Scott, The code refactoring the Jonathan did is simply moving the existing code from RngDxe to the new RandLib. He did not change any of the existing code, so your comments apply to the existing EDK2 implementation.
With Jonathan's change, it is possible for others to provide multiple implementations of RandLib to support any processors (including non-Intel CPUs that support rdrand, as well as other processors that may not necessarily have a similar instruction). Thanks, --Samer -----Original Message----- From: Scott Duplichan [mailto:sc...@notabs.org] Sent: Friday, June 19, 2015 3:15 PM To: edk2-devel@lists.sourceforge.net Subject: Re: [edk2] [PATCH 1/2] SecurityPkg: Add RandLib from existing RngDxe code Jonathan Doman [mailto:jonathan.do...@hp.com] wrote: ]Sent: Friday, June 19, 2015 12:48 PM ]To: edk2-devel@lists.sourceforge.net ]Subject: [edk2] [PATCH 1/2] SecurityPkg: Add RandLib from existing RngDxe code ] ]Separate out the low-level random data read code from RngDxe and move ]into new RandLib, including IA32 and X64 directories. ] ]Contributed-under: TianoCore Contribution Agreement 1.0 ]Signed-off-by: Jonathan Doman <jonathan.do...@hp.com> ]--- ] SecurityPkg/Include/Library/RandLib.h | 50 +++++ ] SecurityPkg/Library/RandLib/IA32/AsmRdRand.asm | 67 ++++++ ] SecurityPkg/Library/RandLib/IA32/GccRdRand.c | 69 ++++++ ] SecurityPkg/Library/RandLib/IA32/RdRandWord.c | 104 +++++++++ ] SecurityPkg/Library/RandLib/RandLib.inf | 53 +++++ ] SecurityPkg/Library/RandLib/RdRand.c | 284 +++++++++++++++++++++++++ ] SecurityPkg/Library/RandLib/RdRand.h | 166 +++++++++++++++ ] SecurityPkg/Library/RandLib/X64/AsmRdRand.asm | 83 ++++++++ ] SecurityPkg/Library/RandLib/X64/GccRdRand.c | 95 +++++++++ ] SecurityPkg/Library/RandLib/X64/RdRandWord.c | 70 ++++++ ] SecurityPkg/SecurityPkg.dec | 3 + ] SecurityPkg/SecurityPkg.dsc | 1 + ] 12 files changed, 1045 insertions(+) ] create mode 100644 SecurityPkg/Include/Library/RandLib.h ] create mode 100644 SecurityPkg/Library/RandLib/IA32/AsmRdRand.asm ] create mode 100644 SecurityPkg/Library/RandLib/IA32/GccRdRand.c ] create mode 100644 SecurityPkg/Library/RandLib/IA32/RdRandWord.c ] create mode 100644 SecurityPkg/Library/RandLib/RandLib.inf ] create mode 100644 SecurityPkg/Library/RandLib/RdRand.c ] create mode 100644 SecurityPkg/Library/RandLib/RdRand.h ] create mode 100644 SecurityPkg/Library/RandLib/X64/AsmRdRand.asm ] create mode 100644 SecurityPkg/Library/RandLib/X64/GccRdRand.c ] create mode 100644 SecurityPkg/Library/RandLib/X64/RdRandWord.c ] ]diff --git a/SecurityPkg/Include/Library/RandLib.h b/SecurityPkg/Include/Library/RandLib.h ]new file mode 100644 ]index 0000000..f50c10e ]--- /dev/null ]+++ b/SecurityPkg/Include/Library/RandLib.h ]@@ -0,0 +1,50 @@ ]+/** @file RandLib.h ]+ ]+ Interfaces provided by RandLib to support RngDxe. ]+ ]+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> ]+ ]+ This program and the accompanying materials are licensed and made available ]+ under the terms and conditions of the BSD License that accompanies this ]+ distribution. The full text of the license may be found at ]+ http://opensource.org/licenses/bsd-license.php. ]+ ]+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT ]+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+#ifndef __RAND_LIB_DOT_H__ ]+#define __RAND_LIB_DOT_H__ ]+#include <Uefi/UefiBaseType.h> ]+ ]+/** ]+ Determines whether or not RDRAND instruction is supported by the host hardware. ]+ ]+ @retval EFI_SUCCESS RDRAND instruction supported. ]+ @retval EFI_UNSUPPORTED RDRAND instruction not supported. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+IsRdRandSupported ( ]+ VOID ]+ ); ]+ ]+/** ]+ Calls RDRAND to fill a buffer of arbitrary size with random bytes. ]+ ]+ @param[in] Length Size of the buffer, in bytes, to fill with. ]+ @param[out] RandBuffer Pointer to the buffer to store the random result. ]+ ]+ @retval EFI_SUCCESS Random bytes generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random bytes. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandGetBytes ( ]+ IN UINTN Length, ]+ OUT UINT8 *RandBuffer ]+ ); ]+ ]+#endif /* __RAND_LIB_DOT_H__ */ ]diff --git a/SecurityPkg/Library/RandLib/IA32/AsmRdRand.asm b/SecurityPkg/Library/RandLib/IA32/AsmRdRand.asm ]new file mode 100644 ]index 0000000..37b3830 ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/IA32/AsmRdRand.asm ]@@ -0,0 +1,67 @@ ]+;------------------------------------------------------------------------------ ]+; ]+; Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+; This program and the accompanying materials ]+; are licensed and made available under the terms and conditions of the BSD License ]+; which accompanies this distribution. The full text of the license may be found at ]+; http://opensource.org/licenses/bsd-license.php. ]+; ]+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+; ]+; Module Name: ]+; ]+; AsmRdRand.Asm ]+; ]+; Abstract: ]+; ]+; Implementation for 16-, and 32- invocations of RDRAND instruction under 32bit platform. ]+; ]+; Notes: ]+; ]+; Visual Studio coding practices do not use inline asm since multiple compilers and ]+; architectures are supported assembler not recognizing rdrand instruction so using DB's. ]+; ]+;------------------------------------------------------------------------------ ]+ ]+ .586P ]+ .model flat, C ]+ .code ]+ ]+;------------------------------------------------------------------------------ ]+; Generate a 16 bit random number ]+; Return TRUE if Rand generated successfully, or FALSE if not ]+; ]+; BOOLEAN EFIAPI RdRand16Step (UINT16 *Rand); ECX ]+;------------------------------------------------------------------------------ ]+RdRand16Step PROC ]+ ; rdrand ax ; generate a 16 bit RN into ax, CF=1 if RN generated ok, otherwise CF=0 ]+ db 0fh, 0c7h, 0f0h ; rdrand r16: "0f c7 /6 ModRM:r/m(w)" ]+ jb rn16_ok ; jmp if CF=1 ]+ xor eax, eax ; reg=0 if CF=0 ]+ ret ; return with failure status ]+rn16_ok: ]+ mov [ecx], ax Is this using the correct calling convention? I think this is the 32-bit version, and EDK2 x86 32-bit code uses cdecl calling convention. If so, the passed value for arg1 is in [esp+4], not ecx. Same for all the other 32-bit asm functions here. ]+ mov eax, 1 ]+ ret ]+RdRand16Step ENDP ]+ ]+;------------------------------------------------------------------------------ ]+; Generate a 32 bit random number ]+; Return TRUE if Rand generated successfully, or FALSE if not ]+; ]+; BOOLEAN EFIAPI RdRand32Step (UINT32 *Rand); ECX ]+;------------------------------------------------------------------------------ ]+RdRand32Step PROC ]+ ; rdrand eax ; generate a 32 bit RN into eax, CF=1 if RN generated ok, otherwise CF=0 ]+ db 0fh, 0c7h, 0f0h ; rdrand r32: "0f c7 /6 ModRM:r/m(w)" ]+ jb rn32_ok ; jmp if CF=1 ]+ xor eax, eax ; reg=0 if CF=0 ]+ ret ; return with failure status ]+rn32_ok: ]+ mov [ecx], eax ]+ mov eax, 1 ]+ ret ]+RdRand32Step ENDP ]+ ]+ END ]diff --git a/SecurityPkg/Library/RandLib/IA32/GccRdRand.c b/SecurityPkg/Library/RandLib/IA32/GccRdRand.c ]new file mode 100644 ]index 0000000..f42302a ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/IA32/GccRdRand.c ]@@ -0,0 +1,69 @@ ]+/** @file ]+ RDRAND Support Routines for GCC environment. ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+/** ]+ Generates a 16-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand16Step ( ]+ OUT UINT16 *Rand ]+ ) ]+{ ]+ UINT8 Carry; ]+ ]+ // ]+ // Uses byte code for RDRAND instruction, ]+ // in case that GCC version has no direct support on RDRAND assembly. ]+ // ]+ __asm__ __volatile__ ( ]+ ".byte 0x66; .byte 0x0f; .byte 0xc7; .byte 0xf0; setc %1" ]+ :"=a" (*Rand), ]+ "=qm" (Carry) ]+ ); ]+ ]+ return (BOOLEAN) Carry; ]+} ]+ ]+/** ]+ Generates a 32-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand32Step ( ]+ OUT UINT32 *Rand ]+ ) ]+{ ]+ UINT8 Carry; ]+ ]+ __asm__ __volatile__ ( ]+ ".byte 0x0f; .byte 0xc7; .byte 0xf0; setc %1" ]+ :"=a" (*Rand), ]+ "=qm" (Carry) ]+ ); ]+ ]+ return (BOOLEAN) Carry; ]+} ]\ No newline at end of file ]diff --git a/SecurityPkg/Library/RandLib/IA32/RdRandWord.c b/SecurityPkg/Library/RandLib/IA32/RdRandWord.c ]new file mode 100644 ]index 0000000..125c53b ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/IA32/RdRandWord.c ]@@ -0,0 +1,104 @@ ]+/** @file ]+ RDRAND Support Routines. ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+#include "RdRand.h" ]+ ]+/** ]+ Generates a 64-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand64Step ( ]+ OUT UINT64 *Rand ]+ ) ]+{ ]+ UINT32 RandLow; ]+ UINT32 RandHigh; ]+ ]+ // ]+ // Generating a 64-bit rand on a 32-bit system by ]+ // mapping two 32-bit RDRAND instructions. ]+ // ]+ if (!RdRand32Step (&RandLow)) { ]+ return FALSE; ]+ } ]+ if (!RdRand32Step (&RandHigh)) { ]+ return FALSE; ]+ } ]+ ]+ *Rand = (UINT64) RandLow | LShiftU64 ((UINT64)RandHigh, 32); ]+ ]+ return TRUE; ]+} ]+ ]+/** ]+ Calls RDRAND to request a word-length random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random number. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS Random word generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random word. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandWord ( ]+ OUT UINTN *Rand, ]+ IN BOOLEAN NeedRetry ]+ ) ]+{ ]+ return RdRand32 (Rand, NeedRetry); ]+} ]+ ]+/** ]+ Calls RDRAND to request multiple word-length random numbers. ]+ ]+ @param[in] Length Size of the buffer, in words, to fill with. ]+ @param[out] RandBuffer Pointer to the buffer to store the random result. ]+ ]+ @retval EFI_SUCCESS Random words generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random words. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandGetWords ( ]+ IN UINTN Length, ]+ OUT UINTN *RandBuffer ]+ ) ]+{ ]+ EFI_STATUS Status; ]+ UINT32 Index; ]+ ]+ for (Index = 0; Index < Length; Index++) { ]+ // ]+ // Obtain one word-length (32-bit) Random Number with possible retry-loop. ]+ // ]+ Status = RdRand32 (RandBuffer, TRUE); ]+ if (EFI_ERROR (Status)) { ]+ return Status; ]+ } ]+ ]+ RandBuffer++; ]+ } ]+ ]+ return EFI_SUCCESS; ]+} ]diff --git a/SecurityPkg/Library/RandLib/RandLib.inf b/SecurityPkg/Library/RandLib/RandLib.inf ]new file mode 100644 ]index 0000000..68f5cc7 ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/RandLib.inf ]@@ -0,0 +1,53 @@ ]+## @file RandLib.inf ]+# ]+# Provide rand data using x86 instructions ]+# ]+# (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> ]+# ]+# This program and the accompanying materials are licensed and made available ]+# under the terms and conditions of the BSD License that accompanies this ]+# distribution. The full text of the license may be found at ]+# http://opensource.org/licenses/bsd-license.php. ]+# ]+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT ]+# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+# ]+## ]+ ]+[Defines] ]+ INF_VERSION = 0x00010005 ]+ BASE_NAME = IntelRandLib ]+ FILE_GUID = D0317815-4036-2FF5-0F56-4990A7B37A6F ]+ MODULE_TYPE = BASE ]+ VERSION_STRING = 1.0 ]+ LIBRARY_CLASS = RandLib ]+ ]+# ]+# The following information is for reference only and not required by the build tools. ]+# ]+# VALID_ARCHITECTURES = IA32 X64 ]+# ]+ ]+[Sources.common] ]+ RdRand.c ]+ ]+[Sources.IA32] ]+ IA32/RdRandWord.c ]+ IA32/AsmRdRand.asm ]+ IA32/GccRdRand.c | GCC ]+ ]+[Sources.X64] ]+ X64/RdRandWord.c ]+ X64/AsmRdRand.asm ]+ X64/GccRdRand.c | GCC ]+ ]+[Packages] ]+ MdePkg/MdePkg.dec ]+ SecurityPkg/SecurityPkg.dec ]+ ]+[Depex] ]+ TRUE ]+ ]+[BuildOptions] ]+ XCODE:*_*_*_CC_FLAGS = -mmmx -msse ]+ ]diff --git a/SecurityPkg/Library/RandLib/RdRand.c b/SecurityPkg/Library/RandLib/RdRand.c ]new file mode 100644 ]index 0000000..3babbc3 ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/RdRand.c ]@@ -0,0 +1,284 @@ ]+/** @file ]+ Support routines for RDRAND instruction access. ]+ ]+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+#include "RdRand.h" ]+#include <Library/RandLib.h> ]+ ]+ ]+// ]+// Bit mask used to determine if RdRand instruction is supported. ]+// ]+#define RDRAND_MASK 0x40000000 ]+ ]+/** ]+ Determines whether or not RDRAND instruction is supported by the host hardware. ]+ ]+ @retval EFI_SUCCESS RDRAND instruction supported. ]+ @retval EFI_UNSUPPORTED RDRAND instruction not supported. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+IsRdRandSupported ( ]+ VOID ]+ ) ]+{ ]+ EFI_STATUS Status; ]+ UINT32 RegEax; ]+ UINT32 RegEbx; ]+ UINT32 RegEcx; ]+ UINT32 RegEdx; ]+ BOOLEAN IsIntelCpu; ]+ ]+ Status = EFI_UNSUPPORTED; ]+ IsIntelCpu = FALSE; ]+ ]+ // ]+ // Checks whether the current processor is an Intel product by CPUID. ]+ // ]+ AsmCpuid (0, &RegEax, &RegEbx, &RegEcx, &RegEdx); ]+ if ((CompareMem ((CHAR8 *)(&RegEbx), "Genu", 4) == 0) && ]+ (CompareMem ((CHAR8 *)(&RegEdx), "ineI", 4) == 0) && ]+ (CompareMem ((CHAR8 *)(&RegEcx), "ntel", 4) == 0)) { ]+ IsIntelCpu = TRUE; ]+ } ]+ ]+ if (IsIntelCpu) { What about non-Intel processors? I believe RDRAND has been adopted by at least one other x86 processor vendor in a compatible way, making it easy to support. In general EDK2 supports AMD and other x86 processors, so artificially excluding a compatible non-Intel RDRAND implementation seems wrong. ]+ // ]+ // Determine RDRAND support by examining bit 30 of the ECX register returned by CPUID. ]+ // A value of 1 indicates that processor supports RDRAND instruction. ]+ // ]+ AsmCpuid (1, 0, 0, &RegEcx, 0); ]+ ]+ if ((RegEcx & RDRAND_MASK) == RDRAND_MASK) { ]+ Status = EFI_SUCCESS; ]+ } ]+ } ]+ ]+ return Status; ]+} ]+ ]+/** ]+ Calls RDRAND to obtain a 16-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand16 ( ]+ OUT UINT16 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ) ]+{ ]+ UINT32 Index; ]+ UINT32 RetryCount; ]+ ]+ if (NeedRetry) { ]+ RetryCount = RETRY_LIMIT; ]+ } else { ]+ RetryCount = 1; ]+ } ]+ ]+ // ]+ // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. ]+ // ]+ for (Index = 0; Index < RetryCount; Index++) { ]+ if (RdRand16Step (Rand)) { ]+ return EFI_SUCCESS; ]+ } ]+ } ]+ ]+ return EFI_NOT_READY; ]+} ]+ ]+/** ]+ Calls RDRAND to obtain a 32-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand32 ( ]+ OUT UINT32 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ) ]+{ ]+ UINT32 Index; ]+ UINT32 RetryCount; ]+ ]+ if (NeedRetry) { ]+ RetryCount = RETRY_LIMIT; ]+ } else { ]+ RetryCount = 1; ]+ } ]+ ]+ // ]+ // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. ]+ // ]+ for (Index = 0; Index < RetryCount; Index++) { ]+ if (RdRand32Step (Rand)) { ]+ return EFI_SUCCESS; ]+ } ]+ } ]+ ]+ return EFI_NOT_READY; ]+} ]+ ]+/** ]+ Calls RDRAND to obtain a 64-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand64 ( ]+ OUT UINT64 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ) ]+{ ]+ UINT32 Index; ]+ UINT32 RetryCount; ]+ ]+ if (NeedRetry) { ]+ RetryCount = RETRY_LIMIT; ]+ } else { ]+ RetryCount = 1; ]+ } ]+ ]+ // ]+ // Perform a single call to RDRAND, or enter a loop call until RDRAND succeeds. ]+ // ]+ for (Index = 0; Index < RetryCount; Index++) { ]+ if (RdRand64Step (Rand)) { ]+ return EFI_SUCCESS; ]+ } ]+ } ]+ ]+ return EFI_NOT_READY; ]+} ]+ ]+/** ]+ Calls RDRAND to fill a buffer of arbitrary size with random bytes. ]+ ]+ @param[in] Length Size of the buffer, in bytes, to fill with. ]+ @param[out] RandBuffer Pointer to the buffer to store the random result. ]+ ]+ @retval EFI_SUCCESS Random bytes generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random bytes. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandGetBytes ( ]+ IN UINTN Length, ]+ OUT UINT8 *RandBuffer ]+ ) ]+{ ]+ EFI_STATUS Status; ]+ UINT8 *Start; ]+ UINT8 *ResidualStart; ]+ UINTN *BlockStart; ]+ UINTN TempRand; ]+ UINTN Count; ]+ UINTN Residual; ]+ UINTN StartLen; ]+ UINTN BlockNum; ]+ UINTN Index; ]+ ]+ ResidualStart = NULL; ]+ TempRand = 0; ]+ ]+ // ]+ // Compute the address of the first word aligned (32/64-bit) block in the ]+ // destination buffer, depending on whether we are in 32- or 64-bit mode. ]+ // ]+ Start = RandBuffer; ]+ if (((UINT32)(UINTN)Start % (UINT32)sizeof(UINTN)) == 0) { ]+ BlockStart = (UINTN *)Start; ]+ Count = Length; ]+ StartLen = 0; ]+ } else { ]+ BlockStart = (UINTN *)(((UINTN)Start & ~(UINTN)(sizeof(UINTN) - 1)) + (UINTN)sizeof(UINTN)); ]+ Count = Length - (sizeof (UINTN) - (UINT32)((UINTN)Start % sizeof (UINTN))); ]+ StartLen = (UINT32)((UINTN)BlockStart - (UINTN)Start); ]+ } ]+ ]+ // ]+ // Compute the number of word blocks and the remaining number of bytes. ]+ // ]+ Residual = Count % sizeof (UINTN); ]+ BlockNum = Count / sizeof (UINTN); ]+ if (Residual != 0) { ]+ ResidualStart = (UINT8 *) (BlockStart + BlockNum); ]+ } ]+ ]+ // ]+ // Obtain a temporary random number for use in the residuals. Failout if retry fails. ]+ // ]+ if (StartLen > 0) { ]+ Status = RdRandWord ((UINTN *) &TempRand, TRUE); ]+ if (EFI_ERROR (Status)) { ]+ return Status; ]+ } ]+ } ]+ ]+ // ]+ // Populate the starting mis-aligned block. ]+ // ]+ for (Index = 0; Index < StartLen; Index++) { ]+ Start[Index] = (UINT8)(TempRand & 0xff); ]+ TempRand = TempRand >> 8; ]+ } ]+ ]+ // ]+ // Populate the central aligned block. Fail out if retry fails. ]+ // ]+ Status = RdRandGetWords (BlockNum, (UINTN *)(BlockStart)); ]+ if (EFI_ERROR (Status)) { ]+ return Status; ]+ } ]+ // ]+ // Populate the final mis-aligned block. ]+ // ]+ if (Residual > 0) { ]+ Status = RdRandWord ((UINTN *)&TempRand, TRUE); ]+ if (EFI_ERROR (Status)) { ]+ return Status; ]+ } ]+ for (Index = 0; Index < Residual; Index++) { ]+ ResidualStart[Index] = (UINT8)(TempRand & 0xff); ]+ TempRand = TempRand >> 8; ]+ } ]+ } ]+ ]+ return EFI_SUCCESS; ]+} ]+ ]diff --git a/SecurityPkg/Library/RandLib/RdRand.h b/SecurityPkg/Library/RandLib/RdRand.h ]new file mode 