parent
c410dcdbba
commit
198e572715
@ -0,0 +1,56 @@
|
||||
From 045496325e278716e724ffdf9685667a8766d4f3 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:34:52 -0400
|
||||
Subject: [PATCH 28/31] CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [28/31] 5ff484fbc68d094fbcdda2772c2869818c67de8d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 94961b8817eec6f8d0434555ac50a7aa51c22201
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri Jun 14 11:45:49 2024 +0200
|
||||
|
||||
CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||
|
||||
Needed to properly initialize BaseRngLib.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
index 88a3f96305..0ba9f35840 100644
|
||||
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
@@ -8,6 +8,11 @@
|
||||
**/
|
||||
#include "TestBaseCryptLib.h"
|
||||
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+ProcessLibraryConstructorList (
|
||||
+ VOID
|
||||
+ );
|
||||
|
||||
/**
|
||||
Initialize the unit test framework, suite, and unit tests for the
|
||||
@@ -77,5 +82,6 @@ main (
|
||||
char *argv[]
|
||||
)
|
||||
{
|
||||
+ ProcessLibraryConstructorList ();
|
||||
return UefiTestMain ();
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,66 @@
|
||||
From 2e4b2b8fce40cf93f35e052102f37fee07b2e64a Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 10 Jun 2024 18:13:29 -0400
|
||||
Subject: [PATCH 02/31] MdeModulePkg: Potential UINT32 overflow in S3
|
||||
ResumeCount
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [2/31] a3592c3437041cbd33a6c11feb3d0999e122c8c0
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-40099
|
||||
CVE: CVE-2024-1298
|
||||
Upstream: Merged
|
||||
|
||||
commit 284dbac43da752ee34825c8b3f6f9e8281cb5a19
|
||||
Author: Shanmugavel Pakkirisamy <shanmugavelx.pakkirisamy@intel.com>
|
||||
Date: Mon May 6 17:53:09 2024 +0800
|
||||
|
||||
MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
|
||||
|
||||
Attacker able to modify physical memory and ResumeCount.
|
||||
System will crash/DoS when ResumeCount reaches its MAX_UINT32.
|
||||
|
||||
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||
Cc: Dandan Bi <dandan.bi@intel.com>
|
||||
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../FirmwarePerformancePei.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
index 6881466201..54b3bc3c54 100644
|
||||
--- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
@@ -110,11 +110,15 @@ FpdtStatusCodeListenerPei (
|
||||
//
|
||||
S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
AcpiS3ResumeRecord->ResumeCount++;
|
||||
- AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
+ if (AcpiS3ResumeRecord->ResumeCount > 0) {
|
||||
+ AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
+ DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
|
||||
+ } else {
|
||||
+ DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
|
||||
+ }
|
||||
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = %d\n", AcpiS3ResumeRecord->ResumeCount));
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = %ld\n", AcpiS3ResumeRecord->FullResume));
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
|
||||
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
|
||||
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = 0x%x\n", AcpiS3ResumeRecord->FullResume));
|
||||
|
||||
//
|
||||
// Update S3 Suspend Performance Record.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,90 @@
|
||||
From 5ba444af245d59e3208260478aa710d4f143f259 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:06:25 -0400
|
||||
Subject: [PATCH 20/31] MdeModulePkg/Rng: Add GUID to describe unsafe Rng
|
||||
algorithms
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [20/31] d0e553560d60122f2fe5f33923b5b943c138a18d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 414c0f20896f3dec412135fa4260f8aad8bef246
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:07 2023 +0200
|
||||
|
||||
MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||
|
||||
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
a GetRngGuid() function is added in a following patch.
|
||||
|
||||
Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
|
||||
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 +++
|
||||
2 files changed, 26 insertions(+)
|
||||
create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
|
||||
diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
new file mode 100644
|
||||
index 0000000000..e2ac2ba3e5
|
||||
--- /dev/null
|
||||
+++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
@@ -0,0 +1,23 @@
|
||||
+/** @file
|
||||
+ Rng Algorithm
|
||||
+
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#ifndef RNG_ALGORITHM_GUID_H_
|
||||
+#define RNG_ALGORITHM_GUID_H_
|
||||
+
|
||||
+///
|
||||
+/// The implementation of a Random Number Generator might be unsafe, when using
|
||||
+/// a dummy implementation for instance. Allow identifying such implementation
|
||||
+/// with this GUID.
|
||||
+///
|
||||
+#define EDKII_RNG_ALGORITHM_UNSAFE \
|
||||
+ { \
|
||||
+ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
|
||||
+ }
|
||||
+
|
||||
+extern EFI_GUID gEdkiiRngAlgorithmUnSafe;
|
||||
+
|
||||
+#endif // #ifndef RNG_ALGORITHM_GUID_H_
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 08d59dfb3e..3513a9678a 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -401,6 +401,9 @@
|
||||
## Include/Guid/MigratedFvInfo.h
|
||||
gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }
|
||||
|
||||
+ ## Include/Guid/RngAlgorithm.h
|
||||
+ gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
|
||||
+
|
||||
#
|
||||
# GUID defined in UniversalPayload
|
||||
#
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,89 @@
|
||||
From 3800b9ee5d6d4c05c7e27f949c3b32c422c78f2d Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:02:31 -0400
|
||||
Subject: [PATCH 16/31] MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [16/31] 6e199344d083e90f60cbe01dfb3c2a3719e3177d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit e93468442b7da7bc80e00014e854c0c8a0a7184b
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:03 2023 +0200
|
||||
|
||||
MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
|
||||
|
||||
To keep the MdePkg self-contained and avoid dependencies on GUIDs
|
||||
defined in other packages, the BaseRngLibTimer was moved to the
|
||||
MdePkg.
|
||||
Add a constructor to warn and request to use the MdeModulePkg
|
||||
implementation.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 +
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 22 +++++++++++++++++++
|
||||
2 files changed, 23 insertions(+)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
index f857290e82..96c90db63f 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
@@ -23,6 +23,7 @@
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = RngLib
|
||||
+ CONSTRUCTOR = BaseRngLibTimerConstructor
|
||||
|
||||
[Sources]
|
||||
RngLibTimer.c
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 54d29d96f3..6b8392162b 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -13,6 +13,28 @@
|
||||
|
||||
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||
|
||||
+/**
|
||||
+ This implementation is to be replaced by its MdeModulePkg copy.
|
||||
+ The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||
+ be defined in the MdePkg.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
|
||||
+**/
|
||||
+RETURN_STATUS
|
||||
+EFIAPI
|
||||
+BaseRngLibTimerConstructor (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ DEBUG ((
|
||||
+ DEBUG_WARN,
|
||||
+ "Warning: This BaseRngTimerLib implementation will be deprecated. "
|
||||
+ "Please use the MdeModulePkg implementation equivalent.\n"
|
||||
+ ));
|
||||
+
|
||||
+ return RETURN_SUCCESS;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
Using the TimerLib GetPerformanceCounterProperties() we delay
|
||||
for enough time for the PerformanceCounter to increment.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,94 @@
|
||||
From 1198bceefa4834c09e1edc1c558aeffe4930d1f5 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 11 Jun 2024 21:32:26 -0400
|
||||
Subject: [PATCH 03/31] MdePkg: Apply uncrustify changes
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [3/31] 422d94b837bf0e65164968272a358c2656f59838
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
This is a subset of the whitespace changes in the corresponding upstream
|
||||
commit. It is needed for the next commits in this series to apply with
|
||||
less fewer conflicts.
|
||||
|
||||
commit 2f88bd3a1296c522317f1c21377876de63de5be7
|
||||
Author: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||
Date: Sun Dec 5 14:54:05 2021 -0800
|
||||
|
||||
MdePkg: Apply uncrustify changes
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
|
||||
|
||||
Apply uncrustify changes to .c/.h files in the MdePkg package
|
||||
|
||||
Cc: Andrew Fish <afish@apple.com>
|
||||
Cc: Leif Lindholm <leif@nuviainc.com>
|
||||
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Protocol/Rng.h | 24 ++++++++++++------------
|
||||
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||
index a0a05d1661..baf425587b 100644
|
||||
--- a/MdePkg/Include/Protocol/Rng.h
|
||||
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||
@@ -93,7 +93,7 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
-(EFIAPI *EFI_RNG_GET_INFO) (
|
||||
+(EFIAPI *EFI_RNG_GET_INFO)(
|
||||
IN EFI_RNG_PROTOCOL *This,
|
||||
IN OUT UINTN *RNGAlgorithmListSize,
|
||||
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
@@ -123,9 +123,9 @@ EFI_STATUS
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
-(EFIAPI *EFI_RNG_GET_RNG) (
|
||||
+(EFIAPI *EFI_RNG_GET_RNG)(
|
||||
IN EFI_RNG_PROTOCOL *This,
|
||||
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
|
||||
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
|
||||
IN UINTN RNGValueLength,
|
||||
OUT UINT8 *RNGValue
|
||||
);
|
||||
@@ -135,16 +135,16 @@ EFI_STATUS
|
||||
/// applications, or entropy for seeding other random number generators.
|
||||
///
|
||||
struct _EFI_RNG_PROTOCOL {
|
||||
- EFI_RNG_GET_INFO GetInfo;
|
||||
- EFI_RNG_GET_RNG GetRNG;
|
||||
+ EFI_RNG_GET_INFO GetInfo;
|
||||
+ EFI_RNG_GET_RNG GetRNG;
|
||||
};
|
||||
|
||||
-extern EFI_GUID gEfiRngProtocolGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
+extern EFI_GUID gEfiRngProtocolGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
|
||||
#endif
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,213 @@
|
||||
From 1d4b6d489cb919faa3ad67a3ae53fe26c4cd0a75 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:32:29 -0400
|
||||
Subject: [PATCH 25/31] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
|
||||
CPUID
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [25/31] 11804d6f86a644ae2c3dcad89c633ad63b794d3f
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
|
||||
Author: Pedro Falcato <pedro.falcato@gmail.com>
|
||||
Date: Tue Nov 22 22:31:03 2022 +0000
|
||||
|
||||
MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
|
||||
|
||||
RDRAND has notoriously been broken many times over its lifespan.
|
||||
Add a smoketest to RDRAND, in order to better sniff out potential
|
||||
security concerns.
|
||||
|
||||
Also add a proper CPUID test in order to support older CPUs which may
|
||||
not have it; it was previously being tested but then promptly ignored.
|
||||
|
||||
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
|
||||
:x86_init_rdrand() per commit 049f9ae9..
|
||||
|
||||
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
|
||||
code to MIT and the public domain.
|
||||
|
||||
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
|
||||
<..>
|
||||
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
|
||||
> also place it into public domain. Do with it what you will now.
|
||||
>
|
||||
> Jason
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
|
||||
|
||||
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
|
||||
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@gmail.com>
|
||||
---
|
||||
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
|
||||
1 file changed, 91 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
index aee8ea04e8..7132ab0efd 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
@@ -3,6 +3,7 @@
|
||||
to provide high-quality random numbers.
|
||||
|
||||
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -25,6 +26,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
STATIC BOOLEAN mRdRandSupported;
|
||||
|
||||
+//
|
||||
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
|
||||
+//
|
||||
+#define RDRAND_RETRIES 10
|
||||
+
|
||||
+#define RDRAND_TEST_SAMPLES 8
|
||||
+
|
||||
+#define RDRAND_MIN_CHANGE 5
|
||||
+
|
||||
+//
|
||||
+// Add a define for native-word RDRAND, just for the test.
|
||||
+//
|
||||
+#ifdef MDE_CPU_X64
|
||||
+#define ASM_RDRAND AsmRdRand64
|
||||
+#else
|
||||
+#define ASM_RDRAND AsmRdRand32
|
||||
+#endif
|
||||
+
|
||||
+/**
|
||||
+ Tests RDRAND for broken implementations.
|
||||
+
|
||||
+ @retval TRUE RDRAND is reliable (and hopefully safe).
|
||||
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
|
||||
+
|
||||
+**/
|
||||
+STATIC
|
||||
+BOOLEAN
|
||||
+TestRdRand (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ //
|
||||
+ // Test for notoriously broken rdrand implementations that always return the same
|
||||
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
|
||||
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
|
||||
+ //
|
||||
+
|
||||
+ //
|
||||
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
|
||||
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
|
||||
+ //
|
||||
+ UINTN Prev;
|
||||
+ UINT8 Idx;
|
||||
+ UINT8 TestIteration;
|
||||
+ UINT32 Changed;
|
||||
+
|
||||
+ Changed = 0;
|
||||
+
|
||||
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
|
||||
+ UINTN Sample;
|
||||
+ //
|
||||
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
|
||||
+ // Any failure to get a random number will assume RDRAND does not work.
|
||||
+ //
|
||||
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
|
||||
+ if (ASM_RDRAND (&Sample)) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (Idx == RDRAND_RETRIES) {
|
||||
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ if (TestIteration != 0) {
|
||||
+ Changed += Sample != Prev;
|
||||
+ }
|
||||
+
|
||||
+ Prev = Sample;
|
||||
+ }
|
||||
+
|
||||
+ if (Changed < RDRAND_MIN_CHANGE) {
|
||||
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
+#undef ASM_RDRAND
|
||||
+
|
||||
/**
|
||||
The constructor function checks whether or not RDRAND instruction is supported
|
||||
by the host hardware.
