RE: efistub: EFI_RNG_PROTOCOL on Dell Inc. Latitude 7390

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> -----Original Message-----
> From: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> Sent: Monday, October 28, 2019 3:57 AM
> To: Dominik Brodowski
> Cc: Limonciello, Mario; linux-efi
> Subject: Re: efistub: EFI_RNG_PROTOCOL on Dell Inc. Latitude 7390
> 
> 
> [EXTERNAL EMAIL]
> 
> On Mon, 28 Oct 2019 at 09:42, Dominik Brodowski
> <linux@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> > Hello Ard,
> >
> > On Mon, Oct 28, 2019 at 08:46:28AM +0100, Ard Biesheuvel wrote:
> > > Hello Dominik,
> > >
> > > On Mon, 28 Oct 2019 at 08:30, Dominik Brodowski
> > > <linux@xxxxxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > Ard, Mario,
> > > >
> > > > in theory, invoking EFI_RNG_PROTOCOL on a Dell Inc. Latitude 7390/09386V,
> > > > BIOS 1.9.2 04/03/2019, should work fine as the system provides EFI v2.60.
> > > > Using my patch from a few weeks ago[1], efi_random_get_seed() is called
> from
> > > > arch/x86/boot/compressed/eboot.c::efi_main(). In
> efi_random_get_seed(), the
> > > > calls to
> > > >
> > > >         status = efi_call_early(locate_protocol, &rng_proto, NULL,
> > > >                                 (void **)&rng);
> > > >
> > > > and
> > > >
> > > >         status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA,
> > > >                                 sizeof(*seed) + EFI_RANDOM_SEED_SIZE,
> > > >                                 (void **)&seed);
> > > >
> > > > succeed. However,
> > > >
> > > >         status = rng->get_rng(rng, &rng_algo_raw, EFI_RANDOM_SEED_SIZE,
> > > >                               seed->bits);
> > > >
> > > > returns EFI_INVALID_PARAMETER, though I can't see why one of these
> > > > parameters is invalid.
> > >
> > > The UEFI spec defines the conditions under which this function may
> > > return EFI_INVALID_PARAMETER as
> > >
> > > """
> > > RNGValue is null or RNGValueLength is zero.
> > >
> > > """
> > >
> > >
> > > > When trying to use the default rng algorithm (by
> > > > modifying the test to "(status != EFI_SUCCESS)"),
> > > >
> > > >                 status = rng->get_rng(rng, NULL, EFI_RANDOM_SEED_SIZE,
> > > >                                       seed->bits);
> > > >
> > > > the call doesn't seem to return.
> > > >
> > > > Any ideas?
> > > >
> > >
> > > Try running this from the UEFI shell:
> > >
> > > http://people.linaro.org/~ard.biesheuvel/RngTest-X64.efi
> >
> > Interestingly, this succeeds -- with the default algorithm, SP800-90-CTR-256
> > and RAW. So I am more confused than before on why the call to ->get_rng()
> > fails in efi_random_get_seed().
> >
> 
> It might be an issue with the size of the output.
> 
> The original RDRAND based driver in EDK2 contains an apparent
> misconception that, due to the fact that certain SP800-90-CTR-256
> DRBGs require 32 bytes of raw entropy as a seed, it is only valid for
> the RAW algorithm to be called with an output size of 32.
> 
> So in this case, it might be that 32 is treated as a magic number too,
> and any other size is rejected by the RAW algorithm.
> 
> Not sure why the other one fails, though, but the fact that RAW and
> SP800-90-CTR-256 are the only supported algorithms suggests that your
> implementation is at least similar to the RDRAND based RngDxe
> implementation in EDK2.

I confirmed with our BIOS team for this platform that the implementation of
https://github.com/tianocore/edk2/blob/master/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
matches EDK2 implementation as of commit https://github.com/tianocore/edk2/commit/289b714b77008aa4200c0be25c4b4e25df04955a

Thanks,





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux