Some comment: 1) Please note that global variable is not allowed in BaseLib. +STATIC BOOLEAN mHasRdRand;
2) We already have https://github.com/tianocore/edk2/tree/master/MdePkg/Library/BaseRngLib Why we need another BaseRngLib ? > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sean > Rhodes > Sent: Thursday, February 24, 2022 6:44 AM > To: devel@edk2.groups.io > Cc: Dong, Guo <guo.d...@intel.com>; Patrick Rudolph > <patrick.rudo...@9elements.com>; Yao, Jiewen <jiewen....@intel.com>; > Wang, Jian J <jian.j.w...@intel.com> > Subject: [edk2-devel] [PATCH 1/2] SecurityPkg: Add RNG support > > From: Patrick Rudolph <patrick.rudo...@9elements.com> > > Uses the RDRAND instruction if available and install EfiRngProtocol. > The protocol may be used by iPXE or the Linux kernel to gather entropy. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Jian J Wang <jian.j.w...@intel.com> > Cc: Guo Dong <guo.d...@intel.com> > Signed-off-by: Patrick Rudolph <patrick.rudo...@9elements.com> > --- > SecurityPkg/Library/BaseRngLib/BaseRng.c | 199 ++++++++++++++++++ > SecurityPkg/Library/BaseRngLib/BaseRngLib.inf | 32 +++ > SecurityPkg/Library/BaseRngLib/BaseRngLib.uni | 17 ++ > 3 files changed, 248 insertions(+) > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRng.c > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > create mode 100644 SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRng.c > b/SecurityPkg/Library/BaseRngLib/BaseRng.c > new file mode 100644 > index 0000000000..c21e713cb0 > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRng.c > @@ -0,0 +1,199 @@ > +/** @file > > + Random number generator services that uses RdRand instruction access > > + to provide high-quality random numbers. > > + > > +Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include <Library/BaseLib.h> > > +#include <Library/DebugLib.h> > > +#include <Register/Intel/Cpuid.h> > > + > > +STATIC BOOLEAN mHasRdRand; > > + > > +// > > +// Bit mask used to determine if RdRand instruction is supported. > > +// > > +#define RDRAND_MASK BIT30 > > + > > +// > > +// Limited retry number when valid random data is returned. > > +// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and > IA-32 > > +// Architectures Software Developer's Mannual". > > +// > > +#define RDRAND_RETRY_LIMIT 10 > > + > > +/** > > + The constructor function checks whether or not RDRAND instruction is > supported > > + by the host hardware. > > + > > + The constructor function checks whether or not RDRAND instruction is > supported. > > + It will always return RETURN_SUCCESS. > > + > > + @retval RETURN_SUCCESS The constructor always returns EFI_SUCCESS. > > + > > +**/ > > +RETURN_STATUS > > +EFIAPI > > +BaseRngLibConstructor ( > > + VOID > > + ) > > +{ > > + UINT32 RegEax; > > + UINT32 RegEcx; > > + > > + AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); > > + if (RegEax < 1) { > > + mHasRdRand = FALSE; > > + return RETURN_SUCCESS; > > + } > > + > > + // > > + // Determine RDRAND support by examining bit 30 of the ECX register > returned by > > + // CPUID. A value of 1 indicates that processor support RDRAND instruction. > > + // > > + AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0); > > + > > + mHasRdRand = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); > > + > > + return RETURN_SUCCESS; > > +} > > + > > +/** > > + Generates a 16-bit random number. > > + > > + if Rand is NULL, then ASSERT(). > > + > > + @param[out] Rand Buffer pointer to store the 16-bit random value. > > + > > + @retval TRUE Random number generated successfully. > > + @retval FALSE Failed to generate the random number. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +GetRandomNumber16 ( > > + OUT UINT16 *Rand > > + ) > > +{ > > + UINT32 Index; > > + > > + ASSERT (Rand != NULL); > > + > > + if (mHasRdRand) { > > + // > > + // A loop to fetch a 16 bit random value with a retry count limit. > > + // > > + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { > > + if (AsmRdRand16 (Rand)) { > > + return TRUE; > > + } > > + } > > + } > > + > > + return FALSE; > > +} > > + > > +/** > > + Generates a 32-bit random number. > > + > > + if Rand is NULL, then ASSERT(). > > + > > + @param[out] Rand Buffer pointer to store the 32-bit random value. > > + > > + @retval TRUE Random number generated successfully. > > + @retval FALSE Failed to generate the random number. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +GetRandomNumber32 ( > > + OUT UINT32 *Rand > > + ) > > +{ > > + UINT32 Index; > > + > > + ASSERT (Rand != NULL); > > + > > + if (mHasRdRand) { > > + // > > + // A loop to fetch a 32 bit random value with a retry count limit. > > + // > > + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { > > + if (AsmRdRand32 (Rand)) { > > + return TRUE; > > + } > > + } > > + } > > + > > + return FALSE; > > +} > > + > > +/** > > + Generates a 64-bit random number. > > + > > + if Rand is NULL, then ASSERT(). > > + > > + @param[out] Rand Buffer pointer to store the 64-bit random value. > > + > > + @retval TRUE Random number generated successfully. > > + @retval FALSE Failed to generate the random number. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +GetRandomNumber64 ( > > + OUT UINT64 *Rand > > + ) > > +{ > > + UINT32 Index; > > + > > + ASSERT (Rand != NULL); > > + > > + if (mHasRdRand) { > > + // > > + // A loop to fetch a 64 bit random value with a retry count limit. > > + // > > + for (Index = 0; Index < RDRAND_RETRY_LIMIT; Index++) { > > + if (AsmRdRand64 (Rand)) { > > + return TRUE; > > + } > > + } > > + } > > + > > + return FALSE; > > +} > > + > > +/** > > + Generates a 128-bit random number. > > + > > + if Rand is NULL, then ASSERT(). > > + > > + @param[out] Rand Buffer pointer to store the 128-bit random value. > > + > > + @retval TRUE Random number generated successfully. > > + @retval FALSE Failed to generate the random number. > > + > > +**/ > > +BOOLEAN > > +EFIAPI > > +GetRandomNumber128 ( > > + OUT UINT64 *Rand > > + ) > > +{ > > + ASSERT (Rand != NULL); > > + > > + // > > + // Read first 64 bits > > + // > > + if (!GetRandomNumber64 (Rand)) { > > + return FALSE; > > + } > > + > > + // > > + // Read second 64 bits > > + // > > + return GetRandomNumber64 (++Rand); > > +} > > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > new file mode 100644 > index 0000000000..67a91ccfff > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.inf > @@ -0,0 +1,32 @@ > +## @file > > +# Instance of RNG (Random Number Generator) Library. > > +# > > +# Copyright (c) 2020 9elements Agency GmbH.<BR> > > +# > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 0x00010005 > > + BASE_NAME = BaseRngLib > > + MODULE_UNI_FILE = BaseRngLib.uni > > + FILE_GUID = 05C48431-DE18-4550-931A-3350E8551498 > > + MODULE_TYPE = BASE > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = RngLib > > + CONSTRUCTOR = BaseRngLibConstructor > > + > > +# > > +# VALID_ARCHITECTURES = IA32 X64 > > +# > > + > > +[Sources.Ia32, Sources.X64] > > + BaseRng.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + > > +[LibraryClasses] > > + BaseLib > > + DebugLib > > diff --git a/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > new file mode 100644 > index 0000000000..f3ed954c52 > --- /dev/null > +++ b/SecurityPkg/Library/BaseRngLib/BaseRngLib.uni > @@ -0,0 +1,17 @@ > +// /** @file > > +// Instance of RNG (Random Number Generator) Library. > > +// > > +// BaseRng Library that uses CPU RdRand instruction access to provide > > +// high-quality random numbers. > > +// > > +// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > > +// > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > +// > > +// **/ > > + > > + > > +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG > Library" > > + > > +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library > that uses CPU RdRand instruction access to provide high-quality random > numbers" > > + > > -- > 2.32.0 > > > > -=-=-=-=-=-= > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#86924): https://edk2.groups.io/g/devel/message/86924 > Mute This Topic: https://groups.io/mt/89353220/1772286 > Group Owner: devel+ow...@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen....@intel.com] > -=-=-=-=-=-= > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#89820): https://edk2.groups.io/g/devel/message/89820 Mute This Topic: https://groups.io/mt/89353220/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