|
||||
@@ -49,10 +132,13 @@ BaseRngLibConstructor (
|
||||
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
|
||||
//
|
||||
AsmCpuid (1, 0, 0, &RegEcx, 0);
|
||||
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||
|
||||
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||
|
||||
+ if (mRdRandSupported) {
|
||||
+ mRdRandSupported = TestRdRand ();
|
||||
+ }
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -71,6 +157,7 @@ ArchGetRandomNumber16 (
|
||||
OUT UINT16 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand16 (Rand);
|
||||
}
|
||||
|
||||
@@ -89,6 +176,7 @@ ArchGetRandomNumber32 (
|
||||
OUT UINT32 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand32 (Rand);
|
||||
}
|
||||
|
||||
@@ -107,6 +195,7 @@ ArchGetRandomNumber64 (
|
||||
OUT UINT64 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand64 (Rand);
|
||||
}
|
||||
|
||||
@@ -123,13 +212,7 @@ ArchIsRngSupported (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
- /*
|
||||
- Existing software depends on this always returning TRUE, so for
|
||||
- now hard-code it.
|
||||
-
|
||||
- return mRdRandSupported;
|
||||
- */
|
||||
- return TRUE;
|
||||
+ return mRdRandSupported;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,66 @@
|
||||
From 3351bd0ba07cc490c344d2dc54b86833993ca5a2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 15:58:58 -0400
|
||||
Subject: [PATCH 18/31] MdePkg/DxeRngLib: Request raw algorithm instead of
|
||||
default
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [18/31] fa2da700127ae713aa578638c2390673fc49522d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit bd1f0eecc1dfe51ba20161bef8860d12392006bd
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:05 2023 +0200
|
||||
|
||||
MdePkg/DxeRngLib: Request raw algorithm instead of default
|
||||
|
||||
The DxeRngLib tries to generate a random number using the 3 NIST
|
||||
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
|
||||
If none of the call is successful, the fallback option is the default
|
||||
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
|
||||
be an unsafe implementation.
|
||||
|
||||
Try requesting the Raw algorithm before requesting the default one.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Library/DxeRngLib/DxeRngLib.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
index 9c3d67b5a6..4b2fc1cde5 100644
|
||||
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
@@ -64,9 +64,16 @@ GenerateRandomNumberViaNist800Algorithm (
|
||||
if (!EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
+
|
||||
+ Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
|
||||
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
|
||||
+ if (!EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
// If all the other methods have failed, use the default method from the RngProtocol
|
||||
Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
|
||||
- DEBUG((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __FUNCTION__, Status));
|
||||
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
|
||||
if (!EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,91 @@
|
||||
From 2a01056c29542a10941cb32929032b80df091a17 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:04:48 -0400
|
||||
Subject: [PATCH 19/31] MdePkg/Rng: Add GUID to describe Arm Rndr Rng
|
||||
algorithms
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [19/31] 58b0f069c74b00eb6476427dd84a50a86aceb598
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:06 2023 +0200
|
||||
|
||||
MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||
|
||||
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
a GetRngGuid() function is added in a following patch.
|
||||
|
||||
Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
|
||||
to describe a Rng algorithm accessed through Arm's RNDR instruction.
|
||||
[1] states that the implementation of this algorithm should be
|
||||
compliant to NIST SP900-80. The compliance is not guaranteed.
|
||||
|
||||
[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
|
||||
sK12.1 'Properties of the generated random number'
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Protocol/Rng.h | 10 ++++++++++
|
||||
MdePkg/MdePkg.dec | 1 +
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||
index baf425587b..38bde53240 100644
|
||||
--- a/MdePkg/Include/Protocol/Rng.h
|
||||
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||
@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||
{ \
|
||||
0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
|
||||
}
|
||||
+///
|
||||
+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
|
||||
+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
|
||||
+/// inclusive of different geographies.
|
||||
+///
|
||||
+#define EFI_RNG_ALGORITHM_ARM_RNDR \
|
||||
+ { \
|
||||
+ 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
|
||||
+ }
|
||||
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
@@ -146,5 +155,6 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
+extern EFI_GUID gEfiRngAlgorithmArmRndr;
|
||||
|
||||
#endif
|
||||
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||
index 8f05e822ac..36501e8bb9 100644
|
||||
--- a/MdePkg/MdePkg.dec
|
||||
+++ b/MdePkg/MdePkg.dec
|
||||
@@ -594,6 +594,7 @@
|
||||
gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
|
||||
gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
|
||||
gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
|
||||
+ gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
|
||||
|
||||
## Include/Protocol/AdapterInformation.h
|
||||
gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,409 @@
|
||||
From b466e2545e25ebb2004ae9b9f95c6c2f60d1f168 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:08:28 -0400
|
||||
Subject: [PATCH 21/31] MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [21/31] 54783ad88ba101c620240aa463c5d758fa416c31
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:08 2023 +0200
|
||||
|
||||
MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||
|
||||
The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
add a GetRngGuid() function to the RngLib.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++
|
||||
MdePkg/Include/Library/RngLib.h | 19 ++++++++-
|
||||
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++
|
||||
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 +++++
|
||||
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++
|
||||
.../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 23 ++++++++++
|
||||
MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++
|
||||
9 files changed, 201 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
index f729001060..8461260cc8 100644
|
||||
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
@@ -29,6 +29,10 @@
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
+ MdeModulePkg/MdeModulePkg.dec
|
||||
+
|
||||
+[Guids]
|
||||
+ gEdkiiRngAlgorithmUnSafe
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 980854d67b..28ff46c71f 100644
|
||||
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -2,14 +2,18 @@
|
||||
BaseRng Library that uses the TimerLib to provide reasonably random numbers.
|
||||
Do not use this on a production system.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||
Copyright (c) Microsoft Corporation.
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
|
||||
#include <Base.h>
|
||||
+#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/TimerLib.h>
|
||||
+#include <Guid/RngAlgorithm.h>
|
||||
|
||||
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||
|
||||
@@ -190,3 +194,27 @@ GetRandomNumber128 (
|
||||
// Read second 64 bits
|
||||
return GetRandomNumber64 (++Rand);
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid));
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLib.h
|
||||
index 05e513022e..801aa6d5bd 100644
|
||||
--- a/MdePkg/Include/Library/RngLib.h
|
||||
+++ b/MdePkg/Include/Library/RngLib.h
|
||||
@@ -1,6 +1,7 @@
|
||||
/** @file
|
||||
Provides random number generator services.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -77,4 +78,20 @@ GetRandomNumber128 (
|
||||
OUT UINT64 *Rand
|
||||
);
|
||||
|
||||
-#endif // __RNG_LIB_H__
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ );
|
||||
+
|
||||
+#endif // __RNG_LIB_H__
|
||||
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
index c9f8c813ed..7641314a54 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
@@ -2,6 +2,7 @@
|
||||
Random number generator service that uses the RNDR instruction
|
||||
to provide pseudorandom numbers.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -11,6 +12,7 @@
|
||||
|
||||
#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
|
||||
@@ -137,3 +139,43 @@ ArchIsRngSupported (
|
||||
{
|
||||
return mRndrSupported;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ GUID *RngLibGuid;
|
||||
+
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ if (!mRndrSupported) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // If the platform advertises the algorithm behind RNDR instruction,
|
||||
+ // use it. Otherwise use gEfiRngAlgorithmArmRndr.
|
||||
+ //
|
||||
+ RngLibGuid = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||
+ if (!IsZeroGuid (RngLibGuid)) {
|
||||
+ CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid));
|
||||
+ } else {
|
||||
+ CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid));
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
index 1fcceb9414..49503b139b 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
@@ -4,6 +4,7 @@
|
||||
# BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
|
||||
# provide random numbers.
|
||||
#
|
||||
+# Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
#
|
||||
@@ -43,9 +44,18 @@
|
||||
AArch64/ArmReadIdIsar0.asm | MSFT
|
||||
AArch64/ArmRng.asm | MSFT
|
||||
|
||||
+[Guids.AARCH64]
|
||||
+ gEfiRngAlgorithmArmRndr
|
||||
+
|
||||
+[Guids.Ia32, Guids.X64]
|
||||
+ gEfiRngAlgorithmSp80090Ctr256Guid
|
||||
+
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
|
||||
+[Pcd.AARCH64]
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
|
||||
+
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
DebugLib
|
||||
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
index 09fb875ac3..aee8ea04e8 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
@@ -2,6 +2,7 @@
|
||||
Random number generator services that uses RdRand instruction access
|
||||
to provide high-quality random numbers.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
#include "BaseRngLibInternals.h"
|
||||
@@ -129,3 +131,27 @@ ArchIsRngSupported (
|
||||
*/
|
||||
return TRUE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid));
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
index cad30599ea..34a18e6a4d 100644
|
||||
--- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
+++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
@@ -1,13 +1,16 @@
|
||||
/** @file
|
||||
Null version of Random number generator services.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
+#include <Uefi.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
+#include <Protocol/Rng.h>
|
||||
|
||||
/**
|
||||
Generates a 16-bit random number.
|
||||
@@ -92,3 +95,22 @@ GetRandomNumber128 (
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 6b8392162b..7337500fec 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -209,3 +209,26 @@ GetRandomNumber128 (
|
||||
// Read second 64 bits
|
||||
return GetRandomNumber64 (++Rand);
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+RETURN_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ /* This implementation is to be replaced by its MdeModulePkg copy.
|
||||
+ * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||
+ * be defined in the MdePkg.
|
||||
+ */
|
||||
+ return RETURN_UNSUPPORTED;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
index 4b2fc1cde5..20248b4107 100644
|
||||
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
@@ -1,6 +1,7 @@
|
||||
/** @file
|
||||
Provides an implementation of the library class RngLib that uses the Rng protocol.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||
Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -204,3 +205,30 @@ GetRandomNumber128 (
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ /* It is not possible to know beforehand which Rng algorithm will
|
||||
+ * be used by this library.
|
||||
+ * This API is mainly used by RngDxe. RngDxe relies on the RngLib.
|
||||
+ * The RngLib|DxeRngLib.inf implementation locates and uses an installed
|
||||
+ * EFI_RNG_PROTOCOL.
|
||||
+ * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf.
|
||||
+ * and it is ok not to support this API.
|
||||
+ */
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,63 @@
|
||||
From 634ee7a8cef2eac9f41cff4b42859d9d54b204bf Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:35:27 -0400
|
||||
Subject: [PATCH 29/31] MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [29/31] 60851c6253df6f0114dc2c5598e0dde139d56c4c
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 5e776299a2604b336a947e68593012ab2cc16eb4
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri Jun 14 11:45:53 2024 +0200
|
||||
|
||||
MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||
|
||||
Set the rdrand feature bit when faking cpuid for host test cases.
|
||||
Needed to make the CryptoPkg test cases work.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
index d0e428457e..abc092a990 100644
|
||||
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
|
||||
OUT UINT32 *Edx OPTIONAL
|
||||
)
|
||||
{
|
||||
+ UINT32 RetEcx;
|
||||
+
|
||||
+ RetEcx = 0;
|
||||
+ switch (Index) {
|
||||
+ case 1:
|
||||
+ RetEcx |= BIT30; /* RdRand */
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
if (Eax != NULL) {
|
||||
*Eax = 0;
|
||||
}
|
||||
@@ -73,7 +82,7 @@ UnitTestHostBaseLibAsmCpuid (
|
||||
*Ebx = 0;
|
||||
}
|
||||
if (Ecx != NULL) {
|
||||
- *Ecx = 0;
|
||||
+ *Ecx = RetEcx;
|
||||
}
|
||||
if (Edx != NULL) {
|
||||
*Edx = 0;
|
||||
--
|
||||
2.39.3
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,808 @@
|
||||
From 1e7f4034ddc0896e16c981d4220a1178813b4e86 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 11 Jun 2024 15:20:29 -0400
|
||||
Subject: [PATCH 30/31] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [30/31] 9ae15a2abf1d9bd0a0df1ff73a88446b9eb33602
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21854
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45236
|
||||
Conflicts: Didn't add new file NetworkPkg/SecurityFixes.yaml
|
||||
|
||||
commit 1904a64bcc18199738e5be183d28887ac5d837d7
|
||||
Author: Doug Flick <dougflick@microsoft.com>
|
||||
Date: Wed May 8 22:56:29 2024 -0700
|
||||
|
||||
NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
|
||||
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
|
||||
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
|
||||
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
|
||||
|
||||
Bug Overview:
|
||||
PixieFail Bug #8
|
||||
CVE-2023-45236
|
||||
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
|
||||
|
||||
Updates TCP ISN generation to use a cryptographic hash of the
|
||||
connection's identifying parameters and a secret key.
|
||||
This prevents an attacker from guessing the ISN used for some other
|
||||
connection.
