From 26873a4bf8d12bc5bc292c51030559e8ed353599 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 13 Jun 2024 19:44:43 +0200 Subject: Revert "MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID" This reverts commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a. --- MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++------------------------------ 1 file changed, 8 insertions(+), 91 deletions(-) diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c index 06d2a6f..9bd6835 100644 --- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c +++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c @@ -3,7 +3,6 @@ to provide high-quality random numbers. Copyright (c) 2023, Arm Limited. All rights reserved.
-Copyright (c) 2022, Pedro Falcato. All rights reserved.
Copyright (c) 2021, NUVIA Inc. All rights reserved.
Copyright (c) 2015, Intel Corporation. All rights reserved.
@@ -25,88 +24,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent STATIC BOOLEAN mRdRandSupported; -// -// Intel SDM says 10 tries is good enough for reliable RDRAND usage. -// -#define RDRAND_RETRIES 10 - -#define RDRAND_TEST_SAMPLES 8 - -#define RDRAND_MIN_CHANGE 5 - -// -// Add a define for native-word RDRAND, just for the test. -// -#ifdef MDE_CPU_X64 -#define ASM_RDRAND AsmRdRand64 -#else -#define ASM_RDRAND AsmRdRand32 -#endif - -/** - Tests RDRAND for broken implementations. - - @retval TRUE RDRAND is reliable (and hopefully safe). - @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID. - -**/ -STATIC -BOOLEAN -TestRdRand ( - VOID - ) -{ - // - // Test for notoriously broken rdrand implementations that always return the same - // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s). - // Note that this should be expanded to extensively test for other sorts of possible errata. - // - - // - // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects - // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage. - // - UINTN Prev; - UINT8 Idx; - UINT8 TestIteration; - UINT32 Changed; - - Changed = 0; - - for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) { - UINTN Sample; - // - // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c - // Any failure to get a random number will assume RDRAND does not work. - // - for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) { - if (ASM_RDRAND (&Sample)) { - break; - } - } - - if (Idx == RDRAND_RETRIES) { - DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n")); - return FALSE; - } - - if (TestIteration != 0) { - Changed += Sample != Prev; - } - - Prev = Sample; - } - - if (Changed < RDRAND_MIN_CHANGE) { - DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n")); - return FALSE; - } - - return TRUE; -} - -#undef ASM_RDRAND - /** The constructor function checks whether or not RDRAND instruction is supported by the host hardware. @@ -131,13 +48,10 @@ BaseRngLibConstructor ( // CPUID. A value of 1 indicates that processor support RDRAND instruction. // AsmCpuid (1, 0, 0, &RegEcx, 0); + ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK); mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - if (mRdRandSupported) { - mRdRandSupported = TestRdRand (); - } - return EFI_SUCCESS; } @@ -156,7 +70,6 @@ ArchGetRandomNumber16 ( OUT UINT16 *Rand ) { - ASSERT (mRdRandSupported); return AsmRdRand16 (Rand); } @@ -175,7 +88,6 @@ ArchGetRandomNumber32 ( OUT UINT32 *Rand ) { - ASSERT (mRdRandSupported); return AsmRdRand32 (Rand); } @@ -194,7 +106,6 @@ ArchGetRandomNumber64 ( OUT UINT64 *Rand ) { - ASSERT (mRdRandSupported); return AsmRdRand64 (Rand); } @@ -211,7 +122,13 @@ ArchIsRngSupported ( VOID ) { - return mRdRandSupported; + /* + Existing software depends on this always returning TRUE, so for + now hard-code it. + + return mRdRandSupported; + */ + return TRUE; } /** -- cgit v1.1