From patchwork Tue Aug 11 06:16:24 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chun-Yi Lee X-Patchwork-Id: 6988971 Return-Path: X-Original-To: patchwork-linux-pm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 89A109F358 for ; Tue, 11 Aug 2015 06:23:14 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 93E9E20588 for ; Tue, 11 Aug 2015 06:23:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 8DC152054E for ; Tue, 11 Aug 2015 06:23:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934023AbbHKGR4 (ORCPT ); Tue, 11 Aug 2015 02:17:56 -0400 Received: from mail-pd0-f170.google.com ([209.85.192.170]:36203 "EHLO mail-pd0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933700AbbHKGRz (ORCPT ); Tue, 11 Aug 2015 02:17:55 -0400 Received: by pdco4 with SMTP id o4so80037944pdc.3; Mon, 10 Aug 2015 23:17:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ICQJoDFv70oQnOiGzymFhxcU7DUrZIMkFaNe0xAGmtM=; b=e4zIWZGoLM8YRBypPLQNfeM1fFZEft8PEkiea9Rq5ncmCzbZvNMmFJHXbgJ6HeGBaR PXPlF9lDt2YLMpsfdpAqNYHMhXQ2cb7apVYoOZHPEKb0ZBGOZDlgmS7eJvV+xq2DsLcv M7VP5euKvs3Oz6zt6gB+/AWWTxMj1q1DfXUiMZsXLPghlTKiKoiwkxt/YfRV8nHfFpQZ YoTa0y+oj590W9qxa91DWLFqcp2cywoy/NRogEHIp2CGtSr9Reg293xKdQcMrbL2siaB j4KM+COEQV6Kc03YshFSGmLjD9Ft9cXP593rVmUsEcmruPo3poBF20ejwr8llbOfJ5Ij etZw== X-Received: by 10.70.38.69 with SMTP id e5mr53013951pdk.27.1439273874828; Mon, 10 Aug 2015 23:17:54 -0700 (PDT) Received: from linux-rxt1.site ([130.57.30.250]) by smtp.gmail.com with ESMTPSA id qe3sm1082667pbc.73.2015.08.10.23.17.46 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Aug 2015 23:17:54 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: linux-kernel@vger.kernel.org Cc: linux-efi@vger.kernel.org, linux-pm@vger.kernel.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , Jiri Kosina , "H. Peter Anvin" , Ingo Molnar , "Lee, Chun-Yi" Subject: [PATCH v2 04/16] x86/efi: Generating random number in EFI stub Date: Tue, 11 Aug 2015 14:16:24 +0800 Message-Id: <1439273796-25359-5-git-send-email-jlee@suse.com> X-Mailer: git-send-email 1.8.4.5 In-Reply-To: <1439273796-25359-1-git-send-email-jlee@suse.com> References: <1439273796-25359-1-git-send-email-jlee@suse.com> Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This patch adds the codes for generating random number array as the HMAC key that will used by later EFI stub codes. The original codes in efi_random copied from aslr and add the codes to accept input entropy and EFI debugging. In later patch will add the codes to get random number by EFI protocol. The separate codes can avoid impacting aslr function. Reviewed-by: Jiri Kosina Tested-by: Jiri Kosina Signed-off-by: Lee, Chun-Yi --- arch/x86/boot/compressed/Makefile | 1 + arch/x86/boot/compressed/efi_random.c | 80 +++++++++++++++++++++++++++++++++++ arch/x86/boot/compressed/misc.c | 4 +- arch/x86/boot/compressed/misc.h | 2 +- 4 files changed, 84 insertions(+), 3 deletions(-) create mode 100644 arch/x86/boot/compressed/efi_random.c diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 0a291cd..377245b 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -49,6 +49,7 @@ vmlinux-objs-$(CONFIG_RANDOMIZE_BASE) += $(obj)/aslr.o $(obj)/eboot.o: KBUILD_CFLAGS += -fshort-wchar -mno-red-zone +vmlinux-objs-$(CONFIG_HIBERNATE_VERIFICATION) += $(obj)/efi_random.o vmlinux-objs-$(CONFIG_EFI_STUB) += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o \ $(objtree)/drivers/firmware/efi/libstub/lib.a vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c new file mode 100644 index 0000000..a69352e --- /dev/null +++ b/arch/x86/boot/compressed/efi_random.c @@ -0,0 +1,80 @@ +#include "misc.h" + +#include +#include + +#define EDX_TSC (1 << 4) +#define ECX_RDRAND (1 << 30) + +static unsigned int cpuid_0x1_ecx, cpuid_0x1_edx; + +static void cpuid_ecx_edx(void) +{ + unsigned int eax, ebx; + + cpuid(0x1, &eax, &ebx, &cpuid_0x1_ecx, &cpuid_0x1_edx); +} + +static unsigned long get_random_long(unsigned long entropy, + struct boot_params *boot_params, + efi_system_table_t *sys_table) +{ +#ifdef CONFIG_X86_64 + const unsigned long mix_const = 0x5d6008cbf3848dd3UL; +#else + const unsigned long mix_const = 0x3f39e593UL; +#endif + unsigned long raw, random; + bool use_i8254 = true; + + if (entropy) + random = entropy; + else + random = get_random_boot(boot_params); + + if (cpuid_0x1_ecx & ECX_RDRAND) { + if (rdrand_long(&raw)) { + random ^= raw; + use_i8254 = false; + } + } + + if (cpuid_0x1_edx & EDX_TSC) { + rdtscll(raw); + + random ^= raw; + use_i8254 = false; + } + + if (use_i8254) + random ^= read_i8254(); + + /* Circular multiply for better bit diffusion */ + asm("mul %3" + : "=a" (random), "=d" (raw) + : "a" (random), "rm" (mix_const)); + random += raw; + + return random; +} + +void efi_get_random_key(efi_system_table_t *sys_table, + struct boot_params *params, u8 key[], unsigned int size) +{ + unsigned long entropy = 0; + unsigned int bfill = size; + + if (key == NULL || !size) + return; + + cpuid_ecx_edx(); + + memset(key, 0, size); + while (bfill > 0) { + unsigned int copy_len = 0; + entropy = get_random_long(entropy, params, sys_table); + copy_len = (bfill < sizeof(entropy)) ? bfill : sizeof(entropy); + memcpy((void *)(key + size - bfill), &entropy, copy_len); + bfill -= copy_len; + } +} diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index 70acd7e..c8e2237 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -439,7 +439,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap, return output; } -#if CONFIG_RANDOMIZE_BASE +#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE #define I8254_PORT_CONTROL 0x43 #define I8254_PORT_COUNTER0 0x40 #define I8254_CMD_READBACK 0xC0 @@ -489,4 +489,4 @@ unsigned long get_random_boot(struct boot_params *boot_params) return hash; } -#endif /* CONFIG_RANDOMIZE_BASE */ +#endif /* CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE */ diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h index 60e4893..3508a6e 100644 --- a/arch/x86/boot/compressed/misc.h +++ b/arch/x86/boot/compressed/misc.h @@ -53,7 +53,7 @@ int cmdline_find_option(const char *option, char *buffer, int bufsize); int cmdline_find_option_bool(const char *option); #endif -#if CONFIG_RANDOMIZE_BASE +#if CONFIG_HIBERNATE_VERIFICATION || CONFIG_RANDOMIZE_BASE extern u16 read_i8254(void); extern unsigned long get_random_boot(struct boot_params *boot_params); #endif