~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,192 +1,143 @@
	1	+// SPDX-License-Identifier: GPL-2.0
1	2	/*
2	3	* Copyright (C) 2016 Linaro Ltd; <ard.biesheuvel@linaro.org>
3		- *
4		- * This program is free software; you can redistribute it and/or modify
5		- * it under the terms of the GNU General Public License version 2 as
6		- * published by the Free Software Foundation.
7		- *
8	4	*/
9	5
10	6	#include <linux/efi.h>
11		-#include <linux/log2.h>
12	7	#include <asm/efi.h>
13	8
14	9	#include "efistub.h"
15	10
16		-struct efi_rng_protocol {
17		- efi_status_t (get_info)(struct efi_rng_protocol ,
18		- unsigned long , efi_guid_t );
19		- efi_status_t (get_rng)(struct efi_rng_protocol ,
20		- efi_guid_t , unsigned long, u8 out);
	11	+typedef union efi_rng_protocol efi_rng_protocol_t;
	12	+
	13	+union efi_rng_protocol {
	14	+ struct {
	15	+ efi_status_t (__efiapi get_info)(efi_rng_protocol_t ,
	16	+ unsigned long *,
	17	+ efi_guid_t *);
	18	+ efi_status_t (__efiapi get_rng)(efi_rng_protocol_t ,
	19	+ efi_guid_t *, unsigned long,
	20	+ u8 *out);
	21	+ };
	22	+ struct {
	23	+ u32 get_info;
	24	+ u32 get_rng;
	25	+ } mixed_mode;
21	26	};
22	27
23		-efi_status_t efi_get_random_bytes(efi_system_table_t *sys_table_arg,
24		- unsigned long size, u8 *out)
	28	+/**
	29	+ * efi_get_random_bytes() - fill a buffer with random bytes
	30	+ * @size: size of the buffer
	31	+ * @out: caller allocated buffer to receive the random bytes
	32	+ *
	33	+ * The call will fail if either the firmware does not implement the
	34	+ * EFI_RNG_PROTOCOL or there are not enough random bytes available to fill
	35	+ * the buffer.
	36	+ *
	37	+ * Return: status code
	38	+ */
	39	+efi_status_t efi_get_random_bytes(unsigned long size, u8 *out)
25	40	{
26	41	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
27	42	efi_status_t status;
28		- struct efi_rng_protocol *rng;
	43	+ efi_rng_protocol_t *rng = NULL;
29	44
30		- status = efi_call_early(locate_protocol, &rng_proto, NULL,
31		- (void **)&rng);
	45	+ status = efi_bs_call(locate_protocol, &rng_proto, NULL, (void **)&rng);
32	46	if (status != EFI_SUCCESS)
33	47	return status;
34	48
35		- return rng->get_rng(rng, NULL, size, out);
	49	+ return efi_call_proto(rng, get_rng, NULL, size, out);
36	50	}
37	51
38		-/*
39		- * Return the number of slots covered by this entry, i.e., the number of
40		- * addresses it covers that are suitably aligned and supply enough room
41		- * for the allocation.
	52	+/**
	53	+ * efi_random_get_seed() - provide random seed as configuration table
	54	+ *
	55	+ * The EFI_RNG_PROTOCOL is used to read random bytes. These random bytes are
	56	+ * saved as a configuration table which can be used as entropy by the kernel
	57	+ * for the initialization of its pseudo random number generator.
	58	+ *
	59	+ * If the EFI_RNG_PROTOCOL is not available or there are not enough random bytes
	60	+ * available, the configuration table will not be installed and an error code
	61	+ * will be returned.
	62	+ *
	63	+ * Return: status code
42	64	*/
43		-static unsigned long get_entry_num_slots(efi_memory_desc_t *md,
44		- unsigned long size,
45		- unsigned long align_shift)
46		-{
47		- unsigned long align = 1UL << align_shift;
48		- u64 first_slot, last_slot, region_end;
49		-
50		- if (md->type != EFI_CONVENTIONAL_MEMORY)
51		- return 0;
52		-
53		- region_end = min((u64)ULONG_MAX, md->phys_addr + md->num_pages*EFI_PAGE_SIZE - 1);
54		-
55		- first_slot = round_up(md->phys_addr, align);
56		- last_slot = round_down(region_end - size + 1, align);
57		-
58		- if (first_slot > last_slot)
59		- return 0;
60		-
61		- return ((unsigned long)(last_slot - first_slot) >> align_shift) + 1;
62		-}
63		-
64		-/*
65		- * The UEFI memory descriptors have a virtual address field that is only used
66		- * when installing the virtual mapping using SetVirtualAddressMap(). Since it
67		- * is unused here, we can reuse it to keep track of each descriptor's slot
68		- * count.
