Merge branch 'master' into risc-network-pkg

MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c

@@ -395,11 +395,14 @@ MergeMemoryMap (
   NewMemoryMapEntry = MemoryMap;
   MemoryMapEnd      = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + *MemoryMapSize);
   while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) {
-    CopyMem (NewMemoryMapEntry, MemoryMapEntry, sizeof (EFI_MEMORY_DESCRIPTOR));
+    CopyMem (NewMemoryMapEntry, MemoryMapEntry, DescriptorSize);
     NextMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);
 
     do {
-      MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);
+      if ((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) {
+        MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);
+      }
+
       MemoryBlockLength = LShiftU64 (NewMemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT);
       if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
           (NewMemoryMapEntry->Type == NextMemoryMapEntry->Type) &&

MdePkg/Include/IndustryStandard/Http11.h

@@ -248,6 +248,34 @@
 ///
 #define  HTTP_EXPECT_100_CONTINUE  "100-continue"
 
+///
+/// Content-Range Response Header
+/// The Content-Range response HTTP header indicates where in a
+/// full body message a partial message belongs.
+///
+#define HTTP_HEADER_CONTENT_RANGE  "Content-Range"
+
+///
+/// Last-Modified Response Header
+/// The Last-Modified response HTTP header contains a date and time when
+/// the origin server believes the resource was last modified. It is used
+/// as a validator to determine if the resource is the same as the
+/// previously stored one. Less accurate than an ETag header,
+/// it is a fallback mechanism. Conditional requests containing
+/// If-Modified-Since or If-Unmodified-Since headers make use of this field.
+///
+#define HTTP_HEADER_LAST_MODIFIED  "Last-Modified"
+
+///
+/// If Unmodified Since Request Header
+/// Makes the request for the resource conditional: the server will send
+/// the requested resource or accept it in the case of a POST or another
+/// non-safe method only if the resource has not been modified after the
+/// date specified by this HTTP header. If the resource has been modified
+/// after the specified date, the response will be a 412 Precondition Failed error.
+///
+#define HTTP_HEADER_IF_UNMODIFIED_SINCE  "If-Unmodified-Since"
+
 #pragma pack()
 
 #endif

MdePkg/Include/Library/DebugLib.h

@@ -342,13 +342,13 @@ UnitTestDebugAssert (
   #if defined (_ASSERT)
     #undef _ASSERT
   #endif
-  #if defined (__clang__) && defined (__FILE_NAME__)
+  #if defined (__FILE_NAME__)
 #define _ASSERT(Expression)  UnitTestDebugAssert (__FILE_NAME__, DEBUG_LINE_NUMBER, DEBUG_EXPRESSION_STRING (Expression))
   #else
 #define _ASSERT(Expression)  UnitTestDebugAssert (__FILE__, DEBUG_LINE_NUMBER, DEBUG_EXPRESSION_STRING (Expression))
   #endif
 #else
-  #if defined (__clang__) && defined (__FILE_NAME__)
+  #if defined (__FILE_NAME__)
 #define _ASSERT(Expression)  DebugAssert (__FILE_NAME__, DEBUG_LINE_NUMBER, DEBUG_EXPRESSION_STRING (Expression))
   #else
 #define _ASSERT(Expression)  DebugAssert (__FILE__, DEBUG_LINE_NUMBER, DEBUG_EXPRESSION_STRING (Expression))

MdePkg/Library/DxeRngLib/DxeRngLib.c

@@ -1,17 +1,136 @@
 /** @file
  Provides an implementation of the library class RngLib that uses the Rng protocol.
 
- Copyright (c) 2023, Arm Limited. All rights reserved.
+ Copyright (c) 2023 - 2024, Arm Limited. All rights reserved.
  Copyright (c) Microsoft Corporation. All rights reserved.
  SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
 #include <Uefi.h>
 #include <Library/UefiBootServicesTableLib.h>
+#include <Library/BaseMemoryLib.h>
 #include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
 #include <Library/RngLib.h>
 #include <Protocol/Rng.h>
 
