parent
c410dcdbba
commit
198e572715
@ -0,0 +1,56 @@
|
|||||||
|
From 045496325e278716e724ffdf9685667a8766d4f3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 10:34:52 -0400
|
||||||
|
Subject: [PATCH 28/31] CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [28/31] 5ff484fbc68d094fbcdda2772c2869818c67de8d
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 94961b8817eec6f8d0434555ac50a7aa51c22201
|
||||||
|
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Fri Jun 14 11:45:49 2024 +0200
|
||||||
|
|
||||||
|
CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||||
|
|
||||||
|
Needed to properly initialize BaseRngLib.
|
||||||
|
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||||
|
index 88a3f96305..0ba9f35840 100644
|
||||||
|
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||||
|
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||||
|
@@ -8,6 +8,11 @@
|
||||||
|
**/
|
||||||
|
#include "TestBaseCryptLib.h"
|
||||||
|
|
||||||
|
+VOID
|
||||||
|
+EFIAPI
|
||||||
|
+ProcessLibraryConstructorList (
|
||||||
|
+ VOID
|
||||||
|
+ );
|
||||||
|
|
||||||
|
/**
|
||||||
|
Initialize the unit test framework, suite, and unit tests for the
|
||||||
|
@@ -77,5 +82,6 @@ main (
|
||||||
|
char *argv[]
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ ProcessLibraryConstructorList ();
|
||||||
|
return UefiTestMain ();
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,66 @@
|
|||||||
|
From 2e4b2b8fce40cf93f35e052102f37fee07b2e64a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Mon, 10 Jun 2024 18:13:29 -0400
|
||||||
|
Subject: [PATCH 02/31] MdeModulePkg: Potential UINT32 overflow in S3
|
||||||
|
ResumeCount
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [2/31] a3592c3437041cbd33a6c11feb3d0999e122c8c0
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-40099
|
||||||
|
CVE: CVE-2024-1298
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 284dbac43da752ee34825c8b3f6f9e8281cb5a19
|
||||||
|
Author: Shanmugavel Pakkirisamy <shanmugavelx.pakkirisamy@intel.com>
|
||||||
|
Date: Mon May 6 17:53:09 2024 +0800
|
||||||
|
|
||||||
|
MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
|
||||||
|
|
||||||
|
Attacker able to modify physical memory and ResumeCount.
|
||||||
|
System will crash/DoS when ResumeCount reaches its MAX_UINT32.
|
||||||
|
|
||||||
|
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||||
|
Cc: Dandan Bi <dandan.bi@intel.com>
|
||||||
|
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
|
||||||
|
Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../FirmwarePerformancePei.c | 12 ++++++++----
|
||||||
|
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||||
|
index 6881466201..54b3bc3c54 100644
|
||||||
|
--- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||||
|
+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||||
|
@@ -110,11 +110,15 @@ FpdtStatusCodeListenerPei (
|
||||||
|
//
|
||||||
|
S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
|
||||||
|
AcpiS3ResumeRecord->ResumeCount++;
|
||||||
|
- AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||||
|
+ if (AcpiS3ResumeRecord->ResumeCount > 0) {
|
||||||
|
+ AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||||
|
+ DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = %d\n", AcpiS3ResumeRecord->ResumeCount));
|
||||||
|
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = %ld\n", AcpiS3ResumeRecord->FullResume));
|
||||||
|
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
|
||||||
|
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
|
||||||
|
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = 0x%x\n", AcpiS3ResumeRecord->FullResume));
|
||||||
|
|
||||||
|
//
|
||||||
|
// Update S3 Suspend Performance Record.
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,90 @@
|
|||||||
|
From 5ba444af245d59e3208260478aa710d4f143f259 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:06:25 -0400
|
||||||
|
Subject: [PATCH 20/31] MdeModulePkg/Rng: Add GUID to describe unsafe Rng
|
||||||
|
algorithms
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [20/31] d0e553560d60122f2fe5f33923b5b943c138a18d
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 414c0f20896f3dec412135fa4260f8aad8bef246
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:07 2023 +0200
|
||||||
|
|
||||||
|
MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
|
||||||
|
|
||||||
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||||
|
|
||||||
|
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||||
|
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||||
|
To allow the RngDxe to detect when such implementation is used,
|
||||||
|
a GetRngGuid() function is added in a following patch.
|
||||||
|
|
||||||
|
Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
|
||||||
|
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++
|
||||||
|
MdeModulePkg/MdeModulePkg.dec | 3 +++
|
||||||
|
2 files changed, 26 insertions(+)
|
||||||
|
create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..e2ac2ba3e5
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||||
|
@@ -0,0 +1,23 @@
|
||||||
|
+/** @file
|
||||||
|
+ Rng Algorithm
|
||||||
|
+
|
||||||
|
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#ifndef RNG_ALGORITHM_GUID_H_
|
||||||
|
+#define RNG_ALGORITHM_GUID_H_
|
||||||
|
+
|
||||||
|
+///
|
||||||
|
+/// The implementation of a Random Number Generator might be unsafe, when using
|
||||||
|
+/// a dummy implementation for instance. Allow identifying such implementation
|
||||||
|
+/// with this GUID.
|
||||||
|
+///
|
||||||
|
+#define EDKII_RNG_ALGORITHM_UNSAFE \
|
||||||
|
+ { \
|
||||||
|
+ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+extern EFI_GUID gEdkiiRngAlgorithmUnSafe;
|
||||||
|
+
|
||||||
|
+#endif // #ifndef RNG_ALGORITHM_GUID_H_
|
||||||
|
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
index 08d59dfb3e..3513a9678a 100644
|
||||||
|
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||||
|
@@ -401,6 +401,9 @@
|
||||||
|
## Include/Guid/MigratedFvInfo.h
|
||||||
|
gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }
|
||||||
|
|
||||||
|
+ ## Include/Guid/RngAlgorithm.h
|
||||||
|
+ gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
|
||||||
|
+
|
||||||
|
#
|
||||||
|
# GUID defined in UniversalPayload
|
||||||
|
#
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,89 @@
|
|||||||
|
From 3800b9ee5d6d4c05c7e27f949c3b32c422c78f2d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:02:31 -0400
|
||||||
|
Subject: [PATCH 16/31] MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [16/31] 6e199344d083e90f60cbe01dfb3c2a3719e3177d
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit e93468442b7da7bc80e00014e854c0c8a0a7184b
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:03 2023 +0200
|
||||||
|
|
||||||
|
MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||||
|
|
||||||
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
|
||||||
|
|
||||||
|
To keep the MdePkg self-contained and avoid dependencies on GUIDs
|
||||||
|
defined in other packages, the BaseRngLibTimer was moved to the
|
||||||
|
MdePkg.
|
||||||
|
Add a constructor to warn and request to use the MdeModulePkg
|
||||||
|
implementation.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 +
|
||||||
|
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 22 +++++++++++++++++++
|
||||||
|
2 files changed, 23 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
index f857290e82..96c90db63f 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
+++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
MODULE_TYPE = BASE
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
LIBRARY_CLASS = RngLib
|
||||||
|
+ CONSTRUCTOR = BaseRngLibTimerConstructor
|
||||||
|
|
||||||
|
[Sources]
|
||||||
|
RngLibTimer.c
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
index 54d29d96f3..6b8392162b 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
@@ -13,6 +13,28 @@
|
||||||
|
|
||||||
|
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ This implementation is to be replaced by its MdeModulePkg copy.
|
||||||
|
+ The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||||
|
+ be defined in the MdePkg.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
|
||||||
|
+**/
|
||||||
|
+RETURN_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+BaseRngLibTimerConstructor (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ DEBUG ((
|
||||||
|
+ DEBUG_WARN,
|
||||||
|
+ "Warning: This BaseRngTimerLib implementation will be deprecated. "
|
||||||
|
+ "Please use the MdeModulePkg implementation equivalent.\n"
|
||||||
|
+ ));
|
||||||
|
+
|
||||||
|
+ return RETURN_SUCCESS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Using the TimerLib GetPerformanceCounterProperties() we delay
|
||||||
|
for enough time for the PerformanceCounter to increment.
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,94 @@
|
|||||||
|
From 1198bceefa4834c09e1edc1c558aeffe4930d1f5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 11 Jun 2024 21:32:26 -0400
|
||||||
|
Subject: [PATCH 03/31] MdePkg: Apply uncrustify changes
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [3/31] 422d94b837bf0e65164968272a358c2656f59838
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
This is a subset of the whitespace changes in the corresponding upstream
|
||||||
|
commit. It is needed for the next commits in this series to apply with
|
||||||
|
less fewer conflicts.
|
||||||
|
|
||||||
|
commit 2f88bd3a1296c522317f1c21377876de63de5be7
|
||||||
|
Author: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||||
|
Date: Sun Dec 5 14:54:05 2021 -0800
|
||||||
|
|
||||||
|
MdePkg: Apply uncrustify changes
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
|
||||||
|
|
||||||
|
Apply uncrustify changes to .c/.h files in the MdePkg package
|
||||||
|
|
||||||
|
Cc: Andrew Fish <afish@apple.com>
|
||||||
|
Cc: Leif Lindholm <leif@nuviainc.com>
|
||||||
|
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdePkg/Include/Protocol/Rng.h | 24 ++++++++++++------------
|
||||||
|
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||||
|
index a0a05d1661..baf425587b 100644
|
||||||
|
--- a/MdePkg/Include/Protocol/Rng.h
|
||||||
|
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||||
|
@@ -93,7 +93,7 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||||
|
**/
|
||||||
|
typedef
|
||||||
|
EFI_STATUS
|
||||||
|
-(EFIAPI *EFI_RNG_GET_INFO) (
|
||||||
|
+(EFIAPI *EFI_RNG_GET_INFO)(
|
||||||
|
IN EFI_RNG_PROTOCOL *This,
|
||||||
|
IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
@@ -123,9 +123,9 @@ EFI_STATUS
|
||||||
|
**/
|
||||||
|
typedef
|
||||||
|
EFI_STATUS
|
||||||
|
-(EFIAPI *EFI_RNG_GET_RNG) (
|
||||||
|
+(EFIAPI *EFI_RNG_GET_RNG)(
|
||||||
|
IN EFI_RNG_PROTOCOL *This,
|
||||||
|
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
|
||||||
|
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
|
||||||
|
IN UINTN RNGValueLength,
|
||||||
|
OUT UINT8 *RNGValue
|
||||||
|
);
|
||||||
|
@@ -135,16 +135,16 @@ EFI_STATUS
|
||||||
|
/// applications, or entropy for seeding other random number generators.
|
||||||
|
///
|
||||||
|
struct _EFI_RNG_PROTOCOL {
|
||||||
|
- EFI_RNG_GET_INFO GetInfo;
|
||||||
|
- EFI_RNG_GET_RNG GetRNG;
|
||||||
|
+ EFI_RNG_GET_INFO GetInfo;
|
||||||
|
+ EFI_RNG_GET_RNG GetRNG;
|
||||||
|
};
|
||||||
|
|
||||||
|
-extern EFI_GUID gEfiRngProtocolGuid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||||
|
-extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||||
|
+extern EFI_GUID gEfiRngProtocolGuid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||||
|
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,213 @@
|
|||||||
|
From 1d4b6d489cb919faa3ad67a3ae53fe26c4cd0a75 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 10:32:29 -0400
|
||||||
|
Subject: [PATCH 25/31] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
|
||||||
|
CPUID
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [25/31] 11804d6f86a644ae2c3dcad89c633ad63b794d3f
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
|
||||||
|
Author: Pedro Falcato <pedro.falcato@gmail.com>
|
||||||
|
Date: Tue Nov 22 22:31:03 2022 +0000
|
||||||
|
|
||||||
|
MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
|
||||||
|
|
||||||
|
RDRAND has notoriously been broken many times over its lifespan.
|
||||||
|
Add a smoketest to RDRAND, in order to better sniff out potential
|
||||||
|
security concerns.
|
||||||
|
|
||||||
|
Also add a proper CPUID test in order to support older CPUs which may
|
||||||
|
not have it; it was previously being tested but then promptly ignored.
|
||||||
|
|
||||||
|
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
|
||||||
|
:x86_init_rdrand() per commit 049f9ae9..
|
||||||
|
|
||||||
|
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
|
||||||
|
code to MIT and the public domain.
|
||||||
|
|
||||||
|
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
|
||||||
|
<..>
|
||||||
|
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
|
||||||
|
> also place it into public domain. Do with it what you will now.
|
||||||
|
>
|
||||||
|
> Jason
|
||||||
|
|
||||||
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
|
||||||
|
|
||||||
|
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
|
||||||
|
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||||
|
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||||
|
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@gmail.com>
|
||||||
|
---
|
||||||
|
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
|
||||||
|
1 file changed, 91 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
index aee8ea04e8..7132ab0efd 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
to provide high-quality random numbers.
|
||||||
|
|
||||||
|
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
@@ -25,6 +26,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
STATIC BOOLEAN mRdRandSupported;
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
|
||||||
|
+//
|
||||||
|
+#define RDRAND_RETRIES 10
|
||||||
|
+
|
||||||
|
+#define RDRAND_TEST_SAMPLES 8
|
||||||
|
+
|
||||||
|
+#define RDRAND_MIN_CHANGE 5
|
||||||
|
+
|
||||||
|
+//
|
||||||
|
+// Add a define for native-word RDRAND, just for the test.
|
||||||
|
+//
|
||||||
|
+#ifdef MDE_CPU_X64
|
||||||
|
+#define ASM_RDRAND AsmRdRand64
|
||||||
|
+#else
|
||||||
|
+#define ASM_RDRAND AsmRdRand32
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Tests RDRAND for broken implementations.
|
||||||
|
+
|
||||||
|
+ @retval TRUE RDRAND is reliable (and hopefully safe).
|
||||||
|
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+STATIC
|
||||||
|
+BOOLEAN
|
||||||
|
+TestRdRand (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ //
|
||||||
|
+ // Test for notoriously broken rdrand implementations that always return the same
|
||||||
|
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
|
||||||
|
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
|
||||||
|
+ //
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
|
||||||
|
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
|
||||||
|
+ //
|
||||||
|
+ UINTN Prev;
|
||||||
|
+ UINT8 Idx;
|
||||||
|
+ UINT8 TestIteration;
|
||||||
|
+ UINT32 Changed;
|
||||||
|
+
|
||||||
|
+ Changed = 0;
|
||||||
|
+
|
||||||
|
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
|
||||||
|
+ UINTN Sample;
|
||||||
|
+ //
|
||||||
|
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
|
||||||
|
+ // Any failure to get a random number will assume RDRAND does not work.
|
||||||
|
+ //
|
||||||
|
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
|
||||||
|
+ if (ASM_RDRAND (&Sample)) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (Idx == RDRAND_RETRIES) {
|
||||||
|
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (TestIteration != 0) {
|
||||||
|
+ Changed += Sample != Prev;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ Prev = Sample;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (Changed < RDRAND_MIN_CHANGE) {
|
||||||
|
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
|
||||||
|
+ return FALSE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return TRUE;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#undef ASM_RDRAND
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
The constructor function checks whether or not RDRAND instruction is supported
|
||||||
|
by the host hardware.
