[RFC,04/16] x86/efi: Generating random number in EFI stub

Message ID	1437056730-15247-5-git-send-email-jlee@suse.com (mailing list archive)
State	RFC
Delegated to:	Rafael Wysocki
Headers	show Return-Path: <linux-pm-owner@kernel.org> From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com> To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, "Rafael J. Wysocki" <rjw@sisk.pl>, Matthew Garrett <matthew.garrett@nebula.com>, Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>, Josh Boyer <jwboyer@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>, Matt Fleming <matt.fleming@intel.com>, Jiri Kosina <jkosina@suse.cz>, "H. Peter Anvin" <hpa@zytor.com>, "Lee, Chun-Yi" <jlee@suse.com> Subject: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub Date: Thu, 16 Jul 2015 22:25:18 +0800 Message-Id: <1437056730-15247-5-git-send-email-jlee@suse.com> In-Reply-To: <1437056730-15247-1-git-send-email-jlee@suse.com> References: <1437056730-15247-1-git-send-email-jlee@suse.com> Sender: linux-pm-owner@vger.kernel.org Precedence: bulk

Message ID

1437056730-15247-5-git-send-email-jlee@suse.com (mailing list archive)

State

RFC

Delegated to:

Rafael Wysocki

Headers

From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org,
	"Rafael J. Wysocki" <rjw@sisk.pl>,
	Matthew Garrett <matthew.garrett@nebula.com>,
	Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
	Josh Boyer <jwboyer@redhat.com>, Vojtech Pavlik <vojtech@suse.cz>,
	Matt Fleming <matt.fleming@intel.com>, Jiri Kosina <jkosina@suse.cz>,
	"H. Peter Anvin" <hpa@zytor.com>, "Lee, Chun-Yi" <jlee@suse.com>
Subject: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub
Date: Thu, 16 Jul 2015 22:25:18 +0800
Message-Id: <1437056730-15247-5-git-send-email-jlee@suse.com>
In-Reply-To: <1437056730-15247-1-git-send-email-jlee@suse.com>
References: <1437056730-15247-1-git-send-email-jlee@suse.com>
Sender: linux-pm-owner@vger.kernel.org
Precedence: bulk

Commit Message

Chun-Yi Lee July 16, 2015, 2:25 p.m. UTC

This patch adds the codes for generating random number array as the
HMAC key that will used by later EFI stub codes.

The original codes in efi_random copied from aslr and add the codes
to accept input entropy and EFI debugging. In later patch will add
the codes to get random number by EFI protocol. The separate codes
can avoid impacting aslr function.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 arch/x86/boot/compressed/Makefile     |  1 +
 arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
 arch/x86/boot/compressed/misc.c       |  4 +-
 arch/x86/boot/compressed/misc.h       |  2 +-
 4 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100644 arch/x86/boot/compressed/efi_random.c

Comments

Pavel Machek July 28, 2015, 12:01 p.m. UTC | #1

Hi!

> This patch adds the codes for generating random number array as the
> HMAC key that will used by later EFI stub codes.
> 
> The original codes in efi_random copied from aslr and add the codes
> to accept input entropy and EFI debugging. In later patch will add
> the codes to get random number by EFI protocol. The separate codes
> can avoid impacting aslr function.
> 
> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>

> +#define X86_FEATURE_EDX_TSC	(1 << 4)
> +#define X86_FEATURE_ECX_RDRAND	(1 << 30)

Can you pull it from existing includes somewhere?

> +static bool rdrand_feature(void)
> +{
> +	return (cpuid_ecx(0x1) & X86_FEATURE_ECX_RDRAND);
> +}
> +
> +static bool rdtsc_feature(void)
> +{
> +	return (cpuid_edx(0x1) & X86_FEATURE_EDX_TSC);
> +}

Are these helpers neccessary?

