From patchwork Thu Jul 16 14:25:18 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chun-Yi Lee X-Patchwork-Id: 6807301 X-Patchwork-Delegate: rjw@sisk.pl Return-Path: X-Original-To: patchwork-linux-pm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 4BE6DC05AC for ; Thu, 16 Jul 2015 14:27:06 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 4CEC8206FD for ; Thu, 16 Jul 2015 14:27:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B95A82070C for ; Thu, 16 Jul 2015 14:27:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755819AbbGPO05 (ORCPT ); Thu, 16 Jul 2015 10:26:57 -0400 Received: from mail-pa0-f46.google.com ([209.85.220.46]:35832 "EHLO mail-pa0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755795AbbGPO0z (ORCPT ); Thu, 16 Jul 2015 10:26:55 -0400 Received: by pactm7 with SMTP id tm7so43996306pac.2; Thu, 16 Jul 2015 07:26:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WuOG8myraI9qrFdt9Dy6tj9l0rrE6m8uNw45QffiFAg=; b=bmvdzvhOQ5e8kfucFu7g3goJkCdSZkgGMXS6irhQF2fGD23tAgUmIoqjjsnX6dqukT 5h+X+kpe5/rcAyxCIJEhpZv7FbPtaIZi+3/ZlIRtDHI4w/XX0aOh741D3cgV7Aw5MNCC nTi/2b5PKU5ieiRqae/5EwqFsxY7egCV0Tm9fCl1QtZlOMx3hibniHUKwKrOqR4PValZ Li8WsmUbkyBxzrh4YPyZxaMFvIXKu4VVNPFsEzivVPwjOB3J8LppcU4ut9oY6R9GP1r7 YCL9fliSJIAJHbrN6TElVE+J6Tp2ZghMgASDbozTqhTKvqGU5FNrDPoPrnk8Ev4vcH49 xNYg== X-Received: by 10.67.29.175 with SMTP id jx15mr18996012pad.99.1437056814819; Thu, 16 Jul 2015 07:26:54 -0700 (PDT) Received: from linux-rxt1.site.site ([124.11.22.254]) by smtp.gmail.com with ESMTPSA id r4sm8219910pap.8.2015.07.16.07.26.52 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Jul 2015 07:26:54 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , Jiri Kosina , "H. Peter Anvin" , "Lee, Chun-Yi" Subject: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub Date: Thu, 16 Jul 2015 22:25:18 +0800 Message-Id: <1437056730-15247-5-git-send-email-jlee@suse.com> X-Mailer: git-send-email 1.8.4.5 In-Reply-To: <1437056730-15247-1-git-send-email-jlee@suse.com> References: <1437056730-15247-1-git-send-email-jlee@suse.com> Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Spam-Status: No, score=-8.1 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch adds the codes for generating random number array as the HMAC key that will used by later EFI stub codes. The original codes in efi_random copied from aslr and add the codes to accept input entropy and EFI debugging. In later patch will add the codes to get random number by EFI protocol. The separate codes can avoid impacting aslr function. Signed-off-by: Lee, Chun-Yi --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++ arch/x86/boot/compressed/misc.c | 4 +- arch/x86/boot/compressed/misc.h | 2 +- 4 files changed, 92 insertions(+), 3 deletions(-) create mode 100644 arch/x86/boot/compressed/efi_random.c diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 0a291cd..377245b 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -49,6 +49,7 @@ vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/aslr.o $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone +vmlinux-objs-$(CONFIG_HIBERNATE_VERIFICATION) += $(obj)/efi_random.o vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \ $(objtree)/drivers/firmware/efi/libstub/lib.a vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c new file mode 100644 index 0000000..bdb2d46 --- /dev/null +++ b/arch/x86/boot/compressed/efi_random.c @@ -0,0 +1,88 @@ +#include "misc.h" + +#include +#include + +#define X86_FEATURE_EDX_TSC (1 << 4) +#define X86_FEATURE_ECX_RDRAND (1 << 30) + +static bool rdrand_feature(void) +{ + return (cpuid_ecx(0x1) & X86_FEATURE_ECX_RDRAND); +} + +static bool rdtsc_feature(void) +{ + return (cpuid_edx(0x1) & X86_FEATURE_EDX_TSC); +} + +static unsigned long get_random_long(unsigned long entropy, + struct boot_params *boot_params, + efi_system_table_t *sys_table) +{ +#ifdef CONFIG_X86_64 + const unsigned long mix_const = 0x5d6008cbf3848dd3UL; +#else + const unsigned long mix_const = 0x3f39e593UL; +#endif + unsigned long raw, random; + bool use_i8254 = true; + + efi_printk(sys_table, " EFI random"); + + if (entropy) + random = entropy; + else + random = get_random_boot(boot_params); + + if (rdrand_feature()) { + efi_printk(sys_table, " RDRAND"); + if (rdrand_long(&raw)) { + random ^= raw; + use_i8254 = false; + } + } + + if (rdtsc_feature()) { + efi_printk(sys_table, " RDTSC"); + rdtscll(raw); + + random ^= raw; + use_i8254 = false; + } + + if (use_i8254) { + efi_printk(sys_table, " i8254"); + random ^= i8254(); + } + + /* Circular multiply for better bit diffusion */ + asm("mul %3" + : "=a" (random), "=d" (raw) + : "a" (random), "rm" (mix_const)); + random += raw; + + efi_printk(sys_table, "...\n"); + + return random; +} + +void efi_get_random_key(efi_system_table_t *sys_table, + struct boot_params *params, u8 key[], int size) +{ + unsigned long entropy = 0; + int i, bfill = size; + + if (key == NULL || !size) + return; + + memset(key, 0, size); + while (bfill > 0) { + entropy = get_random_long(entropy, params, sys_table); + if (bfill >= sizeof(entropy)) + memcpy((void *)(key + size - bfill), &entropy, sizeof(entropy)); + else + memcpy((void *)(key + size - bfill), &entropy, bfill); + bfill -= sizeof(entropy); + } +} diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index d929506..2c3c997 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -439,7 +439,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, return output; } -#if CONFIG_RANDOMIZE_BASE +#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE #define I8254_PORT_CONTROL 0x43 #define I8254_PORT_COUNTER0 0x40 #define I8254_CMD_READBACK 0xC0 @@ -489,4 +489,4 @@ unsigned long get_random_boot(struct boot_params *boot_params) return hash; } -#endif /* CONFIG_RANDOMIZE_BASE */ +#endif /* CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE */ diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index e10908c..4be2780 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -53,7 +53,7 @@ int cmdline_find_option(const char *option, char *buffer, int bufsize); int cmdline_find_option_bool(const char *option); #endif -#if CONFIG_RANDOMIZE_BASE +#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE extern u16 i8254(void); extern unsigned long get_random_boot(struct boot_params *boot_params); #endif