- NetworkPkg/DxeNetLib: adjust PseudoRandom error logging

- NetworkPkg/DxeNetLib: Reword PseudoRandom error logging - OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
2024-09-03 12:49:07 +03:00 · 2024-09-03 12:49:07 +03:00 · 112e6eed54
commit 112e6eed54
parent 19eb2b4b8d
4 changed files with 283 additions and 1 deletions
--- a/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
+++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
@ -0,0 +1,43 @@
+From c5f142e26ea5e892a63ed35ca952c8b583a9f8c1 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Wed, 14 Aug 2024 09:53:49 +0200
+Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
+RH-Jira: RHEL-45899
+RH-Commit: [2/2] 0d465ca0ea00598e6826446cd08e890c2ae4bea7 (osteffen/edk2)
+
+The word "Failed" is used when logging tired Rng algorithms.
+These mostly non-critical messages confused some users.
+
+Reword it and also add a message confirming eventual success to
+deescalate the importance somewhat.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+index 4dfbe91a55..905a944975 100644
+--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+@@ -946,12 +946,13 @@ PseudoRandom (
+         //
+         // Secure Algorithm was supported on this platform
+         //
+        DEBUG ((DEBUG_VERBOSE, "Generated random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+         return EFI_SUCCESS;
+       } else if (Status == EFI_UNSUPPORTED) {
+         //
+         // Secure Algorithm was not supported on this platform
+         //
+-        DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+        DEBUG ((DEBUG_VERBOSE, "Unable to generate random data using secure algorithm %d not available: %r\n", AlgorithmIndex, Status));
+ 
+         //
+         // Try the next secure algorithm
+-- 
+2.39.3
+
--- a/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
+++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
@ -0,0 +1,48 @@
+From 7cbd00792445ad50e861e4835cdb5ba60466aae3 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Wed, 19 Jun 2024 09:07:56 +0200
+Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
+RH-Jira: RHEL-45899
+RH-Commit: [1/2] 15135d672cef4310cb29f8a55146f36b2ee1f15d (osteffen/edk2)
+
+There is a list of allowed rng algorithms, if /one/ of them is not
+supported this is not a problem, only /all/ of them failing is an
+error condition.
+
+Downgrade the message for a single unsupported algorithm from ERROR to
+VERBOSE.  Add an error message in case we finish the loop without
+finding a supported algorithm.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+(cherry picked from commit 6862b9d538d96363635677198899e1669e591259)
+---
+ NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+index 01c13c08d2..4dfbe91a55 100644
+--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+@@ -951,7 +951,7 @@ PseudoRandom (
+         //
+         // Secure Algorithm was not supported on this platform
+         //
+-        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+        DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ 
+         //
+         // Try the next secure algorithm
+@@ -971,6 +971,7 @@ PseudoRandom (
+     // If we get here, we failed to generate random data using any secure algorithm
+     // Platform owner should ensure that at least one secure algorithm is supported
+     //
+    DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n"));
+     ASSERT_EFI_ERROR (Status);
+     return Status;
+   }
+-- 
+2.39.3
+
--- a/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
+++ b/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
@ -0,0 +1,179 @@
+From cb9d71189134e78efb00759eb9649ce92bf5b29a Mon Sep 17 00:00:00 2001
+From: Doug Flick <dougflick@microsoft.com>
+Date: Wed, 8 May 2024 22:56:24 -0700
+Subject: [PATCH] OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
+
+This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
+used to provide the hashing protocol services.
+
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+Tested-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 6 +++++-
+ OvmfPkg/OvmfPkgIa32.fdf    | 5 +++++
+ OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++-
+ OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++
+ OvmfPkg/OvmfPkgX64.dsc     | 6 +++++-
+ OvmfPkg/OvmfPkgX64.fdf     | 5 +++++
+ OvmfPkg/OvmfXen.dsc        | 5 +++++
+ OvmfPkg/OvmfXen.fdf        | 5 +++++
+ 8 files changed, 40 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 1be021be7140..2ca005d768ef 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -226,7 +226,6 @@
+   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
+ 
+-
+   #
+   # Network libraries
+   #
+@@ -884,6 +883,11 @@
+   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # Network Support
+   #
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 6eb26f7d4613..0d4abb50a8f7 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -303,6 +303,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+ #
+ # Network modules
+ #
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index d27a4c7278c2..a39070a62655 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -231,7 +231,6 @@
+   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
+ 
+-
+   #
+   # Network libraries
+   #
+@@ -902,6 +901,11 @@
+   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # Network Support
+   #
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 080784f722a7..23a825a01298 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -304,6 +304,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+ #
+ # Network modules
+ #
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 8f5cd23b2ec0..1b90aa8f5737 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -247,7 +247,6 @@
+   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
+   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
+ 
+-
+   #
+   # Network libraries
+   #
+@@ -970,6 +969,11 @@
+   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # Network Support
+   #
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index b6e8f43566c4..4dcd6a033c5a 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -331,6 +331,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+ INF OvmfPkg/TdxDxe/TdxDxe.inf
+ 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+ #
+ # Network modules
+ #
+diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
+index fa1a570e746a..7fc340d1c1df 100644
+--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
+@@ -682,6 +682,11 @@
+   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+  #
+  # Hash2 Protocol producer
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # Network Support
+   #
+diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
+index 5770b173168b..41368f37e254 100644
+--- a/OvmfPkg/OvmfXen.fdf
+++ b/OvmfPkg/OvmfXen.fdf
+@@ -315,6 +315,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+#
+# Hash2 Protocol producer
+#
+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+ #
+ # Network modules
+ #
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}
-Release:    6%{?dist}.2
+Release:    6%{?dist}.3.alma.1
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@ -294,6 +294,13 @@ Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
 # For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
 Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch

+# Patches were taken from:
+# https://github.com/tianocore/edk2/commit/cb9d71189134e78efb00759eb9649ce92bf5b29a
+Patch81: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
+# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/57946d1d09a5d712de686fbefab0b8ffdad4d06c
+Patch82: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
+Patch83: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
+
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
 # verification with "ovmf-vars-generator".
@ -626,6 +633,11 @@ install -m 0644 \


 %changelog
+* Tue Sep 03 2024 Eduard Abdullin <eabdullin@almalinux.org> - 20231122-6.el9_4.3.alma.1
+- NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
+- NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
+- OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
+
 * Tue Jul 23 2024 EL Errata <el-errata_ww@oracle.com> - 20231122-6.0.1.el9_4.2
 - Replace upstream references [Orabug:36569119]