rpms/edk2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge branch 'c9' into a9

Browse Source
This commit is contained in:
eabdullin 2024-09-03 12:31:26 +03:00
commit 19eb2b4b8d
12 changed files with 1064 additions and 825 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
View File

@ -1,36 +1,57 @@
From 94961b8817eec6f8d0434555ac50a7aa51c22201 Mon Sep 17 00:00:00 2001 From b8793ffc6a7e7cfe3ecd9bd0da566ffd913a4544 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Fri, 14 Jun 2024 11:45:49 +0200 Date: Thu, 20 Jun 2024 10:34:52 -0400
Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList Subject: [PATCH 7/8] CryptoPkg/Test: call ProcessLibraryConstructorList
Needed to properly initialize BaseRngLib. RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [7/8] 7b09b94bfb56f5b81df2ccf1e6dbe21a7354a723
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> JIRA: https://issues.redhat.com/browse/RHEL-40270
Upstream: Merged
CVE: CVE-2023-45237
commit 94961b8817eec6f8d0434555ac50a7aa51c22201
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri Jun 14 11:45:49 2024 +0200
CryptoPkg/Test: call ProcessLibraryConstructorList
Needed to properly initialize BaseRngLib.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
--- ---
.../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++ .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++
1 file changed, 7 insertions(+) 1 file changed, 7 insertions(+)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
index d0c1c7a4f7e0..48d463b8ad49 100644 index d0c1c7a4f7..48d463b8ad 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c --- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c +++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
@@ -8,6 +8,12 @@ @@ -8,6 +8,12 @@
**/ **/
#include "TestBaseCryptLib.h" #include "TestBaseCryptLib.h"
+VOID +VOID
+EFIAPI +EFIAPI
+ProcessLibraryConstructorList ( +ProcessLibraryConstructorList (
+ VOID + VOID
+ ); + );
+ +
/** /**
Initialize the unit test framework, suite, and unit tests for the Initialize the unit test framework, suite, and unit tests for the
sample unit tests and run the unit tests. sample unit tests and run the unit tests.
@@ -76,5 +82,6 @@ main ( @@ -76,5 +82,6 @@ main (
char *argv[] char *argv[]
) )
{ {
+ ProcessLibraryConstructorList (); + ProcessLibraryConstructorList ();
return UefiTestMain (); return UefiTestMain ();
} }
--
2.39.3

112
SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
View File

@ -1,39 +1,58 @@
From aeaee8944f0eaacbf4cdf39279785b9ba4836bb6 Mon Sep 17 00:00:00 2001 From f01b34eaeff2ccdd0ee7f2cf6371542efc0b13f5 Mon Sep 17 00:00:00 2001
From: Gua Guo <gua.guo@intel.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 11 Jan 2024 13:07:50 +0800 Date: Sat, 6 Apr 2024 11:00:29 -0400
Subject: [PATCH] EmbeddedPkg/Hob: Integer Overflow in CreateHob() Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
Fix integer overflow in various CreateHob instances. RH-Jira: RHEL-30156
Fixes: CVE-2022-36765 RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Acked-by: Gerd Hoffmann <None>
The CreateHob() function aligns the requested size to 8 RH-Commit: [1/2] 1b851d3ecf23092f7961cd0320221dc56b69adc4
performing the following operation:
``` JIRA: https://issues.redhat.com/browse/RHEL-30156
HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); CVE: CVE-2022-36765
``` Upstream: Merged
No checks are performed to ensure this value doesn't commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
overflow, and could lead to CreateHob() returning a smaller Author: Gua Guo <gua.guo@intel.com>
HOB than requested, which could lead to OOB HOB accesses. Date: Thu Jan 11 13:07:50 2024 +0800
Reported-by: Marc Beatove <mbeatove@google.com> EmbeddedPkg/Hob: Integer Overflow in CreateHob()
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
Cc: Abner Chang <abner.chang@amd.com>
Cc: John Mathew <john.mathews@intel.com> Fix integer overflow in various CreateHob instances.
Authored-by: Gerd Hoffmann <kraxel@redhat.com> Fixes: CVE-2022-36765
Signed-off-by: Gua Guo <gua.guo@intel.com>
--- The CreateHob() function aligns the requested size to 8
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++++++++++ performing the following operation:
1 file changed, 43 insertions(+) ```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c ```
index 8eb175aa96f9..cbc35152ccbc 100644
--- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c No checks are performed to ensure this value doesn't
+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c overflow, and could lead to CreateHob() returning a smaller
@@ -110,6 +110,13 @@ CreateHob ( HOB than requested, which could lead to OOB HOB accesses.
Reported-by: Marc Beatove <mbeatove@google.com>
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Abner Chang <abner.chang@amd.com>
Cc: John Mathew <john.mathews@intel.com>
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
index 8eb175aa96..cbc35152cc 100644
--- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
@@ -110,6 +110,13 @@ CreateHob (
HandOffHob = GetHobList (); HandOffHob = GetHobList ();
@ -47,7 +66,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom; FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
@@ -160,6 +167,9 @@ BuildResourceDescriptorHob ( @@ -160,6 +167,9 @@ BuildResourceDescriptorHob (
Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR)); Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
ASSERT (Hob != NULL); ASSERT (Hob != NULL);
@ -57,7 +76,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
Hob->ResourceType = ResourceType; Hob->ResourceType = ResourceType;
Hob->ResourceAttribute = ResourceAttribute; Hob->ResourceAttribute = ResourceAttribute;
@@ -401,6 +411,10 @@ BuildModuleHob ( @@ -401,6 +411,10 @@ BuildModuleHob (
); );
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE)); Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
@ -68,7 +87,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid); CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule; Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
@@ -449,6 +463,11 @@ BuildGuidHob ( @@ -449,6 +463,11 @@ BuildGuidHob (
ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE))); ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength)); Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
@ -80,7 +99,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
CopyGuid (&Hob->Name, Guid); CopyGuid (&Hob->Name, Guid);
return Hob + 1; return Hob + 1;
} }
@@ -512,6 +531,10 @@ BuildFvHob ( @@ -512,6 +531,10 @@ BuildFvHob (
EFI_HOB_FIRMWARE_VOLUME *Hob; EFI_HOB_FIRMWARE_VOLUME *Hob;
Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME)); Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
@ -91,7 +110,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
Hob->BaseAddress = BaseAddress; Hob->BaseAddress = BaseAddress;
Hob->Length = Length; Hob->Length = Length;
@@ -543,6 +566,10 @@ BuildFv2Hob ( @@ -543,6 +566,10 @@ BuildFv2Hob (
EFI_HOB_FIRMWARE_VOLUME2 *Hob; EFI_HOB_FIRMWARE_VOLUME2 *Hob;
Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2)); Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
@ -102,7 +121,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
Hob->BaseAddress = BaseAddress; Hob->BaseAddress = BaseAddress;
Hob->Length = Length; Hob->Length = Length;
@@ -584,6 +611,10 @@ BuildFv3Hob ( @@ -584,6 +611,10 @@ BuildFv3Hob (
EFI_HOB_FIRMWARE_VOLUME3 *Hob; EFI_HOB_FIRMWARE_VOLUME3 *Hob;
Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3)); Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3));
@ -113,7 +132,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
Hob->BaseAddress = BaseAddress; Hob->BaseAddress = BaseAddress;
Hob->Length = Length; Hob->Length = Length;
@@ -639,6 +670,10 @@ BuildCpuHob ( @@ -639,6 +670,10 @@ BuildCpuHob (
EFI_HOB_CPU *Hob; EFI_HOB_CPU *Hob;
Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU)); Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
@ -124,7 +143,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
Hob->SizeOfMemorySpace = SizeOfMemorySpace; Hob->SizeOfMemorySpace = SizeOfMemorySpace;
Hob->SizeOfIoSpace = SizeOfIoSpace; Hob->SizeOfIoSpace = SizeOfIoSpace;
@@ -676,6 +711,10 @@ BuildStackHob ( @@ -676,6 +711,10 @@ BuildStackHob (
); );
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK)); Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK));
@ -135,7 +154,7 @@ index 8eb175aa96f9..cbc35152ccbc 100644
CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid); CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid);
Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress; Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
@@ -756,6 +795,10 @@ BuildMemoryAllocationHob ( @@ -756,6 +795,10 @@ BuildMemoryAllocationHob (
); );
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION)); Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
@ -146,3 +165,6 @@ index 8eb175aa96f9..cbc35152ccbc 100644
ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID)); ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress; Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
--
2.39.3

