diff --git a/MdePkg/Include/Register/RiscV64/RiscVEncoding.h b/MdePkg/Include/Register/RiscV64/RiscVEncoding.h index 8ccdea2f4f..a656d443a5 100644 --- a/MdePkg/Include/Register/RiscV64/RiscVEncoding.h +++ b/MdePkg/Include/Register/RiscV64/RiscVEncoding.h @@ -120,4 +120,14 @@ #define CAUSE_VIRTUAL_INST_FAULT 0x16 #define CAUSE_STORE_GUEST_PAGE_FAULT 0x17 +/* Sstc extension */ +#define CSR_SEED 0x15 + +#define SEED_OPST_MASK 0xc0000000 +#define SEED_OPST_BIST 0x00000000 +#define SEED_OPST_WAIT 0x40000000 +#define SEED_OPST_ES16 0x80000000 +#define SEED_OPST_DEAD 0xc0000000 +#define SEED_ENTROPY_MASK 0xffff + #endif diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf index 49503b139b..a1614a900f 100644 --- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf +++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -50,6 +50,10 @@ [Guids.Ia32, Guids.X64] gEfiRngAlgorithmSp80090Ctr256Guid +[Sources.RISCV64] + Riscv/Rng.c + Riscv/Seed.S | GCC + [Packages] MdePkg/MdePkg.dec @@ -59,3 +63,7 @@ [LibraryClasses] BaseLib DebugLib + +[Pcd.RISCV64] + # Does the CPU support the Zkr extension (for the `Seed` CSR) + gEfiMdePkgTokenSpaceGuid.PcdRiscVFeatureOverride ## CONSUMES diff --git a/MdePkg/Library/BaseRngLib/Riscv/Rng.c b/MdePkg/Library/BaseRngLib/Riscv/Rng.c new file mode 100644 index 0000000000..305ab60b4d --- /dev/null +++ b/MdePkg/Library/BaseRngLib/Riscv/Rng.c @@ -0,0 +1,277 @@ +/** @file + Random number generator service that uses the SEED instruction + to provide pseudorandom numbers. + + Copyright (c) 2024, Rivos, Inc. + + SPDX-License-Identifier: BSD-2-Clause-Patent + **/ + +#include +#include +#include +#include +#include + +#include "BaseRngLibInternals.h" +#define RISCV_CPU_FEATURE_ZKR_BITMASK 0x8 + +#define SEED_RETRY_LOOPS 100 + +// 64-bit Mersenne Twister implementation +// A widely used pseudo random number generator. It performs bit shifts etc to +// achieve the random number. It's output is determined by SEED value generated +// by RISC-V SEED CSR" + +#define STATE_SIZE 312 +#define MIDDLE 156 +#define INIT_SHIFT 62 +#define TWIST_MASK 0xb5026f5aa96619e9ULL +#define INIT_FACT 6364136223846793005ULL +#define SHIFT1 29 +#define MASK1 0x5555555555555555ULL +#define SHIFT2 17 +#define MASK2 0x71d67fffeda60000ULL +#define SHIFT3 37 +#define MASK3 0xfff7eee000000000ULL +#define SHIFT4 43 + +#define LOWER_MASK 0x7fffffff +#define UPPER_MASK (~(UINT64)LOWER_MASK) + +static UINT64 mState[STATE_SIZE]; +static UINTN mIndex = STATE_SIZE + 1; + +/** + Initialize mState to defualt state. + + @param[in] S Input seed value + **/ +STATIC +VOID +SeedRng ( + IN UINT64 S + ) +{ + UINTN I; + + mIndex = STATE_SIZE; + mState[0] = S; + + for (I = 1; I < STATE_SIZE; I++) { + mState[I] = (INIT_FACT * (mState[I - 1] ^ (mState[I - 1] >> INIT_SHIFT))) + I; + } +} + +/** + Initializes mState with entropy values. The initialization is based on the + Seed value populated in mState[0] which then influences all the other values + in the mState array. Later values are retrieved from the same array instead + of calling trng instruction every time. + + **/ +STATIC +VOID +TwistRng ( + VOID + ) +{ + UINTN I; + UINT64 X; + + for (I = 0; I < STATE_SIZE; I++) { + X = (mState[I] & UPPER_MASK) | (mState[(I + 1) % STATE_SIZE] & LOWER_MASK); + X = (X >> 1) ^ (X & 1 ? TWIST_MASK : 0); + mState[I] = mState[(I + MIDDLE) % STATE_SIZE] ^ X; + } + + mIndex = 0; +} + +// Defined in Seed.S +extern UINT64 +ReadSeed ( + VOID + ); + +/** + Gets seed value by executing trng instruction (CSR 0x15) amd returns + the see to the caller 64bit value. + + @param[out] Out Buffer pointer to store the 64-bit random value. + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + **/ +STATIC +BOOLEAN +Get64BitSeed ( + OUT UINT64 *Out + ) +{ + UINT64 Seed; + UINTN Retry; + UINTN ValidSeeds; + UINTN NeededSeeds; + UINT16 *Entropy; + + Retry = SEED_RETRY_LOOPS; + Entropy = (UINT16 *)Out; + NeededSeeds = sizeof (UINT64) / sizeof (UINT16); + ValidSeeds = 0; + + if (!ArchIsRngSupported ()) { + DEBUG ((DEBUG_ERROR, "Get64BitSeed: HW not supported!