From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.6811.1666099855467007555 for ; Tue, 18 Oct 2022 06:30:55 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 66660244B; Tue, 18 Oct 2022 06:31:01 -0700 (PDT) Received: from pierre123.arm.com (pierre123.nice.arm.com [10.34.100.128]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id C91653F792; Tue, 18 Oct 2022 06:30:53 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Sami Mujawar , Leif Lindholm , Ard Biesheuvel , Rebecca Cran , Michael D Kinney , Liming Gao , Jiewen Yao , Jian J Wang Subject: [PATCH v8 15/19] SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through TrngLib Date: Tue, 18 Oct 2022 15:20:48 +0200 Message-Id: <20221018132052.1359530-16-Pierre.Gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221018132052.1359530-1-Pierre.Gondois@arm.com> References: <20221018132052.1359530-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Sami Mujawar Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3D3668) RawAlgorithm is used to provide access to entropy that is suitable for cryptographic applications. Therefore, add RawAlgorithm support that provides access to entropy using the TrngLib. Also remove unused UefiBootServicesTableLib library inclusion and Status variable. Signed-off-by: Pierre Gondois --- Notes: v4: - Use TrngLib from MdePkg instead of ArmPkg. This also allows to not build ArmMonitorLib, ArmSmcLib and ArmHvcLib. [Jiewen, Pierre] .../RngDxe/AArch64/RngDxe.c | 28 ++++++-- .../RandomNumberGenerator/RngDxe/ArmTrng.c | 71 +++++++++++++++++++ .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++ SecurityPkg/SecurityPkg.dsc | 3 + 4 files changed, 103 insertions(+), 4 deletions(-) create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/= SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c index 09a5924a699b..f5910e3b999f 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -1,11 +1,13 @@ /** @file RNG Driver to produce the UEFI Random Number Generator protocol. =20 - The driver will use the RNDR instruction to produce random numbers. + The driver can use RNDR instruction (through the RngLib and if FEAT_RN= G is + present) to produce random numbers. It also uses the Arm FW-TRNG inter= face + to implement EFI_RNG_ALGORITHM_RAW. =20 RNG Algorithms defined in UEFI 2.4: - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - - EFI_RNG_ALGORITHM_RAW - Unsupported + - EFI_RNG_ALGORITHM_RAW - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported @@ -26,12 +28,14 @@ #include #include #include +#include +#include #include =20 #include "RngDxeInternals.h" =20 // Maximum number of Rng algorithms. -#define RNG_AVAILABLE_ALGO_MAX 1 +#define RNG_AVAILABLE_ALGO_MAX 2 =20 /** Allocate and initialize mAvailableAlgoArray with the available Rng algorithms. Also update mAvailableAlgoArrayCount. @@ -46,8 +50,9 @@ GetAvailableAlgorithms ( ) { UINT64 DummyRand; + UINT16 MajorRevision; + UINT16 MinorRevision; =20 - // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating // Rng algorithms 2 times, one for the allocation, one to populate. mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); if (mAvailableAlgoArray =3D=3D NULL) { @@ -64,6 +69,16 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++; } =20 + // Raw algorithm (Trng) + if (!EFI_ERROR (GetTrngVersion (&MajorRevision, &MinorRevision))) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEfiRngAlgorithmRaw, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + return EFI_SUCCESS; } =20 @@ -141,6 +156,11 @@ FoundAlgo: return Status; } =20 + // Raw algorithm (Trng) + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + return GenerateEntropy (RNGValueLength, RNGValue); + } + // // Other algorithms are unsupported by this driver. // diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/ArmTrng.c new file mode 100644 index 000000000000..6100e02b32b0 --- /dev/null +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c @@ -0,0 +1,71 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver implements the EFI_RNG_ALGORITHM_RAW using the FW-TRNG + interface to provide entropy. + + Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include +#include +#include +#include + +#include "RngDxeInternals.h" + +/** + Generate high-quality entropy source using a TRNG or through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy = data. + + @retval RETURN_SUCCESS The function completed successfully= . + @retval RETURN_INVALID_PARAMETER Invalid parameter. + @retval RETURN_UNSUPPORTED Function not implemented. + @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small. + @retval RETURN_NOT_READY No Entropy available. +**/ +EFI_STATUS +EFIAPI +GenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN CollectedEntropyBits; + UINTN RequiredEntropyBits; + UINTN EntropyBits; + UINTN Index; + UINTN MaxBits; + + ZeroMem (Entropy, Length); + + RequiredEntropyBits =3D (Length << 3); + Index =3D 0; + CollectedEntropyBits =3D 0; + MaxBits =3D GetTrngMaxSupportedEntropyBits (); + while (CollectedEntropyBits < RequiredEntropyBits) { + EntropyBits =3D MIN ((RequiredEntropyBits - CollectedEntropyBits), M= axBits); + Status =3D GetTrngEntropy ( + EntropyBits, + (Length - Index), + &Entropy[Index] + ); + if (EFI_ERROR (Status)) { + // Discard the collected bits. + ZeroMem (Entropy, Length); + return Status; + } + + CollectedEntropyBits +=3D EntropyBits; + Index +=3D (EntropyBits >> 3); + } // while + + return Status; +} diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index 1985dfbb4619..f6e08da96140 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -43,8 +43,10 @@ [Sources.IA32, Sources.X64] =20 [Sources.AARCH64] AArch64/RngDxe.c + ArmTrng.c =20 [Packages] + MdeModulePkg/MdeModulePkg.dec MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec =20 @@ -57,6 +59,9 @@ [LibraryClasses] TimerLib RngLib =20 +[LibraryClasses.AARCH64] + TrngLib + [Guids] gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 6bf53c565882..a6b4952182cb 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -4,6 +4,7 @@ # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
# Copyright (c) 2022, Loongson Technology Corporation Limited. All right= s reserved.
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -89,6 +90,8 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64] =20 ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf =20 + TrngLib|MdePkg/Library/BaseTrngLibNull/BaseTrngLibNull.inf + [LibraryClasses.ARM] RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf =20 --=20 2.25.1