100644 ]index 0000000..32dfc73 ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/RdRand.h ]@@ -0,0 +1,166 @@ ]+/** @file ]+ Header for the RDRAND APIs used by RNG DXE driver. ]+ ]+ Support API definitions for RDRAND instruction access, which will leverage ]+ Intel Secure Key technology to provide high-quality random numbers for use ]+ in applications, or entropy for seeding other random number generators. ]+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number ]+ -generator-drng-software-implementation-guide/ for more information about Intel ]+ Secure Key technology. ]+ ]+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+#ifndef __RD_RAND_H__ ]+#define __RD_RAND_H__ ]+ ]+#include <Library/BaseLib.h> ]+#include <Library/BaseMemoryLib.h> ]+#include <Uefi/UefiBaseType.h> ]+ ]+// ]+// The maximun number of retries to obtain one available random number. ]+// ]+#define RETRY_LIMIT 10 ]+ ]+/** ]+ Generates a 16-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand16Step ( ]+ OUT UINT16 *Rand ]+ ); ]+ ]+/** ]+ Generates a 32-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand32Step ( ]+ OUT UINT32 *Rand ]+ ); ]+ ]+/** ]+ Generates a 64-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand64Step ( ]+ OUT UINT64 *Rand ]+ ); ]+ ]+/** ]+ Calls RDRAND to obtain a 16-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand16 ( ]+ OUT UINT16 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ); ]+ ]+/** ]+ Calls RDRAND to obtain a 32-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand32 ( ]+ OUT UINT32 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ); ]+ ]+/** ]+ Calls RDRAND to obtain a 64-bit random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS RDRAND call was successful. ]+ @retval EFI_NOT_READY Failed attempts to call RDRAND. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRand64 ( ]+ OUT UINT64 *Rand, ]+ IN BOOLEAN NeedRetry ]+ ); ]+ ]+/** ]+ Calls RDRAND to request a word-length random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random number. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS Random word generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random word. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandWord ( ]+ OUT UINTN *Rand, ]+ IN BOOLEAN NeedRetry ]+ ); ]+ ]+/** ]+ Calls RDRAND to request multiple word-length random numbers. ]+ ]+ @param[in] Length Size of the buffer, in words, to fill with. ]+ @param[out] RandBuffer Pointer to the buffer to store the random result. ]+ ]+ @retval EFI_SUCCESS Random words generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random words. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandGetWords ( ]+ IN UINTN Length, ]+ OUT UINTN *RandBuffer ]+ ); ]+ ]+#endif // __RD_RAND_H__ ]diff --git a/SecurityPkg/Library/RandLib/X64/AsmRdRand.asm b/SecurityPkg/Library/RandLib/X64/AsmRdRand.asm ]new file mode 100644 ]index 0000000..8a4fe65 ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/X64/AsmRdRand.asm ]@@ -0,0 +1,83 @@ ]+;------------------------------------------------------------------------------ ]+; ]+; Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+; This program and the accompanying materials ]+; are licensed and made available under the terms and conditions of the BSD License ]+; which accompanies this distribution. The full text of the license may be found at ]+; http://opensource.org/licenses/bsd-license.php. ]+; ]+; THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+; WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+; ]+; Module