diff --git a/.gitignore b/.gitignore index a1c4252..b59042e 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ /*.src.rpm /openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz /openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz +/dtc-1.7.0.tar.xz +/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz diff --git a/0003-Remove-paths-leading-to-submodules.patch b/0003-Remove-paths-leading-to-submodules.patch index d22a3b7..e29890b 100644 --- a/0003-Remove-paths-leading-to-submodules.patch +++ b/0003-Remove-paths-leading-to-submodules.patch @@ -1,4 +1,4 @@ -From de9f92d118c1374243d9d3f006088a29ec7dcf8d Mon Sep 17 00:00:00 2001 +From 0884bb8f69f09746ea3c1cf8e7f1c4992759bca7 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 24 Mar 2022 03:23:02 -0400 Subject: [PATCH] Remove paths leading to submodules @@ -27,7 +27,7 @@ index 5275f657ef..39d7199753 100644 EfiRom \ GenFfs \ diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index f7339f0aec..badb93238f 100644 +index b9bc7041f2..168f224d4b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -26,9 +26,6 @@ @@ -41,7 +41,7 @@ index f7339f0aec..badb93238f 100644 ## @libraryclass Defines a set of methods to reset whole system. ResetSystemLib|Include/Library/ResetSystemLib.h diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec -index bf94549cbf..605b0f1be8 100644 +index 624f626360..46ce26916b 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -29,7 +29,6 @@ diff --git a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 0a57269..e5ff4e9 100644 --- a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,4 +1,4 @@ -From 5c48211bdce4b30c86e92636e852e9da4ede4c1e Mon Sep 17 00:00:00 2001 +From 15e769d65d866bca61100f5fd5df7d8547990d8d Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode @@ -99,10 +99,10 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index badb93238f..3a67acc090 100644 +index 168f224d4b..5b6287341f 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -2222,6 +2222,10 @@ +@@ -2275,6 +2275,10 @@ # @Prompt The value is use for Usb Network rate limiting supported. gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028 diff --git a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 16da78e..35da177 100644 --- a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,4 +1,4 @@ -From 0976965c3dd6ac841f59dc09220a6637060ba901 Mon Sep 17 00:00:00 2001 +From 3e4b91afc9ddf3581f13e6326cd4a7d6ab5c7a1f Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH @@ -83,7 +83,7 @@ Signed-off-by: Laszlo Ersek 9 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 8eb6f4f24f..627fded641 100644 +index 40553c0019..b51eba71fc 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -484,6 +484,7 @@ @@ -95,7 +95,7 @@ index 8eb6f4f24f..627fded641 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc -index 4996885301..51a49c09ad 100644 +index 38137d8c13..542ca013e2 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -581,6 +581,7 @@ @@ -107,7 +107,7 @@ index 4996885301..51a49c09ad 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 0931ce061a..9f49b60ff0 100644 +index fc1332598e..4b7e1596fc 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -477,6 +477,7 @@ @@ -119,7 +119,7 @@ index 0931ce061a..9f49b60ff0 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index 69de4dd3f1..fb73f2e089 100644 +index bc9be1c5c2..d76fa4269f 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -590,7 +590,7 @@ @@ -132,10 +132,10 @@ index 69de4dd3f1..fb73f2e089 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 2ca005d768..dddef5ed0e 100644 +index 7ab6af3a69..c56d24a676 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -599,6 +599,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -144,7 +144,7 @@ index 2ca005d768..dddef5ed0e 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index a39070a626..933abb258f 100644 +index e7fff78df9..b560fb7718 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -611,6 +611,7 @@ @@ -156,7 +156,7 @@ index a39070a626..933abb258f 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 1b90aa8f57..04157ab14b 100644 +index 556984bdaa..c46a8e05d6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -629,6 +629,7 @@ @@ -168,12 +168,12 @@ index 1b90aa8f57..04157ab14b 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index df35726ff6..6c786bfc1e 100644 +index dc81ce9e2b..05b924f99f 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c -@@ -41,6 +41,18 @@ - +@@ -43,6 +43,18 @@ #include "Platform.h" + #include "PlatformId.h" +#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ + do { \ @@ -190,7 +190,7 @@ index df35726ff6..6c786bfc1e 100644 EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = { { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, -@@ -355,6 +367,7 @@ InitializePlatform ( +@@ -361,6 +373,7 @@ InitializePlatform ( MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); NoexecDxeInitialization (PlatformInfoHob); @@ -199,10 +199,10 @@ index df35726ff6..6c786bfc1e 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index e036018eab..a2f59e8fc8 100644 +index 0bb1a46291..9185c2398c 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -103,6 +103,7 @@ +@@ -106,6 +106,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved diff --git a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 47be70d..6beab82 100644 --- a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,4 +1,4 @@ -From 4c45a397402f58a67b1d4ea1348bb79f3716c7a5 Mon Sep 17 00:00:00 2001 +From b2e0de02371c1327344dd735745b39f9abe32952 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line @@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 64aa4e96e5..c37c4ba61e 100644 +index 1ba63d2e16..fa98980acf 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -311,6 +311,8 @@ +@@ -313,6 +313,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 !endif @@ -108,7 +108,7 @@ index 64aa4e96e5..c37c4ba61e 100644 [PcdsDynamicHii] gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS -@@ -416,7 +418,10 @@ +@@ -422,7 +424,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf diff --git a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index c8fc3b2..d697ec6 100644 --- a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,4 +1,4 @@ -From 3dbb4913b3e1c0413dd3016681aca3a3d12edd0d Mon Sep 17 00:00:00 2001 +From 2c8e25b287c112ec4a2d89a9bc84e44db93bf4ee Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) @@ -65,7 +65,7 @@ Signed-off-by: Paolo Bonzini 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 627fded641..cef43b34b7 100644 +index b51eba71fc..1128968857 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -429,7 +429,7 @@ @@ -78,10 +78,10 @@ index 627fded641..cef43b34b7 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index dddef5ed0e..270bd612e5 100644 +index c56d24a676..9ff998dda5 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -535,7 +535,7 @@ +@@ -536,7 +536,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -91,7 +91,7 @@ index dddef5ed0e..270bd612e5 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 933abb258f..269a4b2b21 100644 +index b560fb7718..162f0cf385 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -542,7 +542,7 @@ @@ -104,7 +104,7 @@ index 933abb258f..269a4b2b21 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 04157ab14b..9614cc1c56 100644 +index c46a8e05d6..d97ccb44cc 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -561,7 +561,7 @@ diff --git a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index d433969..d6b8c96 100644 --- a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,4 +1,4 @@ -From ac8f2a85bad100eaf42d3537b6fcb37fa3db5fd9 Mon Sep 17 00:00:00 2001 +From 23808e1ec42a4ebb6e62c4c2108ec65190f8f288 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -86,10 +86,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 32 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cef43b34b7..f53380aca2 100644 +index 1128968857..0b29aa1157 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -691,8 +691,14 @@ +@@ -690,8 +690,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -107,10 +107,10 @@ index cef43b34b7..f53380aca2 100644 # diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 270bd612e5..d942c7354a 100644 +index 9ff998dda5..92f5fd0850 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -828,8 +828,14 @@ +@@ -830,8 +830,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -128,10 +128,10 @@ index 270bd612e5..d942c7354a 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 269a4b2b21..d915b847cb 100644 +index 162f0cf385..feac55d1dd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -842,8 +842,14 @@ +@@ -843,8 +843,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -149,10 +149,10 @@ index 269a4b2b21..d915b847cb 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 9614cc1c56..12ee5510bd 100644 +index d97ccb44cc..1c925296a2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -910,8 +910,14 @@ +@@ -908,8 +908,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index 4de197b..93c2a93 100644 --- a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,4 +1,4 @@ -From 511531fe074c28dd8139f722b25979df1995e492 Mon Sep 17 00:00:00 2001 +From 63850564a83205da946526b363e78c8faa8d4de1 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index c37c4ba61e..00e656d0c9 100644 +index fa98980acf..8735d2881e 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -546,7 +546,10 @@ +@@ -552,7 +552,10 @@ # # Video support # @@ -77,10 +77,10 @@ index c37c4ba61e..00e656d0c9 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 2cf96accbd..c7918c8cf3 100644 +index 9927bdae0e..c15d51dab0 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -450,7 +450,10 @@ +@@ -457,7 +457,10 @@ # # Video support # diff --git a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index 08fcb0b..b1a2f2a 100644 --- a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,4 +1,4 @@ -From 3bf394bd43a4cf00c2b52b965b47b8194a406166 Mon Sep 17 00:00:00 2001 +From 122d39f5cda68d1306726dfb139ab38fab5bf60d Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 diff --git a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index d81f03a..1e9381e 100644 --- a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,4 +1,4 @@ -From b9ac7e96d76caa161d1689c0436551e95728ac0e Mon Sep 17 00:00:00 2001 +From b429340208828e56cf443ad3e7c1d942a092cea5 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe @@ -63,10 +63,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index f53380aca2..32f47704bc 100644 +index 0b29aa1157..4160d8d752 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -686,7 +686,10 @@ +@@ -685,7 +685,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -79,10 +79,10 @@ index f53380aca2..32f47704bc 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d942c7354a..49540d54d0 100644 +index 92f5fd0850..ae4ca08e32 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -823,7 +823,10 @@ +@@ -825,7 +825,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -95,10 +95,10 @@ index d942c7354a..49540d54d0 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d915b847cb..1c4e0514ed 100644 +index feac55d1dd..7f88e89d0f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -837,7 +837,10 @@ +@@ -838,7 +838,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -111,10 +111,10 @@ index d915b847cb..1c4e0514ed 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 12ee5510bd..e50e63b3f6 100644 +index 1c925296a2..50af72adb2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -905,7 +905,10 @@ +@@ -903,7 +903,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf diff --git a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 8f928ba..f55a61c 100644 --- a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,4 +1,4 @@ -From 8c67b1b96e42c39a3562c8790ae5985a240edfce Mon Sep 17 00:00:00 2001 +From 994d660325a68c1ee904205649e6e88e5e2da991 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" @@ -32,7 +32,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -index 3c12085f6c..e192809198 100644 +index cf58c97cd2..023eece6d9 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -19,6 +19,7 @@ @@ -43,7 +43,7 @@ index 3c12085f6c..e192809198 100644 #include #include #include -@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint ( +@@ -1080,6 +1081,22 @@ QemuKernelLoaderFsDxeEntrypoint ( if (KernelBlob->Data == NULL) { Status = EFI_NOT_FOUND; diff --git a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 02d0290..f973389 100644 --- a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,4 +1,4 @@ -From de3d6fb999bd464f08c11b879cb4587295f3c0b1 Mon Sep 17 00:00:00 2001 +From 26594b660d11841de95aebf0938ab518a1b08f08 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent @@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c -index b55b6c12d2..0be885c391 100644 +index 4d0c241f4d..e228d5f39f 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,7 +42,7 @@ index b55b6c12d2..0be885c391 100644 #include #include #include -@@ -2743,6 +2744,22 @@ DriverEntry ( +@@ -2754,6 +2755,22 @@ DriverEntry ( CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); diff --git a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch index 24bdc73..0234a4e 100644 --- a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch +++ b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch @@ -1,4 +1,4 @@ -From 3208551a4a7934a905ba33dde70bfea37c9a95af Mon Sep 17 00:00:00 2001 +From d8f17ac0eba626f42f48b705fb435fe24801852f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:49 +0200 Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only) @@ -29,7 +29,7 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 32f47704bc..6b6e108d11 100644 +index 4160d8d752..0d21eb795e 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -611,7 +611,6 @@ @@ -41,7 +41,7 @@ index 32f47704bc..6b6e108d11 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 595945181c..c176043482 100644 +index 42178701fc..3dea9b36f8 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -53,10 +53,10 @@ index 595945181c..c176043482 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 49540d54d0..d368aa11fe 100644 +index ae4ca08e32..cbe9a503e8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -746,7 +746,6 @@ +@@ -749,7 +749,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -65,7 +65,7 @@ index 49540d54d0..d368aa11fe 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0d4abb50a8..ef933def99 100644 +index bc7bb678b4..59d15bb77d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -77,10 +77,10 @@ index 0d4abb50a8..ef933def99 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 1c4e0514ed..cf09bdf785 100644 +index 7f88e89d0f..315ecf7d89 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -760,7 +760,6 @@ +@@ -762,7 +762,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -89,7 +89,7 @@ index 1c4e0514ed..cf09bdf785 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 23a825a012..0cd98ada5a 100644 +index 98c05e491d..048fda9f16 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -101,10 +101,10 @@ index 23a825a012..0cd98ada5a 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e50e63b3f6..098d569381 100644 +index 50af72adb2..156e52e430 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -805,7 +805,6 @@ +@@ -804,7 +804,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -113,7 +113,7 @@ index e50e63b3f6..098d569381 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf { diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 4dcd6a033c..b201505214 100644 +index 489d03b60e..ef01da45e6 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf diff --git a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch index c07086a..6be6b51 100644 --- a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch +++ b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From 42becc4c97abe443d06bb128a4b7d5e279842715 Mon Sep 17 00:00:00 2001 +From 775140417987bc1ed4ea35300a71085d34c9ea76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:59 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only) @@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 6b6e108d11..5461c1290d 100644 +index 0d21eb795e..89c9b610d1 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -701,7 +701,6 @@ +@@ -700,7 +700,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -41,10 +41,10 @@ index 6b6e108d11..5461c1290d 100644 # # ISA Support diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c176043482..10538a0465 100644 +index 3dea9b36f8..899f02981f 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -299,7 +299,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -53,10 +53,10 @@ index c176043482..10538a0465 100644 INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d368aa11fe..40e78014c4 100644 +index cbe9a503e8..d35d04b39a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -838,7 +838,6 @@ +@@ -840,7 +840,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -65,10 +65,10 @@ index d368aa11fe..40e78014c4 100644 # diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index ef933def99..68d59968ec 100644 +index 59d15bb77d..7fd9203427 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -316,7 +316,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -77,10 +77,10 @@ index ef933def99..68d59968ec 100644 INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index cf09bdf785..6ade9aa0ef 100644 +index 315ecf7d89..5710183135 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -852,7 +852,6 @@ +@@ -853,7 +853,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -89,10 +89,10 @@ index cf09bdf785..6ade9aa0ef 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 0cd98ada5a..8891d96422 100644 +index 048fda9f16..a15cd72f13 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -322,7 +322,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -101,10 +101,10 @@ index 0cd98ada5a..8891d96422 100644 INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 098d569381..8563835ae5 100644 +index 156e52e430..11a05298b6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -920,7 +920,6 @@ +@@ -918,7 +918,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -113,10 +113,10 @@ index 098d569381..8563835ae5 100644 # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index b201505214..06ac4423da 100644 +index ef01da45e6..e8562442d3 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -355,7 +355,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf diff --git a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch index 9aec177..e9e874c 100644 --- a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch +++ b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch @@ -1,4 +1,4 @@ -From 67e5739ca9ba906914aade6b5ad84c420ad9af29 Mon Sep 17 00:00:00 2001 +From d9463c76697c178fca5edad35fee97c429598b22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:13 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina 6 files changed, 6 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 40e78014c4..afd2a3c5c0 100644 +index d35d04b39a..5a1c7058c8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -816,7 +816,6 @@ +@@ -818,7 +818,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -39,10 +39,10 @@ index 40e78014c4..afd2a3c5c0 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 68d59968ec..c392b96470 100644 +index 7fd9203427..7e09e3aac9 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -51,10 +51,10 @@ index 68d59968ec..c392b96470 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 6ade9aa0ef..f5a4c57c8e 100644 +index 5710183135..4fb8b9ba39 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -830,7 +830,6 @@ +@@ -831,7 +831,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -63,10 +63,10 @@ index 6ade9aa0ef..f5a4c57c8e 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 8891d96422..6278daeeee 100644 +index a15cd72f13..8ba0ce211d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -75,10 +75,10 @@ index 8891d96422..6278daeeee 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 8563835ae5..08b73a64c9 100644 +index 11a05298b6..21c6a5b3c0 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -898,7 +898,6 @@ +@@ -896,7 +896,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -87,10 +87,10 @@ index 8563835ae5..08b73a64c9 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 06ac4423da..fc4b6dd3a4 100644 +index e8562442d3..f3cb0ea40c 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch index 7936459..afac7fa 100644 --- a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch +++ b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch @@ -1,4 +1,4 @@ -From 9827ce562f432da36410ef0e9ce6d7971e502b99 Mon Sep 17 00:00:00 2001 +From e23b7fc026b31882c4ded58805af9df9d3c3b574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:16 +0200 Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 00e656d0c9..d1deccaadc 100644 +index 8735d2881e..44bee7c339 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -464,7 +464,6 @@ +@@ -470,7 +470,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -48,10 +48,10 @@ index 38906004d7..7205274bed 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index c7918c8cf3..9643fd5427 100644 +index c15d51dab0..e0bc37ac7c 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -368,7 +368,6 @@ +@@ -375,7 +375,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index 33be900..88ab101 100644 --- a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From 98e35df340a8a5cd18cb386361c7da6350c54800 Mon Sep 17 00:00:00 2001 +From 17cfa7a7f8e17ddea0d3e5d224b6b0cbc6e874da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:19 +0200 Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 5461c1290d..cf1ad83e09 100644 +index 89c9b610d1..4edc2a9069 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -679,7 +679,6 @@ +@@ -678,7 +678,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -41,10 +41,10 @@ index 5461c1290d..cf1ad83e09 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 10538a0465..c56c98dc85 100644 +index 899f02981f..2fe05eccdd 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -279,7 +279,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -53,10 +53,10 @@ index 10538a0465..c56c98dc85 100644 INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index afd2a3c5c0..d8ae542686 100644 +index 5a1c7058c8..5333708216 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -815,7 +815,6 @@ +@@ -817,7 +817,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -65,10 +65,10 @@ index afd2a3c5c0..d8ae542686 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index c392b96470..0ffa3be750 100644 +index 7e09e3aac9..30649699cd 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -288,7 +288,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -77,10 +77,10 @@ index c392b96470..0ffa3be750 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index f5a4c57c8e..52ac2c96fc 100644 +index 4fb8b9ba39..9e6f35607d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -829,7 +829,6 @@ +@@ -830,7 +830,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -89,10 +89,10 @@ index f5a4c57c8e..52ac2c96fc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 6278daeeee..c4f3ec0735 100644 +index 8ba0ce211d..8ef8519cfe 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -101,10 +101,10 @@ index 6278daeeee..c4f3ec0735 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 08b73a64c9..f76d0ef7bc 100644 +index 21c6a5b3c0..c127ace963 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -897,7 +897,6 @@ +@@ -895,7 +895,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -113,10 +113,10 @@ index 08b73a64c9..f76d0ef7bc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index fc4b6dd3a4..bedd85ef7a 100644 +index f3cb0ea40c..c0da2672a3 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -320,7 +320,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index a0c6376..49e8e68 100644 --- a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From 9b039f2eb195f37b724f86efc31c8a4d6abd217d Mon Sep 17 00:00:00 2001 +From e11619096c12d5f048d3692328d1d1d02d998dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:22 +0200 Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index d1deccaadc..f91bb09fa3 100644 +index 44bee7c339..e7e9df3b42 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -463,7 +463,6 @@ +@@ -469,7 +469,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -48,10 +48,10 @@ index 7205274bed..24a9dac2fd 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 9643fd5427..c2825aa4c2 100644 +index e0bc37ac7c..ee2459e31d 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -367,7 +367,6 @@ +@@ -374,7 +374,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch index 5c57a7d..e9a551a 100644 --- a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch +++ b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From d417cfeb0ed76b3187b44e2491611f55d6de33b3 Mon Sep 17 00:00:00 2001 +From 7dd26632cf79f0e103c609b2b47bcc7c9c4af409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:25 +0200 Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only) diff --git a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch b/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch index ff09c46..d1fee2f 100644 --- a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch +++ b/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch @@ -1,4 +1,4 @@ -From b548dd4acf23412e9266be15d65d7f8cfccbf028 Mon Sep 17 00:00:00 2001 +From 686691ea29b51e87dbd61395e7baa5e81941ec70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:28 +0200 Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only) @@ -23,10 +23,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 7044790a1e..ee98673e98 100644 +index 5384a41818..2a8236e520 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,10 +391,9 @@ +@@ -393,10 +393,9 @@ # MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf diff --git a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch b/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch index 9e5ba58..34612c2 100644 --- a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch +++ b/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From 8a68c775e8ba00da3d725396fd8c78f67fbc8697 Mon Sep 17 00:00:00 2001 +From 3f10925ace19ba5861605f9b912c7cc73514a00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:31 +0200 Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only) diff --git a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch b/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch index 331cf73..47066eb 100644 --- a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch +++ b/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch @@ -1,4 +1,4 @@ -From 1f15cf34691e2f9604ee6efe142c2d710aad579c Mon Sep 17 00:00:00 2001 +From 35b5c9d7745891548730c6611aed7e12e5b84786 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:34 +0200 Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only) @@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 5 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index ee98673e98..996b4ddfc4 100644 +index 2a8236e520..5bfb16c27e 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -394,10 +394,6 @@ +@@ -396,10 +396,6 @@ # # UEFI application (Shell Embedded Boot Loader) # diff --git a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch b/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch index c457ccc..1308ef4 100644 --- a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch +++ b/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch @@ -1,4 +1,4 @@ -From cd1746c9920e93bf40994172881bc13cf185991c Mon Sep 17 00:00:00 2001 +From fbb98d8aedf36601cc4c4b267d08ffbfe919ad76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:39 +0200 Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) diff --git a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch b/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch index 2eb4418..f1cceb7 100644 --- a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch +++ b/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch @@ -1,4 +1,4 @@ -From ec9c5e512252964f28c493d10b9f484b88c87c13 Mon Sep 17 00:00:00 2001 +From 23c3da15fa2cba3b800ea30f3954f6e8b3313670 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:46 +0200 Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) @@ -28,10 +28,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 996b4ddfc4..2561e10ff5 100644 +index 5bfb16c27e..49e3bf9de4 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,17 +391,13 @@ +@@ -393,17 +393,13 @@ # MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf diff --git a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch b/0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch similarity index 87% rename from 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch rename to 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch index 8148351..f0a381f 100644 --- a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +++ b/0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch @@ -1,4 +1,4 @@ -From c916516d37fb50c187020bd01da21cca85c8e83a Mon Sep 17 00:00:00 2001 +From 7c1a9e0aecb6fea718ad7068f7e3aa17ed80a5d4 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 16 Aug 2023 12:09:40 +0200 Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) @@ -22,12 +22,12 @@ patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch present_in_specfile: true location_in_specfile: 44 --- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++ + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 43 +++++++++++++++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++ - 2 files changed, 44 insertions(+) + 2 files changed, 45 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index d497a343d3..0eb88e50ff 100644 +index d497a343d3..ca345e95da 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -19,6 +19,7 @@ @@ -90,10 +90,11 @@ index d497a343d3..0eb88e50ff 100644 // // Do nothing when SEV is not enabled -@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint ( - ); +@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint ( + return EFI_UNSUPPORTED; } ++ // Shim fallback reboot workaround + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, @@ -104,8 +105,9 @@ index d497a343d3..0eb88e50ff 100644 + ); + ASSERT_EFI_ERROR (Status); + - return EFI_SUCCESS; - } + // + // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent + // memory space. The NonExistent memory space will be used for mapping the diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index e7c7d526c9..09cbd2b0ca 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf diff --git a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch b/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch deleted file mode 100644 index 97dd035..0000000 --- a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3d02fb6da82331176952e480160223136679ce74 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 28 Feb 2023 15:47:00 +0100 -Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug -RH-Bugzilla: 2124143 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2) - -In case the number of CPUs can in increase beyond 255 -due to CPU hotplug choose x2apic mode. - -Signed-off-by: Gerd Hoffmann - -patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -present_in_specfile: true -location_in_specfile: 38 ---- - UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c -index d724456502..c478878bb0 100644 ---- a/UefiCpuPkg/Library/MpInitLib/MpLib.c -+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c -@@ -534,7 +534,9 @@ CollectProcessorCount ( - // - // Enable x2APIC mode if - // 1. Number of CPU is greater than 255; or -- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater. -+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and -+ // more than 255 logical processors are possible later, with hotplug; or -+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater. - // - X2Apic = FALSE; - if (CpuMpData->CpuCount > 255) { -@@ -542,6 +544,10 @@ CollectProcessorCount ( - // If there are more than 255 processor found, force to enable X2APIC - // - X2Apic = TRUE; -+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) && -+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255)) -+ { -+ X2Apic = TRUE; - } else { - CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; - for (Index = 0; Index < CpuMpData->CpuCount; Index++) { diff --git a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch b/0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch similarity index 92% rename from 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch rename to 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch index 8b0a962..77dd885 100644 --- a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch +++ b/0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch @@ -1,4 +1,4 @@ -From 7a07b2f16eabf460891a21c05b30cd9c2f875a2a Mon Sep 17 00:00:00 2001 +From e990dff23e4f32e6847072c6436cca1a426a07c3 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:11:02 +0200 Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file. diff --git a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch b/0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch similarity index 84% rename from 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch rename to 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch index b32c5bd..afd1ea4 100644 --- a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +++ b/0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch @@ -1,4 +1,4 @@ -From 168cfe83b250d3166817549c1e96e6b1f02bcab4 Mon Sep 17 00:00:00 2001 +From 9810b2cd7f2c2be33d1e0182de40eefecd765f49 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:27:09 +0200 Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls @@ -15,10 +15,10 @@ Signed-off-by: Gerd Hoffmann 2 files changed, 87 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -index 37cdecc9bd..dfdb635536 100644 +index b114cc069a..6ba751c1f1 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -@@ -550,6 +550,52 @@ fread ( +@@ -589,6 +589,52 @@ fread ( return 0; } @@ -72,10 +72,10 @@ index 37cdecc9bd..dfdb635536 100644 getuid ( void diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h -index f36fe08f0c..7d98496af8 100644 +index cd51e197e7..b1616a7b4c 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h -@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -79,6 +79,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Definitions for global constants used by CRT library routines // @@ -83,7 +83,7 @@ index f36fe08f0c..7d98496af8 100644 #define EINVAL 22 /* Invalid argument */ #define EAFNOSUPPORT 47 /* Address family not supported by protocol family */ #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ -@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -103,6 +104,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define NS_INADDRSZ 4 /*%< IPv4 T_A */ #define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ @@ -99,7 +99,7 @@ index f36fe08f0c..7d98496af8 100644 // // Basic types mapping // -@@ -324,6 +334,37 @@ fprintf ( +@@ -329,6 +339,37 @@ fprintf ( ... ); diff --git a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch b/0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch similarity index 81% rename from edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch rename to 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch index 415a914..176d6b1 100644 --- a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +++ b/0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch @@ -1,7 +1,7 @@ -From c5f142e26ea5e892a63ed35ca952c8b583a9f8c1 Mon Sep 17 00:00:00 2001 +From 94ab405ecf38fb47edcb08afb523e8c1fc7fb44e Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 14 Aug 2024 09:53:49 +0200 -Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging +Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging RH-Author: Oliver Steffen RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging @@ -15,15 +15,19 @@ Reword it and also add a message confirming eventual success to deescalate the importance somewhat. Signed-off-by: Oliver Steffen + +patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +present_in_specfile: true +location_in_specfile: 41 --- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 4dfbe91a55..905a944975 100644 +index 9acc21caeb..73ddf8b0fb 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -946,12 +946,13 @@ PseudoRandom ( +@@ -952,12 +952,13 @@ PseudoRandom ( // // Secure Algorithm was supported on this platform // @@ -38,6 +42,3 @@ index 4dfbe91a55..905a944975 100644 // // Try the next secure algorithm --- -2.39.3 - diff --git a/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch b/0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch similarity index 96% rename from edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch rename to 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch index c564bbe..1a21c34 100644 --- a/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +++ b/0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch @@ -1,4 +1,4 @@ -From ff9baf5bf0ef960b9f1bb9668cfe6f3d66b288d0 Mon Sep 17 00:00:00 2001 +From e73097cff3871a2c6633e56d8860679281ac1a37 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Mon, 4 Nov 2024 12:40:12 +0100 Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only) @@ -16,6 +16,10 @@ have the Platform Boot Manager install a pseudo RNG to ensure the network can be used. Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 48 --- .../PlatformBootManagerLib/BdsPlatform.c | 7 + .../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++ @@ -345,6 +349,3 @@ index c6ffc1ed9e..211716e30d 100644 gUefiShellFileGuid gGrubFileGuid + gEfiRngAlgorithmRaw --- -2.39.3 - diff --git a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch b/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch deleted file mode 100644 index 63facbb..0000000 --- a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 4c49c1bcb2db128cc4d2ebb29b1ac53fe3ef6b18 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:38 +0100 -Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process. - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2) - -Specifically before running lzma uncompress of the main firmware volume. -This is needed to make sure caching is enabled, otherwise the uncompress -can be extremely slow. - -Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. - -Background: Depending on virtual machine configuration kvm may uses EPT -memory types to apply guest MTRR settings. In case MTRRs are disabled -kvm will use the uncachable memory type for all mappings. The -vmx_get_mt_mask() function in the linux kernel handles this and can be -found here: - -https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580 - -In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In -case the VM has a mdev device assigned that is not the case though. - -Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable -should not be set by default in CR0") kvm also ended up using -MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit -kvm evaluates guest mtrr settings, which why setting up MTRRs early is -important now. - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-2-kraxel@redhat.com> - -[ kraxel: Downstream-only for now. Timely upstream merge is unlikely - due to chinese holidays and rhel-9.4 deadlines are close. - QE regression testing passed. So go with upstream posted - series v3 ] - -patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -present_in_specfile: true -location_in_specfile: 49 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ - OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- - OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ - 3 files changed, 69 insertions(+), 5 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 4e750755bf..7094d86159 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -26,6 +26,8 @@ - #include - #include - #include -+#include -+#include - - #define SEC_IDT_ENTRY_COUNT 34 - -@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = { - } - }; - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -203,6 +230,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - PeilessStartup (&SecCoreData); - - ASSERT (FALSE); -diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -index e64c0ee324..b6ba63ef95 100644 ---- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c -+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam ( - MtrrGetAllMtrrs (&MtrrSettings); - - // -- // MTRRs disabled, fixed MTRRs disabled, default type is uncached -+ // See SecMtrrSetup(), default type should be write back - // -- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0); - ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0); -- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK); - - // - // flip default type to writeback - // -- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); -+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK); - ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); -- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6; -+ MtrrSettings.MtrrDefType |= BIT10; - MtrrSetAllMtrrs (&MtrrSettings); - - // -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 60dfa61842..725b57e2fa 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include "AmdSev.h" - - #define SEC_IDT_ENTRY_COUNT 34 -@@ -743,6 +745,31 @@ FindAndReportEntryPoints ( - return; - } - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -942,6 +969,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - // - // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready. - // diff --git a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch b/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch deleted file mode 100644 index 1b439a4..0000000 --- a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 3124da27dc460926f40477d247e021ceeabe0be3 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:39 +0100 -Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-3-kraxel@redhat.com> - -patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -present_in_specfile: true -location_in_specfile: 50 ---- - MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -index 756e7c86ec..08ba949cf7 100644 ---- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -@@ -2103,6 +2103,13 @@ typedef union { - #define MSR_IA32_MTRR_PHYSBASE9 0x00000212 - /// @} - -+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0 -+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1 -+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4 -+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5 -+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6 -+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7 -+ - /** - MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to - #MSR_IA32_MTRR_PHYSBASE9 diff --git a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch b/0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch similarity index 93% rename from edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch rename to 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch index f526e0d..0d47cd7 100644 --- a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +++ b/0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch @@ -1,4 +1,4 @@ -From 9c180326056f489b55999586f3bc1d225eda985e Mon Sep 17 00:00:00 2001 +From e90f406145e8de4ca4babd17c3cf9ea0568da749 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Thu, 7 Nov 2024 11:36:22 +0100 Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only) @@ -19,6 +19,10 @@ This patch adds the fallback rng (added on ae9be39436) also to the PlatformBootManagerLibLight, which is used by ArmVirtPkg. Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 49 --- OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++ @@ -96,6 +100,3 @@ index 8e7cd5605f..4583c05ef4 100644 gEfiPciRootBridgeIoProtocolGuid gVirtioDeviceProtocolGuid + gEfiRngProtocolGuid --- -2.39.3 - diff --git a/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch b/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch new file mode 100644 index 0000000..87c0a92 --- /dev/null +++ b/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch @@ -0,0 +1,37 @@ +From 02b2c1d2fd291cb56cc44f7c57f8720035390fdd Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not use flash with + SEV-SNP + +SEV-SNP does not support the use of the Qemu flash device as SEV-SNP +guests are started using the Qemu -bios option instead of the Qemu -drive +if=pflash option. Perform runtime detection of SEV-SNP and exit early from +the Qemu flash device initialization, indicating the Qemu flash device is +not present. SEV-SNP guests will use the emulated variable support. + +Signed-off-by: Tom Lendacky +(cherry picked from commit f0d2bc3ab268c8e3c6da4158208df38bc9d3677e) +--- + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +index a577aea556..5e393e98ed 100644 +--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c ++++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +@@ -259,6 +259,14 @@ QemuFlashInitialize ( + VOID + ) + { ++ // ++ // The SNP model does not provide for QEMU flash device support, so exit ++ // early before attempting to initialize any QEMU flash device support. ++ // ++ if (MemEncryptSevSnpIsEnabled ()) { ++ return EFI_UNSUPPORTED; ++ } ++ + mFlashBase = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFdBaseAddress); + mFdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize); + ASSERT (PcdGet32 (PcdOvmfFirmwareFdSize) % mFdBlockSize == 0); diff --git a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch b/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch deleted file mode 100644 index 89772d7..0000000 --- a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch +++ /dev/null @@ -1,70 +0,0 @@ -From f015a541308b2d752c399b9ef9597c4585218032 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:40 +0100 -Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from - ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-4-kraxel@redhat.com> - -patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -present_in_specfile: true -location_in_specfile: 51 ---- - UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------ - 1 file changed, 14 insertions(+), 12 deletions(-) - -diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h -index 86cc1aab3b..287d249a99 100644 ---- a/UefiCpuPkg/Include/Library/MtrrLib.h -+++ b/UefiCpuPkg/Include/Library/MtrrLib.h -@@ -9,6 +9,8 @@ - #ifndef _MTRR_LIB_H_ - #define _MTRR_LIB_H_ - -+#include -+ - // - // According to IA32 SDM, MTRRs number and MSR offset are always consistent - // for IA32 processor family -@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ { - // Memory cache types - // - typedef enum { -- CacheUncacheable = 0, -- CacheWriteCombining = 1, -- CacheWriteThrough = 4, -- CacheWriteProtected = 5, -- CacheWriteBack = 6, -- CacheInvalid = 7 -+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE, -+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING, -+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH, -+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED, -+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK, -+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE, - } MTRR_MEMORY_CACHE_TYPE; - --#define MTRR_CACHE_UNCACHEABLE 0 --#define MTRR_CACHE_WRITE_COMBINING 1 --#define MTRR_CACHE_WRITE_THROUGH 4 --#define MTRR_CACHE_WRITE_PROTECTED 5 --#define MTRR_CACHE_WRITE_BACK 6 --#define MTRR_CACHE_INVALID_TYPE 7 -+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE -+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING -+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH -+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED -+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK -+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE - - typedef struct { - UINT64 BaseAddress; diff --git a/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch b/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch new file mode 100644 index 0000000..6420a87 --- /dev/null +++ b/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch @@ -0,0 +1,52 @@ +From 053e5bc8ca4b4e7f36f7fef4a50afdcb261cfd86 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP + memory acceptance + +When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and +initializing the emulated variable store happens before memory has been +accepted under SEV-SNP. This results in a #VC exception for accessing +memory that hasn't been validated (error code 0x404). The #VC handler +treats this error code as a fatal error, causing the OVMF boot to fail. + +Move the call to ReserveEmuVariableNvStore() to after memory has been +accepted by AmdSevInitialize(). + +Signed-off-by: Tom Lendacky +(cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87) +--- + OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 05b924f99f..54903cfca2 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -365,10 +365,6 @@ InitializePlatform ( + InitializeRamRegions (PlatformInfoHob); + + if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { +- if (!PlatformInfoHob->SmmSmramRequire) { +- ReserveEmuVariableNvStore (); +- } +- + PeiFvInitialization (PlatformInfoHob); + MemTypeInfoInitialization (PlatformInfoHob); + MemMapInitialization (PlatformInfoHob); +@@ -391,5 +387,15 @@ InitializePlatform ( + RelocateSmBase (); + } + ++ // ++ // Performed after CoCo (SEV/TDX) initialization to allow the memory ++ // used to be validated before being used. ++ // ++ if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { ++ if (!PlatformInfoHob->SmmSmramRequire) { ++ ReserveEmuVariableNvStore (); ++ } ++ } ++ + return EFI_SUCCESS; + } diff --git a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch b/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch deleted file mode 100644 index 4b65bd4..0000000 --- a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch +++ /dev/null @@ -1,49 +0,0 @@ -From dd543686c34fc3c6ddfafc0104066889ad9d1813 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:41 +0100 -Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-5-kraxel@redhat.com> - -patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -present_in_specfile: true -location_in_specfile: 52 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +- - OvmfPkg/Sec/SecMain.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 7094d86159..1a19f26178 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -69,7 +69,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 725b57e2fa..26963b924d 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -765,7 +765,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } diff --git a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch b/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch deleted file mode 100644 index 557b11d..0000000 --- a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch +++ /dev/null @@ -1,54 +0,0 @@ -From bbd537bc6560494b0b08886364c38406b1e8107a Mon Sep 17 00:00:00 2001 -From: Sam -Date: Wed, 29 May 2024 07:46:03 +0800 -Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in - iPXE environment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH" -REF: 1904a64 - -Issue Description: -An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle); - -Root Cause Analysis: -The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle. - -Implemented Solution: -To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle); - -This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error. - -Verification: -Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment. - -Cc: Doug Flick [MSFT] - -Signed-off-by: Sam Tsai [Wiwynn] -Reviewed-by: Saloni Kasbekar -(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3) ---- - NetworkPkg/TcpDxe/TcpDriver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c -index 40bba4080c..c6e7c0df54 100644 ---- a/NetworkPkg/TcpDxe/TcpDriver.c -+++ b/NetworkPkg/TcpDxe/TcpDriver.c -@@ -509,7 +509,7 @@ TcpDestroyService ( - // - // Destroy the instance of the hashing protocol for this controller. - // -- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle); -+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } diff --git a/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch b/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch new file mode 100644 index 0000000..0c320dd --- /dev/null +++ b/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch @@ -0,0 +1,103 @@ +From 5346863d58d9c3e8619bf37273e7a12862745f9f Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/PlatformInitLib: Retry NV vars FV check as shared + +When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be +populated and validated in PlatformValidateNvVarStore(). When an SEV +or an SEV-ES guest is running, this may be encrypted or unencrypted +depending on how the guest was started. If the guest was started with the +combined code and variable contents (OVMF.fd), then the variable store +will be encrypted. If the guest was started with the separate code and +variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable +store will be unencrypted. + +When PlatformValidateNvVarStore() is first invoked, the variable store +area is initially mapped encrypted, which may or may not pass the variable +validation step depending how the guest was launched. To accomodate this, +retry the validation step on failure after remapping the variable store +area as unencrypted. + +Signed-off-by: Tom Lendacky +(cherry picked from commit d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6) +--- + OvmfPkg/Library/PlatformInitLib/Platform.c | 32 +++++++++++++++++-- + .../PlatformInitLib/PlatformInitLib.inf | 1 + + 2 files changed, 31 insertions(+), 2 deletions(-) + +diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c +index 10fc17355f..715533b1f2 100644 +--- a/OvmfPkg/Library/PlatformInitLib/Platform.c ++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include + +@@ -774,6 +775,8 @@ PlatformValidateNvVarStore ( + EFI_FIRMWARE_VOLUME_HEADER *NvVarStoreFvHeader; + VARIABLE_STORE_HEADER *NvVarStoreHeader; + AUTHENTICATED_VARIABLE_HEADER *VariableHeader; ++ BOOLEAN Retry; ++ EFI_STATUS Status; + + static EFI_GUID FvHdrGUID = EFI_SYSTEM_NV_DATA_FV_GUID; + static EFI_GUID VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID; +@@ -792,6 +795,15 @@ PlatformValidateNvVarStore ( + // + NvVarStoreFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)NvVarStoreBase; + ++ // ++ // SEV and SEV-ES can use separate flash devices for OVMF code and ++ // OVMF variables. In this case, the OVMF variables will need to be ++ // mapped unencrypted. If the initial validation fails, remap the ++ // NV variable store as unencrypted and retry the validation. ++ // ++ Retry = MemEncryptSevIsEnabled (); ++ ++RETRY: + if ((!IsZeroBuffer (NvVarStoreFvHeader->ZeroVector, 16)) || + (!CompareGuid (&FvHdrGUID, &NvVarStoreFvHeader->FileSystemGuid)) || + (NvVarStoreFvHeader->Signature != EFI_FVH_SIGNATURE) || +@@ -801,8 +813,24 @@ PlatformValidateNvVarStore ( + (NvVarStoreFvHeader->FvLength != NvVarStoreSize) + ) + { +- DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n")); +- return FALSE; ++ if (!Retry) { ++ DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n")); ++ return FALSE; ++ } ++ ++ DEBUG ((DEBUG_INFO, "Remapping NvVarStore as shared\n")); ++ Status = MemEncryptSevClearMmioPageEncMask ( ++ 0, ++ (UINTN)NvVarStoreBase, ++ EFI_SIZE_TO_PAGES (NvVarStoreSize) ++ ); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Failed to map NvVarStore as shared\n")); ++ return FALSE; ++ } ++ ++ Retry = FALSE; ++ goto RETRY; + } + + // +diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +index 3e63ef4423..fb179e6791 100644 +--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf ++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +@@ -48,6 +48,7 @@ + HobLib + QemuFwCfgLib + QemuFwCfgSimpleParserLib ++ MemEncryptSevLib + MemoryAllocationLib + MtrrLib + PcdLib diff --git a/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch b/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch new file mode 100644 index 0000000..6c4d0d0 --- /dev/null +++ b/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch @@ -0,0 +1,28 @@ +From 258df7ab1f8074aac3a664f39747ea7f784b6e73 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/EmuVariableFvbRuntimeDxe: Issue NV vars + initializitation message + +Add a debug message that indicates when the NV variables are being +initialized through the template structure. + +Signed-off-by: Tom Lendacky +(cherry picked from commit 6142f0a8a53557ba50300c762a15bf3c18382162) +--- + OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c +index c07e38966e..cc476c7df2 100644 +--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c ++++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c +@@ -692,6 +692,8 @@ InitializeFvAndVariableStoreHeaders ( + // + Fv = (EFI_FIRMWARE_VOLUME_HEADER *)Ptr; + Fv->Checksum = CalculateCheckSum16 (Ptr, Fv->HeaderLength); ++ ++ DEBUG ((DEBUG_INFO, "EMU Variable FVB: Initialized FV using template structure\n")); + } + + /** diff --git a/0035-OvmfPkg-add-morlock-support.patch b/0035-OvmfPkg-add-morlock-support.patch deleted file mode 100644 index 1ad1a30..0000000 --- a/0035-OvmfPkg-add-morlock-support.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 3f8eab199430de18c1c6a98d1d0772499b17cc86 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 8 May 2024 13:14:26 +0200 -Subject: [PATCH] OvmfPkg: add morlock support - -Add dsc + fdf include files to add the MorLock drivers to the build. -Add the include files to OVMF build configurations. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca) ---- - OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++ - OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++ - OvmfPkg/OvmfPkgIa32.dsc | 1 + - OvmfPkg/OvmfPkgIa32.fdf | 1 + - OvmfPkg/OvmfPkgIa32X64.dsc | 1 + - OvmfPkg/OvmfPkgIa32X64.fdf | 1 + - OvmfPkg/OvmfPkgX64.dsc | 1 + - OvmfPkg/OvmfPkgX64.fdf | 1 + - 8 files changed, 26 insertions(+) - create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc - -diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -new file mode 100644 -index 0000000000..a8c5fb24b8 ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -new file mode 100644 -index 0000000000..20b7d6619a ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d8ae542686..65a866ae0c 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -887,6 +887,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0ffa3be750..10eb6fe72b 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 52ac2c96fc..679e25501b 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -901,6 +901,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index c4f3ec0735..ff06bbfc6f 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index f76d0ef7bc..d294fd4625 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -969,6 +969,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index bedd85ef7a..f3b787201f 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - diff --git a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch b/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch deleted file mode 100644 index 653b277..0000000 --- a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 3899f089b8197f52ca63fe1561f8e5e1341f8198 Mon Sep 17 00:00:00 2001 -From: Pedro Falcato -Date: Tue, 22 Nov 2022 22:31:03 +0000 -Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID - -RDRAND has notoriously been broken many times over its lifespan. -Add a smoketest to RDRAND, in order to better sniff out potential -security concerns. - -Also add a proper CPUID test in order to support older CPUs which may -not have it; it was previously being tested but then promptly ignored. - -Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c -:x86_init_rdrand() per commit 049f9ae9.. - -Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection -code to MIT and the public domain. - ->On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld wrote: - <..> -> I (re)wrote that function in Linux. I hereby relicense it as MIT, and -> also place it into public domain. Do with it what you will now. -> -> Jason - -BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163 - -Signed-off-by: Pedro Falcato -Cc: Michael D Kinney -Cc: Liming Gao -Cc: Zhiguang Liu -Cc: Jason A. Donenfeld -(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a) ---- - MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++-- - 1 file changed, 91 insertions(+), 8 deletions(-) - -diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -index 9bd68352f9..06d2a6f12d 100644 ---- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c -+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -@@ -3,6 +3,7 @@ - to provide high-quality random numbers. - - Copyright (c) 2023, Arm Limited. All rights reserved.
-+Copyright (c) 2022, Pedro Falcato. All rights reserved.
- Copyright (c) 2021, NUVIA Inc. All rights reserved.
- Copyright (c) 2015, Intel Corporation. All rights reserved.
- -@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - STATIC BOOLEAN mRdRandSupported; - -+// -+// Intel SDM says 10 tries is good enough for reliable RDRAND usage. -+// -+#define RDRAND_RETRIES 10 -+ -+#define RDRAND_TEST_SAMPLES 8 -+ -+#define RDRAND_MIN_CHANGE 5 -+ -+// -+// Add a define for native-word RDRAND, just for the test. -+// -+#ifdef MDE_CPU_X64 -+#define ASM_RDRAND AsmRdRand64 -+#else -+#define ASM_RDRAND AsmRdRand32 -+#endif -+ -+/** -+ Tests RDRAND for broken implementations. -+ -+ @retval TRUE RDRAND is reliable (and hopefully safe). -+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID. -+ -+**/ -+STATIC -+BOOLEAN -+TestRdRand ( -+ VOID -+ ) -+{ -+ // -+ // Test for notoriously broken rdrand implementations that always return the same -+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s). -+ // Note that this should be expanded to extensively test for other sorts of possible errata. -+ // -+ -+ // -+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects -+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage. -+ // -+ UINTN Prev; -+ UINT8 Idx; -+ UINT8 TestIteration; -+ UINT32 Changed; -+ -+ Changed = 0; -+ -+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) { -+ UINTN Sample; -+ // -+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c -+ // Any failure to get a random number will assume RDRAND does not work. -+ // -+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) { -+ if (ASM_RDRAND (&Sample)) { -+ break; -+ } -+ } -+ -+ if (Idx == RDRAND_RETRIES) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n")); -+ return FALSE; -+ } -+ -+ if (TestIteration != 0) { -+ Changed += Sample != Prev; -+ } -+ -+ Prev = Sample; -+ } -+ -+ if (Changed < RDRAND_MIN_CHANGE) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n")); -+ return FALSE; -+ } -+ -+ return TRUE; -+} -+ -+#undef ASM_RDRAND -+ - /** - The constructor function checks whether or not RDRAND instruction is supported - by the host hardware. -@@ -48,10 +131,13 @@ BaseRngLibConstructor ( - // CPUID. A value of 1 indicates that processor support RDRAND instruction. - // - AsmCpuid (1, 0, 0, &RegEcx, 0); -- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - - mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - -+ if (mRdRandSupported) { -+ mRdRandSupported = TestRdRand (); -+ } -+ - return EFI_SUCCESS; - } - -@@ -70,6 +156,7 @@ ArchGetRandomNumber16 ( - OUT UINT16 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand16 (Rand); - } - -@@ -88,6 +175,7 @@ ArchGetRandomNumber32 ( - OUT UINT32 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand32 (Rand); - } - -@@ -106,6 +194,7 @@ ArchGetRandomNumber64 ( - OUT UINT64 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand64 (Rand); - } - -@@ -122,13 +211,7 @@ ArchIsRngSupported ( - VOID - ) - { -- /* -- Existing software depends on this always returning TRUE, so for -- now hard-code it. -- -- return mRdRandSupported; -- */ -- return TRUE; -+ return mRdRandSupported; - } - - /** diff --git a/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch b/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch new file mode 100644 index 0000000..2a6ed95 --- /dev/null +++ b/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch @@ -0,0 +1,51 @@ +From ff94bd905431b9cdc3b3f376d029c769024579a0 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 23 Aug 2024 11:55:31 +0200 +Subject: [PATCH] OvmfPkg/PlatformInitLib: enable x2apic mode if needed + +Enable x2apic mode in case the number of possible CPUs (including +hotplug-able CPus which are not (yet) online) is larger than 255. + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 8c8e05db24d8578cf87669e491f983fbd8357d55) +--- + OvmfPkg/Library/PlatformInitLib/Platform.c | 6 ++++++ + OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c +index 715533b1f2..afe8b0abd6 100644 +--- a/OvmfPkg/Library/PlatformInitLib/Platform.c ++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -720,6 +721,11 @@ PlatformMaxCpuCountInitialization ( + )); + ASSERT (BootCpuCount <= MaxCpuCount); + ++ if (MaxCpuCount > 255) { ++ DEBUG ((DEBUG_INFO, "%a: enable x2apic mode\n", __func__)); ++ SetApicMode (LOCAL_APIC_MODE_X2APIC); ++ } ++ + PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber = MaxCpuCount; + PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount; + } +diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +index fb179e6791..c79b2ee106 100644 +--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf ++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +@@ -48,6 +48,7 @@ + HobLib + QemuFwCfgLib + QemuFwCfgSimpleParserLib ++ LocalApicLib + MemEncryptSevLib + MemoryAllocationLib + MtrrLib diff --git a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch b/0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch similarity index 79% rename from edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch rename to 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch index c5bf10a..7c456f2 100644 --- a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch +++ b/0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch @@ -1,14 +1,8 @@ -From 47d6a4638ea73965ce1a43248e27b688dddc26ee Mon Sep 17 00:00:00 2001 +From 16e51b6f9f7aec58233869874e1ad106eca15684 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Mon, 4 Nov 2024 19:00:11 +0100 Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng -RH-Author: Oliver Steffen -RH-MergeRequest: 84: OvmfPkg: Rerun dispatcher after initializing virtio-rng -RH-Jira: RHEL-58631 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] d663321aab28f000c279bfac6dbaaa378678532e (osteffen/edk2) - Since the pixiefail CVE fix the network stack requires a hardware random number generator. This can currently be a modern CPU supporting the RDRAND instruction or a virtio-rng device. @@ -23,6 +17,7 @@ Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") Analysed-by: Stefano Garzarella Suggested-by: Gerd Hoffmann Signed-off-by: Oliver Steffen +(cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f) --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++ 1 file changed, 2 insertions(+) @@ -40,6 +35,3 @@ index 87d1ac3142..1f1298eb0b 100644 } return EFI_SUCCESS; --- -2.45.1 - diff --git a/0037-SecurityPkg-RngDxe-add-rng-test.patch b/0037-SecurityPkg-RngDxe-add-rng-test.patch deleted file mode 100644 index b894821..0000000 --- a/0037-SecurityPkg-RngDxe-add-rng-test.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 4947d363211159647e9266fa20ad9d4c8bc52f71 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 31 May 2024 09:49:13 +0200 -Subject: [PATCH] SecurityPkg/RngDxe: add rng test - -Check whenever RngLib actually returns random numbers, only return -a non-zero number of Algorithms if that is the case. - -This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL -only in case it can actually deliver random numbers. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d) ---- - SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -index 5723ed6957..8b0742bab6 100644 ---- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -@@ -23,6 +23,7 @@ - - #include - #include -+#include - - #include "RngDxeInternals.h" - -@@ -43,7 +44,12 @@ GetAvailableAlgorithms ( - VOID - ) - { -- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ UINT64 RngTest; -+ -+ if (GetRandomNumber64 (&RngTest)) { -+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ } -+ - return EFI_SUCCESS; - } - diff --git a/0038-OvmfPkg-wire-up-RngDxe.patch b/0038-OvmfPkg-wire-up-RngDxe.patch deleted file mode 100644 index 71d66be..0000000 --- a/0038-OvmfPkg-wire-up-RngDxe.patch +++ /dev/null @@ -1,301 +0,0 @@ -From 0aa96c512c689426838ec1cf4aa78ff088c03a1e Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 24 May 2024 12:51:17 +0200 -Subject: [PATCH] OvmfPkg: wire up RngDxe - -Add OvmfRng include snippets with the random number generator -configuration for OVMF. Include RngDxe, build with BaseRngLib, -so the rdrand instruction is used (if available). - -Also move VirtioRng to the include snippets. - -Use the new include snippets for OVMF builds. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b) ---- - OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- - OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- - OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++ - OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++ - OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- - OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +- - OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- - OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 14 files changed, 27 insertions(+), 12 deletions(-) - create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - -diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cf1ad83e09..4edc2a9069 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.dsc -+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -649,7 +649,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -740,6 +739,7 @@ - OvmfPkg/AmdSev/Grub/Grub.