From: "PierreGondois" <pierre.gondois@arm.com>
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Sami Mujawar <sami.mujawar@arm.com>, Kun Qin <kuqin12@gmail.com>
Subject: [edk2-devel] [PATCH v6 8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
Date: Fri, 11 Aug 2023 16:33:09 +0200 [thread overview]
Message-ID: <20230811143310.55101-9-pierre.gondois@arm.com> (raw)
In-Reply-To: <20230811143310.55101-1-pierre.gondois@arm.com>
From: Pierre Gondois <pierre.gondois@arm.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function was added in a previous patch.
The EFI_RNG_PROTOCOL can advertise multiple algorithms through
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
advertise the RngLib in the Arm implementation.
The issues of doing that are:
- the RngLib implementation might not use CPU instructions,
cf. the BaseRngLibTimerLib
- most platforms don't set PcdCpuRngSupportedAlgorithm
A GetRngGuid() was added to the RngLib in a previous patch,
allowing to identify the algorithm implemented by the RngLib.
Make use of this function and place the unsage algorithm
at the last position in the mAvailableAlgoArray.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Tested-by: Kun Qin <kun.qin@microsoft.com>
---
.../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 +-
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +-
3 files changed, 44 insertions(+), 21 deletions(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
index e8be217f8a8c..a270441ebba0 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
@@ -10,6 +10,8 @@
#include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/ArmTrngLib.h>
+#include <Library/RngLib.h>
+#include <Guid/RngAlgorithm.h>
#include "RngDxeInternals.h"
@@ -28,9 +30,13 @@ GetAvailableAlgorithms (
VOID
)
{
- UINT64 DummyRand;
- UINT16 MajorRevision;
- UINT16 MinorRevision;
+ EFI_STATUS Status;
+ UINT16 MajorRevision;
+ UINT16 MinorRevision;
+ GUID RngGuid;
+ BOOLEAN UnSafeAlgo;
+
+ UnSafeAlgo = FALSE;
// Rng algorithms 2 times, one for the allocation, one to populate.
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
@@ -38,24 +44,29 @@ GetAvailableAlgorithms (
return EFI_OUT_OF_RESOURCES;
}
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
- CopyMem (
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
- sizeof (EFI_RNG_ALGORITHM)
- );
- mAvailableAlgoArrayCount++;
-
- DEBUG_CODE_BEGIN ();
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+ // Identify RngLib algorithm.
+ Status = GetRngGuid (&RngGuid);
+ if (!EFI_ERROR (Status)) {
+ if (IsZeroGuid (&RngGuid) ||
+ CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
+ {
+ // Treat zero GUID as an unsafe algorithm
DEBUG ((
DEBUG_WARN,
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
+ "RngLib uses an Unsafe algorithm and "
+ "must not be used for production builds.\n"
));
+ // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
+ // so that it can be added at the end of the algorithm list.
+ UnSafeAlgo = TRUE;
+ } else {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &RngGuid,
+ sizeof (RngGuid)
+ );
+ mAvailableAlgoArrayCount++;
}
-
- DEBUG_CODE_END ();
}
// Raw algorithm (Trng)
@@ -68,5 +79,15 @@ GetAvailableAlgorithms (
mAvailableAlgoArrayCount++;
}
+ // Add unsafe algorithm at the end of the list.
+ if (UnSafeAlgo) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &gEdkiiRngAlgorithmUnSafe,
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+ }
+
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
index ce49ff7ae661..78a18c5e1177 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
@@ -78,6 +78,7 @@ RngGetRNG (
{
EFI_STATUS Status;
UINTN Index;
+ GUID RngGuid;
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -102,7 +103,10 @@ RngGetRNG (
}
FoundAlgo:
- if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+ Status = GetRngGuid (&RngGuid);
+ if (!EFI_ERROR (Status) &&
+ CompareGuid (RNGAlgorithm, &RngGuid))
+ {
Status = RngGetBytes (RNGValueLength, RNGValue);
return Status;
}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index d6c2d30195bf..8704a644414f 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -75,13 +75,11 @@ [Guids]
gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
+ gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
[Protocols]
gEfiRngProtocolGuid ## PRODUCES
-[Pcd.AARCH64]
- gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
-
[Depex]
TRUE
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#107717): https://edk2.groups.io/g/devel/message/107717
Mute This Topic: https://groups.io/mt/100684696/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2023-08-11 14:33 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-11 14:33 [edk2-devel] [PATCH v6 0/9] SecurityPkg/MdePkg: Update RngLib GUID identification PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 1/9] MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 2/9] MdePkg: Add deprecated warning to BaseRngLibTimer PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 3/9] SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 4/9] MdePkg/DxeRngLib: Request raw algorithm instead of default PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 5/9] MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 6/9] MdeModulePkg/Rng: Add GUID to describe unsafe " PierreGondois
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 7/9] MdePkg/Rng: Add GetRngGuid() to RngLib PierreGondois
2023-08-11 14:33 ` PierreGondois [this message]
2023-08-11 14:33 ` [edk2-devel] [PATCH v6 9/9] SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm PierreGondois
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230811143310.55101-9-pierre.gondois@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox