From 112e6eed545716502636580ff1bbee1c47c57eda Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 3 Sep 2024 12:49:07 +0300 Subject: [PATCH] - NetworkPkg/DxeNetLib: adjust PseudoRandom error logging - NetworkPkg/DxeNetLib: Reword PseudoRandom error logging - OvmfPkg: Add Hash2DxeCrypto to OvmfPkg --- ...tLib-Reword-PseudoRandom-error-loggi.patch | 43 +++++ ...tLib-adjust-PseudoRandom-error-loggi.patch | 48 +++++ ...vmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch | 179 ++++++++++++++++++ SPECS/edk2.spec | 14 +- 4 files changed, 283 insertions(+), 1 deletion(-) create mode 100644 SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch create mode 100644 SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch create mode 100644 SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch diff --git a/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch b/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch new file mode 100644 index 0000000..e15a863 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch @@ -0,0 +1,43 @@ +From c5f142e26ea5e892a63ed35ca952c8b583a9f8c1 Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Wed, 14 Aug 2024 09:53:49 +0200 +Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging + +RH-Author: Oliver Steffen +RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging +RH-Jira: RHEL-45899 +RH-Commit: [2/2] 0d465ca0ea00598e6826446cd08e890c2ae4bea7 (osteffen/edk2) + +The word "Failed" is used when logging tired Rng algorithms. +These mostly non-critical messages confused some users. + +Reword it and also add a message confirming eventual success to +deescalate the importance somewhat. + +Signed-off-by: Oliver Steffen +--- + NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +index 4dfbe91a55..905a944975 100644 +--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c ++++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +@@ -946,12 +946,13 @@ PseudoRandom ( + // + // Secure Algorithm was supported on this platform + // ++ DEBUG ((DEBUG_VERBOSE, "Generated random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); + return EFI_SUCCESS; + } else if (Status == EFI_UNSUPPORTED) { + // + // Secure Algorithm was not supported on this platform + // +- DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); ++ DEBUG ((DEBUG_VERBOSE, "Unable to generate random data using secure algorithm %d not available: %r\n", AlgorithmIndex, Status)); + + // + // Try the next secure algorithm +-- +2.39.3 + diff --git a/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch b/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch new file mode 100644 index 0000000..2168b5b --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch @@ -0,0 +1,48 @@ +From 7cbd00792445ad50e861e4835cdb5ba60466aae3 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 19 Jun 2024 09:07:56 +0200 +Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging + +RH-Author: Oliver Steffen +RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging +RH-Jira: RHEL-45899 +RH-Commit: [1/2] 15135d672cef4310cb29f8a55146f36b2ee1f15d (osteffen/edk2) + +There is a list of allowed rng algorithms, if /one/ of them is not +supported this is not a problem, only /all/ of them failing is an +error condition. + +Downgrade the message for a single unsupported algorithm from ERROR to +VERBOSE. Add an error message in case we finish the loop without +finding a supported algorithm. + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 6862b9d538d96363635677198899e1669e591259) +--- + NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +index 01c13c08d2..4dfbe91a55 100644 +--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c ++++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +@@ -951,7 +951,7 @@ PseudoRandom ( + // + // Secure Algorithm was not supported on this platform + // +- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); ++ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); + + // + // Try the next secure algorithm +@@ -971,6 +971,7 @@ PseudoRandom ( + // If we get here, we failed to generate random data using any secure algorithm + // Platform owner should ensure that at least one secure algorithm is supported + // ++ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n")); + ASSERT_EFI_ERROR (Status); + return Status; + } +-- +2.39.3 + diff --git a/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch b/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch new file mode 100644 index 0000000..ac9766f --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch @@ -0,0 +1,179 @@ +From cb9d71189134e78efb00759eb9649ce92bf5b29a Mon Sep 17 00:00:00 2001 +From: Doug Flick +Date: Wed, 8 May 2024 22:56:24 -0700 +Subject: [PATCH] OvmfPkg: Add Hash2DxeCrypto to OvmfPkg + +This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is +used to provide the hashing protocol services. + +Cc: Ard Biesheuvel +Cc: Jiewen Yao +Cc: Gerd Hoffmann + +Signed-off-by: Doug Flick [MSFT] +Tested-by: Gerd Hoffmann +Acked-by: Gerd Hoffmann +Reviewed-by: Ard Biesheuvel +--- + OvmfPkg/OvmfPkgIa32.dsc | 6 +++++- + OvmfPkg/OvmfPkgIa32.fdf | 5 +++++ + OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++- + OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++ + OvmfPkg/OvmfPkgX64.dsc | 6 +++++- + OvmfPkg/OvmfPkgX64.fdf | 5 +++++ + OvmfPkg/OvmfXen.dsc | 5 +++++ + OvmfPkg/OvmfXen.fdf | 5 +++++ + 8 files changed, 40 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 1be021be7140..2ca005d768ef 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -226,7 +226,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -884,6 +883,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 6eb26f7d4613..0d4abb50a8f7 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -303,6 +303,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index d27a4c7278c2..a39070a62655 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -231,7 +231,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -902,6 +901,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index 080784f722a7..23a825a01298 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -304,6 +304,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 8f5cd23b2ec0..1b90aa8f5737 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -247,7 +247,6 @@ + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf + VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf + +- + # + # Network libraries + # +@@ -970,6 +969,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index b6e8f43566c4..4dcd6a033c5a 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -331,6 +331,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf + + INF OvmfPkg/TdxDxe/TdxDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # +diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc +index fa1a570e746a..7fc340d1c1df 100644 +--- a/OvmfPkg/OvmfXen.dsc ++++ b/OvmfPkg/OvmfXen.dsc +@@ -682,6 +682,11 @@ + MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf + MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf + ++ # ++ # Hash2 Protocol producer ++ # ++ SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network Support + # +diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf +index 5770b173168b..41368f37e254 100644 +--- a/OvmfPkg/OvmfXen.fdf ++++ b/OvmfPkg/OvmfXen.fdf +@@ -315,6 +315,11 @@ INF ShellPkg/Application/Shell/Shell.inf + + INF MdeModulePkg/Logo/LogoDxe.inf + ++# ++# Hash2 Protocol producer ++# ++INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf ++ + # + # Network modules + # diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 405983f..7c60c40 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 6%{?dist}.2 +Release: 6%{?dist}.3.alma.1 Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -294,6 +294,13 @@ Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch # For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z] Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch +# Patches were taken from: +# https://github.com/tianocore/edk2/commit/cb9d71189134e78efb00759eb9649ce92bf5b29a +Patch81: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch +# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/57946d1d09a5d712de686fbefab0b8ffdad4d06c +Patch82: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch +Patch83: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch + # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and # verification with "ovmf-vars-generator". @@ -626,6 +633,11 @@ install -m 0644 \ %changelog +* Tue Sep 03 2024 Eduard Abdullin - 20231122-6.el9_4.3.alma.1 +- NetworkPkg/DxeNetLib: adjust PseudoRandom error logging +- NetworkPkg/DxeNetLib: Reword PseudoRandom error logging +- OvmfPkg: Add Hash2DxeCrypto to OvmfPkg + * Tue Jul 23 2024 EL Errata - 20231122-6.0.1.el9_4.2 - Replace upstream references [Orabug:36569119]