diff options
Diffstat (limited to 'SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c')
| -rw-r--r-- | SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c index e8be217f8a..a270441ebb 100644 --- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c @@ -10,6 +10,8 @@ #include <Library/DebugLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/ArmTrngLib.h>
+#include <Library/RngLib.h>
+#include <Guid/RngAlgorithm.h>
#include "RngDxeInternals.h"
@@ -28,9 +30,13 @@ GetAvailableAlgorithms ( VOID
)
{
- UINT64 DummyRand;
- UINT16 MajorRevision;
- UINT16 MinorRevision;
+ EFI_STATUS Status;
+ UINT16 MajorRevision;
+ UINT16 MinorRevision;
+ GUID RngGuid;
+ BOOLEAN UnSafeAlgo;
+
+ UnSafeAlgo = FALSE;
// Rng algorithms 2 times, one for the allocation, one to populate.
mAvailableAlgoArray = AllocateZeroPool (RNG_AVAILABLE_ALGO_MAX);
@@ -38,24 +44,29 @@ GetAvailableAlgorithms ( return EFI_OUT_OF_RESOURCES;
}
- // Check RngGetBytes() before advertising PcdCpuRngSupportedAlgorithm.
- if (!EFI_ERROR (RngGetBytes (sizeof (DummyRand), (UINT8 *)&DummyRand))) {
- CopyMem (
- &mAvailableAlgoArray[mAvailableAlgoArrayCount],
- PcdGetPtr (PcdCpuRngSupportedAlgorithm),
- sizeof (EFI_RNG_ALGORITHM)
- );
- mAvailableAlgoArrayCount++;
-
- DEBUG_CODE_BEGIN ();
- if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+ // Identify RngLib algorithm.
+ Status = GetRngGuid (&RngGuid);
+ if (!EFI_ERROR (Status)) {
+ if (IsZeroGuid (&RngGuid) ||
+ CompareGuid (&RngGuid, &gEdkiiRngAlgorithmUnSafe))
+ {
+ // Treat zero GUID as an unsafe algorithm
DEBUG ((
DEBUG_WARN,
- "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
+ "RngLib uses an Unsafe algorithm and "
+ "must not be used for production builds.\n"
));
+ // Set the UnSafeAlgo flag to indicate an unsafe algorithm was found
+ // so that it can be added at the end of the algorithm list.
+ UnSafeAlgo = TRUE;
+ } else {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &RngGuid,
+ sizeof (RngGuid)
+ );
+ mAvailableAlgoArrayCount++;
}
-
- DEBUG_CODE_END ();
}
// Raw algorithm (Trng)
@@ -68,5 +79,15 @@ GetAvailableAlgorithms ( mAvailableAlgoArrayCount++;
}
+ // Add unsafe algorithm at the end of the list.
+ if (UnSafeAlgo) {
+ CopyMem (
+ &mAvailableAlgoArray[mAvailableAlgoArrayCount],
+ &gEdkiiRngAlgorithmUnSafe,
+ sizeof (EFI_RNG_ALGORITHM)
+ );
+ mAvailableAlgoArrayCount++;
+ }
+
return EFI_SUCCESS;
}
|