116
SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-check-CPUID.patch → SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
View File

@ -1,44 +1,63 @@
From c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a Mon Sep 17 00:00:00 2001 From a0f61781d9d7d816363704823688ba251fe7e0ba Mon Sep 17 00:00:00 2001
From: Pedro Falcato <pedro.falcato@gmail.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 22 Nov 2022 22:31:03 +0000 Date: Thu, 20 Jun 2024 10:32:29 -0400
Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID Subject: [PATCH 4/8] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
CPUID
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential RH-Author: Jon Maloy <jmaloy@redhat.com>
security concerns. RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
Also add a proper CPUID test in order to support older CPUs which may RH-Acked-by: Gerd Hoffmann <None>
not have it; it was previously being tested but then promptly ignored. RH-Commit: [4/8] 4fe23181254479e4a0f1abd31cedabacaec22944
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c JIRA: https://issues.redhat.com/browse/RHEL-40270
:x86_init_rdrand() per commit 049f9ae9.. Upstream: Merged
CVE: CVE-2023-45237
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain. commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
Author: Pedro Falcato <pedro.falcato@gmail.com>
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: Date: Tue Nov 22 22:31:03 2022 +0000
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
> also place it into public domain. Do with it what you will now.
> RDRAND has notoriously been broken many times over its lifespan.
> Jason Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Also add a proper CPUID test in order to support older CPUs which may
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com> not have it; it was previously being tested but then promptly ignored.
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn> Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
Cc: Zhiguang Liu <zhiguang.liu@intel.com> :x86_init_rdrand() per commit 049f9ae9..
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
--- Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++-- code to MIT and the public domain.
1 file changed, 91 insertions(+), 8 deletions(-)
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c <..>
index 9bd68352f9f7..06d2a6f12d2e 100644 > I (re)wrote that function in Linux. I hereby relicense it as MIT, and
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c > also place it into public domain. Do with it what you will now.
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c >
@@ -3,6 +3,7 @@ > Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jon Maloy <jmaloy@gmail.com>
---
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
1 file changed, 91 insertions(+), 8 deletions(-)
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
index 9bd68352f9..06d2a6f12d 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -3,6 +3,7 @@
to provide high-quality random numbers. to provide high-quality random numbers.
Copyright (c) 2023, Arm Limited. All rights reserved.<BR> Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
@ -46,7 +65,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR> Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
STATIC BOOLEAN mRdRandSupported; STATIC BOOLEAN mRdRandSupported;
@ -135,7 +154,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
/** /**
The constructor function checks whether or not RDRAND instruction is supported The constructor function checks whether or not RDRAND instruction is supported
by the host hardware. by the host hardware.
@@ -48,10 +131,13 @@ BaseRngLibConstructor ( @@ -48,10 +131,13 @@ BaseRngLibConstructor (
// CPUID. A value of 1 indicates that processor support RDRAND instruction. // CPUID. A value of 1 indicates that processor support RDRAND instruction.
// //
AsmCpuid (1, 0, 0, &RegEcx, 0); AsmCpuid (1, 0, 0, &RegEcx, 0);
@ -150,7 +169,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@@ -70,6 +156,7 @@ ArchGetRandomNumber16 ( @@ -70,6 +156,7 @@ ArchGetRandomNumber16 (
OUT UINT16 *Rand OUT UINT16 *Rand
) )
{ {
@ -158,7 +177,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
return AsmRdRand16 (Rand); return AsmRdRand16 (Rand);
} }
@@ -88,6 +175,7 @@ ArchGetRandomNumber32 ( @@ -88,6 +175,7 @@ ArchGetRandomNumber32 (
OUT UINT32 *Rand OUT UINT32 *Rand
) )
{ {
@ -166,7 +185,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
return AsmRdRand32 (Rand); return AsmRdRand32 (Rand);
} }
@@ -106,6 +194,7 @@ ArchGetRandomNumber64 ( @@ -106,6 +194,7 @@ ArchGetRandomNumber64 (
OUT UINT64 *Rand OUT UINT64 *Rand
) )
{ {
@ -174,7 +193,7 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
return AsmRdRand64 (Rand); return AsmRdRand64 (Rand);
} }
@@ -122,13 +211,7 @@ ArchIsRngSupported ( @@ -122,13 +211,7 @@ ArchIsRngSupported (
VOID VOID
) )
{ {
@ -189,3 +208,6 @@ index 9bd68352f9f7..06d2a6f12d2e 100644
} }
/** /**
--
2.39.3

59
SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
View File

@ -1,21 +1,39 @@
From 5e776299a2604b336a947e68593012ab2cc16eb4 Mon Sep 17 00:00:00 2001 From 90461020e9b7534dc03baeea7b485045ed5962e9 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Fri, 14 Jun 2024 11:45:53 +0200 Date: Thu, 20 Jun 2024 10:35:27 -0400
Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit Subject: [PATCH 8/8] MdePkg/X86UnitTestHost: set rdrand cpuid bit
Set the rdrand feature bit when faking cpuid for host test cases. RH-Author: Jon Maloy <jmaloy@redhat.com>
Needed to make the CryptoPkg test cases work. RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> RH-Acked-by: Gerd Hoffmann <None>
--- RH-Commit: [8/8] 5bacbf3cf6fadd3362dfd6f31743707e65b4f119
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-) JIRA: https://issues.redhat.com/browse/RHEL-40270
Upstream: Merged
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c CVE: CVE-2023-45237
index 8ba4f54a385d..7f7276f7f4b8 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c commit 5e776299a2604b336a947e68593012ab2cc16eb4
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c Author: Gerd Hoffmann <kraxel@redhat.com>
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid ( Date: Fri Jun 14 11:45:53 2024 +0200
MdePkg/X86UnitTestHost: set rdrand cpuid bit
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
index 8ba4f54a38..7f7276f7f4 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
OUT UINT32 *Edx OPTIONAL OUT UINT32 *Edx OPTIONAL
) )
{ {
@ -31,7 +49,7 @@ index 8ba4f54a385d..7f7276f7f4b8 100644
if (Eax != NULL) { if (Eax != NULL) {
*Eax = 0; *Eax = 0;
} }
@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid ( @@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid (
} }
if (Ecx != NULL) { if (Ecx != NULL) {
@ -40,3 +58,6 @@ index 8ba4f54a385d..7f7276f7f4b8 100644
} }
if (Edx != NULL) { if (Edx != NULL) {
--
2.39.3