|
||||||
|
@@ -49,10 +132,13 @@ BaseRngLibConstructor (
|
||||||
|
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
|
||||||
|
//
|
||||||
|
AsmCpuid (1, 0, 0, &RegEcx, 0);
|
||||||
|
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||||
|
|
||||||
|
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||||
|
|
||||||
|
+ if (mRdRandSupported) {
|
||||||
|
+ mRdRandSupported = TestRdRand ();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -71,6 +157,7 @@ ArchGetRandomNumber16 (
|
||||||
|
OUT UINT16 *Rand
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ ASSERT (mRdRandSupported);
|
||||||
|
return AsmRdRand16 (Rand);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -89,6 +176,7 @@ ArchGetRandomNumber32 (
|
||||||
|
OUT UINT32 *Rand
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ ASSERT (mRdRandSupported);
|
||||||
|
return AsmRdRand32 (Rand);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -107,6 +195,7 @@ ArchGetRandomNumber64 (
|
||||||
|
OUT UINT64 *Rand
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ ASSERT (mRdRandSupported);
|
||||||
|
return AsmRdRand64 (Rand);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -123,13 +212,7 @@ ArchIsRngSupported (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- /*
|
||||||
|
- Existing software depends on this always returning TRUE, so for
|
||||||
|
- now hard-code it.
|
||||||
|
-
|
||||||
|
- return mRdRandSupported;
|
||||||
|
- */
|
||||||
|
- return TRUE;
|
||||||
|
+ return mRdRandSupported;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,66 @@
|
|||||||
|
From 3351bd0ba07cc490c344d2dc54b86833993ca5a2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 15:58:58 -0400
|
||||||
|
Subject: [PATCH 18/31] MdePkg/DxeRngLib: Request raw algorithm instead of
|
||||||
|
default
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [18/31] fa2da700127ae713aa578638c2390673fc49522d
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit bd1f0eecc1dfe51ba20161bef8860d12392006bd
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:05 2023 +0200
|
||||||
|
|
||||||
|
MdePkg/DxeRngLib: Request raw algorithm instead of default
|
||||||
|
|
||||||
|
The DxeRngLib tries to generate a random number using the 3 NIST
|
||||||
|
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
|
||||||
|
If none of the call is successful, the fallback option is the default
|
||||||
|
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
|
||||||
|
be an unsafe implementation.
|
||||||
|
|
||||||
|
Try requesting the Raw algorithm before requesting the default one.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdePkg/Library/DxeRngLib/DxeRngLib.c | 9 ++++++++-
|
||||||
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
index 9c3d67b5a6..4b2fc1cde5 100644
|
||||||
|
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
@@ -64,9 +64,16 @@ GenerateRandomNumberViaNist800Algorithm (
|
||||||
|
if (!EFI_ERROR (Status)) {
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
|
||||||
|
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
|
||||||
|
+ if (!EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
// If all the other methods have failed, use the default method from the RngProtocol
|
||||||
|
Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
|
||||||
|
- DEBUG((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __FUNCTION__, Status));
|
||||||
|
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
|
||||||
|
if (!EFI_ERROR (Status)) {
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,91 @@
|
|||||||
|
From 2a01056c29542a10941cb32929032b80df091a17 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:04:48 -0400
|
||||||
|
Subject: [PATCH 19/31] MdePkg/Rng: Add GUID to describe Arm Rndr Rng
|
||||||
|
algorithms
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [19/31] 58b0f069c74b00eb6476427dd84a50a86aceb598
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:06 2023 +0200
|
||||||
|
|
||||||
|
MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
|
||||||
|
|
||||||
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||||
|
|
||||||
|
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||||
|
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||||
|
To allow the RngDxe to detect when such implementation is used,
|
||||||
|
a GetRngGuid() function is added in a following patch.
|
||||||
|
|
||||||
|
Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
|
||||||
|
to describe a Rng algorithm accessed through Arm's RNDR instruction.
|
||||||
|
[1] states that the implementation of this algorithm should be
|
||||||
|
compliant to NIST SP900-80. The compliance is not guaranteed.
|
||||||
|
|
||||||
|
[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
|
||||||
|
sK12.1 'Properties of the generated random number'
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdePkg/Include/Protocol/Rng.h | 10 ++++++++++
|
||||||
|
MdePkg/MdePkg.dec | 1 +
|
||||||
|
2 files changed, 11 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||||
|
index baf425587b..38bde53240 100644
|
||||||
|
--- a/MdePkg/Include/Protocol/Rng.h
|
||||||
|
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||||
|
@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||||
|
{ \
|
||||||
|
0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
|
||||||
|
}
|
||||||
|
+///
|
||||||
|
+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
|
||||||
|
+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
|
||||||
|
+/// inclusive of different geographies.
|
||||||
|
+///
|
||||||
|
+#define EFI_RNG_ALGORITHM_ARM_RNDR \
|
||||||
|
+ { \
|
||||||
|
+ 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/**
|
||||||
|
Returns information about the random number generation implementation.
|
||||||
|
@@ -146,5 +155,6 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||||
|
extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||||
|
extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||||
|
extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||||
|
+extern EFI_GUID gEfiRngAlgorithmArmRndr;
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||||
|
index 8f05e822ac..36501e8bb9 100644
|
||||||
|
--- a/MdePkg/MdePkg.dec
|
||||||
|
+++ b/MdePkg/MdePkg.dec
|
||||||
|
@@ -594,6 +594,7 @@
|
||||||
|
gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
|
||||||
|
gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
|
||||||
|
gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
|
||||||
|
+ gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
|
||||||
|
|
||||||
|
## Include/Protocol/AdapterInformation.h
|
||||||
|
gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,409 @@
|
|||||||
|
From b466e2545e25ebb2004ae9b9f95c6c2f60d1f168 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:08:28 -0400
|
||||||
|
Subject: [PATCH 21/31] MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [21/31] 54783ad88ba101c620240aa463c5d758fa416c31
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:08 2023 +0200
|
||||||
|
|
||||||
|
MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||||
|
|
||||||
|
The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple
|
||||||
|
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||||
|
To allow the RngDxe to detect when such implementation is used,
|
||||||
|
add a GetRngGuid() function to the RngLib.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++
|
||||||
|
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++
|
||||||
|
MdePkg/Include/Library/RngLib.h | 19 ++++++++-
|
||||||
|
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++
|
||||||
|
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 +++++
|
||||||
|
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++
|
||||||
|
.../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++
|
||||||
|
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 23 ++++++++++
|
||||||
|
MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++
|
||||||
|
9 files changed, 201 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
index f729001060..8461260cc8 100644
|
||||||
|
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
@@ -29,6 +29,10 @@
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
+ MdeModulePkg/MdeModulePkg.dec
|
||||||
|
+
|
||||||
|
+[Guids]
|
||||||
|
+ gEdkiiRngAlgorithmUnSafe
|
||||||
|
|
||||||
|
[LibraryClasses]
|
||||||
|
BaseLib
|
||||||
|
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
index 980854d67b..28ff46c71f 100644
|
||||||
|
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
@@ -2,14 +2,18 @@
|
||||||
|
BaseRng Library that uses the TimerLib to provide reasonably random numbers.
|
||||||
|
Do not use this on a production system.
|
||||||
|
|
||||||
|
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||||
|
Copyright (c) Microsoft Corporation.
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
**/
|
||||||
|
|
||||||
|
#include <Base.h>
|
||||||
|
+#include <Uefi.h>
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/TimerLib.h>
|
||||||
|
+#include <Guid/RngAlgorithm.h>
|
||||||
|
|
||||||
|
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||||
|
|
||||||
|
@@ -190,3 +194,27 @@ GetRandomNumber128 (
|
||||||
|
// Read second 64 bits
|
||||||
|
return GetRandomNumber64 (++Rand);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ if (RngGuid == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid));
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLib.h
|
||||||
|
index 05e513022e..801aa6d5bd 100644
|
||||||
|
--- a/MdePkg/Include/Library/RngLib.h
|
||||||
|
+++ b/MdePkg/Include/Library/RngLib.h
|
||||||
|
@@ -1,6 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
Provides random number generator services.
|
||||||
|
|
||||||
|
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -77,4 +78,20 @@ GetRandomNumber128 (
|
||||||
|
OUT UINT64 *Rand
|
||||||
|
);
|
||||||
|
|
||||||
|
-#endif // __RNG_LIB_H__
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+#endif // __RNG_LIB_H__
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||||
|
index c9f8c813ed..7641314a54 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||||
|
@@ -2,6 +2,7 @@
|
||||||
|
Random number generator service that uses the RNDR instruction
|
||||||
|
to provide pseudorandom numbers.
|
||||||
|
|
||||||
|
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
@@ -11,6 +12,7 @@
|
||||||
|
|
||||||
|
#include <Uefi.h>
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
|
||||||
|
@@ -137,3 +139,43 @@ ArchIsRngSupported (
|
||||||
|
{
|
||||||
|
return mRndrSupported;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ GUID *RngLibGuid;
|
||||||
|
+
|
||||||
|
+ if (RngGuid == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (!mRndrSupported) {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // If the platform advertises the algorithm behind RNDR instruction,
|
||||||
|
+ // use it. Otherwise use gEfiRngAlgorithmArmRndr.
|
||||||
|
+ //
|
||||||
|
+ RngLibGuid = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||||
|
+ if (!IsZeroGuid (RngLibGuid)) {
|
||||||
|
+ CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid));
|
||||||
|
+ } else {
|
||||||
|
+ CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||||
|
index 1fcceb9414..49503b139b 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||||
|
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||||
|
@@ -4,6 +4,7 @@
|
||||||
|
# BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
|
||||||
|
# provide random numbers.
|
||||||
|
#
|
||||||
|
+# Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||||
|
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||||
|
#
|
||||||
|
@@ -43,9 +44,18 @@
|
||||||
|
AArch64/ArmReadIdIsar0.asm | MSFT
|
||||||
|
AArch64/ArmRng.asm | MSFT
|
||||||
|
|
||||||
|
+[Guids.AARCH64]
|
||||||
|
+ gEfiRngAlgorithmArmRndr
|
||||||
|
+
|
||||||
|
+[Guids.Ia32, Guids.X64]
|
||||||
|
+ gEfiRngAlgorithmSp80090Ctr256Guid
|
||||||
|
+
|
||||||
|
[Packages]
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
|
||||||
|
+[Pcd.AARCH64]
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
|
||||||
|
+
|
||||||
|
[LibraryClasses]
|
||||||
|
BaseLib
|
||||||
|
DebugLib
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
index 09fb875ac3..aee8ea04e8 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||||
|
@@ -2,6 +2,7 @@
|
||||||
|
Random number generator services that uses RdRand instruction access
|
||||||
|
to provide high-quality random numbers.
|
||||||
|
|
||||||
|
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||||
|
|
||||||
|
@@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
#include <Uefi.h>
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
|
||||||
|
#include "BaseRngLibInternals.h"
|
||||||
|
@@ -129,3 +131,27 @@ ArchIsRngSupported (
|
||||||
|
*/
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ if (RngGuid == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid));
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||||
|
index cad30599ea..34a18e6a4d 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||||
|
@@ -1,13 +1,16 @@
|
||||||
|
/** @file
|
||||||
|
Null version of Random number generator services.
|
||||||
|
|
||||||
|
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
+#include <Uefi.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
+#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
/**
|
||||||
|
Generates a 16-bit random number.
|
||||||
|
@@ -92,3 +95,22 @@ GetRandomNumber128 (
|
||||||
|
ASSERT (FALSE);
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+}
|
||||||
|
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
index 6b8392162b..7337500fec 100644
|
||||||
|
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||||
|
@@ -209,3 +209,26 @@ GetRandomNumber128 (
|
||||||
|
// Read second 64 bits
|
||||||
|
return GetRandomNumber64 (++Rand);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+RETURN_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ /* This implementation is to be replaced by its MdeModulePkg copy.
|
||||||
|
+ * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||||
|
+ * be defined in the MdePkg.
|
||||||
|
+ */
|
||||||
|
+ return RETURN_UNSUPPORTED;
|
||||||
|
+}
|
||||||
|
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
index 4b2fc1cde5..20248b4107 100644
|
||||||
|
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||||
|
@@ -1,6 +1,7 @@
|
||||||
|
/** @file
|
||||||
|
Provides an implementation of the library class RngLib that uses the Rng protocol.
|
||||||
|
|
||||||
|
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||||
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -204,3 +205,30 @@ GetRandomNumber128 (
|
||||||
|
}
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Get a GUID identifying the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||||
|
+ the RNG algorithm implementation.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Success.
|
||||||
|
+ @retval EFI_UNSUPPORTED Not supported.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetRngGuid (
|
||||||
|
+ GUID *RngGuid
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ /* It is not possible to know beforehand which Rng algorithm will
|
||||||
|
+ * be used by this library.
|
||||||
|
+ * This API is mainly used by RngDxe. RngDxe relies on the RngLib.
|
||||||
|
+ * The RngLib|DxeRngLib.inf implementation locates and uses an installed
|
||||||
|
+ * EFI_RNG_PROTOCOL.
|
||||||
|
+ * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf.
|
||||||
|
+ * and it is ok not to support this API.
|
||||||
|
+ */
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,63 @@
|
|||||||
|
From 634ee7a8cef2eac9f41cff4b42859d9d54b204bf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 10:35:27 -0400
|
||||||
|
Subject: [PATCH 29/31] MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [29/31] 60851c6253df6f0114dc2c5598e0dde139d56c4c
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 5e776299a2604b336a947e68593012ab2cc16eb4
|
||||||
|
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Fri Jun 14 11:45:53 2024 +0200
|
||||||
|
|
||||||
|
MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||||
|
|
||||||
|
Set the rdrand feature bit when faking cpuid for host test cases.
|
||||||
|
Needed to make the CryptoPkg test cases work.
|
||||||
|
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
|
||||||
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||||
|
index d0e428457e..abc092a990 100644
|
||||||
|
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||||
|
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||||
|
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
|
||||||
|
OUT UINT32 *Edx OPTIONAL
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ UINT32 RetEcx;
|
||||||
|
+
|
||||||
|
+ RetEcx = 0;
|
||||||
|
+ switch (Index) {
|
||||||
|
+ case 1:
|
||||||
|
+ RetEcx |= BIT30; /* RdRand */
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (Eax != NULL) {
|
||||||
|
*Eax = 0;
|
||||||
|
}
|
||||||
|
@@ -73,7 +82,7 @@ UnitTestHostBaseLibAsmCpuid (
|
||||||
|
*Ebx = 0;
|
||||||
|
}
|
||||||
|
if (Ecx != NULL) {
|
||||||
|
- *Ecx = 0;
|
||||||
|
+ *Ecx = RetEcx;
|
||||||
|
}
|
||||||
|
if (Edx != NULL) {
|
||||||
|
*Edx = 0;
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,808 @@
|
|||||||
|
From 1e7f4034ddc0896e16c981d4220a1178813b4e86 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 11 Jun 2024 15:20:29 -0400
|
||||||
|
Subject: [PATCH 30/31] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [30/31] 9ae15a2abf1d9bd0a0df1ff73a88446b9eb33602
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21854
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45236
|
||||||
|
Conflicts: Didn't add new file NetworkPkg/SecurityFixes.yaml
|
||||||
|
|
||||||
|
commit 1904a64bcc18199738e5be183d28887ac5d837d7
|
||||||
|
Author: Doug Flick <dougflick@microsoft.com>
|
||||||
|
Date: Wed May 8 22:56:29 2024 -0700
|
||||||
|
|
||||||
|
NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||||
|
|
||||||
|
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
|
||||||
|
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
|
||||||
|
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
|
||||||
|
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
|
||||||
|
|
||||||
|
Bug Overview:
|
||||||
|
PixieFail Bug #8
|
||||||
|
CVE-2023-45236
|
||||||
|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||||
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
|
||||||
|
|
||||||
|
Updates TCP ISN generation to use a cryptographic hash of the
|
||||||
|
connection's identifying parameters and a secret key.
