Re: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub

Matt Fleming <matt.fleming@xxxxxxxxx> · Thu, 30 Jul 2015 16:37:42 +0100

On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote:
> This patch adds the codes for generating random number array as the
> HMAC key that will used by later EFI stub codes.
> 
> The original codes in efi_random copied from aslr and add the codes
> to accept input entropy and EFI debugging. In later patch will add
> the codes to get random number by EFI protocol. The separate codes
> can avoid impacting aslr function.
> 
> Signed-off-by: Lee, Chun-Yi <jlee@xxxxxxxx>
> ---
>  arch/x86/boot/compressed/Makefile     |  1 +
>  arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
>  arch/x86/boot/compressed/misc.c       |  4 +-
>  arch/x86/boot/compressed/misc.h       |  2 +-
>  4 files changed, 92 insertions(+), 3 deletions(-)
>  create mode 100644 arch/x86/boot/compressed/efi_random.c

[...]

> +static unsigned long get_random_long(unsigned long entropy,
> +				     struct boot_params *boot_params,
> +				     efi_system_table_t *sys_table)
> +{
> +#ifdef CONFIG_X86_64
> +	const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
> +#else
> +	const unsigned long mix_const = 0x3f39e593UL;
> +#endif
> +	unsigned long raw, random;
> +	bool use_i8254 = true;
> +
> +	efi_printk(sys_table, " EFI random");

Probably want to remove these efi_printk()s from the final version ;-)

> +	if (entropy)
> +		random = entropy;
> +	else
> +		random = get_random_boot(boot_params);
> +
> +	if (rdrand_feature()) {
> +		efi_printk(sys_table, " RDRAND");
> +		if (rdrand_long(&raw)) {
> +			random ^= raw;
> +			use_i8254 = false;
> +		}
> +	}
> +
> +	if (rdtsc_feature()) {
> +		efi_printk(sys_table, " RDTSC");
> +		rdtscll(raw);
> +
> +		random ^= raw;
> +		use_i8254 = false;
> +	}
> +
> +	if (use_i8254) {
> +		efi_printk(sys_table, " i8254");
> +		random ^= i8254();
> +	}
> +
> +	/* Circular multiply for better bit diffusion */
> +	asm("mul %3"
> +	    : "=a" (random), "=d" (raw)
> +	    : "a" (random), "rm" (mix_const));
> +	random += raw;
> +
> +	efi_printk(sys_table, "...\n");
> +
> +	return random;
> +}
> +
> +void efi_get_random_key(efi_system_table_t *sys_table,
> +			struct boot_params *params, u8 key[], int size)
> +{

I would think that the size of the key array should be unsigned.

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html