From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.81]) by mx.groups.io with SMTP id smtpd.web08.864.1620747963398938170 for ; Tue, 11 May 2021 08:46:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=GzA1lxH/; spf=pass (domain: arm.com, ip: 40.107.14.81, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xvSsNsuQRizk+nCPDoPmqq9ohPyq4MSDQ1h9kaMPImo=; b=GzA1lxH/0Oa9DGwqnWItclSyB6mh4sw4FNciqO+6EV+dnk74Ia8Q2bOsvvY1lk8B/AiKKVb8WRjlTmNsttc8aBnxcK/QhyPHqZmmBo4Ztb3hTxNDp7zDPpLG0pjfD62V//E8xbjFs0c83EXj0CPkbgqhzhXhR1K8Wlm/TBmTcl0= Received: from AM6PR04CA0015.eurprd04.prod.outlook.com (2603:10a6:20b:92::28) by DBAPR08MB5639.eurprd08.prod.outlook.com (2603:10a6:10:1a2::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.28; Tue, 11 May 2021 15:46:00 +0000 Received: from VE1EUR03FT017.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:92:cafe::d) by AM6PR04CA0015.outlook.office365.com (2603:10a6:20b:92::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Tue, 11 May 2021 15:46:00 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT017.mail.protection.outlook.com (10.152.18.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Tue, 11 May 2021 15:45:59 +0000 Received: ("Tessian outbound 1e34f83e4964:v91"); Tue, 11 May 2021 15:45:59 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 2d67336136be759c X-CR-MTA-TID: 64aa7808 Received: from a154fde01651.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2105547B-BC1D-48D4-821C-11A8EB561C63.1; Tue, 11 May 2021 15:45:44 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a154fde01651.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 11 May 2021 15:45:44 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GEeQvDjEwFAum1Q1DNdItwo3AMDN1xCUza4mpO6oRGYe42ZFApzgi9I76zTDIVtWQc3InfO704pr81tBUqJda+IfknpY4E6CfS+/j7d3Lhc70L53GcQb10XYJt0Wkcxkr2BvXQkdLxuhM4JuUgpJXkW+yl9YQpCrqqjtb5DJNf1fSuKeokNsLrsPre491kDYUBUb3pDqFI77kmtf8F7fkEbRF4glNDWvbC67012KKh74FNtrT4rKbvveUFDxKjMUzegtC7lqZoFAtcWuX5QPO391ADvJCtMWfCBSRsnQ0Anjyr91+0foIyHrYOj76QL0k2eKPF6WRcV654ri6JouiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xvSsNsuQRizk+nCPDoPmqq9ohPyq4MSDQ1h9kaMPImo=; b=HyABQjQ43jSwRzLMs05E8GmzEE9FeZ4aOlaUmIvJl0ljN8lLDk7pQ4+uxz6EX+/X4yPdaDJjnty9YyRNYIJaSg4S0Oz6zcmv/tcE3wUiDAt+e4OIXU5lB+I6a5+66jHa64p6JtuukR+36P2oySb5OIEJ60z/oDalyl7ZkcFIIC2I5OiuSu9Sk+ZWl8JXpUXhUVhKAFsAxt/QcBPL846aAMEJEuSf0/z+qSGhL+wvXAnmdWJWCShf2UtbQo5FvkGBi0XivHs0KbRSdoy0Jf6mS7vGGJrFq2RQUI+vxnJPttRIaPdTcccrjgUH6/K1Y3cYc68JiBQLWvoEuvAdLv3ONQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xvSsNsuQRizk+nCPDoPmqq9ohPyq4MSDQ1h9kaMPImo=; b=GzA1lxH/0Oa9DGwqnWItclSyB6mh4sw4FNciqO+6EV+dnk74Ia8Q2bOsvvY1lk8B/AiKKVb8WRjlTmNsttc8aBnxcK/QhyPHqZmmBo4Ztb3hTxNDp7zDPpLG0pjfD62V//E8xbjFs0c83EXj0CPkbgqhzhXhR1K8Wlm/TBmTcl0= Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by AM6PR08MB4689.eurprd08.prod.outlook.com (2603:10a6:20b:c3::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25; Tue, 11 May 2021 15:45:42 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::80cb:878d:c8f1:2688]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::80cb:878d:c8f1:2688%7]) with mapi id 15.20.4108.031; Tue, 11 May 2021 15:45:42 +0000 Subject: Re: [PATCH v3 2/2] SecurityPkg: Add support for RngDxe on AARCH64 To: Rebecca Cran , devel@edk2.groups.io, Jiewen Yao , Jian J Wang , Michael D Kinney , Liming Gao , Zhiguang Liu , Ard Biesheuvel , nd@arm.com References: <20210510215308.28745-1-rebecca@nuviainc.com> <20210510215308.28745-3-rebecca@nuviainc.com> From: "Sami Mujawar" Message-ID: Date: Tue, 11 May 2021 16:45:40 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 In-Reply-To: <20210510215308.28745-3-rebecca@nuviainc.com> X-Originating-IP: [217.140.106.52] X-ClientProxiedBy: LO4P123CA0331.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18c::12) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from [10.1.196.43] (217.140.106.52) by LO4P123CA0331.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:18c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Tue, 11 May 2021 15:45:41 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 56b52318-bd57-4275-74a7-08d91493dff6 X-MS-TrafficTypeDiagnostic: AM6PR08MB4689:|DBAPR08MB5639: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:9508;OLM:10000; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: sI8WNkf65Sd3FYSGSP+MjLtvkszLhnDL3GIDQ5P0frukNgGQkb8ALSuhzXiuAEZypN/bsEgYtYUcmNnM8vf4kzeVSDOfXWIK1UEd32Qf/V7zTxYpn8VifjwObTiUJ70FYYM+mqMDw9zSkTRMv6EuE7pphSWCyg+LboyDKK4Fow7LrI/WHyda0YK/9c5G2K7mCsNPMc9woDHLQ4eqLu1q/0FI/FsWFGRsL7BPhA8SWxk94BFnnpc6OMCpOT6iFXQlPkWZbztW975ITgq5lESTTc+8yWxIIsuy47UvKvzwWfmp/5vg7FGPl2CAIK9YpSVKJn835JI+HounmJbM1oFQ+zlLWE4eIDkAZN3rO8VcF83XzngbnaRxoEfq37DgvjkABvqjT6oTSr//STtn2ke8xepbzTl6RO1id+HT/2cfOgKbwozYYuCc/GqH/EI4lwlpidozgODuFOZrNPHzuTHL/JGEJY11rVPtTTadKcmXc+Co/PgibOl+xAMTshR1IayGf/Jm4KiomPXTSQpRtIFWRAcriuSoNoBPUibUPnMq6Q3LSaSAoPgEMpV5HCUGd4g3g+/+EvzNdy9lSOU0Qv7rSzakzcSuh22uJ0/NM/X6qr7t8Xkwv/VWDU7KhWoO5bzZyws6u95SkmubkDQPF8+QBd2lECOw8TTQ1kpJcG8F9jPovKB4J1VJ9isrJTXgoQkER1YkZc6JnsvQ8KC/BV8QxArLwwks1FDu/IhKQyDt0FQ= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(39850400004)(136003)(396003)(376002)(346002)(66556008)(316002)(53546011)(66476007)(186003)(66946007)(31686004)(38100700002)(83380400001)(36756003)(110136005)(6636002)(16576012)(16526019)(8676002)(31696002)(6486002)(15650500001)(2906002)(26005)(956004)(30864003)(2616005)(52116002)(478600001)(8936002)(38350700002)(44832011)(19627235002)(5660300002)(86362001)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?YzlheWNjVTRzdDRGR3I4dnh1dHNURlRmUEVXQ2t6MU4zQUhXS1d6ZDR5ZDVS?= =?utf-8?B?dmNvbVFDV0dJUHBhQXZtZDdDUmFZVUdCb1lpcjFLejhaYUNuT0EvSC9EWFQ4?= =?utf-8?B?NFRicVRobGxPZmNKckJuejFMR09BbTR6VWZrajlhOVpzbEZKanZmZ2p3YXN4?= =?utf-8?B?VTBWOGR3a0lkam9oSENxb1F6RU5adDUzTUdGYWMyemk3NVlvY2JHSWF5UVFq?= =?utf-8?B?dUJTbkdZb1gzRCt6VGxPWS8wa2k4SmhUb1JFUXd5aGJSeDh2dDNJd0VWV05W?= =?utf-8?B?OTJrU3lxQWl1QjlRUnJld1JzdHc3VkwvWnptMHNUR1JvTlYrQkFRNXpieVFl?= =?utf-8?B?WkNsVHJNOFFOTDhWNkg3SnJDenZCOWNQRVU2T0UxSkZYQ3BEN0dTa0xSZlhj?= =?utf-8?B?WG1xS1E5TSs3bnpzUjVjaWNZNzdMZnhZNTZqK205OEw4VExFZkw4SnVMcEJH?= =?utf-8?B?cWVDSlhJYzR2RkZyRHFhZld1ZWpkNFhKWjFpSjRHMVY2R0g1MDhNNEtONHUr?= =?utf-8?B?azcwMFlOWHoxdVFlaXZ6N1kvMmtQd2duOUhVT2tEWWJ3RkhOd3prenYrV2hp?= =?utf-8?B?UHVpNEczZlVBUFdySmpiRnpCeWRyTXpndUY1Nk1ka1RkL21vRW1WWVQ2bFZi?= =?utf-8?B?dWhVb2ZiQmR0Z0YrZExlSm1YQk5xTWpidWpVOG1CNnAwY0RmamlCdHZSZXVk?= =?utf-8?B?NUVGN0Q4aUlwWmNCbTd3c01jVXR0VkJRbUo0c05Ua0JxOWM1Mi80d3BCcEVo?= =?utf-8?B?WXBKdkpWbi93ZUdnOFJHeGRuYlNhOW14UzFMTTJtejhVOWUxQkZzWnF6amtE?= =?utf-8?B?QjFXeXNXKzBub284TmN5K0drVG1YRVZ2TzhMMjROUnpUN05yb3c2QnZwY1BD?= =?utf-8?B?OGtkancreDh5NENwd2U0TWR4cWhEdVlJUExCenUxY1NQeVFSTHJOZ0lObUlE?= =?utf-8?B?MkEwWGZJYkZPeU5jVGRSL1cyTEFWUmxCaUpJcVdZcVBEUVhwRnh1MVlwcHRN?= =?utf-8?B?akc1Q25UYmgrazE2WnJjdkpsSnhUa05JSmVBN3BkN3l6SmZJTERIYXJHd2NM?= =?utf-8?B?cTZkNXFTbU0rZ3JhUVluQXFaNUxjZGNPaEh4NU1wc1ZselI3alF5UG8rbkxi?= =?utf-8?B?L0hIUVVqU2JiNnZnTnhUdFVMdWtvR3VubDllNFhOYTFSWjNrQkoyMHVXbDV1?= =?utf-8?B?RFpaS1RkdFNtT2I4eUxNdGVTMDFmWFpTdnByejh0RXlsTGk3NXdnNG8xVGNH?= =?utf-8?B?OTN3ZFJRM3BDaStJVFlQOHl2ait5dTVwZWEvREcwbEU0ZGdkcC82VVAwN1NC?= =?utf-8?B?czlOTGxlNnJrZDQwTVkyc3JJNWhaRUs4RSthSElDdm9mZlFKZ2VDa1VISnlu?= =?utf-8?B?Z0lYZi9INThTclRqaWJLbVVxN0dBaTkwWkhTY3NmTi9HSURmRzJjb2Y3V1ZO?= =?utf-8?B?L0Q0dmhCV3ZUQityN0FoMlhTWXhIZ3hZMWhMMC9lMEVpT3dqTzFNbW9CSnoy?= =?utf-8?B?YnUzY1BYWEgrSnlmMUVhcVoxMUp0YTJMazJhcVlFT05mUHE5MWRwdkxNZndv?= =?utf-8?B?dmxLazBUWEpha0FkcVlkNzM0MDBTczAvVXJzMHBsYlNwWGppd3pnc3JrYmcx?= =?utf-8?B?WWxmVnk4TTBTNDE5LytvWmx6cVg2OW12RlRYNzZOY3JiTnlvbjcxRlY3clZ4?= =?utf-8?B?WVBzTXhOQ0t3emR3bVQzYmdkcU4xQTA5K1oreDZwbDZEcnlvL2p2bTdiYXhI?= =?utf-8?Q?t7nk+7zJVSt859HxyTtNHKZkyBdyvXlZwH+eI4A?= X-MS-Exchange-Transport-Forked: True X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4689 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT017.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 446b0f1e-b550-435a-2a4d-08d91493d521 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: V3HSjrLxYmCgisVQ/a3SamHURD4UGVxPy8K98ebtVIzQY+7uV1ehL2HmgqON3ASQX81OzeynWUJ3qGXUPykjvZPS5MIvGL0f8uk5IrkoOXDHbVc9gY3pq81LWjGQRgU8QMqT9ZnViZM2CRQo5v5MIUFyP3oUNONMliZvw1Te49r1nQfqmto3k3RJiN572XncrbPzeLKhGGyGQeQ14KGypNNrBIZMjBfRbxweXEIseL7BvgYHeROitlY1p+ZVkYYLDfLbQDmItXspRhfOBHXWlAfVK7tQVzyfva2rS3riLOi+kMXBbzqhpIh8O2eAl5Xg+ASfQnbjhPihxWvQ3UmKVZJ7cUzONu72EQzDZf1lzEKSrpGb8nFXUvbtC20W83g3dLieLNDoTwPfpt9DkB2YrBwseljuojENOQgiTl5ppwrR3Wk3t2K0uZDn3xd0JEgmmXV+dE8JnPBmX7dYkeeGbj45OCNowaeboCKClXbPe4UbiL2Ebk775F1ht4Bf4ShRLIxYWUpeQUPQ3R0oNyVRE0hz/p5izm4Si/ksnILXdhP7W0MO7Xj/iD9mJh8737e83C1AX8mBht2G8crmoOfEATUxhlLHR4qs9XPKhne14FvzLMyOXtkhnMpfHaCVFB8pQqzShaQdfEXMkRz3ukbXDVcEPLGACWHGieOK6b4ZLUTm3KZYIbm3s0plzG3fBQ2J X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(4636009)(136003)(376002)(39850400004)(346002)(396003)(36840700001)(46966006)(36756003)(86362001)(47076005)(53546011)(5660300002)(15650500001)(8936002)(82310400003)(336012)(16526019)(70206006)(186003)(478600001)(2906002)(70586007)(81166007)(16576012)(36860700001)(316002)(82740400003)(19627235002)(31686004)(956004)(31696002)(8676002)(83380400001)(26005)(44832011)(2616005)(110136005)(356005)(6636002)(30864003)(6486002)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 May 2021 15:45:59.8155 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 56b52318-bd57-4275-74a7-08d91493dff6 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT017.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR08MB5639 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Language: en-GB This patch looks good to me. Reviewed-by: Sami Mujawar Regards, Sami Mujawar On 10/05/2021 10:53 PM, Rebecca Cran wrote: > AARCH64 support has been added to BaseRngLib via the optional > ARMv8.5 FEAT_RNG. > > Refactor RngDxe to support AARCH64, note support for it in the > VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc. > > Signed-off-by: Rebecca Cran > --- > SecurityPkg/SecurityPkg.dec | 2 + > SecurityPkg/SecurityPkg.dsc | 11 +- > SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 24 ++- > SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/AesCore.h | 0 > SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/RdRand.h | 17 -= - > SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 117 +++= +++++++++++ > SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 127 +++= ++++++++++++ > SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/AesCore.c | 0 > SecurityPkg/RandomNumberGenerator/RngDxe/{ =3D> Rand}/RdRand.c | 45 += ----- > SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 146 +++= ++++++++++++++ > SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 170 +++= +++++------------ > 11 files changed, 483 insertions(+), 176 deletions(-) > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index dfbbb0365a2b..4001650fa28e 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -297,6 +297,8 @@ [PcdsFixedAtBuild, PcdsPatchableInModule] > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x03031= 00A|UINT32|0x00010030 > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x03031= 00B|UINT32|0x00010031 > > + gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0= x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*= |0x00010032 > + > [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] > ## Image verification policy for OptionRom. Only following values are= valid:

> # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specificat= ion and has been removed.
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 12ccd1634941..bd4b810bce61 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -259,6 +259,12 @@ [Components] > [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] > SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf > > +[Components.IA32, Components.X64, Components.AARCH64] > + # > + # Random Number Generator > + # > + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > + > [Components.IA32, Components.X64] > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfi= gDxe.inf > > @@ -334,11 +340,6 @@ [Components.IA32, Components.X64] > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenc= eLib.inf > SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic= alPresenceLib.inf > > - # > - # Random Number Generator > - # > - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > - > # > # Opal Password solution > # > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/Securi= tyPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > index 99d6f6b35fc2..f3300971993f 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > @@ -26,15 +26,22 @@ [Defines] > # > # The following information is for reference only and not required by t= he build tools. > # > -# VALID_ARCHITECTURES =3D IA32 X64 > +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 > # > > [Sources.common] > RngDxe.c > - RdRand.c > - RdRand.h > - AesCore.c > - AesCore.h > + RngDxeInternals.h > + > +[Sources.IA32, Sources.X64] > + Rand/RngDxe.c > + Rand/RdRand.c > + Rand/RdRand.h > + Rand/AesCore.c > + Rand/AesCore.h > + > +[Sources.AARCH64] > + AArch64/RngDxe.c > > [Packages] > MdePkg/MdePkg.dec > @@ -50,12 +57,19 @@ [LibraryClasses] > RngLib > > [Guids] > + gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > + gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > + gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > + gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID = # Unique ID of the algorithm for RNG > > [Protocols] > gEfiRngProtocolGuid ## PRODUCES > > +[Pcd] > + gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONS= UMES > + > [Depex] > TRUE > > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h b/Securit= yPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h > similarity index 100% > rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h b/Security= Pkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h > similarity index 72% > rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h > index 12ab1f34ec6d..072378e062e7 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h > @@ -23,23 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > > -/** > - Calls RDRAND to fill a buffer of arbitrary size with random bytes. > - > - @param[in] Length Size of the buffer, in bytes, to fill with= . > - @param[out] RandBuffer Pointer to the buffer to store the random r= esult. > - > - @retval EFI_SUCCESS Random bytes generation succeeded. > - @retval EFI_NOT_READY Failed to request random bytes. > - > -**/ > -EFI_STATUS > -EFIAPI > -RdRandGetBytes ( > - IN UINTN Length, > - OUT UINT8 *RandBuffer > - ); > - > /** > Generate high-quality entropy source through RDRAND. > > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b= /SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h > new file mode 100644 > index 000000000000..2660ed5875e0 > --- /dev/null > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h > @@ -0,0 +1,117 @@ > +/** @file > + Function prototypes for UEFI Random Number Generator protocol support. > + > + Copyright (c) 2021, NUVIA Inc. All rights reserved.
> + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#ifndef RNGDXE_INTERNALS_H_ > +#define RNGDXE_INTERNALS_H_ > + > +/** > + Returns information about the random number generation implementation. > + > + @param[in] This A pointer to the EFI_RNG_PROTOCOL = instance. > + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNG= AlgorithmList. > + On output with a return code of EF= I_SUCCESS, the size > + in bytes of the data returned in R= NGAlgorithmList. On output > + with a return code of EFI_BUFFER_T= OO_SMALL, > + the size of RNGAlgorithmList requi= red to obtain the list. > + @param[out] RNGAlgorithmList A caller-allocated memory buffer f= illed by the driver > + with one EFI_RNG_ALGORITHM element= for each supported > + RNG algorithm. The list must not c= hange across multiple > + calls to the same driver. The firs= t algorithm in the list > + is the default algorithm for the d= river. > + > + @retval EFI_SUCCESS The RNG algorithm list was returne= d successfully. > + @retval EFI_UNSUPPORTED The services is not supported by t= his driver. > + @retval EFI_DEVICE_ERROR The list of algorithms could not b= e retrieved due to a > + hardware or firmware error. > + @retval EFI_INVALID_PARAMETER One or more of the parameters are = incorrect. > + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too= small to hold the result. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetInfo ( > + IN EFI_RNG_PROTOCOL *This, > + IN OUT UINTN *RNGAlgorithmListSize, > + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList > + ); > + > +/** > + Produces and returns an RNG value using either the default or specifie= d RNG algorithm. > + > + @param[in] This A pointer to the EFI_RNG_PROTOCOL = instance. > + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM= that identifies the RNG > + algorithm to use. May be NULL in w= hich case the function will > + use its default RNG algorithm. > + @param[in] RNGValueLength The length in bytes of the memory = buffer pointed to by > + RNGValue. The driver shall return = exactly this numbers of bytes. > + @param[out] RNGValue A caller-allocated memory buffer f= illed by the driver with the > + resulting RNG value. > + > + @retval EFI_SUCCESS The RNG value was returned success= fully. > + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgo= rithm is not supported by > + this driver. > + @retval EFI_DEVICE_ERROR An RNG value could not be retrieve= d due to a hardware or > + firmware error. > + @retval EFI_NOT_READY There is not enough random data av= ailable to satisfy the length > + requested by RNGValueLength. > + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength= is zero. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetRNG ( > + IN EFI_RNG_PROTOCOL *This, > + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL > + IN UINTN RNGValueLength, > + OUT UINT8 *RNGValue > + ); > + > +/** > + Returns information about the random number generation implementation. > + > + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNG= AlgorithmList. > + On output with a return code of EF= I_SUCCESS, the size > + in bytes of the data returned in R= NGAlgorithmList. On output > + with a return code of EFI_BUFFER_T= OO_SMALL, > + the size of RNGAlgorithmList requi= red to obtain the list. > + @param[out] RNGAlgorithmList A caller-allocated memory buffer f= illed by the driver > + with one EFI_RNG_ALGORITHM element= for each supported > + RNG algorithm. The list must not c= hange across multiple > + calls to the same driver. The firs= t algorithm in the list > + is the default algorithm for the d= river. > + > + @retval EFI_SUCCESS The RNG algorithm list was returne= d successfully. > + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too= small to hold the result. > + > +**/ > +UINTN > +EFIAPI > +ArchGetSupportedRngAlgorithms ( > + IN OUT UINTN *RNGAlgorithmListSize, > + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList > + ); > + > +/** > + Runs CPU RNG instruction to fill a buffer of arbitrary size with rando= m bytes. > + > + @param[in] Length Size of the buffer, in bytes, to fill with= . > + @param[out] RandBuffer Pointer to the buffer to store the random r= esult. > + > + @retval EFI_SUCCESS Random bytes generation succeeded. > + @retval EFI_NOT_READY Failed to request random bytes. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetBytes ( > + IN UINTN Length, > + OUT UINT8 *RandBuffer > + ); > + > +#endif // RNGDXE_INTERNALS_H_ > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/= SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c > new file mode 100644 > index 000000000000..2810a9eb94ad > --- /dev/null > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c > @@ -0,0 +1,127 @@ > +/** @file > + RNG Driver to produce the UEFI Random Number Generator protocol. > + > + The driver will use the RNDR instruction to produce random numbers. > + > + RNG Algorithms defined in UEFI 2.4: > + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID > + - EFI_RNG_ALGORITHM_RAW - Unsupported > + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID > + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID > + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported > + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported > + > + Copyright (c) 2021, NUVIA Inc. All rights reserved.
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> + > + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include > +#include > +#include > +#include > +#include > + > +#include "RngDxeInternals.h" > + > +/** > + Produces and returns an RNG value using either the default or specifie= d RNG algorithm. > + > + @param[in] This A pointer to the EFI_RNG_PROTOCOL = instance. > + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM= that identifies the RNG > + algorithm to use. May be NULL in w= hich case the function will > + use its default RNG algorithm. > + @param[in] RNGValueLength The length in bytes of the memory = buffer pointed to by > + RNGValue. The driver shall return = exactly this numbers of bytes. > + @param[out] RNGValue A caller-allocated memory buffer f= illed by the driver with the > + resulting RNG value. > + > + @retval EFI_SUCCESS The RNG value was returned success= fully. > + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgo= rithm is not supported by > + this driver. > + @retval EFI_DEVICE_ERROR An RNG value could not be retrieve= d due to a hardware or > + firmware error. > + @retval EFI_NOT_READY There is not enough random data av= ailable to satisfy the length > + requested by RNGValueLength. > + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength= is zero. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetRNG ( > + IN EFI_RNG_PROTOCOL *This, > + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL > + IN UINTN RNGValueLength, > + OUT UINT8 *RNGValue > + ) > +{ > + EFI_STATUS Status; > + > + if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + if (RNGAlgorithm =3D=3D NULL) { > + // > + // Use the default RNG algorithm if RNGAlgorithm is NULL. > + // > + RNGAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); > + } > + > + if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm)= )) { > + Status =3D RngGetBytes (RNGValueLength, RNGValue); > + return Status; > + } > + > + // > + // Other algorithms are unsupported by this driver. > + // > + return EFI_UNSUPPORTED; > +} > + > +/** > + Returns information about the random number generation implementation. > + > + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNG= AlgorithmList. > + On output with a return code of EF= I_SUCCESS, the size > + in bytes of the data returned in R= NGAlgorithmList. On output > + with a return code of EFI_BUFFER_T= OO_SMALL, > + the size of RNGAlgorithmList requi= red to obtain the list. > + @param[out] RNGAlgorithmList A caller-allocated memory buffer f= illed by the driver > + with one EFI_RNG_ALGORITHM element= for each supported > + RNG algorithm. The list must not c= hange across multiple > + calls to the same driver. The firs= t algorithm in the list > + is the default algorithm for the d= river. > + > + @retval EFI_SUCCESS The RNG algorithm list was returne= d successfully. > + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too= small to hold the result. > + > +**/ > +UINTN > +EFIAPI > +ArchGetSupportedRngAlgorithms ( > + IN OUT UINTN *RNGAlgorithmListSize, > + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList > + ) > +{ > + UINTN RequiredSize; > + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; > + > + RequiredSize =3D sizeof (EFI_RNG_ALGORITHM); > + > + if (*RNGAlgorithmListSize < RequiredSize) { > + *RNGAlgorithmListSize =3D RequiredSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + CpuRngSupportedAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); > + > + CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RN= G_ALGORITHM)); > + > + *RNGAlgorithmListSize =3D RequiredSize; > + return EFI_SUCCESS; > +} > + > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c b/Securit= yPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c > similarity index 100% > rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.c > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c b/Security= Pkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c > similarity index 71% > rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c > rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c > index e7dd5ab18111..83025a47d43d 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c > @@ -8,48 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > **/ > #include > > -#include "RdRand.h" > #include "AesCore.h" > - > -/** > - Calls RDRAND to fill a buffer of arbitrary size with random bytes. > - > - @param[in] Length Size of the buffer, in bytes, to fill with= . > - @param[out] RandBuffer Pointer to the buffer to store the random r= esult. > - > - @retval EFI_SUCCESS Random bytes generation succeeded. > - @retval EFI_NOT_READY Failed to request random bytes. > - > -**/ > -EFI_STATUS > -EFIAPI > -RdRandGetBytes ( > - IN UINTN Length, > - OUT UINT8 *RandBuffer > - ) > -{ > - BOOLEAN IsRandom; > - UINT64 TempRand[2]; > - > - while (Length > 0) { > - IsRandom =3D GetRandomNumber128 (TempRand); > - if (!IsRandom) { > - return EFI_NOT_READY; > - } > - if (Length >=3D sizeof (TempRand)) { > - WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]); > - RandBuffer +=3D sizeof (UINT64); > - WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]); > - RandBuffer +=3D sizeof (UINT64); > - Length -=3D sizeof (TempRand); > - } else { > - CopyMem (RandBuffer, TempRand, Length); > - Length =3D 0; > - } > - } > - > - return EFI_SUCCESS; > -} > +#include "RdRand.h" > +#include "RngDxeInternals.h" > > /** > Creates a 128bit random value that is fully forward and backward pred= iction resistant, > @@ -92,7 +53,7 @@ RdRandGetSeed128 ( > // > for (Index =3D 0; Index < 32; Index++) { > MicroSecondDelay (10); > - Status =3D RdRandGetBytes (16, RandByte); > + Status =3D RngGetBytes (16, RandByte); > if (EFI_ERROR (Status)) { > return Status; > } > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/Sec= urityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > new file mode 100644 > index 000000000000..6b628a9f8bc6 > --- /dev/null > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c > @@ -0,0 +1,146 @@ > +/** @file > + RNG Driver to produce the UEFI Random Number Generator protocol. > + > + The driver will use the new RDRAND instruction to produce high-quality= , high-performance > + entropy and random number. > + > + RNG Algorithms defined in UEFI 2.4: > + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported > + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) > + - EFI_RNG_ALGORITHM_RAW - Supported > + (Structuring RDRAND invocation can be guaranteed as high-quality en= tropy source) > + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported > + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported > + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported > + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported > + > + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> + SPDX-License-Identifier: BSD-2-Clause-Patent > + > +**/ > + > +#include "RdRand.h" > +#include "RngDxeInternals.h" > + > +/** > + Produces and returns an RNG value using either the default or specifie= d RNG algorithm. > + > + @param[in] This A pointer to the EFI_RNG_PROTOCOL = instance. > + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM= that identifies the RNG > + algorithm to use. May be NULL in w= hich case the function will > + use its default RNG algorithm. > + @param[in] RNGValueLength The length in bytes of the memory = buffer pointed to by > + RNGValue. The driver shall return = exactly this numbers of bytes. > + @param[out] RNGValue A caller-allocated memory buffer f= illed by the driver with the > + resulting RNG value. > + > + @retval EFI_SUCCESS The RNG value was returned success= fully. > + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgo= rithm is not supported by > + this driver. > + @retval EFI_DEVICE_ERROR An RNG value could not be retrieve= d due to a hardware or > + firmware error. > + @retval EFI_NOT_READY There is not enough random data av= ailable to satisfy the length > + requested by RNGValueLength. > + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength= is zero. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetRNG ( > + IN EFI_RNG_PROTOCOL *This, > + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL > + IN UINTN RNGValueLength, > + OUT UINT8 *RNGValue > + ) > +{ > + EFI_STATUS Status; > + > + if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { > + return EFI_INVALID_PARAMETER; > + } > + > + Status =3D EFI_UNSUPPORTED; > + if (RNGAlgorithm =3D=3D NULL) { > + // > + // Use the default RNG algorithm if RNGAlgorithm is NULL. > + // > + RNGAlgorithm =3D &gEfiRngAlgorithmSp80090Ctr256Guid; > + } > + > + // > + // NIST SP800-90-AES-CTR-256 supported by RDRAND > + // > + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { > + Status =3D RngGetBytes (RNGValueLength, RNGValue); > + return Status; > + } > + > + // > + // The "raw" algorithm is intended to provide entropy directly > + // > + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { > + // > + // When a DRBG is used on the output of a entropy source, > + // its security level must be at least 256 bits according to UEFI Sp= ec. > + // > + if (RNGValueLength < 32) { > + return EFI_INVALID_PARAMETER; > + } > + > + Status =3D RdRandGenerateEntropy (RNGValueLength, RNGValue); > + return Status; > + } > + > + // > + // Other algorithms were unsupported by this driver. > + // > + return Status; > +} > + > +/** > + Returns information about the random number generation implementation. > + > + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNG= AlgorithmList. > + On output with a return code of EF= I_SUCCESS, the size > + in bytes of the data returned in R= NGAlgorithmList. On output > + with a return code of EFI_BUFFER_T= OO_SMALL, > + the size of RNGAlgorithmList requi= red to obtain the list. > + @param[out] RNGAlgorithmList A caller-allocated memory buffer f= illed by the driver > + with one EFI_RNG_ALGORITHM element= for each supported > + RNG algorithm. The list must not c= hange across multiple > + calls to the same driver. The firs= t algorithm in the list > + is the default algorithm for the d= river. > + > + @retval EFI_SUCCESS The RNG algorithm list was returne= d successfully. > + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too= small to hold the result. > + > +**/ > +UINTN > +EFIAPI > +ArchGetSupportedRngAlgorithms ( > + IN OUT UINTN *RNGAlgorithmListSize, > + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList > + ) > +{ > + UINTN RequiredSize; > + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; > + > + RequiredSize =3D 2 * sizeof (EFI_RNG_ALGORITHM); > + > + if (*RNGAlgorithmListSize < RequiredSize) { > + *RNGAlgorithmListSize =3D RequiredSize; > + return EFI_BUFFER_TOO_SMALL; > + } > + > + CpuRngSupportedAlgorithm =3D PcdGetPtr (PcdCpuRngSupportedAlgorithm); > + > + CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RN= G_ALGORITHM)); > + > + // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED > + CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_AL= GORITHM)); > + > + *RNGAlgorithmListSize =3D RequiredSize; > + return EFI_SUCCESS; > +} > + > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/Security= Pkg/RandomNumberGenerator/RngDxe/RngDxe.c > index 13d3dbd0bfbe..b959c70536ea 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c > @@ -1,34 +1,32 @@ > /** @file > RNG Driver to produce the UEFI Random Number Generator protocol. > > - The driver will use the new RDRAND instruction to produce high-quality= , high-performance > - entropy and random number. > + The driver uses CPU RNG instructions to produce high-quality, > + high-performance entropy and random number. > > RNG Algorithms defined in UEFI 2.4: > - - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported > - (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) > - - EFI_RNG_ALGORITHM_RAW - Supported > - (Structuring RDRAND invocation can be guaranteed as high-quality en= tropy source) > - - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported > - - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported > - - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported > - - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported > + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID > + - EFI_RNG_ALGORITHM_RAW > + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID > + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID > + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID > + - EFI_RNG_ALGORITHM_X9_31_AES_GUID > > Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
> (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> + > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > > -#include "RdRand.h" > +#include > +#include > +#include > +#include > +#include > +#include > > -// > -// Supported RNG Algorithms list by this driver. > -// > -EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] =3D { > - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID, > - EFI_RNG_ALGORITHM_RAW > -}; > +#include "RngDxeInternals.h" > > /** > Returns information about the random number generation implementation= . > @@ -62,106 +60,23 @@ RngGetInfo ( > ) > { > EFI_STATUS Status; > - UINTN RequiredSize; > > if ((This =3D=3D NULL) || (RNGAlgorithmListSize =3D=3D NULL)) { > return EFI_INVALID_PARAMETER; > } > > - RequiredSize =3D sizeof (mSupportedRngAlgorithms); > - if (*RNGAlgorithmListSize < RequiredSize) { > - Status =3D EFI_BUFFER_TOO_SMALL; > + // > + // Return algorithm list supported by driver. > + // > + if (RNGAlgorithmList !=3D NULL) { > + Status =3D ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGA= lgorithmList); > } else { > - // > - // Return algorithm list supported by driver. > - // > - if (RNGAlgorithmList !=3D NULL) { > - CopyMem (RNGAlgorithmList, mSupportedRngAlgorithms, RequiredSize); > - Status =3D EFI_SUCCESS; > - } else { > - Status =3D EFI_INVALID_PARAMETER; > - } > + Status =3D EFI_INVALID_PARAMETER; > } > - *RNGAlgorithmListSize =3D RequiredSize; > > return Status; > } > > -/** > - Produces and returns an RNG value using either the default or specifie= d RNG algorithm. > - > - @param[in] This A pointer to the EFI_RNG_PROTOCOL = instance. > - @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM= that identifies the RNG > - algorithm to use. May be NULL in w= hich case the function will > - use its default RNG algorithm. > - @param[in] RNGValueLength The length in bytes of the memory = buffer pointed to by > - RNGValue. The driver shall return = exactly this numbers of bytes. > - @param[out] RNGValue A caller-allocated memory buffer f= illed by the driver with the > - resulting RNG value. > - > - @retval EFI_SUCCESS The RNG value was returned success= fully. > - @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgo= rithm is not supported by > - this driver. > - @retval EFI_DEVICE_ERROR An RNG value could not be retrieve= d due to a hardware or > - firmware error. > - @retval EFI_NOT_READY There is not enough random data av= ailable to satisfy the length > - requested by RNGValueLength. > - @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength= is zero. > - > -**/ > -EFI_STATUS > -EFIAPI > -RngGetRNG ( > - IN EFI_RNG_PROTOCOL *This, > - IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL > - IN UINTN RNGValueLength, > - OUT UINT8 *RNGValue > - ) > -{ > - EFI_STATUS Status; > - > - if ((RNGValueLength =3D=3D 0) || (RNGValue =3D=3D NULL)) { > - return EFI_INVALID_PARAMETER; > - } > - > - Status =3D EFI_UNSUPPORTED; > - if (RNGAlgorithm =3D=3D NULL) { > - // > - // Use the default RNG algorithm if RNGAlgorithm is NULL. > - // > - RNGAlgorithm =3D &gEfiRngAlgorithmSp80090Ctr256Guid; > - } > - > - // > - // NIST SP800-90-AES-CTR-256 supported by RDRAND > - // > - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { > - Status =3D RdRandGetBytes (RNGValueLength, RNGValue); > - return Status; > - } > - > - // > - // The "raw" algorithm is intended to provide entropy directly > - // > - if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { > - // > - // When a DRBG is used on the output of a entropy source, > - // its security level must be at least 256 bits according to UEFI Sp= ec. > - // > - if (RNGValueLength < 32) { > - return EFI_INVALID_PARAMETER; > - } > - > - Status =3D RdRandGenerateEntropy (RNGValueLength, RNGValue); > - return Status; > - } > - > - // > - // Other algorithms were unsupported by this driver. > - // > - return Status; > -} > - > // > // The Random Number Generator (RNG) protocol > // > @@ -204,3 +119,44 @@ RngDriverEntry ( > > return Status; > } > + > + > +/** > + Calls RDRAND to fill a buffer of arbitrary size with random bytes. > + > + @param[in] Length Size of the buffer, in bytes, to fill with= . > + @param[out] RandBuffer Pointer to the buffer to store the random r= esult. > + > + @retval EFI_SUCCESS Random bytes generation succeeded. > + @retval EFI_NOT_READY Failed to request random bytes. > + > +**/ > +EFI_STATUS > +EFIAPI > +RngGetBytes ( > + IN UINTN Length, > + OUT UINT8 *RandBuffer > + ) > +{ > + BOOLEAN IsRandom; > + UINT64 TempRand[2]; > + > + while (Length > 0) { > + IsRandom =3D GetRandomNumber128 (TempRand); > + if (!IsRandom) { > + return EFI_NOT_READY; > + } > + if (Length >=3D sizeof (TempRand)) { > + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]); > + RandBuffer +=3D sizeof (UINT64); > + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]); > + RandBuffer +=3D sizeof (UINT64); > + Length -=3D sizeof (TempRand); > + } else { > + CopyMem (RandBuffer, TempRand, Length); > + Length =3D 0; > + } > + } > + > + return EFI_SUCCESS; > +} IMPORTANT NOTICE: The contents of this email and any attachments are confid= ential and may also be privileged. If you are not the intended recipient, p= lease notify the sender immediately and do not disclose the contents to any= other person, use it for any purpose, or store or copy the information in = any medium. Thank you.