|
||||||
|
This prevents an attacker from guessing the ISN used for some other
|
||||||
|
connection.
|
||||||
|
|
||||||
|
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
|
||||||
|
|
||||||
|
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
|
||||||
|
|
||||||
|
A TCP implementation MUST use the above type of "clock" for clock-
|
||||||
|
driven selection of initial sequence numbers (MUST-8), and SHOULD
|
||||||
|
generate its initial sequence numbers with the expression:
|
||||||
|
|
||||||
|
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||||
|
|
||||||
|
where M is the 4 microsecond timer, and F() is a pseudorandom
|
||||||
|
function (PRF) of the connection's identifying parameters ("localip,
|
||||||
|
localport, remoteip, remoteport") and a secret key ("secretkey")
|
||||||
|
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
|
||||||
|
an attacker could still guess at sequence numbers from the ISN used
|
||||||
|
for some other connection. The PRF could be implemented as a
|
||||||
|
cryptographic hash of the concatenation of the TCP connection
|
||||||
|
parameters and some secret data. For discussion of the selection of
|
||||||
|
a specific hash algorithm and management of the secret key data,
|
||||||
|
please see Section 3 of [42].
|
||||||
|
|
||||||
|
For each connection there is a send sequence number and a receive
|
||||||
|
sequence number. The initial send sequence number (ISS) is chosen by
|
||||||
|
the data sending TCP peer, and the initial receive sequence number
|
||||||
|
(IRS) is learned during the connection-establishing procedure.
|
||||||
|
|
||||||
|
For a connection to be established or initialized, the two TCP peers
|
||||||
|
must synchronize on each other's initial sequence numbers. This is
|
||||||
|
done in an exchange of connection-establishing segments carrying a
|
||||||
|
control bit called "SYN" (for synchronize) and the initial sequence
|
||||||
|
numbers. As a shorthand, segments carrying the SYN bit are also
|
||||||
|
called "SYNs". Hence, the solution requires a suitable mechanism for
|
||||||
|
picking an initial sequence number and a slightly involved handshake
|
||||||
|
to exchange the ISNs.
|
||||||
|
|
||||||
|
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||||
|
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||||
|
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++-
|
||||||
|
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
|
||||||
|
NetworkPkg/TcpDxe/TcpFunc.h | 23 ++--
|
||||||
|
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
|
||||||
|
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++--
|
||||||
|
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++--
|
||||||
|
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
|
||||||
|
7 files changed, 394 insertions(+), 48 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||||
|
index 430911c2f4..34ae838ae0 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpDriver.c
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||||
|
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
|
||||||
|
TcpServiceBindingDestroyChild
|
||||||
|
};
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
|
||||||
|
+// if the platform does not provide one.
|
||||||
|
+//
|
||||||
|
+EFI_HANDLE mHash2ServiceHandle = NULL;
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Create and start the heartbeat timer for the TCP driver.
|
||||||
|
|
||||||
|
@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
|
||||||
|
EFI_STATUS Status;
|
||||||
|
UINT32 Random;
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Initialize the Secret used for hashing TCP sequence numbers
|
||||||
|
+ //
|
||||||
|
+ // Normally this should be regenerated periodically, but since
|
||||||
|
+ // this is only used for UEFI networking and not a general purpose
|
||||||
|
+ // operating system, it is not necessary to regenerate it.
|
||||||
|
+ //
|
||||||
|
+ Status = PseudoRandomU32 (&mTcpGlobalSecret);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Get a random number used to generate a random port number
|
||||||
|
+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
|
||||||
|
+ //
|
||||||
|
Status = PseudoRandomU32 (&Random);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
|
||||||
|
@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
- // Initialize ISS and random port.
|
||||||
|
+ // Initialize the random port.
|
||||||
|
//
|
||||||
|
- mTcpGlobalIss = Random % mTcpGlobalIss;
|
||||||
|
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
|
||||||
|
mTcp6RandomPort = mTcp4RandomPort;
|
||||||
|
|
||||||
|
@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
|
||||||
|
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
|
||||||
|
|
||||||
|
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
|
||||||
|
+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.
|
||||||
|
+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.
|
||||||
|
@retval EFI_SUCCESS A new IP6 service binding private was created.
|
||||||
|
|
||||||
|
**/
|
||||||
|
@@ -234,11 +258,13 @@ TcpCreateService (
|
||||||
|
IN UINT8 IpVersion
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- EFI_STATUS Status;
|
||||||
|
- EFI_GUID *IpServiceBindingGuid;
|
||||||
|
- EFI_GUID *TcpServiceBindingGuid;
|
||||||
|
- TCP_SERVICE_DATA *TcpServiceData;
|
||||||
|
- IP_IO_OPEN_DATA OpenData;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+ EFI_GUID *IpServiceBindingGuid;
|
||||||
|
+ EFI_GUID *TcpServiceBindingGuid;
|
||||||
|
+ TCP_SERVICE_DATA *TcpServiceData;
|
||||||
|
+ IP_IO_OPEN_DATA OpenData;
|
||||||
|
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||||
|
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||||
|
|
||||||
|
if (IpVersion == IP_VERSION_4) {
|
||||||
|
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
|
||||||
|
@@ -272,6 +298,33 @@ TcpCreateService (
|
||||||
|
return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ //
|
||||||
|
+ // If we can't find the Hashing protocol, then we need to create one.
|
||||||
|
+ //
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Platform is expected to publish the hash service binding protocol to support TCP.
|
||||||
|
+ //
|
||||||
|
+ Status = gBS->LocateProtocol (
|
||||||
|
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||||
|
+ NULL,
|
||||||
|
+ (VOID **)&Hash2ServiceBinding
|
||||||
|
+ );
|
||||||
|
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Create an instance of the hash protocol for this controller.
|
||||||
|
+ //
|
||||||
|
+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Create the TCP service data.
|
||||||
|
//
|
||||||
|
@@ -423,6 +476,7 @@ TcpDestroyService (
|
||||||
|
EFI_STATUS Status;
|
||||||
|
LIST_ENTRY *List;
|
||||||
|
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
|
||||||
|
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||||
|
|
||||||
|
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
|
||||||
|
|
||||||
|
@@ -439,6 +493,30 @@ TcpDestroyService (
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
|
||||||
|
+ //
|
||||||
|
+ if (mHash2ServiceHandle != NULL) {
|
||||||
|
+ Status = gBS->LocateProtocol (
|
||||||
|
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||||
|
+ NULL,
|
||||||
|
+ (VOID **)&Hash2ServiceBinding
|
||||||
|
+ );
|
||||||
|
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Destroy the instance of the hashing protocol for this controller.
|
||||||
|
+ //
|
||||||
|
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ mHash2ServiceHandle = NULL;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
Status = gBS->OpenProtocol (
|
||||||
|
NicHandle,
|
||||||
|
ServiceBindingGuid,
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||||
|
index cf5423f4c5..76de4cf9ec 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||||
|
@@ -6,6 +6,7 @@
|
||||||
|
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
|
||||||
|
#
|
||||||
|
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+# Copyright (c) Microsoft Corporation
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
@@ -68,7 +69,6 @@
|
||||||
|
NetLib
|
||||||
|
IpIoLib
|
||||||
|
|
||||||
|
-
|
||||||
|
[Protocols]
|
||||||
|
## SOMETIMES_CONSUMES
|
||||||
|
## SOMETIMES_PRODUCES
|
||||||
|
@@ -81,6 +81,12 @@
|
||||||
|
gEfiIp6ServiceBindingProtocolGuid ## TO_START
|
||||||
|
gEfiTcp6ProtocolGuid ## BY_START
|
||||||
|
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
||||||
|
+ gEfiHash2ProtocolGuid ## BY_START
|
||||||
|
+ gEfiHash2ServiceBindingProtocolGuid ## BY_START
|
||||||
|
+
|
||||||
|
+[Guids]
|
||||||
|
+ gEfiHashAlgorithmMD5Guid ## CONSUMES
|
||||||
|
+ gEfiHashAlgorithmSha256Guid ## CONSUMES
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
gEfiHash2ServiceBindingProtocolGuid
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||||
|
index 05cd3c75dc..e578b8bb29 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpFunc.h
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
Declaration of external functions shared in TCP driver.
|
||||||
|
|
||||||
|
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||||
|
-
|
||||||
|
+ Copyright (c) Microsoft Corporation
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
@@ -36,8 +36,11 @@ VOID
|
||||||
|
|
||||||
|
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||||
|
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully
|
||||||
|
+ @retval others The underlying functions failed and could not complete the operation
|
||||||
|
+
|
||||||
|
**/
|
||||||
|
-VOID
|
||||||
|
+EFI_STATUS
|
||||||
|
TcpInitTcbLocal (
|
||||||
|
IN OUT TCP_CB *Tcb
|
||||||
|
);
|
||||||
|
@@ -128,17 +131,6 @@ TcpCloneTcb (
|
||||||
|
IN TCP_CB *Tcb
|
||||||
|
);
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- Compute an ISS to be used by a new connection.
|
||||||
|
-
|
||||||
|
- @return The result ISS.
|
||||||
|
-
|
||||||
|
-**/
|
||||||
|
-TCP_SEQNO
|
||||||
|
-TcpGetIss (
|
||||||
|
- VOID
|
||||||
|
- );
|
||||||
|
-
|
||||||
|
/**
|
||||||
|
Get the local mss.
|
||||||
|
|
||||||
|
@@ -202,8 +194,11 @@ TcpFormatNetbuf (
|
||||||
|
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||||
|
connection.
|
||||||
|
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully
|
||||||
|
+ @retval others The underlying functions failed and could not complete the operation
|
||||||
|
+
|
||||||
|
**/
|
||||||
|
-VOID
|
||||||
|
+EFI_STATUS
|
||||||
|
TcpOnAppConnect (
|
||||||
|
IN OUT TCP_CB *Tcb
|
||||||
|
);
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
|
||||||
|
index 5e6c8c54ca..c0656ccd7d 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpInput.c
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpInput.c
|
||||||
|
@@ -759,6 +759,7 @@ TcpInput (
|
||||||
|
TCP_SEQNO Urg;
|
||||||
|
UINT16 Checksum;
|
||||||
|
INT32 Usable;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
|
||||||
|
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
|
||||||
|
|
||||||
|
@@ -908,7 +909,17 @@ TcpInput (
|
||||||
|
Tcb->LocalEnd.Port = Head->DstPort;
|
||||||
|
Tcb->RemoteEnd.Port = Head->SrcPort;
|
||||||
|
|
||||||
|
- TcpInitTcbLocal (Tcb);
|
||||||
|
+ Status = TcpInitTcbLocal (Tcb);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG (
|
||||||
|
+ (DEBUG_ERROR,
|
||||||
|
+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",
|
||||||
|
+ Tcb)
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+ goto DISCARD;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
TcpInitTcbPeer (Tcb, Seg, &Option);
|
||||||
|
|
||||||
|
TcpSetState (Tcb, TCP_SYN_RCVD);
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
|
||||||
|
index 0709298bbf..3fa572d3d4 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpMain.h
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpMain.h
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
It is the common head file for all Tcp*.c in TCP driver.
|
||||||
|
|
||||||
|
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+ Copyright (c) Microsoft Corporation
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
@@ -12,6 +13,7 @@
|
||||||
|
|
||||||
|
#include <Protocol/ServiceBinding.h>
|
||||||
|
#include <Protocol/DriverBinding.h>
|
||||||
|
+#include <Protocol/Hash2.h>
|
||||||
|
#include <Library/IpIoLib.h>
|
||||||
|
#include <Library/DevicePathLib.h>
|
||||||
|
#include <Library/PrintLib.h>
|
||||||
|
@@ -30,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
|
||||||
|
|
||||||
|
extern LIST_ENTRY mTcpRunQue;
|
||||||
|
extern LIST_ENTRY mTcpListenQue;
|
||||||
|
-extern TCP_SEQNO mTcpGlobalIss;
|
||||||
|
+extern TCP_SEQNO mTcpGlobalSecret;
|
||||||
|
extern UINT32 mTcpTick;
|
||||||
|
|
||||||
|
///
|
||||||
|
@@ -44,15 +46,6 @@ extern UINT32 mTcpTick;
|
||||||
|
|
||||||
|
#define TCP_EXPIRE_TIME 65535
|
||||||
|
|
||||||
|
-///
|
||||||
|
-/// The implementation selects the initial send sequence number and the unit to
|
||||||
|
-/// be added when it is increased.
|
||||||
|
-///
|
||||||
|
-#define TCP_BASE_ISS 0x4d7e980b
|
||||||
|
-#define TCP_ISS_INCREMENT_1 2048
|
||||||
|
-#define TCP_ISS_INCREMENT_2 100
|
||||||
|
-
|
||||||
|
-
|
||||||
|
typedef union {
|
||||||
|
EFI_TCP4_CONFIG_DATA Tcp4CfgData;
|
||||||
|
EFI_TCP6_CONFIG_DATA Tcp6CfgData;
|
||||||
|
@@ -774,4 +767,50 @@ Tcp6Poll (
|
||||||
|
IN EFI_TCP6_PROTOCOL *This
|
||||||
|
);
|
||||||
|
|
||||||
|
+/**
|
||||||
|
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||||
|
+ and remote IP addresses and ports.
|
||||||
|
+
|
||||||
|
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||||
|
+ Where the ISN is computed as follows:
|
||||||
|
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||||
|
+
|
||||||
|
+ Otherwise:
|
||||||
|
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||||
|
+
|
||||||
|
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||||
|
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||||
|
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||||
|
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||||
|
+ ISN used for some other connection. The PRF could be implemented as a
|
||||||
|
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||||
|
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||||
|
+ management of the secret key data."
|
||||||
|
+
|
||||||
|
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||||
|
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||||
|
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||||
|
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||||
|
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||||
|
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||||
|
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||||
|
+ Sequence Number (ISN).
