rpms
/
edk2
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '198e572715'
${ noResults }
edk2/SOURCES/edk2-SecurityPkg-RngDxe-Add...

312 lines
9.4 KiB
Raw Blame History

From 0c6e925403e5aa50a77797af59308e6fee4be6b1 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 25 Jun 2024 22:31:58 -0400
Subject: [PATCH 12/31] SecurityPkg/RngDxe: Add Arm support of RngDxe
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [12/31] 11b72f6d69392c7b2e8565025a576e76877fe7ed
JIRA: https://issues.redhat.com/browse/RHEL-21856
CVE: CVE-2022-45237
Upstream: Merged
commit 9eb5ccda505917f6ee80284ed6fb5b51aa7152f9
Author: Pierre Gondois <pierre.gondois@arm.com>
Date: Fri Oct 28 17:32:58 2022 +0200
SecurityPkg/RngDxe: Add Arm support of RngDxe
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
Add RngDxe support for Arm. This implementation uses the ArmTrngLib
to support the RawAlgorithm and doens't support the RNDR instruction.
To re-use the RngGetRNG(), RngGetInfo() and FreeAvailableAlgorithms()
functions, create Arm/AArch64 files which implement the arch specific
function GetAvailableAlgorithms(). Indeed, FEAT_RNG instruction is not
supported on Arm.
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
Acked-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
.../RngDxe/AArch64/AArch64Algo.c | 72 +++++++++++++++++++
.../RngDxe/Arm/ArmAlgo.c | 51 +++++++++++++
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 60 ----------------
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 12 +++-
SecurityPkg/SecurityPkg.dsc | 2 +-
5 files changed, 133 insertions(+), 64 deletions(-)
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
new file mode 100644
index 0000000000..e8be217f8a
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
@@ -0,0 +1,72 @@
+/** @file
+ Aarch64 specific code.
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/ArmTrngLib.h>
+
+#include "RngDxeInternals.h"
+
+// Maximum number of Rng algorithms.
+#define RNG_AVAILABLE_ALGO_MAX 2
+
+/** Allocate and initialize mAvailableAlgoArray with the available
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
+**/
+EFI_STATUS
+EFIAPI
+GetAvailableAlgorithms (
+ VOID
+ )
+{
+ UINT64 DummyRand;
+ UINT16 MajorRevision;
+ UINT16 MinorRevision;
+
+ // Rng algorithms 2 times, one for the allocation, one to populate.
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
+ if (mAvailableAlgoArray == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
+ if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ PcdGetPtr (PcdCpuRngSupportedAlgorithm),
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+
+ DEBUG_CODE_BEGIN ();
+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+ DEBUG ((
+ DEBUG_WARN,
+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
+ ));
+ }
+
+ DEBUG_CODE_END ();
+ }
+
+ // Raw algorithm (Trng)
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &gEfiRngAlgorithmRaw,
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+ }
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
new file mode 100644
index 0000000000..4b24f5c4a6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c
@@ -0,0 +1,51 @@
+/** @file
+ Arm specific code.
+
+ Copyright (c) 2022, Arm Limited. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/ArmTrngLib.h>
+
+#include "RngDxeInternals.h"
+
+// Maximum number of Rng algorithms.
+#define RNG_AVAILABLE_ALGO_MAX 1
+
+/** Allocate and initialize mAvailableAlgoArray with the available
+ Rng algorithms. Also update mAvailableAlgoArrayCount.
+
+ @retval EFI_SUCCESS The function completed successfully.
+ @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
+**/
+EFI_STATUS
+EFIAPI
+GetAvailableAlgorithms (
+ VOID
+ )
+{
+ UINT16 MajorRevision;
+ UINT16 MinorRevision;
+
+ // Rng algorithms 2 times, one for the allocation, one to populate.
+ mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
+ if (mAvailableAlgoArray == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ // Raw algorithm (Trng)
+ if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &gEfiRngAlgorithmRaw,
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+ }
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
index a800a85792..5e7d9ef681 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
@@ -28,70 +28,10 @@
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/RngLib.h>
-#include <Library/DebugLib.h>
-#include <Library/ArmTrngLib.h>
#include <Protocol/Rng.h>
#include "RngDxeInternals.h"
-// Maximum number of Rng algorithms.
-#define RNG_AVAILABLE_ALGO_MAX 2
-
-/** Allocate and initialize mAvailableAlgoArray with the available
- Rng algorithms. Also update mAvailableAlgoArrayCount.
-
- @retval EFI_SUCCESS The function completed successfully.
- @retval EFI_OUT_OF_RESOURCES Could not allocate memory.
-**/
-EFI_STATUS
-EFIAPI
-GetAvailableAlgorithms (
- VOID
- )
-{
- UINT64 DummyRand;
- UINT16 MajorRevision;
- UINT16 MinorRevision;
-
- // Rng algorithms 2 times, one for the allocation, one to populate.
- mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
- if (mAvailableAlgoArray == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
- CopyMem (
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
- sizeof (EFI_RNG_ALGORITHM)
- );
- mAvailableAlgoArrayCount++;
-
- DEBUG_CODE_BEGIN ();
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
- DEBUG ((
- DEBUG_WARN,
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
- ));
- }
-
- DEBUG_CODE_END ();
- }
-
- // Raw algorithm (Trng)
- if (!EFI_ERROR (GetArmTrngVersion (&MajorRevision, &MinorRevision))) {
- CopyMem (
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
- &gEfiRngAlgorithmRaw,
- sizeof (EFI_RNG_ALGORITHM)
- );
- mAvailableAlgoArrayCount++;
- }
-
- return EFI_SUCCESS;
-}
-
/** Free mAvailableAlgoArray.
**/
VOID
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 1d0bdef57d..c8e0ee4ae5 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -28,7 +28,7 @@
#
# The following information is for reference only and not required by the build tools.
#
-# VALID_ARCHITECTURES = IA32 X64 AARCH64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64 ARM
#
[Sources.common]
@@ -41,10 +41,16 @@
Rand/AesCore.c
Rand/AesCore.h
-[Sources.AARCH64]
+[Sources.AARCH64, Sources.ARM]
ArmRngDxe.c
ArmTrng.c
+[Sources.AARCH64]
+ AArch64/AArch64Algo.c
+
+[Sources.ARM]
+ Arm/ArmAlgo.c
+
[Packages]
MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
@@ -59,7 +65,7 @@
TimerLib
RngLib
-[LibraryClasses.AARCH64]
+[LibraryClasses.AARCH64, LibraryClasses.ARM]
ArmTrngLib
[Guids]
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9f58cc2333..36493f04ee 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -281,7 +281,7 @@
SecurityPkg/EnrollFromDefaultKeysApp/EnrollFromDefaultKeysApp.inf
SecurityPkg/VariableAuthenticated/SecureBootDefaultKeysDxe/SecureBootDefaultKeysDxe.inf
-[Components.IA32, Components.X64, Components.AARCH64]
+[Components.IA32, Components.X64, Components.AARCH64, Components.ARM]
#
# Random Number Generator
#
--
2.39.3
Reference in new issue View Git Blame Copy Permalink