Since my KASLR implementation for arm64 Linux is based on the EFI_RNG_PROTOCOL (at least for UEFI systems), which is not yet widely available on systems that are under developement currently, this implements a pseudo-random version for ARM Juno. This code is not suitable for production, but since Juno is strictly a development platform, that concern does not apply here. Note that the library is delivered as a binary which prints a warning to the console the first time it is called.
Ard Biesheuvel (2): Platforms/ARM: implement a pseudo-random version of RngLib Platforms/ArmJuno: add RngDxe based on PseudoRngLib
Platforms/ARM/Drivers/PseudoRngLib/License.txt | 19 ++++++++++ Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf | 38 ++++++++++++++++++++ Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.lib | Bin 0 -> 29610 bytes Platforms/ARM/Drivers/PseudoRngLib/README | 8 +++++ Platforms/ARM/Juno/ArmJuno.dsc | 8 +++++ Platforms/ARM/Juno/ArmJuno.fdf | 5 +++ 6 files changed, 78 insertions(+) create mode 100644 Platforms/ARM/Drivers/PseudoRngLib/License.txt create mode 100644 Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf create mode 100644 Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.lib create mode 100644 Platforms/ARM/Drivers/PseudoRngLib/README
For lack of suitable hardware upon which a proper implementation of RngLib can be based, this implements a pseudo-random version of RngLib based on the generic timer, the cycle counter and a couple of rounds of AES.
NOTE: while the values produced by this library may look like random values to the human eye, they most certainly are not, and use of this library in production is UNSAFE. For this reason, the library is provided as a binary only, and will print a warning to the console the first time it is invoked.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/ARM/Drivers/PseudoRngLib/License.txt | 19 ++++++++++ Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf | 38 ++++++++++++++++++++ Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.lib | Bin 0 -> 29610 bytes Platforms/ARM/Drivers/PseudoRngLib/README | 8 +++++ 4 files changed, 65 insertions(+)
diff --git a/Platforms/ARM/Drivers/PseudoRngLib/License.txt b/Platforms/ARM/Drivers/PseudoRngLib/License.txt new file mode 100644 index 000000000000..59024e66da4b --- /dev/null +++ b/Platforms/ARM/Drivers/PseudoRngLib/License.txt @@ -0,0 +1,19 @@ +Copyright (c) 2016, Linaro Ltd. All rights reserved. + +Redistribution and use in binary form without modification is permitted +provided that this copyright notice and the following disclaimer are +reproduced in the documentation and/or other materials provided with the +distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf b/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf new file mode 100644 index 000000000000..10942ac26814 --- /dev/null +++ b/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf @@ -0,0 +1,38 @@ +## @file +# Instance of RNG (Random Number Generator) Library. +# +# Copyright (c) 2015, Linaro Ltd. All rights reserved.<BR> +# +# This program and the accompanying materials +# are licensed and made available under the terms and conditions of the BSD License +# which accompanies this distribution. The full text of the license may be found at +# http://opensource.org/licenses/bsd-license.php. +# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +# +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PseudoRngLib + FILE_GUID = 0b9d239e-e958-4071-882a-102835914533 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = RngLib|DXE_DRIVER + +# +# VALID_ARCHITECTURES = AARCH64 +# + +[Binaries.AARCH64] + LIB|PseudoRngLib.lib|* + +[Packages] + MdePkg/MdePkg.dec + ArmPkg/ArmPkg.dec + +[LibraryClasses] + BaseLib + ArmGenericTimerCounterLib + UefiBootServicesTableLib diff --git a/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.lib b/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.lib new file mode 100644 index 0000000000000000000000000000000000000000..90bf9dd737e7f582dcc326442ed7c760afefaa8e GIT binary patch literal 29610 zcmdUY3w&F}neQA+@{yGgY?6?W0FlcpJZ#4ygz&a3%dv_rDUuu#`cM>Ew$;dz(Idn> z+VE(gEl|QM>?Lq%X_u7UKK9oZXbasGw)6p|lt<7M8Z`ue3|K+(KK@?Uws}-+Xg? z{8=vP-h20VcYg7lng4wAy=LZ{IY&oI``Ot_Zv5OpS8!%p<*MqkI}ZlC*Q{lVEdixe zvr^WXv;WGw*5_-9YQ8>FPG(CZ<%!;@TE40P)YVvhVr#zAy;dTpu9nE!H4^Dwy-sB^ z4f(4sX^zX9M#VLbxmyCPZfR_=u(h+i^+R1VkZ`$@*Jzj1M{{&n-M(78W(^UnUe|rP z_Su%eM<Rp$O_l|Y)5%f~sOg$Pl}hBN%RN-=QOBsDdNcLS&%NnU_W{)Ur+MnYTOR8^ zOZA-5ZmHAS)y^dFIs@C_+NxB~0Tt{y(B$no(4)@#@lQRA?t9s@@V-CI>pAdd>XCgw zx9H8(L!Vm+v~K~=EloWKUS6RND7Eux<PGh&{PZ5R8?P@f={c~oNlpE1MbCjO(1n!s z{g6^$!8YU<1lez<{$byKPv*yeA<wV<Kj3-bpm<*T_r{mE{1p6xwvZi{ev9k~sDQda zg;Y|-R22T!t20$l)zr8us4A4IY6|{pDz7G>rm;F81yxdGfMnqsRCUO!P#y)kpqhko z9<UKrRvoHBG+5RgCZN4Y{PNJN2CX&VRwh1W;1C2|koO><TU9&ghfDD3rAm3>s+8Zt zd_HE4QWJtrYt}&S@!MGO_<eZM4Qq!G@lu0EPR{`1_4*2>8q=)12x*#JG-n{9$<Mrj z8eJ^Ux*HM84>{AEtq}+t*gzNEIdUQ(zE;miykLZG-r0*(x_reb6ur89C6=3Y`6?v$ zEBju67GV)H+t^2}Jy$;tjV=Cwe?MI3!JqQ{v<b`9>^*8ZbkW83PN#U>@lNr?>0-xp zx3#FS?sk^e-8--d>ZF%9iaK)ny{KH%{J!jz@}7@nkER*KvbM=Pgk_(`V_4SqdE;2N zHJ<2&vR{`sTm|L%x|~Fs1-hKV@}aC(`Wmp|5HF6a@9^tDw*^q*+@f+5<sQntl=~=e zrrf67Pk9UF0m|o5KA-YKC|^K1%k{l)1;}E#TORr|a<!hm%k}_`Z>jH!`5yL}?;3Qe z_Mh*DUMOn2eK%oQ+wI$f<yNxWcL$aiF~7avX#%IACr$u{G$kx$BgfOH>ppLD_lS|# zyc(&syyi2otmkI)xl4egN%L(EVfTO^dw~EDv1}(455?kA`_jLIGAUzU_97Iye7PUi zrdHm*;(ah4t;*-MPkh=TK4}#D>y9VyfFet?PeF!S&IewFV!;18<gF2$m%y`)vRkop zz+ZPrD+{45;6DO#BJFTUu>>tBIpBAuw7<O%@WYTz!v8VrS*XB<04jf+%3Qh5dIuW( zy5)N7Bv|9Ey7EcuG^i}ql^d-Qs04LoxAk$Ttkjj8t=pioN>^^N9)QX^UAfiz8B}_7 z<-b`;@Wg;N+yD802B87}zd%m59DqU_Wo-5t0Fa0Lj|G59z~2fvksb>LO^PLG(Vj)a z{s~ESuix}QG2riqoO+@5y4QZ7Y+DJgrc6f-f3r17^xF+R8aPeQRLhBq;*7t;`ZV>} zXL_LF)PsrptVfC9dxij=G0n0K^<dHqEp*4CrT(1N4^Gk!8?(|#p(~SA@#;#ADm-L6 zs4`!-Tt*chznvEPauLh8!g`(5K>>OJw*)VTGA(bN&j=jak1eY=0gZ2E%lHrA3jZM7 z7JKoc%NJb)j?`<QW&35g1~h&NF3F|3yc5eo=6A)l0MZb(-1T!P2K>K-oQBA@!9S={ z8wND;Pa9%DgHm*-FE0fo;6EC2>a-d=VYBw9CVJ)^A_^O#Q6!=vpDt0g2o1muZ43B& zp{)DAaXIzB%Jkoh{il^W6$VRtwZ*db5$P8U>BC5hOOOecS>Gdq9~y#RBf)-X*BJ_J zL#>$pZ0i8gzhmf+f-SZ!fd*2k3~RiN*9f9C8CyPJbpctxe;VZEmYCCvx?;wpms%GR z=@vs;L(=`IhRd$It(`=*3-ZOcAq56Fw_y)hpC*cZkdw&AkxH9`q{J2-(S{A68#2(^ zK5M;5U4L%6&TE<7m9WFGf%~^X`S5^$DO{GE3A~ol?$`3Nbq*l2XEDqAwRIFUYq?g_ zFqA<P$VufI6trQ;qwPe{lS$i}b^;Rc?}D62Z$$z$feDUl`V<k|YY6ru!G35beO<Ao z<uu}@RfxFCA82}oSo{iEi~{Qe$N~#2qtN7oQ((Y95Awx_L*{P0rs+M@xDs;G@O&ho z;7BE$+Ir5@Yz+9(XIhERHhqA)=1kYiuq!PHr$3YasOefFy}^+F9g;d!dc4VMlCo%i z%S%l^0}={HE&tMl^MNa`QALNambaR44*OZkZ<~;<R<7Ce2Pg-qiR@YgcpGKQkRss6 zqgcR?Qgn|co>QO@@UMoPdW4`rJ(%DW&kzx$3_%eIrZZ#?{ZS(<sg_>PhoKPgUky2N zyd4U(>fCI{Jf9(|`wZ374izmrTB_(4JuPtgGXI^Pm#F6}rsuz7PwGUYfK?EWZpM;o z+3PtJ&i(=aV#rCMQ=y<c;GsbaKys%4g6BM<j~M#2p=W|`dbSY3s3Ew-5D+h>deXCt zsID_qcOcb%R7vagisxP;_`D%_+z`-Wnx)s<o_{3z7a?E#d!)rPWZSe2G>bIvd0x*U zXmbnXWb;xev|$F|iH-`(y(babDnoW2l2KsSd{%kSCxQ)z;6q3-JuWWN9`AM{y$tfj zyB#uzmaR^B?<BH&knBN+Y(MDKb}wWmG;Q`i0gXB|an}!ekzOmd-TMlZ1O8t@P6py} zTt|6Y!PwayaX;x@1Ox&9GRTSkBtw4$bKK`$OB81tiVKl~<`r=yLtHL?#5+p#MMMA5 z+4Ri%Iqz;F-D61aHKa!Pzk0t+6kjtGPaBFh67Jev7W-Zz(pL=Wd^l;l^h8o!CEY2A zXrHb1Ed^58{~;$IoISHA(PIXusg@q!CD5uvQOHNAuJlqxAD~*oKIE^@Of7v>;WJZ9 z#E0y)<W0Vtpd9eu4mnA_9||s=sfw!?XdWU;6wV{<dy<f6A*a5-hJx-(CGPen5uvkm zx9fdAc+>;&A9Ct;EEKdeX*VX1@-}#zuMZl*pO7f$!yL2vj1T*2w%_!<AIbs$R>+C% zN1@P$-8FBTB@~BTA?tbHZtAqhbo!D*PbDG^_%Y^bDZlnTLLI(qI{d`x;F^JU^Q%Pl zx}j=on?o0D0Hslm7SP^&3_uVHASW|=vFr3aC+{pevZc3qCp74R?{CIkkSl}Du7OWd zWsxS^NR_25=z?bC%tO+AJCp<dyC5f_4?v-fvi-oAPNLBKFcG0#-R*Cie@Mu4kW;re zq2TI9p$#$UixE-xdc4^OcW*HMkW;S{p`f>1>fmH*(X}nVY5pCwE*luBsFvR~<Lx$^ z`ESjy!;I3maV>vr4g&9>HuK+`ai`R`aV>vpu0TcK#<h5CJjd$WxE8OCr^z1Or^UvD z$bhZ{><v&!=*m1Bj}e=6rPV$fqSqE(X|r)#7}u4<?d!nKNnKfDKMIu{x^kp_04h7# z_@ivJcKHsg<#;>4*jRRw?Xs-PejZLtY}qOsk56pbY4-DQq-V?4+J}HKY}x5H-Z8Lc z>+A|t*s?QhJm#}y=h}GaWy{X9qrjRi>#^}D$d-j{JVLT%y*8c!*|M<x1XS3v0sDFI z#!hW!)W*1dt**S+#t?m@uAFaUP`zDO25np>ck9ZKeE?#^K3$2~30N&((v`T4tM@@& zN!a&8WxuWr+jwgEuC8pf@o@5#u3TVyU_74Jl}$FDC0^E*%{CqsUe%Qk+PFi%p(`01 zPY7=x3DZioY_ahmpe$X>+jvjo=h~=!40x`UYujwx1(tHHXk(xca&5xi1+|r2tJse~ zZ57w5HinCJT&vkjU}p4it#0E+Il#5;Hf~x8u3c*5_P>d1J8j(Sw{YzW8@Kdvu3c&W z2=tt^c)DF>H-VwBX?)DS6=s_@`g+?HE_Ty^v@-oo_C-LpXh+K)JAJsBop-or=iN3Q z$d+nOpS3a81a;*;8~37>y7EOEpZ2WMl`m7vI$e3t#s?xjy7Dl!4Cu-u)RNGZ$4G%q zy7GPdLeOT5t~_b)2chG-@{GL&S|%Z!V4Mi}aZSOQ7jl>wFs9GipCV)wsE$I!IvR6K z34Kx4-hYKgf~^%NGN`LTj76AM=!;TM0%_3N(1L+Tr*>1gA0BH5t%T=ID*+U6*`U;W zu+cj6Rzm|<di;Ut-uEvtV$Z@NreiR(&c&yIO}odB#Tuq>0qf&*5mq0l5CeJ;0yN4Y zdIE^R_EE^S*x|-vpK-))q(dUmYq6W(RqVIt5~~GHHWt_iifMmdWc;ZG*4|a%TJmWF zJGH=1xCI8m5KPwI+Z=({8G(+M(3Qt)LhVX)<5d7?l@=q%>Cru5ER|OCmRG>#D@`YB zsZ$J`YUT@wZL^MBuyCGd!SV&eOWLefa8=Xc%Cq3id1uXw!esRvtLDu+7uw+wIu~K3 z`W9OA<{^m%B+Z97^y^^y+Ljevh`7I9MHhAf(sC&9fI-F!@|?#4d{~(ez5QAm_CCZ5 zoTCd3?*%J?_mO}fy3q10n3mbP*gD||EvC%}V&KuLL*PT<3t1_UfovDC!qm1HJ0sEI z=+Y&}Q~#xoV4^t!9IlqJZp>skF!6zAL~x`_0ECvKI<51L&~7{7h&JmmyJzX1UJ`P& z&v8!^cz4CeuC&1EC_eb{D=pQubayYvYS-|sy+?FI%X{41q6=s6J7&!^Kj?TYbX08? z_Bu}U=qB$UZz}L~9(u5g&pYDmBVbZ=DlC*1XoZzJaT+l5#dWoupyPm+$~k2&G@$Y- zh${bG63V)zAmq$U7JPCiQUfYvzu_R*n~>>nY{33tRsAo-Yt{%gwy_9qX(HFa!geKT zso4Px$-C8qhVVc6x)+RTQuxuB*ZQ{whbRjYr~rRf*LZm%-<7S5bZxB{iX&b5k!`EH zLY0X`F<Tog!*$zO7rd2F$yTPi+^;F9h8>4S^4K9-$`$J)`L0k1Ui5(1C=P=5U}(CA z^P`1>B1}}uwQ{apY)p*ixwK^S8q*4k46SneqBDoC1ev*fwOX$97D^+X<2ZqOv(-G5 zJW8SFSW8b$BI4D^P`y|yB*rxrV14=Rg<L+7t&IZ>M9@@WVzQV|=XcbiC5goAH4P!_ z)MP%V*@A8B^QC;HkV_XP@|AG8UaI9Q_+H64ek4MAl*_eLzJj8v>Fm~GUbn&-8TKVT z?V;ppx4KpY+q+g3x;mOHm@@9Rv#qIfx|>=A`j4t1{F}z`^_CSp=Da2kFiGaC`I<`Q zbLG;Aiu6Y_$>CT!IuyyIBFT->a3rPR6YOGPY`mr-qlKaTM7c6Gl%1T+k3{1{pN?!w zXHw~8G`3!a%cW|$n2(kQ;Pszk9^c_{dJu7Fa4;SYr6ZX{JU*z_$A*L9?(X1eovS;$ zgR56{pVqyqdsVPwA~#VU$rsP56-rZ3D;8?CV!k6^8YyH;P_Nd&#kGzsXoc16*1|c( z$+c^O9b@z_UJZ7PR>#YgTF1q?@oWWZrE<q~r);%Q0!jpP<%x+h@E`)}kuTLJs6X(| zk92VV(RwLYE0jwe)jVC1VkBG3y6feMLak%8lAXwROqSu@i98F&wGD=7A=&CwDK}mz zm&)~ON4<10OxKPY&I6KJ%jULqOv3sBDdh^PTrQ0%noJ3pR^^dGj=UI+rPAQZOgJ9v zkFFn1hSJe^ERzoP4n|a}maWvH6WKBH{_K~raENKhHVj9Sn=?c4zKB{s9PJ~<sYp6= zK`0#_=!>t<;4Db0_+-B1Ea~BBEDf)3B_rwKWDEv9lpap0dZ|jz3gQbR{l)B96=zB) zoQUeNk8Mn;;ZmVgt!0ZvT6VCo49h4wYBUSW0VdDn6!aiPA{!&IbS4&0NBcL!QXDH~ zYxPQAY4K<RPoq>Mlnf7K(wh?zHB>0oYk3tO&*!#9w&y{a4fT9wDx96H){A+#z(j$m zQ~*)4W^w{%OKK9-AnD|v@F4Kcq{7KaB&JdHZ)PA8>I1hpZj8hT4i6_&aeyJzxR!Vr zrm><GmYS;8(6-S6Rx8`{BicC_ln8}b0YSsW2JXmCo8>GLA0CK=&(DyjVExvHP}W9R zB<0HbdSL|D9?l#ivSxM_j8}zGo=IjkCgbUN7*=HTAV#SaErCsA1u&>$G>esMh0!UD z!xa0gFkLwWprdGh>6icFqY0RrFakIYVS=gtLS^FOY$dNXN3CNJb2nxy1zZ*}SWXIO z9lRnK*-@yuol898iAXGyVD&T6Sbsb@q?ZFspyXybAbqfCRk&V(ts-15)+b7{nW%8F zT+QnVgu^v+V2A<P1WP4`p>Ja-8Ko%@3xPS<)EB|PnMs7w1CDCc5RD~<)0y)lo0Zrq zc&sWLvqcpu7R$M8EgvdPO}k1j%=06|3GFrQks^eLAZ0VwAV*=?rCeix9Q2CD$)DZf zo_?TnWK%Q^vnW5JLb+VMlFd!gyv2!%K7{eC;((Vpp5r))cRJDX)aFz=GQ^Px0a!g4 z?e%hwY*G^!WGfI?alYzNNR+FvB+Dh-I=1I4wS*3xDm)NMLZpdhOE4I;H=*a(sC2$s zOF{gHxM)Vf41h|EPgM)KY>`5s8lD^hFY@Ylh-t`%;t*Nlv1k|~DC~CBI1q~ULHHcV zXGijtRN)dG3HqWb2(qzAIE}$Jos16-!r~vym&R)2s4_(8VsYkNH}hg3x_$t{Yb?$} z25D5y3Q?*0R=xJYOL_~1j-fQ{qrJmvJ&&BtlEPc424-)C2uCl};vyM<U3mz$l3KY` z$kAzoEJ-H@>8fWN3_u@EIds=hWGD_npZH<jk&p<jhn*f58XOt11?NMiHy($r-JAnp z8emXQ=5xhtVM5Oz4mfm_F~P%_=!ABKyC`v8&y#S*t`aTbVK+;&z)b!`84i%BM|d!v z;`xJ<hW0{Uz#9wI0)z-Py$Wyx(r(rhzqdX*ny;wMc@U3N9wQ_&?T45S%M(q;YAQOE zfXGgx5FbwC8l`O!x)^<&q0-Z2dRg~Q8FLlUXz|mBNhiJ~;e1)ei4H8ac2!(qu+Qgl zz}#x1p(X%2;Tyu0KA-Uz_C;W8iYC&q>A)O-*$6Ar=>#jFGy*pkkxHd(0x^X(M_CT^ zFoj18W3b-Q`+5}7Bgs${yly5^GJ?TFuWhxlP^s0;8oMA{sP&gC=jW$XDwi$Mt~JL? z+BBFA&MPzkz}{KK2=KPVYZ4KCS_y{|sbLr@xQ2S8gVA&phH$W)9nlA#ND2209azwb z7i72P>yxw#(!@#T;m)eColZvX=*4qh+c|Tw(F92hY)(bPp}|b3uMdb)ilYiibz;Q~ zr8B+5{rz}O7%dE!>Q&T>S4{7e**tmEMAa@Vm-N(x6&OkOhhY0~7AeikbR^}RvS)3A zpjvo%5Cd&E8OEIw9A?glL&JmVC{AzJCdndFcvvhJ6)bZ&>*zyHGGaQ;rq?d5<;F+K zW4sWv#atbHnh#fUELSgB)0tEmj{O;)Fl}AKB)1iK>ECUPVGGu=4RCi-%XU+~n(|Yr z1B?=^jOi(?Pf7iiJlx^o@dH<wp2(q*kqX>8!YvJTBxln^P-5q&W<K)b<k5AQxv(H9 zp6LioHy(5pHnD>xz%u3V6CHxklNpW;#zXqptpTUnV8_X1;Pjl^mdTB8%Zz3VML48D zP)p^&Alf=haK|vc9ck5EQB7|J#(UK4-kCKJPr&T}*n$oR6*fkaX}C=zPZO4mtdGL> zo}8XZ?