public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Sami Mujawar" <sami.mujawar@arm.com>
To: pierre.gondois@arm.com, devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
	Liming Gao <gaoliming@byosoft.com.cn>,
	Zhiguang Liu <zhiguang.liu@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jose Marinho <Jose.Marinho@arm.com>, Kun Qin <kuqin12@gmail.com>,
	"nd@arm.com" <nd@arm.com>
Subject: Re: [PATCH v3 5/6] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
Date: Fri, 7 Jul 2023 09:07:06 +0100	[thread overview]
Message-ID: <fc003bc2-f832-97d6-5f30-7adf194f9a30@arm.com> (raw)
In-Reply-To: <20230706085159.626374-6-pierre.gondois@arm.com>

Hi Pierre,

Thank you for this patch.

These changes look good to me.

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar

On 06/07/2023 09:51 am, pierre.gondois@arm.com wrote:
> From: Pierre Gondois <pierre.gondois@arm.com>
>
> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
>
> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
> To allow the RngDxe to detect when such implementation is used,
> a GetRngGuid() function was added in a previous patch.
>
> The EFI_RNG_PROTOCOL can advertise multiple algorithms through
> Guids. The PcdCpuRngSupportedAlgorithm is currently used to
> advertise the RngLib in the Arm implementation.
>
> The issues of doing that are:
> - the RngLib implementation might not use CPU instructions,
>    cf. the BaseRngLibTimerLib
> - most platforms don't set PcdCpuRngSupportedAlgorithm
>
> A GetRngGuid() was added to the RngLib in a previous patch,
> allowing to identify the algorithm implemented by the RngLib.
> Make use of this function and place the unsage algorithm
> at the last position in the mAvailableAlgoArray.
>
> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
> ---
>   .../RngDxe/AArch64/AArch64Algo.c              | 54 +++++++++++++------
>   .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  |  6 ++-
>   .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  5 +-
>   3 files changed, 44 insertions(+), 21 deletions(-)
>
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> index e8be217f8a8c..d355f575d5c8 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
> @@ -10,6 +10,7 @@
>   #include <Library/DebugLib.h>
>   #include <Library/MemoryAllocationLib.h>
>   #include <Library/ArmTrngLib.h>
> +#include <Library/RngLib.h>
>   
>   #include "RngDxeInternals.h"
>   
> @@ -28,9 +29,13 @@ GetAvailableAlgorithms (
>     VOID
>     )
>   {
> -  UINT64  DummyRand;
> -  UINT16  MajorRevision;
> -  UINT16  MinorRevision;
> +  EFI_STATUS  Status;
> +  UINT16      MajorRevision;
> +  UINT16      MinorRevision;
> +  GUID        RngGuid;
> +  BOOLEAN     UnSafeAlgo;
> +
> +  UnSafeAlgo = FALSE;
>   
>     // Rng algorithms 2 times, one for the allocation, one to populate.
>     mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
> @@ -38,24 +43,29 @@ GetAvailableAlgorithms (
>       return EFI_OUT_OF_RESOURCES;
>     }
>   
> -  // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
> -  if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
> -    CopyMem (
> -      &mAvailableAlgoArray[mAvailableAlgoArrayCount],
> -      PcdGetPtr (PcdCpuRngSupportedAlgorithm),
> -      sizeof (EFI_RNG_ALGORITHM)
> -      );
> -    mAvailableAlgoArrayCount++;
> -
> -    DEBUG_CODE_BEGIN ();
> -    if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> +  // Identify RngLib algorithm.
> +  Status = GetRngGuid (&RngGuid);
> +  if (!EFI_ERROR (Status)) {
> +    if (IsZeroGuid (&RngGuid) ||
> +        CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
> +    {
> +      // Treat zero GUID as an unsafe algorithm
>         DEBUG ((
>           DEBUG_WARN,
> -        "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
> +        "RngLib uses an Unsafe algorithm and "
> +        "must not be used for production builds.\n"
>           ));
> +      // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
> +      // so that it can be added at the end of the algorithm list.
> +      UnSafeAlgo = TRUE;
> +    } else {
> +      CopyMem (
> +        &mAvailableAlgoArray[mAvailableAlgoArrayCount],
> +        &RngGuid,
> +        sizeof (RngGuid)
> +        );
> +      mAvailableAlgoArrayCount++;
>       }
> -
> -    DEBUG_CODE_END ();
>     }
>   
>     // Raw algorithm (Trng)
> @@ -68,5 +78,15 @@ GetAvailableAlgorithms (
>       mAvailableAlgoArrayCount++;
>     }
>   
> +  // Add unsafe algorithm at the end of the list.
> +  if (UnSafeAlgo) {
> +    CopyMem (
> +      &mAvailableAlgoArray[mAvailableAlgoArrayCount],
> +      &gEdkiiRngAlgorithmUnSafe,
> +      sizeof (EFI_RNG_ALGORITHM)
> +      );
> +    mAvailableAlgoArrayCount++;
> +  }
> +
>     return EFI_SUCCESS;
>   }
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> index ce49ff7ae661..78a18c5e1177 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
> @@ -78,6 +78,7 @@ RngGetRNG (
>   {
>     EFI_STATUS  Status;
>     UINTN       Index;
> +  GUID        RngGuid;
>   
>     if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
>       return EFI_INVALID_PARAMETER;
> @@ -102,7 +103,10 @@ RngGetRNG (
>     }
>   
>   FoundAlgo:
> -  if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
> +  Status = GetRngGuid (&RngGuid);
> +  if (!EFI_ERROR (Status) &&
> +      CompareGuid (RNGAlgorithm, &RngGuid))
> +  {
>       Status = RngGetBytes (RNGValueLength, RNGValue);
>       return Status;
>     }
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index d6c2d30195bf..27d3e39a675b 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -75,13 +75,12 @@ [Guids]
>     gEfiRngAlgorithmX9313DesGuid        ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>     gEfiRngAlgorithmX931AesGuid         ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>     gEfiRngAlgorithmRaw                 ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEfiRngAlgorithmArmRndr             ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
> +  gEdkiiRngAlgorithmUnSafe            ## SOMETIMES_PRODUCES    ## GUID        # Unique ID of the algorithm for RNG
>   
>   [Protocols]
>     gEfiRngProtocolGuid                ## PRODUCES
>   
> -[Pcd.AARCH64]
> -  gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm      ## CONSUMES
> -
>   [Depex]
>     TRUE
>   

