From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by mx.groups.io with SMTP id smtpd.web10.6686.1652791897922355344 for ; Tue, 17 May 2022 05:51:38 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=MiAzFy5W; spf=pass (domain: intel.com, ip: 134.134.136.20, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1652791897; x=1684327897; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=8S+SgCwob0xpX1UomS1IIZqqwpKW58USUdaRIzyyG3U=; b=MiAzFy5WzbCxkzTZQN4Qe8ZKCKLzwpU5kPgDVNefk8HYkLOXFVr4TPLo d6QnlpP8B8kRIQBlpyHvev1cdrykU1ZcB/8mX/c4YmEU8RlJLPFGsChju Ztw5ccCKCzx0M6KlNGNMtv8ouxSc5RNbasC/YHt8M5bzrtpSizbgHcT2F X/FFHC6Bzlw/4DAqjAvLsZnGWudZuceynZjnv1SaZB96IYFbf2XhjDHvF Skn6xv8CxqElJnuwFafGesznfyEBwCkT/zDPgno6Im9o1Ra8cmBDiK7U4 eW25L4KO5GUswvlP6hgRYyBH0Zv+QIKckZTIOn0422YC+PVb0BPib3zqp A==; X-IronPort-AV: E=McAfee;i="6400,9594,10349"; a="258734306" X-IronPort-AV: E=Sophos;i="5.91,232,1647327600"; d="scan'208";a="258734306" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 May 2022 05:51:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.91,232,1647327600"; d="scan'208";a="897663820" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by fmsmga005.fm.intel.com with ESMTP; 17 May 2022 05:51:37 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27; Tue, 17 May 2022 05:51:36 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.27 via Frontend Transport; Tue, 17 May 2022 05:51:36 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.174) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.27; Tue, 17 May 2022 05:51:36 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KSN/V14NSaTLu0DOGk1xhER/t37FyqDXFYkMiKejZ8ZPLdXaOdQNO2RLdBGLmBUlHSSKLliSSPdTrzbYD+jMDOhXupeddvc7bUAr51gS5PcarWztwDG29uBgS4ssM/1TYcfY/p6amrlMPHFko0JAdqCKmTGxvIH0FzZ4qD3WEXE3VYA5Vlf6411PmAg2SX1wm7zg+cY2uWOcD4OYXEc44JgTQ5JqURfPWC1e7dVSk8MnCnA4pnTO1i1tI6kbDFQuuqxK/6gqWUqXjAD6KHKpYCUGpEaZTMfNpqSiAlZg3Gj1On9tz3LOzQZgzAoxkxDlB7u8A0aAxoaqO1e7VysI3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s1VrCOSOItNz0cs6kkQMpJLDm96nK4YbJ+CpDieFz/o=; b=S3DQ77Vuar5f9VijKmZa48BARMw7L1h+yfj7q8E3teJfBaVUydCLNHUWrnf1kssa7CtEk0TIqdct7XTsIN1om/UF8KOp/zJOiZEBVsZx9nm27nXjTEmVXisSmaVw7UUWYFFJwihXlFQ8Hc0jZVbX+CDWjx7/FiVSx2wab2c0e4MYaknqOCr5oIQ1JmxQMpDYSKzaftoLh+lVe4lCN/VU7UNBUAcCxBHRwhlhcxRHjOMFYXZw/RSoswEapYd6KBgla210Z/S56K0T5ey0zon4vtZfWk10+BEYyjiyIYiYh3zej7XTjGy/9J3mTaEgRwnXwRrTH907Vzw/CCidvyXABg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SN6PR11MB3296.namprd11.prod.outlook.com (2603:10b6:805:c3::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5250.14; Tue, 17 May 2022 12:51:34 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::d55d:28c1:bfab:3dd%5]) with mapi id 15.20.5250.018; Tue, 17 May 2022 12:51:34 +0000 From: "Yao, Jiewen" To: "devel@edk2.groups.io" , "Rhodes, Sean" CC: "Dong, Guo" , "Rudolph, Patrick" , "Wang, Jian J" Subject: Re: [edk2-devel] [PATCH 1/2] SecurityPkg: Add RNG support Thread-Topic: [edk2-devel] [PATCH 1/2] SecurityPkg: Add RNG support Thread-Index: AQHYKQbef/IMu1ro80S17I/OJWkwWa0jhs5w Date: Tue, 17 May 2022 12:51:34 +0000 Message-ID: References: <1d1f788ceacb13c2485cfc5a0e76ebc6cc44f023.1645656222.git.sean@starlabs.systems> In-Reply-To: <1d1f788ceacb13c2485cfc5a0e76ebc6cc44f023.1645656222.git.sean@starlabs.systems> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.6.401.20 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ffb68af0-2ca1-439a-6240-08da3803f965 x-ms-traffictypediagnostic: SN6PR11MB3296:EE_ x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rQOr+Je6zuP0ZT1udHgShG9Cgrn8duc96KKUG2WmeKfoKPEILPfNZm/nIWdwWh44X1qDE9X1GFVX8BPlyife9TAS37QbcFlj8gbJ+cDJTjnOgARJTJHZv1+7qS8AWHUpg+1th8A88dh8/Rdat1jY7Fv0WdJwOWzgE1l/wQK1VvMo7AQ/4FRurVh4uuav0IZZNcPRTpHFWLS58/LRBMASOXO7dTfqBKeOxZrDtOHJw7K0jmdS1aYv2qgKT5n3gZQNd8Q7OJcxu1y15dWH3SqquyT/aoV4l7XdqNlIlpAqd/YX+z5tE8QRZJNE7nCthaBc0okscM5c8KJwl/IOuSEER3M1+kKTtIZHmJKhex9qTHKuLMPfCnyJSji4ftNB6/7EnD0oJVqJjA72gbkgbwOF/vgpjSx+z5fZxrwBoziHNvHKwieT9wixO16eumBC5RROvOTtcBwEcxiVPZFntyRUiqoy2x11Jv7LqFDJrKiTVxhSlaW4ia61T6c9h7Y4yrFpkK+uS8xqKrYD3UCerb4ITht8k6iWr1mJaS5QFcMlv0WfAonINnt7D/zEgnCA2wVmCZ0RSdIkJiLgkt5/N53rTkudd7ge3UeCJgSPa8AiGv5WuoIfkSj/HIv6iYx/gYpWSBQefu9eCS4UkBCATprZpkEJ4+h/bzhPTAG0IkqveXQILDlr7huYGmgKMXpVHrXd8rad/dgHtO8q/8zCZnkFmLB5rxQIpeSVcDY03oIa2ixx0C6j8liWruplnP/CDTphUpVEH7ju/+4flYOwLwjACirbB2I0dNJX7SwkehkxoWBX3A2qoMNcmHjVmZdQ4rRjYaJQmdclLoRJdxmictVtDA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(110136005)(76116006)(186003)(38100700002)(66446008)(64756008)(55016003)(82960400001)(8676002)(54906003)(4326008)(86362001)(15650500001)(122000001)(26005)(38070700005)(2906002)(83380400001)(53546011)(9686003)(7696005)(6506007)(5660300002)(33656002)(966005)(52536014)(8936002)(66946007)(66556008)(66476007)(71200400001)(316002)(107886003)(508600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?PdfUNY8YuxoBt02r2ZiZUxlVAcNXWGl3oxYZDvfom8zI8NHT+NA5wTe4U9c0?= =?us-ascii?Q?3UJRFHqhd3R8X+bHd/akyj06WYBGJkReUtMSdfO+T7hmZcQrxYkVKklh00UA?= =?us-ascii?Q?wKg4aVhamLUwCga854SdseFyfM3wdyO6bId9RKBOLFtRdFpW7PDz6xrSsD4S?= =?us-ascii?Q?uT8BmcpMLLjttQ3Uexjn26PZdoEUnDwR9re2WWYOu7RPOWrKhtbNOiArqAJG?= =?us-ascii?Q?L067eo+uqWiZpONi+7lSGe26/ZIIyXq+1FnpcF+qWdpwTridHhJSqgb4XK42?= =?us-ascii?Q?9vVf+enKODD4/7KmRrRm0ywoJeBsXFXWJ+QR4fajB8xdVfa6YVYMnRAvh6tP?= =?us-ascii?Q?+rxPXz93VDvcxd4XfJ+6iJ1sXoz8lprJFVXD6rkgaow2rPEwpNu68EyvY9J7?= =?us-ascii?Q?ZzeJHtuVlaohtM0M58P30dajLMCmQyAcKC0ioCkgKTVhLfnsMuyQXHu7w1xy?= =?us-ascii?Q?52YltSkcvaa1yubmOoT0bmJs77WXnO8zHGd1fqpiyhyrdeElfQ2aZCFn7a5g?= =?us-ascii?Q?555uNOJtHogO+Kz/n3sLt4VrVUuOo3owiM4MY2qy2b6UXJWToma8rxaWuCsM?= =?us-ascii?Q?xOUhCYjs0thb5Z4n+GXogzGarMe+GTbuN9b9rXFFASxDKHav+bcO9M0mj6qu?= =?us-ascii?Q?/iYYCT8dQY1UhD+q7Vbe4l9yzebncOJTj+DghbtXcOCqiHlA8e+YwCTK+peS?= =?us-ascii?Q?9zGUzwc4pm5UAu79WQCjQLGnzfqPGRSN3cA04snpfB+ryniYlu1KL7TFntrr?= =?us-ascii?Q?Uq4kG6gnL0UQQGb9oX2y5ryTZkPWWauAJKosrkLvdcS3An8JmZ0GmUnhJrdM?= =?us-ascii?Q?ziR1kQmT5rpkl7fbkk8ERyXrF5ReUBpGbq+PPr28szL6VOntO49f1LQE86Ls?= =?us-ascii?Q?YeFGUvIKqaG9HdQTZUex+BFTWrwmd5b2kdkzMQbyoJLwOExsUFSUlzDTY020?= =?us-ascii?Q?suJZ84RUKNqjGqaUxTPdmIwbdT+L03OZCMgu6Nph0eV/KxXufJKYMgGjhaw5?= =?us-ascii?Q?7S+ASCp/NFAcMv0ss6xdSPthaGBCJVIKAColhlJc/yloNL7G854QVCiz6Jvj?= =?us-ascii?Q?clWKRYrS0SnWBgpamVEXip6Umfr1/pb4Lq6wGbUm8SrWTXo9anNYq+vmMTWT?= =?us-ascii?Q?sdb/dGS7SwKHeVJ7q32kciMgd04lug5qO5EDWXV3J9hg+UtTaGaM0pvbdWk+?= =?us-ascii?Q?sLCexPEVdo+CSvxd1ALsns69ZIxnLqyfcWroIP8r+l9BJNcHiKSiykWz9bdH?= =?us-ascii?Q?cailRPq3TUnauic0G7gdyeRN9vetE+R3gfBQ2CBKhBVTySjUDK3GMrMdQrEH?