> +	if (rdrand_feature()) {
> +		efi_printk(sys_table, " RDRAND");
> +		if (rdrand_long(&raw)) {
> +			random ^= raw;
> +			use_i8254 = false;
> +		}
> +	}
> +
> +	if (rdtsc_feature()) {
> +		efi_printk(sys_table, " RDTSC");
> +		rdtscll(raw);
> +
> +		random ^= raw;
> +		use_i8254 = false;
> +	}

You'll do two (expensive) cpuids calls here.

Matt Fleming July 30, 2015, 3:37 p.m. UTC | #2

On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote:
> This patch adds the codes for generating random number array as the
> HMAC key that will used by later EFI stub codes.
> 
> The original codes in efi_random copied from aslr and add the codes
> to accept input entropy and EFI debugging. In later patch will add
> the codes to get random number by EFI protocol. The separate codes
> can avoid impacting aslr function.
> 
> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> ---
>  arch/x86/boot/compressed/Makefile     |  1 +
>  arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
>  arch/x86/boot/compressed/misc.c       |  4 +-
>  arch/x86/boot/compressed/misc.h       |  2 +-
>  4 files changed, 92 insertions(+), 3 deletions(-)
>  create mode 100644 arch/x86/boot/compressed/efi_random.c

[...]

> +static unsigned long get_random_long(unsigned long entropy,
> +				     struct boot_params *boot_params,
> +				     efi_system_table_t *sys_table)
> +{
> +#ifdef CONFIG_X86_64
> +	const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
> +#else
> +	const unsigned long mix_const = 0x3f39e593UL;
> +#endif
> +	unsigned long raw, random;
> +	bool use_i8254 = true;
> +
> +	efi_printk(sys_table, " EFI random");

Probably want to remove these efi_printk()s from the final version ;-)

> +	if (entropy)
> +		random = entropy;
> +	else
> +		random = get_random_boot(boot_params);
> +
> +	if (rdrand_feature()) {
> +		efi_printk(sys_table, " RDRAND");
> +		if (rdrand_long(&raw)) {
> +			random ^= raw;
> +			use_i8254 = false;
> +		}
> +	}
> +
> +	if (rdtsc_feature()) {
> +		efi_printk(sys_table, " RDTSC");
> +		rdtscll(raw);
> +
> +		random ^= raw;
> +		use_i8254 = false;
> +	}
> +
> +	if (use_i8254) {
> +		efi_printk(sys_table, " i8254");
> +		random ^= i8254();
> +	}
> +
> +	/* Circular multiply for better bit diffusion */
> +	asm("mul %3"
> +	    : "=a" (random), "=d" (raw)
> +	    : "a" (random), "rm" (mix_const));
> +	random += raw;
> +
> +	efi_printk(sys_table, "...\n");
> +
> +	return random;
> +}
> +
> +void efi_get_random_key(efi_system_table_t *sys_table,
> +			struct boot_params *params, u8 key[], int size)
> +{

I would think that the size of the key array should be unsigned.


--
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

joeyli July 31, 2015, 9:06 a.m. UTC | #3

Hi Pavel, 

Thanks for your review.

On Tue, Jul 28, 2015 at 02:01:12PM +0200, Pavel Machek wrote:
> Hi!
> 
> > This patch adds the codes for generating random number array as the
> > HMAC key that will used by later EFI stub codes.
> > 
> > The original codes in efi_random copied from aslr and add the codes
> > to accept input entropy and EFI debugging. In later patch will add
> > the codes to get random number by EFI protocol. The separate codes
> > can avoid impacting aslr function.
> > 
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> 
> > +#define X86_FEATURE_EDX_TSC	(1 << 4)
> > +#define X86_FEATURE_ECX_RDRAND	(1 << 30)
> 
> Can you pull it from existing includes somewhere?
>

I didn't see similar definition in header.
 
> > +static bool rdrand_feature(void)
> > +{
> > +	return (cpuid_ecx(0x1) & X86_FEATURE_ECX_RDRAND);
> > +}
> > +
> > +static bool rdtsc_feature(void)
> > +{
> > +	return (cpuid_edx(0x1) & X86_FEATURE_EDX_TSC);
> > +}
> 
> Are these helpers neccessary?

I will try to simplify it.

> 
> > +	if (rdrand_feature()) {
> > +		efi_printk(sys_table, " RDRAND");
> > +		if (rdrand_long(&raw)) {
> > +			random ^= raw;
> > +			use_i8254 = false;
> > +		}
> > +	}
> > +
> > +	if (rdtsc_feature()) {
> > +		efi_printk(sys_table, " RDTSC");
> > +		rdtscll(raw);
> > +
> > +		random ^= raw;
> > +		use_i8254 = false;
> > +	}
> 
> You'll do two (expensive) cpuids calls here.
>

I will try to avoid call cpuid many times.


Thanks a lot!
Joey Lee
 
--
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

joeyli July 31, 2015, 9:12 a.m. UTC | #4

Hi Matt, 

Thanks for your review!

On Thu, Jul 30, 2015 at 04:37:42PM +0100, Matt Fleming wrote:
> On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote:
> > This patch adds the codes for generating random number array as the
> > HMAC key that will used by later EFI stub codes.
> > 
> > The original codes in efi_random copied from aslr and add the codes
> > to accept input entropy and EFI debugging. In later patch will add
> > the codes to get random number by EFI protocol. The separate codes
> > can avoid impacting aslr function.
> > 
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  arch/x86/boot/compressed/Makefile     |  1 +
> >  arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
> >  arch/x86/boot/compressed/misc.c       |  4 +-
> >  arch/x86/boot/compressed/misc.h       |  2 +-
> >  4 files changed, 92 insertions(+), 3 deletions(-)
> >  create mode 100644 arch/x86/boot/compressed/efi_random.c
> 
> [...]
> 
> > +static unsigned long get_random_long(unsigned long entropy,
> > +				     struct boot_params *boot_params,
> > +				     efi_system_table_t *sys_table)
> > +{
> > +#ifdef CONFIG_X86_64
> > +	const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
> > +#else
> > +	const unsigned long mix_const = 0x3f39e593UL;
> > +#endif
> > +	unsigned long raw, random;
> > +	bool use_i8254 = true;
> > +
> > +	efi_printk(sys_table, " EFI random");
> 
> Probably want to remove these efi_printk()s from the final version ;-)
> 

OK, I will remove those log.

> > +	if (entropy)
> > +		random = entropy;
> > +	else
> > +		random = get_random_boot(boot_params);
> > +
> > +	if (rdrand_feature()) {
> > +		efi_printk(sys_table, " RDRAND");
> > +		if (rdrand_long(&raw)) {
> > +			random ^= raw;
> > +			use_i8254 = false;
> > +		}
> > +	}
> > +
> > +	if (rdtsc_feature()) {
> > +		efi_printk(sys_table, " RDTSC");
> > +		rdtscll(raw);
> > +
> > +		random ^= raw;
> > +		use_i8254 = false;
> > +	}
> > +
> > +	if (use_i8254) {
> > +		efi_printk(sys_table, " i8254");
> > +		random ^= i8254();
> > +	}
> > +
> > +	/* Circular multiply for better bit diffusion */
> > +	asm("mul %3"
> > +	    : "=a" (random), "=d" (raw)
> > +	    : "a" (random), "rm" (mix_const));
> > +	random += raw;
> > +
> > +	efi_printk(sys_table, "...\n");
> > +
> > +	return random;
> > +}
> > +
> > +void efi_get_random_key(efi_system_table_t *sys_table,
> > +			struct boot_params *params, u8 key[], int size)
> > +{
> 
> I would think that the size of the key array should be unsigned.
>

I will change size to unsigned int.


