91 lines
3.1 KiB
Diff
91 lines
3.1 KiB
Diff
|
From 5ba444af245d59e3208260478aa710d4f143f259 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
Date: Thu, 20 Jun 2024 16:06:25 -0400
|
||
|
|
Subject: [PATCH 20/31] MdeModulePkg/Rng: Add GUID to describe unsafe Rng
|
||
|
|
algorithms
|
||
|
|
|
||
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||
|
|
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||
|
|
RH-Acked-by: Gerd Hoffmann <None>
|
||
|
|
RH-Commit: [20/31] d0e553560d60122f2fe5f33923b5b943c138a18d
|
||
|
|
|
||
|
|
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||
|
|
Upstream: Merged
|
||
|
|
CVE: CVE-2023-45237
|
||
|
|
|
||
|
|
commit 414c0f20896f3dec412135fa4260f8aad8bef246
|
||
|
|
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||
|
|
Date: Fri Aug 11 16:33:07 2023 +0200
|
||
|
|
|
||
|
|
MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
|
||
|
|
|
||
|
|
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||
|
|
|
||
|
|
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||
|
|
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||
|
|
To allow the RngDxe to detect when such implementation is used,
|
||
|
|
a GetRngGuid() function is added in a following patch.
|
||
|
|
|
||
|
|
Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
|
||
|
|
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
|
||
|
|
|
||
|
|
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||
|
|
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||
|
|
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||
|
|
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||
|
|
|
||
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||
|
|
---
|
||
|
|
MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++
|
||
|
|
MdeModulePkg/MdeModulePkg.dec | 3 +++
|
||
|
|
2 files changed, 26 insertions(+)
|
||
|
|
create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||
|
|
|
||
|
|
diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||
|
|
new file mode 100644
|
||
|
|
index 0000000000..e2ac2ba3e5
|
||
|
|
--- /dev/null
|
||
|
|
+++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||
|
|
@@ -0,0 +1,23 @@
|
||
|
|
+/** @file
|
||
|
|
+ Rng Algorithm
|
||
|
|
+
|
||
|
|
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||
|
|
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||
|
|
+**/
|
||
|
|
+
|
||
|
|
+#ifndef RNG_ALGORITHM_GUID_H_
|
||
|
|
+#define RNG_ALGORITHM_GUID_H_
|
||
|
|
+
|
||
|
|
+///
|
||
|
|
+/// The implementation of a Random Number Generator might be unsafe, when using
|
||
|
|
+/// a dummy implementation for instance. Allow identifying such implementation
|
||
|
|
+/// with this GUID.
|
||
|
|
+///
|
||
|
|
+#define EDKII_RNG_ALGORITHM_UNSAFE \
|
||
|
|
+ { \
|
||
|
|
+ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
+extern EFI_GUID gEdkiiRngAlgorithmUnSafe;
|
||
|
|
+
|
||
|
|
+#endif // #ifndef RNG_ALGORITHM_GUID_H_
|
||
|
|
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||
|
|
index 08d59dfb3e..3513a9678a 100644
|
||
|
|
--- a/MdeModulePkg/MdeModulePkg.dec
|
||
|
|
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||
|
|
@@ -401,6 +401,9 @@
|
||
|
|
## Include/Guid/MigratedFvInfo.h
|
||
|
|
gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }
|
||
|
|
|
||
|
|
+ ## Include/Guid/RngAlgorithm.h
|
||
|
|
+ gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
|
||
|
|
+
|
||
|
|
#
|
||
|
|
# GUID defined in UniversalPayload
|
||
|
|
#
|
||
|
|
--
|
||
|
|
2.39.3
|
||
|
|
|