From patchwork Thu Jul 16 14:25:19 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chun-Yi Lee X-Patchwork-Id: 6807551 X-Patchwork-Delegate: rjw@sisk.pl Return-Path: X-Original-To: patchwork-linux-pm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 62F099F380 for ; Thu, 16 Jul 2015 14:31:02 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3A9B220702 for ; Thu, 16 Jul 2015 14:31:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E969F206D6 for ; Thu, 16 Jul 2015 14:30:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755137AbbGPOap (ORCPT ); Thu, 16 Jul 2015 10:30:45 -0400 Received: from mail-pa0-f54.google.com ([209.85.220.54]:33255 "EHLO mail-pa0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755821AbbGPO06 (ORCPT ); Thu, 16 Jul 2015 10:26:58 -0400 Received: by padck2 with SMTP id ck2so43558619pad.0; Thu, 16 Jul 2015 07:26:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=gM3ZCFgK1ShC1P8KIwB5BX6Zc4h7O5/UdhdOKEw7s8w=; b=sP2eTt//iGp6x2WCU/+VpXMQNdSx2vt/MPs9CpsHy3ECHBGgUC3FvmsIs7EJ8MAc8D PMuzsaqyooGi1okopPfPquaTZ0H98jQW8sC6nlNRLNavNk/VTYjRz0xjqR55MQFeZALh bY97QqUT9zjPK9mEHNtf3Yy4Zt9CMlexKdPd6EqAo26SDn9/nHLx4uGQC/Bypbc4rfYz MDxb9Is4kmJ7AuAJRtHeHkAuOpQIW39DRoeGnI29Phfju9rZzgFeORDfkIbVMTYdVt0/ u4rfYtsuNGMqYiy4QT0q6bBYXrGnrZm0CBxzRaraA05ILrKTtvNlFco4fXepWVCgQouK OI8w== X-Received: by 10.66.123.81 with SMTP id ly17mr19500170pab.31.1437056817776; Thu, 16 Jul 2015 07:26:57 -0700 (PDT) Received: from linux-rxt1.site.site ([124.11.22.254]) by smtp.gmail.com with ESMTPSA id r4sm8219910pap.8.2015.07.16.07.26.54 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 16 Jul 2015 07:26:57 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , Jiri Kosina , "H. Peter Anvin" , "Lee, Chun-Yi" Subject: [RFC PATCH 05/16] x86/efi: Get entropy through EFI random number generator protocol Date: Thu, 16 Jul 2015 22:25:19 +0800 Message-Id: <1437056730-15247-6-git-send-email-jlee@suse.com> X-Mailer: git-send-email 1.8.4.5 In-Reply-To: <1437056730-15247-1-git-send-email-jlee@suse.com> References: <1437056730-15247-1-git-send-email-jlee@suse.com> Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Spam-Status: No, score=-8.1 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP To grab random numbers through EFI protocol as one of the entropies source of swsusp key, this patch adds the logic for accessing EFI RNG (random number generator) protocol that's introduced since UEFI 2.4. Signed-off-by: Lee, Chun-Yi --- arch/x86/boot/compressed/efi_random.c | 193 ++++++++++++++++++++++++++++++++++ include/linux/efi.h | 46 ++++++++ 2 files changed, 239 insertions(+) diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c index bdb2d46..1f5c63d 100644 --- a/arch/x86/boot/compressed/efi_random.c +++ b/arch/x86/boot/compressed/efi_random.c @@ -2,6 +2,191 @@ #include #include +#include + +static efi_status_t efi_locate_rng(efi_system_table_t *sys_table, + void ***rng_handle) +{ + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + unsigned long size = 0; + efi_status_t status; + + status = efi_call_early(locate_handle, + EFI_LOCATE_BY_PROTOCOL, + &rng_proto, NULL, &size, *rng_handle); + + if (status == EFI_BUFFER_TOO_SMALL) { + status = efi_call_early(allocate_pool, + EFI_LOADER_DATA, + size, (void **)rng_handle); + + if (status != EFI_SUCCESS) { + efi_printk(sys_table, " Failed to alloc mem for rng_handle"); + return status; + } + + status = efi_call_early(locate_handle, + EFI_LOCATE_BY_PROTOCOL, &rng_proto, + NULL, &size, *rng_handle); + } + + if (status != EFI_SUCCESS) { + efi_printk(sys_table, " Failed to locate EFI_RNG_PROTOCOL"); + goto free_handle; + } + + return EFI_SUCCESS; + +free_handle: + efi_call_early(free_pool, *rng_handle); + + return status; +} + +static bool efi_rng_supported32(efi_system_table_t *sys_table, void **rng_handle) +{ + const struct efi_config *efi_early = __efi_early(); + efi_rng_protocol_32 *rng = NULL; + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + u32 *handles = (u32 *)(unsigned long)rng_handle; + unsigned long size = 0; + void **algorithmlist = NULL; + efi_status_t status; + + status = efi_call_early(handle_protocol, handles[0], + &rng_proto, (void **)&rng); + if (status != EFI_SUCCESS) + efi_printk(sys_table, " Failed to get EFI_RNG_PROTOCOL handles"); + + if (status == EFI_SUCCESS && rng) { + status = efi_early->call((unsigned long)rng->get_info, rng, + &size, algorithmlist); + return (status == EFI_BUFFER_TOO_SMALL); + } + + return false; +} + +static bool efi_rng_supported64(efi_system_table_t *sys_table, void **rng_handle) +{ + const struct efi_config *efi_early = __efi_early(); + efi_rng_protocol_64 *rng = NULL; + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + u64 *handles = (u64 *)(unsigned long)rng_handle; + unsigned long size = 0; + void **algorithmlist = NULL; + efi_status_t status; + + status = efi_call_early(handle_protocol, handles[0], + &rng_proto, (void **)&rng); + if (status != EFI_SUCCESS) + efi_printk(sys_table, " Failed to get EFI_RNG_PROTOCOL handles"); + + if (status == EFI_SUCCESS && rng) { + status = efi_early->call((unsigned long)rng->get_info, rng, + &size, algorithmlist); + return (status == EFI_BUFFER_TOO_SMALL); + } + + return false; +} + +static bool efi_rng_supported(efi_system_table_t *sys_table) +{ + const struct efi_config *efi_early = __efi_early(); + u32 random = 0; + efi_status_t status; + void **rng_handle = NULL; + + status = efi_locate_rng(sys_table, &rng_handle); + if (status != EFI_SUCCESS) + return false; + + if (efi_early->is64) + random = efi_rng_supported64(sys_table, rng_handle); + else + random = efi_rng_supported32(sys_table, rng_handle); + + efi_call_early(free_pool, rng_handle); + + return random; + +} + +static unsigned long efi_get_rng32(efi_system_table_t *sys_table, + void **rng_handle) +{ + const struct efi_config *efi_early = __efi_early(); + efi_rng_protocol_32 *rng = NULL; + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + u32 *handles = (u32 *)(unsigned long)rng_handle; + efi_status_t status; + unsigned long rng_number = 0; + + status = efi_call_early(handle_protocol, handles[0], + &rng_proto, (void **)&rng); + if (status != EFI_SUCCESS) + efi_printk(sys_table, " Failed to get EFI_RNG_PROTOCOL handles"); + + if (status == EFI_SUCCESS && rng) { + status = efi_early->call((unsigned long)rng->get_rng, rng, NULL, + sizeof(rng_number), &rng_number); + if (status != EFI_SUCCESS) { + efi_printk(sys_table, " Failed to get RNG value "); + efi_printk(sys_table, efi_status_to_str(status)); + } + } + + return rng_number; +} + +static unsigned long efi_get_rng64(efi_system_table_t *sys_table, + void **rng_handle) +{ + const struct efi_config *efi_early = __efi_early(); + efi_rng_protocol_64 *rng = NULL; + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID; + u64 *handles = (u64 *)(unsigned long)rng_handle; + efi_status_t status; + unsigned long rng_number; + + status = efi_call_early(handle_protocol, handles[0], + &rng_proto, (void **)&rng); + if (status != EFI_SUCCESS) + efi_printk(sys_table, " Failed to get EFI_RNG_PROTOCOL handles"); + + if (status == EFI_SUCCESS && rng) { + status = efi_early->call((unsigned long)rng->get_rng, rng, NULL, + sizeof(rng_number), &rng_number); + if (status != EFI_SUCCESS) { + efi_printk(sys_table, " Failed to get RNG value "); + efi_printk(sys_table, efi_status_to_str(status)); + } + } + + return rng_number; +} + +static unsigned long efi_get_rng(efi_system_table_t *sys_table) +{ + const struct efi_config *efi_early = __efi_early(); + unsigned long random = 0; + efi_status_t status; + void **rng_handle = NULL; + + status = efi_locate_rng(sys_table, &rng_handle); + if (status != EFI_SUCCESS) + return 0; + + if (efi_early->is64) + random = efi_get_rng64(sys_table, rng_handle); + else + random = efi_get_rng32(sys_table, rng_handle); + + efi_call_early(free_pool, rng_handle); + + return random; +} #define X86_FEATURE_EDX_TSC (1 << 4) #define X86_FEATURE_ECX_RDRAND (1 << 30) @@ -51,6 +236,14 @@ static unsigned long get_random_long(unsigned long entropy, use_i8254 = false; } + if (efi_rng_supported(sys_table)) { + efi_printk(sys_table, " EFI_RNG"); + raw = efi_get_rng(sys_table); + if (raw) + random ^= raw; + use_i8254 = false; + } + if (use_i8254) { efi_printk(sys_table, " i8254"); random ^= i8254(); diff --git a/include/linux/efi.h b/include/linux/efi.h index 85ef051..a628f83 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -427,6 +427,16 @@ typedef struct { #define EFI_PCI_IO_ATTRIBUTE_VGA_PALETTE_IO_16 0x20000 #define EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 0x40000 +typedef struct { + u32 get_info; + u32 get_rng; +} efi_rng_protocol_32; + +typedef struct { + u64 get_info; + u64 get_rng; +} efi_rng_protocol_64; + /* * Types and defines for EFI ResetSystem */ @@ -595,6 +605,9 @@ void efi_native_runtime_setup(void); #define DEVICE_TREE_GUID \ EFI_GUID( 0xb1b621d5, 0xf19c, 0x41a5, 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 ) +#define EFI_RNG_PROTOCOL_GUID \ + EFI_GUID( 0x3152bca5, 0xeade, 0x433d, 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 ) + typedef struct { efi_guid_t guid; u64 table; @@ -861,6 +874,39 @@ efi_guid_to_str(efi_guid_t *guid, char *out) return out; } +static inline char *efi_status_to_str(efi_status_t status) +{ + char *str; + + switch (status) { + case EFI_SUCCESS: + str = "EFI_SUCCESS"; + break; + case EFI_INVALID_PARAMETER: + str = "EFI_INVALID_PARAMETER"; + break; + case EFI_OUT_OF_RESOURCES: + str = "EFI_OUT_OF_RESOURCES"; + break; + case EFI_DEVICE_ERROR: + str = "EFI_DEVICE_ERROR"; + break; + case EFI_WRITE_PROTECTED: + str = "EFI_WRITE_PROTECTED"; + break; + case EFI_SECURITY_VIOLATION: + str = "EFI_SECURITY_VIOLATION"; + break; + case EFI_NOT_FOUND: + str = "EFI_NOT_FOUND"; + break; + default: + str = ""; + } + + return str; +} + extern void efi_init (void); extern void *efi_get_pal_addr (void); extern void efi_map_pal_code (void);