Revert "MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID"revert-5714-devel/ovmf-rdrand-pedro

This reverts commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a.

1 files changed, 8 insertions, 91 deletions

diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
index 06d2a6f..9bd6835 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -3,7 +3,6 @@
   to provide high-quality random numbers.

 

 Copyright (c) 2023, Arm Limited. All rights reserved.<BR>

-Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>

 Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>

 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

 

@@ -25,88 +24,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 

 STATIC BOOLEAN  mRdRandSupported;

 

-//

-// Intel SDM says 10 tries is good enough for reliable RDRAND usage.

-//

-#define RDRAND_RETRIES  10

-

-#define RDRAND_TEST_SAMPLES  8

-

-#define RDRAND_MIN_CHANGE  5

-

-//

-// Add a define for native-word RDRAND, just for the test.

-//

-#ifdef MDE_CPU_X64

-#define ASM_RDRAND  AsmRdRand64

-#else

-#define ASM_RDRAND  AsmRdRand32

-#endif

-

-/**

-  Tests RDRAND for broken implementations.

-

-  @retval TRUE         RDRAND is reliable (and hopefully safe).

-  @retval FALSE        RDRAND is unreliable and should be disabled, despite CPUID.

-

-**/

-STATIC

-BOOLEAN

-TestRdRand (

-  VOID

-  )

-{

-  //

-  // Test for notoriously broken rdrand implementations that always return the same

-  // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).

-  // Note that this should be expanded to extensively test for other sorts of possible errata.

-  //

-

-  //

-  // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects

-  // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.

-  //

-  UINTN   Prev;

-  UINT8   Idx;

-  UINT8   TestIteration;

-  UINT32  Changed;

-

-  Changed = 0;

-

-  for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {

-    UINTN  Sample;

-    //

-    // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c

-    // Any failure to get a random number will assume RDRAND does not work.

-    //

-    for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {

-      if (ASM_RDRAND (&Sample)) {

-        break;

-      }

-    }

-

-    if (Idx == RDRAND_RETRIES) {

-      DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));

-      return FALSE;

-    }

-

-    if (TestIteration != 0) {

-      Changed += Sample != Prev;

-    }

-

-    Prev = Sample;

-  }

-

-  if (Changed < RDRAND_MIN_CHANGE) {

-    DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));

-    return FALSE;

-  }

-

-  return TRUE;

-}

-

-#undef ASM_RDRAND

-

 /**

   The constructor function checks whether or not RDRAND instruction is supported

   by the host hardware.

@@ -131,13 +48,10 @@ BaseRngLibConstructor (
   // CPUID. A value of 1 indicates that processor support RDRAND instruction.

   //

   AsmCpuid (1, 0, 0, &RegEcx, 0);

+  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);

 

   mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);

 

-  if (mRdRandSupported) {

-    mRdRandSupported = TestRdRand ();

-  }

-

   return EFI_SUCCESS;

 }

 

@@ -156,7 +70,6 @@ ArchGetRandomNumber16 (
   OUT     UINT16  *Rand

   )

 {

-  ASSERT (mRdRandSupported);

   return AsmRdRand16 (Rand);

 }

 

@@ -175,7 +88,6 @@ ArchGetRandomNumber32 (
   OUT     UINT32  *Rand

   )

 {

-  ASSERT (mRdRandSupported);

   return AsmRdRand32 (Rand);

 }

 

@@ -194,7 +106,6 @@ ArchGetRandomNumber64 (
   OUT     UINT64  *Rand

   )

 {

-  ASSERT (mRdRandSupported);

   return AsmRdRand64 (Rand);

 }

 

@@ -211,7 +122,13 @@ ArchIsRngSupported (
   VOID

   )

 {

-  return mRdRandSupported;

+  /*

+     Existing software depends on this always returning TRUE, so for

+     now hard-code it.

+

+     return mRdRandSupported;

+  */

+  return TRUE;

 }

 

 /**