All of lore.kernel.org
 help / color / mirror / Atom feed
From: tip-bot for Ard Biesheuvel <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: ard.biesheuvel@linaro.org, tglx@linutronix.de, mingo@kernel.org,
	matt@codeblueprint.co.uk, peterz@infradead.org,
	linux-kernel@vger.kernel.org, keescook@chromium.org,
	hpa@zytor.com, torvalds@linux-foundation.org
Subject: [tip:efi/core] efi/arm*/libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table
Date: Sun, 13 Nov 2016 01:06:30 -0800	[thread overview]
Message-ID: <tip-568bc4e87033d232c5fd00d5b0cd22a2ccc04944@git.kernel.org> (raw)
In-Reply-To: <20161112213237.8804-6-matt@codeblueprint.co.uk>

Commit-ID:  568bc4e87033d232c5fd00d5b0cd22a2ccc04944
Gitweb:     http://git.kernel.org/tip/568bc4e87033d232c5fd00d5b0cd22a2ccc04944
Author:     Ard Biesheuvel <ard.biesheuvel@linaro.org>
AuthorDate: Sat, 12 Nov 2016 21:32:33 +0000
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Sun, 13 Nov 2016 08:23:15 +0100

efi/arm*/libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table

Invoke the EFI_RNG_PROTOCOL protocol in the context of the stub and
install the Linux-specific RNG seed UEFI config table. This will be
picked up by the EFI routines in the core kernel to seed the kernel
entropy pool.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20161112213237.8804-6-matt@codeblueprint.co.uk
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 drivers/firmware/efi/libstub/arm-stub.c |  2 ++
 drivers/firmware/efi/libstub/efistub.h  |  2 ++
 drivers/firmware/efi/libstub/random.c   | 48 +++++++++++++++++++++++++++++++++
 include/linux/efi.h                     |  1 +
 4 files changed, 53 insertions(+)

diff --git a/drivers/firmware/efi/libstub/arm-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
index 993aa56..b4f7d78 100644
--- a/drivers/firmware/efi/libstub/arm-stub.c
+++ b/drivers/firmware/efi/libstub/arm-stub.c
@@ -340,6 +340,8 @@ unsigned long efi_entry(void *handle, efi_system_table_t *sys_table,
 	if (status != EFI_SUCCESS)
 		pr_efi_err(sys_table, "Failed initrd from command line!\n");
 
+	efi_random_get_seed(sys_table);
+
 	new_fdt_addr = fdt_addr;
 	status = allocate_new_fdt_and_exit_boot(sys_table, handle,
 				&new_fdt_addr, dram_base + MAX_FDT_OFFSET,
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index fe1f225..b98824e 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -71,4 +71,6 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg,
 
 efi_status_t check_platform_features(efi_system_table_t *sys_table_arg);
 
+efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg);
+
 #endif
diff --git a/drivers/firmware/efi/libstub/random.c b/drivers/firmware/efi/libstub/random.c
index f8e2e5a..3a3feac 100644
--- a/drivers/firmware/efi/libstub/random.c
+++ b/drivers/firmware/efi/libstub/random.c
@@ -143,3 +143,51 @@ efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg,
 
 	return status;
 }
+
+#define RANDOM_SEED_SIZE	32
+
+efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg)
+{
+	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
+	efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW;
+	efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID;
+	struct efi_rng_protocol *rng;
+	struct linux_efi_random_seed *seed;
+	efi_status_t status;
+
+	status = efi_call_early(locate_protocol, &rng_proto, NULL,
+				(void **)&rng);
+	if (status != EFI_SUCCESS)
+		return status;
+
+	status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA,
+				sizeof(*seed) + RANDOM_SEED_SIZE,
+				(void **)&seed);
+	if (status != EFI_SUCCESS)
+		return status;
+
+	status = rng->get_rng(rng, &rng_algo_raw, RANDOM_SEED_SIZE,
+			      seed->bits);
+	if (status == EFI_UNSUPPORTED)
+		/*
+		 * Use whatever algorithm we have available if the raw algorithm
+		 * is not implemented.
+		 */
+		status = rng->get_rng(rng, NULL, RANDOM_SEED_SIZE,
+				      seed->bits);
+
+	if (status != EFI_SUCCESS)
+		goto err_freepool;
+
+	seed->size = RANDOM_SEED_SIZE;
+	status = efi_call_early(install_configuration_table, &rng_table_guid,
+				seed);
+	if (status != EFI_SUCCESS)
+		goto err_freepool;
+
+	return EFI_SUCCESS;
+
+err_freepool:
+	efi_call_early(free_pool, seed);
+	return status;
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 85e28b1..f5a821d 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -589,6 +589,7 @@ void efi_native_runtime_setup(void);
 #define DEVICE_TREE_GUID			EFI_GUID(0xb1b621d5, 0xf19c, 0x41a5,  0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0)
 #define EFI_PROPERTIES_TABLE_GUID		EFI_GUID(0x880aaca3, 0x4adc, 0x4a04,  0x90, 0x79, 0xb7, 0x47, 0x34, 0x08, 0x25, 0xe5)
 #define EFI_RNG_PROTOCOL_GUID			EFI_GUID(0x3152bca5, 0xeade, 0x433d,  0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44)
+#define EFI_RNG_ALGORITHM_RAW			EFI_GUID(0xe43176d7, 0xb6e8, 0x4827,  0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61)
 #define EFI_MEMORY_ATTRIBUTES_TABLE_GUID	EFI_GUID(0xdcfa911d, 0x26eb, 0x469f,  0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
 #define EFI_CONSOLE_OUT_DEVICE_GUID		EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4,  0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)
 

  parent reply	other threads:[~2016-11-13  9:07 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-11-12 21:32 [GIT PULL 0/9] EFI changes for v4.10 Matt Fleming
2016-11-12 21:32 ` Matt Fleming
2016-11-12 21:32 ` [PATCH 2/9] MAINTAINERS: Add ARM and arm64 EFI specific files to EFI subsystem Matt Fleming
2016-11-13  9:04   ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-11-12 21:32 ` [PATCH 3/9] efi: Add support for seeding the RNG from a UEFI config table Matt Fleming
2016-11-13  9:05   ` [tip:efi/core] " tip-bot for Ard Biesheuvel
     [not found] ` <20161112213237.8804-1-matt-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-11-12 21:32   ` [PATCH 1/9] efi/libstub: Fix allocation size calculations Matt Fleming
2016-11-12 21:32     ` Matt Fleming
2016-11-13  9:04     ` [tip:efi/core] " tip-bot for Roy Franz
2016-11-12 21:32   ` [PATCH 4/9] efi/libstub: Add random.c to ARM build Matt Fleming
2016-11-12 21:32     ` Matt Fleming
2016-11-13  9:05     ` [tip:efi/core] " tip-bot for Ard Biesheuvel
2016-11-12 21:32   ` [PATCH 6/9] efi: Add device path parser Matt Fleming
2016-11-12 21:32     ` Matt Fleming
2016-11-13  9:07     ` [tip:efi/core] " tip-bot for Lukas Wunner
2016-11-12 21:32 ` [PATCH 5/9] efi/arm*: libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table Matt Fleming
2016-11-13  7:19   ` Ingo Molnar
2016-11-13  8:59     ` Ingo Molnar
2016-11-14 13:27       ` Matt Fleming
     [not found]         ` <20161114132708.GC2373-mF/unelCI9GS6iBeEJttW/XRex20P6io@public.gmane.org>
2016-11-14 15:10           ` Lukas Wunner
2016-11-14 15:10             ` Lukas Wunner
2016-11-15 10:50             ` [tip:efi/core] thunderbolt, efi: Fix Kconfig dependencies tip-bot for Lukas Wunner
2016-11-14 13:23     ` [PATCH 5/9] efi/arm*: libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table Matt Fleming
2016-11-14 13:55       ` Ingo Molnar
2016-11-14 14:01         ` Matt Fleming
2016-11-13  9:06   ` tip-bot for Ard Biesheuvel [this message]
2016-11-12 21:32 ` [PATCH 7/9] efi: Allow bitness-agnostic protocol calls Matt Fleming
2016-11-13  9:07   ` [tip:efi/core] " tip-bot for Lukas Wunner
2016-11-12 21:32 ` [PATCH 8/9] x86/efi: Retrieve and assign Apple device properties Matt Fleming
2016-11-13  9:08   ` [tip:efi/core] " tip-bot for Lukas Wunner
2016-11-12 21:32 ` [PATCH 9/9] thunderbolt: Use Device ROM retrieved from EFI Matt Fleming
2016-11-13  9:08   ` [tip:efi/core] " tip-bot for Lukas Wunner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=tip-568bc4e87033d232c5fd00d5b0cd22a2ccc04944@git.kernel.org \
    --to=tipbot@zytor.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=hpa@zytor.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-tip-commits@vger.kernel.org \
    --cc=matt@codeblueprint.co.uk \
    --cc=mingo@kernel.org \
    --cc=peterz@infradead.org \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.