From 0ba5955357aa2c297dd77b738e0dcb6324815542 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Mon, 11 Nov 2024 02:08:05 -0500
Subject: [PATCH] * Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> -
 20240524-9

- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66230]
- Resolves: RHEL-66230
  ([Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6])
---
 ...rmVirtPkg-Add-a-Fallback-RNG-RH-only.patch | 101 ++++++++++++++++++
 edk2.spec                                     |   9 +-
 2 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch

diff --git a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch b/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
new file mode 100644
index 0000000..f526e0d
--- /dev/null
+++ b/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
@@ -0,0 +1,101 @@
+From 9c180326056f489b55999586f3bc1d225eda985e Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Thu, 7 Nov 2024 11:36:22 +0100
+Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 81: OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
+RH-Jira: RHEL-66230
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] 1c2135c76fa4eb3d64000d3b0161393703dd5dd6 (osteffen/edk2)
+
+Since the pixiefail CVE fix, the network stack requires a random number
+generator.
+In case there is no hardware random number generator available,
+have the Platform Boot Manager install a pseudo RNG to ensure
+the network can be used.
+
+This patch adds the fallback rng (added on ae9be39436)
+also to the PlatformBootManagerLibLight, which is used by ArmVirtPkg.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c    | 6 ++++++
+ .../PlatformBootManagerLibLight/PlatformBootManagerLib.inf  | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+index 8e93f3cfed..8aa1e8e2df 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+@@ -30,6 +30,7 @@
+ #include <Guid/GlobalVariable.h>
+ #include <Guid/RootBridgesConnectedEventGroup.h>
+ #include <Guid/SerialPortLibVendor.h>
++#include "FallbackRng.h"
+ 
+ #include "PlatformBm.h"
+ 
+@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
+   //
+   FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+ 
++
+   //
+   // Add the hardcoded short-form USB keyboard device path to ConIn.
+   //
+@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
+   //
+   FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
+   FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
++
++  FallbackRngCheckAndInstall ();
+ }
+ 
+ /**
+@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
+   RETURN_STATUS  Status;
+   BOOLEAN        Uninstall;
+ 
++  FallbackRngPrintWarning ();
++
+   //
+   // Show the splash screen.
+   //
+diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+index 8e7cd5605f..4583c05ef4 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+@@ -27,6 +27,8 @@
+   PlatformBm.c
+   PlatformBm.h
+   QemuKernel.c
++  ../PlatformBootManagerLib/FallbackRng.h
++  ../PlatformBootManagerLib/FallbackRng.c
+ 
+ [Packages]
+   MdeModulePkg/MdeModulePkg.dec
+@@ -53,6 +55,7 @@
+   UefiBootServicesTableLib
+   UefiLib
+   UefiRuntimeServicesTableLib
++  RngLib
+ 
+ [FixedPcd]
+   gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
+@@ -70,6 +73,7 @@
+   gEfiGlobalVariableGuid
+   gRootBridgesConnectedEventGroupGuid
+   gUefiShellFileGuid
++  gEfiRngAlgorithmRaw
+ 
+ [Protocols]
+   gEfiFirmwareVolume2ProtocolGuid
+@@ -77,3 +81,4 @@
+   gEfiMemoryAttributeProtocolGuid
+   gEfiPciRootBridgeIoProtocolGuid
+   gVirtioDeviceProtocolGuid
++  gEfiRngProtocolGuid
+-- 
+2.39.3
+
diff --git a/edk2.spec b/edk2.spec
index fe4ef4c..1f9e8a1 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    8%{?dist}
+Release:    9%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -109,6 +109,8 @@ Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch
 Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
 # For RHEL-65725 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6]
 Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
+# For RHEL-66230 - [Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6]
+Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -443,6 +445,11 @@ install -m 0644 \
 
 
 %changelog
+* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9
+- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66230]
+- Resolves: RHEL-66230
+  ([Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6])
+
 * Wed Nov 06 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-8
 - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65725]
 - Resolves: RHEL-65725