Re: 回复: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64


Rebecca Cran
 

On 4/28/21 7:13 PM, gaoliming wrote:
Rebecca:

-----邮件原件-----
发件人: Rebecca Cran <rebecca@nuviainc.com>
发送时间: 2021年4月29日 4:44
收件人: devel@edk2.groups.io
抄送: Rebecca Cran <rebecca@nuviainc.com>; Jiewen Yao
<jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Michael D
Kinney <michael.d.kinney@intel.com>; Liming Gao
<gaoliming@byosoft.com.cn>; Zhiguang Liu <zhiguang.liu@intel.com>; Ard
Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
<Sami.Mujawar@arm.com>
主题: [PATCH 3/3] SecurityPkg: Add support for RngDxe on AARCH64

AARCH64 support has been added to BaseRngLib via the optional
ARMv8.5 FEAT_RNG.

Refactor RngDxe to support AARCH64, note support for it in the
VALID_ARCHITECTURES line of RngDxe.inf and enable it in SecurityPkg.dsc.

Signed-off-by: Rebecca Cran <rebecca@nuviainc.com>
---
SecurityPkg/SecurityPkg.dsc |
11 +-
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf |
19 +++-
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h |
37 ++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.h |
0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.h |
0
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h |
88 ++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c |
54 +++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c |
108 ++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/AesCore.c |
0
SecurityPkg/RandomNumberGenerator/RngDxe/{ => Rand}/RdRand.c |
0
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c |
120 ++++++++++++++++++++
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c |
117 ++++---------------
12 files changed, 450 insertions(+), 104 deletions(-)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 12ccd1634941..bd4b810bce61 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -259,6 +259,12 @@ [Components]
[Components.IA32, Components.X64, Components.ARM,
Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf

+[Components.IA32, Components.X64, Components.AARCH64]
+ #
+ # Random Number Generator
+ #
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+
[Components.IA32, Components.X64]

SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigD
xe.inf

@@ -334,11 +340,6 @@ [Components.IA32, Components.X64]

SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresence
Lib.inf

SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2Physic
alPresenceLib.inf

- #
- # Random Number Generator
- #
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-
#
# Opal Password solution
#
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 99d6f6b35fc2..c188b6076c00 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -26,15 +26,24 @@ [Defines]
#
# The following information is for reference only and not required by the
build tools.
#
-# VALID_ARCHITECTURES = IA32 X64
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
#

[Sources.common]
RngDxe.c
- RdRand.c
- RdRand.h
- AesCore.c
- AesCore.h
+ RngDxeInternals.h
+
+[Sources.IA32, Sources.X64]
+ Rand/RngDxe.c
+ Rand/RdRand.c
+ Rand/RdRand.h
+ Rand/AesCore.c
+ Rand/AesCore.h
+
+[Sources.AARCH64]
+ AArch64/RngDxe.c
+ AArch64/Rndr.c
+ AArch64/Rndr.h

[Packages]
MdePkg/MdePkg.dec
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
new file mode 100644
index 000000000000..458faa834a3d
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.h
@@ -0,0 +1,37 @@
+/** @file
+ Header for the RNDR APIs used by RNG DXE driver.
+
+ Support API definitions for RNDR instruction access.
+
+
+ Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNDR_H_
+#define RNDR_H_
+
+#include <Library/BaseLib.h>
+#include <Protocol/Rng.h>
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random
result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ );
+
+#endif // RNDR_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/AesCore.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
similarity index 100%
rename from SecurityPkg/RandomNumberGenerator/RngDxe/RdRand.h
rename to SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
new file mode 100644
index 000000000000..7e38fc2564f6
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
@@ -0,0 +1,88 @@
+/** @file
+ Function prototypes for UEFI Random Number Generator protocol
support.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef RNGDXE_INTERNALS_H_
+#define RNGDXE_INTERNALS_H_
+
+extern EFI_RNG_ALGORITHM *mSUpportedRngAlgorithms;
+
+/**
+ Returns information about the random number generation
implementation.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
RNGAlgorithmList.
+ On output with a return code
of EFI_SUCCESS, the size
+ in bytes of the data returned
in RNGAlgorithmList. On output
+ with a return code of
EFI_BUFFER_TOO_SMALL,
+ the size of RNGAlgorithmList
required to obtain the list.
+ @param[out] RNGAlgorithmList A caller-allocated memory
buffer filled by the driver
+ with one
EFI_RNG_ALGORITHM element for each supported
+ RNG algorithm. The list must
not change across multiple
+ calls to the same driver. The
first algorithm in the list
+ is the default algorithm for
the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was
returned successfully.
+ @retval EFI_UNSUPPORTED The services is not supported
by this driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could
not be retrieved due to a
+ hardware or firmware error.
+ @retval EFI_INVALID_PARAMETER One or more of the
parameters are incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList
is too small to hold the result.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ );
+
+/**
+ Produces and returns an RNG value using either the default or specified
RNG algorithm.
+
+ @param[in] This A pointer to the
EFI_RNG_PROTOCOL instance.
+ @param[in] RNGAlgorithm A pointer to the
EFI_RNG_ALGORITHM that identifies the RNG
+ algorithm to use. May be
NULL in which case the function will
+ use its default RNG
algorithm.
+ @param[in] RNGValueLength The length in bytes of the
memory buffer pointed to by
+ RNGValue. The driver shall
return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory
buffer filled by the driver with the
+ resulting RNG value.
+
+ @retval EFI_SUCCESS The RNG value was returned
successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by
RNGAlgorithm is not supported by
+ this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be
retrieved due to a hardware or
+ firmware error.
+ @retval EFI_NOT_READY There is not enough random
data available to satisfy the length
+ requested by
RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or
RNGValueLength is zero.
+
+**/
+EFI_STATUS
+EFIAPI
+RngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ );
+
+/**
+ Returns the size of the RNG algorithms structure.
+
+ @return Size of the EFI_RNG_ALGORITHM list.
+**/
+UINTN
+EFIAPI
+ArchGetSupportedRngAlgorithmsSize (
+ VOID
+ );
+
+#endif // RNGDXE_INTERNALS_H_
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
new file mode 100644
index 000000000000..36166a9cbc13
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/Rndr.c
@@ -0,0 +1,54 @@
+/** @file
+ Support routines for RNDR instruction access.
+
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
+ Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
+
+#include "Rndr.h"
+
+/**
+ Calls RNDR to fill a buffer of arbitrary size with random bytes.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] RandBuffer Pointer to the buffer to store the random
result.
+
+ @retval EFI_SUCCESS Random bytes generation succeeded.
+ @retval EFI_NOT_READY Failed to request random bytes.
+
+**/
+EFI_STATUS
+EFIAPI
+RndrGetBytes (
+ IN UINTN Length,
+ OUT UINT8 *RandBuffer
+ )
+{
+ BOOLEAN IsRandom;
+ UINT64 TempRand;
+
+ while (Length > 0) {
+ IsRandom = GetRandomNumber64 (&TempRand);
+ if (!IsRandom) {
+ return EFI_NOT_READY;
+ }
+ if (Length >= sizeof (TempRand)) {
+ WriteUnaligned64 ((UINT64*)RandBuffer, TempRand);
+ RandBuffer += sizeof (UINT64);
+ Length -= sizeof (TempRand);
+ } else {
+ CopyMem (RandBuffer, &TempRand, Length);
+ Length = 0;
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
Can this function be shared between X86 and AARCH64?
Yes. I've removed it, and will send out a v2 series.

--
Rebecca Cran

Join devel@edk2.groups.io to automatically receive all group messages.