From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (EUR05-VI1-obe.outbound.protection.outlook.com [40.107.21.52]) by mx.groups.io with SMTP id smtpd.web11.7921.1688717246363213222 for ; Fri, 07 Jul 2023 01:07:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=Jpn5aKI6; spf=pass (domain: arm.com, ip: 40.107.21.52, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q/SeAGgMBxZRou/v89sT7wxg5BhwV8pKahHzXVTfLQQ=; b=Jpn5aKI6j8CVj4pf7N4tzLLSgDrcsB3wP1uWJWv969rm8QL1z5HT/RWxOoq7EKKt0xcUFD6qwuC7/UMh9jcm8vjL8tmFBfM7dYzct0Ru4yjqwy4JK8Kj1T/SAjEUScMuPMkYSeNDFe72RFGabpIPcy/vHNfGiWV5kPt9kSmu4FI= Received: from AM6P194CA0070.EURP194.PROD.OUTLOOK.COM (2603:10a6:209:84::47) by DBBPR08MB6171.eurprd08.prod.outlook.com (2603:10a6:10:20f::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 08:07:22 +0000 Received: from AM7EUR03FT006.eop-EUR03.prod.protection.outlook.com (2603:10a6:209:84:cafe::d9) by AM6P194CA0070.outlook.office365.com (2603:10a6:209:84::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.18 via Frontend Transport; Fri, 7 Jul 2023 08:07:22 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT006.mail.protection.outlook.com (100.127.141.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.25 via Frontend Transport; Fri, 7 Jul 2023 08:07:22 +0000 Received: ("Tessian outbound f5de790fcf89:v145"); Fri, 07 Jul 2023 08:07:21 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 80ea9c29e904cafd X-CR-MTA-TID: 64aa7808 Received: from fa1c190258a5.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id CF946DEA-0065-450B-951A-0E92084D5127.1; Fri, 07 Jul 2023 08:07:11 +0000 Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id fa1c190258a5.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Fri, 07 Jul 2023 08:07:11 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TQTAi2TV6JsLF/SasfueLyLbqa5F6mu8mUtRlcdz/qAswVoWkezbrUl7BY+OP0YqS+t8UaArRvrDXZ1RFhlBz6AU3DKUQwJWmAf+pOwG6b5mn8tJSDJXEbLYBQvKZF4kIWd6O+EFGroXj5LKlrFCQpLHjgoHKMdDB//8+A6WatPHhZGXkRfWChglXMpII52ZcviIWIJt0p30UTL35lBTKhAj+dpGPyjj0p94++fRuy0ThfxK9Mym/NKeFerlooZE4XtlpBbl1/wQKp9woATY+/B/DHTv0tq97++CjfcbXW2iIrKLO7YCopQ8SdDorjZ+WId4AkErHhGEzExxJ8WfwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Q/SeAGgMBxZRou/v89sT7wxg5BhwV8pKahHzXVTfLQQ=; b=dicTqPYhEYSaRkZ+bMUFN3vk/fTmqaqnnNe4miolFBMX7MNSS/jueX8rBPhA8Sy5xPAQK+Q4Vnh4TXwU49lcWniBA+6GRO+FIJAIcODTeWUsL+qb4pYkZQSLwJ/yjqwWUL8iAFIlqy1gkxh18SzDYwAF98Uql3jHATGVmM8zbhH/ssczVqr58afSakqnXlJsBuBvzUO8Sooh64h6hNh2qgJH2LqZ4buaB1c6w/Vmv1LLNZguppndJpTW4y+mTLlLkfLDjXNLBNSfyGPmaAgu5GXp5rykBnXRt6M+S5UQvFi6Iw7TTBy7Bp0UApkFTxRArxNaUlqxONhV8Sfi5UjWWA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q/SeAGgMBxZRou/v89sT7wxg5BhwV8pKahHzXVTfLQQ=; b=Jpn5aKI6j8CVj4pf7N4tzLLSgDrcsB3wP1uWJWv969rm8QL1z5HT/RWxOoq7EKKt0xcUFD6qwuC7/UMh9jcm8vjL8tmFBfM7dYzct0Ru4yjqwy4JK8Kj1T/SAjEUScMuPMkYSeNDFe72RFGabpIPcy/vHNfGiWV5kPt9kSmu4FI= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by DBBPR08MB6058.eurprd08.prod.outlook.com (2603:10a6:10:201::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.17; Fri, 7 Jul 2023 08:07:08 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850%4]) with mapi id 15.20.6565.016; Fri, 7 Jul 2023 08:07:07 +0000 Message-ID: Date: Fri, 7 Jul 2023 09:07:06 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v3 5/6] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib To: pierre.gondois@arm.com, devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Jose Marinho , Kun Qin , "nd@arm.com" References: <20230706085159.626374-1-pierre.gondois@arm.com> <20230706085159.626374-6-pierre.gondois@arm.com> From: "Sami Mujawar" In-Reply-To: <20230706085159.626374-6-pierre.gondois@arm.com> X-ClientProxiedBy: LO4P123CA0020.