From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-oi1-f175.google.com (mail-oi1-f175.google.com [209.85.167.175]) by mx.groups.io with SMTP id smtpd.web10.9007.1619711418874417297 for ; Thu, 29 Apr 2021 08:50:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@nuviainc-com.20150623.gappssmtp.com header.s=20150623 header.b=JvT005l+; spf=pass (domain: nuviainc.com, ip: 209.85.167.175, mailfrom: rebecca@nuviainc.com) Received: by mail-oi1-f175.google.com with SMTP id i11so4963449oig.8 for ; Thu, 29 Apr 2021 08:50:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nuviainc-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=UELSOpntb1zfewsibSXVMWZtDevOLEINQTo5h/ucl68=; b=JvT005l+y/aqWJg/khk4k0puFS7eRl9dPmJdTzVQ1D5+GjUirzzo78A5svge6hPvCu fMdM1Uq+/OZpJeuGLNBhZ8xR/ccVb+Yu1IUJ7PBz3nsoJ2fs3k2HfLhdHMD3WXfQWc3C n03q6OiRW+gx9V8Uc2nC8zZRGfoa/tjR0W5E2eVUY+HASQiNXy62Pp6u3ehbQD9sGf30 Ltqf+ZHGX9DCr6D8Nth9J7/QznuHGcMHBk8E0WvJZnIFKRNSwF6K6hGYxLxB1khwGYZ1 Lfw46HNSq3oXTDErfQqee9mtbFqoLoWBIaiYkw/VaKyWgwIk7brbnm4gfA6plKEqZzXk 7wsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=UELSOpntb1zfewsibSXVMWZtDevOLEINQTo5h/ucl68=; b=rmawE/Kkp0nTwfzHK9UkJrOd54gJl+OxeZC26mwhfBz0vVXesSk7715Ms6uWllUTeJ S36BpQkGoQ4axtoG1orepuDTM99y9BxkKekCEyWw46qyqglCej6VYWpdqNjSl9BrweA5 s+AhsRarQ5/FxowNOa1THvi39VYbnKhXmiMReSJ1y3z/Hvrwo3Q26ap3dbMnQJKUpB5f pac/g5kSrYB6sFKZfUwfteTtTnPAIKniDvwNqPGiRQ9tcwQCoYVCXMrJa/53aFVTYZEL MiUqNL5DMczSF4D8BxVoK9Ej0m/lkH1dA2qzKbLBJAGNWUbGyN3CSnMzhKJo8OF0CJFR 6hkA== X-Gm-Message-State: AOAM530nT37LP85LDqpVkm+KINba2HewbgzbVNcsKHdSd4zZaIzXoX+l UgagqfgH3eQYNcYb/qdDeVeTiw== X-Google-Smtp-Source: ABdhPJwOcXt+i9RgODpfVQt9QQcwv4ufoi12qsEmR6hiPwLVpud947kUUyxVl9ODzPoU4hNPRJMmnw== X-Received: by 2002:aca:4916:: with SMTP id w22mr7424893oia.59.1619711418065; Thu, 29 Apr 2021 08:50:18 -0700 (PDT) Return-Path: Received: from [10.0.10.142] (c-174-52-16-57.hsd1.ut.comcast.net. [174.52.16.57]) by smtp.gmail.com with ESMTPSA id 65sm44280otj.17.2021.04.29.08.50.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Apr 2021 08:50:17 -0700 (PDT) Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtQQVRDSCAzLzNdIFNlY3VyaXR5UGtnOiBBZGQgc3VwcG9ydCBmb3IgUm5nRHhlIG9uIEFBUkNINjQ=?= To: devel@edk2.groups.io, gaoliming@byosoft.com.cn Cc: 'Jiewen Yao' , 'Jian J Wang' , 'Michael D Kinney' , 'Zhiguang Liu' , 'Ard Biesheuvel' , 'Sami Mujawar' References: <20210428204415.25454-1-rebecca@nuviainc.com> <20210428204415.25454-4-rebecca@nuviainc.com> <004301d73c94$cd734930$6859db90$@byosoft.com.cn> From: "Rebecca Cran" Message-ID: <78dab089-c4f0-8a22-3956-30ff93896544@nuviainc.com> Date: Thu, 29 Apr 2021 09:50:16 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0 MIME-Version: 1.0 In-Reply-To: <004301d73c94$cd734930$6859db90$@byosoft.com.cn> Content-Type: text/plain; charset=gbk; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit On 4/28/21 7:13 PM, gaoliming wrote: > Rebecca: > >> -----邮件原件----- >> 发件人: Rebecca Cran >> 发送时间: 2021年4月29日 4:44 >> 收件人: devel@edk2.groups.io >> 抄送: Rebecca Cran ; Jiewen Yao >> ; Jian J Wang ; Michael D >> Kinney ; Liming Gao >> ; Zhiguang Liu ; Ard >> Biesheuvel ; Sami Mujawar >> >> 主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64 >> >> AARCH64 support has been added to BaseRngLib via the optional >> ARMv8.5 FEAT_RNG. >> >> Refactor RngDxe to support AARCH64, note support for it in the >> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc. >> >> Signed-off-by: Rebecca Cran >> --- >> SecurityPkg/SecurityPkg.dsc | >> 11 +- >> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | >> 19 +++- >> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | >> 37 ++++++ >> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | >> 0 >> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | >> 0 >> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | >> 88 ++++++++++++++ >> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | >> 54 +++++++++ >> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | >> 108 ++++++++++++++++++ >> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | >> 