From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.6668.1666099854010255304 for ; Tue, 18 Oct 2022 06:30:54 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BCF4C1758; Tue, 18 Oct 2022 06:30:59 -0700 (PDT) Received: from pierre123.arm.com (pierre123.nice.arm.com [10.34.100.128]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 2B4E23F792; Tue, 18 Oct 2022 06:30:52 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang Subject: [PATCH v8 14/19] SecurityPkg/RngDxe: Check before advertising Cpu Rng algo Date: Tue, 18 Oct 2022 15:20:47 +0200 Message-Id: <20221018132052.1359530-15-Pierre.Gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221018132052.1359530-1-Pierre.Gondois@arm.com> References: <20221018132052.1359530-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois RngGetBytes() relies on the RngLib. The RngLib might use the RNDR instruction if the FEAT_RNG feature is present. RngGetInfo and RngGetRNG both must check that RngGetBytes() is working before advertising/using it. To do so, allocate an array storing the available algorithms. The Rng algorithm at the lowest index will be the default Rng algorithm. The array is shared between RngGetInfo and RngGetRNG. This array is allocated when the driver is loaded, and freed when unloaded. This patch also prevents from having PcdCpuRngSupportedAlgorithm let to a zero GUID, but let the possibility to have no valid Rng algorithm in such case. Signed-off-by: Pierre Gondois --- Notes: v4: - Replace RngInitAvailableAlgoArray() with GetAvailableAlgorithms() and FreeAvailableAlgorithms() and add an implementation of these functions for all archs. - Make mAvailableAlgoArrayCount and mAvailableAlgoArray global variable and dynamically allocated instead of static. - Add UNLOAD_IMAGE function to free mAvailableAlgoArray. - All of this was done in order to remove the: '#ifdef MDE_CPU_AARCH64' statement in the v3 of: SecurityPkg/RngDxe: Add Arm support of RngDxe .../RngDxe/AArch64/RngDxe.c | 87 +++++++++++++++++-- .../RngDxe/Rand/RngDxe.c | 26 ++++++ .../RandomNumberGenerator/RngDxe/RngDxe.c | 40 ++++++++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 + .../RngDxe/RngDxeInternals.h | 27 ++++++ 5 files changed, 172 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/= SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c index f9c740d761ff..09a5924a699b 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -22,11 +22,63 @@ =20 #include #include +#include +#include #include +#include #include =20 #include "RngDxeInternals.h" =20 +// Maximum number of Rng algorithms. +#define RNG_AVAILABLE_ALGO_MAX 1 + +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ) +{ + UINT64 DummyRand; + + // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating + // Rng algorithms 2 times, one for the allocation, one to populate. + mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); + if (mAvailableAlgoArray =3D=3D NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. + if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))= ) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + PcdGetPtr (PcdCpuRngSupportedAlgorithm), + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + + return EFI_SUCCESS; +} + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ) +{ + FreePool (mAvailableAlgoArray); + return; +} + /** Produces and returns an RNG value using either the default or specifie= d RNG algorithm. =20 @@ -59,6 +111,7 @@ RngGetRNG ( ) { EFI_STATUS Status; + UINTN Index; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D= NULL)) { return EFI_INVALID_PARAMETER; @@ -68,9 +121,21 @@ RngGetRNG ( // // Use the default RNG algorithm if RNGAlgorithm is NULL. // - RNGAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); + for (Index =3D 0; Index < mAvailableAlgoArrayCount; Index++) { + if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { + RNGAlgorithm =3D &mAvailableAlgoArray[Index]; + goto FoundAlgo; + } + } + + if (Index =3D=3D mAvailableAlgoArrayCount) { + // No algorithm available. + ASSERT (Index !=3D mAvailableAlgoArrayCount); + return EFI_DEVICE_ERROR; + } } =20 +FoundAlgo: if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)= )) { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; @@ -113,24 +178,30 @@ RngGetInfo ( OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ) { - UINTN RequiredSize; - EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; - - RequiredSize =3D sizeof (EFI_RNG_ALGORITHM); + UINTN RequiredSize; =20 if ((This =3D=3D NULL) || (RNGAlgorithmListSize =3D=3D NULL)) { return EFI_INVALID_PARAMETER; } =20 + RequiredSize =3D mAvailableAlgoArrayCount * sizeof (EFI_RNG_ALGORITHM)= ; + + if (RequiredSize =3D=3D 0) { + // No supported algorithms found. + return EFI_UNSUPPORTED; + } + if (*RNGAlgorithmListSize < RequiredSize) { *RNGAlgorithmListSize =3D RequiredSize; return EFI_BUFFER_TOO_SMALL; } =20 - CpuRngSupportedAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); - - CopyMem (&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_R= NG_ALGORITHM)); + if (RNGAlgorithmList =3D=3D NULL) { + return EFI_INVALID_PARAMETER; + } =20 + // There is no gap in the array, so copy the block. + CopyMem (RNGAlgorithmList, mAvailableAlgoArray, RequiredSize); *RNGAlgorithmListSize =3D RequiredSize; return EFI_SUCCESS; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Sec= urityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c index 8f5d8e740f5e..677600bed7ab 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -26,6 +26,32 @@ =20 #include "RngDxeInternals.h" =20 +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ) +{ + return EFI_SUCCESS; +} + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ) +{ + return; +} + /** Produces and returns an RNG value using either the default or specifie= d RNG algorithm. =20 diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.c index d7905a7f4d72..421abb52b8bf 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -27,6 +27,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent =20 #include "RngDxeInternals.h" =20 +// +// Array containing the validated Rng algorithm. +// The entry with the lowest index will be the default algorithm. +// +UINTN mAvailableAlgoArrayCount; +EFI_RNG_ALGORITHM *mAvailableAlgoArray; + // // The Random Number Generator (RNG) protocol // @@ -66,8 +73,39 @@ RngDriverEntry ( &mRngRdRand, NULL ); + if (EFI_ERROR (Status)) { + return Status; + } =20 - return Status; + // + // Get the list of available algorithm. + // + return GetAvailableAlgorithms (); +} + +/** + This is the unload handle for RndgDxe module. + + Disconnect the driver specified by ImageHandle from all the devices in= the handle database. + Uninstall all the protocols installed in the driver entry point. + + @param[in] ImageHandle The drivers' driver image. + + @retval EFI_SUCCESS The image is unloaded. + @retval Others Failed to unload the image. + +**/ +EFI_STATUS +EFIAPI +RngDriverUnLoad ( + IN EFI_HANDLE ImageHandle + ) +{ + // + // Free the list of available algorithm. + // + FreeAvailableAlgorithms (); + return EFI_SUCCESS; } =20 /** diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 60efb5562ee0..1985dfbb4619 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -22,6 +22,7 @@ [Defines] MODULE_TYPE =3D DXE_DRIVER VERSION_STRING =3D 1.0 ENTRY_POINT =3D RngDriverEntry + UNLOAD_IMAGE =3D RngDriverUnLoad MODULE_UNI_FILE =3D RngDxe.uni =20 # diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b= /SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h index 7ecab140483d..f75140260820 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -12,6 +12,33 @@ =20 #include =20 +// +// Array containing the validated Rng algorithm. +// The entry with the lowest index will be the default algorithm. +// +extern UINTN mAvailableAlgoArrayCount; +extern EFI_RNG_ALGORITHM *mAvailableAlgoArray; + +/** Allocate and initialize mAvailableAlgoArray with the available + Rng algorithms. Also update mAvailableAlgoArrayCount. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate memory. +**/ +EFI_STATUS +EFIAPI +GetAvailableAlgorithms ( + VOID + ); + +/** Free mAvailableAlgoArray. +**/ +VOID +EFIAPI +FreeAvailableAlgorithms ( + VOID + ); + /** Returns information about the random number generation implementation. =20 --=20 2.25.1