaseRngLib and SecurityPkg RngDxe to add support for
> > > the AARCH64 RNDR instruction.
> > >
> > > Changes from v2 to v3:
> > >
> > > o Fixed the default value of
> > gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
> > >   to be an empty GUID.
> > > o Removed RNDRRS since it wasn't being used.
> > > o Fixed the commit message to remove mention of BaseLib.
> > >
> > > Rebecca Cran (2):
> > >   MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions
> > >   SecurityPkg: Add support for RngDxe on AARCH64
> > >
> > >  MdePkg/MdePkg.dec
> > |   9 +-
> > >  SecurityPkg/SecurityPkg.dec                                   |
> > 2 +
> > >  MdePkg/MdePkg.dsc
> > |   4 +-
> > >  SecurityPkg/SecurityPkg.dsc                                   |
> > 11 +-
> > >  MdePkg/Library/BaseRngLib/BaseRngLib.inf                      |
> > 23 ++-
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> > |  24 ++-
> > >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> > |  43 +++++
> > >  MdePkg/Library/BaseRngLib/BaseRngLibInternals.h               |
> > 78 +++++++++
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
> > 0
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h  |
> > 17 --
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h    |
> > 117 ++++++++++++++
> > >  MdePkg/Library/BaseRngLib/AArch64/Rndr.c                      |
> > 139 ++++++++++++++++
> > >  MdePkg/Library/BaseRngLib/BaseRng.c
> > |  87 +++++-----
> > >  MdePkg/Library/BaseRngLib/Rand/RdRand.c
> > | 131 +++++++++++++++
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> > | 127 +++++++++++++++
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
> > 0
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c  |
> > 45 +-----
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> > | 146 +++++++++++++++++
> > >  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
> > | 170 ++++++++------------
> > >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S            |
> > 31 ++++
> > >  MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm          |
> > 30 ++++
> > >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> > |  37 +++++
> > >  MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> > |  39 +++++
> > >  MdePkg/Library/BaseRngLib/BaseRngLib.uni                      |
> > 6 +-
> > >  24 files changed, 1086 insertions(+), 230 deletions(-)
> > >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.h
> > >  create mode 100644
> MdePkg/Library/BaseRngLib/BaseRngLibInternals.h
> > >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/AesCore.h (100%)
> > >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/RdRand.h (72%)
> > >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> > >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/Rndr.c
> > >  create mode 100644 MdePkg/Library/BaseRngLib/Rand/RdRand.c
> > >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> > >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/AesCore.c (100%)
> > >  rename SecurityPkg/RandomNumberGenerator/RngDxe/{ =>
> > Rand}/RdRand.c (71%)
> > >  create mode 100644
> > SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
> > >  create mode 100644
> > MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.S
> > >  create mode 100644
> > MdePkg/Library/BaseRngLib/AArch64/ArmReadIdIsar0.asm
> > >  create mode 100644 MdePkg/Library/BaseRngLib/AArch64/ArmRng.S
> > >  create mode 100644
> MdePkg/Library/BaseRngLib/AArch64/ArmRng.asm
> > >
> >
> >
> >
> >
> 
> 
> 
> 
> 
> 
>