From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.54423.1688460745958873734 for ; Tue, 04 Jul 2023 01:52:26 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E7FA5150C; Tue, 4 Jul 2023 01:53:07 -0700 (PDT) Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 0D56E3F73F; Tue, 4 Jul 2023 01:52:23 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Kun Qin Subject: [PATCH v2 5/6] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib Date: Tue, 4 Jul 2023 10:52:00 +0200 Message-Id: <20230704085201.260801-6-pierre.gondois@arm.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20230704085201.260801-1-pierre.gondois@arm.com> References: <20230704085201.260801-1-pierre.gondois@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). To allow the RngDxe to detect when such implementation is used, a GetRngGuid() function was added in a previous patch. The EFI_RNG_PROTOCOL can advertise multiple algorithms through Guids. The PcdCpuRngSupportedAlgorithm is currently used to advertise the RngLib in the Arm implementation. The issues of doing that are: - the RngLib implementation might not use CPU instructions, cf. the BaseRngLibTimerLib - most platforms don't set PcdCpuRngSupportedAlgorithm A GetRngGuid() was added to the RngLib in a previous patch, allowing to identify the algorithm implemented by the RngLib. Make use of this function and place the unsage algorithm at the last position in the mAvailableAlgoArray. Signed-off-by: Pierre Gondois --- .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 ++- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo= .c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index e8be217f8a8c..60bc6c375419 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -10,6 +10,7 @@ #include #include #include +#include =20 #include "RngDxeInternals.h" =20 @@ -28,9 +29,13 @@ GetAvailableAlgorithms ( VOID ) { - UINT64 DummyRand; - UINT16 MajorRevision; - UINT16 MinorRevision; + EFI_STATUS Status; + UINT16 MajorRevision; + UINT16 MinorRevision; + GUID RngGuid; + BOOLEAN UnSafeAlgo; + + UnSafeAlgo =3D FALSE; =20 // Rng algorithms 2 times, one for the allocation, one to populate. mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); @@ -38,24 +43,29 @@ GetAvailableAlgorithms ( return EFI_OUT_OF_RESOURCES; } =20 - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))= ) { - CopyMem ( - &mAvailableAlgoArray[mAvailableAlgoArrayCount], - PcdGetPtr (PcdCpuRngSupportedAlgorithm), - sizeof (EFI_RNG_ALGORITHM) - ); - mAvailableAlgoArrayCount++; - - DEBUG_CODE_BEGIN (); - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { + // Identify RngLib algorithm. + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status)) { + if (IsZeroGuid (&RngGuid) || + CompareGuid (&RngGuid, &gEfiRngAlgorithmUnSafe)) + { + // Treat zero GUID as an unsafe algorithm DEBUG (( DEBUG_WARN, - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" + "RngLib uses an Unsafe algorithm and " + "must not be used for production builds.\n" )); + // Set the UnSafeAlgo flag to indicate an unsafe algorithm was fou= nd + // so that it can be added at the end of the algorithm list. + UnSafeAlgo =3D TRUE; + } else { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &RngGuid, + sizeof (RngGuid) + ); + mAvailableAlgoArrayCount++; } - - DEBUG_CODE_END (); } =20 // Raw algorithm (Trng) @@ -68,5 +78,15 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++; } =20 + // Add unsafe algorithm at the end of the list. + if (UnSafeAlgo) { + CopyMem ( + &mAvailableAlgoArray[mAvailableAlgoArrayCount], + &gEfiRngAlgorithmUnSafe, + sizeof (EFI_RNG_ALGORITHM) + ); + mAvailableAlgoArrayCount++; + } + return EFI_SUCCESS; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Secur= ityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c index ce49ff7ae661..78a18c5e1177 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c @@ -78,6 +78,7 @@ RngGetRNG ( { EFI_STATUS Status; UINTN Index; + GUID RngGuid; =20 if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D= NULL)) { return EFI_INVALID_PARAMETER; @@ -102,7 +103,10 @@ RngGetRNG ( } =20 FoundAlgo: - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)= )) { + Status =3D GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status) && + CompareGuid (RNGAlgorithm, &RngGuid)) + { Status =3D RngGetBytes (RNGValueLength, RNGValue); return Status; } diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf index d6c2d30195bf..aa5743387ed9 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -75,13 +75,12 @@ [Guids] gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG + gEfiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG =20 [Protocols] gEfiRngProtocolGuid ## PRODUCES =20 -[Pcd.AARCH64] - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES - [Depex] TRUE =20 --=20 2.25.1