From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+107015+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 3483594193C
	for <rebecca@openfw.io>; Tue, 18 Jul 2023 11:52:49 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=tgxvwueU11YKQbM0fuXXyEeaGTslJRW+QzDnbjtPbnM=;
 c=relaxed/simple; d=groups.io;
 h=X-Received:X-Received:X-Received:X-Received:From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Transfer-Encoding;
 s=20140610; t=1689681167; v=1;
 b=Nt4VvFKJsc23VIzomKWuDcACSzOz4sZrPB42hWewZmNZhHqXTcJVGmQxjHdyXPixu8wSjrRY
 2DXjyihzy6rVgRYMNxcIE1OA8w5aP01veAs9BCgN0vEUBassYeV1TrmWKPwSiULgPX8JWs/ehB9
 cevrFjdnRROJYBzsxdBFjIGg=
X-Received: by 127.0.0.2 with SMTP id YpXvYY7687511xJdnVboWaJI; Tue, 18 Jul 2023 04:52:47 -0700
X-Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web10.5683.1689681167282406532
 for <devel@edk2.groups.io>;
 Tue, 18 Jul 2023 04:52:47 -0700
X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 67DA62F4;
	Tue, 18 Jul 2023 04:53:30 -0700 (PDT)
X-Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.101])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 66C323F6C4;
	Tue, 18 Jul 2023 04:52:45 -0700 (PDT)
From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Jose Marinho <Jose.Marinho@arm.com>,
	Kun Qin <kuqin12@gmail.com>
Subject: [edk2-devel] [PATCH v5 8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
Date: Tue, 18 Jul 2023 13:51:55 +0200
Message-Id: <20230718115156.1224842-9-pierre.gondois@arm.com>
In-Reply-To: <20230718115156.1224842-1-pierre.gondois@arm.com>
References: <20230718115156.1224842-1-pierre.gondois@arm.com>
MIME-Version: 1.0
Precedence: Bulk
List-Unsubscribe: <mailto:devel+unsubscribe@edk2.groups.io>
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com
X-Gm-Message-State: 9ic6zrDNAIBbr8yVYdY95kqTx7686176AA=
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=Nt4VvFKJ;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

From: Pierre Gondois <pierre.gondois@arm.com>

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151

The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function was added in a previous patch.

The EFI_RNG_PROTOCOL can advertise multiple algorithms through
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
advertise the RngLib in the Arm implementation.

The issues of doing that are:
- the RngLib implementation might not use CPU instructions,
  cf. the BaseRngLibTimerLib
- most platforms don't set PcdCpuRngSupportedAlgorithm

A GetRngGuid() was added to the RngLib in a previous patch,
allowing to identify the algorithm implemented by the RngLib.
Make use of this function and place the unsage algorithm
at the last position in the mAvailableAlgoArray.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 .../RngDxe/AArch64/AArch64Algo.c              | 55 +++++++++++++------
 .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  |  6 +-
 .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  5 +-
 3 files changed, 45 insertions(+), 21 deletions(-)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo=
.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
index e8be217f8a8c..a270441ebba0 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
@@ -10,6 +10,8 @@
 #include <Library/DebugLib.h>
 #include <Library/MemoryAllocationLib.h>
 #include <Library/ArmTrngLib.h>
+#include <Library/RngLib.h>
+#include <Guid/RngAlgorithm.h>
=20
 #include "RngDxeInternals.h"
=20
@@ -28,9 +30,13 @@ GetAvailableAlgorithms (
   VOID
   )
 {
-  UINT64  DummyRand;
-  UINT16  MajorRevision;
-  UINT16  MinorRevision;
+  EFI_STATUS  Status;
+  UINT16      MajorRevision;
+  UINT16      MinorRevision;
+  GUID        RngGuid;
+  BOOLEAN     UnSafeAlgo;
+
+  UnSafeAlgo =3D FALSE;
=20
   // Rng algorithms 2 times, one for the allocation, one to populate.
   mAvailableAlgoArray =3D AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
@@ -38,24 +44,29 @@ GetAvailableAlgorithms (
     return EFI_OUT_OF_RESOURCES;
   }
=20
-  // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
-  if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))=
) {
-    CopyMem (
-      &mAvailableAlgoArray[mAvailableAlgoArrayCount],
-      PcdGetPtr (PcdCpuRngSupportedAlgorithm),
-      sizeof (EFI_RNG_ALGORITHM)
-      );
-    mAvailableAlgoArrayCount++;
-
-    DEBUG_CODE_BEGIN ();
-    if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+  // Identify RngLib algorithm.
+  Status =3D GetRngGuid (&RngGuid);
+  if (!EFI_ERROR (Status)) {
+    if (IsZeroGuid (&RngGuid) ||
+        CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
+    {
+      // Treat zero GUID as an unsafe algorithm
       DEBUG ((
         DEBUG_WARN,
-        "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
+        "RngLib uses an Unsafe algorithm and "
+        "must not be used for production builds.\n"
         ));
+      // Set the UnSafeAlgo flag to indicate an unsafe algorithm was fou=
nd
+      // so that it can be added at the end of the algorithm list.
+      UnSafeAlgo =3D TRUE;
+    } else {
+      CopyMem (
+        &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+        &RngGuid,
+        sizeof (RngGuid)
+        );
+      mAvailableAlgoArrayCount++;
     }
-
-    DEBUG_CODE_END ();
   }
=20
   // Raw algorithm (Trng)
@@ -68,5 +79,15 @@ GetAvailableAlgorithms (
     mAvailableAlgoArrayCount++;
   }
=20
+  // Add unsafe algorithm at the end of the list.
+  if (UnSafeAlgo) {
+    CopyMem (
+      &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+      &gEdkiiRngAlgorithmUnSafe,
+      sizeof (EFI_RNG_ALGORITHM)
+      );
+    mAvailableAlgoArrayCount++;
+  }
+
   return EFI_SUCCESS;
 }
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/Secur=
ityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
index ce49ff7ae661..78a18c5e1177 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
@@ -78,6 +78,7 @@ RngGetRNG (
 {
   EFI_STATUS  Status;
   UINTN       Index;
+  GUID        RngGuid;
=20
   if ((This =3D=3D NULL) || (RNGValueLength =3D=3D 0) || (RNGValue =3D=3D=
 NULL)) {
     return EFI_INVALID_PARAMETER;
@@ -102,7 +103,10 @@ RngGetRNG (
   }
=20
 FoundAlgo:
-  if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)=
)) {
+  Status =3D GetRngGuid (&RngGuid);
+  if (!EFI_ERROR (Status) &&
+      CompareGuid (RNGAlgorithm, &RngGuid))
+  {
     Status =3D RngGetBytes (RNGValueLength, RNGValue);
     return Status;
   }
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi=
tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index d6c2d30195bf..27d3e39a675b 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -75,13 +75,12 @@ [Guids]
   gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID  =
      # Unique ID of the algorithm for RNG
   gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID  =
      # Unique ID of the algorithm for RNG
   gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID  =
      # Unique ID of the algorithm for RNG
+  gEfiRngAlgorithmArmRndr             ## SOMETIMES_PRODUCES    ## GUID  =
      # Unique ID of the algorithm for RNG
+  gEdkiiRngAlgorithmUnSafe            ## SOMETIMES_PRODUCES    ## GUID  =
      # Unique ID of the algorithm for RNG
=20
 [Protocols]
   gEfiRngProtocolGuid                ## PRODUCES
=20
-[Pcd.AARCH64]
-  gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ## CONSUMES
-
 [Depex]
   TRUE
=20
--=20
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107015): https://edk2.groups.io/g/devel/message/107015
Mute This Topic: https://groups.io/mt/100213737/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-