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:151::7) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: AS8PR08MB6806:EE_|DBBPR08MB6058:EE_|AM7EUR03FT006:EE_|DBBPR08MB6171:EE_ X-MS-Office365-Filtering-Correlation-Id: aa685071-71a5-453b-3f93-08db7ec1311d x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: HdtJDguIyl5VrZ/Vh0lUEb9iwpm5FazJse1w/fChSlj9dJJnVOhfHZsp07tQ9+5D6SQew/KzebCvuy0VQbEiSxHmzpKINOR/kzRQM9/Dux4DSbtn/NpnXfRA2m02M8an8OCcOBdGr/sot0hyauGbrcdbmWA81DeAPTGIxBqB1weyidlJs1u+uxAgqORoODAEEuTeQh/13mhcn7bD5kGJuz0gzYCK3pOkm6y1YZHweG5AbCA2kQzagen/E5RVRf5ANglegxxEqZnGnwBlDXYdJyJMzUG0uPY1F30pn/l5lYaziy4qc1k8RRz9ZVlXTLqwwNGTKBFaPG47yIK36iNCkwt/9h3rdpbDD7jsf3OCgeRAqvXTa+KHZCq3nYV01GkRBbz+q0s5S0lHffPhE6+1ViqKTx7yTah4JSbLQzwE3Zogbo0srnHFotTbL7nXv50RAFbwRbvZAaTkaehs7gTp5vo5FB765mHCSNuZCI0G2sscJwfRKXJvNyGsBliN4SGULuanS/dsS2Ct8G+iKtrlIqFItnLsHngcDdYM/yrjo4nxeBHyiHHLNOWeMbTJeG0uYUOx/VXW0nRzwAmrQGy0saZEaKWvZMJcj5n/YwcgJPSJuogtDMCeytdrww+dGKcEKgjTYB4rU2k8IfvpBzrzdg== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(136003)(376002)(346002)(39860400002)(396003)(366004)(451199021)(5660300002)(66556008)(8676002)(2906002)(2616005)(8936002)(15650500001)(6506007)(53546011)(26005)(186003)(44832011)(31686004)(41300700001)(6486002)(4326008)(66476007)(66946007)(36756003)(54906003)(6512007)(478600001)(966005)(86362001)(316002)(38100700002)(83380400001)(31696002)(19627235002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB6058 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT006.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 88d50d10-da78-425e-566f-08db7ec12863 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: r1Ct47QuqCUW1W2M3BdGZB58I1Jb9aBzTbJXrUezMaP9UOhaxoiXMBgU26nYSKub8Q9Pd3FMkbodg8n7IYz/sH4B0v4nGlse3ZNV3BWnBv4/PGQfFzktHK8bpPnxPhfP1WsnC4iA5VMz3wGzbVyL69y80iKBQ9sbfBZvMlFpTtWk7FVa60IL/p6YUZvzuXfmybgG10lDY4+G67rX8wSKfZpJpj0FOeK2ccSDjUcP9TKJIAvm+hO88R2HbtFU2o/DfyjM+tyvyKxAs/c4Sb31v6N2ABT9bRyJTrQCJpUlVwz8AVDOzQlMjF//sBGk67pTdf0l0DQAwuiGIEKCs4sPKNZPCrK28oj44dyl3OKWZFTTYeLoWFRGRA7Y4HUAkOTx71QeID+IqVcoKRXKnBP5mh26UWqmMu1Q0liOBjBDADPytPiOQco7kkQIXu7mIPuIqh8+4EDtjvLdyNPXk70iZQhWFyfAtKgxtPF37KAlEKSDXomceg+3nBWYZSH97ELkK/+RTw6OewwN2eP3dVFnlN3dh4PULLtHECcydFf+MvM3SWOOHZCwHbOmmH/Z4ludRwcUAcoV/lIZvc8E0thSdVRprXNnUY0uRZ9abo1gBXPXRXi847c5lzDKt19c7VGr1e0Yhxi4cECoSxMu4sxx1QTjfnel3kufPE8EkYeX/v5gocZ6sJIgu5wMyvpTO7tI7gIKFiCWzswzq3by5jsFU/k0Znaxc0nKFAGPQIsWSLA4n927EKrRjJ6o5aSEkhivW3adLcjCk/EYnJclvKc+ew== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(346002)(376002)(396003)(136003)(451199021)(40470700004)(46966006)(36840700001)(53546011)(54906003)(70586007)(6486002)(478600001)(19627235002)(186003)(966005)(26005)(83380400001)(6506007)(6512007)(15650500001)(2906002)(82310400005)(70206006)(4326008)(316002)(40460700003)(5660300002)(8936002)(44832011)(8676002)(356005)(41300700001)(81166007)(86362001)(36756003)(31696002)(2616005)(36860700001)(336012)(47076005)(40480700001)(82740400003)(31686004)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Jul 2023 08:07:22.0064 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aa685071-71a5-453b-3f93-08db7ec1311d X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT006.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB6171 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Pierre, Thank you for this patch. These changes look good to me. Reviewed-by: Sami Mujawar Regards, Sami Mujawar On 06/07/2023 09:51 am, pierre.gondois@arm.com wrote: > From: Pierre Gondois > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 > > The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple > implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). > To allow the RngDxe to detect when such implementation is used, > a GetRngGuid() function was added in a previous patch. > > The EFI_RNG_PROTOCOL can advertise multiple algorithms through > Guids. The PcdCpuRngSupportedAlgorithm is currently used to > advertise the RngLib in the Arm implementation. > > The issues of doing that are: > - the RngLib implementation might not use CPU instructions, > cf. the BaseRngLibTimerLib > - most platforms don't set PcdCpuRngSupportedAlgorithm > > A GetRngGuid() was added to the RngLib in a previous patch, > allowing to identify the algorithm implemented by the RngLib. > Make use of this function and place the unsage algorithm > at the last position in the mAvailableAlgoArray. > > Signed-off-by: Pierre Gondois > --- > .