From: "Sami Mujawar" <sami.mujawar@arm.com>
To: pierre.gondois@arm.com, devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Zhiguang Liu <zhiguang.liu@intel.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>,
Ard Biesheuvel <ardb+tianocore@kernel.org>,
Jose Marinho <Jose.Marinho@arm.com>,
Samer El-Haj-Mahmoud <Samer.El-Haj-Mahmoud@arm.com>,
"nd@arm.com" <nd@arm.com>
Subject: Re: [PATCH v1 6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
Date: Thu, 29 Jun 2023 11:28:24 +0100 [thread overview]
Message-ID: <89f19363-1b7b-b576-865b-9910e6e2d18d@arm.com> (raw)
In-Reply-To: <20230509074042.1523428-7-pierre.gondois@arm.com>
[-- Attachment #1: Type: text/plain, Size: 7116 bytes --]
Hi Pierre,
Thank you for this patch.
I think we should treat algorithms that have a zero GUID as unsafe. I
have made some suggestions on those lines marked inline as [SAMI].
Regards,
Sami Mujawar
On 09/05/2023 08:40 am, pierre.gondois@arm.com wrote:
> From: Pierre Gondois<pierre.gondois@arm.com>
>
> BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4151
>
> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> To allow the RngDxe to detect when such implementation is used,
> a GetRngGuid() function was added in a previous patch.
>
> The EFI_RNG_PROTOCOL can advertise multiple algorithms through
> Guids. The PcdCpuRngSupportedAlgorithm is currently used to
> advertise the RngLib in the Arm implementation.
>
> The issues of doing that are:
> - the RngLib implementation might not use CPU instructions,
> cf. the BaseRngLibTimerLib
> - most platforms don't set PcdCpuRngSupportedAlgorithm
>
> A GetRngGuid() was added to the RngLib in a previous patch,
> allowing to identify the algorithm implemented by the RngLib.
> Make use of this function.
>
> Signed-off-by: Pierre Gondois<pierre.gondois@arm.com>
> ---
> .../RngDxe/AArch64/AArch64Algo.c | 24 +++++++++----------
> .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 ++++-
> .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++--
> 3 files changed, 19 insertions(+), 16 deletions(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> index e8be217f8a8c..a1ff7bd58fda 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> @@ -10,6 +10,7 @@
> #include <Library/DebugLib.h>
> #include <Library/MemoryAllocationLib.h>
> #include <Library/ArmTrngLib.h>
> +#include <Library/RngLib.h>
>
> #include "RngDxeInternals.h"
>
> @@ -28,9 +29,10 @@ GetAvailableAlgorithms (
> VOID
> )
> {
> - UINT64 DummyRand;
> - UINT16 MajorRevision;
> - UINT16 MinorRevision;
> + EFI_STATUS Status;
> + UINT16 MajorRevision;
> + UINT16 MinorRevision;
> + GUID RngGuid;
>
> // Rng algorithms 2 times, one for the allocation, one to populate.
> mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
> @@ -38,24 +40,22 @@ GetAvailableAlgorithms (
> return EFI_OUT_OF_RESOURCES;
> }
>
> - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
> - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
<SNIP>
> + // Identify RngLib algorithm.
> + Status = GetRngGuid (&RngGuid);
> + if (!EFI_ERROR (Status)) {
> CopyMem (
> &mAvailableAlgoArray[mAvailableAlgoArrayCount],
> - PcdGetPtr (PcdCpuRngSupportedAlgorithm),
> - sizeof (EFI_RNG_ALGORITHM)
> + RngGuid,
> + sizeof (RngGuid)
> );
> mAvailableAlgoArrayCount++;
>
> - DEBUG_CODE_BEGIN ();
> - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> + if (IsZeroGuid (&RngGuid)) {
> DEBUG ((
> DEBUG_WARN,
> - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
> + "RngLib should have a non-zero GUID\n"
> ));
> }
> -
> - DEBUG_CODE_END ();
> }
>
> // Raw algorithm (Trng)
...
</SNIP>
[SAMI] I think this code should do the following:
---
BOOLEAN UnSafeAlgo = FALSE;
mAvailableAlgoArrayCount = 0;
// Identify RngLib algorithm.
Status = GetRngGuid (&RngGuid);
if(!EFI_ERROR (Status)) {
if((IsZeroGuid (&RngGuid)) ||
(CompareGuid (&RngGuid, &gEfiRngAlgorithmUnSafe))) {
// Treat zero GUID as an unsafe algorithm
DEBUG ((
DEBUG_WARN,
"RngLib uses an Unsafe algorithm and "
"must not be used for production builds.\n"
));
// Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
// so that it can be added at the end of the algorithm list.