|
||||
|
||||
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
|
||||
|
||||
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
|
||||
|
||||
A TCP implementation MUST use the above type of "clock" for clock-
|
||||
driven selection of initial sequence numbers (MUST-8), and SHOULD
|
||||
generate its initial sequence numbers with the expression:
|
||||
|
||||
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
|
||||
where M is the 4 microsecond timer, and F() is a pseudorandom
|
||||
function (PRF) of the connection's identifying parameters ("localip,
|
||||
localport, remoteip, remoteport") and a secret key ("secretkey")
|
||||
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
|
||||
an attacker could still guess at sequence numbers from the ISN used
|
||||
for some other connection. The PRF could be implemented as a
|
||||
cryptographic hash of the concatenation of the TCP connection
|
||||
parameters and some secret data. For discussion of the selection of
|
||||
a specific hash algorithm and management of the secret key data,
|
||||
please see Section 3 of [42].
|
||||
|
||||
For each connection there is a send sequence number and a receive
|
||||
sequence number. The initial send sequence number (ISS) is chosen by
|
||||
the data sending TCP peer, and the initial receive sequence number
|
||||
(IRS) is learned during the connection-establishing procedure.
|
||||
|
||||
For a connection to be established or initialized, the two TCP peers
|
||||
must synchronize on each other's initial sequence numbers. This is
|
||||
done in an exchange of connection-establishing segments carrying a
|
||||
control bit called "SYN" (for synchronize) and the initial sequence
|
||||
numbers. As a shorthand, segments carrying the SYN bit are also
|
||||
called "SYNs". Hence, the solution requires a suitable mechanism for
|
||||
picking an initial sequence number and a slightly involved handshake
|
||||
to exchange the ISNs.
|
||||
|
||||
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
|
||||
|
||||
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++-
|
||||
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
|
||||
NetworkPkg/TcpDxe/TcpFunc.h | 23 ++--
|
||||
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
|
||||
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++--
|
||||
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++--
|
||||
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
|
||||
7 files changed, 394 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
index 430911c2f4..34ae838ae0 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
|
||||
TcpServiceBindingDestroyChild
|
||||
};
|
||||
|
||||
+//
|
||||
+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
|
||||
+// if the platform does not provide one.
|
||||
+//
|
||||
+EFI_HANDLE mHash2ServiceHandle = NULL;
|
||||
+
|
||||
/**
|
||||
Create and start the heartbeat timer for the TCP driver.
|
||||
|
||||
@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
|
||||
EFI_STATUS Status;
|
||||
UINT32 Random;
|
||||
|
||||
+ //
|
||||
+ // Initialize the Secret used for hashing TCP sequence numbers
|
||||
+ //
|
||||
+ // Normally this should be regenerated periodically, but since
|
||||
+ // this is only used for UEFI networking and not a general purpose
|
||||
+ // operating system, it is not necessary to regenerate it.
|
||||
+ //
|
||||
+ Status = PseudoRandomU32 (&mTcpGlobalSecret);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Get a random number used to generate a random port number
|
||||
+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
|
||||
+ //
|
||||
Status = PseudoRandomU32 (&Random);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
|
||||
@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
|
||||
}
|
||||
|
||||
//
|
||||
- // Initialize ISS and random port.
|
||||
+ // Initialize the random port.
|
||||
//
|
||||
- mTcpGlobalIss = Random % mTcpGlobalIss;
|
||||
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
|
||||
mTcp6RandomPort = mTcp4RandomPort;
|
||||
|
||||
@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
|
||||
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
|
||||
|
||||
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
|
||||
+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.
|
||||
+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.
|
||||
@retval EFI_SUCCESS A new IP6 service binding private was created.
|
||||
|
||||
**/
|
||||
@@ -234,11 +258,13 @@ TcpCreateService (
|
||||
IN UINT8 IpVersion
|
||||
)
|
||||
{
|
||||
- EFI_STATUS Status;
|
||||
- EFI_GUID *IpServiceBindingGuid;
|
||||
- EFI_GUID *TcpServiceBindingGuid;
|
||||
- TCP_SERVICE_DATA *TcpServiceData;
|
||||
- IP_IO_OPEN_DATA OpenData;
|
||||
+ EFI_STATUS Status;
|
||||
+ EFI_GUID *IpServiceBindingGuid;
|
||||
+ EFI_GUID *TcpServiceBindingGuid;
|
||||
+ TCP_SERVICE_DATA *TcpServiceData;
|
||||
+ IP_IO_OPEN_DATA OpenData;
|
||||
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||
|
||||
if (IpVersion == IP_VERSION_4) {
|
||||
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
|
||||
@@ -272,6 +298,33 @@ TcpCreateService (
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
|
||||
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ //
|
||||
+ // If we can't find the Hashing protocol, then we need to create one.
|
||||
+ //
|
||||
+
|
||||
+ //
|
||||
+ // Platform is expected to publish the hash service binding protocol to support TCP.
|
||||
+ //
|
||||
+ Status = gBS->LocateProtocol (
|
||||
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||
+ NULL,
|
||||
+ (VOID **)&Hash2ServiceBinding
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Create an instance of the hash protocol for this controller.
|
||||
+ //
|
||||
+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Create the TCP service data.
|
||||
//
|
||||
@@ -423,6 +476,7 @@ TcpDestroyService (
|
||||
EFI_STATUS Status;
|
||||
LIST_ENTRY *List;
|
||||
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
|
||||
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||
|
||||
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
|
||||
|
||||
@@ -439,6 +493,30 @@ TcpDestroyService (
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
+ //
|
||||
+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
|
||||
+ //
|
||||
+ if (mHash2ServiceHandle != NULL) {
|
||||
+ Status = gBS->LocateProtocol (
|
||||
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||
+ NULL,
|
||||
+ (VOID **)&Hash2ServiceBinding
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Destroy the instance of the hashing protocol for this controller.
|
||||
+ //
|
||||
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ mHash2ServiceHandle = NULL;
|
||||
+ }
|
||||
+
|
||||
Status = gBS->OpenProtocol (
|
||||
NicHandle,
|
||||
ServiceBindingGuid,
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
index cf5423f4c5..76de4cf9ec 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
@@ -6,6 +6,7 @@
|
||||
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
|
||||
#
|
||||
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
+# Copyright (c) Microsoft Corporation
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
@@ -68,7 +69,6 @@
|
||||
NetLib
|
||||
IpIoLib
|
||||
|
||||
-
|
||||
[Protocols]
|
||||
## SOMETIMES_CONSUMES
|
||||
## SOMETIMES_PRODUCES
|
||||
@@ -81,6 +81,12 @@
|
||||
gEfiIp6ServiceBindingProtocolGuid ## TO_START
|
||||
gEfiTcp6ProtocolGuid ## BY_START
|
||||
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
||||
+ gEfiHash2ProtocolGuid ## BY_START
|
||||
+ gEfiHash2ServiceBindingProtocolGuid ## BY_START
|
||||
+
|
||||
+[Guids]
|
||||
+ gEfiHashAlgorithmMD5Guid ## CONSUMES
|
||||
+ gEfiHashAlgorithmSha256Guid ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
gEfiHash2ServiceBindingProtocolGuid
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
index 05cd3c75dc..e578b8bb29 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
@@ -2,7 +2,7 @@
|
||||
Declaration of external functions shared in TCP driver.
|
||||
|
||||
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
-
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -36,8 +36,11 @@ VOID
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpInitTcbLocal (
|
||||
IN OUT TCP_CB *Tcb
|
||||
);
|
||||
@@ -128,17 +131,6 @@ TcpCloneTcb (
|
||||
IN TCP_CB *Tcb
|
||||
);
|
||||
|
||||
-/**
|
||||
- Compute an ISS to be used by a new connection.
|
||||
-
|
||||
- @return The result ISS.
|
||||
-
|
||||
-**/
|
||||
-TCP_SEQNO
|
||||
-TcpGetIss (
|
||||
- VOID
|
||||
- );
|
||||
-
|
||||
/**
|
||||
Get the local mss.
|
||||
|
||||
@@ -202,8 +194,11 @@ TcpFormatNetbuf (
|
||||
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||
connection.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpOnAppConnect (
|
||||
IN OUT TCP_CB *Tcb
|
||||
);
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
|
||||
index 5e6c8c54ca..c0656ccd7d 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpInput.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpInput.c
|
||||
@@ -759,6 +759,7 @@ TcpInput (
|
||||
TCP_SEQNO Urg;
|
||||
UINT16 Checksum;
|
||||
INT32 Usable;
|
||||
+ EFI_STATUS Status;
|
||||
|
||||
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
|
||||
|
||||
@@ -908,7 +909,17 @@ TcpInput (
|
||||
Tcb->LocalEnd.Port = Head->DstPort;
|
||||
Tcb->RemoteEnd.Port = Head->SrcPort;
|
||||
|
||||
- TcpInitTcbLocal (Tcb);
|
||||
+ Status = TcpInitTcbLocal (Tcb);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG (
|
||||
+ (DEBUG_ERROR,
|
||||
+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",
|
||||
+ Tcb)
|
||||
+ );
|
||||
+
|
||||
+ goto DISCARD;
|
||||
+ }
|
||||
+
|
||||
TcpInitTcbPeer (Tcb, Seg, &Option);
|
||||
|
||||
TcpSetState (Tcb, TCP_SYN_RCVD);
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
|
||||
index 0709298bbf..3fa572d3d4 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpMain.h
|
||||
+++ b/NetworkPkg/TcpDxe/TcpMain.h
|
||||
@@ -3,6 +3,7 @@
|
||||
It is the common head file for all Tcp*.c in TCP driver.
|
||||
|
||||
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -12,6 +13,7 @@
|
||||
|
||||
#include <Protocol/ServiceBinding.h>
|
||||
#include <Protocol/DriverBinding.h>
|
||||
+#include <Protocol/Hash2.h>
|
||||
#include <Library/IpIoLib.h>
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/PrintLib.h>
|
||||
@@ -30,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
|
||||
|
||||
extern LIST_ENTRY mTcpRunQue;
|
||||
extern LIST_ENTRY mTcpListenQue;
|
||||
-extern TCP_SEQNO mTcpGlobalIss;
|
||||
+extern TCP_SEQNO mTcpGlobalSecret;
|
||||
extern UINT32 mTcpTick;
|
||||
|
||||
///
|
||||
@@ -44,15 +46,6 @@ extern UINT32 mTcpTick;
|
||||
|
||||
#define TCP_EXPIRE_TIME 65535
|
||||
|
||||
-///
|
||||
-/// The implementation selects the initial send sequence number and the unit to
|
||||
-/// be added when it is increased.
|
||||
-///
|
||||
-#define TCP_BASE_ISS 0x4d7e980b
|
||||
-#define TCP_ISS_INCREMENT_1 2048
|
||||
-#define TCP_ISS_INCREMENT_2 100
|
||||
-
|
||||
-
|
||||
typedef union {
|
||||
EFI_TCP4_CONFIG_DATA Tcp4CfgData;
|
||||
EFI_TCP6_CONFIG_DATA Tcp6CfgData;
|
||||
@@ -774,4 +767,50 @@ Tcp6Poll (
|
||||
IN EFI_TCP6_PROTOCOL *This
|
||||
);
|
||||
|
||||
+/**
|
||||
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||
+ and remote IP addresses and ports.
|
||||
+
|
||||
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||
+ Where the ISN is computed as follows:
|
||||
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||
+
|
||||
+ Otherwise:
|
||||
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
+
|
||||
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||
+ ISN used for some other connection. The PRF could be implemented as a
|
||||
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||
+ management of the secret key data."
|
||||
+
|
||||
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||
+ Sequence Number (ISN).