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||||
|
+ retrieved.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||||
|
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+TcpGetIsn (
|
||||||
|
+ IN UINT8 *LocalIp,
|
||||||
|
+ IN UINTN LocalIpSize,
|
||||||
|
+ IN UINT16 LocalPort,
|
||||||
|
+ IN UINT8 *RemoteIp,
|
||||||
|
+ IN UINTN RemoteIpSize,
|
||||||
|
+ IN UINT16 RemotePort,
|
||||||
|
+ OUT TCP_SEQNO *Isn
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||||
|
index 3fa9d90d9f..42dc9fa941 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpMisc.c
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
|
||||||
|
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
|
||||||
|
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||||
|
+ Copyright (c) Microsoft Corporation
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
@@ -19,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
|
||||||
|
&mTcpListenQue
|
||||||
|
};
|
||||||
|
|
||||||
|
-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;
|
||||||
|
+//
|
||||||
|
+// The Session secret
|
||||||
|
+// This must be initialized to a random value at boot time
|
||||||
|
+//
|
||||||
|
+TCP_SEQNO mTcpGlobalSecret;
|
||||||
|
+
|
||||||
|
+//
|
||||||
|
+// Union to hold either an IPv4 or IPv6 address
|
||||||
|
+// This is used to simplify the ISN hash computation
|
||||||
|
+//
|
||||||
|
+typedef union {
|
||||||
|
+ UINT8 IPv4[4];
|
||||||
|
+ UINT8 IPv6[16];
|
||||||
|
+} NETWORK_ADDRESS;
|
||||||
|
+
|
||||||
|
+//
|
||||||
|
+// The ISN is computed by hashing this structure
|
||||||
|
+// It is initialized with the local and remote IP addresses and ports
|
||||||
|
+// and the secret
|
||||||
|
+//
|
||||||
|
+//
|
||||||
|
+typedef struct {
|
||||||
|
+ UINT16 LocalPort;
|
||||||
|
+ UINT16 RemotePort;
|
||||||
|
+ NETWORK_ADDRESS LocalAddress;
|
||||||
|
+ NETWORK_ADDRESS RemoteAddress;
|
||||||
|
+ TCP_SEQNO Secret;
|
||||||
|
+} ISN_HASH_CTX;
|
||||||
|
|
||||||
|
CHAR16 *mTcpStateName[] = {
|
||||||
|
L"TCP_CLOSED",
|
||||||
|
@@ -40,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
|
||||||
|
|
||||||
|
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||||
|
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully
|
||||||
|
+ @retval others The underlying functions failed and could not complete the operation
|
||||||
|
+
|
||||||
|
**/
|
||||||
|
-VOID
|
||||||
|
+EFI_STATUS
|
||||||
|
TcpInitTcbLocal (
|
||||||
|
IN OUT TCP_CB *Tcb
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ TCP_SEQNO Isn;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Compute the checksum of the fixed parts of pseudo header
|
||||||
|
//
|
||||||
|
@@ -56,6 +90,16 @@ TcpInitTcbLocal (
|
||||||
|
0x06,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
+
|
||||||
|
+ Status = TcpGetIsn (
|
||||||
|
+ Tcb->LocalEnd.Ip.v4.Addr,
|
||||||
|
+ sizeof (IPv4_ADDRESS),
|
||||||
|
+ Tcb->LocalEnd.Port,
|
||||||
|
+ Tcb->RemoteEnd.Ip.v4.Addr,
|
||||||
|
+ sizeof (IPv4_ADDRESS),
|
||||||
|
+ Tcb->RemoteEnd.Port,
|
||||||
|
+ &Isn
|
||||||
|
+ );
|
||||||
|
} else {
|
||||||
|
Tcb->HeadSum = NetIp6PseudoHeadChecksum (
|
||||||
|
&Tcb->LocalEnd.Ip.v6,
|
||||||
|
@@ -63,9 +107,25 @@ TcpInitTcbLocal (
|
||||||
|
0x06,
|
||||||
|
0
|
||||||
|
);
|
||||||
|
+
|
||||||
|
+ Status = TcpGetIsn (
|
||||||
|
+ Tcb->LocalEnd.Ip.v6.Addr,
|
||||||
|
+ sizeof (IPv6_ADDRESS),
|
||||||
|
+ Tcb->LocalEnd.Port,
|
||||||
|
+ Tcb->RemoteEnd.Ip.v6.Addr,
|
||||||
|
+ sizeof (IPv6_ADDRESS),
|
||||||
|
+ Tcb->RemoteEnd.Port,
|
||||||
|
+ &Isn
|
||||||
|
+ );
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
|
||||||
|
+ ASSERT (FALSE);
|
||||||
|
+ return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
- Tcb->Iss = TcpGetIss ();
|
||||||
|
+ Tcb->Iss = Isn;
|
||||||
|
Tcb->SndUna = Tcb->Iss;
|
||||||
|
Tcb->SndNxt = Tcb->Iss;
|
||||||
|
|
||||||
|
@@ -81,6 +141,8 @@ TcpInitTcbLocal (
|
||||||
|
Tcb->RetxmitSeqMax = 0;
|
||||||
|
|
||||||
|
Tcb->ProbeTimerOn = FALSE;
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -505,18 +567,162 @@ TcpCloneTcb (
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
- Compute an ISS to be used by a new connection.
|
||||||
|
-
|
||||||
|
- @return The resulting ISS.
|
||||||
|
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||||
|
+ and remote IP addresses and ports.
|
||||||
|
+
|
||||||
|
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||||
|
+ Where the ISN is computed as follows:
|
||||||
|
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||||
|
+
|
||||||
|
+ Otherwise:
|
||||||
|
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||||
|
+
|
||||||
|
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||||
|
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||||
|
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||||
|
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||||
|
+ ISN used for some other connection. The PRF could be implemented as a
|
||||||
|
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||||
|
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||||
|
+ management of the secret key data."
|
||||||
|
+
|
||||||
|
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||||
|
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||||
|
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||||
|
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||||
|
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||||
|
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||||
|
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||||
|
+ Sequence Number (ISN).
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||||
|
+ retrieved.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||||
|
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||||
|
|
||||||
|
**/
|
||||||
|
-TCP_SEQNO
|
||||||
|
-TcpGetIss (
|
||||||
|
- VOID
|
||||||
|
+EFI_STATUS
|
||||||
|
+TcpGetIsn (
|
||||||
|
+ IN UINT8 *LocalIp,
|
||||||
|
+ IN UINTN LocalIpSize,
|
||||||
|
+ IN UINT16 LocalPort,
|
||||||
|
+ IN UINT8 *RemoteIp,
|
||||||
|
+ IN UINTN RemoteIpSize,
|
||||||
|
+ IN UINT16 RemotePort,
|
||||||
|
+ OUT TCP_SEQNO *Isn
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- mTcpGlobalIss += TCP_ISS_INCREMENT_1;
|
||||||
|
- return mTcpGlobalIss;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||||
|
+ EFI_HASH2_OUTPUT HashResult;
|
||||||
|
+ ISN_HASH_CTX IsnHashCtx;
|
||||||
|
+ EFI_TIME TimeStamp;
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Check that the ISN pointer is valid
|
||||||
|
+ //
|
||||||
|
+ if (Isn == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // The local ip may be a v4 or v6 address and may not be NULL
|
||||||
|
+ //
|
||||||
|
+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // the local ip may be a v4 or v6 address
|
||||||
|
+ //
|
||||||
|
+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Locate the Hash Protocol
|
||||||
|
+ //
|
||||||
|
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // TcpCreateService(..) is expected to be called prior to this function
|
||||||
|
+ //
|
||||||
|
+ ASSERT_EFI_ERROR (Status);
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Initialize the hash algorithm
|
||||||
|
+ //
|
||||||
|
+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ IsnHashCtx.LocalPort = LocalPort;
|
||||||
|
+ IsnHashCtx.RemotePort = RemotePort;
|
||||||
|
+ IsnHashCtx.Secret = mTcpGlobalSecret;
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Check the IP address family and copy accordingly
|
||||||
|
+ //
|
||||||
|
+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||||
|
+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
|
||||||
|
+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||||
|
+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
|
||||||
|
+ } else {
|
||||||
|
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Repeat the process for the remote IP address
|
||||||
|
+ //
|
||||||
|
+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||||
|
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
|
||||||
|
+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||||
|
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
|
||||||
|
+ } else {
|
||||||
|
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Compute the hash
|
||||||
|
+ // Update the hash with the data
|
||||||
|
+ //
|
||||||
|
+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Finalize the hash and retrieve the result
|
||||||
|
+ //
|
||||||
|
+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ Status = gRT->GetTime (&TimeStamp, NULL);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // copy the first 4 bytes of the hash result into the ISN
|
||||||
|
+ //
|
||||||
|
+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
|
||||||
|
+ //
|
||||||
|
+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
|
||||||
|
+
|
||||||
|
+ return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -719,17 +925,29 @@ TcpFormatNetbuf (
|
||||||
|
|
||||||
|
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||||
|
connection.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The operation completed successfully
|
||||||
|
+ @retval others The underlying functions failed and could not complete the operation
|
||||||
|
+
|
||||||
|
**/
|
||||||
|
-VOID
|
||||||
|
+EFI_STATUS
|
||||||
|
TcpOnAppConnect (
|
||||||
|
IN OUT TCP_CB *Tcb
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- TcpInitTcbLocal (Tcb);
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+
|
||||||
|
+ Status = TcpInitTcbLocal (Tcb);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
TcpSetState (Tcb, TCP_SYN_SENT);
|
||||||
|
|
||||||
|
TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
|
||||||
|
TcpToSendData (Tcb, 1);
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||||
|
index 106d9470db..535d09d342 100644
|
||||||
|
--- a/NetworkPkg/TcpDxe/TcpTimer.c
|
||||||
|
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||||
|
@@ -2,7 +2,7 @@
|
||||||
|
TCP timer related functions.
|
||||||
|
|
||||||
|
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||||
|
-
|
||||||
|
+ Copyright (c) Microsoft Corporation
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
@@ -497,7 +497,6 @@ TcpTickingDpc (
|
||||||
|
INT16 Index;
|
||||||
|
|
||||||
|
mTcpTick++;
|
||||||
|
- mTcpGlobalIss += TCP_ISS_INCREMENT_2;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Don't use LIST_FOR_EACH, which isn't delete safe.
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,318 @@
|
|||||||
|
From c74cced5adaab44edf1bbfae63010b3fa31d4c69 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Sun, 23 Jun 2024 19:20:44 -0400
|
||||||
|
Subject: [PATCH 27/31] OvmfPkg: wire up RngDxe
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [27/31] 90226f6630261d2823bed33c4e2f6c96a4125027
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
Conflicts: - Needed to apply 9 earlier commits from Pierre Gondois
|
||||||
|
to make this one apply and build.
|
||||||
|
- Cherry pick wanted to add include files from the
|
||||||
|
missing 'add ShellComponents' (commit 2cb466cc2cbf...)
|
||||||
|
series. This had to be handled manually.
|
||||||
|
- There are no Dsc and Fdf subdirectories under
|
||||||
|
OvmfPkg/Include/ in this version. We adjust includes
|
||||||
|
and move files to OvmfPkg/ where needed.
|
||||||
|
|
||||||
|
commit 712797cf19acd292bf203522a79e40e7e13d268b
|
||||||
|
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Fri May 24 12:51:17 2024 +0200
|
||||||
|
|
||||||
|
OvmfPkg: wire up RngDxe
|
||||||
|
|
||||||
|
Add OvmfRng include snippets with the random number generator
|
||||||
|
configuration for OVMF. Include RngDxe, build with BaseRngLib,
|
||||||
|
so the rdrand instruction is used (if available).
|
||||||
|
|
||||||
|
Also move VirtioRng to the include snippets.
|
||||||
|
|
||||||
|
Use the new include snippets for OVMF builds.
|
||||||
|
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
|
||||||
|
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++-
|
||||||
|
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
|
||||||
|
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
|
||||||
|
OvmfPkg/Microvm/MicrovmX64.fdf | 3 ++-
|
||||||
|
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32.fdf | 3 ++-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||||
|
OvmfPkg/OvmfPkgX64.fdf | 2 +-
|
||||||
|
OvmfPkg/OvmfRngComponents.dsc.inc | 9 +++++++++
|
||||||
|
OvmfPkg/OvmfRngDxe.fdf.inc | 6 ++++++
|
||||||
|
13 files changed, 29 insertions(+), 11 deletions(-)
|
||||||
|
create mode 100644 OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
create mode 100644 OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||||
|
index a1a6897bc2..499ad2e6e8 100644
|
||||||
|
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||||
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||||
|
@@ -707,7 +707,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -824,6 +823,7 @@
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
!endif
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
OvmfPkg/PlatformDxe/Platform.inf
|
||||||
|
OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||||
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||||
|
index 5662609886..06ff2f1d30 100644
|
||||||
|
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||||
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||||
|
@@ -222,7 +222,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||||
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -327,6 +326,8 @@ INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||||
|
!endif
|
||||||
|
!endif
|
||||||
|
|
||||||
|
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
+
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
[FV.FVMAIN_COMPACT]
|
||||||
|
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||||
|
index d08b77ff25..4f2909b76e 100644
|
||||||
|
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||||
|
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||||
|
@@ -635,7 +635,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -744,6 +743,7 @@
|
||||||
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||||
|
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||||
|
index afd4bf3e98..0efb0b456d 100644
|
||||||
|
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||||
|
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||||
|
@@ -694,7 +694,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||||
|
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||||
|
MdeModulePkg/Universal/CapsuleRuntimeDxe/CapsuleRuntimeDxe.inf
|
||||||
|
@@ -820,6 +819,7 @@
|
||||||
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
OvmfPkg/PlatformDxe/Platform.inf
|
||||||
|
OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||||
|
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||||
|
index 6314014f3d..bd5afdafe0 100644
|
||||||
|
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||||
|
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
|
||||||
|
@@ -230,7 +230,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||||
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
|
||||||
|
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||||
|
INF MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
||||||
|
@@ -322,6 +321,8 @@ INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
||||||
|
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
||||||
|
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||||
|
|
||||||
|
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
+
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
[FV.FVMAIN_COMPACT]
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
index 47426c5cd2..f03906a9ff 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||||
|
@@ -801,7 +801,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -958,6 +957,7 @@
|
||||||
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
index 00ea14adf0..050148948c 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||||
|
@@ -228,7 +228,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||||
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
||||||
|
#
|
||||||
|
# TPM support
|
||||||
|
#
|
||||||
|
+
|
||||||
|
!if $(TPM_ENABLE) == TRUE
|
||||||
|
INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
|
||||||
|
INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||||
|
@@ -371,6 +371,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||||
|
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||||
|
!endif
|
||||||
|
!endif
|
||||||
|
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
|
||||||
|
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
|
||||||
|
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
index d4b30e8133..81145050c3 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||||
|
@@ -815,7 +815,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -972,6 +971,7 @@
|
||||||
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
index e33a40c44e..3e2373f225 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||||
|
@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||||
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -381,6 +380,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||||
|
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||||
|
!endif
|
||||||
|
!endif
|
||||||
|
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
index 5b0f6c8747..1cb169b447 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||||
|
@@ -813,7 +813,6 @@
|
||||||
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -970,6 +969,7 @@
|
||||||
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
||||||
|
}
|
||||||
|
+!include OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
|
||||||
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||||
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
index 85b4b23857..8ba0ca437a 100644
|
||||||
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||||
|
@@ -248,7 +248,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
||||||
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
||||||
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
||||||
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
||||||
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
!if $(PVSCSI_ENABLE) == TRUE
|
||||||
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
||||||
|
!endif
|
||||||
|
@@ -397,6 +396,7 @@ INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
|
||||||
|
INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf
|
||||||
|
!endif
|
||||||
|
!endif
|
||||||
|
+!include OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/OvmfRngComponents.dsc.inc b/OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..68839a0caa
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/OvmfPkg/OvmfRngComponents.dsc.inc
|
||||||
|
@@ -0,0 +1,9 @@
|
||||||
|
+##
|
||||||
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+##
|
||||||
|
+
|
||||||
|
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
|
||||||
|
+ <LibraryClasses>
|
||||||
|
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||||
|
+ }
|
||||||
|
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
diff --git a/OvmfPkg/OvmfRngDxe.fdf.inc b/OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..99cb4a32b1
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/OvmfPkg/OvmfRngDxe.fdf.inc
|
||||||
|
@@ -0,0 +1,6 @@
|
||||||
|
+##
|
||||||
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+##
|
||||||
|
+
|
||||||
|
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,246 @@
|
|||||||
|
From 660ffc1753c84e89281d54059c0cb73eef7200d0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:27:16 -0400
|
||||||
|
Subject: [PATCH 09/31] SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support
|
||||||
|
through ArmTrngLib
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [9/31] 34f5db557b893a686c382a09ceacda728dbd4ad9
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 863fe9e191fb3d90c3283062183692c04cd71975
|
||||||
|
Author: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:55 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through ArmTrngLib
|
||||||
|
|
||||||
|
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||||
|
|
||||||
|
RawAlgorithm is used to provide access to entropy that is suitable
|
||||||
|
for cryptographic applications. Therefore, add RawAlgorithm support
|
||||||
|
that provides access to entropy using the ArmTrngLib.