Thanks
Joey Lee 
--
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 0a291cd..377245b 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -49,6 +49,7 @@  vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/aslr.o
 
 $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone
 
+vmlinux-objs-$(CONFIG_HIBERNATE_VERIFICATION) += $(obj)/efi_random.o
 vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \
 	$(objtree)/drivers/firmware/efi/libstub/lib.a
 vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o
diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c
new file mode 100644
index 0000000..bdb2d46
--- /dev/null
+++ b/arch/x86/boot/compressed/efi_random.c
@@ -0,0 +1,88 @@ 
+#include "misc.h"
+
+#include <linux/efi.h>
+#include <asm/archrandom.h>
+
+#define X86_FEATURE_EDX_TSC	(1 << 4)
+#define X86_FEATURE_ECX_RDRAND	(1 << 30)
+
+static bool rdrand_feature(void)
+{
+	return (cpuid_ecx(0x1) & X86_FEATURE_ECX_RDRAND);
+}
+
+static bool rdtsc_feature(void)
+{
+	return (cpuid_edx(0x1) & X86_FEATURE_EDX_TSC);
+}
+
+static unsigned long get_random_long(unsigned long entropy,
+				     struct boot_params *boot_params,
+				     efi_system_table_t *sys_table)
+{
+#ifdef CONFIG_X86_64
+	const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
+#else
+	const unsigned long mix_const = 0x3f39e593UL;
+#endif
+	unsigned long raw, random;
+	bool use_i8254 = true;
+
+	efi_printk(sys_table, " EFI random");
+
+	if (entropy)
+		random = entropy;
+	else
+		random = get_random_boot(boot_params);
+
+	if (rdrand_feature()) {
+		efi_printk(sys_table, " RDRAND");
+		if (rdrand_long(&raw)) {
+			random ^= raw;
+			use_i8254 = false;
+		}
+	}
+
+	if (rdtsc_feature()) {
+		efi_printk(sys_table, " RDTSC");
+		rdtscll(raw);
+
+		random ^= raw;
+		use_i8254 = false;
+	}
+
+	if (use_i8254) {
+		efi_printk(sys_table, " i8254");
+		random ^= i8254();
+	}
+
+	/* Circular multiply for better bit diffusion */
+	asm("mul %3"
+	    : "=a" (random), "=d" (raw)
+	    : "a" (random), "rm" (mix_const));
+	random += raw;
+
+	efi_printk(sys_table, "...\n");
+
+	return random;
+}
+
+void efi_get_random_key(efi_system_table_t *sys_table,
+			struct boot_params *params, u8 key[], int size)
+{
+	unsigned long entropy = 0;
+	int i, bfill = size;
+
+	if (key == NULL || !size)
+		return;
+
+	memset(key, 0, size);
+	while (bfill > 0) {
+		entropy = get_random_long(entropy, params, sys_table);
+		if (bfill >= sizeof(entropy))
+			memcpy((void *)(key + size - bfill), &entropy, sizeof(entropy));
+		else
+			memcpy((void *)(key + size - bfill), &entropy, bfill);
+		bfill -= sizeof(entropy);
+	}
+}
diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index d929506..2c3c997 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -439,7 +439,7 @@  asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
 	return output;
 }
 
-#if CONFIG_RANDOMIZE_BASE
+#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE
 #define I8254_PORT_CONTROL	0x43
 #define I8254_PORT_COUNTER0	0x40
 #define I8254_CMD_READBACK	0xC0
@@ -489,4 +489,4 @@  unsigned long get_random_boot(struct boot_params *boot_params)
 
 	return hash;
 }
-#endif /* CONFIG_RANDOMIZE_BASE */
+#endif /* CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE */
diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
index e10908c..4be2780 100644
--- a/arch/x86/boot/compressed/misc.h
+++ b/arch/x86/boot/compressed/misc.h
@@ -53,7 +53,7 @@  int cmdline_find_option(const char *option, char *buffer, int bufsize);
 int cmdline_find_option_bool(const char *option);
 #endif
 
-#if CONFIG_RANDOMIZE_BASE
+#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE
 extern u16 i8254(void);
 extern unsigned long get_random_boot(struct boot_params *boot_params);
 #endif

[RFC,04/16] x86/efi: Generating random number in EFI stub

Commit Message

Comments

Patch