2024-12-09 09:44:56 +00:00
|
|
|
From 16e51b6f9f7aec58233869874e1ad106eca15684 Mon Sep 17 00:00:00 2001
|
2024-11-22 17:29:42 +00:00
|
|
|
From: Oliver Steffen <osteffen@redhat.com>
|
|
|
|
|
Date: Mon, 4 Nov 2024 19:00:11 +0100
|
|
|
|
|
Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
|
|
|
|
|
|
|
|
|
|
Since the pixiefail CVE fix the network stack requires a hardware
|
|
|
|
|
random number generator. This can currently be a modern CPU supporting
|
|
|
|
|
the RDRAND instruction or a virtio-rng device.
|
|
|
|
|
The latter is initialized during the BDS phase.
|
|
|
|
|
To ensure all depending (network) modules are also started, we need to
|
|
|
|
|
run the dispatcher once more after the device was initialized.
|
|
|
|
|
Without this, network boot is not available under certain hardware
|
|
|
|
|
configurations.
|
|
|
|
|
|
|
|
|
|
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
|
|
|
|
|
|
|
|
|
|
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
|
|
|
|
|
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
|
|
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
2024-12-09 09:44:56 +00:00
|
|
|
(cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f)
|
2024-11-22 17:29:42 +00:00
|
|
|
---
|
|
|
|
|
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
|
|
|
|
|
1 file changed, 2 insertions(+)
|
|
|
|
|
|
|
|
|
|
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
|
|
|
|
|
index 87d1ac3142..1f1298eb0b 100644
|
|
|
|
|
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
|
|
|
|
|
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
|
|
|
|
|
@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
|
|
|
|
|
if (EFI_ERROR (Status)) {
|
|
|
|
|
goto Error;
|
|
|
|
|
}
|
|
|
|
|
+
|
|
|
|
|
+ gDS->Dispatch ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return EFI_SUCCESS;
|