0 >> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | >> 0 >> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | >> 120 ++++++++++++++++++++ >> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | >> 117 ++++--------------- >> 12 files changed, 450 insertions(+), 104 deletions(-) >> >> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc >> index 12ccd1634941..bd4b810bce61 100644 >> --- a/SecurityPkg/SecurityPkg.dsc >> +++ b/SecurityPkg/SecurityPkg.dsc >> @@ -259,6 +259,12 @@ [Components] >> [Components.IA32, Components.X64, Components.ARM, >> Components.AARCH64] >> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf >> >> +[Components.IA32, Components.X64, Components.AARCH64] >> + # >> + # Random Number Generator >> + # >> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> + >> [Components.IA32, Components.X64] >> >> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD >> xe.inf >> >> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64] >> >> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence >> Lib.inf >> >> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic >> alPresenceLib.inf >> >> - # >> - # Random Number Generator >> - # >> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> - >> # >> # Opal Password solution >> # >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> index 99d6f6b35fc2..c188b6076c00 100644 >> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> @@ -26,15 +26,24 @@ [Defines] >> # >> # The following information is for reference only and not required by the >> build tools. >> # >> -# VALID_ARCHITECTURES = IA32 X64 >> +# VALID_ARCHITECTURES = IA32 X64 AARCH64 >> # >> >> [Sources.common] >> RngDxe.c >> - RdRand.c >> - RdRand.h >> - AesCore.c >> - AesCore.h >> + RngDxeInternals.h >> + >> +[Sources.IA32, Sources.X64] >> + Rand/RngDxe.c >> + Rand/RdRand.c >> + Rand/RdRand.h >> + Rand/AesCore.c >> + Rand/AesCore.h >> + >> +[Sources.AARCH64] >> + AArch64/RngDxe.c >> + AArch64/Rndr.c >> + AArch64/Rndr.h >> >> [Packages] >> MdePkg/MdePkg.dec >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h >> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h >> new file mode 100644 >> index 000000000000..458faa834a3d >> --- /dev/null >> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h >> @@ -0,0 +1,37 @@ >> +/** @file >> + Header for the RNDR APIs used by RNG DXE driver. >> + >> + Support API definitions for RNDR instruction access. >> + >> + >> + Copyright (c) 2013, Intel Corporation. All rights reserved.
>> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP
>> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#ifndef RNDR_H_ >> +#define RNDR_H_ >> + >> +#include >> +#include >> + >> +/** >> + Calls RNDR to fill a buffer of arbitrary size with random bytes. >> + >> + @param[in] Length Size of the buffer, in bytes, to fill with. >> + @param[out] RandBuffer Pointer to the buffer to store the random >> result. >> + >> + @retval EFI_SUCCESS Random bytes generation succeeded. >> + @retval EFI_NOT_READY Failed to request random bytes. >> + >> +**/ >> +EFI_STATUS >> +EFIAPI >> +RndrGetBytes ( >> + IN UINTN Length, >> + OUT UINT8 *RandBuffer >> + ); >> + >> +#endif // RNDR_H_ >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h >> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h >> similarity index 100% >> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h >> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h >> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h >> similarity index 100% >> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h >> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h >> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h >> new file mode 100644 >> index 000000000000..7e38fc2564f6 >> --- /dev/null >> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h >> @@ -0,0 +1,88 @@ >> +/** @file >> + Function prototypes for UEFI Random Number Generator protocol >> support. >> + >> + Copyright (c) 2021, NUVIA Inc. All rights reserved.
>> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#ifndef RNGDXE_INTERNALS_H_ >> +#define RNGDXE_INTERNALS_H_ >> + >> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms; >> + >> +/** >> + Returns information about the random number generation >> implementation. >> + >> + @param[in] This A pointer to the >> EFI_RNG_PROTOCOL instance. >> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of >> RNGAlgorithmList. >> + On output with a return code >> of EFI_SUCCESS, the size >> + in bytes of the data returned >> in RNGAlgorithmList. On output >> + with a return code of >> EFI_BUFFER_TOO_SMALL, >> + the size of RNGAlgorithmList >> required to obtain the list. >> + @param[out] RNGAlgorithmList A caller-allocated memory >> buffer filled by the driver >> + with one >> EFI_RNG_ALGORITHM element for each supported >> + RNG algorithm. The list must >> not change across multiple >> + calls to the same driver. The >> first algorithm in the list >> + is the default algorithm for >> the driver. >> + >> + @retval EFI_SUCCESS The RNG algorithm list was >> returned successfully. >> + @retval EFI_UNSUPPORTED The services is not supported >> by this driver. >> + @retval EFI_DEVICE_ERROR The list of algorithms could >> not be retrieved due to a >> + hardware or firmware error. >> + @retval EFI_INVALID_PARAMETER One or more of the >> parameters are incorrect. >> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList >> is too small to hold the result. >> + >> +**/ >> +EFI_STATUS >> +EFIAPI >> +RngGetInfo ( >> + IN EFI_RNG_PROTOCOL *This, >> + IN OUT UINTN *RNGAlgorithmListSize, >> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList >> + ); >> + >> +/** >> + Produces and returns an RNG value using either the default or specified >> RNG algorithm. >> + >> + @param[in] This A pointer to the >> EFI_RNG_PROTOCOL instance. >> + @param[in] RNGAlgorithm A pointer to the >> EFI_RNG_ALGORITHM that identifies the RNG >> + algorithm to use. May be >> NULL in which case the function will >> + use its default RNG >> algorithm. >> + @param[in] RNGValueLength The length in bytes of the >> memory buffer pointed to by >> + RNGValue. The driver shall >> return exactly this numbers of bytes. >> + @param[out] RNGValue A caller-allocated memory >> buffer filled by the driver with the >> + resulting RNG value. >> + >> + @retval EFI_SUCCESS The RNG value was returned >> successfully. >> + @retval EFI_UNSUPPORTED The algorithm specified by >> RNGAlgorithm is not supported by >> + this driver. >> + @retval EFI_DEVICE_ERROR An RNG value could not be >> retrieved due to a hardware or >> + firmware error. >> + @retval EFI_NOT_READY There is not enough random >> data available to satisfy the length >> + requested by >> RNGValueLength. >> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or >> RNGValueLength is zero. >> + >> +**/ >> +EFI_STATUS >> +EFIAPI >> +RngGetRNG ( >> + IN EFI_RNG_PROTOCOL *This, >> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL >> + IN UINTN RNGValueLength, >> + OUT UINT8 *RNGValue >> + ); >> + >> +/** >> + Returns the size of the RNG algorithms structure. >> + >> + @return Size of the EFI_RNG_ALGORITHM list. >> +**/ >> +UINTN >> +EFIAPI >> +ArchGetSupportedRngAlgorithmsSize ( >> + VOID >> + ); >> + >> +#endif // RNGDXE_INTERNALS_H_ >> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c >> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c >> new file mode 100644 >> index 000000000000..36166a9cbc13 >> --- /dev/null >> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c >> @@ -0,0 +1,54 @@ >> +/** @file >> + Support routines for RNDR instruction access. >> + >> + Copyright (c) 2021, NUVIA Inc. All rights reserved.
>> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
>> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP
>> + >> + SPDX-License-Identifier: BSD-2-Clause-Patent >> + >> +**/ >> + >> +#include >> +#include >> + >> +#include "Rndr.h" >> + >> +/** >> + Calls RNDR to fill a buffer of arbitrary size with random bytes. >> + >> + @param[in] Length Size of the buffer, in bytes, to fill with. >> + @param[out] RandBuffer Pointer to the buffer to store the random >> result. >> + >> + @retval EFI_SUCCESS Random bytes generation succeeded. >> + @retval EFI_NOT_READY Failed to request random bytes. >> + >> +**/ >> +EFI_STATUS >> +EFIAPI >> +RndrGetBytes ( >> + IN UINTN Length, >> + OUT UINT8 *RandBuffer >> + ) >> +{ >> + BOOLEAN IsRandom; >> + UINT64 TempRand; >> + >> + while (Length > 0) { >> + IsRandom = GetRandomNumber64 (&TempRand); >> + if (!IsRandom) { >> + return EFI_NOT_READY; >> + } >> + if (Length >= sizeof (TempRand)) { >> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand); >> + RandBuffer += sizeof (UINT64); >> + Length -= sizeof (TempRand); >> + } else { >> + CopyMem (RandBuffer, &TempRand, Length); >> + Length = 0; >> + } >> + } >> + >> + return EFI_SUCCESS; >> +} >> + > > Can this function be shared between X86 and AARCH64? Yes. I've removed it, and will send out a v2 series. -- Rebecca Cran