|
||||||
|
|
||||||
|
Also remove unused UefiBootServicesTableLib library inclusion
|
||||||
|
and Status variable.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/AArch64/RngDxe.c | 28 ++++++--
|
||||||
|
.../RandomNumberGenerator/RngDxe/ArmTrng.c | 71 +++++++++++++++++++
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++
|
||||||
|
SecurityPkg/SecurityPkg.dsc | 4 ++
|
||||||
|
4 files changed, 104 insertions(+), 4 deletions(-)
|
||||||
|
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
index c9d66d9777..c0b0d28d48 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
@@ -1,11 +1,13 @@
|
||||||
|
/** @file
|
||||||
|
RNG Driver to produce the UEFI Random Number Generator protocol.
|
||||||
|
|
||||||
|
- The driver will use the RNDR instruction to produce random numbers.
|
||||||
|
+ The driver can use RNDR instruction (through the RngLib and if FEAT_RNG is
|
||||||
|
+ present) to produce random numbers. It also uses the Arm FW-TRNG interface
|
||||||
|
+ to implement EFI_RNG_ALGORITHM_RAW.
|
||||||
|
|
||||||
|
RNG Algorithms defined in UEFI 2.4:
|
||||||
|
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
|
||||||
|
- - EFI_RNG_ALGORITHM_RAW - Unsupported
|
||||||
|
+ - EFI_RNG_ALGORITHM_RAW
|
||||||
|
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
|
||||||
|
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
|
||||||
|
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
||||||
|
@@ -26,12 +28,14 @@
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/ArmTrngLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
// Maximum number of Rng algorithms.
|
||||||
|
-#define RNG_AVAILABLE_ALGO_MAX 1
|
||||||
|
+#define RNG_AVAILABLE_ALGO_MAX 2
|
||||||
|
|
||||||
|
/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
@@ -46,8 +50,9 @@ GetAvailableAlgorithms (
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UINT64 DummyRand;
|
||||||
|
+ UINT16 MajorRevision;
|
||||||
|
+ UINT16 MinorRevision;
|
||||||
|
|
||||||
|
- // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating
|
||||||
|
// Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
if (mAvailableAlgoArray == NULL) {
|
||||||
|
@@ -64,6 +69,16 @@ GetAvailableAlgorithms (
|
||||||
|
mAvailableAlgoArrayCount++;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // Raw algorithm (Trng)
|
||||||
|
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ &gEfiRngAlgorithmRaw,
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -141,6 +156,11 @@ FoundAlgo:
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // Raw algorithm (Trng)
|
||||||
|
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
|
||||||
|
+ return GenerateEntropy (RNGValueLength, RNGValue);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Other algorithms are unsupported by this driver.
|
||||||
|
//
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..ffe557b692
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
|
||||||
|
@@ -0,0 +1,71 @@
|
||||||
|
+/** @file
|
||||||
|
+ RNG Driver to produce the UEFI Random Number Generator protocol.
|
||||||
|
+
|
||||||
|
+ The driver implements the EFI_RNG_ALGORITHM_RAW using the FW-TRNG
|
||||||
|
+ interface to provide entropy.
|
||||||
|
+
|
||||||
|
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
+
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/ArmTrngLib.h>
|
||||||
|
+#include <Protocol/Rng.h>
|
||||||
|
+
|
||||||
|
+#include "RngDxeInternals.h"
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ Generate high-quality entropy source using a TRNG or through RDRAND.
|
||||||
|
+
|
||||||
|
+ @param[in] Length Size of the buffer, in bytes, to fill with.
|
||||||
|
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
|
||||||
|
+
|
||||||
|
+ @retval RETURN_SUCCESS The function completed successfully.
|
||||||
|
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
|
||||||
|
+ @retval RETURN_UNSUPPORTED Function not implemented.
|
||||||
|
+ @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small.
|
||||||
|
+ @retval RETURN_NOT_READY No Entropy available.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GenerateEntropy (
|
||||||
|
+ IN UINTN Length,
|
||||||
|
+ OUT UINT8 *Entropy
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+ UINTN CollectedEntropyBits;
|
||||||
|
+ UINTN RequiredEntropyBits;
|
||||||
|
+ UINTN EntropyBits;
|
||||||
|
+ UINTN Index;
|
||||||
|
+ UINTN MaxBits;
|
||||||
|
+
|
||||||
|
+ ZeroMem (Entropy, Length);
|
||||||
|
+
|
||||||
|
+ RequiredEntropyBits = (Length << 3);
|
||||||
|
+ Index = 0;
|
||||||
|
+ CollectedEntropyBits = 0;
|
||||||
|
+ MaxBits = GetArmTrngMaxSupportedEntropyBits ();
|
||||||
|
+ while (CollectedEntropyBits < RequiredEntropyBits) {
|
||||||
|
+ EntropyBits = MIN ((RequiredEntropyBits - CollectedEntropyBits), MaxBits);
|
||||||
|
+ Status = GetArmTrngEntropy (
|
||||||
|
+ EntropyBits,
|
||||||
|
+ (Length - Index),
|
||||||
|
+ &Entropy[Index]
|
||||||
|
+ );
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ // Discard the collected bits.
|
||||||
|
+ ZeroMem (Entropy, Length);
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ CollectedEntropyBits += EntropyBits;
|
||||||
|
+ Index += (EntropyBits >> 3);
|
||||||
|
+ } // while
|
||||||
|
+
|
||||||
|
+ return Status;
|
||||||
|
+}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index 1985dfbb46..e0e767cbf3 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -43,8 +43,10 @@
|
||||||
|
|
||||||
|
[Sources.AARCH64]
|
||||||
|
AArch64/RngDxe.c
|
||||||
|
+ ArmTrng.c
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
+ MdeModulePkg/MdeModulePkg.dec
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
SecurityPkg/SecurityPkg.dec
|
||||||
|
|
||||||
|
@@ -57,6 +59,9 @@
|
||||||
|
TimerLib
|
||||||
|
RngLib
|
||||||
|
|
||||||
|
+[LibraryClasses.AARCH64]
|
||||||
|
+ ArmTrngLib
|
||||||
|
+
|
||||||
|
[Guids]
|
||||||
|
gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
|
||||||
|
index 73a93c2285..9f58cc2333 100644
|
||||||
|
--- a/SecurityPkg/SecurityPkg.dsc
|
||||||
|
+++ b/SecurityPkg/SecurityPkg.dsc
|
||||||
|
@@ -3,6 +3,8 @@
|
||||||
|
#
|
||||||
|
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
|
||||||
|
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
+# Copyright (c) 2022, Loongson Technology Corporation Limited. All rights reserved.<BR>
|
||||||
|
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
##
|
||||||
|
@@ -86,6 +88,8 @@
|
||||||
|
|
||||||
|
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
|
||||||
|
|
||||||
|
+ ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf
|
||||||
|
+
|
||||||
|
[LibraryClasses.ARM]
|
||||||
|
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,311 @@
|
|||||||
|
From 0c6e925403e5aa50a77797af59308e6fee4be6b1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:31:58 -0400
|
||||||
|
Subject: [PATCH 12/31] SecurityPkg/RngDxe: Add Arm support of RngDxe
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [12/31] 11b72f6d69392c7b2e8565025a576e76877fe7ed
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 9eb5ccda505917f6ee80284ed6fb5b51aa7152f9
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:58 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Add Arm support of RngDxe
|
||||||
|
|
||||||
|
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||||
|
|
||||||
|
Add RngDxe support for Arm. This implementation uses the ArmTrngLib
|
||||||
|
to support the RawAlgorithm and doens't support the RNDR instruction.
|
||||||
|
|
||||||
|
To re-use the RngGetRNG(), RngGetInfo() and FreeAvailableAlgorithms()
|
||||||
|
functions, create Arm/AArch64 files which implement the arch specific
|
||||||
|
function GetAvailableAlgorithms(). Indeed, FEAT_RNG instruction is not
|
||||||
|
supported on Arm.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/AArch64/AArch64Algo.c | 72 +++++++++++++++++++
|
||||||
|
.../RngDxe/Arm/ArmAlgo.c | 51 +++++++++++++
|
||||||
|
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 60 ----------------
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 12 +++-
|
||||||
|
SecurityPkg/SecurityPkg.dsc | 2 +-
|
||||||
|
5 files changed, 133 insertions(+), 64 deletions(-)
|
||||||
|
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..e8be217f8a
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
@@ -0,0 +1,72 @@
|
||||||
|
+/** @file
|
||||||
|
+ Aarch64 specific code.
|
||||||
|
+
|
||||||
|
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/MemoryAllocationLib.h>
|
||||||
|
+#include <Library/ArmTrngLib.h>
|
||||||
|
+
|
||||||
|
+#include "RngDxeInternals.h"
|
||||||
|
+
|
||||||
|
+// Maximum number of Rng algorithms.
|
||||||
|
+#define RNG_AVAILABLE_ALGO_MAX 2
|
||||||
|
+
|
||||||
|
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ UINT64 DummyRand;
|
||||||
|
+ UINT16 MajorRevision;
|
||||||
|
+ UINT16 MinorRevision;
|
||||||
|
+
|
||||||
|
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
+ if (mAvailableAlgoArray == NULL) {
|
||||||
|
+ return EFI_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||||
|
+ if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+
|
||||||
|
+ DEBUG_CODE_BEGIN ();
|
||||||
|
+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
+ DEBUG ((
|
||||||
|
+ DEBUG_WARN,
|
||||||
|
+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||||
|
+ ));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ DEBUG_CODE_END ();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Raw algorithm (Trng)
|
||||||
|
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ &gEfiRngAlgorithmRaw,
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..4b24f5c4a6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
|
||||||
|
@@ -0,0 +1,51 @@
|
||||||
|
+/** @file
|
||||||
|
+ Arm specific code.
|
||||||
|
+
|
||||||
|
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
+**/
|
||||||
|
+
|
||||||
|
+#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/MemoryAllocationLib.h>
|
||||||
|
+#include <Library/ArmTrngLib.h>
|
||||||
|
+
|
||||||
|
+#include "RngDxeInternals.h"
|
||||||
|
+
|
||||||
|
+// Maximum number of Rng algorithms.
|
||||||
|
+#define RNG_AVAILABLE_ALGO_MAX 1
|
||||||
|
+
|
||||||
|
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ UINT16 MajorRevision;
|
||||||
|
+ UINT16 MinorRevision;
|
||||||
|
+
|
||||||
|
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
+ if (mAvailableAlgoArray == NULL) {
|
||||||
|
+ return EFI_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Raw algorithm (Trng)
|
||||||
|
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ &gEfiRngAlgorithmRaw,
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
index a800a85792..5e7d9ef681 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
@@ -28,70 +28,10 @@
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
-#include <Library/DebugLib.h>
|
||||||
|
-#include <Library/ArmTrngLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
-// Maximum number of Rng algorithms.
|
||||||
|
-#define RNG_AVAILABLE_ALGO_MAX 2
|
||||||
|
-
|
||||||
|
-/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
- Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
-
|
||||||
|
- @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
- @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
-**/
|
||||||
|
-EFI_STATUS
|
||||||
|
-EFIAPI
|
||||||
|
-GetAvailableAlgorithms (
|
||||||
|
- VOID
|
||||||
|
- )
|
||||||
|
-{
|
||||||
|
- UINT64 DummyRand;
|
||||||
|
- UINT16 MajorRevision;
|
||||||
|
- UINT16 MinorRevision;
|
||||||
|
-
|
||||||
|
- // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
- mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
- if (mAvailableAlgoArray == NULL) {
|
||||||
|
- return EFI_OUT_OF_RESOURCES;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||||
|
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||||
|
- CopyMem (
|
||||||
|
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||||
|
- sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
- );
|
||||||
|
- mAvailableAlgoArrayCount++;
|
||||||
|
-
|
||||||
|
- DEBUG_CODE_BEGIN ();
|
||||||
|
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
- DEBUG ((
|
||||||
|
- DEBUG_WARN,
|
||||||
|
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||||
|
- ));
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- DEBUG_CODE_END ();
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // Raw algorithm (Trng)
|
||||||
|
- if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
|
||||||
|
- CopyMem (
|
||||||
|
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
- &gEfiRngAlgorithmRaw,
|
||||||
|
- sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
- );
|
||||||
|
- mAvailableAlgoArrayCount++;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return EFI_SUCCESS;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
/** Free mAvailableAlgoArray.
|
||||||
|
**/
|
||||||
|
VOID
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index 1d0bdef57d..c8e0ee4ae5 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -28,7 +28,7 @@
|
||||||
|
#
|
||||||
|
# The following information is for reference only and not required by the build tools.
|
||||||
|
#
|
||||||
|
-# VALID_ARCHITECTURES = IA32 X64 AARCH64
|
||||||
|
+# VALID_ARCHITECTURES = IA32 X64 AARCH64 ARM
|
||||||
|
#
|
||||||
|
|
||||||
|
[Sources.common]
|
||||||
|
@@ -41,10 +41,16 @@
|
||||||
|
Rand/AesCore.c
|
||||||
|
Rand/AesCore.h
|
||||||
|
|
||||||
|
-[Sources.AARCH64]
|
||||||
|
+[Sources.AARCH64, Sources.ARM]
|
||||||
|
ArmRngDxe.c
|
||||||
|
ArmTrng.c
|
||||||
|
|
||||||
|
+[Sources.AARCH64]
|
||||||
|
+ AArch64/AArch64Algo.c
|
||||||
|
+
|
||||||
|
+[Sources.ARM]
|
||||||
|
+ Arm/ArmAlgo.c
|
||||||
|
+
|
||||||
|
[Packages]
|
||||||
|
MdeModulePkg/MdeModulePkg.dec
|
||||||
|
MdePkg/MdePkg.dec
|
||||||
|
@@ -59,7 +65,7 @@
|
||||||
|
TimerLib
|
||||||
|
RngLib
|
||||||
|
|
||||||
|
-[LibraryClasses.AARCH64]
|
||||||
|
+[LibraryClasses.AARCH64, LibraryClasses.ARM]
|
||||||
|
ArmTrngLib
|
||||||
|
|
||||||
|
[Guids]
|
||||||
|
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
|
||||||
|
index 9f58cc2333..36493f04ee 100644
|
||||||
|
--- a/SecurityPkg/SecurityPkg.dsc
|
||||||
|
+++ b/SecurityPkg/SecurityPkg.dsc
|
||||||
|
@@ -281,7 +281,7 @@
|
||||||
|
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
|
||||||
|
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
|
||||||
|
|
||||||
|
-[Components.IA32, Components.X64, Components.AARCH64]
|
||||||
|
+[Components.IA32, Components.X64, Components.AARCH64, Components.ARM]
|
||||||
|
#
|
||||||
|
# Random Number Generator
|
||||||
|
#
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,58 @@
|
|||||||
|
From 8b78800fed2a4af7c08eebd20d1bf764e8e10c84 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:28:58 -0400
|
||||||
|
Subject: [PATCH 10/31] SecurityPkg/RngDxe: Add debug warning for NULL
|
||||||
|
PcdCpuRngSupportedAlgorithm
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [10/31] 66b888e9b1e2be0c79784e02b4821854bd80432d
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 6cdddccf0085cf2929f8ae710515e4e53663dfb2
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:56 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm
|
||||||
|
|
||||||
|
PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm
|
||||||
|
used by the RNDR CPU instruction to generate a random number.
|
||||||
|
Add a debug warning if the Pcd is not set.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 10 ++++++++++
|
||||||
|
1 file changed, 10 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
index c0b0d28d48..a800a85792 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
@@ -67,6 +67,16 @@ GetAvailableAlgorithms (
|
||||||
|
sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
);
|
||||||
|
mAvailableAlgoArrayCount++;
|
||||||
|
+
|
||||||
|
+ DEBUG_CODE_BEGIN ();
|
||||||
|
+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
+ DEBUG ((
|
||||||
|
+ DEBUG_WARN,
|
||||||
|
+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||||
|
+ ));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ DEBUG_CODE_END ();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Raw algorithm (Trng)
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,336 @@
|
|||||||
|
From 5bd27a5a923c8880a06d52fca48e304becbbb8f6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:25:23 -0400
|
||||||
|
Subject: [PATCH 08/31] SecurityPkg/RngDxe: Check before advertising Cpu Rng
|
||||||
|
algo
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [8/31] 5417b276749a2d1b1afa9465b5b7a501def26a12
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 4b3e9d80bedf5909a4ec901425ed9c0a738fc76f
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:54 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Check before advertising Cpu Rng algo
|
||||||
|
|
||||||
|
RngGetBytes() relies on the RngLib. The RngLib might use the RNDR
|
||||||
|
instruction if the FEAT_RNG feature is present. RngGetInfo and
|
||||||
|
RngGetRNG both must check that RngGetBytes() is working before
|
||||||
|
advertising/using it.
|
||||||
|
|
||||||
|
To do so, allocate an array storing the available algorithms.
|
||||||
|
The Rng algorithm at the lowest index will be the default Rng
|
||||||
|
algorithm. The array is shared between RngGetInfo and RngGetRNG.
|
||||||
|
|
||||||
|
This array is allocated when the driver is loaded, and freed
|
||||||
|
when unloaded.
|
||||||
|
|
||||||
|
This patch also prevents from having PcdCpuRngSupportedAlgorithm
|
||||||
|
let to a zero GUID, but let the possibility to have no valid Rng
|
||||||
|
algorithm in such case.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/AArch64/RngDxe.c | 87 +++++++++++++++++--
|
||||||
|
.../RngDxe/Rand/RngDxe.c | 26 ++++++
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.c | 40 ++++++++-
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 1 +
|
||||||
|
.../RngDxe/RngDxeInternals.h | 27 ++++++
|
||||||
|
5 files changed, 172 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
index 8c6ad4ed43..c9d66d9777 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
@@ -22,11 +22,63 @@
|
||||||
|
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
+#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
+#include <Library/RngLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
+// Maximum number of Rng algorithms.
|
||||||
|
+#define RNG_AVAILABLE_ALGO_MAX 1
|
||||||
|
+
|
||||||
|
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ UINT64 DummyRand;
|
||||||
|
+
|
||||||
|
+ // Allocate RNG_AVAILABLE_ALGO_MAX entries to avoid evaluating
|
||||||
|
+ // Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
+ if (mAvailableAlgoArray == NULL) {
|
||||||
|
+ return EFI_OUT_OF_RESOURCES;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||||
|
+ if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/** Free mAvailableAlgoArray.
|
||||||
|
+**/
|
||||||
|
+VOID
|
||||||
|
+EFIAPI
|
||||||
|
+FreeAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ FreePool (mAvailableAlgoArray);
|
||||||
|
+ return;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Produces and returns an RNG value using either the default or specified RNG algorithm.
|
||||||
|
|
||||||
|
@@ -59,6 +111,7 @@ RngGetRNG (
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
+ UINTN Index;
|
||||||
|
|
||||||
|
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
@@ -68,9 +121,21 @@ RngGetRNG (
|
||||||
|
//
|
||||||
|
// Use the default RNG algorithm if RNGAlgorithm is NULL.
|
||||||
|
//
|
||||||
|
- RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||||
|
+ for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) {
|
||||||
|
+ if (!IsZeroGuid (&mAvailableAlgoArray[Index])) {
|
||||||
|
+ RNGAlgorithm = &mAvailableAlgoArray[Index];
|
||||||
|
+ goto FoundAlgo;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (Index == mAvailableAlgoArrayCount) {
|
||||||
|
+ // No algorithm available.
|
||||||
|
+ ASSERT (Index != mAvailableAlgoArrayCount);
|
||||||
|
+ return EFI_DEVICE_ERROR;
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
+FoundAlgo:
|
||||||
|
if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
Status = RngGetBytes (RNGValueLength, RNGValue);
|
||||||
|
return Status;
|
||||||
|
@@ -113,24 +178,30 @@ RngGetInfo (
|
||||||
|
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- UINTN RequiredSize;
|
||||||
|
- EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||||
|
-
|
||||||
|
- RequiredSize = sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
+ UINTN RequiredSize;
|
||||||
|
|
||||||
|
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ RequiredSize = mAvailableAlgoArrayCount * sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
+
|
||||||
|
+ if (RequiredSize == 0) {
|
||||||
|
+ // No supported algorithms found.
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||||
|
*RNGAlgorithmListSize = RequiredSize;
|
||||||
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||||
|
-
|
||||||
|
- CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
|
||||||
|
+ if (RNGAlgorithmList == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
+ // There is no gap in the array, so copy the block.
|
||||||
|
+ CopyMem (RNGAlgorithmList, mAvailableAlgoArray, RequiredSize);
|
||||||
|
*RNGAlgorithmListSize = RequiredSize;
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 70b6ac20c9..7caa64a4ff 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -26,6 +26,32 @@
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/** Free mAvailableAlgoArray.
|
||||||
|
+**/
|
||||||
|
+VOID
|
||||||
|
+EFIAPI
|
||||||
|
+FreeAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ return;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Produces and returns an RNG value using either the default or specified RNG algorithm.
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
index 4599728889..cc2ddfcc06 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
@@ -27,6 +27,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// Array containing the validated Rng algorithm.
|
||||||
|
+// The entry with the lowest index will be the default algorithm.
|
||||||
|
+//
|
||||||
|
+UINTN mAvailableAlgoArrayCount;
|
||||||
|
+EFI_RNG_ALGORITHM *mAvailableAlgoArray;
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// The Random Number Generator (RNG) protocol
|
||||||
|
//
|
||||||
|
@@ -66,8 +73,39 @@ RngDriverEntry (
|
||||||
|
&mRngRdRand,
|
||||||
|
NULL
|
||||||
|
);
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Get the list of available algorithm.
|
||||||
|
+ //
|
||||||
|
+ return GetAvailableAlgorithms ();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/**
|
||||||
|
+ This is the unload handle for RndgDxe module.
|
||||||
|
+
|
||||||
|
+ Disconnect the driver specified by ImageHandle from all the devices in the handle database.
|
||||||
|
+ Uninstall all the protocols installed in the driver entry point.
|
||||||
|
|
||||||
|
- return Status;
|
||||||
|
+ @param[in] ImageHandle The drivers' driver image.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The image is unloaded.
|
||||||
|
+ @retval Others Failed to unload the image.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+RngDriverUnLoad (
|
||||||
|
+ IN EFI_HANDLE ImageHandle
|
||||||
|
+ )
|
||||||
|
+{
|
||||||
|
+ //
|
||||||
|
+ // Free the list of available algorithm.
|
||||||
|
+ //
|
||||||
|
+ FreeAvailableAlgorithms ();
|
||||||
|
+ return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index 60efb5562e..1985dfbb46 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -22,6 +22,7 @@
|
||||||
|
MODULE_TYPE = DXE_DRIVER
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
ENTRY_POINT = RngDriverEntry
|
||||||
|
+ UNLOAD_IMAGE = RngDriverUnLoad
|
||||||
|
MODULE_UNI_FILE = RngDxe.uni
|
||||||
|
|
||||||
|
#
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
index f17adb83fb..0ef5e6522f 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
@@ -12,6 +12,33 @@
|
||||||
|
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// Array containing the validated Rng algorithm.
|
||||||
|
+// The entry with the lowest index will be the default algorithm.
|
||||||
|
+//
|
||||||
|
+extern UINTN mAvailableAlgoArrayCount;
|
||||||
|
+extern EFI_RNG_ALGORITHM *mAvailableAlgoArray;
|
||||||
|
+
|
||||||
|
+/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS The function completed successfully.
|
||||||
|
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GetAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+/** Free mAvailableAlgoArray.
|
||||||
|
+**/
|
||||||
|
+VOID
|
||||||
|
+EFIAPI
|
||||||
|
+FreeAvailableAlgorithms (
|
||||||
|
+ VOID
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Returns information about the random number generation implementation.
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,79 @@
|
|||||||
|
From e7444d0b84a8fd41aa63ecb083e65fd56b32fd38 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Sun, 23 Jun 2024 14:21:01 -0400
|
||||||
|
Subject: [PATCH 14/31] SecurityPkg/RngDxe: Conditionally install
|
||||||
|
EFI_RNG_PROTOCOL
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [14/31] bc64d4cad6c30353723d674ef9f10eb10aeb1cac
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 75fb0cfc82376906243386514be0e4067d702117
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Thu Nov 24 17:17:55 2022 +0100
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
|
||||||
|
|
||||||
|
On Arm platforms, the number of available RNG algorithms is
|
||||||
|
dynamically detected and can be 0 in the absence of FEAT_RNG
|
||||||
|
and firmware TRNG.
|
||||||
|
In this case, the EFI_RNG_PROTOCOL should not be installed to
|
||||||
|
prevent from installing an empty protocol.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||||
|
[ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error]
|
||||||
|
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.c | 19 ++++++++++++++-----
|
||||||
|
1 file changed, 14 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
index cc2ddfcc06..55e8dd49d0 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
@@ -63,6 +63,18 @@ RngDriverEntry (
|
||||||
|
EFI_STATUS Status;
|
||||||
|
EFI_HANDLE Handle;
|
||||||
|
|
||||||
|
+ //
|
||||||
|
+ // Get the list of available algorithm.
|
||||||
|
+ //
|
||||||
|
+ Status = GetAvailableAlgorithms ();
|
||||||
|
+ if (EFI_ERROR (Status)) {
|
||||||
|
+ return Status;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (mAvailableAlgoArrayCount == 0) {
|
||||||
|
+ return EFI_REQUEST_UNLOAD_IMAGE;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Install UEFI RNG (Random Number Generator) Protocol
|
||||||
|
//
|
||||||
|
@@ -74,13 +86,10 @@ RngDriverEntry (
|
||||||
|
NULL
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
- return Status;
|
||||||
|
+ FreeAvailableAlgorithms ();
|
||||||
|
}
|
||||||
|
|
||||||
|
- //
|
||||||
|
- // Get the list of available algorithm.
|
||||||
|
- //
|
||||||
|
- return GetAvailableAlgorithms ();
|
||||||
|
+ return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,105 @@
|
|||||||
|
From b9a937603080bfada6c224a6e9da046a8a33f868 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Sun, 23 Jun 2024 14:18:18 -0400
|
||||||
|
Subject: [PATCH 13/31] SecurityPkg/RngDxe: Correctly update
|
||||||
|
mAvailableAlgoArrayCount
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [13/31] 3e06e270cad90038537305a4cb7828fcc45251fb
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit bfb574db110899471fe09db819587b3151c7b7b5
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Thu Nov 24 17:17:54 2022 +0100
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
|
||||||
|
|
||||||
|
mAvailableAlgoArrayCount holds the count of available RNG algorithms.
|
||||||
|
In a following patch, its value will be used to prevent the
|
||||||
|
EFI_RNG_PROTOCOL to be installed if no RNG algorithm is available.
|
||||||
|
|
||||||
|
Correctly set/reset the value for all implementations.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 1 +
|
||||||
|
.../RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 16 ++++++++++++++--
|
||||||
|
2 files changed, 15 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
index 5e7d9ef681..0e44d0c931 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
@@ -40,6 +40,7 @@ FreeAvailableAlgorithms (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ mAvailableAlgoArrayCount = 0;
|
||||||
|
FreePool (mAvailableAlgoArray);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 7caa64a4ff..149de875ce 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -26,6 +26,11 @@
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
+//
|
||||||
|
+// Count of Rng algorithms.
|
||||||
|
+//
|
||||||
|
+#define RNG_ALGORITHM_COUNT 2
|
||||||
|
+
|
||||||
|
/** Allocate and initialize mAvailableAlgoArray with the available
|
||||||
|
Rng algorithms. Also update mAvailableAlgoArrayCount.
|
||||||
|
|
||||||
|
@@ -38,6 +43,13 @@ GetAvailableAlgorithms (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+
|
||||||
|
+ UINT64 RngTest;
|
||||||
|
+
|
||||||
|
+ if (GetRandomNumber64 (&RngTest)) {
|
||||||
|
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -49,6 +61,7 @@ FreeAvailableAlgorithms (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
+ mAvailableAlgoArrayCount = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -159,13 +172,12 @@ RngGetInfo (
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UINTN RequiredSize;
|
||||||
|
- EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||||
|
|
||||||
|
if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
- RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
+ RequiredSize = RNG_ALGORITHM_COUNT * sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
|
||||||
|
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||||
|
*RNGAlgorithmListSize = RequiredSize;
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,98 @@
|
|||||||
|
From 0f8890578f46bc791d007b19dbbfa0dd2805032d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:23:42 -0400
|
||||||
|
Subject: [PATCH 07/31] SecurityPkg/RngDxe: Documentation/include/parameter
|
||||||
|
cleanup
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [7/31] 19a0a13d18fc7f92c7b05e8da08f4d83df77ea6c
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 199031b2b0233652ad5d5fdf73f0f44c0f264d55
|
||||||
|
Author: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:53 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Documentation/include/parameter cleanup
|
||||||
|
|
||||||
|
This patch:
|
||||||
|
-Update RngGetBytes() documentation to align the function
|
||||||
|
definition and declaration.
|
||||||
|
-Improve input parameter checking. Even though 'This'
|
||||||
|
it is not used, the parameter should always point to the
|
||||||
|
current EFI_RNG_PROTOCOL.
|
||||||
|
-Removes TimerLib inclusion as unused.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c | 3 +--
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 2 +-
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c | 3 +--
|
||||||
|
3 files changed, 3 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
index f6a0bf7b2b..8c6ad4ed43 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
@@ -23,7 +23,6 @@
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
-#include <Library/TimerLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
@@ -61,7 +60,7 @@ RngGetRNG (
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
|
||||||
|
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 5a649ecf24..70b6ac20c9 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -59,7 +59,7 @@ RngGetRNG (
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
|
||||||
|
- if ((RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
index 7b8ecfc70d..4599728889 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
@@ -23,7 +23,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/UefiBootServicesTableLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
-#include <Library/TimerLib.h>
|
||||||
|
#include <Protocol/Rng.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
@@ -73,7 +72,7 @@ RngDriverEntry (
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
- Calls RDRAND to fill a buffer of arbitrary size with random bytes.
|
||||||
|
+ Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
|
||||||
|
|
||||||
|
@param[in] Length Size of the buffer, in bytes, to fill with.
|
||||||
|
@param[out] RandBuffer Pointer to the buffer to store the random result.
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,258 @@
|
|||||||
|
From df912b4c93cd848991d9a9439d3aba441bae1d67 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:21:09 -0400
|
||||||
|
Subject: [PATCH 06/31] SecurityPkg/RngDxe: Remove
|
||||||
|
ArchGetSupportedRngAlgorithms()
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [6/31] 4066cb1503b5c5a29b6d45a4b671d0829f2671ae
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 922bf317f1731554b3e77a0a48033a38fdc75a77
|
||||||
|
Author: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:52 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Remove ArchGetSupportedRngAlgorithms()
|
||||||
|
|
||||||
|
RngGetInfo() is one of the 2 functions of the EFI_RNG_PROTOCOL.
|
||||||
|
RngGetInfo() is currently a mere wrapper around
|
||||||
|
ArchGetSupportedRngAlgorithms() which is implemented differently
|
||||||
|
depending on the architecture used.
|
||||||
|
|
||||||
|
RngGetInfo() does nothing more than calling
|
||||||
|
ArchGetSupportedRngAlgorithms(). So remove it, and let RngGetInfo()
|
||||||
|
be implemented differently according to the architecture.
|
||||||
|
|
||||||
|
This follows the implementation of the other function of the
|
||||||
|
EFI_RNG_PROTOCOL, RngGetRNG().
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/AArch64/RngDxe.c | 19 +++++--
|
||||||
|
.../RngDxe/Rand/RngDxe.c | 24 ++++++---
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.c | 49 -------------------
|
||||||
|
.../RngDxe/RngDxeInternals.h | 25 ----------
|
||||||
|
4 files changed, 33 insertions(+), 84 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
index 1cdc842966..f6a0bf7b2b 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
@@ -14,6 +14,7 @@
|
||||||
|
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
@@ -85,6 +86,7 @@ RngGetRNG (
|
||||||
|
/**
|
||||||
|
Returns information about the random number generation implementation.
|
||||||
|
|
||||||
|
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||||
|
@param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||||
|
On output with a return code of EFI_SUCCESS, the size
|
||||||
|
in bytes of the data returned in RNGAlgorithmList. On output
|
||||||
|
@@ -97,14 +99,19 @@ RngGetRNG (
|
||||||
|
is the default algorithm for the driver.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||||
|
+ @retval EFI_UNSUPPORTED The services is not supported by this driver.
|
||||||
|
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||||
|
+ hardware or firmware error.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||||
|
@retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||||
|
|
||||||
|
**/
|
||||||
|
-UINTN
|
||||||
|
+EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
-ArchGetSupportedRngAlgorithms (
|
||||||
|
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
+RngGetInfo (
|
||||||
|
+ IN EFI_RNG_PROTOCOL *This,
|
||||||
|
+ IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UINTN RequiredSize;
|
||||||
|
@@ -112,6 +119,10 @@ ArchGetSupportedRngAlgorithms (
|
||||||
|
|
||||||
|
RequiredSize = sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
|
||||||
|
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||||
|
*RNGAlgorithmListSize = RequiredSize;
|
||||||
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 19755b3bfd..5a649ecf24 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -104,6 +104,7 @@ RngGetRNG (
|
||||||
|
/**
|
||||||
|
Returns information about the random number generation implementation.
|
||||||
|
|
||||||
|
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||||
|
@param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||||
|
On output with a return code of EFI_SUCCESS, the size
|
||||||
|
in bytes of the data returned in RNGAlgorithmList. On output
|
||||||
|
@@ -116,19 +117,28 @@ RngGetRNG (
|
||||||
|
is the default algorithm for the driver.
|
||||||
|
|
||||||
|
@retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||||
|
+ @retval EFI_UNSUPPORTED No supported algorithms found.
|
||||||
|
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||||
|
+ hardware or firmware error.
|
||||||
|
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||||
|
@retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||||
|
|
||||||
|
**/
|
||||||
|
-UINTN
|
||||||
|
+EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
-ArchGetSupportedRngAlgorithms (
|
||||||
|
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
+RngGetInfo (
|
||||||
|
+ IN EFI_RNG_PROTOCOL *This,
|
||||||
|
+ IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UINTN RequiredSize;
|
||||||
|
EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm;
|
||||||
|
|
||||||
|
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM);
|
||||||
|
|
||||||
|
if (*RNGAlgorithmListSize < RequiredSize) {
|
||||||
|
@@ -136,9 +146,11 @@ ArchGetSupportedRngAlgorithms (
|
||||||
|
return EFI_BUFFER_TOO_SMALL;
|
||||||
|
}
|
||||||
|
|
||||||
|
- CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||||
|
+ if (RNGAlgorithmList == NULL) {
|
||||||
|
+ return EFI_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM));
|
||||||
|
+ CopyMem (&RNGAlgorithmList[0], &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (EFI_RNG_ALGORITHM));
|
||||||
|
|
||||||
|
// x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED
|
||||||
|
CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM));
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
index b959c70536..7b8ecfc70d 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||||||
|
@@ -28,55 +28,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- Returns information about the random number generation implementation.
|
||||||
|
-
|
||||||
|
- @param[in] This A pointer to the EFI_RNG_PROTOCOL instance.
|
||||||
|
- @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||||
|
- On output with a return code of EFI_SUCCESS, the size
|
||||||
|
- in bytes of the data returned in RNGAlgorithmList. On output
|
||||||
|
- with a return code of EFI_BUFFER_TOO_SMALL,
|
||||||
|
- the size of RNGAlgorithmList required to obtain the list.
|
||||||
|
- @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
|
||||||
|
- with one EFI_RNG_ALGORITHM element for each supported
|
||||||
|
- RNG algorithm. The list must not change across multiple
|
||||||
|
- calls to the same driver. The first algorithm in the list
|
||||||
|
- is the default algorithm for the driver.
|
||||||
|
-
|
||||||
|
- @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||||
|
- @retval EFI_UNSUPPORTED The services is not supported by this driver.
|
||||||
|
- @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a
|
||||||
|
- hardware or firmware error.
|
||||||
|
- @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||||
|
- @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||||
|
-
|
||||||
|
-**/
|
||||||
|
-EFI_STATUS
|
||||||
|
-EFIAPI
|
||||||
|
-RngGetInfo (
|
||||||
|
- IN EFI_RNG_PROTOCOL *This,
|
||||||
|
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
- )
|
||||||
|
-{
|
||||||
|
- EFI_STATUS Status;
|
||||||
|
-
|
||||||
|
- if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
|
||||||
|
- return EFI_INVALID_PARAMETER;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- //
|
||||||
|
- // Return algorithm list supported by driver.
|
||||||
|
- //
|
||||||
|
- if (RNGAlgorithmList != NULL) {
|
||||||
|
- Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList);
|
||||||
|
- } else {
|
||||||
|
- Status = EFI_INVALID_PARAMETER;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return Status;
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
//
|
||||||
|
// The Random Number Generator (RNG) protocol
|
||||||
|
//
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
index fcb8b69153..f17adb83fb 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
@@ -74,31 +74,6 @@ RngGetRNG (
|
||||||
|
OUT UINT8 *RNGValue
|
||||||
|
);
|
||||||
|
|
||||||
|
-/**
|
||||||
|
- Returns information about the random number generation implementation.
|
||||||
|
-
|
||||||
|
- @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList.
|
||||||
|
- On output with a return code of EFI_SUCCESS, the size
|
||||||
|
- in bytes of the data returned in RNGAlgorithmList. On output
|
||||||
|
- with a return code of EFI_BUFFER_TOO_SMALL,
|
||||||
|
- the size of RNGAlgorithmList required to obtain the list.
|
||||||
|
- @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver
|
||||||
|
- with one EFI_RNG_ALGORITHM element for each supported
|
||||||
|
- RNG algorithm. The list must not change across multiple
|
||||||
|
- calls to the same driver. The first algorithm in the list
|
||||||
|
- is the default algorithm for the driver.
|
||||||
|
-
|
||||||
|
- @retval EFI_SUCCESS The RNG algorithm list was returned successfully.
|
||||||
|
- @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result.
|
||||||
|
-
|
||||||
|
-**/
|
||||||
|
-UINTN
|
||||||
|
-EFIAPI
|
||||||
|
-ArchGetSupportedRngAlgorithms (
|
||||||
|
- IN OUT UINTN *RNGAlgorithmListSize,
|
||||||
|
- OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||||
|
- );
|
||||||
|
-
|
||||||
|
/**
|
||||||
|
Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes.
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,55 @@
|
|||||||
|
From 05ffe3749d73942cf4df7ed8f53ae239e62d5376 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:30:19 -0400
|
||||||
|
Subject: [PATCH 11/31] SecurityPkg/RngDxe: Rename AArch64/RngDxe.c
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [11/31] 39c8a7a1e45c7c26f5d16f79d81abac1fbae4f22
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit ff29cdb968a1a4d7bd7ab4eba2597a77c0748dc2
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:57 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Rename AArch64/RngDxe.c
|
||||||
|
|
||||||
|
To re-use the AArch64/RngDxe.c for an Arm implementation,
|
||||||
|
rename AArch64/RngDxe.c to ArmRngDxe.c.
|
||||||
|
|
||||||
|
Acked-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
||||||
|
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/{AArch64/RngDxe.c => ArmRngDxe.c} | 0
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +-
|
||||||
|
2 files changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
rename SecurityPkg/RandomNumberGenerator/RngDxe/{AArch64/RngDxe.c => ArmRngDxe.c} (100%)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
similarity index 100%
|
||||||
|
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
|
||||||
|
rename to SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index e0e767cbf3..1d0bdef57d 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -42,7 +42,7 @@
|
||||||
|
Rand/AesCore.h
|
||||||
|
|
||||||
|
[Sources.AARCH64]
|
||||||
|
- AArch64/RngDxe.c
|
||||||
|
+ ArmRngDxe.c
|
||||||
|
ArmTrng.c
|
||||||
|
|
||||||
|
[Packages]
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,176 @@
|
|||||||
|
From 2a5e4e144cbea46784fde638765a9c9068ed2869 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Tue, 25 Jun 2024 22:19:10 -0400
|
||||||
|
Subject: [PATCH 05/31] SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to
|
||||||
|
generic name
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [5/31] 12b8646964435f1a70def57afb9f4565b11c5dc8
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
CVE: CVE-2022-45237
|
||||||
|
Upstream: Merged
|
||||||
|
|
||||||
|
commit 8a89747844a5061791e55a25daedcf895180a794
|
||||||
|
Author: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Date: Fri Oct 28 17:32:50 2022 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Rename RdRandGenerateEntropy to generic name
|
||||||
|
|
||||||
|
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
|
||||||
|
|
||||||
|
Rename RdRandGenerateEntropy() to GenerateEntropy() to provide a
|
||||||
|
common interface to generate entropy on other architectures.
|
||||||
|
GenerateEntropy() is intended to generate high quality entropy.
|
||||||
|
|
||||||
|
Also move the definition to RngDxeInternals.h
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/Rand/RdRand.c | 20 ++++++++++++-----
|
||||||
|
.../RngDxe/Rand/RngDxe.c | 7 ++++--
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 2 +-
|
||||||
|
.../RngDxe/RngDxeInternals.h | 22 ++++++++++++++++++-
|
||||||
|
4 files changed, 41 insertions(+), 10 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||||
|
index 83025a47d4..853bf43148 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c
|
||||||
|
@@ -1,15 +1,23 @@
|
||||||
|
/** @file
|
||||||
|
- Support routines for RDRAND instruction access.
|
||||||
|
-
|
||||||
|
+ Support routines for RDRAND instruction access, which will leverage
|
||||||
|
+ Intel Secure Key technology to provide high-quality random numbers for use
|
||||||
|
+ in applications, or entropy for seeding other random number generators.
|
||||||
|
+ Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
|
||||||
|
+ -generator-drng-software-implementation-guide/ for more information about Intel
|
||||||
|
+ Secure Key technology.
|
||||||
|
+
|
||||||
|
+Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
+#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
#include <Library/RngLib.h>
|
||||||
|
+#include <Library/TimerLib.h>
|
||||||
|
|
||||||
|
#include "AesCore.h"
|
||||||
|
-#include "RdRand.h"
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -87,9 +95,9 @@ RdRandGetSeed128 (
|
||||||
|
**/
|
||||||
|
EFI_STATUS
|
||||||
|
EFIAPI
|
||||||
|
-RdRandGenerateEntropy (
|
||||||
|
- IN UINTN Length,
|
||||||
|
- OUT UINT8 *Entropy
|
||||||
|
+GenerateEntropy (
|
||||||
|
+ IN UINTN Length,
|
||||||
|
+ OUT UINT8 *Entropy
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 834123b945..19755b3bfd 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -14,13 +14,16 @@
|
||||||
|
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
|
||||||
|
- EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported
|
||||||
|
|
||||||
|
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
-#include "RdRand.h"
|
||||||
|
+#include <Library/BaseLib.h>
|
||||||
|
+#include <Library/BaseMemoryLib.h>
|
||||||
|
+
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -88,7 +91,7 @@ RngGetRNG (
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
}
|
||||||
|
|
||||||
|
- Status = RdRandGenerateEntropy (RNGValueLength, RNGValue);
|
||||||
|
+ Status = GenerateEntropy (RNGValueLength, RNGValue);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index f330097199..60efb5562e 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -10,6 +10,7 @@
|
||||||
|
#
|
||||||
|
# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||||
|
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
|
||||||
|
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
|
||||||
|
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
#
|
||||||
|
##
|
||||||
|
@@ -36,7 +37,6 @@
|
||||||
|
[Sources.IA32, Sources.X64]
|
||||||
|
Rand/RngDxe.c
|
||||||
|
Rand/RdRand.c
|
||||||
|
- Rand/RdRand.h
|
||||||
|
Rand/AesCore.c
|
||||||
|
Rand/AesCore.h
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
index 25cccbe92c..fcb8b69153 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
|
||||||
|
@@ -10,6 +10,8 @@
|
||||||
|
#ifndef RNGDXE_INTERNALS_H_
|
||||||
|
#define RNGDXE_INTERNALS_H_
|
||||||
|
|
||||||
|
+#include <Protocol/Rng.h>
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
Returns information about the random number generation implementation.
|
||||||
|
|
||||||
|
@@ -114,4 +116,22 @@ RngGetBytes (
|
||||||
|
OUT UINT8 *RandBuffer
|
||||||
|
);
|
||||||
|
|
||||||
|
-#endif // RNGDXE_INTERNALS_H_
|
||||||
|
+/**
|
||||||
|
+ Generate high-quality entropy source using a TRNG or through RDRAND.