= =?us-ascii?Q?9Hbp/9nQjQjKY4V6eMVOuveeN9lx2/CNbi8rPG1Fg6ILqLptBhUcdZfoAAB0?= =?us-ascii?Q?gp9LwmnUePnuz51aGx5oONaHD89icOk1jmE/UXzg4kREzQ3O8KBPbmhgZ3/J?= =?us-ascii?Q?/cTUphWA8UCLNS8yf076ffeao9RV38zIJ8r9DKYzV/fEFszf2OY8GRoBIQgZ?= =?us-ascii?Q?b5gmZppzdJNE8VJY2yuEGwYHpx8ld1RjbA94WjlL44hCDpF7F1TJze3AM0uj?= =?us-ascii?Q?pKLUKSyGQ+gRcsl79rbHqadvJiBnX7Ed0aKX+kvXJVtRNJKbagYF1zIGQCSm?= =?us-ascii?Q?8CpfV08RcBN3pBPPz1wdDEZcca1NsSuim3DJpvfW9oAO/B0fBzAoa8bVVvo0?= =?us-ascii?Q?Nta4nh0ri7PypBzpeTVcJ20dOADCoB+7nE+q00TzsTGKuisIgITCzasXAge2?= =?us-ascii?Q?7QgrKAp+Sg=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ffb68af0-2ca1-439a-6240-08da3803f965 X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2022 12:51:34.6418 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: YR0S/hoy+Dq0ODfb4kZ7L+dzk/077SIZGNS7kFF2NAV7ZyKdSwqpslXWj2/tvR1NIs+kQNo2+W7ol4IPo+GDEA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3296 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Some comment: 1) Please note that global variable is not allowed in BaseLib. +STATIC BOOLEAN mHasRdRand; 2) We already have https://github.com/tianocore/edk2/tree/master/MdePkg/Lib= rary/BaseRngLib Why we need another BaseRngLib ? > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Sean > Rhodes > Sent: Thursday, February 24, 2022 6:44 AM > To: devel@edk2.groups.io > Cc: Dong, Guo ; Patrick Rudolph > ; Yao, Jiewen ; > Wang, Jian J > Subject: [edk2-devel] [PATCH 1/2] SecurityPkg: Add RNG support >=20 > From: Patrick Rudolph >=20 > Uses the RDRAND instruction if available and install EfiRngProtocol. > The protocol may be used by iPXE or the Linux kernel to gather entropy. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Guo Dong > Signed-off-by: Patrick Rudolph > --- > SecurityPkg/Library/BaseRngLib/BaseRng.c | 199 ++++++++++++++++++ > SecurityPkg/Library/BaseRngLib/BaseRngLib.inf | 32 +++ > SecurityPkg/Library/BaseRngLib/BaseRngLib.uni | 17 ++ > 3 files changed, 248 insertions(+) > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRng.c > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.uni >=20 > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRng.c > b/SecurityPkg/Library/BaseRngLib/BaseRng.c > new file mode 100644 > index 0000000000..c21e713cb0 > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRng.c > @@ -0,0 +1,199 @@ > +/** @file >=20 > + Random number generator services that uses RdRand instruction access >=20 > + to provide high-quality random numbers. >=20 > + >=20 > +Copyright (c) 2015, Intel Corporation. All rights reserved.
>=20 > +SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + >=20 > +**/ >=20 > + >=20 > +#include >=20 > +#include >=20 > +#include >=20 > + >=20 > +STATIC BOOLEAN mHasRdRand; >=20 > + >=20 > +// >=20 > +// Bit mask used to determine if RdRand instruction is supported. >=20 > +// >=20 > +#define RDRAND_MASK BIT30 >=20 > + >=20 > +// >=20 > +// Limited retry number when valid random data is returned. >=20 > +// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and= IA-32 >=20 > +// Architectures Software Developer's Mannual". >=20 > +// >=20 > +#define RDRAND_RETRY_LIMIT 10 >=20 > + >=20 > +/** >=20 > + The constructor function checks whether or not