From 399156c7054fce1eb3a8711a8b3ad69b45be200c Mon Sep 17 00:00:00 2001 From: ShenYage Date: Thu, 26 Sep 2024 03:51:47 +0800 Subject: [PATCH] =?UTF-8?q?Fix=20CVE-2023-45236=E3=80=81CVE-2023-45237?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ShenYage --- ...licate-BaseRngLibTimerLib-to-MdeModu.patch | 535 +++++++ ...eprecated-warning-to-BaseRngLibTimer.patch | 71 + ...rityPkg.dec-Move-PcdCpuRngSupportedA.patch | 86 ++ ...-Request-raw-algorithm-instead-of-de.patch | 47 + ...UID-to-describe-Arm-Rndr-Rng-algorit.patch | 72 + ...-Add-GUID-to-describe-unsafe-Rng-alg.patch | 72 + ...-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch | 390 +++++ ...xe-Use-GetRngGuid-when-probing-RngLi.patch | 173 +++ ...xe-Simplify-Rng-algorithm-selection-.patch | 60 + ...mulatorPkg-Add-RngDxe-to-EmulatorPkg.patch | 69 + ...kg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch | 66 + ...kg-PlatformCI-Support-virtio-rng-pci.patch | 36 + ...vmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch | 182 +++ ...kg-PlatformCI-Support-virtio-rng-pci.patch | 35 + ...Pkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch | 72 + ...xe-Remove-incorrect-limitation-on-Ge.patch | 56 + ...orkPkg-SECURITY-PATCH-CVE-2023-45237.patch | 1291 +++++++++++++++++ ...TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch | 823 +++++++++++ ...Pkg-Add-MockUefiBootServicesTableLib.patch | 234 +++ 0069-MdePkg-Adds-Protocol-for-MockRng.patch | 105 ++ ...g-Add-MockHash2-Protocol-for-testing.patch | 130 ++ ...e-the-PxeBcDhcp6GoogleTest-due-to-un.patch | 214 +++ ...-HVC-monitor-conduit-to-be-specified.patch | 70 + ...ArmVirtPkg-Move-PcdMonitorConduitHvc.patch | 54 + ...ib-AARCH64-Remove-overzealous-ASSERT.patch | 43 + ...rtQemu-Permit-the-use-of-dynamic-PCD.patch | 70 + ...dynamic-PCD-to-set-the-SMCCC-conduit.patch | 132 ++ ...se-inclusion-order-of-MdeLibs.inc-an.patch | 90 ++ ...irtPkg-ArmVirtQemu-Add-RngDxe-driver.patch | 92 ++ edk2.spec | 36 +- 30 files changed, 5405 insertions(+), 1 deletion(-) create mode 100644 0050-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch create mode 100644 0051-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch create mode 100644 0052-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch create mode 100644 0053-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch create mode 100644 0054-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch create mode 100644 0055-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch create mode 100644 0056-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch create mode 100644 0057-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch create mode 100644 0058-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch create mode 100644 0059-EmulatorPkg-Add-RngDxe-to-EmulatorPkg.patch create mode 100644 0060-EmulatorPkg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch create mode 100644 0061-OvmfPkg-PlatformCI-Support-virtio-rng-pci.patch create mode 100644 0062-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch create mode 100644 0063-ArmVirtPkg-PlatformCI-Support-virtio-rng-pci.patch create mode 100644 0064-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch create mode 100644 0065-SecurityPkg-RngDxe-Remove-incorrect-limitation-on-Ge.patch create mode 100644 0066-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch create mode 100644 0067-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch create mode 100644 0068-MdePkg-Add-MockUefiBootServicesTableLib.patch create mode 100644 0069-MdePkg-Adds-Protocol-for-MockRng.patch create mode 100644 0070-MdePkg-Add-MockHash2-Protocol-for-testing.patch create mode 100644 0071-NetworkPkg-Update-the-PxeBcDhcp6GoogleTest-due-to-un.patch create mode 100644 0072-ArmPkg-Allow-SMC-HVC-monitor-conduit-to-be-specified.patch create mode 100644 0073-ArmVirtPkg-Move-PcdMonitorConduitHvc.patch create mode 100644 0074-MdePkg-BaseRngLib-AARCH64-Remove-overzealous-ASSERT.patch create mode 100644 0075-ArmVirtPkg-ArmVirtQemu-Permit-the-use-of-dynamic-PCD.patch create mode 100644 0076-ArmVirtPkg-Use-dynamic-PCD-to-set-the-SMCCC-conduit.patch create mode 100644 0077-ArmVirtPkg-Reverse-inclusion-order-of-MdeLibs.inc-an.patch create mode 100644 0078-ArmVirtPkg-ArmVirtQemu-Add-RngDxe-driver.patch diff --git a/0050-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch b/0050-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch new file mode 100644 index 0000000..a2b8963 --- /dev/null +++ b/0050-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch @@ -0,0 +1,535 @@ +From a5bbf4d93b253f41282c4390465ffc2df08edf5d Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:02 +0200 +Subject: [PATCH 1/9] MdeModulePkg: Duplicate BaseRngLibTimerLib to + MdeModulePkg + +BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504 + +The BaseRngLibTimerLib allows to generate number based on a timer. +This mechanism allows to have a basic non-secure implementation +for non-production platforms. +To bind and identify Random Number Generators implementations with +a GUID, an unsafe GUID should be added. This GUID cannot be added +to the MdePkg unless it is also added to a specification. + +To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to +the MdeModulePkg. This will allow to define an unsafe Rng GUID +in a later patch in the MdeModulePkg. + +The MdePkg implementation will be removed later. This allows to give +some time to platform owners to switch to the MdeModulePkg +implementation. + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + ArmVirtPkg/ArmVirt.dsc.inc | 2 +- + EmulatorPkg/EmulatorPkg.dsc | 2 +- + .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 36 ++++ + .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 ++ + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 192 ++++++++++++++++++ + MdeModulePkg/MdeModulePkg.dsc | 1 + + NetworkPkg/NetworkPkg.dsc | 4 +- + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- + OvmfPkg/Bhyve/BhyveX64.dsc | 2 +- + OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +- + OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- + OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + OvmfPkg/OvmfXen.dsc | 2 +- + OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 2 +- + SecurityPkg/SecurityPkg.dsc | 4 +- + SignedCapsulePkg/SignedCapsulePkg.dsc | 4 +- + 19 files changed, 262 insertions(+), 18 deletions(-) + create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni + create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c + +diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc +index 2443e835..820c2b4a 100644 +--- a/ArmVirtPkg/ArmVirt.dsc.inc ++++ b/ArmVirtPkg/ArmVirt.dsc.inc +@@ -154,7 +154,7 @@ + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + # + # Secure Boot dependencies +diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc +index b44435d7..976908d3 100644 +--- a/EmulatorPkg/EmulatorPkg.dsc ++++ b/EmulatorPkg/EmulatorPkg.dsc +@@ -128,7 +128,7 @@ + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +new file mode 100644 +index 00000000..600d4014 +--- /dev/null ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +@@ -0,0 +1,36 @@ ++## @file ++# Instance of RNG (Random Number Generator) Library. ++# ++# BaseRng Library that uses the TimerLib to provide reasonably random numbers. ++# Do NOT use this on a production system as this uses the system performance ++# counter rather than a true source of random in addition to having a weak ++# random algorithm. This is provided primarily as a source of entropy for ++# OpenSSL for platforms that do not have a good built in RngLib as this ++# emulates what was done before (though it isn't perfect). ++# ++# Copyright (c) Microsoft Corporation. All rights reserved.
++# ++# SPDX-License-Identifier: BSD-2-Clause-Patent ++# ++# ++## ++ ++[Defines] ++ INF_VERSION = 1.27 ++ BASE_NAME = BaseRngLibTimerLib ++ MODULE_UNI_FILE = BaseRngLibTimerLib.uni ++ FILE_GUID = 74950C45-10FC-4AB5-B114-49C87C17409B ++ MODULE_TYPE = BASE ++ VERSION_STRING = 1.0 ++ LIBRARY_CLASS = RngLib ++ ++[Sources] ++ RngLibTimer.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ ++[LibraryClasses] ++ BaseLib ++ DebugLib ++ TimerLib +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni +new file mode 100644 +index 00000000..dd0e4b30 +--- /dev/null ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni +@@ -0,0 +1,15 @@ ++// @file ++// Instance of RNG (Random Number Generator) Library. ++// ++// RngLib that uses TimerLib's performance counter to provide random numbers. ++// ++// Copyright (c) Microsoft Corporation. ++// ++// SPDX-License-Identifier: BSD-2-Clause-Patent ++// ++ ++ ++#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG Library" ++ ++#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that uses the TimerLib to provide low-entropy random numbers" ++ +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +new file mode 100644 +index 00000000..30494d7d +--- /dev/null ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +@@ -0,0 +1,192 @@ ++/** @file ++ BaseRng Library that uses the TimerLib to provide reasonably random numbers. ++ Do not use this on a production system. ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include ++#include ++#include ++#include ++ ++#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 ++ ++/** ++ Using the TimerLib GetPerformanceCounterProperties() we delay ++ for enough time for the PerformanceCounter to increment. ++ ++ If the return value from GetPerformanceCounterProperties (TimerLib) ++ is zero, this function will return 10 and attempt to assert. ++ **/ ++STATIC ++UINT32 ++CalculateMinimumDecentDelayInMicroseconds ( ++ VOID ++ ) ++{ ++ UINT64 CounterHz; ++ ++ // Get the counter properties ++ CounterHz = GetPerformanceCounterProperties (NULL, NULL); ++ // Make sure we won't divide by zero ++ if (CounterHz == 0) { ++ ASSERT (CounterHz != 0); // Assert so the developer knows something is wrong ++ return DEFAULT_DELAY_TIME_IN_MICROSECONDS; ++ } ++ ++ // Calculate the minimum delay based on 1.5 microseconds divided by the hertz. ++ // We calculate the length of a cycle (1/CounterHz) and multiply it by 1.5 microseconds ++ // This ensures that the performance counter has increased by at least one ++ return (UINT32)(MAX (DivU64x64Remainder (1500000, CounterHz, NULL), 1)); ++} ++ ++/** ++ Generates a 16-bit random number. ++ ++ if Rand is NULL, then ASSERT(). ++ ++ @param[out] Rand Buffer pointer to store the 16-bit random value. ++ ++ @retval TRUE Random number generated successfully. ++ @retval FALSE Failed to generate the random number. ++ ++**/ ++BOOLEAN ++EFIAPI ++GetRandomNumber16 ( ++ OUT UINT16 *Rand ++ ) ++{ ++ UINT32 Index; ++ UINT8 *RandPtr; ++ UINT32 DelayInMicroSeconds; ++ ++ ASSERT (Rand != NULL); ++ ++ if (Rand == NULL) { ++ return FALSE; ++ } ++ ++ DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); ++ RandPtr = (UINT8 *)Rand; ++ // Get 2 bytes of random ish data ++ for (Index = 0; Index < sizeof (UINT16); Index++) { ++ *RandPtr = (UINT8)(GetPerformanceCounter () & 0xFF); ++ // Delay to give the performance counter a chance to change ++ MicroSecondDelay (DelayInMicroSeconds); ++ RandPtr++; ++ } ++ ++ return TRUE; ++} ++ ++/** ++ Generates a 32-bit random number. ++ ++ if Rand is NULL, then ASSERT(). ++ ++ @param[out] Rand Buffer pointer to store the 32-bit random value. ++ ++ @retval TRUE Random number generated successfully. ++ @retval FALSE Failed to generate the random number. ++ ++**/ ++BOOLEAN ++EFIAPI ++GetRandomNumber32 ( ++ OUT UINT32 *Rand ++ ) ++{ ++ UINT32 Index; ++ UINT8 *RandPtr; ++ UINT32 DelayInMicroSeconds; ++ ++ ASSERT (Rand != NULL); ++ ++ if (NULL == Rand) { ++ return FALSE; ++ } ++ ++ RandPtr = (UINT8 *)Rand; ++ DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); ++ // Get 4 bytes of random ish data ++ for (Index = 0; Index < sizeof (UINT32); Index++) { ++ *RandPtr = (UINT8)(GetPerformanceCounter () & 0xFF); ++ // Delay to give the performance counter a chance to change ++ MicroSecondDelay (DelayInMicroSeconds); ++ RandPtr++; ++ } ++ ++ return TRUE; ++} ++ ++/** ++ Generates a 64-bit random number. ++ ++ if Rand is NULL, then ASSERT(). ++ ++ @param[out] Rand Buffer pointer to store the 64-bit random value. ++ ++ @retval TRUE Random number generated successfully. ++ @retval FALSE Failed to generate the random number. ++ ++**/ ++BOOLEAN ++EFIAPI ++GetRandomNumber64 ( ++ OUT UINT64 *Rand ++ ) ++{ ++ UINT32 Index; ++ UINT8 *RandPtr; ++ UINT32 DelayInMicroSeconds; ++ ++ ASSERT (Rand != NULL); ++ ++ if (NULL == Rand) { ++ return FALSE; ++ } ++ ++ RandPtr = (UINT8 *)Rand; ++ DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); ++ // Get 8 bytes of random ish data ++ for (Index = 0; Index < sizeof (UINT64); Index++) { ++ *RandPtr = (UINT8)(GetPerformanceCounter () & 0xFF); ++ // Delay to give the performance counter a chance to change ++ MicroSecondDelay (DelayInMicroSeconds); ++ RandPtr++; ++ } ++ ++ return TRUE; ++} ++ ++/** ++ Generates a 128-bit random number. ++ ++ if Rand is NULL, then ASSERT(). ++ ++ @param[out] Rand Buffer pointer to store the 128-bit random value. ++ ++ @retval TRUE Random number generated successfully. ++ @retval FALSE Failed to generate the random number. ++ ++**/ ++BOOLEAN ++EFIAPI ++GetRandomNumber128 ( ++ OUT UINT64 *Rand ++ ) ++{ ++ ASSERT (Rand != NULL); ++ // This should take around 80ms ++ ++ // Read first 64 bits ++ if (!GetRandomNumber64 (Rand)) { ++ return FALSE; ++ } ++ ++ // Read second 64 bits ++ return GetRandomNumber64 (++Rand); ++} +diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc +index db3b5af5..b075d39c 100644 +--- a/MdeModulePkg/MdeModulePkg.dsc ++++ b/MdeModulePkg/MdeModulePkg.dsc +@@ -345,6 +345,7 @@ + MdeModulePkg/Library/BaseBmpSupportLib/BaseBmpSupportLib.inf + MdeModulePkg/Library/DisplayUpdateProgressLibGraphics/DisplayUpdateProgressLibGraphics.inf + MdeModulePkg/Library/DisplayUpdateProgressLibText/DisplayUpdateProgressLibText.inf ++ MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf + MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf +diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc +index 6c231c97..82055d80 100644 +--- a/NetworkPkg/NetworkPkg.dsc ++++ b/NetworkPkg/NetworkPkg.dsc +@@ -82,10 +82,10 @@ + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf + + [LibraryClasses.ARM] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [LibraryClasses.RISCV64] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [PcdsFeatureFlag] + gEfiMdePkgTokenSpaceGuid.PcdComponentName2Disable|TRUE +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 2c6ed7c9..43a18557 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -185,7 +185,7 @@ + + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc +index 82c60ace..bf3925c4 100644 +--- a/OvmfPkg/Bhyve/BhyveX64.dsc ++++ b/OvmfPkg/Bhyve/BhyveX64.dsc +@@ -196,7 +196,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc +index e000deed..692234ec 100644 +--- a/OvmfPkg/CloudHv/CloudHvX64.dsc ++++ b/OvmfPkg/CloudHv/CloudHvX64.dsc +@@ -206,7 +206,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc +index 193657ff..3ba49d27 100644 +--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc ++++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc +@@ -184,7 +184,7 @@ + + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc +index 2f758563..3f290862 100644 +--- a/OvmfPkg/Microvm/MicrovmX64.dsc ++++ b/OvmfPkg/Microvm/MicrovmX64.dsc +@@ -203,7 +203,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 80d8e370..9a2b88c0 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -210,7 +210,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index d9757149..0c5f7bf7 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -215,7 +215,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index b12d874d..b9e10790 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -231,7 +231,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf +diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc +index 210578c1..fd56e1cc 100644 +--- a/OvmfPkg/OvmfXen.dsc ++++ b/OvmfPkg/OvmfXen.dsc +@@ -194,7 +194,7 @@ + !else + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf + VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf +diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +index bc204ba5..1954143b 100644 +--- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc ++++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +@@ -118,7 +118,7 @@ + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + # + # Secure Boot dependencies +diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc +index 3c622051..a9929bf1 100644 +--- a/SecurityPkg/SecurityPkg.dsc ++++ b/SecurityPkg/SecurityPkg.dsc +@@ -92,10 +92,10 @@ + ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf + + [LibraryClasses.ARM] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [LibraryClasses.RISCV64] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [LibraryClasses.X64.SEC] + HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf +diff --git a/SignedCapsulePkg/SignedCapsulePkg.dsc b/SignedCapsulePkg/SignedCapsulePkg.dsc +index 8a27207a..57a3bf2c 100644 +--- a/SignedCapsulePkg/SignedCapsulePkg.dsc ++++ b/SignedCapsulePkg/SignedCapsulePkg.dsc +@@ -110,10 +110,10 @@ + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + + [LibraryClasses.ARM] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [LibraryClasses.RISCV64] +- RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [LibraryClasses.common.PEI_CORE] + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf +-- +2.33.0 + diff --git a/0051-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch b/0051-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch new file mode 100644 index 0000000..2da2533 --- /dev/null +++ b/0051-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch @@ -0,0 +1,71 @@ +From 090857496425f283c7d2edb8125d9664c267c5b8 Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:03 +0200 +Subject: [PATCH 2/9] MdePkg: Add deprecated warning to BaseRngLibTimer + +BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504 + +To keep the MdePkg self-contained and avoid dependencies on GUIDs +defined in other packages, the BaseRngLibTimer was moved to the +MdePkg. +Add a constructor to warn and request to use the MdeModulePkg +implementation. + +Signed-off-by: Pierre Gondois +Reviewed-by: Liming Gao +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 + + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 22 +++++++++++++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +index f857290e..1d3e2f1e 100644 +--- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +@@ -23,6 +23,7 @@ + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = RngLib ++ CONSTRUCTOR = BaseRngLibTimerConstructor + + [Sources] + RngLibTimer.c +diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +index 980854d6..4dff3939 100644 +--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c ++++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +@@ -13,6 +13,28 @@ + + #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 + ++/** ++ This implementation is to be replaced by its MdeModulePkg copy. ++ The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot ++ be defined in the MdePkg. ++ ++ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. ++**/ ++RETURN_STATUS ++EFIAPI ++BaseRngLibTimerConstructor ( ++ VOID ++ ) ++{ ++ DEBUG (( ++ DEBUG_WARN, ++ "Warning: This BaseRngTimerLib implementation will be deprecated. " ++ "Please use the MdeModulePkg implementation equivalent.\n" ++ )); ++ ++ return RETURN_SUCCESS; ++} ++ + /** + Using the TimerLib GetPerformanceCounterProperties() we delay + for enough time for the PerformanceCounter to increment. +-- +2.33.0 + diff --git a/0052-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch b/0052-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch new file mode 100644 index 0000000..5936c52 --- /dev/null +++ b/0052-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch @@ -0,0 +1,86 @@ +From 7853bf10d6a9ce97bf35eb8b4d63ee724a0576ec Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:04 +0200 +Subject: [PATCH 3/9] SecurityPkg/SecurityPkg.dec: Move + PcdCpuRngSupportedAlgorithm to MdePkg + +In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a +following patch and to avoid making the MdePkg dependent on another +package, move PcdCpuRngSupportedAlgorithm to the MdePkg. + +As the Pcd is only used for AARCH64, place it in an AARCH64 +specific sections. + +Signed-off-by: Pierre Gondois +Reviewed-by: Liming Gao +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Acked-by: Jiewen Yao +Tested-by: Kun Qin +--- + .../Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 2 +- + MdePkg/MdePkg.dec | 5 +++++ + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf | 4 ++-- + SecurityPkg/SecurityPkg.dec | 2 -- + 4 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +index 600d4014..1ea6aa75 100644 +--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +@@ -19,7 +19,7 @@ + INF_VERSION = 1.27 + BASE_NAME = BaseRngLibTimerLib + MODULE_UNI_FILE = BaseRngLibTimerLib.uni +- FILE_GUID = 74950C45-10FC-4AB5-B114-49C87C17409B ++ FILE_GUID = B3E66B05-D218-4B9A-AC33-EF0F83D6A513 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = RngLib +diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec +index b8561499..7f9aa670 100644 +--- a/MdePkg/MdePkg.dec ++++ b/MdePkg/MdePkg.dec +@@ -2393,6 +2393,11 @@ + # @Prompt Time-out for a response, internal + gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifResponseRetryIntervalMicrosecond|60000|UINT32|0x00000036 + ++[PcdsFixedAtBuild.AARCH64, PcdsPatchableInModule.AARCH64] ++ ## GUID identifying the Rng algorithm implemented by CPU instruction. ++ # @Prompt CPU Rng algorithm's GUID. ++ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00000037 ++ + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## This value is used to set the base address of PCI express hierarchy. + # @Prompt PCI Express Base Address. +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +index c8e0ee4a..d1c15d38 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +@@ -79,8 +79,8 @@ + [Protocols] + gEfiRngProtocolGuid ## PRODUCES + +-[Pcd] +- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES ++[Pcd.AARCH64] ++ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES + + [Depex] + TRUE +diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec +index 53aa7ec4..00c4ebdb 100644 +--- a/SecurityPkg/SecurityPkg.dec ++++ b/SecurityPkg/SecurityPkg.dec +@@ -325,8 +325,6 @@ + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030 + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031 + +- gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032 +- + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## Image verification policy for OptionRom. Only following values are valid:

+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.
+-- +2.33.0 + diff --git a/0053-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch b/0053-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch new file mode 100644 index 0000000..3c25317 --- /dev/null +++ b/0053-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch @@ -0,0 +1,47 @@ +From 00c9eee17707f1299b02a257a02538f55f3d01c5 Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:05 +0200 +Subject: [PATCH 4/9] MdePkg/DxeRngLib: Request raw algorithm instead of + default + +The DxeRngLib tries to generate a random number using the 3 NIST +SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC. +If none of the call is successful, the fallback option is the default +RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might +be an unsafe implementation. + +Try requesting the Raw algorithm before requesting the default one. + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Reviewed-by: Liming Gao +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + MdePkg/Library/DxeRngLib/DxeRngLib.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c +index 46aea515..81a08f40 100644 +--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c ++++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c +@@ -65,9 +65,15 @@ GenerateRandomNumberViaNist800Algorithm ( + return Status; + } + ++ Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer); ++ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status)); ++ if (!EFI_ERROR (Status)) { ++ return Status; ++ } ++ + // If all the other methods have failed, use the default method from the RngProtocol + Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer); +- DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __func__, Status)); ++ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status)); + if (!EFI_ERROR (Status)) { + return Status; + } +-- +2.33.0 + diff --git a/0054-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch b/0054-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch new file mode 100644 index 0000000..6b25397 --- /dev/null +++ b/0054-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch @@ -0,0 +1,72 @@ +From 03247f8e74bca565a4f54bce7228d3698770cdac Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:06 +0200 +Subject: [PATCH 5/9] MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms + +BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 + +The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple +implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). +To allow the RngDxe to detect when such implementation is used, +a GetRngGuid() function is added in a following patch. + +Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr +to describe a Rng algorithm accessed through Arm's RNDR instruction. +[1] states that the implementation of this algorithm should be +compliant to NIST SP900-80. The compliance is not guaranteed. + +[1] Arm Architecture Reference Manual Armv8, for A-profile architecture +sK12.1 'Properties of the generated random number' + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Reviewed-by: Liming Gao +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + MdePkg/Include/Protocol/Rng.h | 10 ++++++++++ + MdePkg/MdePkg.dec | 1 + + 2 files changed, 11 insertions(+) + +diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h +index baf42558..bf5c9c3f 100644 +--- a/MdePkg/Include/Protocol/Rng.h ++++ b/MdePkg/Include/Protocol/Rng.h +@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM; + { \ + 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ + } ++/// ++/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant ++/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be ++/// inclusive of different geographies. ++/// ++#define EFI_RNG_ALGORITHM_ARM_RNDR \ ++ { \ ++ 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ ++ } + + /** + Returns information about the random number generation implementation. +@@ -146,5 +155,6 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; + extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; + extern EFI_GUID gEfiRngAlgorithmX931AesGuid; + extern EFI_GUID gEfiRngAlgorithmRaw; ++extern EFI_GUID gEfiRngAlgorithmArmRndr; + + #endif +diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec +index 7f9aa670..fc243cbf 100644 +--- a/MdePkg/MdePkg.dec ++++ b/MdePkg/MdePkg.dec +@@ -643,6 +643,7 @@ + gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }} + gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }} + gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }} ++ gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }} + + ## Include/Protocol/AdapterInformation.h + gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }} +-- +2.33.0 + diff --git a/0055-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch b/0055-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch new file mode 100644 index 0000000..acc36ba --- /dev/null +++ b/0055-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch @@ -0,0 +1,72 @@ +From cbfd4b45ef18ef19cf47e5bea9ded02a283d30be Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:07 +0200 +Subject: [PATCH 6/9] MdeModulePkg/Rng: Add GUID to describe unsafe Rng + algorithms + +BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 + +The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple +implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). +To allow the RngDxe to detect when such implementation is used, +a GetRngGuid() function is added in a following patch. + +Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe +to describe an unsafe implementation, cf. the BaseRngLibTimerLib. + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++ + MdeModulePkg/MdeModulePkg.dec | 3 +++ + 2 files changed, 26 insertions(+) + create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h + +diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h +new file mode 100644 +index 00000000..c3121f87 +--- /dev/null ++++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h +@@ -0,0 +1,23 @@ ++/** @file ++ Rng Algorithm ++ ++ Copyright (c) 2023, Arm Limited. All rights reserved.
++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#ifndef RNG_ALGORITHM_GUID_H_ ++#define RNG_ALGORITHM_GUID_H_ ++ ++/// ++/// The implementation of a Random Number Generator might be unsafe, when using ++/// a dummy implementation for instance. Allow identifying such implementation ++/// with this GUID. ++/// ++#define EDKII_RNG_ALGORITHM_UNSAFE \ ++ { \ ++ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \ ++ } ++ ++extern EFI_GUID gEdkiiRngAlgorithmUnSafe; ++ ++#endif // #ifndef RNG_ALGORITHM_GUID_H_ +diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec +index 0ff058b0..7f259231 100644 +--- a/MdeModulePkg/MdeModulePkg.dec ++++ b/MdeModulePkg/MdeModulePkg.dec +@@ -418,6 +418,9 @@ + ## Include/Guid/MigratedFvInfo.h + gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } } + ++ ## Include/Guid/RngAlgorithm.h ++ gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }} ++ + # + # GUID defined in UniversalPayload + # +-- +2.33.0 + diff --git a/0056-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch b/0056-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch new file mode 100644 index 0000000..3000a6d --- /dev/null +++ b/0056-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch @@ -0,0 +1,390 @@ +From 0edf5f1958ca1f7dfff322dd565d8f0dfb9a6e4b Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:08 +0200 +Subject: [PATCH 7/9] MdePkg/Rng: Add GetRngGuid() to RngLib + +The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple +implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). +To allow the RngDxe to detect when such implementation is used, +add a GetRngGuid() function to the RngLib. + +Signed-off-by: Pierre Gondois +Reviewed-by: Liming Gao +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Tested-by: Kun Qin +--- + .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++ + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++ + MdePkg/Include/Library/RngLib.h | 17 ++++++++ + MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++ + MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 +++++ + MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++ + .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++ + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 23 ++++++++++ + MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++ + 9 files changed, 200 insertions(+) + +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +index 1ea6aa75..b11bbdd0 100644 +--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +@@ -29,6 +29,10 @@ + + [Packages] + MdePkg/MdePkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ ++[Guids] ++ gEdkiiRngAlgorithmUnSafe + + [LibraryClasses] + BaseLib +diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +index 30494d7d..4d3b1617 100644 +--- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c ++++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +@@ -2,14 +2,18 @@ + BaseRng Library that uses the TimerLib to provide reasonably random numbers. + Do not use this on a production system. + ++ Copyright (c) 2023, Arm Limited. All rights reserved. + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + **/ + + #include ++#include + #include ++#include + #include + #include ++#include + + #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10 + +@@ -190,3 +194,27 @@ GetRandomNumber128 ( + // Read second 64 bits + return GetRandomNumber64 (++Rand); + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ if (RngGuid == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid)); ++ return EFI_SUCCESS; ++} +diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLib.h +index 429ed19e..f4fa6fe0 100644 +--- a/MdePkg/Include/Library/RngLib.h ++++ b/MdePkg/Include/Library/RngLib.h +@@ -1,6 +1,7 @@ + /** @file + Provides random number generator services. + ++Copyright (c) 2023, Arm Limited. All rights reserved.
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -77,4 +78,20 @@ GetRandomNumber128 ( + OUT UINT64 *Rand + ); + ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ); ++ + #endif // __RNG_LIB_H__ +diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +index 20811bf3..7030e9a4 100644 +--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c ++++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +@@ -2,6 +2,7 @@ + Random number generator service that uses the RNDR instruction + to provide pseudorandom numbers. + ++ Copyright (c) 2023, Arm Limited. All rights reserved.
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+ +@@ -11,6 +12,7 @@ + + #include + #include ++#include + #include + #include + +@@ -138,3 +140,43 @@ ArchIsRngSupported ( + { + return mRndrSupported; + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ GUID *RngLibGuid; ++ ++ if (RngGuid == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ if (!mRndrSupported) { ++ return EFI_UNSUPPORTED; ++ } ++ ++ // ++ // If the platform advertises the algorithm behind RNDR instruction, ++ // use it. Otherwise use gEfiRngAlgorithmArmRndr. ++ // ++ RngLibGuid = PcdGetPtr (PcdCpuRngSupportedAlgorithm); ++ if (!IsZeroGuid (RngLibGuid)) { ++ CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid)); ++ } else { ++ CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid)); ++ } ++ ++ return EFI_SUCCESS; ++} +diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf +index 1fcceb94..a8432121 100644 +--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf ++++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf +@@ -4,6 +4,7 @@ + # BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to + # provide random numbers. + # ++# Copyright (c) 2023, Arm Limited. All rights reserved.
+ # Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ # Copyright (c) 2015, Intel Corporation. All rights reserved.
+ # +@@ -43,9 +44,18 @@ + AArch64/ArmReadIdIsar0.asm | MSFT + AArch64/ArmRng.asm | MSFT + ++[Guids.AARCH64] ++ gEfiRngAlgorithmArmRndr ++ ++[Guids.Ia32, Guids.X64] ++ gEfiRngAlgorithmSp80090Ctr256Guid ++ + [Packages] + MdePkg/MdePkg.dec + ++[Pcd.AARCH64] ++ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ++ + [LibraryClasses] + BaseLib + DebugLib +diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c +index 070d41e2..977ff058 100644 +--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c ++++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c +@@ -2,6 +2,7 @@ + Random number generator services that uses RdRand instruction access + to provide high-quality random numbers. + ++Copyright (c) 2023, Arm Limited. All rights reserved.
+ Copyright (c) 2021, NUVIA Inc. All rights reserved.
+ Copyright (c) 2015, Intel Corporation. All rights reserved.
+ +@@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + + #include + #include ++#include + #include + + #include "BaseRngLibInternals.h" +@@ -128,3 +130,27 @@ ArchIsRngSupported ( + */ + return TRUE; + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ if (RngGuid == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid)); ++ return EFI_SUCCESS; ++} +diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c +index efba5c85..7efef6af 100644 +--- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c ++++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c +@@ -1,13 +1,16 @@ + /** @file + Null version of Random number generator services. + ++Copyright (c) 2023, Arm Limited. All rights reserved.
+ Copyright (c) 2019, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ + ++#include + #include + #include ++#include + + /** + Generates a 16-bit random number. +@@ -92,3 +95,22 @@ GetRandomNumber128 ( + ASSERT (FALSE); + return FALSE; + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ return EFI_UNSUPPORTED; ++} +diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +index 4dff3939..c366cc35 100644 +--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c ++++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c +@@ -212,3 +212,26 @@ GetRandomNumber128 ( + // Read second 64 bits + return GetRandomNumber64 (++Rand); + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++RETURN_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ /* This implementation is to be replaced by its MdeModulePkg copy. ++ * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot ++ * be defined in the MdePkg. ++ */ ++ return RETURN_UNSUPPORTED; ++} +diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c +index 81a08f40..7fb5b686 100644 +--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c ++++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c +@@ -1,6 +1,7 @@ + /** @file + Provides an implementation of the library class RngLib that uses the Rng protocol. + ++ Copyright (c) 2023, Arm Limited. All rights reserved. + Copyright (c) Microsoft Corporation. All rights reserved. + SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -207,3 +208,30 @@ GetRandomNumber128 ( + + return TRUE; + } ++ ++/** ++ Get a GUID identifying the RNG algorithm implementation. ++ ++ @param [out] RngGuid If success, contains the GUID identifying ++ the RNG algorithm implementation. ++ ++ @retval EFI_SUCCESS Success. ++ @retval EFI_UNSUPPORTED Not supported. ++ @retval EFI_INVALID_PARAMETER Invalid parameter. ++**/ ++EFI_STATUS ++EFIAPI ++GetRngGuid ( ++ GUID *RngGuid ++ ) ++{ ++ /* It is not possible to know beforehand which Rng algorithm will ++ * be used by this library. ++ * This API is mainly used by RngDxe. RngDxe relies on the RngLib. ++ * The RngLib|DxeRngLib.inf implementation locates and uses an installed ++ * EFI_RNG_PROTOCOL. ++ * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf. ++ * and it is ok not to support this API. ++ */ ++ return EFI_UNSUPPORTED; ++} +-- +2.33.0 + diff --git a/0057-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch b/0057-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch new file mode 100644 index 0000000..8ed86f0 --- /dev/null +++ b/0057-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch @@ -0,0 +1,173 @@ +From 7547b27d6d3f33e54366ea735effe3bf27b8a5ae Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:09 +0200 +Subject: [PATCH 8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib + +BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 + +The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple +implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). +To allow the RngDxe to detect when such implementation is used, +a GetRngGuid() function was added in a previous patch. + +The EFI_RNG_PROTOCOL can advertise multiple algorithms through +Guids. The PcdCpuRngSupportedAlgorithm is currently used to +advertise the RngLib in the Arm implementation. + +The issues of doing that are: +- the RngLib implementation might not use CPU instructions, + cf. the BaseRngLibTimerLib +- most platforms don't set PcdCpuRngSupportedAlgorithm + +A GetRngGuid() was added to the RngLib in a previous patch, +allowing to identify the algorithm implemented by the RngLib. +Make use of this function and place the unsage algorithm +at the last position in the mAvailableAlgoArray. + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Acked-by: Jiewen Yao +Tested-by: Kun Qin +--- + .../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------ + .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 6 +- + .../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +- + 3 files changed, 44 insertions(+), 21 deletions(-) + +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +index e8be217f..db87b9b1 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +@@ -10,6 +10,8 @@ + #include + #include + #include ++#include ++#include + + #include "RngDxeInternals.h" + +@@ -28,9 +30,13 @@ GetAvailableAlgorithms ( + VOID + ) + { +- UINT64 DummyRand; +- UINT16 MajorRevision; +- UINT16 MinorRevision; ++ EFI_STATUS Status; ++ UINT16 MajorRevision; ++ UINT16 MinorRevision; ++ GUID RngGuid; ++ BOOLEAN UnSafeAlgo; ++ ++ UnSafeAlgo = FALSE; + + // Rng algorithms 2 times, one for the allocation, one to populate. + mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX); +@@ -38,24 +44,29 @@ GetAvailableAlgorithms ( + return EFI_OUT_OF_RESOURCES; + } + +- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm. +- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) { +- CopyMem ( +- &mAvailableAlgoArray[mAvailableAlgoArrayCount], +- PcdGetPtr (PcdCpuRngSupportedAlgorithm), +- sizeof (EFI_RNG_ALGORITHM) +- ); +- mAvailableAlgoArrayCount++; +- +- DEBUG_CODE_BEGIN (); +- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { ++ // Identify RngLib algorithm. ++ Status = GetRngGuid (&RngGuid); ++ if (!EFI_ERROR (Status)) { ++ if (IsZeroGuid (&RngGuid) || ++ CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe)) ++ { ++ // Treat zero GUID as an unsafe algorithm + DEBUG (( + DEBUG_WARN, +- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n" ++ "RngLib uses an Unsafe algorithm and " ++ "must not be used for production builds.\n" + )); ++ // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found ++ // so that it can be added at the end of the algorithm list. ++ UnSafeAlgo = TRUE; ++ } else { ++ CopyMem ( ++ &mAvailableAlgoArray[mAvailableAlgoArrayCount], ++ &RngGuid, ++ sizeof (RngGuid) ++ ); ++ mAvailableAlgoArrayCount++; + } +- +- DEBUG_CODE_END (); + } + + // Raw algorithm (Trng) +@@ -68,5 +79,15 @@ GetAvailableAlgorithms ( + mAvailableAlgoArrayCount++; + } + ++ // Add unsafe algorithm at the end of the list. ++ if (UnSafeAlgo) { ++ CopyMem ( ++ &mAvailableAlgoArray[mAvailableAlgoArrayCount], ++ &gEdkiiRngAlgorithmUnSafe, ++ sizeof (EFI_RNG_ALGORITHM) ++ ); ++ mAvailableAlgoArrayCount++; ++ } ++ + return EFI_SUCCESS; + } +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +index ce49ff7a..3fd3cc4e 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +@@ -78,6 +78,7 @@ RngGetRNG ( + { + EFI_STATUS Status; + UINTN Index; ++ GUID RngGuid; + + if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) { + return EFI_INVALID_PARAMETER; +@@ -102,7 +103,10 @@ RngGetRNG ( + } + + FoundAlgo: +- if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { ++ Status = GetRngGuid (&RngGuid); ++ if (!EFI_ERROR (Status) && ++ CompareGuid (RNGAlgorithm, &RngGuid)) ++ { + Status = RngGetBytes (RNGValueLength, RNGValue); + return Status; + } +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +index d1c15d38..77b6a288 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +@@ -75,13 +75,11 @@ + gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG ++ gEdkiiRngAlgorithmUnSafe ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + + [Protocols] + gEfiRngProtocolGuid ## PRODUCES + +-[Pcd.AARCH64] +- gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES +- + [Depex] + TRUE + +-- +2.33.0 + diff --git a/0058-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch b/0058-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch new file mode 100644 index 0000000..0d67047 --- /dev/null +++ b/0058-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch @@ -0,0 +1,60 @@ +From 99b106811cedafeda2479bbd1a88980d4509159f Mon Sep 17 00:00:00 2001 +From: Pierre Gondois +Date: Fri, 11 Aug 2023 16:33:10 +0200 +Subject: [PATCH 9/9] SecurityPkg/RngDxe: Simplify Rng algorithm selection for + Arm + +The first element of mAvailableAlgoArray is defined as the default +Rng algorithm to use. Don't go through the array at each RngGetRNG() +call and just return the first element of the array. + +Signed-off-by: Pierre Gondois +Reviewed-by: Sami Mujawar +Acked-by: Ard Biesheuvel +Acked-by: Jiewen Yao +Tested-by: Kun Qin +--- + .