|
||||||
|
+
|
||||||
|
+ @param[in] Length Size of the buffer, in bytes, to fill with.
|
||||||
|
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
|
||||||
|
+
|
||||||
|
+ @retval EFI_SUCCESS Entropy generation succeeded.
|
||||||
|
+ @retval EFI_NOT_READY Failed to request random data.
|
||||||
|
+
|
||||||
|
+**/
|
||||||
|
+EFI_STATUS
|
||||||
|
+EFIAPI
|
||||||
|
+GenerateEntropy (
|
||||||
|
+ IN UINTN Length,
|
||||||
|
+ OUT UINT8 *Entropy
|
||||||
|
+ );
|
||||||
|
+
|
||||||
|
+#endif // RNGDXE_INTERNALS_H_
|
||||||
|
+
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,78 @@
|
|||||||
|
From 1a0bf45b088e05f6eb7edaa0d24aec894ea3491b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:11:16 -0400
|
||||||
|
Subject: [PATCH 23/31] SecurityPkg/RngDxe: Simplify Rng algorithm selection
|
||||||
|
for Arm
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [23/31] 21b2854eed63bf5d406cfec5ac03b9ae3901a679
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit ff7ddc02b273f9159ef46fdb67d99062f8e598d9
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:10 2023 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
|
||||||
|
|
||||||
|
The first element of mAvailableAlgoArray is defined as the default
|
||||||
|
Rng algorithm to use. Don't go through the array at each RngGetRNG()
|
||||||
|
call and just return the first element of the array.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 17 ++++-------------
|
||||||
|
1 file changed, 4 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
index 2fc36fc186..7249904413 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
@@ -77,7 +77,6 @@ RngGetRNG (
|
||||||
|
)
|
||||||
|
{
|
||||||
|
EFI_STATUS Status;
|
||||||
|
- UINTN Index;
|
||||||
|
GUID RngGuid;
|
||||||
|
|
||||||
|
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
@@ -88,21 +87,13 @@ RngGetRNG (
|
||||||
|
//
|
||||||
|
// Use the default RNG algorithm if RNGAlgorithm is NULL.
|
||||||
|
//
|
||||||
|
- for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) {
|
||||||
|
- if (!IsZeroGuid (&mAvailableAlgoArray[Index])) {
|
||||||
|
- RNGAlgorithm = &mAvailableAlgoArray[Index];
|
||||||
|
- goto FoundAlgo;
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (Index == mAvailableAlgoArrayCount) {
|
||||||
|
- // No algorithm available.
|
||||||
|
- ASSERT (Index != mAvailableAlgoArrayCount);
|
||||||
|
- return EFI_DEVICE_ERROR;
|
||||||
|
+ if (mAvailableAlgoArrayCount != 0) {
|
||||||
|
+ RNGAlgorithm = &mAvailableAlgoArray[0];
|
||||||
|
+ } else {
|
||||||
|
+ return EFI_UNSUPPORTED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-FoundAlgo:
|
||||||
|
Status = GetRngGuid (&RngGuid);
|
||||||
|
if (!EFI_ERROR (Status) &&
|
||||||
|
CompareGuid (RNGAlgorithm, &RngGuid))
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,195 @@
|
|||||||
|
From 6b3795dcecf31b0d8aa7edabeffccf37b7259ff0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:09:46 -0400
|
||||||
|
Subject: [PATCH 22/31] SecurityPkg/RngDxe: Use GetRngGuid() when probing
|
||||||
|
RngLib
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [22/31] 17b40bc3daeba2ba8407826e17f3096c4a5151c6
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 19438cff973bfb35a1ef12fab45fabb28b63fe64
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:09 2023 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
|
||||||
|
|
||||||
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
|
||||||
|
|
||||||
|
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||||
|
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||||
|
To allow the RngDxe to detect when such implementation is used,
|
||||||
|
a GetRngGuid() function was added in a previous patch.
|
||||||
|
|
||||||
|
The EFI_RNG_PROTOCOL can advertise multiple algorithms through
|
||||||
|
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
|
||||||
|
advertise the RngLib in the Arm implementation.
|
||||||
|
|
||||||
|
The issues of doing that are:
|
||||||
|
- the RngLib implementation might not use CPU instructions,
|
||||||
|
cf. the BaseRngLibTimerLib
|
||||||
|
- most platforms don't set PcdCpuRngSupportedAlgorithm
|
||||||
|
|
||||||
|
A GetRngGuid() was added to the RngLib in a previous patch,
|
||||||
|
allowing to identify the algorithm implemented by the RngLib.
|
||||||
|
Make use of this function and place the unsage algorithm
|
||||||
|
at the last position in the mAvailableAlgoArray.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------
|
||||||
|
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 8 ++-
|
||||||
|
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +-
|
||||||
|
3 files changed, 45 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
index e8be217f8a..a270441ebb 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
|
||||||
|
@@ -10,6 +10,8 @@
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/ArmTrngLib.h>
|
||||||
|
+#include <Library/RngLib.h>
|
||||||
|
+#include <Guid/RngAlgorithm.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
@@ -28,9 +30,13 @@ GetAvailableAlgorithms (
|
||||||
|
VOID
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- UINT64 DummyRand;
|
||||||
|
- UINT16 MajorRevision;
|
||||||
|
- UINT16 MinorRevision;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
+ UINT16 MajorRevision;
|
||||||
|
+ UINT16 MinorRevision;
|
||||||
|
+ GUID RngGuid;
|
||||||
|
+ BOOLEAN UnSafeAlgo;
|
||||||
|
+
|
||||||
|
+ UnSafeAlgo = FALSE;
|
||||||
|
|
||||||
|
// Rng algorithms 2 times, one for the allocation, one to populate.
|
||||||
|
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
|
||||||
|
@@ -38,24 +44,29 @@ GetAvailableAlgorithms (
|
||||||
|
return EFI_OUT_OF_RESOURCES;
|
||||||
|
}
|
||||||
|
|
||||||
|
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
|
||||||
|
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
|
||||||
|
- CopyMem (
|
||||||
|
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
|
||||||
|
- sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
- );
|
||||||
|
- mAvailableAlgoArrayCount++;
|
||||||
|
-
|
||||||
|
- DEBUG_CODE_BEGIN ();
|
||||||
|
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
+ // Identify RngLib algorithm.
|
||||||
|
+ Status = GetRngGuid (&RngGuid);
|
||||||
|
+ if (!EFI_ERROR (Status)) {
|
||||||
|
+ if (IsZeroGuid (&RngGuid) ||
|
||||||
|
+ CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
|
||||||
|
+ {
|
||||||
|
+ // Treat zero GUID as an unsafe algorithm
|
||||||
|
DEBUG ((
|
||||||
|
DEBUG_WARN,
|
||||||
|
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
|
||||||
|
+ "RngLib uses an Unsafe algorithm and "
|
||||||
|
+ "must not be used for production builds.\n"
|
||||||
|
));
|
||||||
|
+ // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
|
||||||
|
+ // so that it can be added at the end of the algorithm list.
|
||||||
|
+ UnSafeAlgo = TRUE;
|
||||||
|
+ } else {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ &RngGuid,
|
||||||
|
+ sizeof (RngGuid)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- DEBUG_CODE_END ();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Raw algorithm (Trng)
|
||||||
|
@@ -68,5 +79,15 @@ GetAvailableAlgorithms (
|
||||||
|
mAvailableAlgoArrayCount++;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ // Add unsafe algorithm at the end of the list.
|
||||||
|
+ if (UnSafeAlgo) {
|
||||||
|
+ CopyMem (
|
||||||
|
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
|
||||||
|
+ &gEdkiiRngAlgorithmUnSafe,
|
||||||
|
+ sizeof (EFI_RNG_ALGORITHM)
|
||||||
|
+ );
|
||||||
|
+ mAvailableAlgoArrayCount++;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return EFI_SUCCESS;
|
||||||
|
}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
index 0e44d0c931..2fc36fc186 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
|
||||||
|
@@ -76,8 +76,9 @@ RngGetRNG (
|
||||||
|
OUT UINT8 *RNGValue
|
||||||
|
)
|
||||||
|
{
|
||||||
|
- EFI_STATUS Status;
|
||||||
|
+ EFI_STATUS Status;
|
||||||
|
UINTN Index;
|
||||||
|
+ GUID RngGuid;
|
||||||
|
|
||||||
|
if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
|
||||||
|
return EFI_INVALID_PARAMETER;
|
||||||
|
@@ -102,7 +103,10 @@ RngGetRNG (
|
||||||
|
}
|
||||||
|
|
||||||
|
FoundAlgo:
|
||||||
|
- if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
|
||||||
|
+ Status = GetRngGuid (&RngGuid);
|
||||||
|
+ if (!EFI_ERROR (Status) &&
|
||||||
|
+ CompareGuid (RNGAlgorithm, &RngGuid))
|
||||||
|
+ {
|
||||||
|
Status = RngGetBytes (RNGValueLength, RNGValue);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index d6c2d30195..8704a64441 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -75,13 +75,11 @@
|
||||||
|
gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
+ gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
|
||||||
|
|
||||||
|
[Protocols]
|
||||||
|
gEfiRngProtocolGuid ## PRODUCES
|
||||||
|
|
||||||
|
-[Pcd.AARCH64]
|
||||||
|
- gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||||
|
-
|
||||||
|
[Depex]
|
||||||
|
TRUE
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,57 @@
|
|||||||
|
From 5022087de4a4bcd113ef0325e657bd78b798d5f6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 10:33:43 -0400
|
||||||
|
Subject: [PATCH 26/31] SecurityPkg/RngDxe: add rng test
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [26/31] 97c8deefd351f2755cf458f10679dd1d859fb321
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit a61bc0accb8a76edba4f073fdc7bafc908df045d
|
||||||
|
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
Date: Fri May 31 09:49:13 2024 +0200
|
||||||
|
|
||||||
|
SecurityPkg/RngDxe: add rng test
|
||||||
|
|
||||||
|
Check whenever RngLib actually returns random numbers, only return
|
||||||
|
a non-zero number of Algorithms if that is the case.
|
||||||
|
|
||||||
|
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
|
||||||
|
only in case it can actually deliver random numbers.
|
||||||
|
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
|
||||||
|
Check whenever RngLib actually returns random numbers, only return
|
||||||
|
a non-zero number of Algorithms if that is the case.
|
||||||
|
|
||||||
|
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
|
||||||
|
only in case it can actually deliver random numbers.
|
||||||
|
|
||||||
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||||
|
---
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
index 149de875ce..e374b62208 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/BaseMemoryLib.h>
|
||||||
|
+#include <Library/RngLib.h>
|
||||||
|
|
||||||
|
#include "RngDxeInternals.h"
|
||||||
|
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
@ -0,0 +1,104 @@
|
|||||||
|
From 1548ea758f7d9d58fd61110f5719cc12786380d3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
Date: Thu, 20 Jun 2024 16:01:08 -0400
|
||||||
|
Subject: [PATCH 17/31] SecurityPkg/SecurityPkg.dec: Move
|
||||||
|
PcdCpuRngSupportedAlgorithm to MdePkg
|
||||||
|
|
||||||
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||||
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||||
|
RH-Acked-by: Gerd Hoffmann <None>
|
||||||
|
RH-Commit: [17/31] 01f31c97f800f3451072762c0e9a9eb59f1cc2ab
|
||||||
|
|
||||||
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||||
|
Upstream: Merged
|
||||||
|
CVE: CVE-2023-45237
|
||||||
|
|
||||||
|
commit 65b5dd828ef2ea5056031b239a4e7a6642f771a3
|
||||||
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Date: Fri Aug 11 16:33:04 2023 +0200
|
||||||
|
|
||||||
|
SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
|
||||||
|
|
||||||
|
In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a
|
||||||
|
following patch and to avoid making the MdePkg dependent on another
|
||||||
|
package, move PcdCpuRngSupportedAlgorithm to the MdePkg.
|
||||||
|
|
||||||
|
As the Pcd is only used for AARCH64, place it in an AARCH64
|
||||||
|
specific sections.
|
||||||
|
|
||||||
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||||
|
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||||
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||||
|
Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
|
||||||
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||||
|
|
||||||
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||||
|
---
|
||||||
|
.../Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 2 +-
|
||||||
|
MdePkg/MdePkg.dec | 5 +++++
|
||||||
|
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 4 ++--
|
||||||
|
SecurityPkg/SecurityPkg.dec | 2 --
|
||||||
|
4 files changed, 8 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
index f857290e82..f729001060 100644
|
||||||
|
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||||
|
@@ -19,7 +19,7 @@
|
||||||
|
INF_VERSION = 1.27
|
||||||
|
BASE_NAME = BaseRngLibTimerLib
|
||||||
|
MODULE_UNI_FILE = BaseRngLibTimerLib.uni
|
||||||
|
- FILE_GUID = 74950C45-10FC-4AB5-B114-49C87C17409B
|
||||||
|
+ FILE_GUID = B3E66B05-D218-4B9A-AC33-EF0F83D6A513
|
||||||
|
MODULE_TYPE = BASE
|
||||||
|
VERSION_STRING = 1.0
|
||||||
|
LIBRARY_CLASS = RngLib
|
||||||
|
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||||
|
index 6389a48338..8f05e822ac 100644
|
||||||
|
--- a/MdePkg/MdePkg.dec
|
||||||
|
+++ b/MdePkg/MdePkg.dec
|
||||||
|
@@ -2306,6 +2306,11 @@
|
||||||
|
# @Prompt Memory Address of GuidedExtractHandler Table.
|
||||||
|
gEfiMdePkgTokenSpaceGuid.PcdGuidedExtractHandlerTableAddress|0x1000000|UINT64|0x30001015
|
||||||
|
|
||||||
|
+[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64]
|
||||||
|
+ ## GUID identifying the Rng algorithm implemented by CPU instruction.
|
||||||
|
+ # @Prompt CPU Rng algorithm's GUID.
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00000037
|
||||||
|
+
|
||||||
|
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
||||||
|
## This value is used to set the base address of PCI express hierarchy.
|
||||||
|
# @Prompt PCI Express Base Address.
|
||||||
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
index c8e0ee4ae5..d6c2d30195 100644
|
||||||
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
||||||
|
@@ -79,8 +79,8 @@
|
||||||
|
[Protocols]
|
||||||
|
gEfiRngProtocolGuid ## PRODUCES
|
||||||
|
|
||||||
|
-[Pcd]
|
||||||
|
- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||||
|
+[Pcd.AARCH64]
|
||||||
|
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES
|
||||||
|
|
||||||
|
[Depex]
|
||||||
|
TRUE
|
||||||
|
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
|
||||||
|
index 9f7a032d60..8cf80b1e84 100644
|
||||||
|
--- a/SecurityPkg/SecurityPkg.dec
|
||||||
|
+++ b/SecurityPkg/SecurityPkg.dec
|
||||||
|
@@ -323,8 +323,6 @@
|
||||||
|
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
|
||||||
|
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
|
||||||
|
|
||||||
|
- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032
|
||||||
|
-
|
||||||
|
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
|
||||||
|
## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
|
||||||
|
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
|
||||||
|
--
|
||||||
|
2.39.3
|
||||||
|
|
Loading…
Reference in new issue