592
SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
View File

File diff suppressed because it is too large Load Diff

74
SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch Normal file
View File

@ -0,0 +1,74 @@
From 5e93f6c09a57dd69f1b05654455452c4a0154a79 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 13 Jun 2024 18:35:46 -0400
Subject: [PATCH 3/8] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [3/8] 9307e82e90d6f526d303607255a4c469ebe574d4
JIRA: https://issues.redhat.com/browse/RHEL-40272
Upstream: Merged
CVE: CVE-2023-45236
commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
Author: Sam <Sam_Tsai@wiwynn.com>
Date: Wed May 29 07:46:03 2024 +0800
NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64
Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 40bba4080c..c6e7c0df54 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
//
// Destroy the instance of the hashing protocol for this controller.
//
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}
--
2.39.3

53
SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flow-in.patch
View File

@ -1,53 +0,0 @@
From ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3 Mon Sep 17 00:00:00 2001
From: Sam <Sam_Tsai@wiwynn.com>
Date: Wed, 29 May 2024 07:46:03 +0800
Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64
Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
---
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 40bba4080c87..c6e7c0df540a 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
//
// Destroy the instance of the hashing protocol for this controller.
//
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}

295
SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
View File

@ -1,80 +1,98 @@
From 1904a64bcc18199738e5be183d28887ac5d837d7 Mon Sep 17 00:00:00 2001 From 6f0cf9f14b1abefa62416c1611f01d6fb3353c44 Mon Sep 17 00:00:00 2001
From: Doug Flick <dougflick@microsoft.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Wed, 8 May 2024 22:56:29 -0700 Date: Tue, 11 Jun 2024 15:20:29 -0400
Subject: [PATCH] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236 Subject: [PATCH 2/8] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541 RH-Author: Jon Maloy <jmaloy@redhat.com>
REF: https://www.rfc-editor.org/rfc/rfc1948.txt RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
REF: https://www.rfc-editor.org/rfc/rfc6528.txt RH-Jira: RHEL-40270 RHEL-40272
REF: https://www.rfc-editor.org/rfc/rfc9293.txt RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [2/8] 18e88b5def6b058ecd4ffa565ef6f3bafe6f03ad
Bug Overview:
PixieFail Bug #8 JIRA: https://issues.redhat.com/browse/RHEL-40272
CVE-2023-45236 Upstream: Merged
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE: CVE-2023-45236
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
commit 1904a64bcc18199738e5be183d28887ac5d837d7
Updates TCP ISN generation to use a cryptographic hash of the Author: Doug Flick <dougflick@microsoft.com>
connection's identifying parameters and a secret key. Date: Wed May 8 22:56:29 2024 -0700
This prevents an attacker from guessing the ISN used for some other
connection. NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293. REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection REF: https://www.rfc-editor.org/rfc/rfc6528.txt
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
A TCP implementation MUST use the above type of "clock" for clock-
driven selection of initial sequence numbers (MUST-8), and SHOULD Bug Overview:
generate its initial sequence numbers with the expression: PixieFail Bug #8
CVE-2023-45236
ISN = M + F(localip, localport, remoteip, remoteport, secretkey) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
where M is the 4 microsecond timer, and F() is a pseudorandom
function (PRF) of the connection's identifying parameters ("localip, Updates TCP ISN generation to use a cryptographic hash of the
localport, remoteip, remoteport") and a secret key ("secretkey") connection's identifying parameters and a secret key.
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or This prevents an attacker from guessing the ISN used for some other
an attacker could still guess at sequence numbers from the ISN used connection.
for some other connection. The PRF could be implemented as a
cryptographic hash of the concatenation of the TCP connection This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data, RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
please see Section 3 of [42].
A TCP implementation MUST use the above type of "clock" for clock-
For each connection there is a send sequence number and a receive driven selection of initial sequence numbers (MUST-8), and SHOULD
sequence number. The initial send sequence number (ISS) is chosen by generate its initial sequence numbers with the expression:
the data sending TCP peer, and the initial receive sequence number
(IRS) is learned during the connection-establishing procedure. ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
For a connection to be established or initialized, the two TCP peers where M is the 4 microsecond timer, and F() is a pseudorandom
must synchronize on each other's initial sequence numbers. This is function (PRF) of the connection's identifying parameters ("localip,
done in an exchange of connection-establishing segments carrying a localport, remoteip, remoteport") and a secret key ("secretkey")
control bit called "SYN" (for synchronize) and the initial sequence (SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
numbers. As a shorthand, segments carrying the SYN bit are also an attacker could still guess at sequence numbers from the ISN used
called "SYNs". Hence, the solution requires a suitable mechanism for for some other connection. The PRF could be implemented as a
picking an initial sequence number and a slightly involved handshake cryptographic hash of the concatenation of the TCP connection
to exchange the ISNs. parameters and some secret data. For discussion of the selection of
a specific hash algorithm and management of the secret key data,
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> please see Section 3 of [42].
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
For each connection there is a send sequence number and a receive
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> sequence number. The initial send sequence number (ISS) is chosen by
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> the data sending TCP peer, and the initial receive sequence number
--- (IRS) is learned during the connection-establishing procedure.
NetworkPkg/SecurityFixes.yaml | 22 +++
NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++- For a connection to be established or initialized, the two TCP peers
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +- must synchronize on each other's initial sequence numbers. This is
NetworkPkg/TcpDxe/TcpFunc.h | 23 ++-- done in an exchange of connection-establishing segments carrying a