\n")); + return FALSE; + } + + do { + Seed = ReadSeed (); + + switch (Seed & SEED_OPST_MASK) { + case SEED_OPST_ES16: + Entropy[ValidSeeds++] = Seed & SEED_ENTROPY_MASK; + if (ValidSeeds == NeededSeeds) { + return TRUE; + } + + break; + + case SEED_OPST_DEAD: + DEBUG ((DEBUG_ERROR, "Get64BitSeed: Unrecoverable error!\n")); + return FALSE; + + case SEED_OPST_BIST: // fallthrough + case SEED_OPST_WAIT: // fallthrough + default: + continue; + } + } while (--Retry); + + return FALSE; +} + +/** + Constructor library which initializes Seeds and mStatus array. + + @retval EFI_SUCCESS Intialization was successful. + @retval EFI_UNSUPPORTED Feature not supported. + + **/ +EFI_STATUS +EFIAPI +BaseRngLibConstructor ( + VOID + ) +{ + UINT64 Seed; + + if (Get64BitSeed (&Seed)) { + SeedRng (Seed); + return EFI_SUCCESS; + } else { + return EFI_UNSUPPORTED; + } +} + +/** + Generates a 16-bit random number. + + @param[out] Rand Buffer pointer to store the 16-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + + **/ +BOOLEAN +EFIAPI +ArchGetRandomNumber16 ( + OUT UINT16 *Rand + ) +{ + UINT64 Rand64; + + if (ArchGetRandomNumber64 (&Rand64)) { + *Rand = Rand64 & MAX_UINT16; + return TRUE; + } + + return FALSE; +} + +/** + Generates a 32-bit random number. + + @param[out] Rand Buffer pointer to store the 32-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + + **/ +BOOLEAN +EFIAPI +ArchGetRandomNumber32 ( + OUT UINT32 *Rand + ) +{ + UINT64 Rand64; + + if (ArchGetRandomNumber64 (&Rand64)) { + *Rand = Rand64 & MAX_UINT32; + return TRUE; + } + + return FALSE; +} + +/** + Generates a 64-bit random number. + + @param[out] Rand Buffer pointer to store the 64-bit random value. + + @retval TRUE Random number generated successfully. + @retval FALSE Failed to generate the random number. + + **/ +BOOLEAN +EFIAPI +ArchGetRandomNumber64 ( + OUT UINT64 *Rand + ) +{ + UINT64 Y; + + // Never initialized. + if (mIndex > STATE_SIZE) { + return FALSE; + } + + // Mersenne Twister + if (mIndex == STATE_SIZE) { + TwistRng (); + } + + Y = mState[mIndex]; + Y ^= (Y >> SHIFT1) & MASK1; + Y ^= (Y << SHIFT2) & MASK2; + Y ^= (Y << SHIFT3) & MASK3; + Y ^= Y >> SHIFT4; + + mIndex++; + + *Rand = Y; + return TRUE; +} + +/** + Checks whether SEED is supported. + + @retval TRUE SEED is supported. + **/ +BOOLEAN +EFIAPI +ArchIsRngSupported ( + VOID + ) +{ + return ((PcdGet64 (PcdRiscVFeatureOverride) & RISCV_CPU_FEATURE_ZKR_BITMASK) != 0); +} diff --git a/MdePkg/Library/BaseRngLib/Riscv/Seed.S b/MdePkg/Library/BaseRngLib/Riscv/Seed.S new file mode 100644 index 0000000000..0028923395 --- /dev/null +++ b/MdePkg/Library/BaseRngLib/Riscv/Seed.S @@ -0,0 +1,19 @@ +//------------------------------------------------------------------------------ +// +// RISC-V cache operation. +// +// Copyright (c) 2024, Rivos Inc. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +//------------------------------------------------------------------------------ + +#include + +.text + .p2align 4 + +ASM_FUNC (ReadSeed) +#The SEED CSR must only be accessed with read-write instructions +csrrw a0, CSR_SEED, x0 +ret diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec index 5dbe5a9f72..f8c30d3e76 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -2430,6 +2430,8 @@ # previous stage has feature enabled and user wants to disable it. # BIT 2 = Page-Based Memory Types (Pbmt). This bit is relevant only if # previous stage has feature enabled and user wants to disable it. + # BIT 3 = Zkr extension.This bit is relevant only if + # previous stage has feature enabled and user wants to disable it. # gEfiMdePkgTokenSpaceGuid.PcdRiscVFeatureOverride|0xFFFFFFFFFFFFFFFF|UINT64|0x69