Name: ]+; ]+; AsmRdRand.Asm ]+; ]+; Abstract: ]+; ]+; Implementation for 16-, 32-, and 64-bit invocations of RDRAND instruction under 64bit platform. ]+; ]+; Notes: ]+; ]+; Visual Studio coding practices do not use inline asm since multiple compilers and ]+; architectures are supported assembler not recognizing rdrand instruction so using DB's. ]+; ]+;------------------------------------------------------------------------------ ]+ ]+ .code ]+ ]+;------------------------------------------------------------------------------ ]+; Generate a 16 bit random number ]+; Return TRUE if Rand generated successfully, or FALSE if not ]+; ]+; BOOLEAN EFIAPI RdRand16Step (UINT16 *Rand); RCX ]+;------------------------------------------------------------------------------ ]+RdRand16Step PROC ]+ ; rdrand ax ; generate a 16 bit RN into ax, CF=1 if RN generated ok, otherwise CF=0 ]+ db 0fh, 0c7h, 0f0h ; rdrand r16: "0f c7 /6 ModRM:r/m(w)" ]+ jb rn16_ok ; jmp if CF=1 ]+ xor rax, rax ; reg=0 if CF=0 ]+ ret ; return with failure status ]+rn16_ok: ]+ mov [rcx], ax ]+ mov rax, 1 ]+ ret ]+RdRand16Step ENDP ]+ ]+;------------------------------------------------------------------------------ ]+; Generate a 32 bit random number ]+; Return TRUE if Rand generated successfully, or FALSE if not ]+; ]+; BOOLEAN EFIAPI RdRand32Step (UINT32 *Rand); RCX ]+;------------------------------------------------------------------------------ ]+RdRand32Step PROC ]+ ; rdrand eax ; generate a 32 bit RN into eax, CF=1 if RN generated ok, otherwise CF=0 ]+ db 0fh, 0c7h, 0f0h ; rdrand r32: "0f c7 /6 ModRM:r/m(w)" ]+ jb rn32_ok ; jmp if CF=1 ]+ xor rax, rax ; reg=0 if CF=0 ]+ ret ; return with failure status ]+rn32_ok: ]+ mov [rcx], eax ]+ mov rax, 1 ]+ ret ]+RdRand32Step ENDP ]+ ]+;------------------------------------------------------------------------------ ]+; Generate a 64 bit random number ]+; Return TRUE if RN generated successfully, or FALSE if not ]+; ]+; BOOLEAN EFIAPI RdRand64Step (UINT64 *Random); RCX ]+;------------------------------------------------------------------------------ ]+RdRand64Step PROC ]+ ; rdrand rax ; generate a 64 bit RN into rax, CF=1 if RN generated ok, otherwise CF=0 ]+ db 048h, 0fh, 0c7h, 0f0h ; rdrand r64: "REX.W + 0F C7 /6 ModRM:r/m(w)" ]+ jb rn64_ok ; jmp if CF=1 ]+ xor rax, rax ; reg=0 if CF=0 ]+ ret ; return with failure status ]+rn64_ok: ]+ mov [rcx], rax ]+ mov rax, 1 ]+ ret ]+RdRand64Step ENDP ]+ ]+ END ]diff --git a/SecurityPkg/Library/RandLib/X64/GccRdRand.c b/SecurityPkg/Library/RandLib/X64/GccRdRand.c ]new file mode 100644 ]index 0000000..d28336d ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/X64/GccRdRand.c ]@@ -0,0 +1,95 @@ ]+/** @file ]+ RDRAND Support Routines for GCC environment. ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+/** ]+ Generates a 16-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand16Step ( ]+ OUT UINT16 *Rand ]+ ) ]+{ ]+ UINT8 Carry; ]+ ]+ // ]+ // Uses byte code for RDRAND instruction, ]+ // in case that GCC version has no direct support on RDRAND assembly. ]+ // ]+ __asm__ __volatile__ ( ]+ ".byte 0x66; .byte 0x0f; .byte 0xc7; .byte 0xf0; setc %1" ]+ :"=a" (*Rand), ]+ "=qm" (Carry) ]+ ); ]+ ]+ return (BOOLEAN) Carry; ]+} ]+ ]+/** ]+ Generates a 32-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand32Step ( ]+ OUT UINT32 *Rand ]+ ) ]+{ ]+ UINT8 Carry; ]+ ]+ __asm__ __volatile__ ( ]+ ".byte 0x0f; .byte 0xc7; .byte 0xf0; setc %1" ]+ :"=a" (*Rand), ]+ "=qm" (Carry) ]+ ); ]+ ]+ return (BOOLEAN) Carry; ]+} ]+ ]+/** ]+ Generates a 64-bit random number through RDRAND instruction. ]+ ]+ @param[out] Rand Buffer pointer to store the random result. ]+ ]+ @retval TRUE RDRAND call was successful. ]+ @retval FALSE Failed attempts to call RDRAND. ]+ ]+**/ ]+BOOLEAN ]+EFIAPI ]+RdRand64Step ( ]+ OUT UINT64 *Rand ]+ ) ]+{ ]+ UINT8 Carry; ]+ ]+ __asm__ __volatile__ ( ]+ ".byte 0x48; .byte 0x0f; .byte 0xc7; .byte 0xf0; setc %1" ]+ :"=a" (*Rand), ]+ "=qm" (Carry) ]+ ); ]+ ]+ return (BOOLEAN) Carry; ]+} ]diff --git a/SecurityPkg/Library/RandLib/X64/RdRandWord.c b/SecurityPkg/Library/RandLib/X64/RdRandWord.c ]new file mode 100644 ]index 0000000..946e5ba ]--- /dev/null ]+++ b/SecurityPkg/Library/RandLib/X64/RdRandWord.c ]@@ -0,0 +1,70 @@ ]+/** @file ]+ RDRAND Support Routines. ]+ ]+Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> ]+This program and the accompanying materials ]+are licensed and made available under the terms and conditions of the BSD License ]+which accompanies this distribution. The full text of the license may be found at ]+http://opensource.org/licenses/bsd-license.php ]+ ]+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ]+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ]+ ]+**/ ]+ ]+#include "RdRand.h" ]+ ]+/** ]+ Calls RDRAND to request a word-length random number. ]+ ]+ @param[out] Rand Buffer pointer to store the random number. ]+ @param[in] NeedRetry Determine whether or not to loop retry. ]+ ]+ @retval EFI_SUCCESS Random word generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random word. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandWord ( ]+ OUT UINTN *Rand, ]+ IN BOOLEAN NeedRetry ]+ ) ]+{ ]+ return RdRand64 (Rand, NeedRetry); ]+} ]+ ]+/** ]+ Calls RDRAND to request multiple word-length random numbers. ]+ ]+ @param[in] Length Size of the buffer, in words, to fill with. ]+ @param[out] RandBuffer Pointer to the buffer to store the random result. ]+ ]+ @retval EFI_SUCCESS Random words generation succeeded. ]+ @retval EFI_NOT_READY Failed to request random words. ]+ ]+**/ ]+EFI_STATUS ]+EFIAPI ]+RdRandGetWords ( ]+ IN UINTN Length, ]+ OUT UINTN *RandBuffer ]+ ) ]+{ ]+ EFI_STATUS Status; ]+ UINT32 Index; ]+ ]+ for (Index = 0; Index < Length; Index++) { ]+ // ]+ // Obtain one word-length (64-bit) Random Number with possible retry-loop. ]+ // ]+ Status = RdRand64 (RandBuffer, TRUE); ]+ if (EFI_ERROR (Status)) { ]+ return Status; ]+ } ]+ ]+ RandBuffer++; ]+ } ]+ ]+ return EFI_SUCCESS; ]+} ]\ No newline at end of file ]diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec ]index 25ec7d0..8281deb 100644 ]--- a/SecurityPkg/SecurityPkg.dec ]+++ b/SecurityPkg/SecurityPkg.dec ]@@ -75,6 +75,9 @@ ] # ] TrEEPpVendorLib|Include/Library/TrEEPpVendorLib.h ] ]+ ## @libraryclass Provides RDRAND. ]+ RandLib|Include/Library/RandLib.h ]+ ] [Guids] ] ## Security package token space guid. ] # Include/Guid/SecurityPkgTokenSpace.h ]diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc ]index 35a7a51..26758c3 100644 ]--- a/SecurityPkg/SecurityPkg.dsc ]+++ b/SecurityPkg/SecurityPkg.dsc ]@@ -59,6 +59,7 @@ ] TrEEPhysicalPresenceLib|SecurityPkg/Library/DxeTrEEPhysicalPresenceLib/DxeTrEEPhysicalPresenceLib.inf ] TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf ] TrEEPpVendorLib|SecurityPkg/Library/TrEEPpVendorLibNull/TrEEPpVendorLibNull.inf ]+ RandLib|SecurityPkg/Library/RandLib/RandLib.inf ] ] [LibraryClasses.common.PEIM] ] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf ]-- ]2.4.3 ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