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||
+ retrieved.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+TcpGetIsn (
|
||||
+ IN UINT8 *LocalIp,
|
||||
+ IN UINTN LocalIpSize,
|
||||
+ IN UINT16 LocalPort,
|
||||
+ IN UINT8 *RemoteIp,
|
||||
+ IN UINTN RemoteIpSize,
|
||||
+ IN UINT16 RemotePort,
|
||||
+ OUT TCP_SEQNO *Isn
|
||||
+ );
|
||||
+
|
||||
#endif
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
index 3fa9d90d9f..42dc9fa941 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
|
||||
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -19,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
|
||||
&mTcpListenQue
|
||||
};
|
||||
|
||||
-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;
|
||||
+//
|
||||
+// The Session secret
|
||||
+// This must be initialized to a random value at boot time
|
||||
+//
|
||||
+TCP_SEQNO mTcpGlobalSecret;
|
||||
+
|
||||
+//
|
||||
+// Union to hold either an IPv4 or IPv6 address
|
||||
+// This is used to simplify the ISN hash computation
|
||||
+//
|
||||
+typedef union {
|
||||
+ UINT8 IPv4[4];
|
||||
+ UINT8 IPv6[16];
|
||||
+} NETWORK_ADDRESS;
|
||||
+
|
||||
+//
|
||||
+// The ISN is computed by hashing this structure
|
||||
+// It is initialized with the local and remote IP addresses and ports
|
||||
+// and the secret
|
||||
+//
|
||||
+//
|
||||
+typedef struct {
|
||||
+ UINT16 LocalPort;
|
||||
+ UINT16 RemotePort;
|
||||
+ NETWORK_ADDRESS LocalAddress;
|
||||
+ NETWORK_ADDRESS RemoteAddress;
|
||||
+ TCP_SEQNO Secret;
|
||||
+} ISN_HASH_CTX;
|
||||
|
||||
CHAR16 *mTcpStateName[] = {
|
||||
L"TCP_CLOSED",
|
||||
@@ -40,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpInitTcbLocal (
|
||||
IN OUT TCP_CB *Tcb
|
||||
)
|
||||
{
|
||||
+ TCP_SEQNO Isn;
|
||||
+ EFI_STATUS Status;
|
||||
+
|
||||
//
|
||||
// Compute the checksum of the fixed parts of pseudo header
|
||||
//
|
||||
@@ -56,6 +90,16 @@ TcpInitTcbLocal (
|
||||
0x06,
|
||||
0
|
||||
);
|
||||
+
|
||||
+ Status = TcpGetIsn (
|
||||
+ Tcb->LocalEnd.Ip.v4.Addr,
|
||||
+ sizeof (IPv4_ADDRESS),
|
||||
+ Tcb->LocalEnd.Port,
|
||||
+ Tcb->RemoteEnd.Ip.v4.Addr,
|
||||
+ sizeof (IPv4_ADDRESS),
|
||||
+ Tcb->RemoteEnd.Port,
|
||||
+ &Isn
|
||||
+ );
|
||||
} else {
|
||||
Tcb->HeadSum = NetIp6PseudoHeadChecksum (
|
||||
&Tcb->LocalEnd.Ip.v6,
|
||||
@@ -63,9 +107,25 @@ TcpInitTcbLocal (
|
||||
0x06,
|
||||
0
|
||||
);
|
||||
+
|
||||
+ Status = TcpGetIsn (
|
||||
+ Tcb->LocalEnd.Ip.v6.Addr,
|
||||
+ sizeof (IPv6_ADDRESS),
|
||||
+ Tcb->LocalEnd.Port,
|
||||
+ Tcb->RemoteEnd.Ip.v6.Addr,
|
||||
+ sizeof (IPv6_ADDRESS),
|
||||
+ Tcb->RemoteEnd.Port,
|
||||
+ &Isn
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
|
||||
+ ASSERT (FALSE);
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
- Tcb->Iss = TcpGetIss ();
|
||||
+ Tcb->Iss = Isn;
|
||||
Tcb->SndUna = Tcb->Iss;
|
||||
Tcb->SndNxt = Tcb->Iss;
|
||||
|
||||
@@ -81,6 +141,8 @@ TcpInitTcbLocal (
|
||||
Tcb->RetxmitSeqMax = 0;
|
||||
|
||||
Tcb->ProbeTimerOn = FALSE;
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -505,18 +567,162 @@ TcpCloneTcb (
|
||||
}
|
||||
|
||||
/**
|
||||
- Compute an ISS to be used by a new connection.
|
||||
-
|
||||
- @return The resulting ISS.
|
||||
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||
+ and remote IP addresses and ports.
|
||||
+
|
||||
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||
+ Where the ISN is computed as follows:
|
||||
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||
+
|
||||
+ Otherwise:
|
||||
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
+
|
||||
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||
+ ISN used for some other connection. The PRF could be implemented as a
|
||||
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||
+ management of the secret key data."
|
||||
+
|
||||
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||
+ Sequence Number (ISN).
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||
+ retrieved.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||
|
||||
**/
|
||||
-TCP_SEQNO
|
||||
-TcpGetIss (
|
||||
- VOID
|
||||
+EFI_STATUS
|
||||
+TcpGetIsn (
|
||||
+ IN UINT8 *LocalIp,
|
||||
+ IN UINTN LocalIpSize,
|
||||
+ IN UINT16 LocalPort,
|
||||
+ IN UINT8 *RemoteIp,
|
||||
+ IN UINTN RemoteIpSize,
|
||||
+ IN UINT16 RemotePort,
|
||||
+ OUT TCP_SEQNO *Isn
|
||||
)
|
||||
{
|
||||
- mTcpGlobalIss += TCP_ISS_INCREMENT_1;
|
||||
- return mTcpGlobalIss;
|
||||
+ EFI_STATUS Status;
|
||||
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||
+ EFI_HASH2_OUTPUT HashResult;
|
||||
+ ISN_HASH_CTX IsnHashCtx;
|
||||
+ EFI_TIME TimeStamp;
|
||||
+
|
||||
+ //
|
||||
+ // Check that the ISN pointer is valid
|
||||
+ //
|
||||
+ if (Isn == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // The local ip may be a v4 or v6 address and may not be NULL
|
||||
+ //
|
||||
+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // the local ip may be a v4 or v6 address
|
||||
+ //
|
||||
+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Locate the Hash Protocol
|
||||
+ //
|
||||
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
|
||||
+
|
||||
+ //
|
||||
+ // TcpCreateService(..) is expected to be called prior to this function
|
||||
+ //
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Initialize the hash algorithm
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ IsnHashCtx.LocalPort = LocalPort;
|
||||
+ IsnHashCtx.RemotePort = RemotePort;
|
||||
+ IsnHashCtx.Secret = mTcpGlobalSecret;
|
||||
+
|
||||
+ //
|
||||
+ // Check the IP address family and copy accordingly
|
||||
+ //
|
||||
+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
|
||||
+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
|
||||
+ } else {
|
||||
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Repeat the process for the remote IP address
|
||||
+ //
|
||||
+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
|
||||
+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
|
||||
+ } else {
|
||||
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Compute the hash
|
||||
+ // Update the hash with the data
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Finalize the hash and retrieve the result
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ Status = gRT->GetTime (&TimeStamp, NULL);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // copy the first 4 bytes of the hash result into the ISN
|
||||
+ //
|
||||
+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
|
||||
+
|
||||
+ //
|
||||
+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
|
||||
+ //
|
||||
+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
|
||||
+
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -719,17 +925,29 @@ TcpFormatNetbuf (
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||
connection.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpOnAppConnect (
|
||||
IN OUT TCP_CB *Tcb
|
||||
)
|
||||
{
|
||||
- TcpInitTcbLocal (Tcb);
|
||||
+ EFI_STATUS Status;
|
||||
+
|
||||
+ Status = TcpInitTcbLocal (Tcb);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
TcpSetState (Tcb, TCP_SYN_SENT);
|
||||
|
||||
TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
|
||||
TcpToSendData (Tcb, 1);
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
index 106d9470db..535d09d342 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
@@ -2,7 +2,7 @@
|
||||
TCP timer related functions.
|
||||
|
||||
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
-
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -497,7 +497,6 @@ TcpTickingDpc (
|
||||
INT16 Index;
|
||||
|
||||
mTcpTick++;
|
||||
- mTcpGlobalIss += TCP_ISS_INCREMENT_2;
|
||||
|
||||
//
|
||||
// Don't use LIST_FOR_EACH, which isn't delete safe.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,318 @@
|
||||
From c74cced5adaab44edf1bbfae63010b3fa31d4c69 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Sun, 23 Jun 2024 19:20:44 -0400
|
||||
Subject: [PATCH 27/31] OvmfPkg: wire up RngDxe
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [27/31] 90226f6630261d2823bed33c4e2f6c96a4125027
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
Conflicts: - Needed to apply 9 earlier commits from Pierre Gondois
|
||||
to make this one apply and build.
|
||||
- Cherry pick wanted to add include files from the
|
||||
missing 'add ShellComponents' (commit 2cb466cc2cbf...)
|
||||
series. This had to be handled manually.
|
||||
- There are no Dsc and Fdf subdirectories under
|
||||
OvmfPkg/Include/ in this version. We adjust includes
|
||||
and move files to OvmfPkg/ where needed.
|
||||
|
||||
commit 712797cf19acd292bf203522a79e40e7e13d268b
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri May 24 12:51:17 2024 +0200
|
||||
|
||||
OvmfPkg: wire up RngDxe
|
||||
|
||||
Add OvmfRng include snippets with the random number generator
|
||||
configuration for OVMF. Include RngDxe, build with BaseRngLib,
|
||||
so the rdrand instruction is used (if available).
|
||||
|
||||
Also move VirtioRng to the include snippets.
|
||||
|
||||
Use the new include snippets for OVMF builds.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++-
|
||||
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
|
||||
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
|
||||
OvmfPkg/Microvm/MicrovmX64.fdf | 3 ++-
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 3 ++-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.fdf | 2 +-
|
||||
OvmfPkg/OvmfRngComponents.dsc.inc | 9 +++++++++
|
||||
OvmfPkg/OvmfRngDxe.fdf.inc | 6 ++++++
|
||||
13 files changed, 29 insertions(+), 11 deletions(-)
|
||||
create mode 100644 OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
create mode 100644 OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index a1a6897bc2..499ad2e6e8 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -707,7 +707,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -824,6 +823,7 @@
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
!endif
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index 5662609886..06ff2f1d30 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -222,7 +222,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -327,6 +326,8 @@ INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||
!endif
|
||||
!endif
|
||||
|
||||
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
+
|
||||
################################################################################
|
||||
|
||||
[FV.FVMAIN_COMPACT]
|
||||
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
index d08b77ff25..4f2909b76e 100644
|
||||
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
@@ -635,7 +635,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -744,6 +743,7 @@
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
index afd4bf3e98..0efb0b456d 100644
|
||||
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
@@ -694,7 +694,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||
@@ -820,6 +819,7 @@
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||
index 6314014f3d..bd5afdafe0 100644
|
||||
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||
@@ -230,7 +230,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||
@@ -322,6 +321,8 @@ INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
||||
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
|
||||
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
+
|
||||
################################################################################
|
||||
|
||||
[FV.FVMAIN_COMPACT]
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 47426c5cd2..f03906a9ff 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -801,7 +801,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -958,6 +957,7 @@
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 00ea14adf0..050148948c 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -228,7 +228,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||
#
|
||||
# TPM support
|
||||
#
|
||||
+
|
||||
!if $(TPM_ENABLE) == TRUE
|
||||
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
||||
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
@@ -371,6 +371,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||
!endif
|
||||
!endif
|
||||
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
|
||||
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
|
||||
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index d4b30e8133..81145050c3 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -815,7 +815,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -972,6 +971,7 @@
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index e33a40c44e..3e2373f225 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -381,6 +380,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||
!endif
|
||||
!endif
|
||||
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
|
||||
################################################################################
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 5b0f6c8747..1cb169b447 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -813,7 +813,6 @@
|
||||
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -970,6 +969,7 @@
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||
}
|
||||
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
|
||||
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 85b4b23857..8ba0ca437a 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -248,7 +248,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
!if $(PVSCSI_ENABLE) == TRUE
|
||||
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||
!endif
|
||||
@@ -397,6 +396,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||
!endif
|
||||
!endif
|
||||
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
|
||||
################################################################################
|
||||
|
||||
diff --git a/OvmfPkg/OvmfRngComponents.dsc.inc b/OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
new file mode 100644
|
||||
index 0000000000..68839a0caa
|
||||
--- /dev/null
|
||||
+++ b/OvmfPkg/OvmfRngComponents.dsc.inc
|
||||
@@ -0,0 +1,9 @@
|
||||
+##
|
||||
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+##
|
||||
+
|
||||
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
|
||||
+ <LibraryClasses>
|
||||
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
+ }
|
||||
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
diff --git a/OvmfPkg/OvmfRngDxe.fdf.inc b/OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
new file mode 100644
|
||||
index 0000000000..99cb4a32b1
|
||||
--- /dev/null
|
||||
+++ b/OvmfPkg/OvmfRngDxe.fdf.inc
|
||||
@@ -0,0 +1,6 @@
|
||||
+##
|
||||
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+##
|
||||
+
|
||||
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,246 @@
|
||||
From 660ffc1753c84e89281d54059c0cb73eef7200d0 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:27:16 -0400
|
||||
Subject: [PATCH 09/31] SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support
|
||||
through ArmTrngLib
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [9/31] 34f5db557b893a686c382a09ceacda728dbd4ad9
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 863fe9e191fb3d90c3283062183692c04cd71975
|
||||
Author: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Date: Fri Oct 28 17:32:55 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through ArmTrngLib
|
||||
|
||||
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||
|
||||
RawAlgorithm is used to provide access to entropy that is suitable
|
||||
for cryptographic applications. Therefore, add RawAlgorithm support
|
||||
that provides access to entropy using the ArmTrngLib.
|
||||
|
||||
Also remove unused UefiBootServicesTableLib library inclusion
|
||||
and Status variable.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/AArch64/RngDxe.c | 28 ++++++--
|
||||
.../RandomNumberGenerator/RngDxe/ArmTrng.c | 71 +++++++++++++++++++
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++
|
||||
SecurityPkg/SecurityPkg.dsc | 4 ++
|
||||
4 files changed, 104 insertions(+), 4 deletions(-)
|
||||
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
index c9d66d9777..c0b0d28d48 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
@@ -1,11 +1,13 @@
|
||||
/** @file
|
||||
RNG Driver to produce the UEFI Random Number Generator protocol.
|
||||
|
||||
- The driver will use the RNDR instruction to produce random numbers.
|
||||
+ The driver can use RNDR instruction (through the RngLib and if FEAT_RNG is
|
||||
+ present) to produce random numbers. It also uses the Arm FW-TRNG interface
|
||||
+ to implement EFI_RNG_ALGORITHM_RAW.
|
||||
|
||||
RNG Algorithms defined in UEFI 2.4:
|
||||
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
|
||||
- - EFI_RNG_ALGORITHM_RAW - Unsupported
|
||||
+ - EFI_RNG_ALGORITHM_RAW
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
|
||||
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
|
||||
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
||||
@@ -26,12 +28,14 @@
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/ArmTrngLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
// Maximum number of Rng algorithms.
|
||||
-#define RNG_AVAILABLE_ALGO_MAX 1
|
||||
+#define RNG_AVAILABLE_ALGO_MAX 2
|
||||
|
||||
/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
@@ -46,8 +50,9 @@ GetAvailableAlgorithms (
|
||||
)
|
||||
{
|
||||
UINT64 DummyRand;
|
||||
+ UINT16 MajorRevision;
|
||||
+ UINT16 MinorRevision;
|
||||
|
||||
- // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating
|
||||
// Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
if (mAvailableAlgoArray == NULL) {
|
||||
@@ -64,6 +69,16 @@ GetAvailableAlgorithms (
|
||||
mAvailableAlgoArrayCount++;
|
||||
}
|
||||
|
||||
+ // Raw algorithm (Trng)
|
||||
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ &gEfiRngAlgorithmRaw,
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+ }
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -141,6 +156,11 @@ FoundAlgo:
|
||||
return Status;
|
||||
}
|
||||
|
||||
+ // Raw algorithm (Trng)
|
||||
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
|
||||
+ return GenerateEntropy (RNGValueLength, RNGValue);
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Other algorithms are unsupported by this driver.
|
||||
//
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||
new file mode 100644
|
||||
index 0000000000..ffe557b692
|
||||
--- /dev/null
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||
@@ -0,0 +1,71 @@
|
||||
+/** @file
|
||||
+ RNG Driver to produce the UEFI Random Number Generator protocol.
|
||||
+
|
||||
+ The driver implements the EFI_RNG_ALGORITHM_RAW using the FW-TRNG
|
||||
+ interface to provide entropy.
|
||||
+
|
||||
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/ArmTrngLib.h>
|
||||
+#include <Protocol/Rng.h>
|
||||
+
|
||||
+#include "RngDxeInternals.h"
|
||||
+
|
||||
+/**
|
||||
+ Generate high-quality entropy source using a TRNG or through RDRAND.
|
||||
+
|
||||
+ @param[in] Length Size of the buffer, in bytes, to fill with.
|
||||
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
|
||||
+
|
||||
+ @retval RETURN_SUCCESS The function completed successfully.
|
||||
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
|
||||
+ @retval RETURN_UNSUPPORTED Function not implemented.
|
||||
+ @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small.
|
||||
+ @retval RETURN_NOT_READY No Entropy available.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GenerateEntropy (
|
||||
+ IN UINTN Length,
|
||||
+ OUT UINT8 *Entropy
|
||||
+ )
|
||||
+{
|
||||
+ EFI_STATUS Status;
|
||||
+ UINTN CollectedEntropyBits;
|
||||
+ UINTN RequiredEntropyBits;
|
||||
+ UINTN EntropyBits;
|
||||
+ UINTN Index;
|
||||
+ UINTN MaxBits;
|
||||
+
|
||||
+ ZeroMem (Entropy, Length);
|
||||
+
|
||||
+ RequiredEntropyBits = (Length << 3);
|
||||
+ Index = 0;
|
||||
+ CollectedEntropyBits = 0;
|
||||
+ MaxBits = GetArmTrngMaxSupportedEntropyBits ();
|
||||
+ while (CollectedEntropyBits < RequiredEntropyBits) {
|
||||
+ EntropyBits = MIN ((RequiredEntropyBits - CollectedEntropyBits), MaxBits);
|
||||
+ Status = GetArmTrngEntropy (
|
||||
+ EntropyBits,
|
||||
+ (Length - Index),
|
||||
+ &Entropy[Index]
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ // Discard the collected bits.
|
||||
+ ZeroMem (Entropy, Length);
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ CollectedEntropyBits += EntropyBits;
|
||||
+ Index += (EntropyBits >> 3);
|
||||
+ } // while
|
||||
+
|
||||
+ return Status;
|
||||
+}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index 1985dfbb46..e0e767cbf3 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -43,8 +43,10 @@
|
||||
|
||||
[Sources.AARCH64]
|
||||
AArch64/RngDxe.c
|
||||
+ ArmTrng.c
|
||||
|
||||
[Packages]
|
||||
+ MdeModulePkg/MdeModulePkg.dec
|
||||
MdePkg/MdePkg.dec
|
||||
SecurityPkg/SecurityPkg.dec
|
||||
|
||||
@@ -57,6 +59,9 @@
|
||||
TimerLib
|
||||
RngLib
|
||||
|
||||
+[LibraryClasses.AARCH64]
|
||||
+ ArmTrngLib
|
||||
+
|
||||
[Guids]
|
||||
gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
|
||||
index 73a93c2285..9f58cc2333 100644
|
||||
--- a/SecurityPkg/SecurityPkg.dsc
|
||||
+++ b/SecurityPkg/SecurityPkg.dsc
|
||||
@@ -3,6 +3,8 @@
|
||||
#
|
||||
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
|
||||
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
|
||||
+# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
|
||||
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
##
|
||||
@@ -86,6 +88,8 @@
|
||||
|
||||
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
|
||||
|
||||
+ ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf
|
||||
+
|
||||
[LibraryClasses.ARM]
|
||||
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,311 @@
|
||||
From 0c6e925403e5aa50a77797af59308e6fee4be6b1 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:31:58 -0400
|
||||
Subject: [PATCH 12/31] SecurityPkg/RngDxe: Add Arm support of RngDxe
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [12/31] 11b72f6d69392c7b2e8565025a576e76877fe7ed
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 9eb5ccda505917f6ee80284ed6fb5b51aa7152f9
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:58 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Add Arm support of RngDxe
|
||||
|
||||
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||
|
||||
Add RngDxe support for Arm. This implementation uses the ArmTrngLib
|
||||
to support the RawAlgorithm and doens't support the RNDR instruction.
|
||||
|
||||
To re-use the RngGetRNG(), RngGetInfo() and FreeAvailableAlgorithms()
|
||||
functions, create Arm/AArch64 files which implement the arch specific
|
||||
function GetAvailableAlgorithms(). Indeed, FEAT_RNG instruction is not
|
||||
supported on Arm.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/AArch64/AArch64Algo.c | 72 +++++++++++++++++++
|
||||
.../RngDxe/Arm/ArmAlgo.c | 51 +++++++++++++
|
||||
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 60 ----------------
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 12 +++-
|
||||
SecurityPkg/SecurityPkg.dsc | 2 +-
|
||||
5 files changed, 133 insertions(+), 64 deletions(-)
|
||||
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
new file mode 100644
|
||||
index 0000000000..e8be217f8a
|
||||
--- /dev/null
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
@@ -0,0 +1,72 @@
|
||||
+/** @file
|
||||
+ Aarch64 specific code.
|
||||
+
|
||||
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/MemoryAllocationLib.h>
|
||||
+#include <Library/ArmTrngLib.h>
|
||||
+
|
||||
+#include "RngDxeInternals.h"
|
||||
+
|
||||
+// Maximum number of Rng algorithms.
|
||||
+#define RNG_AVAILABLE_ALGO_MAX 2
|
||||
+
|
||||
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The function completed successfully.
|
||||
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ UINT64 DummyRand;
|
||||
+ UINT16 MajorRevision;
|
||||
+ UINT16 MinorRevision;
|
||||
+
|
||||
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
+ if (mAvailableAlgoArray == NULL) {
|
||||
+ return EFI_OUT_OF_RESOURCES;
|
||||
+ }
|
||||
+
|
||||
+ // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||
+ if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+
|
||||
+ DEBUG_CODE_BEGIN ();
|
||||
+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
+ DEBUG ((
|
||||
+ DEBUG_WARN,
|
||||
+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||
+ ));
|
||||
+ }
|
||||
+
|
||||
+ DEBUG_CODE_END ();
|
||||
+ }
|
||||
+
|
||||
+ // Raw algorithm (Trng)
|
||||
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ &gEfiRngAlgorithmRaw,
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||
new file mode 100644
|
||||
index 0000000000..4b24f5c4a6
|
||||
--- /dev/null
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||
@@ -0,0 +1,51 @@
|
||||
+/** @file
|
||||
+ Arm specific code.
|
||||
+
|
||||
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/MemoryAllocationLib.h>
|
||||
+#include <Library/ArmTrngLib.h>
|
||||
+
|
||||
+#include "RngDxeInternals.h"
|
||||
+
|
||||
+// Maximum number of Rng algorithms.
|
||||
+#define RNG_AVAILABLE_ALGO_MAX 1
|
||||
+
|
||||
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The function completed successfully.
|
||||
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ UINT16 MajorRevision;
|
||||
+ UINT16 MinorRevision;
|
||||
+
|
||||
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
+ if (mAvailableAlgoArray == NULL) {
|
||||
+ return EFI_OUT_OF_RESOURCES;
|
||||
+ }
|
||||
+
|
||||
+ // Raw algorithm (Trng)
|
||||
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ &gEfiRngAlgorithmRaw,
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
index a800a85792..5e7d9ef681 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
@@ -28,70 +28,10 @@
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
-#include <Library/DebugLib.h>
|
||||
-#include <Library/ArmTrngLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
-// Maximum number of Rng algorithms.
|
||||
-#define RNG_AVAILABLE_ALGO_MAX 2
|
||||
-
|
||||
-/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
- Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
-
|
||||
- @retval EFI_SUCCESS The function completed successfully.
|
||||
- @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
-**/
|
||||
-EFI_STATUS
|
||||
-EFIAPI
|
||||
-GetAvailableAlgorithms (
|
||||
- VOID
|
||||
- )
|
||||
-{
|
||||
- UINT64 DummyRand;
|
||||
- UINT16 MajorRevision;
|
||||
- UINT16 MinorRevision;
|
||||
-
|
||||
- // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
- mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
- if (mAvailableAlgoArray == NULL) {
|
||||
- return EFI_OUT_OF_RESOURCES;
|
||||
- }
|
||||
-
|
||||
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||
- CopyMem (
|
||||
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||
- sizeof (EFI_RNG_ALGORITHM)
|
||||
- );
|
||||
- mAvailableAlgoArrayCount++;
|
||||
-
|
||||
- DEBUG_CODE_BEGIN ();
|
||||
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
- DEBUG ((
|
||||
- DEBUG_WARN,
|
||||
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||
- ));
|
||||
- }
|
||||
-
|
||||
- DEBUG_CODE_END ();
|
||||
- }
|
||||
-
|
||||
- // Raw algorithm (Trng)
|
||||
- if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||
- CopyMem (
|
||||
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
- &gEfiRngAlgorithmRaw,
|
||||
- sizeof (EFI_RNG_ALGORITHM)
|
||||
- );
|
||||
- mAvailableAlgoArrayCount++;
|
||||
- }
|
||||
-
|
||||
- return EFI_SUCCESS;
|
||||
-}
|
||||
-
|
||||
/** Free mAvailableAlgoArray.
|
||||
**/
|
||||
VOID
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index 1d0bdef57d..c8e0ee4ae5 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -28,7 +28,7 @@
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
-# VALID_ARCHITECTURES = IA32 X64 AARCH64
|
||||
+# VALID_ARCHITECTURES = IA32 X64 AARCH64 ARM
|
||||
#
|
||||
|
||||
[Sources.common]
|
||||
@@ -41,10 +41,16 @@
|
||||
Rand/AesCore.c
|
||||
Rand/AesCore.h
|
||||
|
||||
-[Sources.AARCH64]
|
||||
+[Sources.AARCH64, Sources.ARM]
|
||||
ArmRngDxe.c
|
||||
ArmTrng.c
|
||||
|
||||
+[Sources.AARCH64]
|
||||
+ AArch64/AArch64Algo.c
|
||||
+
|
||||
+[Sources.ARM]
|
||||
+ Arm/ArmAlgo.c
|
||||
+
|
||||
[Packages]
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
MdePkg/MdePkg.dec
|
||||
@@ -59,7 +65,7 @@
|
||||
TimerLib
|
||||
RngLib
|
||||
|
||||
-[LibraryClasses.AARCH64]
|
||||
+[LibraryClasses.AARCH64, LibraryClasses.ARM]
|
||||
ArmTrngLib
|
||||
|
||||
[Guids]
|
||||
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
|
||||
index 9f58cc2333..36493f04ee 100644
|
||||
--- a/SecurityPkg/SecurityPkg.dsc
|
||||
+++ b/SecurityPkg/SecurityPkg.dsc
|
||||
@@ -281,7 +281,7 @@
|
||||
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
|
||||
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
|
||||
|
||||
-[Components.IA32, Components.X64, Components.AARCH64]
|
||||
+[Components.IA32, Components.X64, Components.AARCH64, Components.ARM]
|
||||
#
|
||||
# Random Number Generator
|
||||
#
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,58 @@
|
||||
From 8b78800fed2a4af7c08eebd20d1bf764e8e10c84 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:28:58 -0400
|
||||
Subject: [PATCH 10/31] SecurityPkg/RngDxe: Add debug warning for NULL
|
||||
PcdCpuRngSupportedAlgorithm
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [10/31] 66b888e9b1e2be0c79784e02b4821854bd80432d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 6cdddccf0085cf2929f8ae710515e4e53663dfb2
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:56 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm
|
||||
|
||||
PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm
|
||||
used by the RNDR CPU instruction to generate a random number.
|
||||
Add a debug warning if the Pcd is not set.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 10 ++++++++++
|
||||
1 file changed, 10 insertions(+)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
index c0b0d28d48..a800a85792 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
@@ -67,6 +67,16 @@ GetAvailableAlgorithms (
|
||||
sizeof (EFI_RNG_ALGORITHM)
|
||||
);
|
||||
mAvailableAlgoArrayCount++;
|
||||
+
|
||||
+ DEBUG_CODE_BEGIN ();
|
||||
+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
+ DEBUG ((
|
||||
+ DEBUG_WARN,
|
||||
+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||
+ ));
|
||||
+ }
|
||||
+
|
||||
+ DEBUG_CODE_END ();
|
||||
}
|
||||
|
||||
// Raw algorithm (Trng)
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,336 @@
|
||||
From 5bd27a5a923c8880a06d52fca48e304becbbb8f6 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:25:23 -0400
|
||||
Subject: [PATCH 08/31] SecurityPkg/RngDxe: Check before advertising Cpu Rng
|
||||
algo
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [8/31] 5417b276749a2d1b1afa9465b5b7a501def26a12
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 4b3e9d80bedf5909a4ec901425ed9c0a738fc76f
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:54 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Check before advertising Cpu Rng algo
|
||||
|
||||
RngGetBytes() relies on the RngLib. The RngLib might use the RNDR
|
||||
instruction if the FEAT_RNG feature is present. RngGetInfo and
|
||||
RngGetRNG both must check that RngGetBytes() is working before
|
||||
advertising/using it.
|
||||
|
||||
To do so, allocate an array storing the available algorithms.
|
||||
The Rng algorithm at the lowest index will be the default Rng
|
||||
algorithm. The array is shared between RngGetInfo and RngGetRNG.
|
||||
|
||||
This array is allocated when the driver is loaded, and freed
|
||||
when unloaded.
|
||||
|
||||
This patch also prevents from having PcdCpuRngSupportedAlgorithm
|
||||
let to a zero GUID, but let the possibility to have no valid Rng
|
||||
algorithm in such case.
|
||||
|
||||
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/AArch64/RngDxe.c | 87 +++++++++++++++++--
|
||||
.../RngDxe/Rand/RngDxe.c | 26 ++++++
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.c | 40 ++++++++-
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
|
||||
.../RngDxe/RngDxeInternals.h | 27 ++++++
|
||||
5 files changed, 172 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
index 8c6ad4ed43..c9d66d9777 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
@@ -22,11 +22,63 @@
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
+#include <Library/RngLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
+// Maximum number of Rng algorithms.
|
||||
+#define RNG_AVAILABLE_ALGO_MAX 1
|
||||
+
|
||||
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The function completed successfully.
|
||||
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ UINT64 DummyRand;
|
||||
+
|
||||
+ // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating
|
||||
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
+ if (mAvailableAlgoArray == NULL) {
|
||||
+ return EFI_OUT_OF_RESOURCES;
|
||||
+ }
|
||||
+
|
||||
+ // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||
+ if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+/** Free mAvailableAlgoArray.
|
||||
+**/
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+FreeAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ FreePool (mAvailableAlgoArray);
|
||||
+ return;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
Produces and returns an RNG value using either the default or specified RNG algorithm.
|
||||
|
||||
@@ -59,6 +111,7 @@ RngGetRNG (
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
+ UINTN Index;
|
||||
|
||||
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -68,9 +121,21 @@ RngGetRNG (
|
||||
//
|
||||
// Use the default RNG algorithm if RNGAlgorithm is NULL.
|
||||
//
|
||||
- RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||
+ for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) {
|
||||
+ if (!IsZeroGuid (&mAvailableAlgoArray[Index])) {
|
||||
+ RNGAlgorithm = &mAvailableAlgoArray[Index];
|
||||
+ goto FoundAlgo;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (Index == mAvailableAlgoArrayCount) {
|
||||
+ // No algorithm available.
|
||||
+ ASSERT (Index != mAvailableAlgoArrayCount);
|
||||
+ return EFI_DEVICE_ERROR;
|
||||
+ }
|
||||
}
|
||||
|
||||
+FoundAlgo:
|
||||
if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
Status = RngGetBytes (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
@@ -113,24 +178,30 @@ RngGetInfo (
|
||||
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
)
|
||||
{
|
||||
- UINTN RequiredSize;
|
||||
- EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||
-
|
||||
- RequiredSize = sizeof (EFI_RNG_ALGORITHM);
|
||||
+ UINTN RequiredSize;
|
||||
|
||||
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
+ RequiredSize = mAvailableAlgoArrayCount * sizeof (EFI_RNG_ALGORITHM);
|
||||
+
|
||||
+ if (RequiredSize == 0) {
|
||||
+ // No supported algorithms found.
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||
*RNGAlgorithmListSize = RequiredSize;
|
||||
return EFI_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
- CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||
-
|
||||
- CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
|
||||
+ if (RNGAlgorithmList == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
|
||||
+ // There is no gap in the array, so copy the block.
|
||||
+ CopyMem (RNGAlgorithmList, mAvailableAlgoArray, RequiredSize);
|
||||
*RNGAlgorithmListSize = RequiredSize;
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 70b6ac20c9..7caa64a4ff 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -26,6 +26,32 @@
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The function completed successfully.
|
||||
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+/** Free mAvailableAlgoArray.
|
||||
+**/
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+FreeAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ return;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
Produces and returns an RNG value using either the default or specified RNG algorithm.
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
index 4599728889..cc2ddfcc06 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
@@ -27,6 +27,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
+//
|
||||
+// Array containing the validated Rng algorithm.
|
||||
+// The entry with the lowest index will be the default algorithm.
|
||||
+//
|
||||
+UINTN mAvailableAlgoArrayCount;
|
||||
+EFI_RNG_ALGORITHM *mAvailableAlgoArray;
|
||||
+
|
||||
//
|
||||
// The Random Number Generator (RNG) protocol
|
||||
//
|
||||
@@ -66,8 +73,39 @@ RngDriverEntry (
|
||||
&mRngRdRand,
|
||||
NULL
|
||||
);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Get the list of available algorithm.
|
||||
+ //
|
||||
+ return GetAvailableAlgorithms ();
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
+ This is the unload handle for RndgDxe module.
|
||||
+
|
||||
+ Disconnect the driver specified by ImageHandle from all the devices in the handle database.
|
||||
+ Uninstall all the protocols installed in the driver entry point.
|
||||
|
||||
- return Status;
|
||||
+ @param[in] ImageHandle The drivers' driver image.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The image is unloaded.
|
||||
+ @retval Others Failed to unload the image.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+RngDriverUnLoad (
|
||||
+ IN EFI_HANDLE ImageHandle
|
||||
+ )
|
||||
+{
|
||||
+ //
|
||||
+ // Free the list of available algorithm.
|
||||
+ //
|
||||
+ FreeAvailableAlgorithms ();
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index 60efb5562e..1985dfbb46 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -22,6 +22,7 @@
|
||||
MODULE_TYPE = DXE_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
ENTRY_POINT = RngDriverEntry
|
||||
+ UNLOAD_IMAGE = RngDriverUnLoad
|
||||
MODULE_UNI_FILE = RngDxe.uni
|
||||
|
||||
#
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
index f17adb83fb..0ef5e6522f 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
@@ -12,6 +12,33 @@
|
||||
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
+//
|
||||
+// Array containing the validated Rng algorithm.
|
||||
+// The entry with the lowest index will be the default algorithm.
|
||||
+//
|
||||
+extern UINTN mAvailableAlgoArrayCount;
|
||||
+extern EFI_RNG_ALGORITHM *mAvailableAlgoArray;
|
||||
+
|
||||
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The function completed successfully.
|
||||
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ );
|
||||
+
|
||||
+/** Free mAvailableAlgoArray.
|
||||
+**/
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+FreeAvailableAlgorithms (
|
||||
+ VOID
|
||||
+ );
|
||||
+
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,79 @@
|
||||
From e7444d0b84a8fd41aa63ecb083e65fd56b32fd38 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Sun, 23 Jun 2024 14:21:01 -0400
|
||||
Subject: [PATCH 14/31] SecurityPkg/RngDxe: Conditionally install
|
||||
EFI_RNG_PROTOCOL
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [14/31] bc64d4cad6c30353723d674ef9f10eb10aeb1cac
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 75fb0cfc82376906243386514be0e4067d702117
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Thu Nov 24 17:17:55 2022 +0100
|
||||
|
||||
SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
|
||||
|
||||
On Arm platforms, the number of available RNG algorithms is
|
||||
dynamically detected and can be 0 in the absence of FEAT_RNG
|
||||
and firmware TRNG.
|
||||
In this case, the EFI_RNG_PROTOCOL should not be installed to
|
||||
prevent from installing an empty protocol.
|
||||
|
||||
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||
[ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error]
|
||||
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.c | 19 ++++++++++++++-----
|
||||
1 file changed, 14 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
index cc2ddfcc06..55e8dd49d0 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
@@ -63,6 +63,18 @@ RngDriverEntry (
|
||||
EFI_STATUS Status;
|
||||
EFI_HANDLE Handle;
|
||||
|
||||
+ //
|
||||
+ // Get the list of available algorithm.
|
||||
+ //
|
||||
+ Status = GetAvailableAlgorithms ();
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ if (mAvailableAlgoArrayCount == 0) {
|
||||
+ return EFI_REQUEST_UNLOAD_IMAGE;
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Install UEFI RNG (Random Number Generator) Protocol
|
||||
//
|
||||
@@ -74,13 +86,10 @@ RngDriverEntry (
|
||||
NULL
|
||||
);
|
||||
if (EFI_ERROR (Status)) {
|
||||
- return Status;
|
||||
+ FreeAvailableAlgorithms ();
|
||||
}
|
||||
|
||||
- //
|
||||
- // Get the list of available algorithm.
|
||||
- //
|
||||
- return GetAvailableAlgorithms ();
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,105 @@
|
||||
From b9a937603080bfada6c224a6e9da046a8a33f868 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Sun, 23 Jun 2024 14:18:18 -0400
|
||||
Subject: [PATCH 13/31] SecurityPkg/RngDxe: Correctly update
|
||||
mAvailableAlgoArrayCount
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [13/31] 3e06e270cad90038537305a4cb7828fcc45251fb
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit bfb574db110899471fe09db819587b3151c7b7b5
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Thu Nov 24 17:17:54 2022 +0100
|
||||
|
||||
SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
|
||||
|
||||
mAvailableAlgoArrayCount holds the count of available RNG algorithms.
|
||||
In a following patch, its value will be used to prevent the
|
||||
EFI_RNG_PROTOCOL to be installed if no RNG algorithm is available.
|
||||
|
||||
Correctly set/reset the value for all implementations.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 1 +
|
||||
.../RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 16 ++++++++++++++--
|
||||
2 files changed, 15 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
index 5e7d9ef681..0e44d0c931 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
@@ -40,6 +40,7 @@ FreeAvailableAlgorithms (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
+ mAvailableAlgoArrayCount = 0;
|
||||
FreePool (mAvailableAlgoArray);
|
||||
return;
|
||||
}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 7caa64a4ff..149de875ce 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -26,6 +26,11 @@
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
+//
|
||||
+// Count of Rng algorithms.
|
||||
+//
|
||||
+#define RNG_ALGORITHM_COUNT 2
|
||||
+
|
||||
/** Allocate and initialize mAvailableAlgoArray with the available
|
||||
Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||
|
||||
@@ -38,6 +43,13 @@ GetAvailableAlgorithms (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
+
|
||||
+ UINT64 RngTest;
|
||||
+
|
||||
+ if (GetRandomNumber64 (&RngTest)) {
|
||||
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
|
||||
+ }
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -49,6 +61,7 @@ FreeAvailableAlgorithms (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
+ mAvailableAlgoArrayCount = 0;
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -159,13 +172,12 @@ RngGetInfo (
|
||||
)
|
||||
{
|
||||
UINTN RequiredSize;
|
||||
- EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||
|
||||
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
- RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
|
||||
+ RequiredSize = RNG_ALGORITHM_COUNT * sizeof (EFI_RNG_ALGORITHM);
|
||||
|
||||
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||
*RNGAlgorithmListSize = RequiredSize;
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,98 @@
|
||||
From 0f8890578f46bc791d007b19dbbfa0dd2805032d Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:23:42 -0400
|
||||
Subject: [PATCH 07/31] SecurityPkg/RngDxe: Documentation/include/parameter
|
||||
cleanup
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [7/31] 19a0a13d18fc7f92c7b05e8da08f4d83df77ea6c
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 199031b2b0233652ad5d5fdf73f0f44c0f264d55
|
||||
Author: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:53 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Documentation/include/parameter cleanup
|
||||
|
||||
This patch:
|
||||
-Update RngGetBytes() documentation to align the function
|
||||
definition and declaration.
|
||||
-Improve input parameter checking. Even though 'This'
|
||||
it is not used, the parameter should always point to the
|
||||
current EFI_RNG_PROTOCOL.
|
||||
-Removes TimerLib inclusion as unused.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 3 +--
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 2 +-
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 3 +--
|
||||
3 files changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
index f6a0bf7b2b..8c6ad4ed43 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
@@ -23,7 +23,6 @@
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
-#include <Library/TimerLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
@@ -61,7 +60,7 @@ RngGetRNG (
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 5a649ecf24..70b6ac20c9 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -59,7 +59,7 @@ RngGetRNG (
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
index 7b8ecfc70d..4599728889 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
@@ -23,7 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
-#include <Library/TimerLib.h>
|
||||
#include <Protocol/Rng.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
@@ -73,7 +72,7 @@ RngDriverEntry (
|
||||
|
||||
|
||||
/**
|
||||
- Calls RDRAND to fill a buffer of arbitrary size with random bytes.
|
||||
+ Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
|
||||
|
||||
@param[in] Length Size of the buffer, in bytes, to fill with.
|
||||
@param[out] RandBuffer Pointer to the buffer to store the random result.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,258 @@
|
||||
From df912b4c93cd848991d9a9439d3aba441bae1d67 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:21:09 -0400
|
||||
Subject: [PATCH 06/31] SecurityPkg/RngDxe: Remove
|
||||
ArchGetSupportedRngAlgorithms()
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [6/31] 4066cb1503b5c5a29b6d45a4b671d0829f2671ae
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 922bf317f1731554b3e77a0a48033a38fdc75a77
|
||||
Author: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:52 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms()
|
||||
|
||||
RngGetInfo() is one of the 2 functions of the EFI_RNG_PROTOCOL.
|
||||
RngGetInfo() is currently a mere wrapper around
|
||||
ArchGetSupportedRngAlgorithms() which is implemented differently
|
||||
depending on the architecture used.
|
||||
|
||||
RngGetInfo() does nothing more than calling
|
||||
ArchGetSupportedRngAlgorithms(). So remove it, and let RngGetInfo()
|
||||
be implemented differently according to the architecture.
|
||||
|
||||
This follows the implementation of the other function of the
|
||||
EFI_RNG_PROTOCOL, RngGetRNG().
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/AArch64/RngDxe.c | 19 +++++--
|
||||
.../RngDxe/Rand/RngDxe.c | 24 ++++++---
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.c | 49 -------------------
|
||||
.../RngDxe/RngDxeInternals.h | 25 ----------
|
||||
4 files changed, 33 insertions(+), 84 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
index 1cdc842966..f6a0bf7b2b 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
@@ -14,6 +14,7 @@
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -85,6 +86,7 @@ RngGetRNG (
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
|
||||
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||
@param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||
On output with a return code of EFI_SUCCESS, the size
|
||||
in bytes of the data returned in RNGAlgorithmList. On output
|
||||
@@ -97,14 +99,19 @@ RngGetRNG (
|
||||
is the default algorithm for the driver.
|
||||
|
||||
@retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||
+ @retval EFI_UNSUPPORTED The services is not supported by this driver.
|
||||
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||
+ hardware or firmware error.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
@retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||
|
||||
**/
|
||||
-UINTN
|
||||
+EFI_STATUS
|
||||
EFIAPI
|
||||
-ArchGetSupportedRngAlgorithms (
|
||||
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
+RngGetInfo (
|
||||
+ IN EFI_RNG_PROTOCOL *This,
|
||||
+ IN OUT UINTN *RNGAlgorithmListSize,
|
||||
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
)
|
||||
{
|
||||
UINTN RequiredSize;
|
||||
@@ -112,6 +119,10 @@ ArchGetSupportedRngAlgorithms (
|
||||
|
||||
RequiredSize = sizeof (EFI_RNG_ALGORITHM);
|
||||
|
||||
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||
*RNGAlgorithmListSize = RequiredSize;
|
||||
return EFI_BUFFER_TOO_SMALL;
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 19755b3bfd..5a649ecf24 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -104,6 +104,7 @@ RngGetRNG (
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
|
||||
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||
@param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||
On output with a return code of EFI_SUCCESS, the size
|
||||
in bytes of the data returned in RNGAlgorithmList. On output
|
||||
@@ -116,19 +117,28 @@ RngGetRNG (
|
||||
is the default algorithm for the driver.
|
||||
|
||||
@retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||
+ @retval EFI_UNSUPPORTED No supported algorithms found.
|
||||
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||
+ hardware or firmware error.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
@retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||
|
||||
**/
|
||||
-UINTN
|
||||
+EFI_STATUS
|
||||
EFIAPI
|
||||
-ArchGetSupportedRngAlgorithms (
|
||||
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
+RngGetInfo (
|
||||
+ IN EFI_RNG_PROTOCOL *This,
|
||||
+ IN OUT UINTN *RNGAlgorithmListSize,
|
||||
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
)
|
||||
{
|
||||
UINTN RequiredSize;
|
||||
EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||
|
||||
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
|
||||
|
||||
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||
@@ -136,9 +146,11 @@ ArchGetSupportedRngAlgorithms (
|
||||
return EFI_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
- CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||
+ if (RNGAlgorithmList == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
|
||||
- CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
|
||||
+ CopyMem (&RNGAlgorithmList[0], &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (EFI_RNG_ALGORITHM));
|
||||
|
||||
// x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
|
||||
CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
index b959c70536..7b8ecfc70d 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||
@@ -28,55 +28,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
-/**
|
||||
- Returns information about the random number generation implementation.
|
||||
-
|
||||
- @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||
- @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||
- On output with a return code of EFI_SUCCESS, the size
|
||||
- in bytes of the data returned in RNGAlgorithmList. On output
|
||||
- with a return code of EFI_BUFFER_TOO_SMALL,
|
||||
- the size of RNGAlgorithmList required to obtain the list.
|
||||
- @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
|
||||
- with one EFI_RNG_ALGORITHM element for each supported
|
||||
- RNG algorithm. The list must not change across multiple
|
||||
- calls to the same driver. The first algorithm in the list
|
||||
- is the default algorithm for the driver.
|
||||
-
|
||||
- @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||
- @retval EFI_UNSUPPORTED The services is not supported by this driver.
|
||||
- @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||
- hardware or firmware error.
|
||||
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
- @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||
-
|
||||
-**/
|
||||
-EFI_STATUS
|
||||
-EFIAPI
|
||||
-RngGetInfo (
|
||||
- IN EFI_RNG_PROTOCOL *This,
|
||||
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
- )
|
||||
-{
|
||||
- EFI_STATUS Status;
|
||||
-
|
||||
- if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||
- return EFI_INVALID_PARAMETER;
|
||||
- }
|
||||
-
|
||||
- //
|
||||
- // Return algorithm list supported by driver.
|
||||
- //
|
||||
- if (RNGAlgorithmList != NULL) {
|
||||
- Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
|
||||
- } else {
|
||||
- Status = EFI_INVALID_PARAMETER;
|
||||
- }
|
||||
-
|
||||
- return Status;
|
||||
-}
|
||||
-
|
||||
//
|
||||
// The Random Number Generator (RNG) protocol
|
||||
//
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
index fcb8b69153..f17adb83fb 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
@@ -74,31 +74,6 @@ RngGetRNG (
|
||||
OUT UINT8 *RNGValue
|
||||
);
|
||||
|
||||
-/**
|
||||
- Returns information about the random number generation implementation.
|
||||
-
|
||||
- @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||
- On output with a return code of EFI_SUCCESS, the size
|
||||
- in bytes of the data returned in RNGAlgorithmList. On output
|
||||
- with a return code of EFI_BUFFER_TOO_SMALL,
|
||||
- the size of RNGAlgorithmList required to obtain the list.
|
||||
- @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
|
||||
- with one EFI_RNG_ALGORITHM element for each supported
|
||||
- RNG algorithm. The list must not change across multiple
|
||||
- calls to the same driver. The first algorithm in the list
|
||||
- is the default algorithm for the driver.
|
||||
-
|
||||
- @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||
- @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||
-
|
||||
-**/
|
||||
-UINTN
|
||||
-EFIAPI
|
||||
-ArchGetSupportedRngAlgorithms (
|
||||
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
- );
|
||||
-
|
||||
/**
|
||||
Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,55 @@
|
||||
From 05ffe3749d73942cf4df7ed8f53ae239e62d5376 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:30:19 -0400
|
||||
Subject: [PATCH 11/31] SecurityPkg/RngDxe: Rename AArch64/RngDxe.c
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [11/31] 39c8a7a1e45c7c26f5d16f79d81abac1fbae4f22
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit ff29cdb968a1a4d7bd7ab4eba2597a77c0748dc2
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Oct 28 17:32:57 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Rename AArch64/RngDxe.c
|
||||
|
||||
To re-use the AArch64/RngDxe.c for an Arm implementation,
|
||||
rename AArch64/RngDxe.c to ArmRngDxe.c.
|
||||
|
||||
Acked-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
||||
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/{AArch64/RngDxe.c => ArmRngDxe.c} | 0
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +-
|
||||
2 files changed, 1 insertion(+), 1 deletion(-)
|
||||
rename SecurityPkg/RandomNumberGenerator/RngDxe/{AArch64/RngDxe.c => ArmRngDxe.c} (100%)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
similarity index 100%
|
||||
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||
rename to SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index e0e767cbf3..1d0bdef57d 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -42,7 +42,7 @@
|
||||
Rand/AesCore.h
|
||||
|
||||
[Sources.AARCH64]
|
||||
- AArch64/RngDxe.c
|
||||
+ ArmRngDxe.c
|
||||
ArmTrng.c
|
||||
|
||||
[Packages]
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,176 @@
|
||||
From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 22:19:10 -0400
|
||||
Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to
|
||||
generic name
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
CVE: CVE-2022-45237
|
||||
Upstream: Merged
|
||||
|
||||
commit 8a89747844a5061791e55a25daedcf895180a794
|
||||
Author: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Date: Fri Oct 28 17:32:50 2022 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name
|
||||
|
||||
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||
|
||||
Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a
|
||||
common interface to generate entropy on other architectures.
|
||||
GenerateEntropy() is intended to generate high quality entropy.
|
||||
|
||||
Also move the definition to RngDxeInternals.h
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/Rand/RdRand.c | 20 ++++++++++++-----
|
||||
.../RngDxe/Rand/RngDxe.c | 7 ++++--
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +-
|
||||
.../RngDxe/RngDxeInternals.h | 22 ++++++++++++++++++-
|
||||
4 files changed, 41 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||
index 83025a47d4..853bf43148 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||
@@ -1,15 +1,23 @@
|
||||
/** @file
|
||||
- Support routines for RDRAND instruction access.
|
||||
-
|
||||
+ Support routines for RDRAND instruction access, which will leverage
|
||||
+ Intel Secure Key technology to provide high-quality random numbers for use
|
||||
+ in applications, or entropy for seeding other random number generators.
|
||||
+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
|
||||
+ -generator-drng-software-implementation-guide/ for more information about Intel
|
||||
+ Secure Key technology.
