diff mbox

[v2,05/16] x86/efi: Get entropy through EFI random number generator protocol

Message ID 1439273796-25359-6-git-send-email-jlee@suse.com (mailing list archive)
State Changes Requested, archived
Headers show

Commit Message

Chun-Yi Lee Aug. 11, 2015, 6:16 a.m. UTC
To grab random numbers through EFI protocol as one of the entropies
source of swsusp key, this patch adds the logic for accessing EFI RNG
(random number generator) protocol that's introduced since UEFI 2.4.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 arch/x86/boot/compressed/efi_random.c | 209 ++++++++++++++++++++++++++++++++++
 include/linux/efi.h                   |  13 +++
 2 files changed, 222 insertions(+)

Comments

Matt Fleming Aug. 20, 2015, 2:47 p.m. UTC | #1
On Tue, 11 Aug, at 02:16:25PM, Lee, Chun-Yi wrote:
> To grab random numbers through EFI protocol as one of the entropies
> source of swsusp key, this patch adds the logic for accessing EFI RNG
> (random number generator) protocol that's introduced since UEFI 2.4.
> 
> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> ---
>  arch/x86/boot/compressed/efi_random.c | 209 ++++++++++++++++++++++++++++++++++
>  include/linux/efi.h                   |  13 +++
>  2 files changed, 222 insertions(+)

[...]

Most of this looks good.

> +static unsigned long efi_get_rng(efi_system_table_t *sys_table)
> +{
> +	const struct efi_config *efi_early = __efi_early();
> +	unsigned long random = 0;
> +	efi_status_t status;
> +	void **rng_handle = NULL;
> +
> +	status = efi_locate_rng(sys_table, &rng_handle);
> +	if (status != EFI_SUCCESS)
> +		return 0;
> +
> +	if (efi_early->is64)
> +		random = efi_get_rng64(sys_table, rng_handle);
> +	else
> +		random = efi_get_rng32(sys_table, rng_handle);
> +
> +	efi_call_early(free_pool, rng_handle);
> +
> +	return random;
> +}
  
I think this function is named particularly poorly in the UEFI spec
(GetRNG), can we maybe make this efi_get_rng_number(),
efi_get_rng_value() or efi_get_rng_long() to match the existing
naming?

> diff --git a/include/linux/efi.h b/include/linux/efi.h
> index 85ef051..8914d60 100644
> --- a/include/linux/efi.h
> +++ b/include/linux/efi.h
> @@ -427,6 +427,16 @@ typedef struct {
>  #define EFI_PCI_IO_ATTRIBUTE_VGA_PALETTE_IO_16 0x20000
>  #define EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 0x40000
>  
> +typedef struct {
> +	u32 get_info;
> +	u32 get_rng;
> +} efi_rng_protocol_32;
> +
> +typedef struct {
> +	u64 get_info;
> +	u64 get_rng;
> +} efi_rng_protocol_64;
> +

We've been kinda slack with the naming conventions in efi.h but these
should really both be 'efi_rng_protocol_*_t'.
Matt Fleming Aug. 20, 2015, 8:26 p.m. UTC | #2
On Tue, 11 Aug, at 02:16:25PM, Lee, Chun-Yi wrote:
> +
> +static unsigned long efi_get_rng64(efi_system_table_t *sys_table,
> +				   void **rng_handle)
> +{
> +	const struct efi_config *efi_early = __efi_early();
> +	efi_rng_protocol_64 *rng = NULL;
> +	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> +	u64 *handles = (u64 *)(unsigned long)rng_handle;
> +	efi_status_t status;
> +	unsigned long rng_number;
> +
> +	status = efi_call_early(handle_protocol, handles[0],
> +				&rng_proto, (void **)&rng);
> +	if (status != EFI_SUCCESS)
> +		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
> +
> +	if (status == EFI_SUCCESS && rng) {
> +		status = efi_early->call((unsigned long)rng->get_rng, rng, NULL,
> +					sizeof(rng_number), &rng_number);

Actually, one thing just occurred to me - you're not passing an
RNGAlgorithm value and are relying upon the firmware's default
implementation.

I don't think that's a safe bet, the default could be anything and
might vary across implementations.