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 ++- > .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- > 3 files changed, 44 insertions(+), 21 deletions(-) > > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c > index e8be217f8a8c..d355f575d5c8 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c > @@ -10,6 +10,7 @@ > #include > #include > #include > +#include > > #include "RngDxeInternals.h" > > @@ -28,9 +29,13 @@ GetAvailableAlgorithms ( > VOID > ) > { > - UINT64 DummyRand; > - UINT16 MajorRevision; > - UINT16 MinorRevision; > + EFI_STATUS Status; > + UINT16 MajorRevision; > + UINT16 MinorRevision; > + GUID RngGuid; > + BOOLEAN UnSafeAlgo; > + > + UnSafeAlgo = FALSE; > > // Rng algorithms 2 times, one for the allocation, one to populate. > mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); > @@ -38,24 +43,29 @@ GetAvailableAlgorithms ( > return EFI_OUT_OF_RESOURCES; > } > > - // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. > - if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) { > - CopyMem ( > - &mAvailableAlgoArray[mAvailableAlgoArrayCount], > - PcdGetPtr (PcdCpuRngSupportedAlgorithm), > - sizeof (EFI_RNG_ALGORITHM) > - ); > - mAvailableAlgoArrayCount++; > - > - DEBUG_CODE_BEGIN (); > - if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { > + // Identify RngLib algorithm. > + Status = GetRngGuid (&RngGuid); > + if (!EFI_ERROR (Status)) { > + if (IsZeroGuid (&RngGuid) || > + CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe)) > + { > + // Treat zero GUID as an unsafe algorithm > DEBUG (( > DEBUG_WARN, > - "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" > + "RngLib uses an Unsafe algorithm and " > + "must not be used for production builds.\n" > )); > + // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found > + // so that it can be added at the end of the algorithm list. > + UnSafeAlgo = TRUE; > + } else { > + CopyMem ( > + &mAvailableAlgoArray[mAvailableAlgoArrayCount], > + &RngGuid, > + sizeof (RngGuid) > + ); > + mAvailableAlgoArrayCount++; > } > - > - DEBUG_CODE_END (); > } > > // Raw algorithm (Trng) > @@ -68,5 +78,15 @@ GetAvailableAlgorithms ( > mAvailableAlgoArrayCount++; > } > > + // Add unsafe algorithm at the end of the list. > + if (UnSafeAlgo) { > + CopyMem ( > + &mAvailableAlgoArray[mAvailableAlgoArrayCount], > + &gEdkiiRngAlgorithmUnSafe, > + sizeof (EFI_RNG_ALGORITHM) > + ); > + mAvailableAlgoArrayCount++; > + } > + > return EFI_SUCCESS; > } > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > index ce49ff7ae661..78a18c5e1177 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > @@ -78,6 +78,7 @@ RngGetRNG ( > { > EFI_STATUS Status; > UINTN Index; > + GUID RngGuid; > > if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) { > return EFI_INVALID_PARAMETER; > @@ -102,7 +103,10 @@ RngGetRNG ( > } > > FoundAlgo: > - if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { > + Status = GetRngGuid (&RngGuid); > + if (!EFI_ERROR (Status) && > + CompareGuid (RNGAlgorithm, &RngGuid)) > + { > Status = RngGetBytes (RNGValueLength, RNGValue); > return Status; > } > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > index d6c2d30195bf..27d3e39a675b 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > @@ -75,13 +75,12 @@ [Guids] > gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG > gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG > gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG > + gEfiRngAlgorithmArmRndr ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG > + gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG > > [Protocols] > gEfiRngProtocolGuid ## PRODUCES > > -[Pcd.AARCH64] > - gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES > - > [Depex] > TRUE >