RDRAND instruction is > supported >=20 > + by the host hardware. >=20 > + >=20 > + The constructor function checks whether or not RDRAND instruction is > supported. >=20 > + It will always return RETURN_SUCCESS. >=20 > + >=20 > + @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS. >=20 > + >=20 > +**/ >=20 > +RETURN_STATUS >=20 > +EFIAPI >=20 > +BaseRngLibConstructor ( >=20 > + VOID >=20 > + ) >=20 > +{ >=20 > + UINT32 RegEax; >=20 > + UINT32 RegEcx; >=20 > + >=20 > + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); >=20 > + if (RegEax < 1) { >=20 > + mHasRdRand =3D FALSE; >=20 > + return RETURN_SUCCESS; >=20 > + } >=20 > + >=20 > + // >=20 > + // Determine RDRAND support by examining bit 30 of the ECX register > returned by >=20 > + // CPUID. A value of 1 indicates that processor support RDRAND instruc= tion. >=20 > + // >=20 > + AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0); >=20 > + >=20 > + mHasRdRand =3D ((RegEcx & RDRAND_MASK) =3D=3D RDRAND_MASK); >=20 > + >=20 > + return RETURN_SUCCESS; >=20 > +} >=20 > + >=20 > +/** >=20 > + Generates a 16-bit random number. >=20 > + >=20 > + if Rand is NULL, then ASSERT(). >=20 > + >=20 > + @param[out] Rand Buffer pointer to store the 16-bit random value. >=20 > + >=20 > + @retval TRUE Random number generated successfully. >=20 > + @retval FALSE Failed to generate the random number. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +GetRandomNumber16 ( >=20 > + OUT UINT16 *Rand >=20 > + ) >=20 > +{ >=20 > + UINT32 Index; >=20 > + >=20 > + ASSERT (Rand !=3D NULL); >=20 > + >=20 > + if (mHasRdRand) { >=20 > + // >=20 > + // A loop to fetch a 16 bit random value with a retry count limit. >=20 > + // >=20 > + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { >=20 > + if (AsmRdRand16 (Rand)) { >=20 > + return TRUE; >=20 > + } >=20 > + } >=20 > + } >=20 > + >=20 > + return FALSE; >=20 > +} >=20 > + >=20 > +/** >=20 > + Generates a 32-bit random number. >=20 > + >=20 > + if Rand is NULL, then ASSERT(). >=20 > + >=20 > + @param[out] Rand Buffer pointer to store the 32-bit random value. >=20 > + >=20 > + @retval TRUE Random number generated successfully. >=20 > + @retval FALSE Failed to generate the random number. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +GetRandomNumber32 ( >=20 > + OUT UINT32 *Rand >=20 > + ) >=20 > +{ >=20 > + UINT32 Index; >=20 > + >=20 > + ASSERT (Rand !=3D NULL); >=20 > + >=20 > + if (mHasRdRand) { >=20 > + // >=20 > + // A loop to fetch a 32 bit random value with a retry count limit. >=20 > + // >=20 > + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { >=20 > + if (AsmRdRand32 (Rand)) { >=20 > + return TRUE; >=20 > + } >=20 > + } >=20 > + } >=20 > + >=20 > + return FALSE; >=20 > +} >=20 > + >=20 > +/** >=20 > + Generates a 64-bit random number. >=20 > + >=20 > + if Rand is NULL, then ASSERT(). >=20 > + >=20 > + @param[out] Rand Buffer pointer to store the 64-bit random value. >=20 > + >=20 > + @retval TRUE Random number generated successfully. >=20 > + @retval FALSE Failed to generate the random number. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +GetRandomNumber64 ( >=20 > + OUT UINT64 *Rand >=20 > + ) >=20 > +{ >=20 > + UINT32 Index; >=20 > + >=20 > + ASSERT (Rand !