Can we do a little better here and pick a "preferred" algorithm
instead of the default?
joeyli Aug. 27, 2015, 4:51 a.m. UTC | #3
On Thu, Aug 20, 2015 at 03:47:06PM +0100, Matt Fleming wrote:
> On Tue, 11 Aug, at 02:16:25PM, Lee, Chun-Yi wrote:
> > To grab random numbers through EFI protocol as one of the entropies
> > source of swsusp key, this patch adds the logic for accessing EFI RNG
> > (random number generator) protocol that's introduced since UEFI 2.4.
> > 
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  arch/x86/boot/compressed/efi_random.c | 209 ++++++++++++++++++++++++++++++++++
> >  include/linux/efi.h                   |  13 +++
> >  2 files changed, 222 insertions(+)
> 
> [...]
> 
> Most of this looks good.
> 
> > +static unsigned long efi_get_rng(efi_system_table_t *sys_table)
> > +{
> > +	const struct efi_config *efi_early = __efi_early();
> > +	unsigned long random = 0;
> > +	efi_status_t status;
> > +	void **rng_handle = NULL;
> > +
> > +	status = efi_locate_rng(sys_table, &rng_handle);
> > +	if (status != EFI_SUCCESS)
> > +		return 0;
> > +
> > +	if (efi_early->is64)
> > +		random = efi_get_rng64(sys_table, rng_handle);
> > +	else
> > +		random = efi_get_rng32(sys_table, rng_handle);
> > +
> > +	efi_call_early(free_pool, rng_handle);
> > +
> > +	return random;
> > +}
>   
> I think this function is named particularly poorly in the UEFI spec
> (GetRNG), can we maybe make this efi_get_rng_number(),
> efi_get_rng_value() or efi_get_rng_long() to match the existing
> naming?
>

Thanks for your suggestion, I will change the naming of functions.
 
> > diff --git a/include/linux/efi.h b/include/linux/efi.h
> > index 85ef051..8914d60 100644
> > --- a/include/linux/efi.h
> > +++ b/include/linux/efi.h
> > @@ -427,6 +427,16 @@ typedef struct {
> >  #define EFI_PCI_IO_ATTRIBUTE_VGA_PALETTE_IO_16 0x20000
> >  #define EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 0x40000
> >  
> > +typedef struct {
> > +	u32 get_info;
> > +	u32 get_rng;
> > +} efi_rng_protocol_32;
> > +
> > +typedef struct {
> > +	u64 get_info;
> > +	u64 get_rng;
> > +} efi_rng_protocol_64;
> > +
> 
> We've been kinda slack with the naming conventions in efi.h but these
> should really both be 'efi_rng_protocol_*_t'.
> 

I will also change the name of struct here. 

> -- 
> Matt Fleming, Intel Open Source Technology Center


Thanks a lot!
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
joeyli Aug. 27, 2015, 6:17 a.m. UTC | #4
On Thu, Aug 20, 2015 at 09:26:20PM +0100, Matt Fleming wrote:
> On Tue, 11 Aug, at 02:16:25PM, Lee, Chun-Yi wrote:
> > +
> > +static unsigned long efi_get_rng64(efi_system_table_t *sys_table,
> > +				   void **rng_handle)
> > +{
> > +	const struct efi_config *efi_early = __efi_early();
> > +	efi_rng_protocol_64 *rng = NULL;
> > +	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> > +	u64 *handles = (u64 *)(unsigned long)rng_handle;
> > +	efi_status_t status;
> > +	unsigned long rng_number;
> > +
> > +	status = efi_call_early(handle_protocol, handles[0],
> > +				&rng_proto, (void **)&rng);
> > +	if (status != EFI_SUCCESS)
> > +		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
> > +
> > +	if (status == EFI_SUCCESS && rng) {
> > +		status = efi_early->call((unsigned long)rng->get_rng, rng, NULL,
> > +					sizeof(rng_number), &rng_number);
> 
> Actually, one thing just occurred to me - you're not passing an
> RNGAlgorithm value and are relying upon the firmware's default
> implementation.
> 
> I don't think that's a safe bet, the default could be anything and
> might vary across implementations.
> 

I didn't set specific RNGAlgorithm because different BIOS may
set different algorithm as default, it's also a kind of random situation
to provide uncertainty.

On the other hand, if the specific RNGAlgorithm doesn't support by BIOS
then EFI stub still need use BIOS's _default_ algorithm to get random
value.

> Can we do a little better here and pick a "preferred" algorithm
> instead of the default?
> 
> -- 
> Matt Fleming, Intel Open Source Technology Center

Per EDK2 implementation, EFI_RNG_ALGORITHM_SP800_90_CTR_256 is the default
algorithm that provided by driver, and EFI_RNG_ALGORITHM_RAW is the second
algorithm supported by EDK2. BIOS vendor need to write driver to support
others.