NetworkPkg/TcpDxe/TcpInput.c | 13 +- control bit called "SYN" (for synchronize) and the initial sequence
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++-- numbers. As a shorthand, segments carrying the SYN bit are also
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++-- called "SYNs". Hence, the solution requires a suitable mechanism for
NetworkPkg/TcpDxe/TcpTimer.c | 3 +- picking an initial sequence number and a slightly involved handshake
8 files changed, 415 insertions(+), 49 deletions(-) to exchange the ISNs.
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
index 20a4555019d9..4305328425d0 100644 Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
@@ -122,6 +122,28 @@ CVE_2023_45235: Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
NetworkPkg/SecurityFixes.yaml | 22 +++
NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++-
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
NetworkPkg/TcpDxe/TcpFunc.h | 23 ++--
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++--
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++--
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
8 files changed, 415 insertions(+), 49 deletions(-)
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
index 20a4555019..4305328425 100644
--- a/NetworkPkg/SecurityFixes.yaml
+++ b/NetworkPkg/SecurityFixes.yaml
@@ -122,6 +122,28 @@ CVE_2023_45235:
- http://www.openwall.com/lists/oss-security/2024/01/16/2 - http://www.openwall.com/lists/oss-security/2024/01/16/2
- http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
- https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
@ -103,11 +121,11 @@ index 20a4555019d9..4305328425d0 100644
CVE_2023_45237: CVE_2023_45237:
commit_titles: commit_titles:
- "NetworkPkg:: SECURITY PATCH CVE 2023-45237" - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 8fe6badd687c..40bba4080c87 100644 index 8fe6badd68..40bba4080c 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c --- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c +++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = { @@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
TcpServiceBindingDestroyChild TcpServiceBindingDestroyChild
}; };
@ -120,7 +138,7 @@ index 8fe6badd687c..40bba4080c87 100644
/** /**
Create and start the heartbeat timer for the TCP driver. Create and start the heartbeat timer for the TCP driver.
@@ -165,6 +171,23 @@ TcpDriverEntryPoint ( @@ -165,6 +171,23 @@ TcpDriverEntryPoint (
EFI_STATUS Status; EFI_STATUS Status;
UINT32 Random; UINT32 Random;
@ -144,7 +162,7 @@ index 8fe6badd687c..40bba4080c87 100644
Status = PseudoRandomU32 (&Random); Status = PseudoRandomU32 (&Random);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status)); DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
@@ -207,9 +230,8 @@ TcpDriverEntryPoint ( @@ -207,9 +230,8 @@ TcpDriverEntryPoint (
} }
// //
@ -155,7 +173,7 @@ index 8fe6badd687c..40bba4080c87 100644
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN)); mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
mTcp6RandomPort = mTcp4RandomPort; mTcp6RandomPort = mTcp4RandomPort;
@@ -224,6 +246,8 @@ TcpDriverEntryPoint ( @@ -224,6 +246,8 @@ TcpDriverEntryPoint (
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6. @param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources. @retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
@ -164,7 +182,7 @@ index 8fe6badd687c..40bba4080c87 100644
@retval EFI_SUCCESS A new IP6 service binding private was created. @retval EFI_SUCCESS A new IP6 service binding private was created.
**/ **/
@@ -234,11 +258,13 @@ TcpCreateService ( @@ -234,11 +258,13 @@ TcpCreateService (
IN UINT8 IpVersion IN UINT8 IpVersion
) )
{ {
@ -183,7 +201,7 @@ index 8fe6badd687c..40bba4080c87 100644
if (IpVersion == IP_VERSION_4) { if (IpVersion == IP_VERSION_4) {
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid; IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
@@ -272,6 +298,33 @@ TcpCreateService ( @@ -272,6 +298,33 @@ TcpCreateService (
return EFI_UNSUPPORTED; return EFI_UNSUPPORTED;
} }
@ -217,7 +235,7 @@ index 8fe6badd687c..40bba4080c87 100644
// //
// Create the TCP service data. // Create the TCP service data.
// //
@@ -423,6 +476,7 @@ TcpDestroyService ( @@ -423,6 +476,7 @@ TcpDestroyService (
EFI_STATUS Status; EFI_STATUS Status;
LIST_ENTRY *List; LIST_ENTRY *List;
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context; TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
@ -225,7 +243,7 @@ index 8fe6badd687c..40bba4080c87 100644
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6)); ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
@@ -439,6 +493,30 @@ TcpDestroyService ( @@ -439,6 +493,30 @@ TcpDestroyService (
return EFI_SUCCESS; return EFI_SUCCESS;
} }
@ -256,11 +274,11 @@ index 8fe6badd687c..40bba4080c87 100644
Status = gBS->OpenProtocol ( Status = gBS->OpenProtocol (
NicHandle, NicHandle,
ServiceBindingGuid, ServiceBindingGuid,
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
index cf5423f4c537..76de4cf9ec3d 100644 index cf5423f4c5..76de4cf9ec 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf --- a/NetworkPkg/TcpDxe/TcpDxe.inf
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf +++ b/NetworkPkg/TcpDxe/TcpDxe.inf
@@ -6,6 +6,7 @@ @@ -6,6 +6,7 @@
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack. # stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
# #
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> # Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
@ -268,7 +286,7 @@ index cf5423f4c537..76de4cf9ec3d 100644
# #
# SPDX-License-Identifier: BSD-2-Clause-Patent # SPDX-License-Identifier: BSD-2-Clause-Patent
# #
@@ -68,7 +69,6 @@ @@ -68,7 +69,6 @@
NetLib NetLib
IpIoLib IpIoLib
@ -276,7 +294,7 @@ index cf5423f4c537..76de4cf9ec3d 100644
[Protocols] [Protocols]
## SOMETIMES_CONSUMES ## SOMETIMES_CONSUMES
## SOMETIMES_PRODUCES ## SOMETIMES_PRODUCES
@@ -81,6 +81,12 @@ @@ -81,6 +81,12 @@
gEfiIp6ServiceBindingProtocolGuid ## TO_START gEfiIp6ServiceBindingProtocolGuid ## TO_START
gEfiTcp6ProtocolGuid ## BY_START gEfiTcp6ProtocolGuid ## BY_START
gEfiTcp6ServiceBindingProtocolGuid ## BY_START gEfiTcp6ServiceBindingProtocolGuid ## BY_START
@ -289,11 +307,11 @@ index cf5423f4c537..76de4cf9ec3d 100644
[Depex] [Depex]
gEfiHash2ServiceBindingProtocolGuid gEfiHash2ServiceBindingProtocolGuid
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
index a7af01fff246..c707bee3e548 100644 index a7af01fff2..c707bee3e5 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h --- a/NetworkPkg/TcpDxe/TcpFunc.h
+++ b/NetworkPkg/TcpDxe/TcpFunc.h +++ b/NetworkPkg/TcpDxe/TcpFunc.h
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
Declaration of external functions shared in TCP driver. Declaration of external functions shared in TCP driver.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
@ -302,7 +320,7 @@ index a7af01fff246..c707bee3e548 100644
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@@ -36,8 +36,11 @@ VOID @@ -36,8 +36,11 @@ VOID
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance. @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
@ -315,7 +333,7 @@ index a7af01fff246..c707bee3e548 100644
TcpInitTcbLocal ( TcpInitTcbLocal (
IN OUT TCP_CB *Tcb IN OUT TCP_CB *Tcb
); );
@@ -128,17 +131,6 @@ TcpCloneTcb ( @@ -128,17 +131,6 @@ TcpCloneTcb (
IN TCP_CB *Tcb IN TCP_CB *Tcb
); );
@ -333,7 +351,7 @@ index a7af01fff246..c707bee3e548 100644
/** /**
Get the local mss. Get the local mss.
@@ -202,8 +194,11 @@ TcpFormatNetbuf ( @@ -202,8 +194,11 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection. connection.
@ -346,11 +364,11 @@ index a7af01fff246..c707bee3e548 100644
TcpOnAppConnect ( TcpOnAppConnect (
IN OUT TCP_CB *Tcb IN OUT TCP_CB *Tcb
); );
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index 97633a3908be..a5d575ccafeb 100644 index 7b329be64d..86dd7c4907 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c --- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c +++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -724,6 +724,7 @@ TcpInput ( @@ -724,6 +724,7 @@ TcpInput (
TCP_SEQNO Urg; TCP_SEQNO Urg;
UINT16 Checksum; UINT16 Checksum;
INT32 Usable; INT32 Usable;
@ -358,7 +376,7 @@ index 97633a3908be..a5d575ccafeb 100644
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6)); ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
@@ -872,7 +873,17 @@ TcpInput ( @@ -872,7 +873,17 @@ TcpInput (
Tcb->LocalEnd.Port = Head->DstPort; Tcb->LocalEnd.Port = Head->DstPort;
Tcb->RemoteEnd.Port = Head->SrcPort; Tcb->RemoteEnd.Port = Head->SrcPort;
@ -377,11 +395,11 @@ index 97633a3908be..a5d575ccafeb 100644
TcpInitTcbPeer (Tcb, Seg, &Option); TcpInitTcbPeer (Tcb, Seg, &Option);
TcpSetState (Tcb, TCP_SYN_RCVD); TcpSetState (Tcb, TCP_SYN_RCVD);
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
index c0c9b7f46ebe..4d5566ab9379 100644 index c0c9b7f46e..4d5566ab93 100644
--- a/NetworkPkg/TcpDxe/TcpMain.h --- a/NetworkPkg/TcpDxe/TcpMain.h
+++ b/NetworkPkg/TcpDxe/TcpMain.h +++ b/NetworkPkg/TcpDxe/TcpMain.h
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
It is the common head file for all Tcp*.c in TCP driver. It is the common head file for all Tcp*.c in TCP driver.
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
@ -390,7 +408,7 @@ index c0c9b7f46ebe..4d5566ab9379 100644
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@@ -13,6 +13,7 @@ @@ -13,6 +13,7 @@
#include <Protocol/ServiceBinding.h> #include <Protocol/ServiceBinding.h>
#include <Protocol/DriverBinding.h> #include <Protocol/DriverBinding.h>
@ -398,7 +416,7 @@ index c0c9b7f46ebe..4d5566ab9379 100644
#include <Library/IpIoLib.h> #include <Library/IpIoLib.h>
#include <Library/DevicePathLib.h> #include <Library/DevicePathLib.h>
#include <Library/PrintLib.h> #include <Library/PrintLib.h>
@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable; @@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
extern LIST_ENTRY mTcpRunQue; extern LIST_ENTRY mTcpRunQue;
extern LIST_ENTRY mTcpListenQue; extern LIST_ENTRY mTcpListenQue;
@ -407,7 +425,7 @@ index c0c9b7f46ebe..4d5566ab9379 100644
extern UINT32 mTcpTick; extern UINT32 mTcpTick;
/// ///
@@ -45,14 +46,6 @@ extern UINT32 mTcpTick; @@ -45,14 +46,6 @@ extern UINT32 mTcpTick;
#define TCP_EXPIRE_TIME 65535 #define TCP_EXPIRE_TIME 65535
@ -422,7 +440,7 @@ index c0c9b7f46ebe..4d5566ab9379 100644
typedef union { typedef union {
EFI_TCP4_CONFIG_DATA Tcp4CfgData; EFI_TCP4_CONFIG_DATA Tcp4CfgData;
EFI_TCP6_CONFIG_DATA Tcp6CfgData; EFI_TCP6_CONFIG_DATA Tcp6CfgData;
@@ -774,4 +767,50 @@ Tcp6Poll ( @@ -774,4 +767,50 @@ Tcp6Poll (
IN EFI_TCP6_PROTOCOL *This IN EFI_TCP6_PROTOCOL *This
); );
@ -473,11 +491,11 @@ index c0c9b7f46ebe..4d5566ab9379 100644
+ ); + );
+ +
#endif #endif
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
index c93212d47ded..3310306f639c 100644 index c93212d47d..3310306f63 100644
--- a/NetworkPkg/TcpDxe/TcpMisc.c --- a/NetworkPkg/TcpDxe/TcpMisc.c
+++ b/NetworkPkg/TcpDxe/TcpMisc.c +++ b/NetworkPkg/TcpDxe/TcpMisc.c
@@ -3,7 +3,7 @@ @@ -3,7 +3,7 @@
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
@ -486,7 +504,7 @@ index c93212d47ded..3310306f639c 100644
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = { @@ -20,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
&mTcpListenQue &mTcpListenQue
}; };
@ -522,7 +540,7 @@ index c93212d47ded..3310306f639c 100644
CHAR16 *mTcpStateName[] = { CHAR16 *mTcpStateName[] = {
L"TCP_CLOSED", L"TCP_CLOSED",
@@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = { @@ -41,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance. @param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
@ -542,7 +560,7 @@ index c93212d47ded..3310306f639c 100644
// //
// Compute the checksum of the fixed parts of pseudo header // Compute the checksum of the fixed parts of pseudo header
// //
@@ -57,6 +90,16 @@ TcpInitTcbLocal ( @@ -57,6 +90,16 @@ TcpInitTcbLocal (
0x06, 0x06,
0 0
); );
@ -559,7 +577,7 @@ index c93212d47ded..3310306f639c 100644
} else { } else {
Tcb->HeadSum = NetIp6PseudoHeadChecksum ( Tcb->HeadSum = NetIp6PseudoHeadChecksum (
&Tcb->LocalEnd.Ip.v6, &Tcb->LocalEnd.Ip.v6,
@@ -64,9 +107,25 @@ TcpInitTcbLocal ( @@ -64,9 +107,25 @@ TcpInitTcbLocal (
0x06, 0x06,
0 0
); );
@ -586,7 +604,7 @@ index c93212d47ded..3310306f639c 100644
Tcb->SndUna = Tcb->Iss; Tcb->SndUna = Tcb->Iss;
Tcb->SndNxt = Tcb->Iss; Tcb->SndNxt = Tcb->Iss;
@@ -82,6 +141,8 @@ TcpInitTcbLocal ( @@ -82,6 +141,8 @@ TcpInitTcbLocal (
Tcb->RetxmitSeqMax = 0; Tcb->RetxmitSeqMax = 0;
Tcb->ProbeTimerOn = FALSE; Tcb->ProbeTimerOn = FALSE;
@ -595,7 +613,7 @@ index c93212d47ded..3310306f639c 100644
} }
/** /**
@@ -506,18 +567,162 @@ TcpCloneTcb ( @@ -506,18 +567,162 @@ TcpCloneTcb (
} }
/** /**
@ -766,7 +784,7 @@ index c93212d47ded..3310306f639c 100644
} }
/** /**
@@ -721,17 +926,28 @@ TcpFormatNetbuf ( @@ -721,17 +926,28 @@ TcpFormatNetbuf (
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a @param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
connection. connection.
@ -797,11 +815,11 @@ index c93212d47ded..3310306f639c 100644
} }
/** /**
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
index 5d2e124977d9..065b1bdf5feb 100644 index 5d2e124977..065b1bdf5f 100644
--- a/NetworkPkg/TcpDxe/TcpTimer.c --- a/NetworkPkg/TcpDxe/TcpTimer.c
+++ b/NetworkPkg/TcpDxe/TcpTimer.c +++ b/NetworkPkg/TcpDxe/TcpTimer.c
@@ -2,7 +2,7 @@ @@ -2,7 +2,7 @@
TCP timer related functions. TCP timer related functions.
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
@ -810,7 +828,7 @@ index 5d2e124977d9..065b1bdf5feb 100644
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@@ -483,7 +483,6 @@ TcpTickingDpc ( @@ -483,7 +483,6 @@ TcpTickingDpc (
INT16 Index; INT16 Index;
mTcpTick++; mTcpTick++;
@ -818,3 +836,6 @@ index 5d2e124977d9..065b1bdf5feb 100644
// //
// Don't use LIST_FOR_EACH, which isn't delete safe. // Don't use LIST_FOR_EACH, which isn't delete safe.
--
2.39.3

259
SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch
View File

@ -1,42 +1,62 @@
From 0aa96c512c689426838ec1cf4aa78ff088c03a1e Mon Sep 17 00:00:00 2001 From e22e11cc37c3bf3530ea8db1d18371c47c9e4440 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Fri, 24 May 2024 12:51:17 +0200 Date: Thu, 20 Jun 2024 10:34:22 -0400
Subject: [PATCH] OvmfPkg: wire up RngDxe Subject: [PATCH 6/8] OvmfPkg: wire up RngDxe
Add OvmfRng include snippets with the random number generator RH-Author: Jon Maloy <jmaloy@redhat.com>
configuration for OVMF. Include RngDxe, build with BaseRngLib, RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
so the rdrand instruction is used (if available). RH-Jira: RHEL-40270 RHEL-40272
RH-Acked-by: Gerd Hoffmann <None>
Also move VirtioRng to the include snippets. RH-Commit: [6/8] 4adf88888386923ee824469cf836b4f63117807d
Use the new include snippets for OVMF builds. JIRA: https://issues.redhat.com/browse/RHEL-40270
Upstream: Merged
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> CVE: CVE-2023-45237
(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b) Conflicts: Cherry pick wanted to add include files from the
--- missing 'add ShellComponents' (commit 2cb466cc2cbf...)
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- series. This had to be handled manually.
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++-
OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++ commit 712797cf19acd292bf203522a79e40e7e13d268b
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++ Author: Gerd Hoffmann <kraxel@redhat.com>
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- Date: Fri May 24 12:51:17 2024 +0200
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 3 ++-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- OvmfPkg: wire up RngDxe
OvmfPkg/Microvm/MicrovmX64.fdf | 3 ++-
OvmfPkg/OvmfPkgIa32.dsc | 2 +- Add OvmfRng include snippets with the random number generator
OvmfPkg/OvmfPkgIa32.fdf | 3 ++- configuration for OVMF. Include RngDxe, build with BaseRngLib,
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- so the rdrand instruction is used (if available).
OvmfPkg/OvmfPkgIa32X64.fdf | 3 ++-
OvmfPkg/OvmfPkgX64.dsc | 2 +- Also move VirtioRng to the include snippets.
OvmfPkg/OvmfPkgX64.fdf | 3 ++-
14 files changed, 33 insertions(+), 12 deletions(-) Use the new include snippets for OVMF builds.
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc Signed-off-by: Jon Maloy <jmaloy@redhat.com>
index cf1ad83e09..4edc2a9069 100644 ---
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++-
@@ -651,7 +651,6 @@ OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 3 ++-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.fdf | 3 ++-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.fdf | 3 ++-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 3 ++-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.fdf | 3 ++-
14 files changed, 33 insertions(+), 12 deletions(-)
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 7bb6ffb3f0..5d50e77002 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -651,7 +651,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -44,7 +64,7 @@ index cf1ad83e09..4edc2a9069 100644
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif !endif
@@ -763,6 +762,7 @@ @@ -763,6 +762,7 @@
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif !endif
@ -52,11 +72,11 @@ index cf1ad83e09..4edc2a9069 100644
OvmfPkg/PlatformDxe/Platform.inf OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf { OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c56c98dc85..480837b0fa 100644 index 0e3d7bea2b..c94f2d34ee 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf --- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -220,7 +220,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf @@ -220,7 +220,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -64,7 +84,7 @@ index c56c98dc85..480837b0fa 100644
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif !endif
@@ -316,6 +315,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -316,6 +315,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# #
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
@ -73,12 +93,12 @@ index c56c98dc85..480837b0fa 100644
################################################################################ ################################################################################
[FV.FVMAIN_COMPACT] [FV.FVMAIN_COMPACT]
diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
new file mode 100644 new file mode 100644
index 0000000000..68839a0caa index 0000000000..68839a0caa
--- /dev/null --- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
@@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
+## +##
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# SPDX-License-Identifier: BSD-2-Clause-Patent
+## +##
@ -88,23 +108,23 @@ index 0000000000..68839a0caa
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ } + }
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf + OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
new file mode 100644 new file mode 100644
index 0000000000..99cb4a32b1 index 0000000000..99cb4a32b1
--- /dev/null --- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
@@ -0,0 +1,6 @@ @@ -0,0 +1,6 @@
+## +##
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# SPDX-License-Identifier: BSD-2-Clause-Patent
+## +##
+ +
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf +INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 9f49b60ff0..4b7e1596fc 100644 index fd6722499a..d38fed2171 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -641,7 +641,6 @@ @@ -641,7 +641,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -112,7 +132,7 @@ index 9f49b60ff0..4b7e1596fc 100644
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif !endif
@@ -752,6 +751,7 @@ @@ -752,6 +751,7 @@
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif !endif
@ -120,11 +140,11 @@ index 9f49b60ff0..4b7e1596fc 100644
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index ce5d542048..88d0f75ae2 100644 index 69ed7a9bc6..077a5c8637 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf --- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf +++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE @@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE
# #
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -132,7 +152,7 @@ index ce5d542048..88d0f75ae2 100644
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif !endif
@@ -333,6 +332,8 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -333,6 +332,8 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/PlatformDxe/Platform.inf
@ -141,11 +161,11 @@ index ce5d542048..88d0f75ae2 100644
################################################################################ ################################################################################
[FV.FVMAIN_COMPACT] [FV.FVMAIN_COMPACT]
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index fb73f2e089..9206f01816 100644 index 79f14b5c05..ca6902971f 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc --- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -754,7 +754,6 @@ @@ -754,7 +754,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -153,7 +173,7 @@ index fb73f2e089..9206f01816 100644
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
@@ -880,6 +879,7 @@ @@ -880,6 +879,7 @@
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
@ -161,11 +181,11 @@ index fb73f2e089..9206f01816 100644
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index 055e659a35..c8268d7e8c 100644 index eda24a3ec9..767ee4b338 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf --- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf +++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -204,7 +204,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf @@ -204,7 +204,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -173,7 +193,7 @@ index 055e659a35..c8268d7e8c 100644
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
@@ -303,6 +302,8 @@ INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf @@ -303,6 +302,8 @@ INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@ -182,11 +202,11 @@ index 055e659a35..c8268d7e8c 100644
################################################################################ ################################################################################
[FV.FVMAIN_COMPACT] [FV.FVMAIN_COMPACT]
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 65a866ae0c..b64c215585 100644 index 83adecc374..4074aa382d 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc --- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -804,7 +804,6 @@ @@ -804,7 +804,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -194,7 +214,7 @@ index 65a866ae0c..b64c215585 100644
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -942,6 +941,7 @@ @@ -942,6 +941,7 @@
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif !endif
@ -202,11 +222,11 @@ index 65a866ae0c..b64c215585 100644
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 10eb6fe72b..c31276e4a3 100644 index 88c57ff5ff..20cfd2788e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf --- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -236,7 +236,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf @@ -236,7 +236,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -214,7 +234,7 @@ index 10eb6fe72b..c31276e4a3 100644
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -367,6 +366,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -367,6 +366,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# #
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
@ -223,11 +243,11 @@ index 10eb6fe72b..c31276e4a3 100644
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
!endif !endif
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 679e25501b..ececac3757 100644 index b47cdf63e7..75ef19bc85 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc --- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -822,7 +822,6 @@ @@ -822,7 +822,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -235,7 +255,7 @@ index 679e25501b..ececac3757 100644
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -960,6 +959,7 @@ @@ -960,6 +959,7 @@
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif !endif
@ -243,11 +263,11 @@ index 679e25501b..ececac3757 100644
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ff06bbfc6f..a7b4aeac08 100644 index ab5a9bc306..8517c79ba2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf --- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -237,7 +237,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf @@ -237,7 +237,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -255,7 +275,7 @@ index ff06bbfc6f..a7b4aeac08 100644
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -374,6 +373,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf @@ -374,6 +373,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
# #
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
@ -264,11 +284,11 @@ index ff06bbfc6f..a7b4aeac08 100644
################################################################################ ################################################################################
[FV.FVMAIN_COMPACT] [FV.FVMAIN_COMPACT]
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d294fd4625..0ab4d3df06 100644 index be3824ec1e..631ff0c788 100644
--- a/OvmfPkg/OvmfPkgX64.dsc --- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -890,7 +890,6 @@ @@ -890,7 +890,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -276,7 +296,7 @@ index d294fd4625..0ab4d3df06 100644
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -1028,6 +1027,7 @@ @@ -1028,6 +1027,7 @@
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000 gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
} }
!endif !endif
@ -284,11 +304,11 @@ index d294fd4625..0ab4d3df06 100644
!if $(SECURE_BOOT_ENABLE) == TRUE !if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f3b787201f..ae08ac4fe9 100644 index 851399888f..7ecde357ce 100644
--- a/OvmfPkg/OvmfPkgX64.fdf --- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -262,7 +262,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf @@ -262,7 +262,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
@ -296,7 +316,7 @@ index f3b787201f..ae08ac4fe9 100644
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE !if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -408,6 +407,8 @@ INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf @@ -408,6 +407,8 @@ INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
# #
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
@ -305,3 +325,6 @@ index f3b787201f..ae08ac4fe9 100644
################################################################################ ################################################################################
[FV.FVMAIN_COMPACT] [FV.FVMAIN_COMPACT]
--
2.39.3

79
SOURCES/edk2-SecurityPkg-RngDxe-add-rng-test.patch
View File

@ -1,7 +1,33 @@
From a61bc0accb8a76edba4f073fdc7bafc908df045d Mon Sep 17 00:00:00 2001 From 7719d41979ef6e376d183c70cd47951ff5bf6ef1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200 Date: Thu, 20 Jun 2024 10:33:43 -0400
Subject: [PATCH] SecurityPkg/RngDxe: add rng test Subject: [PATCH 5/8] SecurityPkg/RngDxe: add rng test
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
RH-Jira: RHEL-40270 RHEL-40272
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [5/8] 84a58daaed0ee81ebed501392be33338da575df6
JIRA: https://issues.redhat.com/browse/RHEL-40270
Upstream: Merged
CVE: CVE-2023-45237
commit a61bc0accb8a76edba4f073fdc7bafc908df045d
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri May 31 09:49:13 2024 +0200
SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Check whenever RngLib actually returns random numbers, only return Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case. a non-zero number of Algorithms if that is the case.
@ -15,28 +41,31 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
1 file changed, 7 insertions(+), 1 deletion(-) 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 5723ed695747..8b0742bab6c4 100644 index 7e06e16e4b..285b5f46e7 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c --- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@ @@ -23,6 +23,7 @@
#include <Library/BaseLib.h> #include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h> #include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h> +#include <Library/RngLib.h>
#include "RngDxeInternals.h" #include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms ( @@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID VOID
) )
{ {
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; - mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest; + UINT64 RngTest;
+ +
+ if (GetRandomNumber64 (&RngTest)) { + if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; + mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ } + }
+ +
return EFI_SUCCESS; return EFI_SUCCESS;
} }
--
2.39.3

108
SOURCES/edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
View File

@ -1,39 +1,58 @@
From 9a75b030cf27d2530444e9a2f9f11867f79bf679 Mon Sep 17 00:00:00 2001 From 0ef57f5f435ee1909d14da24cd1c3edc91fef405 Mon Sep 17 00:00:00 2001
From: Gua Guo <gua.guo@intel.com> From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 11 Jan 2024 13:03:26 +0800 Date: Sat, 6 Apr 2024 11:00:29 -0400
Subject: [PATCH] StandaloneMmPkg/Hob: Integer Overflow in CreateHob() Subject: [PATCH 2/2] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166 RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
Fix integer overflow in various CreateHob instances. RH-Jira: RHEL-30156
Fixes: CVE-2022-36765 RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Acked-by: Gerd Hoffmann <None>
The CreateHob() function aligns the requested size to 8 RH-Commit: [2/2] 3c3454688975f62041dd8d3393f0bba5ec3b71f1
performing the following operation:
``` JIRA: https://issues.redhat.com/browse/RHEL-30156
HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); CVE: CVE-2022-36765
``` Upstream: Merged
No checks are performed to ensure this value doesn't commit 9a75b030cf27d2530444e9a2f9f11867f79bf679
overflow, and could lead to CreateHob() returning a smaller Author: Gua Guo <gua.guo@intel.com>
HOB than requested, which could lead to OOB HOB accesses. Date: Thu Jan 11 13:03:26 2024 +0800
Reported-by: Marc Beatove <mbeatove@google.com> StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: John Mathew <john.mathews@intel.com> Fix integer overflow in various CreateHob instances.
Authored-by: Gerd Hoffmann <kraxel@redhat.com> Fixes: CVE-2022-36765
Signed-off-by: Gua Guo <gua.guo@intel.com>
--- The CreateHob() function aligns the requested size to 8
.../Arm/StandaloneMmCoreHobLib.c | 35 +++++++++++++++++++ performing the following operation:
1 file changed, 35 insertions(+) ```
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c ```
index 1550e1babc83..59473e28fe59 100644
--- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c No checks are performed to ensure this value doesn't
+++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c overflow, and could lead to CreateHob() returning a smaller
@@ -34,6 +34,13 @@ CreateHob ( HOB than requested, which could lead to OOB HOB accesses.
Reported-by: Marc Beatove <mbeatove@google.com>
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Ray Ni <ray.ni@intel.com>
Cc: John Mathew <john.mathews@intel.com>
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Gua Guo <gua.guo@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
.../Arm/StandaloneMmCoreHobLib.c | 35 +++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
index 1550e1babc..59473e28fe 100644
--- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
+++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
@@ -34,6 +34,13 @@ CreateHob (
HandOffHob = GetHobList (); HandOffHob = GetHobList ();
@ -47,7 +66,7 @@ index 1550e1babc83..59473e28fe59 100644
HobLength = (UINT16)((HobLength + 0x7) & (~0x7)); HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom; FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
@@ -89,6 +96,10 @@ BuildModuleHob ( @@ -89,6 +96,10 @@ BuildModuleHob (
); );
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE)); Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
@ -58,7 +77,7 @@ index 1550e1babc83..59473e28fe59 100644
CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid); CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule; Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
@@ -129,6 +140,9 @@ BuildResourceDescriptorHob ( @@ -129,6 +140,9 @@ BuildResourceDescriptorHob (
Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR)); Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
ASSERT (Hob != NULL); ASSERT (Hob != NULL);
@ -68,7 +87,7 @@ index 1550e1babc83..59473e28fe59 100644
Hob->ResourceType = ResourceType; Hob->ResourceType = ResourceType;
Hob->ResourceAttribute = ResourceAttribute; Hob->ResourceAttribute = ResourceAttribute;
@@ -167,6 +181,11 @@ BuildGuidHob ( @@ -167,6 +181,11 @@ BuildGuidHob (
ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE))); ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength)); Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
@ -80,7 +99,7 @@ index 1550e1babc83..59473e28fe59 100644
CopyGuid (&Hob->Name, Guid); CopyGuid (&Hob->Name, Guid);
return Hob + 1; return Hob + 1;
} }
@@ -226,6 +245,10 @@ BuildFvHob ( @@ -226,6 +245,10 @@ BuildFvHob (
EFI_HOB_FIRMWARE_VOLUME *Hob; EFI_HOB_FIRMWARE_VOLUME *Hob;
Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME)); Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
@ -91,7 +110,7 @@ index 1550e1babc83..59473e28fe59 100644
Hob->BaseAddress = BaseAddress; Hob->BaseAddress = BaseAddress;
Hob->Length = Length; Hob->Length = Length;
@@ -255,6 +278,10 @@ BuildFv2Hob ( @@ -255,6 +278,10 @@ BuildFv2Hob (
EFI_HOB_FIRMWARE_VOLUME2 *Hob; EFI_HOB_FIRMWARE_VOLUME2 *Hob;
Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2)); Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
@ -102,7 +121,7 @@ index 1550e1babc83..59473e28fe59 100644
Hob->BaseAddress = BaseAddress; Hob->BaseAddress = BaseAddress;
Hob->Length = Length; Hob->Length = Length;
@@ -282,6 +309,10 @@ BuildCpuHob ( @@ -282,6 +309,10 @@ BuildCpuHob (
EFI_HOB_CPU *Hob; EFI_HOB_CPU *Hob;
Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU)); Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
@ -113,7 +132,7 @@ index 1550e1babc83..59473e28fe59 100644
Hob->SizeOfMemorySpace = SizeOfMemorySpace; Hob->SizeOfMemorySpace = SizeOfMemorySpace;
Hob->SizeOfIoSpace = SizeOfIoSpace; Hob->SizeOfIoSpace = SizeOfIoSpace;
@@ -319,6 +350,10 @@ BuildMemoryAllocationHob ( @@ -319,6 +350,10 @@ BuildMemoryAllocationHob (
); );
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION)); Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
@ -124,3 +143,6 @@ index 1550e1babc83..59473e28fe59 100644
ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID)); ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress; Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
--
2.39.3

71
SPECS/edk2.spec
View File

@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2 Name: edk2
Version: %{GITDATE} Version: %{GITDATE}
Release: 6%{?dist}.2.alma.1 Release: 6%{?dist}.2
Summary: UEFI firmware for 64-bit virtual machines Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org URL: http://www.tianocore.org
@ -50,6 +50,7 @@ Source80: edk2-build.py
Source82: edk2-build.rhel-9 Source82: edk2-build.rhel-9
Source90: DBXUpdate-%{DBXDATE}.x64.bin Source90: DBXUpdate-%{DBXDATE}.x64.bin
Patch1: 0001-ignore-build-artifacts-generated-files-session-setti.patch Patch1: 0001-ignore-build-artifacts-generated-files-session-setti.patch
Patch2: 0002-Remove-submodules.patch Patch2: 0002-Remove-submodules.patch
Patch3: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch3: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@ -264,27 +265,33 @@ Patch69: edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch
# For RHEL-21851 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9] # For RHEL-21851 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]
# For RHEL-21853 - TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9] # For RHEL-21853 - TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]
Patch70: edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch Patch70: edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch
# For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
# Patches were taken from:
# https://github.com/tianocore/edk2/commit/aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
Patch71: edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch Patch71: edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
# https://github.com/tianocore/edk2/commit/9a75b030cf27d2530444e9a2f9f11867f79bf679 # For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
Patch72: edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch Patch72: edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
# https://github.com/tianocore/edk2/commit/4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch73: edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch Patch73: edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
# https://github.com/tianocore/edk2/commit/1904a64bcc18199738e5be183d28887ac5d837d7 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch74: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch Patch74: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
# https://github.com/tianocore/edk2/commit/ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
Patch75: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flow-in.patch # For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
# https://github.com/tianocore/edk2/commit/c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a Patch75: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
Patch76: edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-check-CPUID.patch # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# https://github.com/tianocore/edk2/commit/a61bc0accb8a76edba4f073fdc7bafc908df045d # For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch76: edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch77: edk2-SecurityPkg-RngDxe-add-rng-test.patch Patch77: edk2-SecurityPkg-RngDxe-add-rng-test.patch
# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/5872fb18b4e645856614429dfffbb704858a9ea7 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch78: edk2-OvmfPkg-wire-up-RngDxe.patch Patch78: edk2-OvmfPkg-wire-up-RngDxe.patch
# https://github.com/tianocore/edk2/commit/94961b8817eec6f8d0434555ac50a7aa51c22201 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
# https://github.com/tianocore/edk2/commit/5e776299a2604b336a947e68593012ab2cc16eb4 # For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
# python3-devel and libuuid-devel are required for building tools. # python3-devel and libuuid-devel are required for building tools.
@ -619,18 +626,28 @@ install -m 0644 \
%changelog %changelog
* Wed Jul 24 2024 Eduard Abdullin <eabdullin@almalinux.org> - 20231122-6.2.alma.1 * Tue Jul 23 2024 EL Errata <el-errata_ww@oracle.com> - 20231122-6.0.1.el9_4.2
- CryptoPkg/Test: call ProcessLibraryConstructorList - Replace upstream references [Orabug:36569119]
- EmbeddedPkg/Hob: Integer Overflow in CreateHob()
- MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID * Mon Jul 01 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.2
- MdePkg/X86UnitTestHost: set rdrand cpuid bit - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]
- NetworkPkg: SECURITY PATCH CVE-2023-45237 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]
- NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in - edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]
iPXE environment - edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]
- NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236 - edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]
- OvmfPkg: wire up RngDxe - edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]
- SecurityPkg/RngDxe: add rng test - edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]
- StandaloneMmPkg/Hob: Integer Overflow in CreateHob() - edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]
- Resolves: RHEL-40270
(CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])
- Resolves: RHEL-40272
(CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])
* Wed Apr 10 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.1
- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- Resolves: RHEL-30156
(CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])
* Thu Feb 22 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6 * Thu Feb 22 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853] - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]