rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9

Browse Source 
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66230]
- Resolves: RHEL-66230
  ([Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6])
This commit is contained in:
Miroslav Rezanina 2024-11-11 02:08:05 -05:00
parent 84fb1d85ec
commit 0ba5955357
2 changed files with 109 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch Normal file
View File

@ -0,0 +1,101 @@
From 9c180326056f489b55999586f3bc1d225eda985e Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 81: OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Jira: RHEL-66230
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/1] 1c2135c76fa4eb3d64000d3b0161393703dd5dd6 (osteffen/edk2)
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
This patch adds the fallback rng (added on ae9be39436)
also to the PlatformBootManagerLibLight, which is used by ArmVirtPkg.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
index 8e93f3cfed..8aa1e8e2df 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
@@ -30,6 +30,7 @@
#include <Guid/GlobalVariable.h>
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Guid/SerialPortLibVendor.h>
+#include "FallbackRng.h"
#include "PlatformBm.h"
@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+
//
// Add the hardcoded short-form USB keyboard device path to ConIn.
//
@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
+
+ FallbackRngCheckAndInstall ();
}
/**
@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
RETURN_STATUS Status;
BOOLEAN Uninstall;
+ FallbackRngPrintWarning ();
+
//
// Show the splash screen.
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
index 8e7cd5605f..4583c05ef4 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
@@ -27,6 +27,8 @@
PlatformBm.c
PlatformBm.h
QemuKernel.c
+ ../PlatformBootManagerLib/FallbackRng.h
+ ../PlatformBootManagerLib/FallbackRng.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -53,6 +55,7 @@
UefiBootServicesTableLib
UefiLib
UefiRuntimeServicesTableLib
+ RngLib
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
@@ -70,6 +73,7 @@
gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gEfiRngAlgorithmRaw
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
@@ -77,3 +81,4 @@
gEfiMemoryAttributeProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid
--
2.39.3

9
edk2.spec
View File

@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2 Name: edk2
Version: %{GITDATE} Version: %{GITDATE}
Release: 8%{?dist} Release: 9%{?dist}
Summary: UEFI firmware for 64-bit virtual machines Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org URL: http://www.tianocore.org
@ -109,6 +109,8 @@ Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch
Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# For RHEL-65725 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6] # For RHEL-65725 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6]
Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-66230 - [Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6]
Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
# python3-devel and libuuid-devel are required for building tools. # python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and # python3-devel is also needed for varstore template generation and
@ -443,6 +445,11 @@ install -m 0644 \
%changelog %changelog
* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66230]
- Resolves: RHEL-66230
([Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6])
* Wed Nov 06 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-8 * Wed Nov 06 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-8
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65725] - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65725]
- Resolves: RHEL-65725 - Resolves: RHEL-65725