Maybe using EFI_RNG_ALGORITHM_SP800_90_CTR_256 as the default RNGAlgorithm
in efi_random can cover the most widely UEFI implementation, but when BIOS
do not support EFI_RNG_ALGORITHM_SP800_90_CTR_256 then kernel still need
use BIOS's _default_ setting.

I hope your suggestion.


Thanks a lot!
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-pm" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c
index a69352e..1d29e28 100644
--- a/arch/x86/boot/compressed/efi_random.c
+++ b/arch/x86/boot/compressed/efi_random.c
@@ -1,7 +1,209 @@ 
 #include "misc.h"
 
 #include <linux/efi.h>
+#include <linux/stringify.h>
 #include <asm/archrandom.h>
+#include <asm/efi.h>
+
+#define EFI_STATUS_STR(_status) \
+case EFI_##_status: \
+	return "EFI_" __stringify(_status);
+
+static char *efi_status_to_str(efi_status_t status)
+{
+	switch (status) {
+	EFI_STATUS_STR(SUCCESS)
+	EFI_STATUS_STR(INVALID_PARAMETER)
+	EFI_STATUS_STR(OUT_OF_RESOURCES)
+	EFI_STATUS_STR(DEVICE_ERROR)
+	EFI_STATUS_STR(WRITE_PROTECTED)
+	EFI_STATUS_STR(SECURITY_VIOLATION)
+	EFI_STATUS_STR(NOT_FOUND)
+	}
+
+	return "";
+}
+
+static efi_status_t efi_locate_rng(efi_system_table_t *sys_table,
+				   void ***rng_handle)
+{
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	unsigned long size = 0;
+	efi_status_t status;
+
+	*rng_handle = NULL;
+	status = efi_call_early(locate_handle,
+				EFI_LOCATE_BY_PROTOCOL,
+				&rng_proto, NULL, &size, *rng_handle);
+
+	if (status == EFI_BUFFER_TOO_SMALL) {
+		status = efi_call_early(allocate_pool,
+					EFI_LOADER_DATA,
+					size, (void **)rng_handle);
+
+		if (status != EFI_SUCCESS) {
+			efi_printk(sys_table, "Failed to alloc mem for rng_handle\n");
+			return status;
+		}
+
+		status = efi_call_early(locate_handle,
+					EFI_LOCATE_BY_PROTOCOL, &rng_proto,
+					NULL, &size, *rng_handle);
+	}
+
+	if (status != EFI_SUCCESS) {
+		efi_printk(sys_table, "Failed to locate EFI_RNG_PROTOCOL\n");
+		efi_call_early(free_pool, *rng_handle);
+	}
+
+	return status;
+}
+
+static bool efi_rng_supported32(efi_system_table_t *sys_table, void **rng_handle)
+{
+	const struct efi_config *efi_early = __efi_early();
+	efi_rng_protocol_32 *rng = NULL;
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	u32 *handles = (u32 *)(unsigned long)rng_handle;
+	unsigned long size = 0;
+	void **algorithmlist = NULL;
+	efi_status_t status;
+
+	status = efi_call_early(handle_protocol, handles[0],
+				&rng_proto, (void **)&rng);
+	if (status != EFI_SUCCESS)
+		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
+
+	if (status == EFI_SUCCESS && rng) {
+		status = efi_early->call((unsigned long)rng->get_info, rng,
+					&size, algorithmlist);
+		return (status == EFI_BUFFER_TOO_SMALL);
+	}
+
+	return false;
+}
+
+static bool efi_rng_supported64(efi_system_table_t *sys_table, void **rng_handle)
+{
+	const struct efi_config *efi_early = __efi_early();
+	efi_rng_protocol_64 *rng = NULL;
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	u64 *handles = (u64 *)(unsigned long)rng_handle;
+	unsigned long size = 0;
+	void **algorithmlist = NULL;
+	efi_status_t status;
+
+	status = efi_call_early(handle_protocol, handles[0],
+				&rng_proto, (void **)&rng);
+	if (status != EFI_SUCCESS)
+		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
+
+	if (status == EFI_SUCCESS && rng) {
+		status = efi_early->call((unsigned long)rng->get_info, rng,
+					&size, algorithmlist);
+		return (status == EFI_BUFFER_TOO_SMALL);
+	}
+
+	return false;
+}
+
+static bool efi_rng_supported(efi_system_table_t *sys_table)
+{
+	const struct efi_config *efi_early = __efi_early();
+	bool supported;
+	efi_status_t status;
+	void **rng_handle = NULL;
+
+	status = efi_locate_rng(sys_table, &rng_handle);
+	if (status != EFI_SUCCESS)
+		return false;
+
+	if (efi_early->is64)
+		supported = efi_rng_supported64(sys_table, rng_handle);
+	else
+		supported = efi_rng_supported32(sys_table, rng_handle);
+
+	efi_call_early(free_pool, rng_handle);
+
+	return supported;
+}
+
+static unsigned long efi_get_rng32(efi_system_table_t *sys_table,
+				   void **rng_handle)
+{
+	const struct efi_config *efi_early = __efi_early();
+	efi_rng_protocol_32 *rng = NULL;
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	u32 *handles = (u32 *)(unsigned long)rng_handle;
+	efi_status_t status;
+	unsigned long rng_number = 0;
+
+	status = efi_call_early(handle_protocol, handles[0],
+				&rng_proto, (void **)&rng);
+	if (status != EFI_SUCCESS)
+		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
+
+	if (status == EFI_SUCCESS && rng) {
+		status = efi_early->call((unsigned long)rng->get_rng, rng, NULL,
+					sizeof(rng_number), &rng_number);
+		if (status != EFI_SUCCESS) {
+			efi_printk(sys_table, "Failed to get RNG value: ");
+			efi_printk(sys_table, efi_status_to_str(status));
+			efi_printk(sys_table, "\n");
+		}
+	}
+
+	return rng_number;
+}
+
+static unsigned long efi_get_rng64(efi_system_table_t *sys_table,
+				   void **rng_handle)
+{
+	const struct efi_config *efi_early = __efi_early();
+	efi_rng_protocol_64 *rng = NULL;
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	u64 *handles = (u64 *)(unsigned long)rng_handle;
+	efi_status_t status;
+	unsigned long rng_number;
+
+	status = efi_call_early(handle_protocol, handles[0],
+				&rng_proto, (void **)&rng);
+	if (status != EFI_SUCCESS)
+		efi_printk(sys_table, "Failed to get EFI_RNG_PROTOCOL handles\n");
+
+	if (status == EFI_SUCCESS && rng) {
+		status = efi_early->call((unsigned long)rng->get_rng, rng, NULL,
+					sizeof(rng_number), &rng_number);
+		if (status != EFI_SUCCESS) {
+			efi_printk(sys_table, "Failed to get RNG value: ");
+			efi_printk(sys_table, efi_status_to_str(status));
+			efi_printk(sys_table, "\n");
+		}
+	}
+
+	return rng_number;
+}
+
+static unsigned long efi_get_rng(efi_system_table_t *sys_table)
+{
+	const struct efi_config *efi_early = __efi_early();
+	unsigned long random = 0;
+	efi_status_t status;
+	void **rng_handle = NULL;
+
+	status = efi_locate_rng(sys_table, &rng_handle);
+	if (status != EFI_SUCCESS)
+		return 0;
+
+	if (efi_early->is64)
+		random = efi_get_rng64(sys_table, rng_handle);
+	else
+		random = efi_get_rng32(sys_table, rng_handle);
+
+	efi_call_early(free_pool, rng_handle);
+
+	return random;
+}
 
 #define EDX_TSC		(1 << 4)
 #define ECX_RDRAND	(1 << 30)
@@ -46,6 +248,13 @@  static unsigned long get_random_long(unsigned long entropy,
 		use_i8254 = false;
 	}
 
+	if (efi_rng_supported(sys_table)) {
+		raw = efi_get_rng(sys_table);
+		if (raw)
+			random ^= raw;
+		use_i8254 = false;
+	}
+
 	if (use_i8254)
 		random ^= read_i8254();
 
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 85ef051..8914d60 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -427,6 +427,16 @@  typedef struct {
 #define EFI_PCI_IO_ATTRIBUTE_VGA_PALETTE_IO_16 0x20000
 #define EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 0x40000
 
+typedef struct {
+	u32 get_info;
+	u32 get_rng;
+} efi_rng_protocol_32;
+
+typedef struct {
+	u64 get_info;
+	u64 get_rng;
+} efi_rng_protocol_64;
+
 /*
  * Types and defines for EFI ResetSystem
  */
@@ -595,6 +605,9 @@  void efi_native_runtime_setup(void);
 #define DEVICE_TREE_GUID \
     EFI_GUID(  0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 )
 
+#define EFI_RNG_PROTOCOL_GUID \
+    EFI_GUID(  0x3152bca5, 0xeade, 0x433d, 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 )
+
 typedef struct {
 	efi_guid_t guid;
 	u64 table;