On Wed, 28 Apr 2021 at 22:44, Rebecca Cran <rebe...@nuviainc.com> wrote:
>
> AARCH64 support has been added to BaseRngLib via the optional
> ARMv8.5 FEAT_RNG.
>
> Refactor RngDxe to support AARCH64, note support for it in the
> VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.
>
> Signed-off-by: Rebecca Cran <rebe...@nuviainc.com>
> ---
> SecurityPkg/SecurityPkg.dsc | 11 +-
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 19 +++-
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h | 37 ++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h | 88
> ++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c | 54 +++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 108
> ++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c | 0
> SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 120
> ++++++++++++++++++++
> SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 117
> ++++---------------
> 12 files changed, 450 insertions(+), 104 deletions(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 12ccd1634941..bd4b810bce61 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -259,6 +259,12 @@ [Components]
> [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
> SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
>
> +[Components.IA32, Components.X64, Components.AARCH64]
> + #
> + # Random Number Generator
> + #
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +
> [Components.IA32, Components.X64]
>
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>
> @@ -334,11 +340,6 @@ [Components.IA32, Components.X64]
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf
>
> SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf
>
> - #
> - # Random Number Generator
> - #
> - SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> -
> #
> # Opal Password solution
> #
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> index 99d6f6b35fc2..c188b6076c00 100644
> --- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> @@ -26,15 +26,24 @@ [Defines]
> #
> # The following information is for reference only and not required by the
> build tools.
> #
> -# VALID_ARCHITECTURES = IA32 X64
> +# VALID_ARCHITECTURES = IA32 X64 AARCH64
> #
>
> [Sources.common]
> RngDxe.c
> - RdRand.c
> - RdRand.h
> - AesCore.c
> - AesCore.h
> + RngDxeInternals.h
> +
> +[Sources.IA32, Sources.X64]
> + Rand/RngDxe.c
> + Rand/RdRand.c
> + Rand/RdRand.h
> + Rand/AesCore.c
> + Rand/AesCore.h
> +
> +[Sources.AARCH64]
> + AArch64/RngDxe.c
> + AArch64/Rndr.c
> + AArch64/Rndr.h
>
> [Packages]
> MdePkg/MdePkg.dec
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> new file mode 100644
> index 000000000000..458faa834a3d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
> @@ -0,0 +1,37 @@
> +/** @file
> + Header for the RNDR APIs used by RNG DXE driver.
> +
> + Support API definitions for RNDR instruction access.
> +
> +
> + Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNDR_H_
> +#define RNDR_H_
> +
> +#include <Library/BaseLib.h>
> +#include <Protocol/Rng.h>
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + );
> +
> +#endif // RNDR_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> similarity index 100%
> rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
> rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> new file mode 100644
> index 000000000000..7e38fc2564f6
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
> @@ -0,0 +1,88 @@
> +/** @file
> + Function prototypes for UEFI Random Number Generator protocol support.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#ifndef RNGDXE_INTERNALS_H_
> +#define RNGDXE_INTERNALS_H_
> +
> +extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
> +
> +/**
> + Returns information about the random number generation implementation.
> +
> + @param[in] This A pointer to the EFI_RNG_PROTOCOL
> instance.
> + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
> RNGAlgorithmList.
> + On output with a return code of
> EFI_SUCCESS, the size
> + in bytes of the data returned in
> RNGAlgorithmList. On output
> + with a return code of
> EFI_BUFFER_TOO_SMALL,
> + the size of RNGAlgorithmList required
> to obtain the list.
> + @param[out] RNGAlgorithmList A caller-allocated memory buffer
> filled by the driver
> + with one EFI_RNG_ALGORITHM element for
> each supported
> + RNG algorithm. The list must not
> change across multiple
> + calls to the same driver. The first
> algorithm in the list
> + is the default algorithm for the
> driver.
> +
> + @retval EFI_SUCCESS The RNG algorithm list was returned
> successfully.
> + @retval EFI_UNSUPPORTED The services is not supported by this
> driver.
> + @retval EFI_DEVICE_ERROR The list of algorithms could not be
> retrieved due to a
> + hardware or firmware error.
> + @retval EFI_INVALID_PARAMETER One or more of the parameters are
> incorrect.
> + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too
> small to hold the result.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetInfo (
> + IN EFI_RNG_PROTOCOL *This,
> + IN OUT UINTN *RNGAlgorithmListSize,
> + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
> + );
> +
> +/**
> + Produces and returns an RNG value using either the default or specified
> RNG algorithm.
