[edk2-devel] [PATCH v3 18/22] SecurityPkg/RngDxe: Add AArch64 RawAlgorithm support through TrngLib
PierreGondois
pierre.gondois at arm.com
Wed Jun 29 15:02:33 UTC 2022
From: Sami Mujawar <sami.mujawar at arm.com>
Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668)
RawAlgorithm is used to provide access to entropy that is suitable
for cryptographic applications. Therefore, add RawAlgorithm support
that provides access to entropy using the TrngLib.
Also remove unused UefiBootServicesTableLib library inclusion
and Status variable.
Signed-off-by: Sami Mujawar <sami.mujawar at arm.com>
---
.../RngDxe/AArch64/RngDxe.c | 28 +++++++-
.../RandomNumberGenerator/RngDxe/ArmTrng.c | 71 +++++++++++++++++++
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 ++
SecurityPkg/SecurityPkg.dsc | 7 ++
4 files changed, 108 insertions(+), 3 deletions(-)
create mode 100644 SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
index d8b696bbea5f..ee3f1ee78434 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -1,11 +1,13 @@
/** @file
RNG Driver to produce the UEFI Random Number Generator protocol.
- The driver will use the RNDR instruction to produce random numbers.
+ The driver can use RNDR instruction (through the RngLib and if FEAT_RNG is
+ present) to produce random numbers. It also uses the Arm FW-TRNG interface
+ to implement EFI_RNG_ALGORITHM_RAW.
RNG Algorithms defined in UEFI 2.4:
- EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID
- - EFI_RNG_ALGORITHM_RAW - Unsupported
+ - EFI_RNG_ALGORITHM_RAW
- EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID
- EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID
- EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported
@@ -24,6 +26,8 @@
#include <Library/BaseMemoryLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/RngLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TrngLib.h>
#include <Protocol/Rng.h>
#include "RngDxeInternals.h"
@@ -34,7 +38,7 @@
// populated only once.
// The valid entry with the lowest index will be the default algorithm.
//
-#define RNG_AVAILABLE_ALGO_MAX 1
+#define RNG_AVAILABLE_ALGO_MAX 2
STATIC BOOLEAN mAvailableAlgoArrayInit = FALSE;
STATIC UINTN mAvailableAlgoArrayCount;
STATIC EFI_RNG_ALGORITHM mAvailableAlgoArray[RNG_AVAILABLE_ALGO_MAX];
@@ -48,6 +52,9 @@ RngInitAvailableAlgoArray (
VOID
)
{
+ UINT16 MajorRevision;
+ UINT16 MinorRevision;
+
// Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
if (!EFI_ERROR (RngGetBytes (sizeof (Rand), (UINT8 *)&Rand))) {
CopyMem (
@@ -58,6 +65,16 @@ RngInitAvailableAlgoArray (
mAvailableAlgoArrayCount++;
}
+ // Raw algorithm (Trng)
+ if (!EFI_ERROR (GetTrngVersion (&MajorRevision, &MinorRevision))) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &gEfiRngAlgorithmRaw,
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+ }
+
mAvailableAlgoArrayInit = TRUE;
}
@@ -127,6 +144,11 @@ FoundAlgo:
return Status;
}
+ // Raw algorithm (Trng)
+ if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) {
+ return GenerateEntropy (RNGValueLength, RNGValue);
+ }
+
//
// Other algorithms are unsupported by this driver.
//
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
new file mode 100644
index 000000000000..6100e02b32b0
--- /dev/null
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmTrng.c
@@ -0,0 +1,71 @@
+/** @file
+ RNG Driver to produce the UEFI Random Number Generator protocol.
+
+ The driver implements the EFI_RNG_ALGORITHM_RAW using the FW-TRNG
+ interface to provide entropy.
+
+ Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TrngLib.h>
+#include <Protocol/Rng.h>
+
+#include "RngDxeInternals.h"
+
+/**
+ Generate high-quality entropy source using a TRNG or through RDRAND.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
+
+ @retval RETURN_SUCCESS The function completed successfully.
+ @retval RETURN_INVALID_PARAMETER Invalid parameter.
+ @retval RETURN_UNSUPPORTED Function not implemented.
+ @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small.
+ @retval RETURN_NOT_READY No Entropy available.
+**/
+EFI_STATUS
+EFIAPI
+GenerateEntropy (
+ IN UINTN Length,
+ OUT UINT8 *Entropy
+ )
+{
+ EFI_STATUS Status;
+ UINTN CollectedEntropyBits;
+ UINTN RequiredEntropyBits;
+ UINTN EntropyBits;
+ UINTN Index;
+ UINTN MaxBits;
+
+ ZeroMem (Entropy, Length);
+
+ RequiredEntropyBits = (Length << 3);
+ Index = 0;
+ CollectedEntropyBits = 0;
+ MaxBits = GetTrngMaxSupportedEntropyBits ();
+ while (CollectedEntropyBits < RequiredEntropyBits) {
+ EntropyBits = MIN ((RequiredEntropyBits - CollectedEntropyBits), MaxBits);
+ Status = GetTrngEntropy (
+ EntropyBits,
+ (Length - Index),
+ &Entropy[Index]
+ );
+ if (EFI_ERROR (Status)) {
+ // Discard the collected bits.
+ ZeroMem (Entropy, Length);
+ return Status;
+ }
+
+ CollectedEntropyBits += EntropyBits;
+ Index += (EntropyBits >> 3);
+ } // while
+
+ return Status;
+}
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
index 60efb5562ee0..6c3d42066804 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
@@ -42,8 +42,10 @@ [Sources.IA32, Sources.X64]
[Sources.AARCH64]
AArch64/RngDxe.c
+ ArmTrng.c
[Packages]
+ MdeModulePkg/MdeModulePkg.dec
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
@@ -56,6 +58,9 @@ [LibraryClasses]
TimerLib
RngLib
+[LibraryClasses.AARCH64]
+ TrngLib
+
[Guids]
gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index d883747474e4..490076542a33 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -3,6 +3,7 @@
#
# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
+# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -87,6 +88,12 @@ [LibraryClasses.ARM, LibraryClasses.AARCH64]
ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
+ # Arm FW-TRNG interface library.
+ TrngLib|ArmPkg/Library/ArmFwTrngLib/ArmFwTrngLib.inf
+ ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
+ ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
+ ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf
+
[LibraryClasses.ARM]
RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#90869): https://edk2.groups.io/g/devel/message/90869
Mute This Topic: https://groups.io/mt/92066754/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list