From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Sami Mujawar <sami.mujawar@arm.com>,
Leif Lindholm <quic_llindhol@quicinc.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Rebecca Cran <rebecca@bsdio.com>,
Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Pierre Gondois <pierre.gondois@arm.com>
Subject: [PATCH v4 05/21] MdePkg/TrngLib: Definition for TRNG library class interface
Date: Fri, 22 Jul 2022 16:31:37 +0200 [thread overview]
Message-ID: <20220722143153.913585-6-Pierre.Gondois@arm.com> (raw)
In-Reply-To: <20220722143153.913585-1-Pierre.Gondois@arm.com>
From: Sami Mujawar <sami.mujawar@arm.com>
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
The NIST Special Publications 800-90A, 800-90B and 800-90C
provide recommendations for random number generation. The
NIST 800-90C, Recommendation for Random Bit Generator (RBG)
Constructions, defines the GetEntropy() interface that is
used to access the entropy source. The GetEntropy() interface
is further used by Deterministic Random Bit Generators (DRBG)
to generate random numbers.
The True Random Number Generator (TRNG) library defines an
interface to access the entropy source on a platform. Some
platforms/architectures may provide access to the entropy
using a firmware interface. In such cases the TRNG library
shall be used to provide an abstraction.
Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
---
MdePkg/Include/Library/TrngLib.h | 121 +++++++++++++++++++++++++++++++
MdePkg/MdePkg.dec | 5 ++
2 files changed, 126 insertions(+)
create mode 100644 MdePkg/Include/Library/TrngLib.h
diff --git a/MdePkg/Include/Library/TrngLib.h b/MdePkg/Include/Library/TrngLib.h
new file mode 100644
index 000000000000..a6f165b1f918
--- /dev/null
+++ b/MdePkg/Include/Library/TrngLib.h
@@ -0,0 +1,121 @@
+/** @file
+ TRNG interface library definitions.
+
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Reference(s):
+ - [1] Arm True Random Number Generator Firmware, Interface 1.0,
+ Platform Design Document.
+ (https://developer.arm.com/documentation/den0098/latest/)
+ - [2] NIST Special Publication 800-90A Revision 1, June 2015, Recommendation
+ for Random Number Generation Using Deterministic Random Bit Generators.
+ (https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final)
+ - [3] NIST Special Publication 800-90B, Recommendation for the Entropy
+ Sources Used for Random Bit Generation.
+ (https://csrc.nist.gov/publications/detail/sp/800-90b/final)
+ - [4] (Second Draft) NIST Special Publication 800-90C, Recommendation for
+ Random Bit Generator (RBG) Constructions.
+ (https://csrc.nist.gov/publications/detail/sp/800-90c/draft)
+
+ @par Glossary:
+ - TRNG - True Random Number Generator
+**/
+
+#ifndef TRNG_LIB_H_
+#define TRNG_LIB_H_
+
+/** Get the version of the TRNG backend.
+
+ A TRNG may be implemented by the system firmware, in which case this
+ function shall return the version of the TRNG backend.
+ The implementation must return NOT_SUPPORTED if a Back end is not present.
+
+ @param [out] MajorRevision Major revision.
+ @param [out] MinorRevision Minor revision.
+
+ @retval RETURN_SUCCESS The function completed successfully.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Backend not present.
+**/
+RETURN_STATUS
+EFIAPI
+GetTrngVersion (
+ OUT UINT16 *MajorRevision,
+ OUT UINT16 *MinorRevision
+ );
+
+/** Get the UUID of the TRNG backend.
+
+ A TRNG may be implemented by the system firmware, in which case this
+ function shall return the UUID of the TRNG backend.
+ Returning the TRNG UUID is optional and if not implemented, RETURN_UNSUPPORTED
+ shall be returned.
+
+ Note: The caller must not rely on the returned UUID as a trustworthy TRNG
+ Back end identity
+
+ @param [out] Guid UUID of the TRNG backend.
+
+ @retval RETURN_SUCCESS The function completed successfully.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Function not implemented.
+**/
+RETURN_STATUS
+EFIAPI
+GetTrngUuid (
+ OUT GUID *Guid
+ );
+
+/** Returns maximum number of entropy bits that can be returned in a single
+ call.
+
+ @return Returns the maximum number of Entropy bits that can be returned
+ in a single call to GetTrngEntropy().
+**/
+UINTN
+EFIAPI
+GetTrngMaxSupportedEntropyBits (
+ VOID
+ );
+
+/** Returns N bits of conditioned entropy.
+
+ See [3] Section 2.3.1 GetEntropy: An Interface to the Entropy Source
+ GetEntropy
+ Input:
+ bits_of_entropy: the requested amount of entropy
+ Output:
+ entropy_bitstring: The string that provides the requested entropy.
+ status: A Boolean value that is TRUE if the request has been satisfied,
+ and is FALSE otherwise.
+
+ Note: In this implementation this function returns a status code instead
+ of a boolean value.