> +
> + @param[in] This A pointer to the EFI_RNG_PROTOCOL
> instance.
> + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM
> that identifies the RNG
> + algorithm to use. May be NULL in which
> case the function will
> + use its default RNG algorithm.
> + @param[in] RNGValueLength The length in bytes of the memory
> buffer pointed to by
> + RNGValue. The driver shall return
> exactly this numbers of bytes.
> + @param[out] RNGValue A caller-allocated memory buffer
> filled by the driver with the
> + resulting RNG value.
> +
> + @retval EFI_SUCCESS The RNG value was returned
> successfully.
> + @retval EFI_UNSUPPORTED The algorithm specified by
> RNGAlgorithm is not supported by
> + this driver.
> + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved
> due to a hardware or
> + firmware error.
> + @retval EFI_NOT_READY There is not enough random data
> available to satisfy the length
> + requested by RNGValueLength.
> + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is
> zero.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RngGetRNG (
> + IN EFI_RNG_PROTOCOL *This,
> + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
> + IN UINTN RNGValueLength,
> + OUT UINT8 *RNGValue
> + );
> +
> +/**
> + Returns the size of the RNG algorithms structure.
> +
> + @return Size of the EFI_RNG_ALGORITHM list.
> +**/
> +UINTN
> +EFIAPI
> +ArchGetSupportedRngAlgorithmsSize (
> + VOID
> + );
> +
> +#endif // RNGDXE_INTERNALS_H_
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> new file mode 100644
> index 000000000000..36166a9cbc13
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
> @@ -0,0 +1,54 @@
> +/** @file
> + Support routines for RNDR instruction access.
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/RngLib.h>
> +
> +#include "Rndr.h"
> +
> +/**
> + Calls RNDR to fill a buffer of arbitrary size with random bytes.
> +
> + @param[in] Length Size of the buffer, in bytes, to fill with.
> + @param[out] RandBuffer Pointer to the buffer to store the random
> result.
> +
> + @retval EFI_SUCCESS Random bytes generation succeeded.
> + @retval EFI_NOT_READY Failed to request random bytes.
> +
> +**/
> +EFI_STATUS
> +EFIAPI
> +RndrGetBytes (
> + IN UINTN Length,
> + OUT UINT8 *RandBuffer
> + )
> +{
> + BOOLEAN IsRandom;
> + UINT64 TempRand;
> +
> + while (Length > 0) {
> + IsRandom = GetRandomNumber64 (&TempRand);
> + if (!IsRandom) {
> + return EFI_NOT_READY;
> + }
> + if (Length >= sizeof (TempRand)) {
> + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
> + RandBuffer += sizeof (UINT64);
> + Length -= sizeof (TempRand);
> + } else {
> + CopyMem (RandBuffer, &TempRand, Length);
> + Length = 0;
> + }
> + }
> +
> + return EFI_SUCCESS;
> +}
> +
> diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> new file mode 100644
> index 000000000000..18cca825e72d
> --- /dev/null
> +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
> @@ -0,0 +1,108 @@
> +/** @file
> + RNG Driver to produce the UEFI Random Number Generator protocol.
> +
> + The driver will use the new RNDR instruction to produce high-quality,
> high-performance
> + entropy and random number.
> +
> + RNG Algorithms defined in UEFI 2.4:
> + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_RAW - Supported
> + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
> + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
> +
> + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> +
> + SPDX-License-Identifier: BSD-2-Clause-Patent
> +
> +**/
> +
> +#include <Library/BaseLib.h>
> +#include <Library/BaseMemoryLib.h>
> +#include <Library/UefiBootServicesTableLib.h>
> +#include <Library/TimerLib.h>
> +#include <Protocol/Rng.h>
> +
> +#include "Rndr.h"
> +
> +//
> +// Supported RNG Algorithms list by this driver.
> +//
> +EFI_RNG_ALGORITHM mSupportedRngAlgorithms[] = {
> + EFI_RNG_ALGORITHM_RAW
This is incorrect. Both flavors of RNDR return the output of a DRBG,
the only difference is how often they are reseeded.
We might need a PCD here to define which exact DRBG implementation is
used in the hardware, and set this accordingly. We could use a VOID*
PTR PCD type to carry the GUID itself, in which case we could reuse
the same code for x86 as well, if I am not mistaken.
--
Ard.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#74602): https://edk2.groups.io/g/devel/message/74602
Mute This Topic: https://groups.io/mt/82440614/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