69		- */
70		-#define MD_NUM_SLOTS(md) ((md)->virt_addr)
71		-
72		-efi_status_t efi_random_alloc(efi_system_table_t *sys_table_arg,
73		- unsigned long size,
74		- unsigned long align,
75		- unsigned long *addr,
76		- unsigned long random_seed)
77		-{
78		- unsigned long map_size, desc_size, total_slots = 0, target_slot;
79		- unsigned long buff_size;
80		- efi_status_t status;
81		- efi_memory_desc_t *memory_map;
82		- int map_offset;
83		- struct efi_boot_memmap map;
84		-
85		- map.map = &memory_map;
86		- map.map_size = &map_size;
87		- map.desc_size = &desc_size;
88		- map.desc_ver = NULL;
89		- map.key_ptr = NULL;
90		- map.buff_size = &buff_size;
91		-
92		- status = efi_get_memory_map(sys_table_arg, &map);
93		- if (status != EFI_SUCCESS)
94		- return status;
95		-
96		- if (align < EFI_ALLOC_ALIGN)
97		- align = EFI_ALLOC_ALIGN;
98		-
99		- /* count the suitable slots in each memory map entry */
100		- for (map_offset = 0; map_offset < map_size; map_offset += desc_size) {
101		- efi_memory_desc_t md = (void )memory_map + map_offset;
102		- unsigned long slots;
103		-
104		- slots = get_entry_num_slots(md, size, ilog2(align));
105		- MD_NUM_SLOTS(md) = slots;
106		- total_slots += slots;
107		- }
108		-
109		- /* find a random number between 0 and total_slots */
110		- target_slot = (total_slots * (u16)random_seed) >> 16;
111		-
112		- /*
113		- * target_slot is now a value in the range [0, total_slots), and so
114		- * it corresponds with exactly one of the suitable slots we recorded
115		- * when iterating over the memory map the first time around.
116		- *
117		- * So iterate over the memory map again, subtracting the number of
118		- * slots of each entry at each iteration, until we have found the entry
119		- * that covers our chosen slot. Use the residual value of target_slot
120		- * to calculate the randomly chosen address, and allocate it directly
121		- * using EFI_ALLOCATE_ADDRESS.
122		- */
123		- for (map_offset = 0; map_offset < map_size; map_offset += desc_size) {
124		- efi_memory_desc_t md = (void )memory_map + map_offset;
125		- efi_physical_addr_t target;
126		- unsigned long pages;
127		-
128		- if (target_slot >= MD_NUM_SLOTS(md)) {
129		- target_slot -= MD_NUM_SLOTS(md);
130		- continue;
131		- }
132		-
133		- target = round_up(md->phys_addr, align) + target_slot * align;
134		- pages = round_up(size, EFI_PAGE_SIZE) / EFI_PAGE_SIZE;
135		-
136		- status = efi_call_early(allocate_pages, EFI_ALLOCATE_ADDRESS,
137		- EFI_LOADER_DATA, pages, &target);
138		- if (status == EFI_SUCCESS)
139		- *addr = target;
140		- break;
141		- }
142		-
143		- efi_call_early(free_pool, memory_map);
144		-
145		- return status;
146		-}
147		-
148		-efi_status_t efi_random_get_seed(efi_system_table_t *sys_table_arg)
	65	+efi_status_t efi_random_get_seed(void)
149	66	{
150	67	efi_guid_t rng_proto = EFI_RNG_PROTOCOL_GUID;
151	68	efi_guid_t rng_algo_raw = EFI_RNG_ALGORITHM_RAW;
152	69	efi_guid_t rng_table_guid = LINUX_EFI_RANDOM_SEED_TABLE_GUID;
153		- struct efi_rng_protocol *rng;
154		- struct linux_efi_random_seed *seed;
	70	+ struct linux_efi_random_seed prev_seed, seed = NULL;
	71	+ int prev_seed_size = 0, seed_size = EFI_RANDOM_SEED_SIZE;
	72	+ efi_rng_protocol_t *rng = NULL;
155	73	efi_status_t status;
156	74
157		- status = efi_call_early(locate_protocol, &rng_proto, NULL,
158		- (void **)&rng);
	75	+ status = efi_bs_call(locate_protocol, &rng_proto, NULL, (void **)&rng);
159	76	if (status != EFI_SUCCESS)
160	77	return status;
161	78
162		- status = efi_call_early(allocate_pool, EFI_RUNTIME_SERVICES_DATA,
163		- sizeof(*seed) + EFI_RANDOM_SEED_SIZE,
164		- (void **)&seed);
165		- if (status != EFI_SUCCESS)
166		- return status;
	79	+ /*
	80	+ * Check whether a seed was provided by a prior boot stage. In that
	81	+ * case, instead of overwriting it, let's create a new buffer that can
	82	+ * hold both, and concatenate the existing and the new seeds.
	83	+ * Note that we should read the seed size with caution, in case the
	84	+ * table got corrupted in memory somehow.
	85	+ */
	86	+ prev_seed = get_efi_config_table(LINUX_EFI_RANDOM_SEED_TABLE_GUID);
	87	+ if (prev_seed && prev_seed->size <= 512U) {
	88	+ prev_seed_size = prev_seed->size;
	89	+ seed_size += prev_seed_size;
	90	+ }
167	91
168		- status = rng->get_rng(rng, &rng_algo_raw, EFI_RANDOM_SEED_SIZE,
169		- seed->bits);
	92	+ /*
	93	+ * Use EFI_ACPI_RECLAIM_MEMORY here so that it is guaranteed that the
	94	+ * allocation will survive a kexec reboot (although we refresh the seed
	95	+ * beforehand)
	96	+ */
	97	+ status = efi_bs_call(allocate_pool, EFI_ACPI_RECLAIM_MEMORY,
	98	+ struct_size(seed, bits, seed_size),
	99	+ (void **)&seed);
	100	+ if (status != EFI_SUCCESS) {
	101	+ efi_warn("Failed to allocate memory for RNG seed.\n");
	102	+ goto err_warn;
	103	+ }
	104	+
	105	+ status = efi_call_proto(rng, get_rng, &rng_algo_raw,
	106	+ EFI_RANDOM_SEED_SIZE, seed->bits);
	107	+
170	108	if (status == EFI_UNSUPPORTED)
171	109	/*
172	110	* Use whatever algorithm we have available if the raw algorithm
173	111	* is not implemented.
174	112	*/
175		- status = rng->get_rng(rng, NULL, EFI_RANDOM_SEED_SIZE,
176		- seed->bits);
	113	+ status = efi_call_proto(rng, get_rng, NULL,
	114	+ EFI_RANDOM_SEED_SIZE, seed->bits);
177	115
178	116	if (status != EFI_SUCCESS)
179	117	goto err_freepool;
180	118
181		- seed->size = EFI_RANDOM_SEED_SIZE;
182		- status = efi_call_early(install_configuration_table, &rng_table_guid,
183		- seed);
	119	+ seed->size = seed_size;
	120	+ if (prev_seed_size)
	121	+ memcpy(seed->bits + EFI_RANDOM_SEED_SIZE, prev_seed->bits,
	122	+ prev_seed_size);
	123	+
	124	+ status = efi_bs_call(install_configuration_table, &rng_table_guid, seed);
184	125	if (status != EFI_SUCCESS)
185	126	goto err_freepool;
186	127
	128	+ if (prev_seed_size) {
	129	+ /* wipe and free the old seed if we managed to install the new one */
	130	+ memzero_explicit(prev_seed->bits, prev_seed_size);
	131	+ efi_bs_call(free_pool, prev_seed);
	132	+ }
187	133	return EFI_SUCCESS;
188	134
189	135	err_freepool:
190		- efi_call_early(free_pool, seed);
	136	+ memzero_explicit(seed, struct_size(seed, bits, seed_size));
	137	+ efi_bs_call(free_pool, seed);
	138	+ efi_warn("Failed to obtain seed from EFI_RNG_PROTOCOL\n");
	139	+err_warn:
	140	+ if (prev_seed)
	141	+ efi_warn("Retaining bootloader-supplied seed only");
191	142	return status;
192	143	}