UnSafeAlgo = TRUE;
} else{
CopyMem (
&mAvailableAlgoArray[mAvailableAlgoArrayCount],
&RngGuid,
sizeof(RngGuid)
);
mAvailableAlgoArrayCount++;
}
}
// Raw algorithm (Trng)
if(!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
CopyMem (
&mAvailableAlgoArray[mAvailableAlgoArrayCount],
&gEfiRngAlgorithmRaw,
sizeof(EFI_RNG_ALGORITHM)
);
mAvailableAlgoArrayCount++;
}
// Add unsafe algorithms at the end of the list.
if(UnSafeAlgo) {
CopyMem (
&mAvailableAlgoArray[mAvailableAlgoArrayCount],
&gEfiRngAlgorithmUnSafe,
sizeof(EFI_RNG_ALGORITHM)
);
mAvailableAlgoArrayCount++;
}
---
Doing this will not need the call to RngFindDefaultAlgo () introduced in
the next patch "[PATCH v1 7/8] SecurityPkg/RngDxe: Select safe default
Rng algorithm", which can be dropped.
[SAMI]
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> index ce49ff7ae661..78a18c5e1177 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> @@ -78,6 +78,7 @@ RngGetRNG (
> {
> EFI_STATUS Status;
> UINTN Index;
> + GUID RngGuid;
>
> if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
> return EFI_INVALID_PARAMETER;
> @@ -102,7 +103,10 @@ RngGetRNG (
> }
>
> FoundAlgo:
> - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> + Status = GetRngGuid (&RngGuid);
> + if (!EFI_ERROR (Status) &&
> + CompareGuid (RNGAlgorithm, &RngGuid))
> + {
> Status = RngGetBytes (RNGValueLength, RNGValue);
> return Status;
> }
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index d6c2d30195bf..aa5743387ed9 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -75,13 +75,12 @@ [Guids]
> gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
> gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
> gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
> + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
[SAMI] Can the [Guids] section be split to relect the usage across
architectures, please?
> + gEfiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
>
> [Protocols]
> gEfiRngProtocolGuid ## PRODUCES
>
> -[Pcd.AARCH64]
> - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
> -
> [Depex]
> TRUE
>
[-- Attachment #2: Type: text/html, Size: 12693 bytes --]
next prev parent reply other threads:[~2023-06-29 10:28 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-09 7:40 [PATCH v1 0/8] SecurityPkg/MdePkg: RngLib GUID PierreGondois
2023-05-09 7:40 ` [PATCH v1 1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation PierreGondois
2023-06-29 10:23 ` Sami Mujawar
2023-06-29 20:34 ` [edk2-devel] " Kun Qin
2023-06-30 13:56 ` PierreGondois
2023-05-09 7:40 ` [PATCH v1 2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg PierreGondois
2023-06-29 10:23 ` Sami Mujawar
2023-06-29 20:36 ` [edk2-devel] " Kun Qin
2023-06-30 14:30 ` PierreGondois
2023-06-30 17:00 ` Kun Qin
2023-05-09 7:40 ` [PATCH v1 3/8] MdePkg/DxeRngLib: Request raw algorithm instead of default PierreGondois
2023-06-29 10:24 ` Sami Mujawar
2023-05-09 7:40 ` [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms PierreGondois
2023-05-09 13:45 ` Yao, Jiewen
2023-05-09 13:50 ` Samer El-Haj-Mahmoud
2023-05-09 13:55 ` Yao, Jiewen
2023-06-06 16:09 ` PierreGondois
2023-06-29 10:24 ` Sami Mujawar
2023-05-09 7:40 ` [PATCH v1 5/8] MdePkg/Rng: Add GetRngGuid() to RngLib PierreGondois
2023-06-29 10:27 ` Sami Mujawar
2023-05-09 7:40 ` [PATCH v1 6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib PierreGondois
2023-06-29 10:28 ` Sami Mujawar [this message]
2023-05-09 7:40 ` [PATCH v1 7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm PierreGondois
2023-06-29 10:28 ` Sami Mujawar
2023-06-29 23:07 ` [edk2-devel] " Kun Qin
2023-06-30 7:22 ` Sami Mujawar
2023-05-09 7:40 ` [PATCH v1 8/8] SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm PierreGondois
2023-06-29 10:28 ` Sami Mujawar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89f19363-1b7b-b576-865b-9910e6e2d18d@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox