From: Matt Fleming <matt.fleming-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
To: "Lee, Chun-Yi" <joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
"Rafael J. Wysocki" <rjw-KKrjLPT3xs0@public.gmane.org>,
Matthew Garrett
<matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org>,
Len Brown <len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>,
Pavel Machek <pavel-+ZI9xUNit7I@public.gmane.org>,
Josh Boyer <jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Vojtech Pavlik <vojtech-AlSwsSmVLrQ@public.gmane.org>,
Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>,
"H. Peter Anvin" <hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org>,
"Lee, Chun-Yi" <jlee-IBi9RG/b67k@public.gmane.org>
Subject: Re: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub
Date: Thu, 30 Jul 2015 16:37:42 +0100 [thread overview]
Message-ID: <1438270662.11322.6.camel@intel.com> (raw)
In-Reply-To: <1437056730-15247-5-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote:
> This patch adds the codes for generating random number array as the
> HMAC key that will used by later EFI stub codes.
>
> The original codes in efi_random copied from aslr and add the codes
> to accept input entropy and EFI debugging. In later patch will add
> the codes to get random number by EFI protocol. The separate codes
> can avoid impacting aslr function.
>
> Signed-off-by: Lee, Chun-Yi <jlee-IBi9RG/b67k@public.gmane.org>
> ---
> arch/x86/boot/compressed/Makefile | 1 +
> arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
> arch/x86/boot/compressed/misc.c | 4 +-
> arch/x86/boot/compressed/misc.h | 2 +-
> 4 files changed, 92 insertions(+), 3 deletions(-)
> create mode 100644 arch/x86/boot/compressed/efi_random.c
[...]
> +static unsigned long get_random_long(unsigned long entropy,
> + struct boot_params *boot_params,
> + efi_system_table_t *sys_table)
> +{
> +#ifdef CONFIG_X86_64
> + const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
> +#else
> + const unsigned long mix_const = 0x3f39e593UL;
> +#endif
> + unsigned long raw, random;
> + bool use_i8254 = true;
> +
> + efi_printk(sys_table, " EFI random");
Probably want to remove these efi_printk()s from the final version ;-)
> + if (entropy)
> + random = entropy;
> + else
> + random = get_random_boot(boot_params);
> +
> + if (rdrand_feature()) {
> + efi_printk(sys_table, " RDRAND");
> + if (rdrand_long(&raw)) {
> + random ^= raw;
> + use_i8254 = false;
> + }
> + }
> +
> + if (rdtsc_feature()) {
> + efi_printk(sys_table, " RDTSC");
> + rdtscll(raw);
> +
> + random ^= raw;
> + use_i8254 = false;
> + }
> +
> + if (use_i8254) {
> + efi_printk(sys_table, " i8254");
> + random ^= i8254();
> + }
> +
> + /* Circular multiply for better bit diffusion */
> + asm("mul %3"
> + : "=a" (random), "=d" (raw)
> + : "a" (random), "rm" (mix_const));
> + random += raw;
> +
> + efi_printk(sys_table, "...\n");
> +
> + return random;
> +}
> +
> +void efi_get_random_key(efi_system_table_t *sys_table,
> + struct boot_params *params, u8 key[], int size)
> +{
I would think that the size of the key array should be unsigned.
WARNING: multiple messages have this Message-ID (diff)
From: Matt Fleming <matt.fleming@intel.com>
To: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
Cc: <linux-kernel@vger.kernel.org>, <linux-efi@vger.kernel.org>,
<linux-pm@vger.kernel.org>, "Rafael J. Wysocki" <rjw@sisk.pl>,
"Matthew Garrett" <matthew.garrett@nebula.com>,
Len Brown <len.brown@intel.com>, Pavel Machek <pavel@ucw.cz>,
Josh Boyer <jwboyer@redhat.com>,
"Vojtech Pavlik" <vojtech@suse.cz>, Jiri Kosina <jkosina@suse.cz>,
"H. Peter Anvin" <hpa@zytor.com>, "Lee, Chun-Yi" <jlee@suse.com>
Subject: Re: [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub
Date: Thu, 30 Jul 2015 16:37:42 +0100 [thread overview]
Message-ID: <1438270662.11322.6.camel@intel.com> (raw)
In-Reply-To: <1437056730-15247-5-git-send-email-jlee@suse.com>
On Thu, 2015-07-16 at 22:25 +0800, Lee, Chun-Yi wrote:
> This patch adds the codes for generating random number array as the
> HMAC key that will used by later EFI stub codes.
>
> The original codes in efi_random copied from aslr and add the codes
> to accept input entropy and EFI debugging. In later patch will add
> the codes to get random number by EFI protocol. The separate codes
> can avoid impacting aslr function.
>
> Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> ---
> arch/x86/boot/compressed/Makefile | 1 +
> arch/x86/boot/compressed/efi_random.c | 88 +++++++++++++++++++++++++++++++++++
> arch/x86/boot/compressed/misc.c | 4 +-
> arch/x86/boot/compressed/misc.h | 2 +-
> 4 files changed, 92 insertions(+), 3 deletions(-)
> create mode 100644 arch/x86/boot/compressed/efi_random.c
[...]
> +static unsigned long get_random_long(unsigned long entropy,
> + struct boot_params *boot_params,
> + efi_system_table_t *sys_table)
> +{
> +#ifdef CONFIG_X86_64
> + const unsigned long mix_const = 0x5d6008cbf3848dd3UL;
> +#else
> + const unsigned long mix_const = 0x3f39e593UL;
> +#endif
> + unsigned long raw, random;
> + bool use_i8254 = true;
> +
> + efi_printk(sys_table, " EFI random");
Probably want to remove these efi_printk()s from the final version ;-)
> + if (entropy)
> + random = entropy;
> + else
> + random = get_random_boot(boot_params);
> +
> + if (rdrand_feature()) {
> + efi_printk(sys_table, " RDRAND");
> + if (rdrand_long(&raw)) {
> + random ^= raw;
> + use_i8254 = false;
> + }
> + }
> +
> + if (rdtsc_feature()) {
> + efi_printk(sys_table, " RDTSC");
> + rdtscll(raw);
> +
> + random ^= raw;
> + use_i8254 = false;
> + }
> +
> + if (use_i8254) {
> + efi_printk(sys_table, " i8254");
> + random ^= i8254();
> + }
> +
> + /* Circular multiply for better bit diffusion */
> + asm("mul %3"
> + : "=a" (random), "=d" (raw)
> + : "a" (random), "rm" (mix_const));
> + random += raw;
> +
> + efi_printk(sys_table, "...\n");
> +
> + return random;
> +}
> +
> +void efi_get_random_key(efi_system_table_t *sys_table,
> + struct boot_params *params, u8 key[], int size)
> +{
I would think that the size of the key array should be unsigned.
next prev parent reply other threads:[~2015-07-30 15:37 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 14:25 [RFC PATCH 00/16] Signature verification of hibernate snapshot Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 02/16] x86/efi: Add get and set variable to EFI services pointer table Lee, Chun-Yi
2015-07-30 15:19 ` Matt Fleming
2015-07-30 15:19 ` Matt Fleming
[not found] ` <1438269598.11322.2.camel-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-31 10:14 ` joeyli
2015-07-31 10:14 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 03/16] x86/boot: Public getting random boot function Lee, Chun-Yi
2015-07-28 12:21 ` Pavel Machek
2015-07-31 10:52 ` joeyli
2015-07-31 12:50 ` Pavel Machek
2015-07-16 14:25 ` [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub Lee, Chun-Yi
[not found] ` <1437056730-15247-5-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-28 12:01 ` Pavel Machek
2015-07-28 12:01 ` Pavel Machek
2015-07-31 9:06 ` joeyli
2015-07-31 9:06 ` joeyli
2015-07-30 15:37 ` Matt Fleming [this message]
2015-07-30 15:37 ` Matt Fleming
2015-07-31 9:12 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 05/16] x86/efi: Get entropy through EFI random number generator protocol Lee, Chun-Yi
2015-07-28 12:28 ` Pavel Machek
2015-07-31 9:58 ` joeyli
[not found] ` <20150731095854.GC13113-empE8CJ7fzk2xCFIczX1Fw@public.gmane.org>
2015-07-31 12:01 ` Matt Fleming
2015-07-31 12:01 ` Matt Fleming
2015-07-31 16:05 ` joeyli
[not found] ` <1437056730-15247-6-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-30 16:11 ` Matt Fleming
2015-07-30 16:11 ` Matt Fleming
[not found] ` <1438272704.11322.13.camel-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-31 14:59 ` joeyli
2015-07-31 14:59 ` joeyli
2015-07-31 15:01 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 06/16] x86/efi: Generating random HMAC key for siging hibernate image Lee, Chun-Yi
2015-07-28 12:30 ` Pavel Machek
2015-07-31 10:56 ` joeyli
2015-07-30 16:20 ` Matt Fleming
2015-07-30 16:20 ` Matt Fleming
2015-07-31 15:09 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 07/16] efi: Public the function of transferring EFI status to kernel error Lee, Chun-Yi
[not found] ` <1437056730-15247-8-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-30 16:23 ` Matt Fleming
2015-07-30 16:23 ` Matt Fleming
2015-07-31 15:11 ` joeyli
2015-08-02 0:23 ` Valdis.Kletnieks
2015-07-16 14:25 ` [RFC PATCH 08/16] x86/efi: Carrying swsusp key by setup data Lee, Chun-Yi
2015-07-30 16:30 ` Matt Fleming
2015-07-30 16:30 ` Matt Fleming
2015-07-31 15:31 ` joeyli
[not found] ` <1437056730-15247-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-16 14:25 ` [RFC PATCH 01/16] PM / hibernate: define HMAC algorithm and digest size of swsusp Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-28 12:01 ` Pavel Machek
2015-07-31 10:08 ` joeyli
2015-07-31 10:08 ` joeyli
2015-07-31 12:49 ` Pavel Machek
2015-07-31 15:46 ` joeyli
2015-07-31 15:46 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 09/16] PM / hibernate: Reserve swsusp key and earse footprints Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
[not found] ` <1437056730-15247-10-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-28 12:35 ` Pavel Machek
2015-07-28 12:35 ` Pavel Machek
2015-07-31 15:43 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 15/16] PM / hibernate: Bypass verification logic on legacy BIOS Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-24 17:08 ` [RFC PATCH 00/16] Signature verification of hibernate snapshot Jiri Kosina
2015-07-24 17:08 ` Jiri Kosina
2015-07-24 20:08 ` Rafael J. Wysocki
2015-07-28 12:09 ` Matt Fleming
2015-07-28 12:09 ` Matt Fleming
[not found] ` <alpine.LNX.2.00.1507241527410.1141-ztGlSCb7Y1iN3ZZ/Hiejyg@public.gmane.org>
2015-07-25 14:32 ` joeyli
2015-07-25 14:32 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 10/16] PM / hibernate: Generate and verify signature " Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 11/16] PM / hibernate: Avoid including swsusp key to hibernate image Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 12/16] PM / hibernate: Forward signature verifying result and key to image kernel Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 13/16] PM / hibernate: Add configuration to enforce signature verification Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 14/16] PM / hibernate: Allow user trigger swsusp key re-generating Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 16/16] PM / hibernate: Document signature verification of hibernate snapshot Lee, Chun-Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1438270662.11322.6.camel@intel.com \
--to=matt.fleming-ral2jqcrhueavxtiumwx3w@public.gmane.org \
--cc=hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org \
--cc=jkosina-AlSwsSmVLrQ@public.gmane.org \
--cc=jlee-IBi9RG/b67k@public.gmane.org \
--cc=joeyli.kernel-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=jwboyer-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=len.brown-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org \
--cc=linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org \
--cc=pavel-+ZI9xUNit7I@public.gmane.org \
--cc=rjw-KKrjLPT3xs0@public.gmane.org \
--cc=vojtech-AlSwsSmVLrQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.