edk2/edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch

From 8b78800fed2a4af7c08eebd20d1bf764e8e10c84 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 25 Jun 2024 22:28:58 -0400
Subject: [PATCH 10/31] SecurityPkg/RngDxe: Add debug warning for NULL
 PcdCpuRngSupportedAlgorithm

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [10/31] 66b888e9b1e2be0c79784e02b4821854bd80432d

JIRA: https://issues.redhat.com/browse/RHEL-21856
CVE: CVE-2022-45237
Upstream: Merged

commit 6cdddccf0085cf2929f8ae710515e4e53663dfb2
Author: Pierre Gondois <pierre.gondois@arm.com>
Date:   Fri Oct 28 17:32:56 2022 +0200

    SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm

    PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm
    used by the RNDR CPU instruction to generate a random number.
    Add a debug warning if the Pcd is not set.

    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
    Acked-by: Jiewen Yao <jiewen.yao@intel.com>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
 .../RandomNumberGenerator/RngDxe/AArch64/RngDxe.c      | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
index c0b0d28d48..a800a85792 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
@@ -67,6 +67,16 @@ GetAvailableAlgorithms (
       sizeof (EFI_RNG_ALGORITHM)
       );
     mAvailableAlgoArrayCount++;
+
+    DEBUG_CODE_BEGIN ();
+    if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {
+      DEBUG ((
+        DEBUG_WARN,
+        "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"
+        ));
+    }
+
+    DEBUG_CODE_END ();
   }
 
   // Raw algorithm (Trng)
-- 
2.39.3
* Wed Jul 03 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-13.el8_10.1 - edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Apply-uncrustify-changes.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-RdRandGenerateEntropy-to-g.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Remove-ArchGetSupportedRngAlgorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Documentation-include-parameter-c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Check-before-advertising-Cpu-Rng-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-debug-warning-for-NULL-PcdCpu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Rename-AArch64-RngDxe.c.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Correctly-update-mAvailableAlgoAr.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Conditionally-install-EFI_RNG_PRO.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-SecurityPkg.dec-Move-PcdCpuRngSupportedA.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Use-GetRngGuid-when-probing-RngLi.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-Simplify-Rng-algorithm-selection-.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-21854 RHEL-21856 RHEL-40099] - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-21854 RHEL-21856 RHEL-40099] - Resolves: RHEL-21854 (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-8]) - Resolves: RHEL-21856 (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-8]) - Resolves: RHEL-40099 (CVE-2024-1298 edk2: Temporary DoS vulnerability [rhel-8.10.z]) 2024-07-03 12:35:29 +00:00			`From 8b78800fed2a4af7c08eebd20d1bf764e8e10c84 Mon Sep 17 00:00:00 2001`
			`From: Jon Maloy <jmaloy@redhat.com>`
			`Date: Tue, 25 Jun 2024 22:28:58 -0400`
			`Subject: [PATCH 10/31] SecurityPkg/RngDxe: Add debug warning for NULL`
			`PcdCpuRngSupportedAlgorithm`

			`RH-Author: Jon Maloy <jmaloy@redhat.com>`
			`RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes`
			`RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099`
			`RH-Acked-by: Gerd Hoffmann <None>`
			`RH-Commit: [10/31] 66b888e9b1e2be0c79784e02b4821854bd80432d`

			`JIRA: https://issues.redhat.com/browse/RHEL-21856`
			`CVE: CVE-2022-45237`
			`Upstream: Merged`

			`commit 6cdddccf0085cf2929f8ae710515e4e53663dfb2`
			`Author: Pierre Gondois <pierre.gondois@arm.com>`
			`Date: Fri Oct 28 17:32:56 2022 +0200`

			`SecurityPkg/RngDxe: Add debug warning for NULL PcdCpuRngSupportedAlgorithm`

			`PcdCpuRngSupportedAlgorithm should allow to identify the the algorithm`
			`used by the RNDR CPU instruction to generate a random number.`
			`Add a debug warning if the Pcd is not set.`

			`Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>`
			`Acked-by: Jiewen Yao <jiewen.yao@intel.com>`

			`Signed-off-by: Jon Maloy <jmaloy@redhat.com>`
			`---`
			`.../RandomNumberGenerator/RngDxe/AArch64/RngDxe.c \| 10 ++++++++++`
			`1 file changed, 10 insertions(+)`

			`diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c`
			`index c0b0d28d48..a800a85792 100644`
			`--- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c`
			`+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c`
			`@@ -67,6 +67,16 @@ GetAvailableAlgorithms (`
			`sizeof (EFI_RNG_ALGORITHM)`
			`);`
			`mAvailableAlgoArrayCount++;`
			`+`
			`+ DEBUG_CODE_BEGIN ();`
			`+ if (IsZeroGuid (PcdGetPtr (PcdCpuRngSupportedAlgorithm))) {`
			`+ DEBUG ((`
			`+ DEBUG_WARN,`
			`+ "PcdCpuRngSupportedAlgorithm should be a non-zero GUID\n"`
			`+ ));`
			`+ }`
			`+`
			`+ DEBUG_CODE_END ();`
			`}`

			`// Raw algorithm (Trng)`
			`--`
			`2.39.3`