+STATIC EFI_RNG_PROTOCOL  *mRngProtocol;
+STATIC UINTN             mFirstAlgo = MAX_UINTN;
+
+typedef struct {
+  /// Guid of the secure algorithm.
+  EFI_GUID       *Guid;
+
+  /// Algorithm name.
+  CONST CHAR8    *Name;
+
+  /// The algorithm is available for use.
+  BOOLEAN        Available;
+} SECURE_RNG_ALGO_ARRAY;
+
+//
+// These represent UEFI SPEC defined algorithms that should be supported by
+// the RNG protocol and are generally considered secure.
+//
+GLOBAL_REMOVE_IF_UNREFERENCED SECURE_RNG_ALGO_ARRAY  mSecureHashAlgorithms[] = {
+ #ifdef MDE_CPU_AARCH64
+  {
+    &gEfiRngAlgorithmArmRndr, // unspecified SP800-90A DRBG (through RNDR instr.)
+    "ARM-RNDR",
+    FALSE,
+  },
+ #endif
+  {
+    &gEfiRngAlgorithmSp80090Ctr256Guid,  // SP800-90A DRBG CTR using AES-256
+    "DRBG-CTR",
+    FALSE,
+  },
+  {
+    &gEfiRngAlgorithmSp80090Hmac256Guid, // SP800-90A DRBG HMAC using SHA-256
+    "DRBG-HMAC",
+    FALSE,
+  },
+  {
+    &gEfiRngAlgorithmSp80090Hash256Guid, // SP800-90A DRBG Hash using SHA-256
+    "DRBG-Hash",
+    FALSE,
+  },
+  {
+    &gEfiRngAlgorithmRaw, // Raw data from NRBG (or TRNG)
+    "TRNG",
+    FALSE,
+  },
+};
+
+/**
+  Constructor routine to probe the available secure Rng algorithms.
+
+  @param  ImageHandle   The firmware allocated handle for the EFI image.
+  @param  SystemTable   A pointer to the EFI System Table.
+
+  @retval EFI_SUCCESS           Success.
+  @retval EFI_NOT_FOUND         Not found.
+  @retval EFI_INVALID_PARAMETER Invalid parameter.
+**/
+EFI_STATUS
+EFIAPI
+DxeRngLibConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS         Status;
+  UINTN              RngArraySize;
+  UINTN              RngArrayCnt;
+  UINT32             Index;
+  UINT32             Index1;
+  EFI_RNG_ALGORITHM  *RngArray;
+
+  Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&mRngProtocol);
+  if (EFI_ERROR (Status) || (mRngProtocol == NULL)) {
+    DEBUG ((DEBUG_ERROR, "%a: Could not locate RNG protocol, Status = %r\n", __func__, Status));
+    return Status;
+  }
+
+  RngArraySize = 0;
+
+  Status = mRngProtocol->GetInfo (mRngProtocol, &RngArraySize, NULL);
+  if (EFI_ERROR (Status) && (Status != EFI_BUFFER_TOO_SMALL)) {
+    return Status;
+  } else if (RngArraySize == 0) {
+    return EFI_NOT_FOUND;
+  }
+
+  RngArrayCnt = RngArraySize / sizeof (*RngArray);
+
+  RngArray = AllocateZeroPool (RngArraySize);
+  if (RngArray == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  Status = mRngProtocol->GetInfo (mRngProtocol, &RngArraySize, RngArray);
+  if (EFI_ERROR (Status)) {
+    goto ExitHandler;
+  }
+
+  for (Index = 0; Index < RngArrayCnt; Index++) {
+    for (Index1 = 0; Index1 < ARRAY_SIZE (mSecureHashAlgorithms); Index1++) {
+      if (CompareGuid (&RngArray[Index], mSecureHashAlgorithms[Index1].Guid)) {
+        mSecureHashAlgorithms[Index1].Available = TRUE;
+        if (mFirstAlgo == MAX_UINTN) {
+          mFirstAlgo = Index1;
+        }
+
+        break;
+      }
+    }
+  }
+
+ExitHandler:
+  FreePool (RngArray);
+  return Status;
+}
+
 /**
   Routine Description:
 
@@ -32,55 +151,70 @@ GenerateRandomNumberViaNist800Algorithm (
   IN  UINTN  BufferSize
   )
 {
-  EFI_STATUS        Status;
-  EFI_RNG_PROTOCOL  *RngProtocol;
-
-  RngProtocol = NULL;
+  EFI_STATUS             Status;
+  UINTN                  Index;
+  SECURE_RNG_ALGO_ARRAY  *Algo;
 
   if (Buffer == NULL) {
     DEBUG ((DEBUG_ERROR, "%a: Buffer == NULL.\n", __func__));
     return EFI_INVALID_PARAMETER;
   }
 
-  Status = gBS->LocateProtocol (&gEfiRngProtocolGuid, NULL, (VOID **)&RngProtocol);
-  if (EFI_ERROR (Status) || (RngProtocol == NULL)) {
-    DEBUG ((DEBUG_ERROR, "%a: Could not locate RNG prototocol, Status = %r\n", __func__, Status));
-    return Status;
+  if (mRngProtocol == NULL) {
+    return EFI_NOT_FOUND;
   }
 
-  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmSp80090Ctr256Guid, BufferSize, Buffer);
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm CTR-256 - Status = %r\n", __func__, Status));
-  if (!EFI_ERROR (Status)) {
-    return Status;
+  // Try the first available algorithm.
+  if (mFirstAlgo != MAX_UINTN) {
+    Algo   = &mSecureHashAlgorithms[mFirstAlgo];
+    Status = mRngProtocol->GetRNG (mRngProtocol, Algo->Guid, BufferSize, Buffer);
+    DEBUG ((
+      DEBUG_INFO,
+      "%a: GetRNG algorithm %a - Status = %r\n",
+      __func__,
+      Algo->Name,
+      Status
+      ));
+    if (!EFI_ERROR (Status)) {
+      return Status;
+    }
+
+    Index = mFirstAlgo + 1;
+  } else {
+    Index = 0;
   }
 
-  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmSp80090Hmac256Guid, BufferSize, Buffer);
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm HMAC-256 - Status = %r\n", __func__, Status));
-  if (!EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmSp80090Hash256Guid, BufferSize, Buffer);
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __func__, Status));
-  if (!EFI_ERROR (Status)) {
-    return Status;
+  // Iterate over other available algorithms.
+  for ( ; Index < ARRAY_SIZE (mSecureHashAlgorithms); Index++) {
+    Algo = &mSecureHashAlgorithms[Index];
+    if (!Algo->Available) {
+      continue;
+    }
+
+    Status = mRngProtocol->GetRNG (mRngProtocol, Algo->Guid, BufferSize, Buffer);
+    DEBUG ((
+      DEBUG_INFO,
+      "%a: GetRNG algorithm %a - Status = %r\n",
+      __func__,
+      Algo->Name,
+      Status
+      ));
+    if (!EFI_ERROR (Status)) {
+      return Status;
+    }
   }
 
-  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
-  if (!EFI_ERROR (Status)) {
-    return Status;
-  }
-
-  // If all the other methods have failed, use the default method from the RngProtocol
-  Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
-  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
-  if (!EFI_ERROR (Status)) {
-    return Status;
+  if (!PcdGetBool (PcdEnforceSecureRngAlgorithms)) {
+    // If all the other methods have failed, use the default method from the RngProtocol
+    Status = mRngProtocol->GetRNG (mRngProtocol, NULL, BufferSize, Buffer);
+    DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
+    if (!EFI_ERROR (Status)) {
+      return Status;
+    }
   }
 
   // If we get to this point, we have failed
-  DEBUG ((DEBUG_ERROR, "%a: GetRNG() failed, staus = %r\n", __func__, Status));
+  DEBUG ((DEBUG_ERROR, "%a: GetRNG() failed, Status = %r\n", __func__, Status));
 
   return Status;
 }// GenerateRandomNumberViaNist800Algorithm()

MdePkg/Library/DxeRngLib/DxeRngLib.inf

@@ -15,6 +15,7 @@
   MODULE_TYPE     = DXE_DRIVER
   VERSION_STRING  = 1.0
   LIBRARY_CLASS   = RngLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER
+  CONSTRUCTOR     = DxeRngLibConstructor
 
 [Packages]
   MdePkg/MdePkg.dec
@@ -24,6 +25,7 @@
 
 [LibraryClasses]
   DebugLib
+  MemoryAllocationLib
   UefiBootServicesTableLib
 
 [Protocols]
@@ -37,3 +39,9 @@
   gEfiRngAlgorithmSp80090Hash256Guid
   gEfiRngAlgorithmSp80090Hmac256Guid
   gEfiRngAlgorithmRaw
+
+[Guids.AARCH64]
+  gEfiRngAlgorithmArmRndr
+
+[FixedPcd]
+  gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms ## CONSUMES

MdePkg/MdePkg.dec

@@ -2266,6 +2266,12 @@
   ## This PCD specifies the interrupt vector for stack cookie check failures
   gEfiMdePkgTokenSpaceGuid.PcdStackCookieExceptionVector|0x42|UINT8|0x30001019
 
+  ## Enforces the use of Secure UEFI spec defined RNG algorithms.
+  # TRUE  - Enforce the use of Secure UEFI spec defined RNG algorithms.
+  # FALSE - Do not enforce and depend on the default implementation of RNG algorithm from the provider.
+  # @Prompt Enforce the use of Secure UEFI spec defined RNG algorithms.
+  gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE|BOOLEAN|0x1000000D
+
 [PcdsFixedAtBuild,PcdsPatchableInModule]
   ## Indicates the maximum length of unicode string used in the following
   #  BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy()<BR><BR>