|
||||
+
|
||||
+Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
+#include <Library/TimerLib.h>
|
||||
|
||||
#include "AesCore.h"
|
||||
-#include "RdRand.h"
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
/**
|
||||
@@ -87,9 +95,9 @@ RdRandGetSeed128 (
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
-RdRandGenerateEntropy (
|
||||
- IN UINTN Length,
|
||||
- OUT UINT8 *Entropy
|
||||
+GenerateEntropy (
|
||||
+ IN UINTN Length,
|
||||
+ OUT UINT8 *Entropy
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 834123b945..19755b3bfd 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -14,13 +14,16 @@
|
||||
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
||||
- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
|
||||
|
||||
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
-#include "RdRand.h"
|
||||
+#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
+
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
/**
|
||||
@@ -88,7 +91,7 @@ RngGetRNG (
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
|
||||
+ Status = GenerateEntropy (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
}
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index f330097199..60efb5562e 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -10,6 +10,7 @@
|
||||
#
|
||||
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
##
|
||||
@@ -36,7 +37,6 @@
|
||||
[Sources.IA32, Sources.X64]
|
||||
Rand/RngDxe.c
|
||||
Rand/RdRand.c
|
||||
- Rand/RdRand.h
|
||||
Rand/AesCore.c
|
||||
Rand/AesCore.h
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
index 25cccbe92c..fcb8b69153 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||
@@ -10,6 +10,8 @@
|
||||
#ifndef RNGDXE_INTERNALS_H_
|
||||
#define RNGDXE_INTERNALS_H_
|
||||
|
||||
+#include <Protocol/Rng.h>
|
||||
+
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
|
||||
@@ -114,4 +116,22 @@ RngGetBytes (
|
||||
OUT UINT8 *RandBuffer
|
||||
);
|
||||
|
||||
-#endif // RNGDXE_INTERNALS_H_
|
||||
+/**
|
||||
+ Generate high-quality entropy source using a TRNG or through RDRAND.
|
||||
+
|
||||
+ @param[in] Length Size of the buffer, in bytes, to fill with.
|
||||
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Entropy generation succeeded.
|
||||
+ @retval EFI_NOT_READY Failed to request random data.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GenerateEntropy (
|
||||
+ IN UINTN Length,
|
||||
+ OUT UINT8 *Entropy
|
||||
+ );
|
||||
+
|
||||
+#endif // RNGDXE_INTERNALS_H_
|
||||
+
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,78 @@
|
||||
From 1a0bf45b088e05f6eb7edaa0d24aec894ea3491b Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:11:16 -0400
|
||||
Subject: [PATCH 23/31] SecurityPkg/RngDxe: Simplify Rng algorithm selection
|
||||
for Arm
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [23/31] 21b2854eed63bf5d406cfec5ac03b9ae3901a679
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit ff7ddc02b273f9159ef46fdb67d99062f8e598d9
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:10 2023 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
|
||||
|
||||
The first element of mAvailableAlgoArray is defined as the default
|
||||
Rng algorithm to use. Don't go through the array at each RngGetRNG()
|
||||
call and just return the first element of the array.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 17 ++++-------------
|
||||
1 file changed, 4 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
index 2fc36fc186..7249904413 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
@@ -77,7 +77,6 @@ RngGetRNG (
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
- UINTN Index;
|
||||
GUID RngGuid;
|
||||
|
||||
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
@@ -88,21 +87,13 @@ RngGetRNG (
|
||||
//
|
||||
// Use the default RNG algorithm if RNGAlgorithm is NULL.
|
||||
//
|
||||
- for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) {
|
||||
- if (!IsZeroGuid (&mAvailableAlgoArray[Index])) {
|
||||
- RNGAlgorithm = &mAvailableAlgoArray[Index];
|
||||
- goto FoundAlgo;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- if (Index == mAvailableAlgoArrayCount) {
|
||||
- // No algorithm available.
|
||||
- ASSERT (Index != mAvailableAlgoArrayCount);
|
||||
- return EFI_DEVICE_ERROR;
|
||||
+ if (mAvailableAlgoArrayCount != 0) {
|
||||
+ RNGAlgorithm = &mAvailableAlgoArray[0];
|
||||
+ } else {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
}
|
||||
}
|
||||
|
||||
-FoundAlgo:
|
||||
Status = GetRngGuid (&RngGuid);
|
||||
if (!EFI_ERROR (Status) &&
|
||||
CompareGuid (RNGAlgorithm, &RngGuid))
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,195 @@
|
||||
From 6b3795dcecf31b0d8aa7edabeffccf37b7259ff0 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:09:46 -0400
|
||||
Subject: [PATCH 22/31] SecurityPkg/RngDxe: Use GetRngGuid() when probing
|
||||
RngLib
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [22/31] 17b40bc3daeba2ba8407826e17f3096c4a5151c6
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 19438cff973bfb35a1ef12fab45fabb28b63fe64
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:09 2023 +0200
|
||||
|
||||
SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
|
||||
|
||||
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
a GetRngGuid() function was added in a previous patch.
|
||||
|
||||
The EFI_RNG_PROTOCOL can advertise multiple algorithms through
|
||||
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
|
||||
advertise the RngLib in the Arm implementation.
|
||||
|
||||
The issues of doing that are:
|
||||
- the RngLib implementation might not use CPU instructions,
|
||||
cf. the BaseRngLibTimerLib
|
||||
- most platforms don't set PcdCpuRngSupportedAlgorithm
|
||||
|
||||
A GetRngGuid() was added to the RngLib in a previous patch,
|
||||
allowing to identify the algorithm implemented by the RngLib.
|
||||
Make use of this function and place the unsage algorithm
|
||||
at the last position in the mAvailableAlgoArray.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------
|
||||
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 8 ++-
|
||||
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +-
|
||||
3 files changed, 45 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
index e8be217f8a..a270441ebb 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||
@@ -10,6 +10,8 @@
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/ArmTrngLib.h>
|
||||
+#include <Library/RngLib.h>
|
||||
+#include <Guid/RngAlgorithm.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
@@ -28,9 +30,13 @@ GetAvailableAlgorithms (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
- UINT64 DummyRand;
|
||||
- UINT16 MajorRevision;
|
||||
- UINT16 MinorRevision;
|
||||
+ EFI_STATUS Status;
|
||||
+ UINT16 MajorRevision;
|
||||
+ UINT16 MinorRevision;
|
||||
+ GUID RngGuid;
|
||||
+ BOOLEAN UnSafeAlgo;
|
||||
+
|
||||
+ UnSafeAlgo = FALSE;
|
||||
|
||||
// Rng algorithms 2 times, one for the allocation, one to populate.
|
||||
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||
@@ -38,24 +44,29 @@ GetAvailableAlgorithms (
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||
- CopyMem (
|
||||
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||
- sizeof (EFI_RNG_ALGORITHM)
|
||||
- );
|
||||
- mAvailableAlgoArrayCount++;
|
||||
-
|
||||
- DEBUG_CODE_BEGIN ();
|
||||
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
+ // Identify RngLib algorithm.
|
||||
+ Status = GetRngGuid (&RngGuid);
|
||||
+ if (!EFI_ERROR (Status)) {
|
||||
+ if (IsZeroGuid (&RngGuid) ||
|
||||
+ CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
|
||||
+ {
|
||||
+ // Treat zero GUID as an unsafe algorithm
|
||||
DEBUG ((
|
||||
DEBUG_WARN,
|
||||
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||
+ "RngLib uses an Unsafe algorithm and "
|
||||
+ "must not be used for production builds.\n"
|
||||
));
|
||||
+ // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
|
||||
+ // so that it can be added at the end of the algorithm list.
|
||||
+ UnSafeAlgo = TRUE;
|
||||
+ } else {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ &RngGuid,
|
||||
+ sizeof (RngGuid)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
}
|
||||
-
|
||||
- DEBUG_CODE_END ();
|
||||
}
|
||||
|
||||
// Raw algorithm (Trng)
|
||||
@@ -68,5 +79,15 @@ GetAvailableAlgorithms (
|
||||
mAvailableAlgoArrayCount++;
|
||||
}
|
||||
|
||||
+ // Add unsafe algorithm at the end of the list.
|
||||
+ if (UnSafeAlgo) {
|
||||
+ CopyMem (
|
||||
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||
+ &gEdkiiRngAlgorithmUnSafe,
|
||||
+ sizeof (EFI_RNG_ALGORITHM)
|
||||
+ );
|
||||
+ mAvailableAlgoArrayCount++;
|
||||
+ }
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
index 0e44d0c931..2fc36fc186 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||
@@ -76,8 +76,9 @@ RngGetRNG (
|
||||
OUT UINT8 *RNGValue
|
||||
)
|
||||
{
|
||||
- EFI_STATUS Status;
|
||||
+ EFI_STATUS Status;
|
||||
UINTN Index;
|
||||
+ GUID RngGuid;
|
||||
|
||||
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -102,7 +103,10 @@ RngGetRNG (
|
||||
}
|
||||
|
||||
FoundAlgo:
|
||||
- if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||
+ Status = GetRngGuid (&RngGuid);
|
||||
+ if (!EFI_ERROR (Status) &&
|
||||
+ CompareGuid (RNGAlgorithm, &RngGuid))
|
||||
+ {
|
||||
Status = RngGetBytes (RNGValueLength, RNGValue);
|
||||
return Status;
|
||||
}
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index d6c2d30195..8704a64441 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -75,13 +75,11 @@
|
||||
gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
+ gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||
|
||||
[Protocols]
|
||||
gEfiRngProtocolGuid ## PRODUCES
|
||||
|
||||
-[Pcd.AARCH64]
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||
-
|
||||
[Depex]
|
||||
TRUE
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,57 @@
|
||||
From 5022087de4a4bcd113ef0325e657bd78b798d5f6 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:33:43 -0400
|
||||
Subject: [PATCH 26/31] SecurityPkg/RngDxe: add rng test
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [26/31] 97c8deefd351f2755cf458f10679dd1d859fb321
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit a61bc0accb8a76edba4f073fdc7bafc908df045d
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri May 31 09:49:13 2024 +0200
|
||||
|
||||
SecurityPkg/RngDxe: add rng test
|
||||
|
||||
Check whenever RngLib actually returns random numbers, only return
|
||||
a non-zero number of Algorithms if that is the case.
|
||||
|
||||
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
|
||||
only in case it can actually deliver random numbers.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
|
||||
Check whenever RngLib actually returns random numbers, only return
|
||||
a non-zero number of Algorithms if that is the case.
|
||||
|
||||
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
|
||||
only in case it can actually deliver random numbers.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
index 149de875ce..e374b62208 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||
@@ -23,6 +23,7 @@
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/RngLib.h>
|
||||
|
||||
#include "RngDxeInternals.h"
|
||||
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,104 @@
|
||||
From 1548ea758f7d9d58fd61110f5719cc12786380d3 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:01:08 -0400
|
||||
Subject: [PATCH 17/31] SecurityPkg/SecurityPkg.dec: Move
|
||||
PcdCpuRngSupportedAlgorithm to MdePkg
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [17/31] 01f31c97f800f3451072762c0e9a9eb59f1cc2ab
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 65b5dd828ef2ea5056031b239a4e7a6642f771a3
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:04 2023 +0200
|
||||
|
||||
SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
|
||||
|
||||
In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a
|
||||
following patch and to avoid making the MdePkg dependent on another
|
||||
package, move PcdCpuRngSupportedAlgorithm to the MdePkg.
|
||||
|
||||
As the Pcd is only used for AARCH64, place it in an AARCH64
|
||||
specific sections.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 2 +-
|
||||
MdePkg/MdePkg.dec | 5 +++++
|
||||
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 4 ++--
|
||||
SecurityPkg/SecurityPkg.dec | 2 --
|
||||
4 files changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
index f857290e82..f729001060 100644
|
||||
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
@@ -19,7 +19,7 @@
|
||||
INF_VERSION = 1.27
|
||||
BASE_NAME = BaseRngLibTimerLib
|
||||
MODULE_UNI_FILE = BaseRngLibTimerLib.uni
|
||||
- FILE_GUID = 74950C45-10FC-4AB5-B114-49C87C17409B
|
||||
+ FILE_GUID = B3E66B05-D218-4B9A-AC33-EF0F83D6A513
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = RngLib
|
||||
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||
index 6389a48338..8f05e822ac 100644
|
||||
--- a/MdePkg/MdePkg.dec
|
||||
+++ b/MdePkg/MdePkg.dec
|
||||
@@ -2306,6 +2306,11 @@
|
||||
# @Prompt Memory Address of GuidedExtractHandler Table.
|
||||
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|0x1000000|UINT64|0x30001015
|
||||
|
||||
+[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]
|
||||
+ ## GUID identifying the Rng algorithm implemented by CPU instruction.
|
||||
+ # @Prompt CPU Rng algorithm's GUID.
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00000037
|
||||
+
|
||||
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
||||
## This value is used to set the base address of PCI express hierarchy.
|
||||
# @Prompt PCI Express Base Address.
|
||||
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
index c8e0ee4ae5..d6c2d30195 100644
|
||||
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||
@@ -79,8 +79,8 @@
|
||||
[Protocols]
|
||||
gEfiRngProtocolGuid ## PRODUCES
|
||||
|
||||
-[Pcd]
|
||||
- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||
+[Pcd.AARCH64]
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
TRUE
|
||||
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
|
||||
index 9f7a032d60..8cf80b1e84 100644
|
||||
--- a/SecurityPkg/SecurityPkg.dec
|
||||
+++ b/SecurityPkg/SecurityPkg.dec
|
||||
@@ -323,8 +323,6 @@
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
|
||||
|
||||
- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
|
||||
-
|
||||
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
||||
## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
|
||||
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
|
||||
--
|
||||
2.39.3
|
||||
|
Loading…
Reference in new issue