From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.8522.1658500376361470813 for ; Fri, 22 Jul 2022 07:32:56 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8AEAE1063; Fri, 22 Jul 2022 07:32:56 -0700 (PDT) Received: from pierre123.arm.com (pierre123.nice.arm.com [10.34.100.102]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 7BB783F70D; Fri, 22 Jul 2022 07:32:54 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang , Pierre Gondois Subject: [PATCH v4 16/21] SecurityPkg/RngDxe: Check before advertising Cpu Rng algo Date: Fri, 22 Jul 2022 16:31:48 +0200 Message-Id: <20220722143153.913585-17-Pierre.Gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220722143153.913585-1-Pierre.Gondois@arm.com> References: <20220722143153.913585-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois RngGetBytes() relies on the RngLib. The RngLib might use the RNDR instruction if the FEAT_RNG feature is present. RngGetInfo and RngGetRNG both must check that RngGetBytes() is working before advertising/using it. To do so, allocate an array storing the available algorithms. The Rng algorithm at the lowest index will be the default Rng algorithm. The array is shared between RngGetInfo and RngGetRNG. This array is allocated when the driver is loaded, and freed when unloaded. This patch also prevents from having PcdCpuRngSupportedAlgorithm let to a zero GUID, but let the possibility to have no valid Rng algorithm in such case. Signed-off-by: Pierre Gondois --- .../RngDxe/AArch64/RngDxe.c | 87 +++++++++++++++++-- .../RngDxe/Rand/RngDxe.c | 26 ++++++ .../RandomNumberGenerator/RngDxe/RngDxe.c | 40 ++++++++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 + .../RngDxe/RngDxeInternals.h | 27 ++++++ 5 files changed, 172 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/= SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c index f9c740d761ff..09a5924a699b 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -22,11 +22,63 @@ =20 #include #include +#include +#include #include +#include #include =20 #include "RngDxeInternals.h" =20 +// Maximum number of Rng algorithms. +#define RNG_AVAILABLE_ALGO_MAX 1 + +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ) +{ + UINT64 DummyRand; + + // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating + // Rng algorithms 2 times, one for the allocation, one to populate. + mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); + if (mAvailableAlgoArray =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. + if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))= ) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + PcdGetPtr (PcdCpuRngSupportedAlgorithm), + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + + return EFI_SUCCESS; +} + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ) +{ + FreePool (mAvailableAlgoArray); + return; +} + /** Produces and returns an RNG value using either the default or specifie= d RNG algorithm. =20 @@ -59,6 +111,7 @@ RngGetRNG ( ) { EFI_STATUS Status; + UINTN Index; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D= NULL)) { return EFI_INVALID_PARAMETER; @@ -68,9 +121,21 @@ RngGetRNG ( // // Use the default RNG algorithm if RNGAlgorithm is NULL. // - RNGAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); + for (Index =3D 0; Index < mAvailableAlgoArrayCount; Index++) { + if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { + RNGAlgorithm =3D &mAvailableAlgoArray[Index]; + goto FoundAlgo; + } + } + + if (Index =3D=3D mAvailableAlgoArrayCount) { + // No algorithm available. + ASSERT (Index !=3D mAvailableAlgoArrayCount); + return EFI_DEVICE_ERROR; + } } =20 +FoundAlgo: if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)= )) { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; @@ -113,24 +178,30 @@ RngGetInfo ( OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ) { - UINTN RequiredSize; - EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; - - RequiredSize =3D sizeof (EFI_RNG_ALGORITHM); + UINTN RequiredSize; =20 if ((This =3D=3D NULL) || (RNGAlgorithmListSize =3D=3D NULL)) { return EFI_INVALID_PARAMETER; } =20 + RequiredSize =3D mAvailableAlgoArrayCount * sizeof (EFI_RNG_ALGORITHM)= ; + + if (RequiredSize =3D=3D 0) { + // No supported algorithms found. + return EFI_UNSUPPORTED; + } + if (*RNGAlgorithmListSize < RequiredSize) { *RNGAlgorithmListSize =3D RequiredSize; return EFI_BUFFER_TOO_SMALL; } =20 - CpuRngSupportedAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); - - CopyMem (&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_R= NG_ALGORITHM)); + if (RNGAlgorithmList =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } =20 + // There is no gap in the array, so copy the block. + CopyMem (RNGAlgorithmList, mAvailableAlgoArray, RequiredSize); *RNGAlgorithmListSize =3D RequiredSize; return EFI_SUCCESS; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Sec= urityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 8f5d8e740f5e..677600bed7ab 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -26,6 +26,32 @@ =20 #include "RngDxeInternals.h" =20 +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ) +{ + return EFI_SUCCESS; +} + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ) +{ + return; +} + /** Produces and returns an RNG value using either the default or specifie= d RNG algorithm. =20 diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.c index d7905a7f4d72..421abb52b8bf 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -27,6 +27,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "RngDxeInternals.h" =20 +// +// Array containing the validated Rng algorithm. +// The entry with the lowest index will be the default algorithm. +// +UINTN mAvailableAlgoArrayCount; +EFI_RNG_ALGORITHM *mAvailableAlgoArray; + // // The Random Number Generator (RNG) protocol // @@ -66,8 +73,39 @@ RngDriverEntry ( &mRngRdRand, NULL ); + if (EFI_ERROR (Status)) { + return Status; + } =20 - return Status; + // + // Get the list of available algorithm. + // + return GetAvailableAlgorithms (); +} + +/** + This is the unload handle for RndgDxe module. + + Disconnect the driver specified by ImageHandle from all the devices in= the handle database. + Uninstall all the protocols installed in the driver entry point. + + @param[in] ImageHandle The drivers' driver image. + + @retval EFI_SUCCESS The image is unloaded. + @retval Others Failed to unload the image. + +**/ +EFI_STATUS +EFIAPI +RngDriverUnLoad ( + IN EFI_HANDLE ImageHandle + ) +{ + // + // Free the list of available algorithm. + // + FreeAvailableAlgorithms (); + return EFI_SUCCESS; } =20 /** diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 60efb5562ee0..1985dfbb4619 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -22,6 +22,7 @@ [Defines] MODULE_TYPE =3D DXE_DRIVER VERSION_STRING =3D 1.0 ENTRY_POINT =3D RngDriverEntry + UNLOAD_IMAGE =3D RngDriverUnLoad MODULE_UNI_FILE =3D RngDxe.uni =20 # diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b= /SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h index 7ecab140483d..f75140260820 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -12,6 +12,33 @@ =20 #include =20 +// +// Array containing the validated Rng algorithm. +// The entry with the lowest index will be the default algorithm. +// +extern UINTN mAvailableAlgoArrayCount; +extern EFI_RNG_ALGORITHM *mAvailableAlgoArray; + +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ); + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ); + /** Returns information about the random number generation implementation. =20 --=20 2.25.1