From: joeyli <jlee@suse.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org,
linux-pm@vger.kernel.org, "Rafael J. Wysocki" <rjw@sisk.pl>,
Matthew Garrett <matthew.garrett@nebula.com>,
Len Brown <len.brown@intel.com>, Josh Boyer <jwboyer@redhat.com>,
Vojtech Pavlik <vojtech@suse.cz>,
Matt Fleming <matt.fleming@intel.com>,
Jiri Kosina <jkosina@suse.cz>, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [RFC PATCH 05/16] x86/efi: Get entropy through EFI random number generator protocol
Date: Fri, 31 Jul 2015 17:58:54 +0800 [thread overview]
Message-ID: <20150731095854.GC13113@linux-rxt1.site> (raw)
In-Reply-To: <20150728122853.GB12681@amd>
On Tue, Jul 28, 2015 at 02:28:53PM +0200, Pavel Machek wrote:
> On Thu 2015-07-16 22:25:19, Lee, Chun-Yi wrote:
> > To grab random numbers through EFI protocol as one of the entropies
> > source of swsusp key, this patch adds the logic for accessing EFI RNG
> > (random number generator) protocol that's introduced since UEFI 2.4.
> >
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> > arch/x86/boot/compressed/efi_random.c | 193 ++++++++++++++++++++++++++++++++++
> > include/linux/efi.h | 46 ++++++++
> > 2 files changed, 239 insertions(+)
> >
> > diff --git a/arch/x86/boot/compressed/efi_random.c b/arch/x86/boot/compressed/efi_random.c
> > index bdb2d46..1f5c63d 100644
> > --- a/arch/x86/boot/compressed/efi_random.c
> > +++ b/arch/x86/boot/compressed/efi_random.c
> > @@ -2,6 +2,191 @@
> >
> > #include <linux/efi.h>
> > #include <asm/archrandom.h>
> > +#include <asm/efi.h>
> > +
> > +static efi_status_t efi_locate_rng(efi_system_table_t *sys_table,
> > + void ***rng_handle)
> > +{
> > + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> > + unsigned long size = 0;
> > + efi_status_t status;
> > +
> > + status = efi_call_early(locate_handle,
> > + EFI_LOCATE_BY_PROTOCOL,
> > + &rng_proto, NULL, &size, *rng_handle);
> > +
> > + if (status == EFI_BUFFER_TOO_SMALL) {
> > + status = efi_call_early(allocate_pool,
> > + EFI_LOADER_DATA,
> > + size, (void **)rng_handle);
> > +
> > + if (status != EFI_SUCCESS) {
> > + efi_printk(sys_table, " Failed to alloc mem for rng_handle");
> > + return status;
> > + }
> > +
> > + status = efi_call_early(locate_handle,
> > + EFI_LOCATE_BY_PROTOCOL, &rng_proto,
> > + NULL, &size, *rng_handle);
> > + }
> > +
> > + if (status != EFI_SUCCESS) {
> > + efi_printk(sys_table, " Failed to locateEFI_RNG_PROTOCOL");
>
> missing \n?
>
Originally those logs just follow a "EFI random" as a complete line. After
removed "EFI random", I will add "\n" back to those log.
> > + goto free_handle;
>
> You use that label exactly once, no need for goto
>
OK, I will remove free_handle label.
> > +static bool efi_rng_supported32(efi_system_table_t *sys_table, void **rng_handle)
> > +{
> > + const struct efi_config *efi_early = __efi_early();
> > + efi_rng_protocol_32 *rng = NULL;
> ...> +static bool efi_rng_supported64(efi_system_table_t *sys_table, void **rng_handle)
> > +{
> > + const struct efi_config *efi_early = __efi_early();
> > + efi_rng_protocol_64 *rng = NULL;
> > + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> ...
> > +static unsigned long efi_get_rng32(efi_system_table_t *sys_table,
> > + void **rng_handle)
> > +{
> > + const struct efi_config *efi_early = __efi_early();
> > + efi_rng_protocol_32 *rng = NULL;
> > + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
> ...
> > +static unsigned long efi_get_rng64(efi_system_table_t *sys_table,
> > + void **rng_handle)
> > +{
> > + const struct efi_config *efi_early = __efi_early();
> > + efi_rng_protocol_64 *rng = NULL;
> > + efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
>
> Can you do something to avoid each function having two very similar
> versions of these functions?
>
They are similar but I want follow the style in eboot.c.
On the other hand, it's earlier to locate problem on 32-bit or 64-bit EFI.
So, I will keep the above codes.
> > + if (status != EFI_SUCCESS) {
> > + efi_printk(sys_table, " Failed to get RNG value ");
> > + efi_printk(sys_table, efi_status_to_str(status));
>
> Yep. You definitely have \n problems here.
Thanks, I will add \n here also.
>
> > --- a/include/linux/efi.h
> > +++ b/include/linux/efi.h
> > @@ -427,6 +427,16 @@ typedef struct {
> > #define EFI_PCI_IO_ATTRIBUTE_VGA_PALETTE_IO_16 0x20000
> > #define EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 0x40000
> >
> > +typedef struct {
> > + u32 get_info;
> > + u32 get_rng;
> > +} efi_rng_protocol_32;
> > +
> > +typedef struct {
> > + u64 get_info;
> > + u64 get_rng;
> > +} efi_rng_protocol_64;
>
> We don't typedef structs usually...
>
> Make it union so you can have just one
>
I want to follow the style as efi_pci_io_protocolxxx in efi.h.
So I will keep it.
> > +static inline char *efi_status_to_str(efi_status_t status)
> > +{
> > + char *str;
> > +
>
> Are you sure you want this inlined?
>
It's inlined because in header file.
Currently it's only used by efi_random.c, I will move it to efi_random.
> > + switch (status) {
> > + case EFI_SUCCESS:
> > + str = "EFI_SUCCESS";
> > + break;
>
> Can you use macros to reduce code duplication here?
> Pavel
I will try to reduce duplicate code.
Thanks
Joey Lee
next prev parent reply other threads:[~2015-07-31 9:58 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 14:25 [RFC PATCH 00/16] Signature verification of hibernate snapshot Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 02/16] x86/efi: Add get and set variable to EFI services pointer table Lee, Chun-Yi
2015-07-30 15:19 ` Matt Fleming
2015-07-30 15:19 ` Matt Fleming
[not found] ` <1438269598.11322.2.camel-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-31 10:14 ` joeyli
2015-07-31 10:14 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 03/16] x86/boot: Public getting random boot function Lee, Chun-Yi
2015-07-28 12:21 ` Pavel Machek
2015-07-31 10:52 ` joeyli
2015-07-31 12:50 ` Pavel Machek
2015-07-16 14:25 ` [RFC PATCH 04/16] x86/efi: Generating random number in EFI stub Lee, Chun-Yi
[not found] ` <1437056730-15247-5-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-28 12:01 ` Pavel Machek
2015-07-28 12:01 ` Pavel Machek
2015-07-31 9:06 ` joeyli
2015-07-31 9:06 ` joeyli
2015-07-30 15:37 ` Matt Fleming
2015-07-30 15:37 ` Matt Fleming
2015-07-31 9:12 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 05/16] x86/efi: Get entropy through EFI random number generator protocol Lee, Chun-Yi
2015-07-28 12:28 ` Pavel Machek
2015-07-31 9:58 ` joeyli [this message]
[not found] ` <20150731095854.GC13113-empE8CJ7fzk2xCFIczX1Fw@public.gmane.org>
2015-07-31 12:01 ` Matt Fleming
2015-07-31 12:01 ` Matt Fleming
2015-07-31 16:05 ` joeyli
[not found] ` <1437056730-15247-6-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-30 16:11 ` Matt Fleming
2015-07-30 16:11 ` Matt Fleming
[not found] ` <1438272704.11322.13.camel-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-07-31 14:59 ` joeyli
2015-07-31 14:59 ` joeyli
2015-07-31 15:01 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 06/16] x86/efi: Generating random HMAC key for siging hibernate image Lee, Chun-Yi
2015-07-28 12:30 ` Pavel Machek
2015-07-31 10:56 ` joeyli
2015-07-30 16:20 ` Matt Fleming
2015-07-30 16:20 ` Matt Fleming
2015-07-31 15:09 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 07/16] efi: Public the function of transferring EFI status to kernel error Lee, Chun-Yi
[not found] ` <1437056730-15247-8-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-30 16:23 ` Matt Fleming
2015-07-30 16:23 ` Matt Fleming
2015-07-31 15:11 ` joeyli
2015-08-02 0:23 ` Valdis.Kletnieks
2015-07-16 14:25 ` [RFC PATCH 08/16] x86/efi: Carrying swsusp key by setup data Lee, Chun-Yi
2015-07-30 16:30 ` Matt Fleming
2015-07-30 16:30 ` Matt Fleming
2015-07-31 15:31 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 10/16] PM / hibernate: Generate and verify signature of hibernate snapshot Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 11/16] PM / hibernate: Avoid including swsusp key to hibernate image Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 12/16] PM / hibernate: Forward signature verifying result and key to image kernel Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 13/16] PM / hibernate: Add configuration to enforce signature verification Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 14/16] PM / hibernate: Allow user trigger swsusp key re-generating Lee, Chun-Yi
2015-07-16 14:25 ` [RFC PATCH 16/16] PM / hibernate: Document signature verification of hibernate snapshot Lee, Chun-Yi
[not found] ` <1437056730-15247-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-16 14:25 ` [RFC PATCH 01/16] PM / hibernate: define HMAC algorithm and digest size of swsusp Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-28 12:01 ` Pavel Machek
2015-07-31 10:08 ` joeyli
2015-07-31 10:08 ` joeyli
2015-07-31 12:49 ` Pavel Machek
2015-07-31 15:46 ` joeyli
2015-07-31 15:46 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 09/16] PM / hibernate: Reserve swsusp key and earse footprints Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
[not found] ` <1437056730-15247-10-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>
2015-07-28 12:35 ` Pavel Machek
2015-07-28 12:35 ` Pavel Machek
2015-07-31 15:43 ` joeyli
2015-07-16 14:25 ` [RFC PATCH 15/16] PM / hibernate: Bypass verification logic on legacy BIOS Lee, Chun-Yi
2015-07-16 14:25 ` Lee, Chun-Yi
2015-07-24 17:08 ` [RFC PATCH 00/16] Signature verification of hibernate snapshot Jiri Kosina
2015-07-24 17:08 ` Jiri Kosina
2015-07-24 20:08 ` Rafael J. Wysocki
2015-07-28 12:09 ` Matt Fleming
2015-07-28 12:09 ` Matt Fleming
[not found] ` <alpine.LNX.2.00.1507241527410.1141-ztGlSCb7Y1iN3ZZ/Hiejyg@public.gmane.org>
2015-07-25 14:32 ` joeyli
2015-07-25 14:32 ` joeyli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150731095854.GC13113@linux-rxt1.site \
--to=jlee@suse.com \
--cc=hpa@zytor.com \
--cc=jkosina@suse.cz \
--cc=joeyli.kernel@gmail.com \
--cc=jwboyer@redhat.com \
--cc=len.brown@intel.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=matt.fleming@intel.com \
--cc=matthew.garrett@nebula.com \
--cc=pavel@ucw.cz \
--cc=rjw@sisk.pl \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.