(=z(PfXCcK|FOtgX3Wx5WiG(eGJx=9vUY+Hhf-j5D!IWJRyOn0--TDtnm3K znJvKWKW>X~lF1e+Of`sn8MNH3yl@-n?rg#;ksawKGn~y^-vWTkQV^HoF{IE-(V?JS zr3z<@8lU<xbm4;nm>A(o9@f#c6HTad-ESBtrZNc_1y^vSa~&Kz2Sae+1snAKMt9iy zI4w>Ia5t6%nPJ?PXBo{qpb>^kg(4_2#{HZ3pP^7f^%bhQa!JfR=O{|MzRRr04pL4} zc34Qsw4x{y&X#g{z1z=unpfuTf%d2foV(~Y4pcIy9N408c(q5JQ#yKP=58@uDmwdx zh&B+x^n`JCN!Xy_E`d%aX#Q}bkAke;h0rtAbos)3rHqncLg7s(?4#KthkCmIG@CLW zbDYCH9xZg>!LE2qSWAu9Ya`{0VL9s<&M+L9C-}gVEMKe_4&MAziMJfr4TmE^$GIdN zXJL1S6LWc+-e7PDF9=QFNjP`r#^~u|8{gJDr?(i~SZ$2BVy}*M&Vb|b3*EFanoJM7 zcFTcsy`uQ2peH!onoQQsIlkeF@1-ZAu<kKTZ^%#7J3@G;zjjSmG6I_woKDt<!)wlf z$DA7dOCyA$y}+C@#X%QrFt<x&&;=nl48xrz$0|G~ufx+nm_hB+8{E6>ws;^jhX=Yz zrx`*U12Tmz818Y2r9SVNLlOAAUq5X_y@Y==xD@qqMt|Q<foskTt{mP9x2|>laIItY z>N-`sPZUqv@W~^7VE+yzOL=!3J%7dYr=i#g$vk@xEePK1y~Pv0t115MGw_<0^Ld~q zb3T;~E$F$~e~aCJSM$(+3SE%phZeNn+;o@K|I#z?`5>mw>eK{0UW03`qOaqoRD&BR z)d{zVS=G6<T2-ADI2?8&+6iG{_H(nD?e5bf+@{Xm2r*^uMmTrQ-H2a!?5vbgLsWlt zCvXBqJIyV$?m3d*S|7_4Ft&8+a(3(1N`5;t)=;sWn^DhJvL!qPxmh%TiUl~7GFQ+* zb>ibv2yv<t?m6?F@bnfQQNpQY1|NC?s=YsFjvs({)&F{@5dl1tZUn=FeCP4_jCKz` z;%|^V_@G~;R;tg&5%%bBEzIbl>EY3RgXDoXlx5QNvvH*J(6{zx_R#e3W>kaZY4D9c zO^>T}cJi2)NnK6wAuJ?b3oaas9{mlb87O=}58j7YZ8({c(0rzG(~egUe&w`5^5}0D z&1&)J_h%a5i)Ud7cocj}-5_}sd~)0%dDQX-DDt5<S7x+nyN+&Xfk(e>F@qi}9z}09 z&A{=!jKf^>Ey1m)!nKiiPM-sh5ufS#W<Jy0G6#KS4*dE#@Vfv%%r$Qf|1S|fJr523 z2;tN7EeLf=;uE-Icc^1WoM(Ft!zaE1GRKnvaSDTQ>b~0<tHX1QKli-UO-#2&f*(X+ zfk4<52*z4SX5}6R6CYkGbCTKT5Dz-&^xG_myI02`(<}qL-9>LA57Hmw!p)3Y4!Dtp z&8CdF^YRqnJ=h2dap#RDsQ*{zZ~QO)VAhcIgIOu?8L4td4>MyCUj}};44nnZjH$tI z<j`pP8vIIl3l5WsFo@#|I3^jNBW`H0?Ib2JeCD%3xZW`t{2};!8PmD?;^2=keOTc4 z@W7h5V)*p(mN+cv?`QsF0`Fk@n!wLyd#41xhaG&iz(3D?b_+bgFZ$gkaD1f{(>?m) z*t>xTcAvmc)qz=kRp2A+pN9m#ob~^fz^`RK&kB4$>+`a}A7lJAfj`0c+XDX_`)3Kv z159RIF5+Ntq`<xGw=RLNVf-wCZ{cz87dU>a1=9wB>u>QZ^?rf>jP)NA_>=VBfl?KL z2jLYpOqUBh&VIg8;P_=dOnU|XD7@y3=_>-yF`xYc|33TS34xn+{=C4~v7cWN_+8xL z4S`?DcKuP{@6l>1Kg&1ccp>v&EbxnYTuu>qiI1YI1&-hLz_d=_Pw@OdSKu+`(<gBJ zCNQS=3jAuOPYC=djsqJ7-p_&X{Q}Rhf3^zzBp%;!fe&-NB=D29nyM!7-*WvDf&ZH0 z@J@jr!{fM1;J;zJt{3<(c|Lze;CJ&pyiefxeGN=s68II2-!Jf=vY#IoxXpfhO5pc! z{U-vyhV6Y-;D@sQZwdS+)&~xsl+65G#{M}(;Ky^lN8s;eKMV?d2g}_g@HLF*1s-Sr zZx{G;9G9*T_&lEf*9%-*qtsss{3W*cvjRVdkEmZ4_yFUN3H&XV`;5THS^t*={t&On z7G7t@&p&2AoGI`)k7GpO=Fp#%I2)W1c%9>6QQ%+X@tqR*hk0MyC2(W^%>qA}{cyLy zAK>x&yui1!+^-A#3HI}M1diXN!1SEJ=P{1&(_u3HJV#g6$pXKN*U?&mn>d~qc!urz zgur+5c<m8*E06bs0zZfO{9NGp!ylO57Wk_i5A`p%OxtDra2Wf~*n2qJwL;);vcFCd z_-A?kpCRzCu-x?me~0nBz<0CW+XP->{uc@SLLRS+1-_i)#)k#IhyA=;;3m%8De%X+ zZq7}{KdX3NeO1sG*gxMAxbf$c0{=Yg`GUalXA>|j;H#1Q2K(()fuG26pepbWX*TLk zfj`Cb=bHlm8(ycc3;dJp=VMvE(PtUc#RYyC$C<joZ{mGokHFtz{!a`1LiWqa>?b4l za<;cy;GgDm(&+;K1&`Oc0^iSmFyn9dzrypdF6g(jUAGBbe-{eAu_N$1*q$E<{C-}i zF9^Ji_56dtpXT%M5^gtoex3c36!;p}|8jxv<oY)ReiW~-?+Uz)`9CM{vzY$p0{<U8 zF8@>D1@=Qb#}%XhLY{BE0)LJ9R|Ss0QiJKQ1iq8!&ocs_V12yoKO<NFvXxS61YTx7 z!vbH(`d=#WFS4F{1#aGqHuqsh?h5wH+k*ZV?B^9M-_Q^8`sxw*eztR)!1b?UDRq;; z&*b`J0zZNG@gE5M6U_ewfq#ni*1xhfy^lQ0^e6NBF#6A9`u7Pu!}u<N>+c7`mqP_^ z*1!3f#PB!!^dY>C4L->H`vv|y^Gyl-EcWvjfq#zi34!;sUoI8+H#q)ZBk+&$JbYB( z_j3IY0zaPhT+RKAT^Dg&SSNAz|G5G`kLe=<|1!s6^E|`w-_7%Lm!SU|&+`Wa{w0pL zFABV$^;ydO4F5lH+#3{lh2y|xft&k_QGv%<|Ej=GW4Y#j$jH5g{d>KjU&-}<5coap zhd&7XX4bQZ*Nx%-0^2nt@OJjgg#zEn^K(q#FR<L2z<<Z|R|p(`e+ttL0{<S5`yB%R zB+t)%0>6dnzbf#r@ce&7;9J?=9}3)@V}2rVb3ge@fxn;q`+I@&@>0v#-^S1Q8ylET z5cp-R{~Ccm#r#78e~tYa6Zi)-d-Xnn-@x%-fBkqm?!C==*9HBxJm0Pq_}?&}PYQgT z`Ro;VnC<<Xzz^en@P2{+h}XrV0zaSSJ|*xwcpP68xcMmTR{~#P#!KMlzTUe?JJ5{R zTApuh0>6gG>u7<;89!Ozzh``%z#rlD5)t@Q9G8*;zk&762>cCRr$vF^$NEnR{3RaW zT>_`yIszBmEbvo!zI{sIkMczSqQK8)eI6EgkjM9Nf&Y^I^Mb&)^SJ*);6rTJZw3Ao z(|h;>1~ZNYjstB1U%-4;2z-?F>=5`l?1!@i{&A*{3cSqo{{n$$*gvBJ$8QB=x>Vp# z@;tv*;ODWuw+Vcl=hcG(-^uoVTi{#R|4$2iNUNj%S>UUf&uapIhS&80fuF&4HRA`~ zkj%I|$8r}6d>hjT1rA@xrqm(uFY~^6roiuIKd%?~+dM8~0*~^3G$rtV;`R6u#_=1a zY%1w<o1oXfoT}8_E}V-*|5+D~pO<}y?fs$)$6|)4;dwseM(){+f7^xglBSj)x^UDp z!St^&Zv1~b+xt5gJuemNaR|Q(VCYX{|1WXj*!7#t|40|^w(BIuQGetgWct$uzLN2{ z!21}_3I2cN@tttd^OT|<R||Th{|zo2^$+m)-t5BN`hQCB53)XA5V+C*F@YQXpB4On z%j@(d7d=m9lJHwWZ}fl1g`@r(S${8oXllmG%&Wr~NB<-LAaRG!xCL(XKV9HP|A^p! z1INR-i=L+lNf;IMM*m3{j{1L^^{)#)%wAn7a1Q%wkBbkESBdBIJuZ6Q@=2cu1U>#@ z5~gp=fj=T}{6$(!kIjMqK;VDP&iK(BxaJ1$0D=APc*0@b!Hpj{Ow7W~8#so~ATvIm zuM+PRc%18J%z=jlZsLiFPli8}!EdMQWN<bgeu=#?eu==1{vVwKzh2-*|J&!l?-sbx z-^4A{(;fF7bI~Ji^#9Qu_zMCz{9l;^e@)<NuA4Z7`ncm5zQ2OW;6|UL=D?2=xY1|T z9QZnc8+}Y%LAma@^g$Or;zpms960_aFebyt=yTZ|_|*b8`j|L@eB5yc{&NP0KjKE$ zug-x#EO7Ha(0Av+&3W9&4Qg@D8;lrlO-#b3R&Gan_qq<caQA#$<-*<L-s8fJO$ZtP z8GV?{xk$M(o|yh_J>B}4@kBm|8~+Dc0^)8x&Awr9L+`fBt^Ya~AH)rPj|+E??|{IA zTsQ9nNP7qPJZ|)7a`izM?$*EV!rgk}&rD-NK5l)?SmU_6-*R;O%{}hsye8>;h`Z+R z_Wuaul78Gp@7DjiIp}Y6(Yx*X${h3$y6D~ZGW;LD;Qj=za@LDs)ME<binQ+34i&`s zHppq}aY{1_vi}LtjBDUO+P@q6B2PYEKuM<_zMA#KRp-4xQ$Ga?Uij-V0AKg<2eVta zj&>p)>WazCrwveUB;Sm$SwGYXGUVY-xSuwX@8=idwlFcuM;oR55@3zwzry|AO@0CB z8p$7TARlE*`Jb3WzS+0lP5!Pq<bSt;d^{3L`TOROe;qmnQjqfLO#1&GXli8t%JXy| z6DQIC^Wjg*{}x~<YBl`1)88Tp3H5U)4qM7xpMpl@Dd&IM#5Z?mC^K6J{aFJH8%_To zn~BOjWd9cdZ)E=_wm-2#cWj4CEBs0OUk6O`#2zQ{!FQ1{6hTOm7UQ?XknUU#-mi;B zQB{8g+D7{C`yg^rYCk)+9m;q{m-@E>L&+2Sox*lcV#Spt?R)?l$sgaUJKe~A+u@3j zUZi|H4@#ccWiQL$f)!Viv_SwG$$y*WzrlUm;flAWQa-Lz$rHQ$k>%h0F5`FV9P(ey zAs6^XM14^xAKwp_^7~l+DyB1+z3<VbXUvTiHyB;bH9klG@><=&+)o+4rk}ZP;{K-H zT<_%mrf#mLpQ%sG(f@Al|GXjOtFhm}<Ium+_-z@{6z=gm8X(i(ENi@nmazkS?l>KD zr7jT)iz<!17-H)8_By(#=b1SU2TlnoAJ00C<Uhp+tLHQuCztZOy4MBWX_c#@%Q`pz zmt6O%RZMd5|CiiKmw`Q`Ne`Tz(d+O_WRURte)mE0-+9(^)_iXae(Ex&j%+Vk@4T}& zIIuFN##hEHxVFRf|F?SkWoi)r&$$&r&vSptcl^lsKa>66`0kk=YdPZPzH2tF=a%K% zqZ#$^eB25%wbcOTx($A81HNqo-?^FN`!t5||Lpp1XXK{@d#PtTw4=3howUw&0dbP> uTxaBi?LSwHF#Yii>`qcX)?G`;A?;zp{fyxG6z`P|Hbxkx7+c&)%KzW+b^2fc
literal 0 HcmV?d00001
diff --git a/Platforms/ARM/Drivers/PseudoRngLib/README b/Platforms/ARM/Drivers/PseudoRngLib/README new file mode 100644 index 000000000000..e93b093aa59a --- /dev/null +++ b/Platforms/ARM/Drivers/PseudoRngLib/README @@ -0,0 +1,8 @@ +This pseudo-random implementation of RngLib is unsafe, and is not intended for +use in production. It is provided for development purposes only, and only to be +used on development platforms that lack any hardware peripherals to implement +RngLib properly. + +Note that this code blindly assumes the availability of the AES instructions, +and the accessibility of the cycle counter. If either is not available, this +code will crash.
This adds RngDxe to the Juno build, based on the PseudoRngLib that is based on the generic timer and the cycle counter. This is only intended for development purposes, since PseudoRngLib is UNSAFE FOR PRODUCTION.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org --- Platforms/ARM/Juno/ArmJuno.dsc | 8 ++++++++ Platforms/ARM/Juno/ArmJuno.fdf | 5 +++++ 2 files changed, 13 insertions(+)
diff --git a/Platforms/ARM/Juno/ArmJuno.dsc b/Platforms/ARM/Juno/ArmJuno.dsc index 9f1cbc2ba243..2c2e333f3cbe 100644 --- a/Platforms/ARM/Juno/ArmJuno.dsc +++ b/Platforms/ARM/Juno/ArmJuno.dsc @@ -293,6 +293,14 @@ ArmPlatformPkg/ArmJunoPkg/Drivers/ArmJunoDxe/ArmJunoDxe.inf
# + # Random Number Generator driver + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + <LibraryClasses> + RngLib|OpenPlatformPkg/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf + } + + # # Bds # MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf diff --git a/Platforms/ARM/Juno/ArmJuno.fdf b/Platforms/ARM/Juno/ArmJuno.fdf index 0e7274f74361..7bd5bc37b7f4 100644 --- a/Platforms/ARM/Juno/ArmJuno.fdf +++ b/Platforms/ARM/Juno/ArmJuno.fdf @@ -198,6 +198,11 @@ FvNameGuid = B73FE497-B92E-416e-8326-45AD0D270092 INF ArmPlatformPkg/ArmJunoPkg/Drivers/ArmJunoDxe/ArmJunoDxe.inf
# + # Random Number Generator driver + # + INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + + # # Bds # INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
On 8 February 2016 at 12:55, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:
This adds RngDxe to the Juno build, based on the PseudoRngLib that is based on the generic timer and the cycle counter. This is only intended for development purposes, since PseudoRngLib is UNSAFE FOR PRODUCTION.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Platforms/ARM/Juno/ArmJuno.dsc | 8 ++++++++ Platforms/ARM/Juno/ArmJuno.fdf | 5 +++++ 2 files changed, 13 insertions(+)
diff --git a/Platforms/ARM/Juno/ArmJuno.dsc b/Platforms/ARM/Juno/ArmJuno.dsc index 9f1cbc2ba243..2c2e333f3cbe 100644 --- a/Platforms/ARM/Juno/ArmJuno.dsc +++ b/Platforms/ARM/Juno/ArmJuno.dsc @@ -293,6 +293,14 @@ ArmPlatformPkg/ArmJunoPkg/Drivers/ArmJunoDxe/ArmJunoDxe.inf
#
- # Random Number Generator driver
I'm wondering if it's worth putting am "UNSAFE FOR PRODUCTION" comment in the .dsc file? Mind you, the name "Pseudo..." should give it away. But a comment might have a slim change of helping those who use Juno as a template to create their own BSP.
- #
- SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
<LibraryClasses>
RngLib|OpenPlatformPkg/Platforms/ARM/Drivers/PseudoRngLib/PseudoRngLib.inf- }
- # # Bds # MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
diff --git a/Platforms/ARM/Juno/ArmJuno.fdf b/Platforms/ARM/Juno/ArmJuno.fdf index 0e7274f74361..7bd5bc37b7f4 100644 --- a/Platforms/ARM/Juno/ArmJuno.fdf +++ b/Platforms/ARM/Juno/ArmJuno.fdf @@ -198,6 +198,11 @@ FvNameGuid = B73FE497-B92E-416e-8326-45AD0D270092 INF ArmPlatformPkg/ArmJunoPkg/Drivers/ArmJunoDxe/ArmJunoDxe.inf
#
- # Random Number Generator driver
- #
- INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
- # # Bds # INF MdeModulePkg/Universal/DevicePathDxe/DevicePathDxe.inf
-- 2.5.0
Linaro-uefi mailing list Linaro-uefi@lists.linaro.org https://lists.linaro.org/mailman/listinfo/linaro-uefi
On 8 February 2016 at 14:52, Ryan Harkin ryan.harkin@linaro.org wrote:
On 8 February 2016 at 12:55, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:
This adds RngDxe to the Juno build, based on the PseudoRngLib that is based on the generic timer and the cycle counter. This is only intended for development purposes, since PseudoRngLib is UNSAFE FOR PRODUCTION.
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel ard.biesheuvel@linaro.org
Platforms/ARM/Juno/ArmJuno.dsc | 8 ++++++++ Platforms/ARM/Juno/ArmJuno.fdf | 5 +++++ 2 files changed, 13 insertions(+)
diff --git a/Platforms/ARM/Juno/ArmJuno.dsc b/Platforms/ARM/Juno/ArmJuno.dsc index 9f1cbc2ba243..2c2e333f3cbe 100644 --- a/Platforms/ARM/Juno/ArmJuno.dsc +++ b/Platforms/ARM/Juno/ArmJuno.dsc @@ -293,6 +293,14 @@ ArmPlatformPkg/ArmJunoPkg/Drivers/ArmJunoDxe/ArmJunoDxe.inf
#
- # Random Number Generator driver
I'm wondering if it's worth putting am "UNSAFE FOR PRODUCTION" comment in the .dsc file? Mind you, the name "Pseudo..." should give it away. But a comment might have a slim change of helping those who use Juno as a template to create their own BSP.
Yeah, good point. The git commit log is perhaps not as useful in this regard.
On 02/08/2016 06:55 AM, Ard Biesheuvel wrote:
Since my KASLR implementation for arm64 Linux is based on the EFI_RNG_PROTOCOL (at least for UEFI systems), which is not yet widely available on systems that are under developement currently, this implements a pseudo-random version for ARM Juno. This code is not suitable for production, but since Juno is strictly a development platform, that concern does not apply here. Note that the library is delivered as a binary which prints a warning to the console the first time it is called.
This is handy, I needed a reasonable way to generate some serial numbers in the SMBIOS data, and my prng code is ugly.
Is there a reason why its checked in as a binary? I've had to rebuild the shell a couple times and its a PITA because its also checked in as a binary.
On 02/09/2016 12:32 AM, Jeremy Linton wrote:
On 02/08/2016 06:55 AM, Ard Biesheuvel wrote:
Since my KASLR implementation for arm64 Linux is based on the EFI_RNG_PROTOCOL (at least for UEFI systems), which is not yet widely available on systems that are under developement currently, this implements a pseudo-random version for ARM Juno. This code is not suitable for production, but since Juno is strictly a development platform, that concern does not apply here. Note that the library is delivered as a binary which prints a warning to the console the first time it is called.
This is handy, I needed a reasonable way to generate some serial numbers in the SMBIOS data, and my prng code is ugly.
Is there a reason why its checked in as a binary? I've had to rebuild the shell a couple times and its a PITA because its also checked in as a binary.
I agree; even it is not safe for production, it still provides a good reference to develop a production version. So I think it will be better for us to have the source code.
I even think we can move it out of the directory "Platforms/ARM" and to a common directory, because it should be a software emulation and hardware independent.
Thanks.
Heyi
Linaro-uefi mailing list Linaro-uefi@lists.linaro.org https://lists.linaro.org/mailman/listinfo/linaro-uefi
-
Ard Biesheuvel -
Heyi Guo -
Jeremy Linton -
Ryan Harkin