  reply	other threads:[~2023-07-07  8:07 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-06  8:51 [PATCH v3 0/6] SecurityPkg/MdePkg: Update RngLib GUID identification PierreGondois
2023-07-06  8:51 ` [PATCH v3 1/6] SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg PierreGondois
2023-07-06  8:51 ` [PATCH v3 2/6] MdePkg/DxeRngLib: Request raw algorithm instead of default PierreGondois
2023-07-06  8:51 ` [PATCH v3 3/6] MdePkg/Rng: Add GUIDs to describe Rng algorithms PierreGondois
2023-07-07  9:14   ` [edk2-devel] " Yao, Jiewen
2023-07-07 12:49     ` PierreGondois
2023-07-07 12:56       ` Yao, Jiewen
     [not found]       ` <176F972B57840483.2683@groups.io>
2023-07-07 13:05         ` Yao, Jiewen
2023-07-07 14:25           ` PierreGondois
2023-07-07 14:28             ` Yao, Jiewen
     [not found]             ` <176F9C2F554052EE.2683@groups.io>
2023-07-07 14:34               ` Yao, Jiewen
2023-07-10  1:26                 ` 回复: " gaoliming
2023-07-11 12:23                   ` PierreGondois
2023-07-06  8:51 ` [PATCH v3 4/6] MdePkg/Rng: Add GetRngGuid() to RngLib PierreGondois
2023-07-06  8:51 ` [PATCH v3 5/6] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib PierreGondois
2023-07-07  8:07   ` Sami Mujawar [this message]
2023-07-06  8:51 ` [PATCH v3 6/6] SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm PierreGondois
2023-07-06 19:01 ` [PATCH v3 0/6] SecurityPkg/MdePkg: Update RngLib GUID identification Kun Qin
2023-07-12 13:38   ` PierreGondois
2023-07-07  8:26 ` Sami Mujawar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fc003bc2-f832-97d6-5f30-7adf194f9a30@arm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox