From: "Sean Rhodes" <sean@starlabs.systems>
To: devel@edk2.groups.io
Cc: guo.dong@intel.com,
Patrick Rudolph <patrick.rudolph@9elements.com>,
Jiewen Yao <jiewen.yao@intel.com>,
Jian J Wang <jian.j.wang@intel.com>, Ray Ni <ray.ni@intel.com>,
Maurice Ma <maurice.ma@intel.com>,
Benjamin You <benjamin.you@intel.com>
Subject: [PATCH] UefiPayloadPkg: Add RNG support
Date: Thu, 17 Feb 2022 18:00:39 +0000 [thread overview]
Message-ID: <fb93493312d4fe5b5644a5fc5397065e0b9313cb.1645120839.git.sean@starlabs.systems> (raw)
From: Patrick Rudolph <patrick.rudolph@9elements.com>
Uses the RDRAND instruction if available and install EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Maurice Ma <maurice.ma@intel.com>
Cc: Benjamin You <benjamin.you@intel.com>
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
SecurityPkg/Library/BaseRngLib/BaseRng.c | 199 ++++++++++++++++++
SecurityPkg/Library/BaseRngLib/BaseRngLib.inf | 32 +++
SecurityPkg/Library/BaseRngLib/BaseRngLib.uni | 17 ++
UefiPayloadPkg/UefiPayloadPkg.dsc | 8 +
UefiPayloadPkg/UefiPayloadPkg.fdf | 4 +
5 files changed, 260 insertions(+)
create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRng.c
create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.inf
create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.uni
diff --git a/SecurityPkg/Library/BaseRngLib/BaseRng.c b/SecurityPkg/Library/BaseRngLib/BaseRng.c
new file mode 100644
index 0000000000..c21e713cb0
--- /dev/null
+++ b/SecurityPkg/Library/BaseRngLib/BaseRng.c
@@ -0,0 +1,199 @@
+/** @file
+ Random number generator services that uses RdRand instruction access
+ to provide high-quality random numbers.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Register/Intel/Cpuid.h>
+
+STATIC BOOLEAN mHasRdRand;
+
+//
+// Bit mask used to determine if RdRand instruction is supported.
+//
+#define RDRAND_MASK BIT30
+
+//
+// Limited retry number when valid random data is returned.
+// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and IA-32
+// Architectures Software Developer's Mannual".
+//
+#define RDRAND_RETRY_LIMIT 10
+
+/**
+ The constructor function checks whether or not RDRAND instruction is supported
+ by the host hardware.
+
+ The constructor function checks whether or not RDRAND instruction is supported.
+ It will always return RETURN_SUCCESS.
+
+ @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS.
+
+**/
+RETURN_STATUS
+EFIAPI
+BaseRngLibConstructor (
+ VOID
+ )
+{
+ UINT32 RegEax;
+ UINT32 RegEcx;
+
+ AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
+ if (RegEax < 1) {
+ mHasRdRand = FALSE;
+ return RETURN_SUCCESS;
+ }
+
+ //
+ // Determine RDRAND support by examining bit 30 of the ECX register returned by
+ // CPUID. A value of 1 indicates that processor support RDRAND instruction.
+ //
+ AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0);
+
+ mHasRdRand = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+
+ return RETURN_SUCCESS;
+}
+
+/**
+ Generates a 16-bit random number.
+
+ if Rand is NULL, then ASSERT().
+
+ @param[out] Rand Buffer pointer to store the 16-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+GetRandomNumber16 (
+ OUT UINT16 *Rand
+ )
+{
+ UINT32 Index;
+
+ ASSERT (Rand != NULL);
+
+ if (mHasRdRand) {
+ //
+ // A loop to fetch a 16 bit random value with a retry count limit.
+ //
+ for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
+ if (AsmRdRand16 (Rand)) {
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 32-bit random number.
+
+ if Rand is NULL, then ASSERT().
+
+ @param[out] Rand Buffer pointer to store the 32-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+GetRandomNumber32 (
+ OUT UINT32 *Rand
+ )
+{
+ UINT32 Index;
+
+ ASSERT (Rand != NULL);
+
+ if (mHasRdRand) {
+ //
+ // A loop to fetch a 32 bit random value with a retry count limit.
+ //
+ for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
+ if (AsmRdRand32 (Rand)) {
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 64-bit random number.
+
+ if Rand is NULL, then ASSERT().
+
+ @param[out] Rand Buffer pointer to store the 64-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+GetRandomNumber64 (
+ OUT UINT64 *Rand
+ )
+{
+ UINT32 Index;
+
+ ASSERT (Rand != NULL);
+
+ if (mHasRdRand) {
+ //
+ // A loop to fetch a 64 bit random value with a retry count limit.
+ //
+ for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) {
+ if (AsmRdRand64 (Rand)) {
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ Generates a 128-bit random number.
+
+ if Rand is NULL, then ASSERT().
+
+ @param[out] Rand Buffer pointer to store the 128-bit random value.
+
+ @retval TRUE Random number generated successfully.
+ @retval FALSE Failed to generate the random number.
+
+**/
+BOOLEAN
+EFIAPI
+GetRandomNumber128 (
+ OUT UINT64 *Rand
+ )
+{
+ ASSERT (Rand != NULL);
+
+ //
+ // Read first 64 bits
+ //
+ if (!GetRandomNumber64 (Rand)) {
+ return FALSE;
+ }
+
+ //
+ // Read second 64 bits
+ //
+ return GetRandomNumber64 (++Rand);
+}
diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf
new file mode 100644
index 0000000000..67a91ccfff
--- /dev/null
+++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf
@@ -0,0 +1,32 @@
+## @file
+# Instance of RNG (Random Number Generator) Library.
+#
+# Copyright (c) 2020 9elements Agency GmbH.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = BaseRngLib
+ MODULE_UNI_FILE = BaseRngLib.uni
+ FILE_GUID = 05C48431-DE18-4550-931A-3350E8551498
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = RngLib
+ CONSTRUCTOR = BaseRngLibConstructor
+
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources.Ia32, Sources.X64]
+ BaseRng.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ BaseLib
+ DebugLib
diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni
new file mode 100644
index 0000000000..f3ed954c52
--- /dev/null
+++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Instance of RNG (Random Number Generator) Library.
+//
+// BaseRng Library that uses CPU RdRand instruction access to provide
+// high-quality random numbers.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG Library"
+
+#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses CPU RdRand instruction access to provide high-quality random numbers"
+
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 1ce96a51c1..0d4b4da24f 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -703,6 +703,14 @@
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
!endif
+ #
+ # Random Number Generator
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+ <LibraryClasses>
+ RngLib|SecurityPkg/Library/BaseRngLib/BaseRngLib.inf
+ }
+
#------------------------------
# Build the shell
#------------------------------
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
index c7b04978ad..6af1a8c8aa 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -229,6 +229,10 @@ INF MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf
#
INF MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+# Random Number Generator
+#
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
#
# UEFI network modules
#
--
2.32.0
next reply other threads:[~2022-02-17 18:00 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-17 18:00 Sean Rhodes [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-01-20 15:52 [PATCH] UefiPayloadPkg: Add RNG support Patrick Rudolph
2021-01-21 0:42 ` Ma, Maurice
2021-01-21 9:05 ` Patrick Rudolph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb93493312d4fe5b5644a5fc5397065e0b9313cb.1645120839.git.sean@starlabs.systems \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox