From patchwork Wed Apr 27 15:50:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 66799 Delivered-To: patch@linaro.org Received: by 10.140.93.198 with SMTP id d64csp2266134qge; Wed, 27 Apr 2016 08:50:38 -0700 (PDT) X-Received: by 10.107.128.74 with SMTP id b71mr10464089iod.87.1461772238669; Wed, 27 Apr 2016 08:50:38 -0700 (PDT) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id g84si10570351ioj.33.2016.04.27.08.50.38; Wed, 27 Apr 2016 08:50:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linaro-uefi-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linaro-uefi-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=linaro-uefi-bounces@lists.linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id EE396611F9; Wed, 27 Apr 2016 15:50:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 75FC8610A6; Wed, 27 Apr 2016 15:50:33 +0000 (UTC) X-Original-To: linaro-uefi@lists.linaro.org Delivered-To: linaro-uefi@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 340C1610FF; Wed, 27 Apr 2016 15:50:17 +0000 (UTC) Received: from mail-wm0-f43.google.com (mail-wm0-f43.google.com [74.125.82.43]) by lists.linaro.org (Postfix) with ESMTPS id 0162360181 for ; Wed, 27 Apr 2016 15:50:15 +0000 (UTC) Received: by mail-wm0-f43.google.com with SMTP id u206so55906488wme.1 for ; Wed, 27 Apr 2016 08:50:14 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lqx8B0lRp6I2HEiV3Wag/uUvnoBhqXpTCAVDivdGYN8=; b=Yz3LnrVRRerislsKyTwzLcYNQdtYogF1O3SJIYy7276i4BhvEcSW8sJJar1kXwGdou gGavcPvHi76W9o3VIBrgIyzlFNy6BGvG6+KZ2YfUb1IjCj1qIeCrGybVb2h62aTaMaPn OO9XRDx4cld91Cp4HNtIWuqANYjgK+dWRkBvVj+FRKpSBqAFYGF4UGVvPc8qYtgK3RQS oGUAtsI3msvsxCAu+iF7IwVuirvewUucfJ3PpRAj7FeE3ws0/pI92ezL4fWYA8tS+rvg rRQK5PhvBjh5mRjYA70pVIhoKAYE5Q3QYzWEbRqkeAVOZKxLajWbK9EsFyT2drSZF/0F AhOw== X-Gm-Message-State: AOPr4FXyP+M9sfYS2zx41MsXVs/fVwvWZAWWW0EdnOeh0OApZtGUtayRqEtby7Sir5mcIVGGMhY= X-Received: by 10.28.29.147 with SMTP id d141mr21447265wmd.91.1461772213810; Wed, 27 Apr 2016 08:50:13 -0700 (PDT) Received: from localhost.localdomain ([195.55.142.58]) by smtp.gmail.com with ESMTPSA id jp2sm4716565wjc.16.2016.04.27.08.50.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 27 Apr 2016 08:50:13 -0700 (PDT) From: Ard Biesheuvel To: linaro-uefi@Lists.linaro.org, leif.lindholm@linaro.org, ricardo.salveti@linaro.org Date: Wed, 27 Apr 2016 17:50:02 +0200 Message-Id: <1461772202-6504-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Cc: leo.duran@amd.com Subject: [Linaro-uefi] [PATCH] Platforms/AMD/Styx: implement h/w based EFI_RNG_PROTOCOL X-BeenThere: linaro-uefi@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: linaro-uefi-bounces@lists.linaro.org Sender: "Linaro-uefi" This implements the EFI_RNG_PROTOCOL protocol based on the True Random Number Generator (TRNG) that can be found in Seattle SOCs. Note that only the raw EFI RNG algorithm is exposed, since this is essentially what the hardware supplies, and deterministic algorithms could potentially be implemented on top of this by another driver. The primary purpose currently is to enable the arm64 Linux KASLR implementation to randomize the kernel VA space at early boot time. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.c | 189 ++++++++++++++++++++ Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf | 47 +++++ 2 files changed, 236 insertions(+) diff --git a/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.c b/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.c new file mode 100644 index 000000000000..c3de0b9f5c33 --- /dev/null +++ b/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.c @@ -0,0 +1,189 @@ +/** @file + + This driver produces an EFI_RNG_PROTOCOL instance for the AMD Seattle CCP + + Copyright (C) 2016, Linaro Ltd. + + This program and the accompanying materials are licensed and made available + under the terms and conditions of the BSD License which accompanies this + distribution. The full text of the license may be found at + http://opensource.org/licenses/bsd-license.php + + THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT + WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + +**/ + +#include +#include +#include + +#include + +#define CCP_TRNG_OFFSET 0xc +#define CCP_TNRG_RETRIES 5 + +STATIC EFI_PHYSICAL_ADDRESS mCcpRngOutputReg; + +STATIC EFI_HANDLE mHandle; + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL + instance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of + RNGAlgorithmList. + On output with a return code of + EFI_SUCCESS, the size in bytes of the + data returned in RNGAlgorithmList. On + output with a return code of + EFI_BUFFER_TOO_SMALL, the size of + RNGAlgorithmList required to obtain the + list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled + by the driver with one EFI_RNG_ALGORITHM + element for each supported RNG algorithm. + The list must not change across multiple + calls to the same driver. The first + algorithm in the list is the default + algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned + successfully. + @retval EFI_UNSUPPORTED The services is not supported by this + driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be + retrieved due to a hardware or firmware + error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are + incorrect. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small + to hold the result. + +**/ +STATIC +EFI_STATUS +EFIAPI +StyxRngGetInfo ( + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ) +{ + if (This == NULL || RNGAlgorithmListSize == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) { + *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM); + return EFI_BUFFER_TOO_SMALL; + } + + if (RNGAlgorithmList == NULL) { + return EFI_INVALID_PARAMETER; + } + + *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM); + CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw); + + return EFI_SUCCESS; +} + +/** + Produces and returns an RNG value using either the default or specified RNG + algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL + instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that + identifies the RNG algorithm to use. May + be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer + pointed to by RNGValue. The driver shall + return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled + by the driver with the resulting RNG + value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm + is not supported by this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due + to a hardware or firmware error. + @retval EFI_NOT_READY There is not enough random data available + to satisfy the length requested by + RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is + zero. + +**/ +STATIC +EFI_STATUS +EFIAPI +StyxRngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + UINT32 Val; + UINT32 Retries; + UINT32 Loop; + + if (This == NULL || RNGValueLength == 0 || RNGValue == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // We only support the raw algorithm, so reject requests for anything else + // + if (RNGAlgorithm != NULL && + !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + return EFI_UNSUPPORTED; + } + + do { + Retries = CCP_TNRG_RETRIES; + do { + Val = MmioRead32 (mCcpRngOutputReg); + } while (!Val && Retries-- > 0); + + if (!Val) { + return EFI_DEVICE_ERROR; + } + + for (Loop = 0; Loop < 4 && RNGValueLength > 0; Loop++, RNGValueLength--) { + *RNGValue++ = (UINT8)Val; + Val >>= 8; + } + } while (RNGValueLength > 0); + + return EFI_SUCCESS; +} + +STATIC EFI_RNG_PROTOCOL mStyxRngProtocol = { + StyxRngGetInfo, + StyxRngGetRNG +}; + +// +// Entry point of this driver. +// +EFI_STATUS +EFIAPI +StyxRngEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + mCcpRngOutputReg = PcdGet64 (PcdCCPBase) + CCP_TRNG_OFFSET; + + return SystemTable->BootServices->InstallMultipleProtocolInterfaces ( + &mHandle, + &gEfiRngProtocolGuid, &mStyxRngProtocol, + NULL + ); +} diff --git a/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf b/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf new file mode 100644 index 000000000000..3ffb69d8aade --- /dev/null +++ b/Platforms/AMD/Styx/Drivers/StyxRngDxe/StyxRngDxe.inf @@ -0,0 +1,47 @@ +## @file +# This driver produces an EFI_RNG_PROTOCOL instance for the AMD Seattle CCP +# +# Copyright (C) 2016, Linaro Ltd. +# +# This program and the accompanying materials are licensed and made available +# under the terms and conditions of the BSD License which accompanies this +# distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php +# +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT +# WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = StyxRngDxe + FILE_GUID = 58E26F0D-CBAC-4BBA-B70F-18221415665A + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = StyxRngEntryPoint + +[Sources] + StyxRngDxe.c + +[Packages] + MdePkg/MdePkg.dec + AmdModulePkg/AmdModulePkg.dec + +[LibraryClasses] + BaseMemoryLib + IoLib + PcdLib + UefiDriverEntryPoint + +[Pcd] + gAmdModulePkgTokenSpaceGuid.PcdCCPBase + +[Protocols] + gEfiRngProtocolGuid ## PRODUCES + +[Guids] + gEfiRngAlgorithmRaw + +[Depex] + TRUE