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 17 ++++------------- + 1 file changed, 4 insertions(+), 13 deletions(-) + +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +index 3fd3cc4e..fc913788 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c +@@ -77,7 +77,6 @@ RngGetRNG ( + ) + { + EFI_STATUS Status; +- UINTN Index; + GUID RngGuid; + + if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) { +@@ -88,21 +87,13 @@ RngGetRNG ( + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // +- for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) { +- if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { +- RNGAlgorithm = &mAvailableAlgoArray[Index]; +- goto FoundAlgo; +- } +- } +- +- if (Index == mAvailableAlgoArrayCount) { +- // No algorithm available. +- ASSERT (Index != mAvailableAlgoArrayCount); +- return EFI_DEVICE_ERROR; ++ if (mAvailableAlgoArrayCount != 0) { ++ RNGAlgorithm = &mAvailableAlgoArray[0]; ++ } else { ++ return EFI_UNSUPPORTED; + } + } + +-FoundAlgo: + Status = GetRngGuid (&RngGuid); + if (!EFI_ERROR (Status) && + CompareGuid (RNGAlgorithm, &RngGuid)) +-- +2.33.0 + diff --git a/0059-EmulatorPkg-Add-RngDxe-to-EmulatorPkg.patch b/0059-EmulatorPkg-Add-RngDxe-to-EmulatorPkg.patch new file mode 100644 index 0000000..273f48e --- /dev/null +++ b/0059-EmulatorPkg-Add-RngDxe-to-EmulatorPkg.patch @@ -0,0 +1,69 @@ +From 3092f1a9c94c465d5caa2941bcbaf08d0dfd6bef Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:05:18 -0700 +Subject: [PATCH 10/29] EmulatorPkg: Add RngDxe to EmulatorPkg + +This patch adds RngDxe to EmulatorPkg. The RngDxe is used to provide +random number generation services to the UEFI firmware. + +Cc: Andrew Fish +Cc: Ray Ni + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ray Ni +--- + EmulatorPkg/EmulatorPkg.dsc | 7 ++++++- + EmulatorPkg/EmulatorPkg.fdf | 6 +++++- + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc +index 976908d3..915b803b 100644 +--- a/EmulatorPkg/EmulatorPkg.dsc ++++ b/EmulatorPkg/EmulatorPkg.dsc +@@ -126,9 +126,9 @@ + SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf ++ RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE +- RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf +@@ -376,6 +376,11 @@ + EmulatorPkg/PlatformSmbiosDxe/PlatformSmbiosDxe.inf + EmulatorPkg/TimerDxe/Timer.inf + ++ # ++ # Rng Protocol producer ++ # ++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf ++ + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + !endif +diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf +index 5420756e..dd37c562 100644 +--- a/EmulatorPkg/EmulatorPkg.fdf ++++ b/EmulatorPkg/EmulatorPkg.fdf +@@ -193,6 +193,11 @@ INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf + INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf + INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf + ++# ++# Rng Protocol producer ++# ++INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf ++ + # + # Secure Boot Key Enroll + # +@@ -320,4 +325,3 @@ INF ShellPkg/Application/Shell/Shell.inf + UI STRING="$(MODULE_NAME)" Optional + VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER) + } +- +-- +2.33.0 + diff --git a/0060-EmulatorPkg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch b/0060-EmulatorPkg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch new file mode 100644 index 0000000..c87a462 --- /dev/null +++ b/0060-EmulatorPkg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch @@ -0,0 +1,66 @@ +From 87f08998d480c567dff2ec44884627e184435bc5 Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:22 -0700 +Subject: [PATCH 11/29] EmulatorPkg: Add Hash2DxeCrypto to EmulatorPkg + +This patch adds Hash2DxeCrypto to EmulatorPkg. The Hash2DxeCrypto is +used to provide the hashing protocol services. + +Cc: Andrew Fish +Cc: Ray Ni + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ray Ni +--- + EmulatorPkg/EmulatorPkg.dsc | 9 +++++++-- + EmulatorPkg/EmulatorPkg.fdf | 5 +++++ + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc +index 915b803b..1f521dc8 100644 +--- a/EmulatorPkg/EmulatorPkg.dsc ++++ b/EmulatorPkg/EmulatorPkg.dsc +@@ -127,10 +127,11 @@ + ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf + FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf +- +-!if $(SECURE_BOOT_ENABLE) == TRUE + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf ++ ++!if $(SECURE_BOOT_ENABLE) == TRUE + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + SecureBootVariableLib|SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf +@@ -380,6 +381,10 @@ + # Rng Protocol producer + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf + + !if $(SECURE_BOOT_ENABLE) == TRUE + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf +diff --git a/EmulatorPkg/EmulatorPkg.fdf b/EmulatorPkg/EmulatorPkg.fdf +index dd37c562..2f93ada4 100644 +--- a/EmulatorPkg/EmulatorPkg.fdf ++++ b/EmulatorPkg/EmulatorPkg.fdf +@@ -198,6 +198,11 @@ INF MdeModulePkg/Universal/DriverSampleDxe/DriverSampleDxe.inf + # + INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Secure Boot Key Enroll + # +-- +2.33.0 + diff --git a/0061-OvmfPkg-PlatformCI-Support-virtio-rng-pci.patch b/0061-OvmfPkg-PlatformCI-Support-virtio-rng-pci.patch new file mode 100644 index 0000000..879fbd5 --- /dev/null +++ b/0061-OvmfPkg-PlatformCI-Support-virtio-rng-pci.patch @@ -0,0 +1,36 @@ +From 30913850c1b9c505266b1879110f3b7de0036d08 Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:06:32 -0700 +Subject: [PATCH 12/29] OvmfPkg PlatformCI: Support virtio-rng-pci + +This patch adds "virtio-rng-pci" to the PlatformBuildLib.py +This adds Rng services to the guest VM + +Cc: Ard Biesheuvel +Cc: Jiewen Yao +Cc: Gerd Hoffmann + +Signed-off-by: Doug Flick [MSFT] +Tested-by: Gerd Hoffmann +Acked-by: Gerd Hoffmann +Reviewed-by: Ard Biesheuvel +--- + OvmfPkg/PlatformCI/PlatformBuildLib.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/OvmfPkg/PlatformCI/PlatformBuildLib.py b/OvmfPkg/PlatformCI/PlatformBuildLib.py +index 1ada935d..5e8d4a62 100644 +--- a/OvmfPkg/PlatformCI/PlatformBuildLib.py ++++ b/OvmfPkg/PlatformCI/PlatformBuildLib.py +@@ -197,6 +197,8 @@ class PlatformBuilder( UefiBuilder, BuildSettingsManager): + args += " -net none" # turn off network + args += " -smp 4" + args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" # Mount disk with startup.nsh ++ # Provides Rng services to the Guest VM ++ args += " -device virtio-rng-pci" + + if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"): + args += " -display none" # no graphics +-- +2.33.0 + diff --git a/0062-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch b/0062-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch new file mode 100644 index 0000000..d3cddef --- /dev/null +++ b/0062-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch @@ -0,0 +1,182 @@ +From 4a7c7c09a0e8229dd1b05e5d73604e8bf0c061fb Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:24 -0700 +Subject: [PATCH 13/29] OvmfPkg: Add Hash2DxeCrypto to OvmfPkg + +This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is +used to provide the hashing protocol services. + +Cc: Ard Biesheuvel +Cc: Jiewen Yao +Cc: Gerd Hoffmann + +Signed-off-by: Doug Flick [MSFT] +Tested-by: Gerd Hoffmann +Acked-by: Gerd Hoffmann +Reviewed-by: Ard Biesheuvel +--- + OvmfPkg/OvmfPkgIa32.dsc | 6 +++++- + OvmfPkg/OvmfPkgIa32.fdf | 5 +++++ + OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++- + OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++ + OvmfPkg/OvmfPkgX64.dsc | 6 +++++- + OvmfPkg/OvmfPkgX64.fdf | 5 +++++ + OvmfPkg/OvmfXen.dsc | 5 +++++ + OvmfPkg/OvmfXen.fdf | 5 +++++ + 8 files changed, 40 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 9a2b88c0..bd2fd398 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -226,7 +226,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -879,6 +878,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 4c9be963..de8524df 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -310,6 +310,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 0c5f7bf7..0916bcef 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -231,7 +231,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -897,6 +896,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index 7f599f15..d3abb91a 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -311,6 +311,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index b9e10790..a4810fe6 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -247,7 +247,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -965,6 +964,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index 41912fc1..3842c3bf 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -338,6 +338,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf + + INF OvmfPkg/TdxDxe/TdxDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc +index fd56e1cc..15f969a5 100644 +--- a/OvmfPkg/OvmfXen.dsc ++++ b/OvmfPkg/OvmfXen.dsc +@@ -674,6 +674,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf +index bdff7c52..6cfbe786 100644 +--- a/OvmfPkg/OvmfXen.fdf ++++ b/OvmfPkg/OvmfXen.fdf +@@ -315,6 +315,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +-- +2.33.0 + diff --git a/0063-ArmVirtPkg-PlatformCI-Support-virtio-rng-pci.patch b/0063-ArmVirtPkg-PlatformCI-Support-virtio-rng-pci.patch new file mode 100644 index 0000000..8d1a237 --- /dev/null +++ b/0063-ArmVirtPkg-PlatformCI-Support-virtio-rng-pci.patch @@ -0,0 +1,35 @@ +From 5d81b6c7103f0dd21c182b18955857ade252c9fb Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:06:35 -0700 +Subject: [PATCH 14/29] ArmVirtPkg PlatformCI: Support virtio-rng-pci + +This patch adds "virtio-rng-pci" to the PlatformBuildLib.py +This adds Rng services to the guest VM + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/PlatformCI/PlatformBuildLib.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py +index 405817ca..b0cbbfab 100644 +--- a/ArmVirtPkg/PlatformCI/PlatformBuildLib.py ++++ b/ArmVirtPkg/PlatformCI/PlatformBuildLib.py +@@ -240,6 +240,8 @@ class PlatformBuilder(UefiBuilder, BuildSettingsManager): + args += " -serial stdio" + # Mount disk with startup.nsh + args += f" -drive file=fat:rw:{VirtualDrive},format=raw,media=disk" ++ # Provides Rng services to the Guest VM ++ args += " -device virtio-rng-pci" + + # Conditional Args + if (self.env.GetValue("QEMU_HEADLESS").upper() == "TRUE"): +-- +2.33.0 + diff --git a/0064-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch b/0064-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch new file mode 100644 index 0000000..59e30a3 --- /dev/null +++ b/0064-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch @@ -0,0 +1,72 @@ +From 92d8c320dca86e792afe23252497cc8335e3058d Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:06:38 -0700 +Subject: [PATCH 15/29] ArmVirtPkg: Add Hash2DxeCrypto to ArmVirtPkg + +This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is +used to provide the hashing protocol services. + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirtQemu.dsc | 5 +++++ + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +++++ + ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 +++++ + 3 files changed, 15 insertions(+) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 1e022595..775dc351 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -555,6 +555,11 @@ + MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + ++ # ++ # Hash2 Protocol Support ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # TPM2 support + # +diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +index 2894bc85..229e2931 100644 +--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc ++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +@@ -176,6 +176,11 @@ READ_LOCK_STATUS = TRUE + INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # TPM2 support + # +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 8ef5927b..859500c7 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -460,6 +460,11 @@ + MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf + MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf + ++ # ++ # Hash2 Protocol Support ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # ACPI Support + # +-- +2.33.0 + diff --git a/0065-SecurityPkg-RngDxe-Remove-incorrect-limitation-on-Ge.patch b/0065-SecurityPkg-RngDxe-Remove-incorrect-limitation-on-Ge.patch new file mode 100644 index 0000000..64dd622 --- /dev/null +++ b/0065-SecurityPkg-RngDxe-Remove-incorrect-limitation-on-Ge.patch @@ -0,0 +1,56 @@ +From ab3d70700b490ebcf2b67cc7e8dba35d9cdce535 Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:07:38 -0700 +Subject: [PATCH 16/29] SecurityPkg RngDxe: Remove incorrect limitation on + GetRng + +Removed from gEfiRngAlgorithmRaw an incorrect assumption that +Raw cannot return less than 256 bits. The DRNG Algorithms +should always use a 256 bit seed as per nist standards +however a caller is free to request less than 256 bits. +> +> // +> // When a DRBG is used on the output of a entropy source, +> // its security level must be at least 256 bits according to UEFI +Spec. +> // +> if (RNGValueLength < 32) { +> return EFI_INVALID_PARAMETER; +> } +> + +AARCH64 platforms do not have this limitation and this brings both +implementations into alignment with each other and the spec. + +Cc: Jiewen Yao + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +Reviewed-by: Pierre Gondois +Acked-by: Jiewe Yao +--- + SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +index 7e06e16e..5723ed69 100644 +--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c ++++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +@@ -116,14 +116,6 @@ RngGetRNG ( + // The "raw" algorithm is intended to provide entropy directly + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { +- // +- // When a DRBG is used on the output of a entropy source, +- // its security level must be at least 256 bits according to UEFI Spec. +- // +- if (RNGValueLength < 32) { +- return EFI_INVALID_PARAMETER; +- } +- + Status = GenerateEntropy (RNGValueLength, RNGValue); + return Status; + } +-- +2.33.0 + diff --git a/0066-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch b/0066-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch new file mode 100644 index 0000000..bf2cb14 --- /dev/null +++ b/0066-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch @@ -0,0 +1,1291 @@ +From 4abf96619d64cc296fafe1aa2a32579d7f33d379 Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:28 -0700 +Subject: [PATCH 17/29] NetworkPkg: SECURITY PATCH CVE-2023-45237 + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4542 + +Bug Overview: +PixieFail Bug #9 +CVE-2023-45237 +CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N +CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) + +Use of a Weak PseudoRandom Number Generator + +Change Overview: + +Updates all Instances of NET_RANDOM (NetRandomInitSeed ()) to either + +> +> EFI_STATUS +> EFIAPI +> PseudoRandomU32 ( +> OUT UINT32 *Output +> ); +> + +or (depending on the use case) + +> +> EFI_STATUS +> EFIAPI +> PseudoRandom ( +> OUT VOID *Output, +> IN UINTN OutputLength +> ); +> + +This is because the use of + +Example: + +The following code snippet PseudoRandomU32 () function is used: + +> +> UINT32 Random; +> +> Status = PseudoRandomU32 (&Random); +> if (EFI_ERROR (Status)) { +> DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", +__func__, Status)); +> return Status; +> } +> + +This also introduces a new PCD to enable/disable the use of the +secure implementation of algorithms for PseudoRandom () and +instead depend on the default implementation. This may be required for +some platforms where the UEFI Spec defined algorithms are not available. + +> +> PcdEnforceSecureRngAlgorithms +> + +If the platform does not have any one of the UEFI defined +secure RNG algorithms then the driver will assert. + +Cc: Saloni Kasbekar +Cc: Zachary Clark-williams + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Saloni Kasbekar +--- + NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c | 10 +- + NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c | 11 +- + NetworkPkg/DnsDxe/DnsDhcp.c | 10 +- + NetworkPkg/DnsDxe/DnsImpl.c | 11 +- + NetworkPkg/HttpBootDxe/HttpBootDhcp6.c | 10 +- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 19 ++- + NetworkPkg/IScsiDxe/IScsiMisc.c | 14 +-- + NetworkPkg/IScsiDxe/IScsiMisc.h | 6 +- + NetworkPkg/Include/Library/NetLib.h | 50 +++++--- + NetworkPkg/Ip4Dxe/Ip4Driver.c | 10 +- + NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c | 9 +- + NetworkPkg/Ip6Dxe/Ip6Driver.c | 17 ++- + NetworkPkg/Ip6Dxe/Ip6If.c | 12 +- + NetworkPkg/Ip6Dxe/Ip6Mld.c | 12 +- + NetworkPkg/Ip6Dxe/Ip6Nd.c | 35 ++++-- + NetworkPkg/Ip6Dxe/Ip6Nd.h | 8 +- + NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 136 +++++++++++++++++---- + NetworkPkg/Library/DxeNetLib/DxeNetLib.inf | 14 ++- + NetworkPkg/NetworkPkg.dec | 7 ++ + NetworkPkg/SecurityFixes.yaml | 39 ++++++ + NetworkPkg/TcpDxe/TcpDriver.c | 15 ++- + NetworkPkg/TcpDxe/TcpDxe.inf | 3 + + NetworkPkg/Udp4Dxe/Udp4Driver.c | 10 +- + NetworkPkg/Udp6Dxe/Udp6Driver.c | 11 +- + NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c | 9 +- + NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 11 +- + NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 12 +- + 27 files changed, 419 insertions(+), 92 deletions(-) + +diff --git a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c +index 8c37e93b..b4e93a53 100644 +--- a/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c ++++ b/NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c +@@ -1,6 +1,7 @@ + /** @file + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -189,6 +190,13 @@ Dhcp4CreateService ( + { + DHCP_SERVICE *DhcpSb; + EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + *Service = NULL; + DhcpSb = AllocateZeroPool (sizeof (DHCP_SERVICE)); +@@ -203,7 +211,7 @@ Dhcp4CreateService ( + DhcpSb->Image = ImageHandle; + InitializeListHead (&DhcpSb->Children); + DhcpSb->DhcpState = Dhcp4Stopped; +- DhcpSb->Xid = NET_RANDOM (NetRandomInitSeed ()); ++ DhcpSb->Xid = Random; + CopyMem ( + &DhcpSb->ServiceBinding, + &mDhcp4ServiceBindingTemplate, +diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c +index b591a460..f0a1e3b6 100644 +--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c ++++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c +@@ -3,7 +3,7 @@ + implementation for Dhcp6 Driver. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -123,6 +123,13 @@ Dhcp6CreateService ( + { + DHCP6_SERVICE *Dhcp6Srv; + EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + *Service = NULL; + Dhcp6Srv = AllocateZeroPool (sizeof (DHCP6_SERVICE)); +@@ -147,7 +154,7 @@ Dhcp6CreateService ( + Dhcp6Srv->Signature = DHCP6_SERVICE_SIGNATURE; + Dhcp6Srv->Controller = Controller; + Dhcp6Srv->Image = ImageHandle; +- Dhcp6Srv->Xid = (0xffffff & NET_RANDOM (NetRandomInitSeed ())); ++ Dhcp6Srv->Xid = (0xffffff & Random); + + CopyMem ( + &Dhcp6Srv->ServiceBinding, +diff --git a/NetworkPkg/DnsDxe/DnsDhcp.c b/NetworkPkg/DnsDxe/DnsDhcp.c +index 933565a3..102c4be6 100644 +--- a/NetworkPkg/DnsDxe/DnsDhcp.c ++++ b/NetworkPkg/DnsDxe/DnsDhcp.c +@@ -2,6 +2,7 @@ + Functions implementation related with DHCPv4/v6 for DNS driver. + + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -277,6 +278,7 @@ GetDns4ServerFromDhcp4 ( + EFI_DHCP4_TRANSMIT_RECEIVE_TOKEN Token; + BOOLEAN IsDone; + UINTN Index; ++ UINT32 Random; + + Image = Instance->Service->ImageHandle; + Controller = Instance->Service->ControllerHandle; +@@ -292,6 +294,12 @@ GetDns4ServerFromDhcp4 ( + Data = NULL; + InterfaceInfo = NULL; + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + ZeroMem ((UINT8 *)ParaList, sizeof (ParaList)); + + ZeroMem (&MnpConfigData, sizeof (EFI_MANAGED_NETWORK_CONFIG_DATA)); +@@ -467,7 +475,7 @@ GetDns4ServerFromDhcp4 ( + + Status = Dhcp4->Build (Dhcp4, &SeedPacket, 0, NULL, 2, ParaList, &Token.Packet); + +- Token.Packet->Dhcp4.Header.Xid = HTONL (NET_RANDOM (NetRandomInitSeed ())); ++ Token.Packet->Dhcp4.Header.Xid = Random; + + Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)0x8000); + +diff --git a/NetworkPkg/DnsDxe/DnsImpl.c b/NetworkPkg/DnsDxe/DnsImpl.c +index d3118128..8e9d7222 100644 +--- a/NetworkPkg/DnsDxe/DnsImpl.c ++++ b/NetworkPkg/DnsDxe/DnsImpl.c +@@ -2,6 +2,7 @@ + DnsDxe support functions implementation. + + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -1963,6 +1964,14 @@ ConstructDNSQuery ( + NET_FRAGMENT Frag; + DNS_HEADER *DnsHeader; + DNS_QUERY_SECTION *DnsQuery; ++ EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + // + // Messages carried by UDP are restricted to 512 bytes (not counting the IP +@@ -1977,7 +1986,7 @@ ConstructDNSQuery ( + // Fill header + // + DnsHeader = (DNS_HEADER *)Frag.Bulk; +- DnsHeader->Identification = (UINT16)NET_RANDOM (NetRandomInitSeed ()); ++ DnsHeader->Identification = (UINT16)Random; + DnsHeader->Flags.Uint16 = 0x0000; + DnsHeader->Flags.Bits.RD = 1; + DnsHeader->Flags.Bits.OpCode = DNS_FLAGS_OPCODE_STANDARD; +diff --git a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c +index b22cef4f..5e8c7bed 100644 +--- a/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c ++++ b/NetworkPkg/HttpBootDxe/HttpBootDhcp6.c +@@ -2,6 +2,7 @@ + Functions implementation related with DHCPv6 for HTTP boot driver. + + Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -951,6 +952,7 @@ HttpBootDhcp6Sarr ( + UINT32 OptCount; + UINT8 Buffer[HTTP_BOOT_DHCP6_OPTION_MAX_SIZE]; + EFI_STATUS Status; ++ UINT32 Random; + + Dhcp6 = Private->Dhcp6; + ASSERT (Dhcp6 != NULL); +@@ -961,6 +963,12 @@ HttpBootDhcp6Sarr ( + OptCount = HttpBootBuildDhcp6Options (Private, OptList, Buffer); + ASSERT (OptCount > 0); + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + Retransmit = AllocateZeroPool (sizeof (EFI_DHCP6_RETRANSMISSION)); + if (Retransmit == NULL) { + return EFI_OUT_OF_RESOURCES; +@@ -976,7 +984,7 @@ HttpBootDhcp6Sarr ( + Config.IaInfoEvent = NULL; + Config.RapidCommit = FALSE; + Config.ReconfigureAccept = FALSE; +- Config.IaDescriptor.IaId = NET_RANDOM (NetRandomInitSeed ()); ++ Config.IaDescriptor.IaId = Random; + Config.IaDescriptor.Type = EFI_DHCP6_IA_TYPE_NA; + Config.SolicitRetransmission = Retransmit; + Retransmit->Irt = 4; +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index b507f11c..9af2727e 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -3,6 +3,7 @@ + Configuration. + + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -576,16 +577,24 @@ IScsiCHAPToSendReq ( + // + // CHAP_I= + // +- IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1); ++ Status = IScsiGenRandom ((UINT8 *)&AuthData->OutIdentifier, 1); ++ if (EFI_ERROR (Status)) { ++ break; ++ } ++ + AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", AuthData->OutIdentifier); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_IDENTIFIER, ValueStr); + // + // CHAP_C= + // +- IScsiGenRandom ( +- (UINT8 *)AuthData->OutChallenge, +- AuthData->Hash->DigestSize +- ); ++ Status = IScsiGenRandom ( ++ (UINT8 *)AuthData->OutChallenge, ++ AuthData->Hash->DigestSize ++ ); ++ if (EFI_ERROR (Status)) { ++ break; ++ } ++ + BinToHexStatus = IScsiBinToHex ( + (UINT8 *)AuthData->OutChallenge, + AuthData->Hash->DigestSize, +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c +index 78dc5c73..1a1a99a0 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.c ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.c +@@ -2,6 +2,7 @@ + Miscellaneous routines for iSCSI driver. + + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -474,20 +475,17 @@ IScsiNetNtoi ( + @param[in, out] Rand The buffer to contain random numbers. + @param[in] RandLength The length of the Rand buffer. + ++ @retval EFI_SUCCESS on success ++ @retval others on error ++ + **/ +-VOID ++EFI_STATUS + IScsiGenRandom ( + IN OUT UINT8 *Rand, + IN UINTN RandLength + ) + { +- UINT32 Random; +- +- while (RandLength > 0) { +- Random = NET_RANDOM (NetRandomInitSeed ()); +- *Rand++ = (UINT8)(Random); +- RandLength--; +- } ++ return PseudoRandom (Rand, RandLength); + } + + /** +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h +index a951eee7..16acd191 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.h ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.h +@@ -2,6 +2,7 @@ + Miscellaneous definitions for iSCSI driver. + + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -202,8 +203,11 @@ IScsiNetNtoi ( + @param[in, out] Rand The buffer to contain random numbers. + @param[in] RandLength The length of the Rand buffer. + ++ @retval EFI_SUCCESS on success ++ @retval others on error ++ + **/ +-VOID ++EFI_STATUS + IScsiGenRandom ( + IN OUT UINT8 *Rand, + IN UINTN RandLength +diff --git a/NetworkPkg/Include/Library/NetLib.h b/NetworkPkg/Include/Library/NetLib.h +index 8c0e62b3..0f3c158e 100644 +--- a/NetworkPkg/Include/Library/NetLib.h ++++ b/NetworkPkg/Include/Library/NetLib.h +@@ -3,6 +3,7 @@ + It provides basic functions for the UEFI network stack. + + Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -539,8 +540,6 @@ extern EFI_IPv4_ADDRESS mZeroIp4Addr; + #define TICKS_PER_MS 10000U + #define TICKS_PER_SECOND 10000000U + +-#define NET_RANDOM(Seed) ((UINT32) ((UINT32) (Seed) * 1103515245UL + 12345) % 4294967295UL) +- + /** + Extract a UINT32 from a byte stream. + +@@ -580,19 +579,40 @@ NetPutUint32 ( + ); + + /** +- Initialize a random seed using current time and monotonic count. +- +- Get current time and monotonic count first. Then initialize a random seed +- based on some basic mathematics operation on the hour, day, minute, second, +- nanosecond and year of the current time and the monotonic count value. +- +- @return The random seed initialized with current time. +- +-**/ +-UINT32 +-EFIAPI +-NetRandomInitSeed ( +- VOID ++ Generate a Random output data given a length. ++ ++ @param[out] Output - The buffer to store the generated random data. ++ @param[in] OutputLength - The length of the output buffer. ++ ++ @retval EFI_SUCCESS On Success ++ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero ++ @retval EFI_NOT_FOUND RNG protocol not found ++ @retval Others Error from RngProtocol->GetRNG() ++ ++ @return Status code ++**/ ++EFI_STATUS ++EFIAPI ++PseudoRandom ( ++ OUT VOID *Output, ++ IN UINTN OutputLength ++ ); ++ ++/** ++ Generate a 32-bit pseudo-random number. ++ ++ @param[out] Output - The buffer to store the generated random number. ++ ++ @retval EFI_SUCCESS On Success ++ @retval EFI_NOT_FOUND RNG protocol not found ++ @retval Others Error from RngProtocol->GetRNG() ++ ++ @return Status code ++**/ ++EFI_STATUS ++EFIAPI ++PseudoRandomU32 ( ++ OUT UINT32 *Output + ); + + #define NET_LIST_USER_STRUCT(Entry, Type, Field) \ +diff --git a/NetworkPkg/Ip4Dxe/Ip4Driver.c b/NetworkPkg/Ip4Dxe/Ip4Driver.c +index ec483ff0..c8a594ed 100644 +--- a/NetworkPkg/Ip4Dxe/Ip4Driver.c ++++ b/NetworkPkg/Ip4Dxe/Ip4Driver.c +@@ -2,6 +2,7 @@ + The driver binding and service binding protocol for IP4 driver. + + Copyright (c) 2005 - 2019, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -549,11 +550,18 @@ Ip4DriverBindingStart ( + EFI_IP4_CONFIG2_PROTOCOL *Ip4Cfg2; + UINTN Index; + IP4_CONFIG2_DATA_ITEM *DataItem; ++ UINT32 Random; + + IpSb = NULL; + Ip4Cfg2 = NULL; + DataItem = NULL; + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + // + // Test for the Ip4 service binding protocol + // +@@ -653,7 +661,7 @@ Ip4DriverBindingStart ( + // + // Initialize the IP4 ID + // +- mIp4Id = (UINT16)NET_RANDOM (NetRandomInitSeed ()); ++ mIp4Id = (UINT16)Random; + + return Status; + +diff --git a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c +index 70e232ce..79741609 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c ++++ b/NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c +@@ -2276,6 +2276,13 @@ Ip6ConfigInitInstance ( + UINTN Index; + UINT16 IfIndex; + IP6_CONFIG_DATA_ITEM *DataItem; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + IpSb = IP6_SERVICE_FROM_IP6_CONFIG_INSTANCE (Instance); + +@@ -2381,7 +2388,7 @@ Ip6ConfigInitInstance ( + // The NV variable is not set, so generate a random IAID, and write down the + // fresh new configuration as the NV variable now. + // +- Instance->IaId = NET_RANDOM (NetRandomInitSeed ()); ++ Instance->IaId = Random; + + for (Index = 0; Index < IpSb->SnpMode.HwAddressSize; Index++) { + Instance->IaId |= (IpSb->SnpMode.CurrentAddress.Addr[Index] << ((Index << 3) & 31)); +diff --git a/NetworkPkg/Ip6Dxe/Ip6Driver.c b/NetworkPkg/Ip6Dxe/Ip6Driver.c +index b483a7d1..c73da917 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6Driver.c ++++ b/NetworkPkg/Ip6Dxe/Ip6Driver.c +@@ -3,7 +3,7 @@ + + Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -316,7 +316,11 @@ Ip6CreateService ( + IpSb->CurHopLimit = IP6_HOP_LIMIT; + IpSb->LinkMTU = IP6_MIN_LINK_MTU; + IpSb->BaseReachableTime = IP6_REACHABLE_TIME; +- Ip6UpdateReachableTime (IpSb); ++ Status = Ip6UpdateReachableTime (IpSb); ++ if (EFI_ERROR (Status)) { ++ goto ON_ERROR; ++ } ++ + // + // RFC4861 RETRANS_TIMER: 1,000 milliseconds + // +@@ -516,11 +520,18 @@ Ip6DriverBindingStart ( + EFI_STATUS Status; + EFI_IP6_CONFIG_PROTOCOL *Ip6Cfg; + IP6_CONFIG_DATA_ITEM *DataItem; ++ UINT32 Random; + + IpSb = NULL; + Ip6Cfg = NULL; + DataItem = NULL; + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + // + // Test for the Ip6 service binding protocol + // +@@ -656,7 +667,7 @@ Ip6DriverBindingStart ( + // + // Initialize the IP6 ID + // +- mIp6Id = NET_RANDOM (NetRandomInitSeed ()); ++ mIp6Id = Random; + + return EFI_SUCCESS; + +diff --git a/NetworkPkg/Ip6Dxe/Ip6If.c b/NetworkPkg/Ip6Dxe/Ip6If.c +index 4629c05f..06b01df1 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6If.c ++++ b/NetworkPkg/Ip6Dxe/Ip6If.c +@@ -2,7 +2,7 @@ + Implement IP6 pseudo interface. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -89,6 +89,14 @@ Ip6SetAddress ( + IP6_PREFIX_LIST_ENTRY *PrefixEntry; + UINT64 Delay; + IP6_DELAY_JOIN_LIST *DelayNode; ++ EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + NET_CHECK_SIGNATURE (Interface, IP6_INTERFACE_SIGNATURE); + +@@ -164,7 +172,7 @@ Ip6SetAddress ( + // Thus queue the address to be processed in Duplicate Address Detection module + // after the delay time (in milliseconds). + // +- Delay = (UINT64)NET_RANDOM (NetRandomInitSeed ()); ++ Delay = (UINT64)Random; + Delay = MultU64x32 (Delay, IP6_ONE_SECOND_IN_MS); + Delay = RShiftU64 (Delay, 32); + +diff --git a/NetworkPkg/Ip6Dxe/Ip6Mld.c b/NetworkPkg/Ip6Dxe/Ip6Mld.c +index e6b2b653..6b2f07fc 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6Mld.c ++++ b/NetworkPkg/Ip6Dxe/Ip6Mld.c +@@ -696,7 +696,15 @@ Ip6UpdateDelayTimer ( + IN OUT IP6_MLD_GROUP *Group + ) + { +- UINT32 Delay; ++ UINT32 Delay; ++ EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + // + // If the Query packet specifies a Maximum Response Delay of zero, perform timer +@@ -715,7 +723,7 @@ Ip6UpdateDelayTimer ( + // is less than the remaining value of the running timer. + // + if ((Group->DelayTimer == 0) || (Delay < Group->DelayTimer)) { +- Group->DelayTimer = Delay / 4294967295UL * NET_RANDOM (NetRandomInitSeed ()); ++ Group->DelayTimer = Delay / 4294967295UL * Random; + } + + return EFI_SUCCESS; +diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.c b/NetworkPkg/Ip6Dxe/Ip6Nd.c +index c10c7017..673ea401 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6Nd.c ++++ b/NetworkPkg/Ip6Dxe/Ip6Nd.c +@@ -2,7 +2,7 @@ + Implementation of Neighbor Discovery support routines. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -16,17 +16,28 @@ EFI_MAC_ADDRESS mZeroMacAddress; + + @param[in, out] IpSb Points to the IP6_SERVICE. + ++ @retval EFI_SUCCESS ReachableTime Updated ++ @retval others Failed to update ReachableTime + **/ +-VOID ++EFI_STATUS + Ip6UpdateReachableTime ( + IN OUT IP6_SERVICE *IpSb + ) + { +- UINT32 Random; +- +- Random = (NetRandomInitSeed () / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; ++ UINT32 Random; ++ EFI_STATUS Status; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ ++ Random = (Random / 4294967295UL) * IP6_RANDOM_FACTOR_SCALE; + Random = Random + IP6_MIN_RANDOM_FACTOR_SCALED; + IpSb->ReachableTime = (IpSb->BaseReachableTime * Random) / IP6_RANDOM_FACTOR_SCALE; ++ ++ return EFI_SUCCESS; + } + + /** +@@ -972,10 +983,17 @@ Ip6InitDADProcess ( + IP6_SERVICE *IpSb; + EFI_STATUS Status; + UINT32 MaxDelayTick; ++ UINT32 Random; + + NET_CHECK_SIGNATURE (IpIf, IP6_INTERFACE_SIGNATURE); + ASSERT (AddressInfo != NULL); + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + // + // Do nothing if we have already started DAD on the address. + // +@@ -1014,7 +1032,7 @@ Ip6InitDADProcess ( + Entry->Transmit = 0; + Entry->Receive = 0; + MaxDelayTick = IP6_MAX_RTR_SOLICITATION_DELAY / IP6_TIMER_INTERVAL_IN_MS; +- Entry->RetransTick = (MaxDelayTick * ((NET_RANDOM (NetRandomInitSeed ()) % 5) + 1)) / 5; ++ Entry->RetransTick = (MaxDelayTick * ((Random % 5) + 1)) / 5; + Entry->AddressInfo = AddressInfo; + Entry->Callback = Callback; + Entry->Context = Context; +@@ -2078,7 +2096,10 @@ Ip6ProcessRouterAdvertise ( + // in BaseReachableTime and recompute a ReachableTime. + // + IpSb->BaseReachableTime = ReachableTime; +- Ip6UpdateReachableTime (IpSb); ++ Status = Ip6UpdateReachableTime (IpSb); ++ if (EFI_ERROR (Status)) { ++ goto Exit; ++ } + } + + if (RetransTimer != 0) { +diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h +index 7d6577ad..899ef216 100644 +--- a/NetworkPkg/Ip6Dxe/Ip6Nd.h ++++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h +@@ -2,7 +2,7 @@ + Definition of Neighbor Discovery support routines. + + Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -780,10 +780,10 @@ Ip6OnArpResolved ( + /** + Update the ReachableTime in IP6 service binding instance data, in milliseconds. + +- @param[in, out] IpSb Points to the IP6_SERVICE. +- ++ @retval EFI_SUCCESS ReachableTime Updated ++ @retval others Failed to update ReachableTime + **/ +-VOID ++EFI_STATUS + Ip6UpdateReachableTime ( + IN OUT IP6_SERVICE *IpSb + ); +diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +index fd4a9e15..8ff2b1b1 100644 +--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c ++++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +@@ -3,6 +3,7 @@ + + Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2015 Hewlett Packard Enterprise Development LP
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + **/ + +@@ -31,6 +32,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + #include + #include + #include ++#include + + #define NIC_ITEM_CONFIG_SIZE (sizeof (NIC_IP4_CONFIG_INFO) + sizeof (EFI_IP4_ROUTE_TABLE) * MAX_IP4_CONFIG_IN_VARIABLE) + #define DEFAULT_ZERO_START ((UINTN) ~0) +@@ -127,6 +129,25 @@ GLOBAL_REMOVE_IF_UNREFERENCED VLAN_DEVICE_PATH mNetVlanDevicePathTemplate = { + 0 + }; + ++// ++// These represent UEFI SPEC defined algorithms that should be supported by ++// the RNG protocol and are generally considered secure. ++// ++// The order of the algorithms in this array is important. This order is the order ++// in which the algorithms will be tried by the RNG protocol. ++// If your platform needs to use a specific algorithm for the random number generator, ++// then you should place that algorithm first in the array. ++// ++GLOBAL_REMOVE_IF_UNREFERENCED EFI_GUID *mSecureHashAlgorithms[] = { ++ &gEfiRngAlgorithmSp80090Ctr256Guid, // SP800-90A DRBG CTR using AES-256 ++ &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256 ++ &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256 ++ &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG via ARM RNDR register ++ &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG) ++}; ++ ++#define SECURE_HASH_ALGORITHMS_SIZE (sizeof (mSecureHashAlgorithms) / sizeof (EFI_GUID *)) ++ + /** + Locate the handles that support SNP, then open one of them + to send the syslog packets. The caller isn't required to close +@@ -884,34 +905,107 @@ Ip6Swap128 ( + } + + /** +- Initialize a random seed using current time and monotonic count. ++ Generate a Random output data given a length. + +- Get current time and monotonic count first. Then initialize a random seed +- based on some basic mathematics operation on the hour, day, minute, second, +- nanosecond and year of the current time and the monotonic count value. ++ @param[out] Output - The buffer to store the generated random data. ++ @param[in] OutputLength - The length of the output buffer. + +- @return The random seed initialized with current time. ++ @retval EFI_SUCCESS On Success ++ @retval EFI_INVALID_PARAMETER Pointer is null or size is zero ++ @retval EFI_NOT_FOUND RNG protocol not found ++ @retval Others Error from RngProtocol->GetRNG() + ++ @return Status code + **/ +-UINT32 ++EFI_STATUS + EFIAPI +-NetRandomInitSeed ( +- VOID ++PseudoRandom ( ++ OUT VOID *Output, ++ IN UINTN OutputLength + ) + { +- EFI_TIME Time; +- UINT32 Seed; +- UINT64 MonotonicCount; +- +- gRT->GetTime (&Time, NULL); +- Seed = (Time.Hour << 24 | Time.Day << 16 | Time.Minute << 8 | Time.Second); +- Seed ^= Time.Nanosecond; +- Seed ^= Time.Year << 7; +- +- gBS->GetNextMonotonicCount (&MonotonicCount); +- Seed += (UINT32)MonotonicCount; +- +- return Seed; ++ EFI_RNG_PROTOCOL *RngProtocol; ++ EFI_STATUS Status; ++ UINTN AlgorithmIndex; ++ ++ if ((Output == NULL) || (OutputLength == 0)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Failed to locate EFI_RNG_PROTOCOL: %r\n", Status)); ++ ASSERT_EFI_ERROR (Status); ++ return Status; ++ } ++ ++ if (PcdGetBool (PcdEnforceSecureRngAlgorithms)) { ++ for (AlgorithmIndex = 0; AlgorithmIndex < SECURE_HASH_ALGORITHMS_SIZE; AlgorithmIndex++) { ++ Status = RngProtocol->GetRNG (RngProtocol, mSecureHashAlgorithms[AlgorithmIndex], OutputLength, (UINT8 *)Output); ++ if (!EFI_ERROR (Status)) { ++ // ++ // Secure Algorithm was supported on this platform ++ // ++ return EFI_SUCCESS; ++ } else if (Status == EFI_UNSUPPORTED) { ++ // ++ // Secure Algorithm was not supported on this platform ++ // ++ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); ++ ++ // ++ // Try the next secure algorithm ++ // ++ continue; ++ } else { ++ // ++ // Some other error occurred ++ // ++ DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); ++ ASSERT_EFI_ERROR (Status); ++ return Status; ++ } ++ } ++ ++ // ++ // If we get here, we failed to generate random data using any secure algorithm ++ // Platform owner should ensure that at least one secure algorithm is supported ++ // ++ ASSERT_EFI_ERROR (Status); ++ return Status; ++ } ++ ++ // ++ // Lets try using the default algorithm (which may not be secure) ++ // ++ Status = RngProtocol->GetRNG (RngProtocol, NULL, OutputLength, (UINT8 *)Output); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random data: %r\n", __func__, Status)); ++ ASSERT_EFI_ERROR (Status); ++ return Status; ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++/** ++ Generate a 32-bit pseudo-random number. ++ ++ @param[out] Output - The buffer to store the generated random number. ++ ++ @retval EFI_SUCCESS On Success ++ @retval EFI_NOT_FOUND RNG protocol not found ++ @retval Others Error from RngProtocol->GetRNG() ++ ++ @return Status code ++**/ ++EFI_STATUS ++EFIAPI ++PseudoRandomU32 ( ++ OUT UINT32 *Output ++ ) ++{ ++ return PseudoRandom (Output, sizeof (*Output)); + } + + /** +diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf +index 8145d256..ed5bb634 100644 +--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf ++++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.inf +@@ -3,6 +3,7 @@ + # + # Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
+ # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
++# Copyright (c) Microsoft Corporation + # SPDX-License-Identifier: BSD-2-Clause-Patent + # + ## +@@ -49,7 +50,11 @@ + gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES ## SystemTable + gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES ## SystemTable + gEfiAdapterInfoMediaStateGuid ## SOMETIMES_CONSUMES +- ++ gEfiRngAlgorithmRaw ## CONSUMES ++ gEfiRngAlgorithmSp80090Ctr256Guid ## CONSUMES ++ gEfiRngAlgorithmSp80090Hmac256Guid ## CONSUMES ++ gEfiRngAlgorithmSp80090Hash256Guid ## CONSUMES ++ gEfiRngAlgorithmArmRndr ## CONSUMES + + [Protocols] + gEfiSimpleNetworkProtocolGuid ## SOMETIMES_CONSUMES +@@ -59,3 +64,10 @@ + gEfiComponentNameProtocolGuid ## SOMETIMES_CONSUMES + gEfiComponentName2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiAdapterInformationProtocolGuid ## SOMETIMES_CONSUMES ++ gEfiRngProtocolGuid ## CONSUMES ++ ++[FixedPcd] ++ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES ++ ++[Depex] ++ gEfiRngProtocolGuid +diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec +index e06f35e7..db7b1f27 100644 +--- a/NetworkPkg/NetworkPkg.dec ++++ b/NetworkPkg/NetworkPkg.dec +@@ -5,6 +5,7 @@ + # + # Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.
+ # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP
++# Copyright (c) Microsoft Corporation + # + # SPDX-License-Identifier: BSD-2-Clause-Patent + # +@@ -130,6 +131,12 @@ + # @Prompt Indicates whether SnpDxe creates event for ExitBootServices() call. + gEfiNetworkPkgTokenSpaceGuid.PcdSnpCreateExitBootServicesEvent|TRUE|BOOLEAN|0x1000000C + ++ ## Enforces the use of Secure UEFI spec defined RNG algorithms for all network connections. ++ # TRUE - Enforce the use of Secure UEFI spec defined RNG algorithms. ++ # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider. ++ # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms. ++ gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D ++ + [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## IPv6 DHCP Unique Identifier (DUID) Type configuration (From RFCs 3315 and 6355). + # 01 = DUID Based on Link-layer Address Plus Time [DUID-LLT] +diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml +index 7d716ffc..a44cfc43 100644 +--- a/NetworkPkg/SecurityFixes.yaml ++++ b/NetworkPkg/SecurityFixes.yaml +@@ -122,3 +122,42 @@ CVE_2023_45235: + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html ++CVE_2023_45237: ++ commit_titles: ++ - "NetworkPkg:: SECURITY PATCH CVE 2023-45237" ++ cve: CVE-2023-45237 ++ date_reported: 2023-08-28 13:56 UTC ++ description: "Bug 09 - Use of a Weak PseudoRandom Number Generator" ++ note: ++ files_impacted: ++ - NetworkPkg/Dhcp4Dxe/Dhcp4Driver.c ++ - NetworkPkg/Dhcp6Dxe/Dhcp6Driver.c ++ - NetworkPkg/DnsDxe/DnsDhcp.c ++ - NetworkPkg/DnsDxe/DnsImpl.c ++ - NetworkPkg/HttpBootDxe/HttpBootDhcp6.c ++ - NetworkPkg/IScsiDxe/IScsiCHAP.c ++ - NetworkPkg/IScsiDxe/IScsiMisc.c ++ - NetworkPkg/IScsiDxe/IScsiMisc.h ++ - NetworkPkg/Include/Library/NetLib.h ++ - NetworkPkg/Ip4Dxe/Ip4Driver.c ++ - NetworkPkg/Ip6Dxe/Ip6ConfigImpl.c ++ - NetworkPkg/Ip6Dxe/Ip6Driver.c ++ - NetworkPkg/Ip6Dxe/Ip6If.c ++ - NetworkPkg/Ip6Dxe/Ip6Mld.c ++ - NetworkPkg/Ip6Dxe/Ip6Nd.c ++ - NetworkPkg/Ip6Dxe/Ip6Nd.h ++ - NetworkPkg/Library/DxeNetLib/DxeNetLib.c ++ - NetworkPkg/Library/DxeNetLib/DxeNetLib.inf ++ - NetworkPkg/NetworkPkg.dec ++ - NetworkPkg/TcpDxe/TcpDriver.c ++ - NetworkPkg/Udp4Dxe/Udp4Driver.c ++ - NetworkPkg/Udp6Dxe/Udp6Driver.c ++ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c ++ - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c ++ - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c ++ links: ++ - https://bugzilla.tianocore.org/show_bug.cgi?id=4542 ++ - https://nvd.nist.gov/vuln/detail/CVE-2023-45237 ++ - http://www.openwall.com/lists/oss-security/2024/01/16/2 ++ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html ++ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html +diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c +index 98a90e02..f5d10c6e 100644 +--- a/NetworkPkg/TcpDxe/TcpDriver.c ++++ b/NetworkPkg/TcpDxe/TcpDriver.c +@@ -2,7 +2,7 @@ + The driver binding and service binding protocol for the TCP driver. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -163,7 +163,13 @@ TcpDriverEntryPoint ( + ) + { + EFI_STATUS Status; +- UINT32 Seed; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + // + // Install the TCP Driver Binding Protocol +@@ -203,9 +209,8 @@ TcpDriverEntryPoint ( + // + // Initialize ISS and random port. + // +- Seed = NetRandomInitSeed (); +- mTcpGlobalIss = NET_RANDOM (Seed) % mTcpGlobalIss; +- mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (NET_RANDOM (Seed) % TCP_PORT_KNOWN)); ++ mTcpGlobalIss = Random % mTcpGlobalIss; ++ mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN)); + mTcp6RandomPort = mTcp4RandomPort; + + return EFI_SUCCESS; +diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf +index c0acbdca..1b309801 100644 +--- a/NetworkPkg/TcpDxe/TcpDxe.inf ++++ b/NetworkPkg/TcpDxe/TcpDxe.inf +@@ -82,5 +82,8 @@ + gEfiTcp6ProtocolGuid ## BY_START + gEfiTcp6ServiceBindingProtocolGuid ## BY_START + ++[Depex] ++ gEfiHash2ServiceBindingProtocolGuid ++ + [UserExtensions.TianoCore."ExtraFiles"] + TcpDxeExtra.uni +diff --git a/NetworkPkg/Udp4Dxe/Udp4Driver.c b/NetworkPkg/Udp4Dxe/Udp4Driver.c +index cb917fcf..475ee13d 100644 +--- a/NetworkPkg/Udp4Dxe/Udp4Driver.c ++++ b/NetworkPkg/Udp4Dxe/Udp4Driver.c +@@ -1,6 +1,7 @@ + /** @file + + Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
++Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -555,6 +556,13 @@ Udp4DriverEntryPoint ( + ) + { + EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + // + // Install the Udp4DriverBinding and Udp4ComponentName protocols. +@@ -571,7 +579,7 @@ Udp4DriverEntryPoint ( + // + // Initialize the UDP random port. + // +- mUdp4RandomPort = (UINT16)(((UINT16)NetRandomInitSeed ()) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN); ++ mUdp4RandomPort = (UINT16)(((UINT16)Random) % UDP4_PORT_KNOWN + UDP4_PORT_KNOWN); + } + + return Status; +diff --git a/NetworkPkg/Udp6Dxe/Udp6Driver.c b/NetworkPkg/Udp6Dxe/Udp6Driver.c +index ae96fb99..18b7f05b 100644 +--- a/NetworkPkg/Udp6Dxe/Udp6Driver.c ++++ b/NetworkPkg/Udp6Dxe/Udp6Driver.c +@@ -2,7 +2,7 @@ + Driver Binding functions and Service Binding functions for the Network driver module. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -596,6 +596,13 @@ Udp6DriverEntryPoint ( + ) + { + EFI_STATUS Status; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } + + // + // Install the Udp6DriverBinding and Udp6ComponentName protocols. +@@ -614,7 +621,7 @@ Udp6DriverEntryPoint ( + // Initialize the UDP random port. + // + mUdp6RandomPort = (UINT16)( +- ((UINT16)NetRandomInitSeed ()) % ++ ((UINT16)Random) % + UDP6_PORT_KNOWN + + UDP6_PORT_KNOWN + ); +diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c +index 91146b78..1adeda97 100644 +--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c ++++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp4.c +@@ -2,7 +2,7 @@ + Functions implementation related with DHCPv4 for UefiPxeBc Driver. + + Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -1381,6 +1381,12 @@ PxeBcDhcp4Discover ( + UINT8 VendorOptLen; + UINT32 Xid; + ++ Status = PseudoRandomU32 (&Xid); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + Mode = Private->PxeBc.Mode; + Dhcp4 = Private->Dhcp4; + Status = EFI_SUCCESS; +@@ -1471,7 +1477,6 @@ PxeBcDhcp4Discover ( + // + // Set fields of the token for the request packet. + // +- Xid = NET_RANDOM (NetRandomInitSeed ()); + Token.Packet->Dhcp4.Header.Xid = HTONL (Xid); + Token.Packet->Dhcp4.Header.Reserved = HTONS ((UINT16)((IsBCast) ? 0x8000 : 0x0)); + CopyMem (&Token.Packet->Dhcp4.Header.ClientAddr, &Private->StationIp, sizeof (EFI_IPv4_ADDRESS)); +diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +index 1eb5987c..97de1e14 100644 +--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c ++++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c +@@ -2180,7 +2180,7 @@ PxeBcDhcp6Discover ( + UINTN ReadSize; + UINT16 OpCode; + UINT16 OpLen; +- UINT32 Xid; ++ UINT32 Random; + EFI_STATUS Status; + UINTN DiscoverLenNeeded; + +@@ -2198,6 +2198,12 @@ PxeBcDhcp6Discover ( + return EFI_DEVICE_ERROR; + } + ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ + DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET); + Discover = AllocateZeroPool (DiscoverLenNeeded); + if (Discover == NULL) { +@@ -2207,8 +2213,7 @@ PxeBcDhcp6Discover ( + // + // Build the discover packet by the cached request packet before. + // +- Xid = NET_RANDOM (NetRandomInitSeed ()); +- Discover->TransactionId = HTONL (Xid); ++ Discover->TransactionId = HTONL (Random); + Discover->MessageType = Request->Dhcp6.Header.MessageType; + RequestOpt = Request->Dhcp6.Option; + DiscoverOpt = Discover->DhcpOptions; +diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c +index d84aca7e..8396ebf9 100644 +--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c ++++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c +@@ -3,6 +3,7 @@ + + (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
+ Copyright (c) 2007 - 2019, Intel Corporation. All rights reserved.
++ Copyright (c) Microsoft Corporation + + SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -892,6 +893,13 @@ PxeBcCreateIp6Children ( + PXEBC_PRIVATE_PROTOCOL *Id; + EFI_SIMPLE_NETWORK_PROTOCOL *Snp; + UINTN Index; ++ UINT32 Random; ++ ++ Status = PseudoRandomU32 (&Random); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Failed to generate random number using EFI_RNG_PROTOCOL: %r\n", Status)); ++ return Status; ++ } + + if (Private->Ip6Nic != NULL) { + // +@@ -935,9 +943,9 @@ PxeBcCreateIp6Children ( + } + + // +- // Generate a random IAID for the Dhcp6 assigned address. ++ // Set a random IAID for the Dhcp6 assigned address. + // +- Private->IaId = NET_RANDOM (NetRandomInitSeed ()); ++ Private->IaId = Random; + if (Private->Snp != NULL) { + for (Index = 0; Index < Private->Snp->Mode->HwAddressSize; Index++) { + Private->IaId |= (Private->Snp->Mode->CurrentAddress.Addr[Index] << ((Index << 3) & 31)); +-- +2.33.0 + diff --git a/0067-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch b/0067-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch new file mode 100644 index 0000000..096f3f5 --- /dev/null +++ b/0067-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch @@ -0,0 +1,823 @@ +From 9d9b2b392810572b1d9542e0c7a6de937c67f8fe Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:29 -0700 +Subject: [PATCH 18/29] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236 + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541 +REF: https://www.rfc-editor.org/rfc/rfc1948.txt +REF: https://www.rfc-editor.org/rfc/rfc6528.txt +REF: https://www.rfc-editor.org/rfc/rfc9293.txt + +Bug Overview: +PixieFail Bug #8 +CVE-2023-45236 +CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N +CWE-200 Exposure of Sensitive Information to an Unauthorized Actor + +Updates TCP ISN generation to use a cryptographic hash of the +connection's identifying parameters and a secret key. +This prevents an attacker from guessing the ISN used for some other +connection. + +This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293. + +RFC: 9293 Section 3.4.1. Initial Sequence Number Selection + + A TCP implementation MUST use the above type of "clock" for clock- + driven selection of initial sequence numbers (MUST-8), and SHOULD + generate its initial sequence numbers with the expression: + + ISN = M + F(localip, localport, remoteip, remoteport, secretkey) + + where M is the 4 microsecond timer, and F() is a pseudorandom + function (PRF) of the connection's identifying parameters ("localip, + localport, remoteip, remoteport") and a secret key ("secretkey") + (SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or + an attacker could still guess at sequence numbers from the ISN used + for some other connection. The PRF could be implemented as a + cryptographic hash of the concatenation of the TCP connection + parameters and some secret data. For discussion of the selection of + a specific hash algorithm and management of the secret key data, + please see Section 3 of [42]. + + For each connection there is a send sequence number and a receive + sequence number. The initial send sequence number (ISS) is chosen by + the data sending TCP peer, and the initial receive sequence number + (IRS) is learned during the connection-establishing procedure. + + For a connection to be established or initialized, the two TCP peers + must synchronize on each other's initial sequence numbers. This is + done in an exchange of connection-establishing segments carrying a + control bit called "SYN" (for synchronize) and the initial sequence + numbers. As a shorthand, segments carrying the SYN bit are also + called "SYNs". Hence, the solution requires a suitable mechanism for + picking an initial sequence number and a slightly involved handshake + to exchange the ISNs. + +Cc: Saloni Kasbekar +Cc: Zachary Clark-williams + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Saloni Kasbekar +--- + NetworkPkg/SecurityFixes.yaml | 22 +++ + NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++- + NetworkPkg/TcpDxe/TcpDxe.inf | 8 +- + NetworkPkg/TcpDxe/TcpFunc.h | 23 ++-- + NetworkPkg/TcpDxe/TcpInput.c | 13 +- + NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++-- + NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++-- + NetworkPkg/TcpDxe/TcpTimer.c | 3 +- + 8 files changed, 415 insertions(+), 49 deletions(-) + +diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml +index a44cfc43..00ebacb2 100644 +--- a/NetworkPkg/SecurityFixes.yaml ++++ b/NetworkPkg/SecurityFixes.yaml +@@ -122,6 +122,28 @@ CVE_2023_45235: + - http://www.openwall.com/lists/oss-security/2024/01/16/2 + - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html + - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html ++CVE_2023_45236: ++ commit_titles: ++ - "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Patch" ++ cve: CVE-2023-45236 ++ date_reported: 2023-08-28 13:56 UTC ++ description: "Bug 08 - edk2/NetworkPkg: Predictable TCP Initial Sequence Numbers" ++ note: ++ files_impacted: ++ - NetworkPkg/Include/Library/NetLib.h ++ - NetworkPkg/TcpDxe/TcpDriver.c ++ - NetworkPkg/TcpDxe/TcpDxe.inf ++ - NetworkPkg/TcpDxe/TcpFunc.h ++ - NetworkPkg/TcpDxe/TcpInput.c ++ - NetworkPkg/TcpDxe/TcpMain.h ++ - NetworkPkg/TcpDxe/TcpMisc.c ++ - NetworkPkg/TcpDxe/TcpTimer.c ++ links: ++ - https://bugzilla.tianocore.org/show_bug.cgi?id=4541 ++ - https://nvd.nist.gov/vuln/detail/CVE-2023-45236 ++ - http://www.openwall.com/lists/oss-security/2024/01/16/2 ++ - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html ++ - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html + CVE_2023_45237: + commit_titles: + - "NetworkPkg:: SECURITY PATCH CVE 2023-45237" +diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c +index f5d10c6e..32cff882 100644 +--- a/NetworkPkg/TcpDxe/TcpDriver.c ++++ b/NetworkPkg/TcpDxe/TcpDriver.c +@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = { + TcpServiceBindingDestroyChild + }; + ++// ++// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces ++// if the platform does not provide one. ++// ++EFI_HANDLE mHash2ServiceHandle = NULL; ++ + /** + Create and start the heartbeat timer for the TCP driver. + +@@ -165,6 +171,23 @@ TcpDriverEntryPoint ( + EFI_STATUS Status; + UINT32 Random; + ++ // ++ // Initialize the Secret used for hashing TCP sequence numbers ++ // ++ // Normally this should be regenerated periodically, but since ++ // this is only used for UEFI networking and not a general purpose ++ // operating system, it is not necessary to regenerate it. ++ // ++ Status = PseudoRandomU32 (&mTcpGlobalSecret); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status)); ++ return Status; ++ } ++ ++ // ++ // Get a random number used to generate a random port number ++ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret ++ // + Status = PseudoRandomU32 (&Random); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status)); +@@ -207,9 +230,8 @@ TcpDriverEntryPoint ( + } + + // +- // Initialize ISS and random port. ++ // Initialize the random port. + // +- mTcpGlobalIss = Random % mTcpGlobalIss; + mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN)); + mTcp6RandomPort = mTcp4RandomPort; + +@@ -224,6 +246,8 @@ TcpDriverEntryPoint ( + @param[in] IpVersion IP_VERSION_4 or IP_VERSION_6. + + @retval EFI_OUT_OF_RESOURCES Failed to allocate some resources. ++ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable. ++ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller. + @retval EFI_SUCCESS A new IP6 service binding private was created. + + **/ +@@ -234,11 +258,13 @@ TcpCreateService ( + IN UINT8 IpVersion + ) + { +- EFI_STATUS Status; +- EFI_GUID *IpServiceBindingGuid; +- EFI_GUID *TcpServiceBindingGuid; +- TCP_SERVICE_DATA *TcpServiceData; +- IP_IO_OPEN_DATA OpenData; ++ EFI_STATUS Status; ++ EFI_GUID *IpServiceBindingGuid; ++ EFI_GUID *TcpServiceBindingGuid; ++ TCP_SERVICE_DATA *TcpServiceData; ++ IP_IO_OPEN_DATA OpenData; ++ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding; ++ EFI_HASH2_PROTOCOL *Hash2Protocol; + + if (IpVersion == IP_VERSION_4) { + IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid; +@@ -272,6 +298,33 @@ TcpCreateService ( + return EFI_UNSUPPORTED; + } + ++ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol); ++ if (EFI_ERROR (Status)) { ++ // ++ // If we can't find the Hashing protocol, then we need to create one. ++ // ++ ++ // ++ // Platform is expected to publish the hash service binding protocol to support TCP. ++ // ++ Status = gBS->LocateProtocol ( ++ &gEfiHash2ServiceBindingProtocolGuid, ++ NULL, ++ (VOID **)&Hash2ServiceBinding ++ ); ++ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) { ++ return EFI_UNSUPPORTED; ++ } ++ ++ // ++ // Create an instance of the hash protocol for this controller. ++ // ++ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle); ++ if (EFI_ERROR (Status)) { ++ return EFI_UNSUPPORTED; ++ } ++ } ++ + // + // Create the TCP service data. + // +@@ -423,6 +476,7 @@ TcpDestroyService ( + EFI_STATUS Status; + LIST_ENTRY *List; + TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context; ++ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding; + + ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6)); + +@@ -439,6 +493,30 @@ TcpDestroyService ( + return EFI_SUCCESS; + } + ++ // ++ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver. ++ // ++ if (mHash2ServiceHandle != NULL) { ++ Status = gBS->LocateProtocol ( ++ &gEfiHash2ServiceBindingProtocolGuid, ++ NULL, ++ (VOID **)&Hash2ServiceBinding ++ ); ++ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) { ++ return EFI_UNSUPPORTED; ++ } ++ ++ // ++ // Destroy the instance of the hashing protocol for this controller. ++ // ++ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle); ++ if (EFI_ERROR (Status)) { ++ return EFI_UNSUPPORTED; ++ } ++ ++ mHash2ServiceHandle = NULL; ++ } ++ + Status = gBS->OpenProtocol ( + NicHandle, + ServiceBindingGuid, +diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf +index 1b309801..dc08f762 100644 +--- a/NetworkPkg/TcpDxe/TcpDxe.inf ++++ b/NetworkPkg/TcpDxe/TcpDxe.inf +@@ -6,6 +6,7 @@ + # stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack. + # + # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.
++# Copyright (c) Microsoft Corporation + # + # SPDX-License-Identifier: BSD-2-Clause-Patent + # +@@ -68,7 +69,6 @@ + NetLib + IpIoLib + +- + [Protocols] + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES +@@ -81,6 +81,12 @@ + gEfiIp6ServiceBindingProtocolGuid ## TO_START + gEfiTcp6ProtocolGuid ## BY_START + gEfiTcp6ServiceBindingProtocolGuid ## BY_START ++ gEfiHash2ProtocolGuid ## BY_START ++ gEfiHash2ServiceBindingProtocolGuid ## BY_START ++ ++[Guids] ++ gEfiHashAlgorithmMD5Guid ## CONSUMES ++ gEfiHashAlgorithmSha256Guid ## CONSUMES + + [Depex] + gEfiHash2ServiceBindingProtocolGuid +diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h +index a7af01ff..35ea55dd 100644 +--- a/NetworkPkg/TcpDxe/TcpFunc.h ++++ b/NetworkPkg/TcpDxe/TcpFunc.h +@@ -2,7 +2,7 @@ + Declaration of external functions shared in TCP driver. + + Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -36,8 +36,11 @@ VOID + + @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance. + ++ @retval EFI_SUCCESS The operation completed successfully ++ @retval others The underlying functions failed and could not complete the operation ++ + **/ +-VOID ++EFI_STATUS + TcpInitTcbLocal ( + IN OUT TCP_CB *Tcb + ); +@@ -128,17 +131,6 @@ TcpCloneTcb ( + IN TCP_CB *Tcb + ); + +-/** +- Compute an ISS to be used by a new connection. +- +- @return The result ISS. +- +-**/ +-TCP_SEQNO +-TcpGetIss ( +- VOID +- ); +- + /** + Get the local mss. + +@@ -202,8 +194,11 @@ TcpFormatNetbuf ( + @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a + connection. + ++ @retval EFI_SUCCESS The operation completed successfully ++ @retval others The underlying functions failed and could not complete the operation ++ + **/ +-VOID ++EFI_STATUS + TcpOnAppConnect ( + IN OUT TCP_CB *Tcb + ); +diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c +index 7b329be6..63fd03a8 100644 +--- a/NetworkPkg/TcpDxe/TcpInput.c ++++ b/NetworkPkg/TcpDxe/TcpInput.c +@@ -724,6 +724,7 @@ TcpInput ( + TCP_SEQNO Urg; + UINT16 Checksum; + INT32 Usable; ++ EFI_STATUS Status; + + ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6)); + +@@ -872,7 +873,17 @@ TcpInput ( + Tcb->LocalEnd.Port = Head->DstPort; + Tcb->RemoteEnd.Port = Head->SrcPort; + +- TcpInitTcbLocal (Tcb); ++ Status = TcpInitTcbLocal (Tcb); ++ if (EFI_ERROR (Status)) { ++ DEBUG ( ++ (DEBUG_ERROR, ++ "TcpInput: discard a segment because failed to init local end for TCB %p\n", ++ Tcb) ++ ); ++ ++ goto DISCARD; ++ } ++ + TcpInitTcbPeer (Tcb, Seg, &Option); + + TcpSetState (Tcb, TCP_SYN_RCVD); +diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h +index c0c9b7f4..dbc1da26 100644 +--- a/NetworkPkg/TcpDxe/TcpMain.h ++++ b/NetworkPkg/TcpDxe/TcpMain.h +@@ -3,7 +3,7 @@ + It is the common head file for all Tcp*.c in TCP driver. + + Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -13,6 +13,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable; + + extern LIST_ENTRY mTcpRunQue; + extern LIST_ENTRY mTcpListenQue; +-extern TCP_SEQNO mTcpGlobalIss; ++extern TCP_SEQNO mTcpGlobalSecret; + extern UINT32 mTcpTick; + + /// +@@ -45,14 +46,6 @@ extern UINT32 mTcpTick; + + #define TCP_EXPIRE_TIME 65535 + +-/// +-/// The implementation selects the initial send sequence number and the unit to +-/// be added when it is increased. +-/// +-#define TCP_BASE_ISS 0x4d7e980b +-#define TCP_ISS_INCREMENT_1 2048 +-#define TCP_ISS_INCREMENT_2 100 +- + typedef union { + EFI_TCP4_CONFIG_DATA Tcp4CfgData; + EFI_TCP6_CONFIG_DATA Tcp6CfgData; +@@ -774,4 +767,50 @@ Tcp6Poll ( + IN EFI_TCP6_PROTOCOL *This + ); + ++/** ++ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local ++ and remote IP addresses and ports. ++ ++ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1 ++ Where the ISN is computed as follows: ++ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret) ++ ++ Otherwise: ++ ISN = M + F(localip, localport, remoteip, remoteport, secretkey) ++ ++ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the ++ connection's identifying parameters ("localip, localport, remoteip, remoteport") ++ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the ++ outside (MUST-9), or an attacker could still guess at sequence numbers from the ++ ISN used for some other connection. The PRF could be implemented as a ++ cryptographic hash of the concatenation of the TCP connection parameters and some ++ secret data. For discussion of the selection of a specific hash algorithm and ++ management of the secret key data." ++ ++ @param[in] LocalIp A pointer to the local IP address of the TCP connection. ++ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer. ++ @param[in] LocalPort The local port number of the TCP connection. ++ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection. ++ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer. ++ @param[in] RemotePort The remote port number of the TCP connection. ++ @param[out] Isn A pointer to the variable that will receive the Initial ++ Sequence Number (ISN). ++ ++ @retval EFI_SUCCESS The operation completed successfully, and the ISN was ++ retrieved. ++ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid. ++ @retval EFI_UNSUPPORTED The operation is not supported. ++ ++**/ ++EFI_STATUS ++TcpGetIsn ( ++ IN UINT8 *LocalIp, ++ IN UINTN LocalIpSize, ++ IN UINT16 LocalPort, ++ IN UINT8 *RemoteIp, ++ IN UINTN RemoteIpSize, ++ IN UINT16 RemotePort, ++ OUT TCP_SEQNO *Isn ++ ); ++ + #endif +diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c +index c93212d4..753dec5d 100644 +--- a/NetworkPkg/TcpDxe/TcpMisc.c ++++ b/NetworkPkg/TcpDxe/TcpMisc.c +@@ -3,7 +3,7 @@ + + (C) Copyright 2014 Hewlett-Packard Development Company, L.P.
+ Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = { + &mTcpListenQue + }; + +-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS; ++// ++// The Session secret ++// This must be initialized to a random value at boot time ++// ++TCP_SEQNO mTcpGlobalSecret; ++ ++// ++// Union to hold either an IPv4 or IPv6 address ++// This is used to simplify the ISN hash computation ++// ++typedef union { ++ UINT8 IPv4[4]; ++ UINT8 IPv6[16]; ++} NETWORK_ADDRESS; ++ ++// ++// The ISN is computed by hashing this structure ++// It is initialized with the local and remote IP addresses and ports ++// and the secret ++// ++// ++typedef struct { ++ UINT16 LocalPort; ++ UINT16 RemotePort; ++ NETWORK_ADDRESS LocalAddress; ++ NETWORK_ADDRESS RemoteAddress; ++ TCP_SEQNO Secret; ++} ISN_HASH_CTX; + + CHAR16 *mTcpStateName[] = { + L"TCP_CLOSED", +@@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = { + + @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance. + ++ @retval EFI_SUCCESS The operation completed successfully ++ @retval others The underlying functions failed and could not complete the operation ++ + **/ +-VOID ++EFI_STATUS + TcpInitTcbLocal ( + IN OUT TCP_CB *Tcb + ) + { ++ TCP_SEQNO Isn; ++ EFI_STATUS Status; ++ + // + // Compute the checksum of the fixed parts of pseudo header + // +@@ -57,6 +90,16 @@ TcpInitTcbLocal ( + 0x06, + 0 + ); ++ ++ Status = TcpGetIsn ( ++ Tcb->LocalEnd.Ip.v4.Addr, ++ sizeof (IPv4_ADDRESS), ++ Tcb->LocalEnd.Port, ++ Tcb->RemoteEnd.Ip.v4.Addr, ++ sizeof (IPv4_ADDRESS), ++ Tcb->RemoteEnd.Port, ++ &Isn ++ ); + } else { + Tcb->HeadSum = NetIp6PseudoHeadChecksum ( + &Tcb->LocalEnd.Ip.v6, +@@ -64,9 +107,25 @@ TcpInitTcbLocal ( + 0x06, + 0 + ); ++ ++ Status = TcpGetIsn ( ++ Tcb->LocalEnd.Ip.v6.Addr, ++ sizeof (IPv6_ADDRESS), ++ Tcb->LocalEnd.Port, ++ Tcb->RemoteEnd.Ip.v6.Addr, ++ sizeof (IPv6_ADDRESS), ++ Tcb->RemoteEnd.Port, ++ &Isn ++ ); ++ } ++ ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n")); ++ ASSERT (FALSE); ++ return Status; + } + +- Tcb->Iss = TcpGetIss (); ++ Tcb->Iss = Isn; + Tcb->SndUna = Tcb->Iss; + Tcb->SndNxt = Tcb->Iss; + +@@ -82,6 +141,8 @@ TcpInitTcbLocal ( + Tcb->RetxmitSeqMax = 0; + + Tcb->ProbeTimerOn = FALSE; ++ ++ return EFI_SUCCESS; + } + + /** +@@ -506,18 +567,162 @@ TcpCloneTcb ( + } + + /** +- Compute an ISS to be used by a new connection. +- +- @return The resulting ISS. ++ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local ++ and remote IP addresses and ports. ++ ++ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1 ++ Where the ISN is computed as follows: ++ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret) ++ ++ Otherwise: ++ ISN = M + F(localip, localport, remoteip, remoteport, secretkey) ++ ++ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the ++ connection's identifying parameters ("localip, localport, remoteip, remoteport") ++ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the ++ outside (MUST-9), or an attacker could still guess at sequence numbers from the ++ ISN used for some other connection. The PRF could be implemented as a ++ cryptographic hash of the concatenation of the TCP connection parameters and some ++ secret data. For discussion of the selection of a specific hash algorithm and ++ management of the secret key data." ++ ++ @param[in] LocalIp A pointer to the local IP address of the TCP connection. ++ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer. ++ @param[in] LocalPort The local port number of the TCP connection. ++ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection. ++ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer. ++ @param[in] RemotePort The remote port number of the TCP connection. ++ @param[out] Isn A pointer to the variable that will receive the Initial ++ Sequence Number (ISN). ++ ++ @retval EFI_SUCCESS The operation completed successfully, and the ISN was ++ retrieved. ++ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid. ++ @retval EFI_UNSUPPORTED The operation is not supported. + + **/ +-TCP_SEQNO +-TcpGetIss ( +- VOID ++EFI_STATUS ++TcpGetIsn ( ++ IN UINT8 *LocalIp, ++ IN UINTN LocalIpSize, ++ IN UINT16 LocalPort, ++ IN UINT8 *RemoteIp, ++ IN UINTN RemoteIpSize, ++ IN UINT16 RemotePort, ++ OUT TCP_SEQNO *Isn + ) + { +- mTcpGlobalIss += TCP_ISS_INCREMENT_1; +- return mTcpGlobalIss; ++ EFI_STATUS Status; ++ EFI_HASH2_PROTOCOL *Hash2Protocol; ++ EFI_HASH2_OUTPUT HashResult; ++ ISN_HASH_CTX IsnHashCtx; ++ EFI_TIME TimeStamp; ++ ++ // ++ // Check that the ISN pointer is valid ++ // ++ if (Isn == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ // ++ // The local ip may be a v4 or v6 address and may not be NULL ++ // ++ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ // ++ // the local ip may be a v4 or v6 address ++ // ++ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ // ++ // Locate the Hash Protocol ++ // ++ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status)); ++ ++ // ++ // TcpCreateService(..) is expected to be called prior to this function ++ // ++ ASSERT_EFI_ERROR (Status); ++ return Status; ++ } ++ ++ // ++ // Initialize the hash algorithm ++ // ++ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status)); ++ return Status; ++ } ++ ++ IsnHashCtx.LocalPort = LocalPort; ++ IsnHashCtx.RemotePort = RemotePort; ++ IsnHashCtx.Secret = mTcpGlobalSecret; ++ ++ // ++ // Check the IP address family and copy accordingly ++ // ++ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) { ++ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize); ++ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) { ++ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize); ++ } else { ++ return EFI_INVALID_PARAMETER; // Unsupported address size ++ } ++ ++ // ++ // Repeat the process for the remote IP address ++ // ++ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) { ++ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize); ++ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) { ++ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize); ++ } else { ++ return EFI_INVALID_PARAMETER; // Unsupported address size ++ } ++ ++ // ++ // Compute the hash ++ // Update the hash with the data ++ // ++ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx)); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status)); ++ return Status; ++ } ++ ++ // ++ // Finalize the hash and retrieve the result ++ // ++ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status)); ++ return Status; ++ } ++ ++ Status = gRT->GetTime (&TimeStamp, NULL); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ // ++ // copy the first 4 bytes of the hash result into the ISN ++ // ++ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn)); ++ ++ // ++ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250) ++ // ++ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250; ++ ++ return Status; + } + + /** +@@ -721,17 +926,28 @@ TcpFormatNetbuf ( + @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a + connection. + ++ @retval EFI_SUCCESS The operation completed successfully ++ @retval others The underlying functions failed and could not complete the operation ++ + **/ +-VOID ++EFI_STATUS + TcpOnAppConnect ( + IN OUT TCP_CB *Tcb + ) + { +- TcpInitTcbLocal (Tcb); ++ EFI_STATUS Status; ++ ++ Status = TcpInitTcbLocal (Tcb); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ + TcpSetState (Tcb, TCP_SYN_SENT); + + TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout); + TcpToSendData (Tcb, 1); ++ ++ return EFI_SUCCESS; + } + + /** +diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c +index 5d2e1249..f45d4fba 100644 +--- a/NetworkPkg/TcpDxe/TcpTimer.c ++++ b/NetworkPkg/TcpDxe/TcpTimer.c +@@ -2,7 +2,7 @@ + TCP timer related functions. + + Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.
+- ++ Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ +@@ -483,7 +483,6 @@ TcpTickingDpc ( + INT16 Index; + + mTcpTick++; +- mTcpGlobalIss += TCP_ISS_INCREMENT_2; + + // + // Don't use LIST_FOR_EACH, which isn't delete safe. +-- +2.33.0 + diff --git a/0068-MdePkg-Add-MockUefiBootServicesTableLib.patch b/0068-MdePkg-Add-MockUefiBootServicesTableLib.patch new file mode 100644 index 0000000..4a13c4a --- /dev/null +++ b/0068-MdePkg-Add-MockUefiBootServicesTableLib.patch @@ -0,0 +1,234 @@ +From c4ab0bc8721d4beb337d5466bfaf5509699d3408 Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:30 -0700 +Subject: [PATCH 19/29] MdePkg: Add MockUefiBootServicesTableLib + +This commit adds a mock library for UefiBootServicesTableLib. + +Cc: Michael D Kinney +Cc: Liming Gao +Cc: Zhiguang Liu + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Liming Gao +--- + MdePkg/Test/MdePkgHostTest.dsc | 1 + + .../Library/MockUefiBootServicesTableLib.h | 78 +++++++++++++++++++ + .../MockUefiBootServicesTableLib.cpp | 69 ++++++++++++++++ + .../MockUefiBootServicesTableLib.inf | 32 ++++++++ + 4 files changed, 180 insertions(+) + create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h + create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp + create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf + +diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc +index 529ea690..b201abd7 100644 +--- a/MdePkg/Test/MdePkgHostTest.dsc ++++ b/MdePkg/Test/MdePkgHostTest.dsc +@@ -36,5 +36,6 @@ + MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf + MdePkg/Test/Mock/Library/GoogleTest/MockUefiLib/MockUefiLib.inf + MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf ++ MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf + MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf + MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf +diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h +new file mode 100644 +index 00000000..dd327663 +--- /dev/null ++++ b/MdePkg/Test/Mock/Include/GoogleTest/Library/MockUefiBootServicesTableLib.h +@@ -0,0 +1,78 @@ ++/** @file ++ Google Test mocks for UefiBootServicesTableLib ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#ifndef MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_ ++#define MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_ ++ ++#include ++#include ++extern "C" { ++ #include ++ #include ++} ++ ++// ++// Declarations to handle usage of the UefiBootServiceTableLib by creating mock ++// ++struct MockUefiBootServicesTableLib { ++ MOCK_INTERFACE_DECLARATION (MockUefiBootServicesTableLib); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_GetMemoryMap, ++ (IN OUT UINTN *MemoryMapSize, ++ OUT EFI_MEMORY_DESCRIPTOR *MemoryMap, ++ OUT UINTN *MapKey, ++ OUT UINTN *DescriptorSize, ++ OUT UINT32 *DescriptorVersion) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_CreateEvent, ++ (IN UINT32 Type, ++ IN EFI_TPL NotifyTpl, ++ IN EFI_EVENT_NOTIFY NotifyFunction, ++ IN VOID *NotifyContext, ++ OUT EFI_EVENT *Event) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_CloseEvent, ++ (IN EFI_EVENT Event) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_HandleProtocol, ++ (IN EFI_HANDLE Handle, ++ IN EFI_GUID *Protocol, ++ OUT VOID **Interface) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_LocateProtocol, ++ (IN EFI_GUID *Protocol, ++ IN VOID *Registration OPTIONAL, ++ OUT VOID **Interface) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ gBS_CreateEventEx, ++ (IN UINT32 Type, ++ IN EFI_TPL NotifyTpl, ++ IN EFI_EVENT_NOTIFY NotifyFunction OPTIONAL, ++ IN CONST VOID *NotifyContext OPTIONAL, ++ IN CONST EFI_GUID *EventGroup OPTIONAL, ++ OUT EFI_EVENT *Event) ++ ); ++}; ++ ++#endif // MOCK_UEFI_BOOT_SERVICES_TABLE_LIB_H_ +diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp +new file mode 100644 +index 00000000..a7ade562 +--- /dev/null ++++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.cpp +@@ -0,0 +1,69 @@ ++/** @file ++ Google Test mocks for UefiBootServicesTableLib ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++#include ++ ++MOCK_INTERFACE_DEFINITION (MockUefiBootServicesTableLib); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_GetMemoryMap, 5, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEvent, 5, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CloseEvent, 1, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_HandleProtocol, 3, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_LocateProtocol, 3, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockUefiBootServicesTableLib, gBS_CreateEventEx, 6, EFIAPI); ++ ++static EFI_BOOT_SERVICES LocalBs = { ++ { 0, 0, 0, 0, 0 }, // EFI_TABLE_HEADER ++ NULL, // EFI_RAISE_TPL ++ NULL, // EFI_RESTORE_TPL ++ NULL, // EFI_ALLOCATE_PAGES ++ NULL, // EFI_FREE_PAGES ++ gBS_GetMemoryMap, // EFI_GET_MEMORY_MAP ++ NULL, // EFI_ALLOCATE_POOL ++ NULL, // EFI_FREE_POOL ++ gBS_CreateEvent, // EFI_CREATE_EVENT ++ NULL, // EFI_SET_TIMER ++ NULL, // EFI_WAIT_FOR_EVENT ++ NULL, // EFI_SIGNAL_EVENT ++ gBS_CloseEvent, // EFI_CLOSE_EVENT ++ NULL, // EFI_CHECK_EVENT ++ NULL, // EFI_INSTALL_PROTOCOL_INTERFACE ++ NULL, // EFI_REINSTALL_PROTOCOL_INTERFACE ++ NULL, // EFI_UNINSTALL_PROTOCOL_INTERFACE ++ gBS_HandleProtocol, // EFI_HANDLE_PROTOCOL ++ NULL, // VOID ++ NULL, // EFI_REGISTER_PROTOCOL_NOTIFY ++ NULL, // EFI_LOCATE_HANDLE ++ NULL, // EFI_LOCATE_DEVICE_PATH ++ NULL, // EFI_INSTALL_CONFIGURATION_TABLE ++ NULL, // EFI_IMAGE_LOAD ++ NULL, // EFI_IMAGE_START ++ NULL, // EFI_EXIT ++ NULL, // EFI_IMAGE_UNLOAD ++ NULL, // EFI_EXIT_BOOT_SERVICES ++ NULL, // EFI_GET_NEXT_MONOTONIC_COUNT ++ NULL, // EFI_STALL ++ NULL, // EFI_SET_WATCHDOG_TIMER ++ NULL, // EFI_CONNECT_CONTROLLER ++ NULL, // EFI_DISCONNECT_CONTROLLER ++ NULL, // EFI_OPEN_PROTOCOL ++ NULL, // EFI_CLOSE_PROTOCOL ++ NULL, // EFI_OPEN_PROTOCOL_INFORMATION ++ NULL, // EFI_PROTOCOLS_PER_HANDLE ++ NULL, // EFI_LOCATE_HANDLE_BUFFER ++ gBS_LocateProtocol, // EFI_LOCATE_PROTOCOL ++ NULL, // EFI_INSTALL_MULTIPLE_PROTOCOL_INTERFACES ++ NULL, // EFI_UNINSTALL_MULTIPLE_PROTOCOL_INTERFACES ++ NULL, // EFI_CALCULATE_CRC32 ++ NULL, // EFI_COPY_MEM ++ NULL, // EFI_SET_MEM ++ gBS_CreateEventEx // EFI_CREATE_EVENT_EX ++}; ++ ++extern "C" { ++ EFI_BOOT_SERVICES *gBS = &LocalBs; ++ EFI_HANDLE gImageHandle = NULL; ++ EFI_SYSTEM_TABLE *gST = NULL; ++} +diff --git a/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf +new file mode 100644 +index 00000000..b450f03c +--- /dev/null ++++ b/MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf +@@ -0,0 +1,32 @@ ++## @file ++# Mock implementation of the UEFI Boot Services Table Library. ++# ++# Copyright (c) Microsoft Corporation. ++# SPDX-License-Identifier: BSD-2-Clause-Patent ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = MockUefiBootServicesTableLib ++ FILE_GUID = 67EA4614-E276-49EC-9AE6-B97ACCEA676E ++ MODULE_TYPE = HOST_APPLICATION ++ VERSION_STRING = 1.0 ++ LIBRARY_CLASS = UefiBootServicesTableLib|HOST_APPLICATION ++ ++# ++# VALID_ARCHITECTURES = IA32 X64 EBC ++# ++ ++[Sources] ++ MockUefiBootServicesTableLib.cpp ++ ++[LibraryClasses] ++ GoogleTestLib ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec ++ ++[BuildOptions] ++ MSFT:*_*_*_CC_FLAGS = /EHsc +-- +2.33.0 + diff --git a/0069-MdePkg-Adds-Protocol-for-MockRng.patch b/0069-MdePkg-Adds-Protocol-for-MockRng.patch new file mode 100644 index 0000000..6558cf0 --- /dev/null +++ b/0069-MdePkg-Adds-Protocol-for-MockRng.patch @@ -0,0 +1,105 @@ +From e802e2db81e425f1aaf0b18ad1f8ae1cc888134d Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:31 -0700 +Subject: [PATCH 20/29] MdePkg: Adds Protocol for MockRng + +This patch adds a protocol for MockRng. This protocol is used to +mock the Rng protocol for testing purposes. + +Cc: Michael D Kinney +Cc: Liming Gao +Cc: Zhiguang Liu + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Liming Gao +--- + .../Include/GoogleTest/Protocol/MockRng.h | 48 +++++++++++++++++++ + .../Library/GoogleTest/Protocol/MockRng.cpp | 21 ++++++++ + 2 files changed, 69 insertions(+) + create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h + create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp + +diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h +new file mode 100644 +index 00000000..81fab0fc +--- /dev/null ++++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockRng.h +@@ -0,0 +1,48 @@ ++/** @file ++ This file declares a mock of Rng Protocol. ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#ifndef MOCK_RNG_H_ ++#define MOCK_RNG_H_ ++ ++#include ++#include ++ ++extern "C" { ++ #include ++ #include ++} ++ ++struct MockRng { ++ MOCK_INTERFACE_DECLARATION (MockRng); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ GetInfo, ++ ( ++ IN EFI_RNG_PROTOCOL *This, ++ IN OUT UINTN *RNGAlgorithmListSize, ++ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ++ ) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ GetRng, ++ ( ++ IN EFI_RNG_PROTOCOL *This, ++ IN EFI_RNG_ALGORITHM *RNGAlgorithm, ++ IN UINTN RNGValueLength, ++ OUT UINT8 *RNGValue ++ ) ++ ); ++}; ++ ++extern "C" { ++ extern EFI_RNG_PROTOCOL *gRngProtocol; ++} ++ ++#endif // MOCK_RNG_H_ +diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp +new file mode 100644 +index 00000000..036b61f6 +--- /dev/null ++++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp +@@ -0,0 +1,21 @@ ++/** @file MockRng.cpp ++ Google Test mock for Rng Protocol ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include ++ ++MOCK_INTERFACE_DEFINITION (MockRng); ++MOCK_FUNCTION_DEFINITION (MockRng, GetInfo, 3, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockRng, GetRng, 4, EFIAPI); ++ ++EFI_RNG_PROTOCOL RNG_PROTOCOL_INSTANCE = { ++ GetInfo, // EFI_RNG_GET_INFO ++ GetRng // EFI_RNG_GET_RNG ++}; ++ ++extern "C" { ++ EFI_RNG_PROTOCOL *gRngProtocol = &RNG_PROTOCOL_INSTANCE; ++} +-- +2.33.0 + diff --git a/0070-MdePkg-Add-MockHash2-Protocol-for-testing.patch b/0070-MdePkg-Add-MockHash2-Protocol-for-testing.patch new file mode 100644 index 0000000..6b1683f --- /dev/null +++ b/0070-MdePkg-Add-MockHash2-Protocol-for-testing.patch @@ -0,0 +1,130 @@ +From fb9ebbe1514709caa6687bbd097f53b689f7e9a9 Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:32 -0700 +Subject: [PATCH 21/29] MdePkg: Add MockHash2 Protocol for testing + +This commit adds a new MockHash2 protocol to the MdePkg. This allows +the unit tests to pick up the new protocol and use it for testing. + +Cc: Michael D Kinney +Cc: Liming Gao +Cc: Zhiguang Liu + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Liming Gao +--- + .../Include/GoogleTest/Protocol/MockHash2.h | 67 +++++++++++++++++++ + .../Library/GoogleTest/Protocol/MockHash2.cpp | 27 ++++++++ + 2 files changed, 94 insertions(+) + create mode 100644 MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h + create mode 100644 MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp + +diff --git a/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h +new file mode 100644 +index 00000000..0b536c8d +--- /dev/null ++++ b/MdePkg/Test/Mock/Include/GoogleTest/Protocol/MockHash2.h +@@ -0,0 +1,67 @@ ++/** @file ++ This file declares a mock of Hash2 Protocol. ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#ifndef MOCK_HASH2_H_ ++#define MOCK_HASH2_H_ ++ ++#include ++#include ++ ++extern "C" { ++ #include ++ #include ++} ++ ++struct MockHash2 { ++ MOCK_INTERFACE_DECLARATION (MockHash2); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ GetHashSize, ++ (IN CONST EFI_HASH2_PROTOCOL *This, ++ IN CONST EFI_GUID *HashAlgorithm, ++ OUT UINTN *HashSize) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ Hash, ++ (IN CONST EFI_HASH2_PROTOCOL *This, ++ IN CONST EFI_GUID *HashAlgorithm, ++ IN CONST UINT8 *Message, ++ IN UINTN MessageSize, ++ IN OUT EFI_HASH2_OUTPUT *Hash) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ HashInit, ++ (IN CONST EFI_HASH2_PROTOCOL *This, ++ IN CONST EFI_GUID *HashAlgorithm) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ HashUpdate, ++ (IN CONST EFI_HASH2_PROTOCOL *This, ++ IN CONST UINT8 *Message, ++ IN UINTN MessageSize) ++ ); ++ ++ MOCK_FUNCTION_DECLARATION ( ++ EFI_STATUS, ++ HashFinal, ++ (IN CONST EFI_HASH2_PROTOCOL *This, ++ IN OUT EFI_HASH2_OUTPUT *Hash) ++ ); ++}; ++ ++extern "C" { ++ extern EFI_HASH2_PROTOCOL *gHash2Protocol; ++} ++ ++#endif // MOCK_HASH2_H_ +diff --git a/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp +new file mode 100644 +index 00000000..43e3a7b7 +--- /dev/null ++++ b/MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockHash2.cpp +@@ -0,0 +1,27 @@ ++/** @file MockHash2.cpp ++ Google Test mock for Hash2 Protocol ++ ++ Copyright (c) Microsoft Corporation. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include ++ ++MOCK_INTERFACE_DEFINITION (MockHash2); ++MOCK_FUNCTION_DEFINITION (MockHash2, GetHashSize, 3, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockHash2, Hash, 5, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockHash2, HashInit, 2, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockHash2, HashUpdate, 3, EFIAPI); ++MOCK_FUNCTION_DEFINITION (MockHash2, HashFinal, 2, EFIAPI); ++ ++EFI_HASH2_PROTOCOL HASH2_PROTOCOL_INSTANCE = { ++ GetHashSize, // EFI_HASH2_GET_HASH_SIZE ++ Hash, // EFI_HASH2_HASH ++ HashInit, // EFI_HASH2_HASH_INIT ++ HashUpdate, // EFI_HASH2_HASH_UPDATE ++ HashFinal // EFI_HASH2_HASH_FINAL ++}; ++ ++extern "C" { ++ EFI_HASH2_PROTOCOL *gHash2Protocol = &HASH2_PROTOCOL_INSTANCE; ++} +-- +2.33.0 + diff --git a/0071-NetworkPkg-Update-the-PxeBcDhcp6GoogleTest-due-to-un.patch b/0071-NetworkPkg-Update-the-PxeBcDhcp6GoogleTest-due-to-un.patch new file mode 100644 index 0000000..4eedb12 --- /dev/null +++ b/0071-NetworkPkg-Update-the-PxeBcDhcp6GoogleTest-due-to-un.patch @@ -0,0 +1,214 @@ +From cb5b28b946667ad9cdcc0ece33b0245c238bc7ba Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:33 -0700 +Subject: [PATCH 22/29] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to + underlying changes + +This patch updates the PxeBcDhcp6GoogleTest due to the changes in the +underlying code. The changes are as follows: + - Random now comes from the RngLib Protocol + - The TCP ISN is now generated by the hash function + +Cc: Saloni Kasbekar +Cc: Zachary Clark-williams + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Saloni Kasbekar +--- + NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 + + .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++++++++++++- + .../GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +- + 3 files changed, 100 insertions(+), 6 deletions(-) + +diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc +index f313a605..9b649094 100644 +--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc ++++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc +@@ -30,6 +30,7 @@ + NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf { + + UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf ++ UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf + } + + # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests. +diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp +index d447ac02..55a68fb7 100644 +--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp ++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp +@@ -7,6 +7,8 @@ + #include + #include + #include ++#include ++#include + + extern "C" { + #include +@@ -165,7 +167,7 @@ protected: + // Note: + // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a + // properly setup Private structure. Attempting to properly test this function +-// without a signficant refactor is a fools errand. Instead, we will test ++// without a significant refactor is a fools errand. Instead, we will test + // that we can prevent an overflow in the function. + TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) { + PXEBC_DHCP6_PACKET_CACHE *Cache6 = NULL; +@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) { + FreePool (Option); + } + } ++ + // Test Description + // Test that we can prevent an overflow in the function + TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) { +@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) { + class PxeBcDhcp6DiscoverTest : public ::testing::Test { + public: + PXEBC_PRIVATE_DATA Private = { 0 }; ++ // create a mock md5 hash ++ UINT8 Md5Hash[16] = { 0 }; ++ + EFI_UDP6_PROTOCOL Udp6Read; + + protected: + MockUefiRuntimeServicesTableLib RtServicesMock; ++ MockUefiBootServicesTableLib BsMock; ++ MockRng RngMock; + + // Add any setup code if needed + virtual void +@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) { + + Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request); + +- EXPECT_CALL (RtServicesMock, gRT_GetTime) +- .WillOnce (::testing::Return (0)); ++ EXPECT_CALL (BsMock, gBS_LocateProtocol) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); ++ ++ EXPECT_CALL (RngMock, GetRng) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); + + ASSERT_EQ ( + PxeBcDhcp6Discover ( +@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) { + + Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request); + +- EXPECT_CALL (RtServicesMock, gRT_GetTime) +- .WillOnce (::testing::Return (0)); ++ EXPECT_CALL (BsMock, gBS_LocateProtocol) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); ++ ++ EXPECT_CALL (RngMock, GetRng) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); + + ASSERT_EQ ( + PxeBcDhcp6Discover ( +@@ -572,3 +606,61 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) { + EFI_SUCCESS + ); + } ++ ++TEST_F (PxeBcDhcp6DiscoverTest, MultipleRequestsAttemptOverflow) { ++ EFI_IPv6_ADDRESS DestIp = { 0 }; ++ EFI_DHCP6_PACKET_OPTION RequestOpt = { 0 }; // the data section doesn't really matter ++ ++ RequestOpt.OpCode = HTONS (0x1337); ++ RequestOpt.OpLen = HTONS (REQUEST_OPTION_LENGTH); // this length would overflow without a check ++ UINT8 RequestOptBuffer[REQUEST_OPTION_LENGTH] = { 0 }; ++ ++ // make sure we have enough space for 10 of these options ++ ASSERT_TRUE (REQUEST_OPTION_LENGTH * 10 <= PACKET_SIZE); ++ ++ UINT8 Index = 0; ++ EFI_DHCP6_PACKET *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index]; ++ UINT8 *Cursor = (UINT8 *)(Packet->Dhcp6.Option); ++ ++ // let's add 10 of these options - this should overflow ++ for (UINT8 i = 0; i < 10; i++) { ++ CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt)); ++ Cursor += sizeof (RequestOpt) - 1; ++ CopyMem (Cursor, RequestOptBuffer, REQUEST_OPTION_LENGTH); ++ Cursor += REQUEST_OPTION_LENGTH; ++ } ++ ++ // Update the packet length ++ Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet); ++ Packet->Size = PACKET_SIZE; ++ ++ // Make sure we're larger than the buffer we're trying to write into ++ ASSERT_TRUE (Packet->Length > sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET)); ++ ++ EXPECT_CALL (BsMock, gBS_LocateProtocol) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); ++ ++ EXPECT_CALL (RngMock, GetRng) ++ .WillOnce ( ++ ::testing::DoAll ( ++ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])), ++ ::testing::Return (EFI_SUCCESS) ++ ) ++ ); ++ ++ ASSERT_EQ ( ++ PxeBcDhcp6Discover ( ++ &(PxeBcDhcp6DiscoverTest::Private), ++ 0, ++ NULL, ++ FALSE, ++ (EFI_IP_ADDRESS *)&DestIp ++ ), ++ EFI_OUT_OF_RESOURCES ++ ); ++} +diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf +index 0097142b..ee178900 100644 +--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf ++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf +@@ -14,7 +14,7 @@ VERSION_STRING = 1.0 + # + # The following information is for reference only and not required by the build tools. + # +-# VALID_ARCHITECTURES = IA32 X64 ++# VALID_ARCHITECTURES = IA32 X64 AARCH64 + # + + [Sources] +@@ -23,6 +23,7 @@ VERSION_STRING = 1.0 + PxeBcDhcp6GoogleTest.h + ../PxeBcDhcp6.c + ../PxeBcSupport.c ++ ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp + + [Packages] + MdePkg/MdePkg.dec +-- +2.33.0 + diff --git a/0072-ArmPkg-Allow-SMC-HVC-monitor-conduit-to-be-specified.patch b/0072-ArmPkg-Allow-SMC-HVC-monitor-conduit-to-be-specified.patch new file mode 100644 index 0000000..67f91b1 --- /dev/null +++ b/0072-ArmPkg-Allow-SMC-HVC-monitor-conduit-to-be-specified.patch @@ -0,0 +1,70 @@ +From d3362dea85be777c9ea9e359809bfeb026494bfe Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 17:48:42 +0200 +Subject: [PATCH 23/29] ArmPkg: Allow SMC/HVC monitor conduit to be specified + at runtime + +ArmVirtQemu may execute at EL2, in which case monitor calls are +generally made using SMC instructions instead of HVC instructions. + +Whether or not this is the case can only be decided at runtime, and so +the associated PCD needs to be settable at runtime, if the platform +definition chooses so. This implies a boolean PCD, given that a feature +PCD is build-time configurable only. + +Cc: Leif Lindholm +Cc: Ard Biesheuvel +Cc: Sami Mujawar + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmPkg/ArmPkg.dec | 10 +++++----- + ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c | 2 +- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec +index 1a16d044..d7347f5f 100644 +--- a/ArmPkg/ArmPkg.dec ++++ b/ArmPkg/ArmPkg.dec +@@ -139,11 +139,6 @@ + # Define if the GICv3 controller should use the GICv2 legacy + gArmTokenSpaceGuid.PcdArmGicV3WithV2Legacy|FALSE|BOOLEAN|0x00000042 + +- ## Define the conduit to use for monitor calls. +- # Default PcdMonitorConduitHvc = FALSE, conduit = SMC +- # If PcdMonitorConduitHvc = TRUE, conduit = HVC +- gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x00000047 +- + # Whether to remap all unused memory NX before installing the CPU arch + # protocol driver. This is needed on platforms that map all DRAM with RWX + # attributes initially, and can be disabled otherwise. +@@ -317,6 +312,11 @@ + gArmTokenSpaceGuid.PcdSystemBiosRelease|0xFFFF|UINT16|0x30000058 + gArmTokenSpaceGuid.PcdEmbeddedControllerFirmwareRelease|0xFFFF|UINT16|0x30000059 + ++ ## Define the conduit to use for monitor calls. ++ # Default PcdMonitorConduitHvc = FALSE, conduit = SMC ++ # If PcdMonitorConduitHvc = TRUE, conduit = HVC ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|FALSE|BOOLEAN|0x00000047 ++ + [PcdsFixedAtBuild.common, PcdsDynamic.common] + # + # ARM Architectural Timer +diff --git a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c +index 741f5c61..1a759c76 100644 +--- a/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c ++++ b/ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.c +@@ -26,7 +26,7 @@ ArmMonitorCall ( + IN OUT ARM_MONITOR_ARGS *Args + ) + { +- if (FeaturePcdGet (PcdMonitorConduitHvc)) { ++ if (PcdGetBool (PcdMonitorConduitHvc)) { + ArmCallHvc ((ARM_HVC_ARGS *)Args); + } else { + ArmCallSmc ((ARM_SMC_ARGS *)Args); +-- +2.33.0 + diff --git a/0073-ArmVirtPkg-Move-PcdMonitorConduitHvc.patch b/0073-ArmVirtPkg-Move-PcdMonitorConduitHvc.patch new file mode 100644 index 0000000..c0a273b --- /dev/null +++ b/0073-ArmVirtPkg-Move-PcdMonitorConduitHvc.patch @@ -0,0 +1,54 @@ +From a3f0b432d7e5fd8a229e7b700e612c216b76db1a Mon Sep 17 00:00:00 2001 +From: Flickdm +Date: Mon, 20 May 2024 11:06:42 -0700 +Subject: [PATCH 24/29] ArmVirtPkg: Move PcdMonitorConduitHvc + +This moves the PcdMonitorConduitHvc from PcdsFeatureFlag.Common to +PcdsFixedAtBuild.Common + +This is a follow on to the previous commit: +ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime + +ArmVirtQemu may execute at EL2, in which case monitor calls are +generally made using SMC instructions instead of HVC instructions. + +Whether or not this is the case can only be decided at runtime, and so +the associated PCD needs to be settable at runtime, if the platform +definition chooses so. This implies a boolean PCD, given that a feature +PCD is build-time configurable only. + +Cc: Leif Lindholm +Cc: Ard Biesheuvel +Cc: Sami Mujawar + +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirtKvmTool.dsc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc +index 4541d03d..e3e92277 100644 +--- a/ArmVirtPkg/ArmVirtKvmTool.dsc ++++ b/ArmVirtPkg/ArmVirtKvmTool.dsc +@@ -115,8 +115,6 @@ + # Use MMIO for accessing RTC controller registers. + gPcAtChipsetPkgTokenSpaceGuid.PcdRtcUseMmio|TRUE + +- gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE +- + [PcdsFixedAtBuild.common] + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000000F + +@@ -156,6 +154,8 @@ + # + gEmbeddedTokenSpaceGuid.PcdPrePiCpuIoSize|16 + ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + [PcdsPatchableInModule.common] + # + # This will be overridden in the code +-- +2.33.0 + diff --git a/0074-MdePkg-BaseRngLib-AARCH64-Remove-overzealous-ASSERT.patch b/0074-MdePkg-BaseRngLib-AARCH64-Remove-overzealous-ASSERT.patch new file mode 100644 index 0000000..4fee9c1 --- /dev/null +++ b/0074-MdePkg-BaseRngLib-AARCH64-Remove-overzealous-ASSERT.patch @@ -0,0 +1,43 @@ +From 14187628c004dce9f85cb2fcec986a3e88bb6534 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 18:26:51 +0200 +Subject: [PATCH 25/29] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() + +BaseRngLib on AARCH64 will discover whether or not RNDR instructions are +supported, by inspecting the ISAR0 identification register, and setting +a global boolean accordingly. This boolean is used in subsequent +execution to decide whether or not to issue the instruction. + +The same discovery code also ASSERT()s that RNDR instructions are +implemented, which is unnecessary, and breaks execution on systems that +incorporate the library but don't implement the instruction (or fail to +expose it to the exception level that the firmware executes at). + +So drop the ASSERT(). + +Cc: Michael D Kinney +Cc: Liming Gao +Cc: Zhiguang Liu + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Liming Gao +--- + MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +index 7030e9a4..933c2a4c 100644 +--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c ++++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c +@@ -50,7 +50,6 @@ BaseRngLibConstructor ( + // MSR. A non-zero value indicates that the processor supports the RNDR instruction. + // + Isar0 = ArmReadIdIsar0 (); +- ASSERT ((Isar0 & RNDR_MASK) != 0); + + mRndrSupported = ((Isar0 & RNDR_MASK) != 0); + +-- +2.33.0 + diff --git a/0075-ArmVirtPkg-ArmVirtQemu-Permit-the-use-of-dynamic-PCD.patch b/0075-ArmVirtPkg-ArmVirtQemu-Permit-the-use-of-dynamic-PCD.patch new file mode 100644 index 0000000..6c733c5 --- /dev/null +++ b/0075-ArmVirtPkg-ArmVirtQemu-Permit-the-use-of-dynamic-PCD.patch @@ -0,0 +1,70 @@ +From a71056a5e2f236024470dc4dcfe488d1051f52c9 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 18:40:24 +0200 +Subject: [PATCH 26/29] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs + in PEI + +Currently, only TPM2 builds enable the PCD PEIM, which is a prerequisite +for being able to use dynamic PCDs already at the PEI stage. This +facility will be used for other reasons too so move those pieces out of +code block that are conditional on TPM2_ENABLE + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirtQemu.dsc | 6 +----- + ArmVirtPkg/ArmVirtQemu.fdf | 2 +- + 2 files changed, 2 insertions(+), 6 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 775dc351..59bf002c 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -319,11 +319,7 @@ + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|L"Timeout"|gEfiGlobalVariableGuid|0x0|5 + + [LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM] +-!if $(TPM2_ENABLE) == TRUE + PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf +-!else +- PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf +-!endif + + ################################################################################ + # +@@ -340,11 +336,11 @@ + ArmVirtPkg/MemoryInitPei/MemoryInitPeim.inf + ArmPkg/Drivers/CpuPei/CpuPei.inf + +-!if $(TPM2_ENABLE) == TRUE + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + } ++!if $(TPM2_ENABLE) == TRUE + MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf { + + ResetSystemLib|ArmVirtPkg/Library/ArmVirtPsciResetSystemPeiLib/ArmVirtPsciResetSystemPeiLib.inf +diff --git a/ArmVirtPkg/ArmVirtQemu.fdf b/ArmVirtPkg/ArmVirtQemu.fdf +index 764f652a..53413c39 100644 +--- a/ArmVirtPkg/ArmVirtQemu.fdf ++++ b/ArmVirtPkg/ArmVirtQemu.fdf +@@ -111,8 +111,8 @@ READ_LOCK_STATUS = TRUE + INF ArmPkg/Drivers/CpuPei/CpuPei.inf + INF MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + +-!if $(TPM2_ENABLE) == TRUE + INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf ++!if $(TPM2_ENABLE) == TRUE + INF MdeModulePkg/Universal/ResetSystemPei/ResetSystemPei.inf + INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +-- +2.33.0 + diff --git a/0076-ArmVirtPkg-Use-dynamic-PCD-to-set-the-SMCCC-conduit.patch b/0076-ArmVirtPkg-Use-dynamic-PCD-to-set-the-SMCCC-conduit.patch new file mode 100644 index 0000000..0c322e0 --- /dev/null +++ b/0076-ArmVirtPkg-Use-dynamic-PCD-to-set-the-SMCCC-conduit.patch @@ -0,0 +1,132 @@ +From 8ad051b457a2fb1ea38aa3ad07e273051468c873 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 18:43:11 +0200 +Subject: [PATCH 27/29] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit + +On ARM systems, whether SMC or HVC instructions need to be used to issue +monitor calls is typically dependent on the exception level, but there +are also cases where EL1 might use SMC instructions, so there is no hard +and fast rule. + +For ArmVirtQemu, this does depend strictly on the exception level, so +set the default to HVC (for EL1 execution) and override it to SMC when +booted at EL2. + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirtCloudHv.dsc | 3 +++ + ArmVirtPkg/ArmVirtQemu.dsc | 4 ++++ + ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 ++ + ArmVirtPkg/ArmVirtXen.dsc | 2 ++ + ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c | 14 ++++++++++++++ + .../Library/PlatformPeiLib/PlatformPeiLib.inf | 1 + + 6 files changed, 26 insertions(+) + +diff --git a/ArmVirtPkg/ArmVirtCloudHv.dsc b/ArmVirtPkg/ArmVirtCloudHv.dsc +index c975e139..41623da9 100644 +--- a/ArmVirtPkg/ArmVirtCloudHv.dsc ++++ b/ArmVirtPkg/ArmVirtCloudHv.dsc +@@ -200,6 +200,9 @@ + [PcdsDynamicHii] + gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS + ++[PcdsPatchableInModule.common] ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + ################################################################################ + # + # Components Section - list of all EDK II Modules needed by this Platform +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 59bf002c..e71035f6 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -294,6 +294,10 @@ + gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 + gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 + ++ # whether to use HVC or SMC to issue monitor calls - this typically depends ++ # on the exception level at which the UEFI system firmware executes ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + # + # TPM2 support + # +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 859500c7..7ad19282 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -203,6 +203,8 @@ + gArmTokenSpaceGuid.PcdFdBaseAddress|0x0 + gArmTokenSpaceGuid.PcdFvBaseAddress|0x0 + ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + [PcdsDynamicDefault.common] + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut|3 + +diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc +index a280ae20..700872aa 100644 +--- a/ArmVirtPkg/ArmVirtXen.dsc ++++ b/ArmVirtPkg/ArmVirtXen.dsc +@@ -112,6 +112,8 @@ + gArmTokenSpaceGuid.PcdFdBaseAddress|0x0 + gArmTokenSpaceGuid.PcdFvBaseAddress|0x0 + ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + [PcdsDynamicDefault.common] + + gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0 +diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +index 8d9dcf50..1fde14f5 100644 +--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c ++++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.c +@@ -16,6 +16,8 @@ + #include + #include + ++#include ++ + #include + #include + +@@ -190,5 +192,17 @@ PlatformPeim ( + + BuildFvHob (PcdGet64 (PcdFvBaseAddress), PcdGet32 (PcdFvSize)); + ++ #ifdef MDE_CPU_AARCH64 ++ // ++ // Set the SMCCC conduit to SMC if executing at EL2, which is typically the ++ // exception level that services HVCs rather than the one that invokes them. ++ // ++ if (ArmReadCurrentEL () == AARCH64_EL2) { ++ Status = PcdSetBoolS (PcdMonitorConduitHvc, FALSE); ++ ASSERT_EFI_ERROR (Status); ++ } ++ ++ #endif ++ + return EFI_SUCCESS; + } +diff --git a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +index 3f97ef08..bab8a909 100644 +--- a/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf ++++ b/ArmVirtPkg/Library/PlatformPeiLib/PlatformPeiLib.inf +@@ -43,6 +43,7 @@ + + [Pcd] + gArmTokenSpaceGuid.PcdFvBaseAddress ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc + gArmVirtTokenSpaceGuid.PcdDeviceTreeInitialBaseAddress + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_PRODUCES + +-- +2.33.0 + diff --git a/0077-ArmVirtPkg-Reverse-inclusion-order-of-MdeLibs.inc-an.patch b/0077-ArmVirtPkg-Reverse-inclusion-order-of-MdeLibs.inc-an.patch new file mode 100644 index 0000000..70f81ba --- /dev/null +++ b/0077-ArmVirtPkg-Reverse-inclusion-order-of-MdeLibs.inc-an.patch @@ -0,0 +1,90 @@ +From 2a0b49c864b363af627e49a55dd589ab91727022 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 18:46:35 +0200 +Subject: [PATCH 28/29] ArmVirtPkg: Reverse inclusion order of MdeLibs.inc and + ArmVirt.dsc.inc + +MdeLibs.inc sets default library class resolutions which are much more +general than the ones that might be specified in ArmVirt.dsc.inc. So the +latter should be included *after* MdeLibs.inc to ensure that its +definitions take precedence. + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirtQemu.dsc | 4 ++-- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ++-- + ArmVirtPkg/ArmVirtXen.dsc | 8 ++++---- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index e71035f6..1b1154ef 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -49,10 +49,10 @@ + + !include NetworkPkg/NetworkDefines.dsc.inc + +-!include ArmVirtPkg/ArmVirt.dsc.inc +- + !include MdePkg/MdeLibs.dsc.inc + ++!include ArmVirtPkg/ArmVirt.dsc.inc ++ + [LibraryClasses.common] + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf + ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 7ad19282..0afb2e1e 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -46,10 +46,10 @@ + + !include NetworkPkg/NetworkDefines.dsc.inc + +-!include ArmVirtPkg/ArmVirt.dsc.inc +- + !include MdePkg/MdeLibs.dsc.inc + ++!include ArmVirtPkg/ArmVirt.dsc.inc ++ + [LibraryClasses.common] + ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf + ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf +diff --git a/ArmVirtPkg/ArmVirtXen.dsc b/ArmVirtPkg/ArmVirtXen.dsc +index 700872aa..52dc4876 100644 +--- a/ArmVirtPkg/ArmVirtXen.dsc ++++ b/ArmVirtPkg/ArmVirtXen.dsc +@@ -23,10 +23,10 @@ + SKUID_IDENTIFIER = DEFAULT + FLASH_DEFINITION = ArmVirtPkg/ArmVirtXen.fdf + +-!include ArmVirtPkg/ArmVirt.dsc.inc +- + !include MdePkg/MdeLibs.dsc.inc + ++!include ArmVirtPkg/ArmVirt.dsc.inc ++ + [LibraryClasses] + SerialPortLib|OvmfPkg/Library/XenConsoleSerialPortLib/XenConsoleSerialPortLib.inf + RealTimeClockLib|OvmfPkg/Library/XenRealTimeClockLib/XenRealTimeClockLib.inf +@@ -112,8 +112,8 @@ + gArmTokenSpaceGuid.PcdFdBaseAddress|0x0 + gArmTokenSpaceGuid.PcdFvBaseAddress|0x0 + +- gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE +- ++ gArmTokenSpaceGuid.PcdMonitorConduitHvc|TRUE ++ + [PcdsDynamicDefault.common] + + gArmTokenSpaceGuid.PcdArmArchTimerSecIntrNum|0x0 +-- +2.33.0 + diff --git a/0078-ArmVirtPkg-ArmVirtQemu-Add-RngDxe-driver.patch b/0078-ArmVirtPkg-ArmVirtQemu-Add-RngDxe-driver.patch new file mode 100644 index 0000000..004f786 --- /dev/null +++ b/0078-ArmVirtPkg-ArmVirtQemu-Add-RngDxe-driver.patch @@ -0,0 +1,92 @@ +From d736e2965727a930f65ab0912894bb8ba41dd0c4 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Mon, 13 May 2024 18:48:19 +0200 +Subject: [PATCH 29/29] ArmVirtPkg/ArmVirtQemu: Add RngDxe driver + +Add the RngDxe driver to the build, backed by either RNDR or TRNG, one +of which is expected to be available in most cases: +- RNDR is implemented by the 'max' CPU that QEMU implements in TCG mode +- TRNG is implemented by the KVM hypervisor, which backs QEMU's 'host' + CPU + +Other TCG modes (e.g., the 'cortex-a*' CPUs) implement neither, which +should prevent the RngDxe driver from dispatching entirely, resulting +in the same situation as before. + +Cc: Ard Biesheuvel +Cc: Leif Lindholm +Cc: Sami Mujawar +Cc: Gerd Hoffmann + +Committed-by: Ard Biesheuvel +Signed-off-by: Doug Flick [MSFT] +Reviewed-by: Ard Biesheuvel +--- + ArmVirtPkg/ArmVirt.dsc.inc | 5 ++++- + ArmVirtPkg/ArmVirtQemu.dsc | 1 + + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 + + ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 + + 4 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc +index 820c2b4a..863df58c 100644 +--- a/ArmVirtPkg/ArmVirt.dsc.inc ++++ b/ArmVirtPkg/ArmVirt.dsc.inc +@@ -154,7 +154,9 @@ + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + !endif + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +- RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf ++ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf ++ ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf ++ ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf + + # + # Secure Boot dependencies +@@ -255,6 +257,7 @@ + + [LibraryClasses.ARM] + ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf ++ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf + + [BuildOptions] + GCC:RELEASE_*_*_CC_FLAGS = -DMDEPKG_NDEBUG +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 1b1154ef..4da611cc 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -433,6 +433,7 @@ + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + } + MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf ++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + + # + # Status Code Routing +diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +index 229e2931..9000e5e1 100644 +--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc ++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +@@ -75,6 +75,7 @@ READ_LOCK_STATUS = TRUE + INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf + INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf + INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf ++ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + + # + # FAT filesystem + GPT/MBR partitioning + UDF filesystem + virtio-fs +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 0afb2e1e..2da2571d 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -340,6 +340,7 @@ + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + } + MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf ++ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + + # + # Status Code Routing +-- +2.33.0 + diff --git a/edk2.spec b/edk2.spec index 3476891..e21c77e 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ Name: edk2 Version: %{stable_date} -Release: 10 +Release: 11 Summary: EFI Development Kit II License: BSD-2-Clause-Patent and OpenSSL and MIT URL: https://github.com/tianocore/edk2 @@ -79,6 +79,37 @@ patch48: 0048-Add-a-test-for-ALPN-and-NPN.patch # Fix CVE-2024-6119 patch49: 0049-Avoid-type-errors-in-EAI-related-name-check-logic.patch +# Fix CVE-2023-45236、CVE-2023-45237 +patch50: 0050-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch +patch51: 0051-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch +patch52: 0052-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch +patch53: 0053-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch +patch54: 0054-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch +patch55: 0055-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch +patch56: 0056-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch +patch57: 0057-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch +patch58: 0058-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch +patch59: 0059-EmulatorPkg-Add-RngDxe-to-EmulatorPkg.patch +patch60: 0060-EmulatorPkg-Add-Hash2DxeCrypto-to-EmulatorPkg.patch +patch61: 0061-OvmfPkg-PlatformCI-Support-virtio-rng-pci.patch +patch62: 0062-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch +patch63: 0063-ArmVirtPkg-PlatformCI-Support-virtio-rng-pci.patch +patch64: 0064-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch +patch65: 0065-SecurityPkg-RngDxe-Remove-incorrect-limitation-on-Ge.patch +patch66: 0066-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch +patch67: 0067-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch +patch68: 0068-MdePkg-Add-MockUefiBootServicesTableLib.patch +patch69: 0069-MdePkg-Adds-Protocol-for-MockRng.patch +patch70: 0070-MdePkg-Add-MockHash2-Protocol-for-testing.patch +patch71: 0071-NetworkPkg-Update-the-PxeBcDhcp6GoogleTest-due-to-un.patch +patch72: 0072-ArmPkg-Allow-SMC-HVC-monitor-conduit-to-be-specified.patch +patch73: 0073-ArmVirtPkg-Move-PcdMonitorConduitHvc.patch +patch74: 0074-MdePkg-BaseRngLib-AARCH64-Remove-overzealous-ASSERT.patch +patch75: 0075-ArmVirtPkg-ArmVirtQemu-Permit-the-use-of-dynamic-PCD.patch +patch76: 0076-ArmVirtPkg-Use-dynamic-PCD-to-set-the-SMCCC-conduit.patch +patch77: 0077-ArmVirtPkg-Reverse-inclusion-order-of-MdeLibs.inc-an.patch +patch78: 0078-ArmVirtPkg-ArmVirtQemu-Add-RngDxe-driver.patch + BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl %description @@ -317,6 +348,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys %endif %changelog +* Wed Sep 25 2024 shenyage - 202308-11 +- fix CVE-2023-45236、CVE-2023-45237 + * Mon Sep 9 2024 shenyage - 202308-10 - fix CVE-2024-6119 -- Gitee