+ This is also compatible with the definition of Get_Entropy, see [4]
+ Section 7.4 Entropy Source Calls.
+ (status, entropy_bitstring) = Get_Entropy (
+ requested_entropy,
+ max_length
+ )
+
+ @param [in] EntropyBits Number of entropy bits requested.
+ @param [in] BufferSize Size of the Buffer in bytes.
+ @param [out] Buffer Buffer to return the entropy bits.
+
+ @retval RETURN_SUCCESS The function completed successfully.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Function not implemented.
+ @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small.
+ @retval RETURN_NOT_READY No Entropy available.
+**/
+RETURN_STATUS
+EFIAPI
+GetTrngEntropy (
+ IN UINTN EntropyBits,
+ IN UINTN BufferSize,
+ OUT UINT8 *Buffer
+ );
+
+#endif // TRNG_LIB_H_
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index f1ebf9e251c1..7ff26e22f915 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -7,6 +7,7 @@
# Copyright (c) 2007 - 2022, Intel Corporation. All rights reserved.<BR>
# Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
# (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -275,6 +276,10 @@ [LibraryClasses]
## @libraryclass Provides function for SMM CPU Rendezvous Library.
SmmCpuRendezvousLib|Include/Library/SmmCpuRendezvousLib.h
+ ## @libraryclass Provides services to generate Entropy using a TRNG.
+ #
+ TrngLib|Include/Library/TrngLib.h
+
[LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
## @libraryclass Provides services to generate random number.
#
--
2.25.1
next prev parent reply other threads:[~2022-07-22 14:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 14:31 [PATCH v4 00/21] Add Raw algorithm support using Arm FW-TRNG interface PierreGondois
2022-07-22 14:31 ` [PATCH v4 01/21] ArmPkg: PCD to select conduit for monitor calls PierreGondois
2022-07-22 14:31 ` [PATCH v4 02/21] ArmPkg/ArmMonitorLib: Definition for ArmMonitorLib library class PierreGondois
2022-07-22 14:31 ` [PATCH v4 03/21] ArmPkg/ArmMonitorLib: Add ArmMonitorLib PierreGondois
2022-07-22 14:31 ` [PATCH v4 04/21] ArmPkg/ArmHvcNullLib: Add NULL instance of ArmHvcLib PierreGondois
2022-07-22 14:31 ` PierreGondois [this message]
2022-07-26 1:11 ` [edk2-devel] [PATCH v4 05/21] MdePkg/TrngLib: Definition for TRNG library class interface Yao, Jiewen
2022-07-26 9:52 ` PierreGondois
2022-07-22 14:31 ` [PATCH v4 06/21] MdePkg/TrngLib: Add NULL instance of TRNG Library PierreGondois
2022-07-22 14:31 ` [PATCH v4 07/21] ArmPkg: Add FID definitions for Firmware TRNG PierreGondois
2022-07-22 14:31 ` [PATCH v4 08/21] ArmPkg/TrngLib: Add Arm Firmware TRNG library PierreGondois
2022-07-22 14:31 ` [PATCH v4 09/21] MdePkg/BaseRngLib: Rename ArmReadIdIsar0() to ArmGetFeatRng() PierreGondois
2022-07-22 14:31 ` [PATCH v4 10/21] ArmPkg/ArmLib: Add ArmReadIdIsar0() helper PierreGondois
2022-07-22 14:31 ` [PATCH v4 11/21] ArmPkg/ArmLib: Add ArmHasRngExt() PierreGondois
2022-07-22 14:31 ` [PATCH v4 12/21] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name PierreGondois
2022-07-22 14:31 ` [PATCH v4 13/21] SecurityPkg/RngDxe: Replace Pcd with Sp80090Ctr256Guid PierreGondois
2022-07-22 14:31 ` [PATCH v4 14/21] SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms() PierreGondois
2022-07-22 14:31 ` [PATCH v4 15/21] SecurityPkg/RngDxe: Documentation/include/parameter cleanup PierreGondois
2022-07-22 14:31 ` [PATCH v4 16/21] SecurityPkg/RngDxe: Check before advertising Cpu Rng algo PierreGondois
2022-07-22 14:31 ` [PATCH v4 17/21] SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through TrngLib PierreGondois
2022-07-22 14:31 ` [PATCH v4 18/21] SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm PierreGondois
2022-07-22 14:31 ` [PATCH v4 19/21] SecurityPkg/RngDxe: Rename AArch64/RngDxe.c PierreGondois
2022-07-22 14:31 ` [PATCH v4 20/21] SecurityPkg/RngDxe: Add Arm support of RngDxe PierreGondois
2022-07-22 14:31 ` [PATCH v4 21/21] ArmVirtPkg: Kvmtool: Add RNG support using FW-TRNG interface PierreGondois
2022-07-25 4:30 ` 回复: [PATCH v4 00/21] Add Raw algorithm support using Arm " gaoliming
2022-08-22 12:41 ` PierreGondois
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220722143153.913585-6-Pierre.Gondois@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox