80 lines
2.3 KiB
Diff
80 lines
2.3 KiB
Diff
|
From e7444d0b84a8fd41aa63ecb083e65fd56b32fd38 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
Date: Sun, 23 Jun 2024 14:21:01 -0400
|
||
|
|
Subject: [PATCH 14/31] SecurityPkg/RngDxe: Conditionally install
|
||
|
|
EFI_RNG_PROTOCOL
|
||
|
|
|
||
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||
|
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||
|
|
RH-Acked-by: Gerd Hoffmann <None>
|
||
|
|
RH-Commit: [14/31] bc64d4cad6c30353723d674ef9f10eb10aeb1cac
|
||
|
|
|
||
|
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||
|
|
Upstream: Merged
|
||
|
|
CVE: CVE-2023-45237
|
||
|
|
|
||
|
|
commit 75fb0cfc82376906243386514be0e4067d702117
|
||
|
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||
|
|
Date: Thu Nov 24 17:17:55 2022 +0100
|
||
|
|
|
||
|
|
SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
|
||
|
|
|
||
|
|
On Arm platforms, the number of available RNG algorithms is
|
||
|
|
dynamically detected and can be 0 in the absence of FEAT_RNG
|
||
|
|
and firmware TRNG.
|
||
|
|
In this case, the EFI_RNG_PROTOCOL should not be installed to
|
||
|
|
prevent from installing an empty protocol.
|
||
|
|
|
||
|
|
Signed-off-by: Pierre Gondois <Pierre.Gondois@arm.com>
|
||
|
|
[ardb: return EFI_REQUEST_UNLOAD_IMAGE instead of an error]
|
||
|
|
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
|
||
|
|
|
||
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
---
|
||
|
|
.../RandomNumberGenerator/RngDxe/RngDxe.c | 19 ++++++++++++++-----
|
||
|
|
1 file changed, 14 insertions(+), 5 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||
|
|
index cc2ddfcc06..55e8dd49d0 100644
|
||
|
|
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||
|
|
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c
|
||
|
|
@@ -63,6 +63,18 @@ RngDriverEntry (
|
||
|
|
EFI_STATUS Status;
|
||
|
|
EFI_HANDLE Handle;
|
||
|
|
|
||
|
|
+ //
|
||
|
|
+ // Get the list of available algorithm.
|
||
|
|
+ //
|
||
|
|
+ Status = GetAvailableAlgorithms ();
|
||
|
|
+ if (EFI_ERROR (Status)) {
|
||
|
|
+ return Status;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
+ if (mAvailableAlgoArrayCount == 0) {
|
||
|
|
+ return EFI_REQUEST_UNLOAD_IMAGE;
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
//
|
||
|
|
// Install UEFI RNG (Random Number Generator) Protocol
|
||
|
|
//
|
||
|
|
@@ -74,13 +86,10 @@ RngDriverEntry (
|
||
|
|
NULL
|
||
|
|
);
|
||
|
|
if (EFI_ERROR (Status)) {
|
||
|
|
- return Status;
|
||
|
|
+ FreeAvailableAlgorithms ();
|
||
|
|
}
|
||
|
|
|
||
|
|
- //
|
||
|
|
- // Get the list of available algorithm.
|
||
|
|
- //
|
||
|
|
- return GetAvailableAlgorithms ();
|
||
|
|
+ return Status;
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
--
|
||
|
|
2.39.3
|
||
|
|
|