=3D NULL); >=20 > + >=20 > + if (mHasRdRand) { >=20 > + // >=20 > + // A loop to fetch a 64 bit random value with a retry count limit. >=20 > + // >=20 > + for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) { >=20 > + if (AsmRdRand64 (Rand)) { >=20 > + return TRUE; >=20 > + } >=20 > + } >=20 > + } >=20 > + >=20 > + return FALSE; >=20 > +} >=20 > + >=20 > +/** >=20 > + Generates a 128-bit random number. >=20 > + >=20 > + if Rand is NULL, then ASSERT(). >=20 > + >=20 > + @param[out] Rand Buffer pointer to store the 128-bit random value. >=20 > + >=20 > + @retval TRUE Random number generated successfully. >=20 > + @retval FALSE Failed to generate the random number. >=20 > + >=20 > +**/ >=20 > +BOOLEAN >=20 > +EFIAPI >=20 > +GetRandomNumber128 ( >=20 > + OUT UINT64 *Rand >=20 > + ) >=20 > +{ >=20 > + ASSERT (Rand !=3D NULL); >=20 > + >=20 > + // >=20 > + // Read first 64 bits >=20 > + // >=20 > + if (!GetRandomNumber64 (Rand)) { >=20 > + return FALSE; >=20 > + } >=20 > + >=20 > + // >=20 > + // Read second 64 bits >=20 > + // >=20 > + return GetRandomNumber64 (++Rand); >=20 > +} >=20 > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > new file mode 100644 > index 0000000000..67a91ccfff > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > @@ -0,0 +1,32 @@ > +## @file >=20 > +# Instance of RNG (Random Number Generator) Library. >=20 > +# >=20 > +# Copyright (c) 2020 9elements Agency GmbH.
>=20 > +# >=20 > +# SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > +# >=20 > +## >=20 > + >=20 > +[Defines] >=20 > + INF_VERSION =3D 0x00010005 >=20 > + BASE_NAME =3D BaseRngLib >=20 > + MODULE_UNI_FILE =3D BaseRngLib.uni >=20 > + FILE_GUID =3D 05C48431-DE18-4550-931A-3350E855149= 8 >=20 > + MODULE_TYPE =3D BASE >=20 > + VERSION_STRING =3D 1.0 >=20 > + LIBRARY_CLASS =3D RngLib >=20 > + CONSTRUCTOR =3D BaseRngLibConstructor >=20 > + >=20 > +# >=20 > +# VALID_ARCHITECTURES =3D IA32 X64 >=20 > +# >=20 > + >=20 > +[Sources.Ia32, Sources.X64] >=20 > + BaseRng.c >=20 > + >=20 > +[Packages] >=20 > + MdePkg/MdePkg.dec >=20 > + >=20 > +[LibraryClasses] >=20 > + BaseLib >=20 > + DebugLib >=20 > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > new file mode 100644 > index 0000000000..f3ed954c52 > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > @@ -0,0 +1,17 @@ > +// /** @file >=20 > +// Instance of RNG (Random Number Generator) Library. >=20 > +// >=20 > +// BaseRng Library that uses CPU RdRand instruction access to provide >=20 > +// high-quality random numbers. >=20 > +// >=20 > +// Copyright (c) 2015, Intel Corporation. All rights reserved.
>=20 > +// >=20 > +// SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > +// >=20 > +// **/ >=20 > + >=20 > + >=20 > +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG > Library" >=20 > + >=20 > +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library > that uses CPU RdRand instruction access to provide high-quality random > numbers" >=20 > + >=20 > -- > 2.32.0 >=20 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#86924): https://edk2.groups.io/g/devel/message/86924 > Mute This Topic: https://groups.io/mt/89353220/1772286 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com] > -=3D-=3D-=3D-=3D-=3D-=3D >=20