/* * Copyright (C) 2015 Michael Brown . * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. * * You can also choose to distribute this program under the terms of * the Unmodified Binary Distribution Licence (as given in the file * COPYING.UBDL), provided that you have satisfied its requirements. */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include #include #include #include #include /** @file * * EFI random number generator protocol entropy source * */ struct entropy_source efirng_entropy __entropy_source ( ENTROPY_NORMAL ); /** Random number generator protocol */ static EFI_RNG_PROTOCOL *efirng; EFI_REQUEST_PROTOCOL ( EFI_RNG_PROTOCOL, &efirng ); /** Minimum number of bytes to request from RNG * * The UEFI spec states (for no apparently good reason) that "When a * Deterministic Random Bit Generator (DRBG) is used on the output of * a (raw) entropy source, its security level must be at least 256 * bits." The EDK2 codebase (mis)interprets this to mean that the * call to GetRNG() should fail if given a buffer less than 32 bytes. * * Incidentally, nothing in the EFI RNG protocol provides any way to * report the actual amount of entropy returned by GetRNG(). */ #define EFIRNG_LEN 32 /** * Enable entropy gathering * * @ret rc Return status code */ static int efirng_enable ( void ) { /* Check for RNG protocol support */ if ( ! efirng ) { DBGC ( &efirng, "EFIRNG has no RNG protocol\n" ); return -ENOTSUP; } /* Nothing in the EFI specification provides any clue as to * how much entropy will be returned by GetRNG(). Make a * totally uninformed (and conservative guess) that each * sample will contain at least one bit of entropy. */ entropy_init ( &efirng_entropy, MIN_ENTROPY ( 1.0 ) ); return 0; } /** * Get noise sample from RNG protocol * * @ret noise Noise sample * @ret rc Return status code */ static int efirng_get_noise ( noise_sample_t *noise ) { uint8_t buf[EFIRNG_LEN]; EFI_STATUS efirc; int rc; /* Sanity check */ assert ( efirng != NULL ); /* Get the minimum allowed number of random bytes */ if ( ( efirc = efirng->GetRNG ( efirng, NULL, sizeof ( buf ), buf ) ) != 0 ) { rc = -EEFI ( efirc ); DBGC ( &efirng, "ENTROPY could not read from RNG: %s\n", strerror ( rc ) ); return rc; } /* Reduce random bytes to a single noise sample. This seems * like overkill, but we have no way of knowing how much * entropy is actually present in the bytes returned by the * RNG protocol. */ *noise = crc32_le ( 0, buf, sizeof ( buf ) ); return 0; } /** EFI random number generator protocol entropy source */ struct entropy_source efirng_entropy __entropy_source ( ENTROPY_NORMAL ) = { .name = "efirng", .enable = efirng_enable, .get_noise = efirng_get_noise, };