-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support x86_64-unknown-uefi #30
Conversation
fec48c1
to
c075ea6
Compare
Note that because this removed the compiler error when
Also, @dhardy @newpavlov to use |
I'm still not convinced whether we should omit the CPU detection just to avoid a CPUID test. @nagisa? I think there's no other reason we can't support SGX with stable compilers? If so then copying the code sounds best. |
To be clear, the CPUID test is only omitted if the compiler already knows it can support RDRAND. This is crucial for SGX, as the CPUID instruction is illegal in an enclave.
Will do |
You should just use the `is_x86_target_feature_detected` macro. It does the
sane thing - caches results (globally) and does the detection in a target
specific way which is more likely to work compared to whatever you might
want to maintain yourselves.
…On Thu, Jun 13, 2019, 13:43 Joseph Richey ***@***.***> wrote:
I'm still not convinced whether we should omit the CPU detection just to
avoid a CPUID test.
To be clear, the CPUID test is only omitted if the compiler already knows
it can support RDRAND. This is crucial for SGX, as the CPUID instruction is
illegal in an enclave.
If so then copying the code sounds best.
Will do
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#30?email_source=notifications&email_token=AAFFZURRWBWUAVIMAKGZYKLP2IQFBA5CNFSM4HXIH3TKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXTJIWQ#issuecomment-501650522>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAFFZUVR3GWDRZKEZXKMIH3P2IQFBANCNFSM4HXIH3TA>
.
|
Caveat: the macro is not supported on non-std targets. In that case you
still want to maintain something similar.
…On Thu, Jun 13, 2019, 14:59 Simonas Kazlauskas ***@***.***> wrote:
You should just use the `is_x86_target_feature_detected` macro. It does
the sane thing - caches results (globally) and does the detection in a
target specific way which is more likely to work compared to whatever you
might want to maintain yourselves.
On Thu, Jun 13, 2019, 13:43 Joseph Richey ***@***.***>
wrote:
> I'm still not convinced whether we should omit the CPU detection just to
> avoid a CPUID test.
>
> To be clear, the CPUID test is only omitted if the compiler already knows
> it can support RDRAND. This is crucial for SGX, as the CPUID instruction is
> illegal in an enclave.
>
> If so then copying the code sounds best.
>
> Will do
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <#30?email_source=notifications&email_token=AAFFZURRWBWUAVIMAKGZYKLP2IQFBA5CNFSM4HXIH3TKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXTJIWQ#issuecomment-501650522>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AAFFZUVR3GWDRZKEZXKMIH3P2IQFBANCNFSM4HXIH3TA>
> .
>
|
Ya this is the issue, because most of the targets we would want to use RDRAND on are |
https://github.com/nagisa/rust_rdrand/blob/fa7b3b13f393a1eaf345fb8d207631ca2a8a78bc/src/lib.rs#L143 is what I have in the rdrand library, your’s seems equivalent. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks okay to me other than inverted logic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to detect if EFI_RNG_PROTOCOL is implemented and use RDRAND as a fallback?
Not without access to the EFI system table. Using |
Agreed, that sounds like a needless complication.
I think you want |
Fixed |
@dhardy |
return Ok(el.to_ne_bytes()); | ||
} | ||
}; | ||
let mut el = mem::uninitialized(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A bit late to the party here, but I was curious why this uses mem::uninitialized()
instead of mem::zeroed()
.
Zeroing seems relatively lightweight compared to RDRAND itself, would make RNG failures more obvious, and eliminates the potential risk of using attacker-controlled values which appear plausibly random at first glance as e.g. cryptographic keys.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, zeroed
could be a better choice. Although in practice it does not matter, as both zeroed
and uninitialized
get optimized out.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in the latest commit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tarcieri good catch! It also gets rid of a deprecation warning on the latest nightly.
Closes #27 and adds support for the
x86_64-unknown-uefi
target. For our purposes, this target is quite similar to SGX in that the only source of RNG is RDRAND.This PR:
cargo xbuild
to make sure we can build on this target.is_x86_feature_detected!
macro. We use it fromstd_detect
instead ofstd
. Note that while this macro is not part ofcore
,std_detect
supportsno_std
targets on x86 (as it just makes cached calls to CPUID).Note: we don't use EFI_RNG_PROTOCOL as most motherboard firmwares don't implement it, and those that do (i.e. EDK2) just call RDRAND anyway.