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf { -diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c56c98dc85..480837b0fa 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.fdf -+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -new file mode 100644 -index 0000000000..68839a0caa ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -@@ -0,0 +1,9 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { -+ -+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf -+ } -+ OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -new file mode 100644 -index 0000000000..99cb4a32b1 ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -@@ -0,0 +1,6 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf -+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 9f49b60ff0..4b7e1596fc 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -@@ -636,7 +636,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -719,6 +718,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -index ce5d542048..88d0f75ae2 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE - # - INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - INF OvmfPkg/PlatformDxe/Platform.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index fb73f2e089..9206f01816 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.dsc -+++ b/OvmfPkg/Microvm/MicrovmX64.dsc -@@ -760,7 +760,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf - MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -@@ -846,6 +845,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf -index 055e659a35..c8268d7e8c 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.fdf -+++ b/OvmfPkg/Microvm/MicrovmX64.fdf -@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - - !if $(SECURE_BOOT_ENABLE) == TRUE -@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 65a866ae0c..b64c215585 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -784,7 +784,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -888,6 +887,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 10eb6fe72b..c31276e4a3 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 679e25501b..ececac3757 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -798,7 +798,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -902,6 +901,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index ff06bbfc6f..a7b4aeac08 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d294fd4625..0ab4d3df06 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -866,7 +866,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -970,6 +969,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index f3b787201f..ae08ac4fe9 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - diff --git a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch b/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch deleted file mode 100644 index 0194b84..0000000 --- a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d5d19043e62a268a492f9a1ef6a11380d8f7e784 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:49 +0200 -Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList - -Needed to properly initialize BaseRngLib. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201) ---- - .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -index d0c1c7a4f7..48d463b8ad 100644 ---- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -@@ -8,6 +8,12 @@ - **/ - #include "TestBaseCryptLib.h" - -+VOID -+EFIAPI -+ProcessLibraryConstructorList ( -+ VOID -+ ); -+ - /** - Initialize the unit test framework, suite, and unit tests for the - sample unit tests and run the unit tests. -@@ -76,5 +82,6 @@ main ( - char *argv[] - ) - { -+ ProcessLibraryConstructorList (); - return UefiTestMain (); - } diff --git a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch b/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch deleted file mode 100644 index d32e748..0000000 --- a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 320207a3df995771af36639c7bdf89c4203cf1c2 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:53 +0200 -Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit - -Set the rdrand feature bit when faking cpuid for host test cases. -Needed to make the CryptoPkg test cases work. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4) ---- - MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c -index 8ba4f54a38..7f7276f7f4 100644 ---- a/MdePkg/Library/BaseLib/X86UnitTestHost.c -+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c -@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid ( - OUT UINT32 *Edx OPTIONAL - ) - { -+ UINT32 RetEcx; -+ -+ RetEcx = 0; -+ switch (Index) { -+ case 1: -+ RetEcx |= BIT30; /* RdRand */ -+ break; -+ } -+ - if (Eax != NULL) { - *Eax = 0; - } -@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid ( - } - - if (Ecx != NULL) { -- *Ecx = 0; -+ *Ecx = RetEcx; - } - - if (Edx != NULL) { diff --git a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch b/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch deleted file mode 100644 index 8656838..0000000 --- a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 481310a21104aba17bc0cddd236ecdf69d4ba662 Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 26 Aug 2024 19:25:52 +0200 -Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP - -RH-Author: Oliver Steffen -RH-MergeRequest: 68: AmdSevDxe: Fix the shim fallback reboot workaround for SNP -RH-Jira: RHEL-56081 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] ab8678b61d171f9c19459e034483437b29037b4b (osteffen/edk2) - -The shim fallback reboot workaround (introduced for SEV-ES) does -not always work for SEV-SNP, due to a conditional early return. - -Let's just register the workaround earlier in this function to -fix that. - -Signed-off-by: Oliver Steffen ---- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index 0eb88e50ff..ca345e95da 100644 ---- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c -+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint ( - return EFI_UNSUPPORTED; - } - -+ // Shim fallback reboot workaround -+ Status = gBS->CreateEventEx ( -+ EVT_NOTIFY_SIGNAL, -+ TPL_CALLBACK, -+ PopulateVarstore, -+ SystemTable, -+ &gEfiEndOfDxeEventGroupGuid, -+ &PopulateVarstoreEvent -+ ); -+ ASSERT_EFI_ERROR (Status); -+ - // - // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent - // memory space. The NonExistent memory space will be used for mapping the -@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint ( - ); - } - -- Status = gBS->CreateEventEx ( -- EVT_NOTIFY_SIGNAL, -- TPL_CALLBACK, -- PopulateVarstore, -- SystemTable, -- &gEfiEndOfDxeEventGroupGuid, -- &PopulateVarstoreEvent -- ); -- ASSERT_EFI_ERROR (Status); -- - return EFI_SUCCESS; - } --- -2.39.3 - diff --git a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch b/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch deleted file mode 100644 index 2198b6f..0000000 --- a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 880c1ca7420b873c5f81563b122d7bd1ebad72cb Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 4 Mar 2024 15:32:58 +0100 -Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing - variables - -RH-Author: Oliver Steffen -RH-MergeRequest: 64: MdeModulePkg: Warn if out of flash space when writing variables -RH-Jira: RHEL-43442 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] b65130800090192f47f13d67ff14f902a4f5bfb5 (osteffen/edk2) - -Emit a DEBUG_WARN message if there is not enough flash space left to -write/update a variable. This condition is currently not logged -appropriately in all cases, given that full variable store can easily -render the system unbootable. -This new message helps identifying this condition. - -Signed-off-by: Oliver Steffen -Reviewed-by: Laszlo Ersek -Reviewed-by: Gerd Hoffmann -(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88) -Signed-off-by: Oliver Steffen ---- - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -index d394d237a5..1c7659031d 100644 ---- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -@@ -2364,6 +2364,8 @@ Done: - ); - ASSERT_EFI_ERROR (Status); - } -+ } else if (Status == EFI_OUT_OF_RESOURCES) { -+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n")); - } - - return Status; --- -2.39.3 - diff --git a/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch b/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch deleted file mode 100644 index bab07f4..0000000 --- a/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch +++ /dev/null @@ -1,50 +0,0 @@ -From effd0f360ea1186b2b6af0aa2420d4bf779d51ef Mon Sep 17 00:00:00 2001 -From: Jon Maloy -Date: Tue, 1 Oct 2024 18:40:41 -0400 -Subject: [PATCH 3/3] MdePkg: Fix overflow issue in BasePeCoffLib - -RH-Author: Jon Maloy -RH-MergeRequest: 78: MdePkg: Fix overflow issue in BasePeCoffLib -RH-Jira: RHEL-60833 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/1] 812453d5d03bcd92dfa6aea594af6214569c419e - -JIRA: https://issues.redhat.com/browse/RHEL-60833 -CVE: CVE-2024-38796 -Upstream: Merged - -commit c95233b8525ca6828921affd1496146cff262e65 -Author: Doug Flick -Date: Fri Sep 27 12:08:55 2024 -0700 - - MdePkg: Fix overflow issue in BasePeCoffLib - - The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is - also a UINT32 value. The current code does not check for overflow when - adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a - check to ensure that the addition does not overflow. - - Signed-off-by: Doug Flick - Authored-by: sriraamx gobichettipalayam - -Signed-off-by: Jon Maloy ---- - MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -index 86ff2e769b..128090d98e 100644 ---- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage ( - RelocDir = &Hdr.Te->DataDirectory[0]; - } - -- if ((RelocDir != NULL) && (RelocDir->Size > 0)) { -+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) { - RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset); - RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress ( - ImageContext, --- -2.39.3 - diff --git a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch b/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch deleted file mode 100644 index 18fb2ab..0000000 --- a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 7cbd00792445ad50e861e4835cdb5ba60466aae3 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 19 Jun 2024 09:07:56 +0200 -Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging - -RH-Author: Oliver Steffen -RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging -RH-Jira: RHEL-45899 -RH-Commit: [1/2] 15135d672cef4310cb29f8a55146f36b2ee1f15d (osteffen/edk2) - -There is a list of allowed rng algorithms, if /one/ of them is not -supported this is not a problem, only /all/ of them failing is an -error condition. - -Downgrade the message for a single unsupported algorithm from ERROR to -VERBOSE. Add an error message in case we finish the loop without -finding a supported algorithm. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 6862b9d538d96363635677198899e1669e591259) ---- - NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 01c13c08d2..4dfbe91a55 100644 ---- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -951,7 +951,7 @@ PseudoRandom ( - // - // Secure Algorithm was not supported on this platform - // -- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); -+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); - - // - // Try the next secure algorithm -@@ -971,6 +971,7 @@ PseudoRandom ( - // If we get here, we failed to generate random data using any secure algorithm - // Platform owner should ensure that at least one secure algorithm is supported - // -+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n")); - ASSERT_EFI_ERROR (Status); - return Status; - } --- -2.39.3 - diff --git a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch b/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch deleted file mode 100644 index eff7e1b..0000000 --- a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 29 Aug 2024 09:20:29 +0200 -Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit -RH-Jira: RHEL-56974 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2) - -Let APs wait until the BSP has completed the register updates to remove -the CPU. This makes sure all APs stay in SMM mode until the CPU -hot-unplug operation is complete, which in turn makes sure the ACPI lock -is released only after the CPU hot-unplug operation is complete. - -Some background: The CPU hotplug SMI is triggered from an ACPI function -which is protected by an ACPI lock. The ACPI function is in the ACPI -tables generated by qemu. - -Signed-off-by: Gerd Hoffmann - -upstream: submitted (https://github.com/tianocore/edk2/pull/6138) ---- - OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -index d504163026..5af78211d3 100644 ---- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -@@ -355,6 +355,11 @@ EjectCpu ( - // - QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum]; - if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) { -+ /* wait until BSP is done */ -+ while (mCpuHotEjectData->Handler != NULL) { -+ CpuPause (); -+ } -+ - return; - } - --- -2.39.3 - diff --git a/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch b/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch deleted file mode 100644 index 5be4623..0000000 --- a/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 126d004ce8884b68621394a62cf8a467c34d5d5b Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 23 Aug 2024 14:36:16 +0200 -Subject: [PATCH 2/3] OvmfPkg/QemuVideoDxe: ignore display resolutions smaller - than 640x480 - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 72: ignore display resolutions smaller than 640x480 -RH-Jira: RHEL-56248 -RH-Acked-by: Oliver Steffen -RH-Commit: [2/2] 376e5213497c007cd88bd8f7df9980d28f0fd143 (kraxel.rh/centos-src-edk2) - -GraphicsConsoleDxe will assert in case the resolution is too small. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 391666da2c1dc5671bbb3393079d86f46e3435af) ---- - OvmfPkg/QemuVideoDxe/Initialize.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/OvmfPkg/QemuVideoDxe/Initialize.c b/OvmfPkg/QemuVideoDxe/Initialize.c -index 050ae878ec..2d1f50637f 100644 ---- a/OvmfPkg/QemuVideoDxe/Initialize.c -+++ b/OvmfPkg/QemuVideoDxe/Initialize.c -@@ -293,6 +293,8 @@ QemuVideoBochsEdid ( - ) - { - EFI_STATUS Status; -+ UINT32 X; -+ UINT32 Y; - - if (Private->Variant != QEMU_VIDEO_BOCHS_MMIO) { - return; -@@ -344,16 +346,24 @@ QemuVideoBochsEdid ( - return; - } - -- *XRes = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4); -- *YRes = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4); -+ X = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4); -+ Y = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4); - DEBUG (( - DEBUG_INFO, - "%a: default resolution: %dx%d\n", - __func__, -- *XRes, -- *YRes -+ X, -+ Y - )); - -+ if ((X < 640) || (Y < 480)) { -+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */ -+ return; -+ } -+ -+ *XRes = X; -+ *YRes = Y; -+ - if (PcdGet8 (PcdVideoResolutionSource) == 0) { - Status = PcdSet32S (PcdVideoHorizontalResolution, *XRes); - ASSERT_RETURN_ERROR (Status); --- -2.39.3 - diff --git a/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch b/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch deleted file mode 100644 index 111c4a6..0000000 --- a/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f53820c753be836a79d5743d4181f6827e12bcdf Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 23 Aug 2024 14:35:53 +0200 -Subject: [PATCH 1/3] OvmfPkg/VirtioGpuDxe: ignore display resolutions smaller - than 640x480 - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 72: ignore display resolutions smaller than 640x480 -RH-Jira: RHEL-56248 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/2] 1d63fc76f46a6adb49e6c9447563d70ff9728b04 (kraxel.rh/centos-src-edk2) - -GraphicsConsoleDxe will assert in case the resolution is too small. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 58035e8b5e11cfe2b9e6428d14c7817b6b1c83a2) ---- - OvmfPkg/VirtioGpuDxe/Gop.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/OvmfPkg/VirtioGpuDxe/Gop.c b/OvmfPkg/VirtioGpuDxe/Gop.c -index f64dfce5f4..d767114bbb 100644 ---- a/OvmfPkg/VirtioGpuDxe/Gop.c -+++ b/OvmfPkg/VirtioGpuDxe/Gop.c -@@ -265,7 +265,8 @@ GopInitialize ( - // query host for display resolution - // - GopNativeResolution (VgpuGop, &XRes, &YRes); -- if ((XRes == 0) || (YRes == 0)) { -+ if ((XRes < 640) || (YRes < 480)) { -+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */ - return; - } - --- -2.39.3 - diff --git a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch b/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch deleted file mode 100644 index 6e09d72..0000000 --- a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch +++ /dev/null @@ -1,142 +0,0 @@ -From c4aa4797fafa3a627205eaa346401e399d4a7146 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 27 Aug 2024 12:06:15 +0200 -Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if - not needed. - -RH-Author: Oliver Steffen -RH-MergeRequest: 71: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed. -RH-Jira: RHEL-45847 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] 70ceffb2c1e695276af87d3aa334fe9be8e2e90e (osteffen/edk2) - -Add the new global mMsrIa32MiscEnableSupported variable to track -whenever support for the IA32_MISC_ENABLE MSR is present or not. - -Add new local PatchingNeeded variable to CheckFeatureSupported() -to track if patching the SMM setup code is needed or not. - -Issue PatchInstructionX86() calls only if needed, i.e. if one of -the *Supported variables has been updated. - -Result is that on a typical SMP machine where all processors are -identical the PatchInstructionX86() calls are issued only once, -when checking the first processor. Specifically this avoids -PatchInstructionX86() being called in OVMF on CPU hotplug. That -is important because instruction patching at runtime does not not -work and leads to page faults. - -This fixes CPU hotplug on OVMF not working with AMD cpus. - -Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase") -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4) ---- - UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++----- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -index 8142d3ceac..8e299fd29a 100644 ---- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE; - // - BOOLEAN mBtsSupported = TRUE; - -+// -+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor -+// -+BOOLEAN mMsrIa32MiscEnableSupported = TRUE; -+ - // - // The flag indicates if SMM profile starts to record data. - // -@@ -904,18 +909,23 @@ CheckFeatureSupported ( - UINT32 RegEcx; - UINT32 RegEdx; - MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr; -+ BOOLEAN PatchingNeeded = FALSE; - - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) { - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); - if ((RegEcx & CPUID_CET_SS) == 0) { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } else { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -925,8 +935,10 @@ CheckFeatureSupported ( - // - // Extended CPUID functions are not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); -@@ -934,15 +946,20 @@ CheckFeatureSupported ( - // - // Execute Disable Bit feature is not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - if (StandardSignatureIsAuthenticAMD ()) { - // - // AMD processors do not support MSR_IA32_MISC_ENABLE - // -- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ if (mMsrIa32MiscEnableSupported) { -+ mMsrIa32MiscEnableSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -966,6 +983,20 @@ CheckFeatureSupported ( - } - } - } -+ -+ if (PatchingNeeded) { -+ if (!mCetSupported) { -+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ } -+ -+ if (!mXdSupported) { -+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ } -+ -+ if (!mMsrIa32MiscEnableSupported) { -+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ } -+ } - } - - /** --- -2.39.3 - diff --git a/edk2-build.py b/edk2-build.py index cee7541..5f02ecb 100755 --- a/edk2-build.py +++ b/edk2-build.py @@ -248,7 +248,7 @@ def build_one(cfg, build, jobs = None, silent = False, nologs = False): def build_basetools(silent = False, nologs = False): build_message('building: BaseTools', silent = silent) - basedir = os.environ['EDK_TOOLS_PATH'] + basedir = os.environ['EDK_TOOLS_PATH'] + '/Source/C' cmdline = [ 'make', '-C', basedir ] build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs) diff --git a/edk2-build.rhel-9 b/edk2-build.rhel-9 index 9088bf8..97564a6 100644 --- a/edk2-build.rhel-9 +++ b/edk2-build.rhel-9 @@ -16,14 +16,12 @@ FD_SIZE_4MB = TRUE [opts.ovmf.sb.smm] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = TRUE -# old downstream -EXCLUDE_SHELL_FROM_FD = TRUE -# new upstream BUILD_SHELL = FALSE [opts.ovmf.sb.stateless] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = FALSE +BUILD_SHELL = FALSE [opts.armvirt.verbose] DEBUG_PRINT_ERROR_LEVEL = 0x8040004F @@ -32,6 +30,9 @@ DEBUG_PRINT_ERROR_LEVEL = 0x8040004F DEBUG_PRINT_ERROR_LEVEL = 0x80000000 +[pcds.la57] +PcdUse5LevelPageTable = TRUE + [pcds.nx.strict] PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 PcdUninstallMemAttrProtocol = FALSE @@ -52,6 +53,7 @@ conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m +pcds = la57 plat = OvmfX64 dest = RHEL-9/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd @@ -65,6 +67,7 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm +pcds = la57 plat = OvmfX64 dest = RHEL-9/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd @@ -91,6 +94,7 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.stateless +pcds = la57 plat = IntelTdx dest = RHEL-9/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd diff --git a/edk2.spec b/edk2.spec index 70abe34..631bcef 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,8 +1,8 @@ ExclusiveArch: x86_64 aarch64 -# edk2-stable202405 -%define GITDATE 20240524 -%define GITCOMMIT 3e722403cd +# edk2-stable202411 +%define GITDATE 20241117 +%define GITCOMMIT 0f3867fa6ef0 %define TOOLCHAIN GCC %define OPENSSL_VER 3.0.7 @@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 10%{?dist} +Release: 1%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -33,6 +33,7 @@ URL: http://www.tianocore.org Source0: edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz +Source3: dtc-1.7.0.tar.xz # json description files Source10: 50-edk2-aarch64-qcow2.json @@ -74,45 +75,18 @@ Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch -Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch -Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch -Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch -Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch -Patch33: 0035-OvmfPkg-add-morlock-support.patch -Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch -Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch -Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch -Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch -Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch -# For RHEL-43442 - edk2 disconnects abnormally before loading the kernel -Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch -# For RHEL-45899 - [RHEL-9.5.0] edk2 hit Failed to generate random data -Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch -# For RHEL-45899 - [RHEL-9.5.0] edk2 hit Failed to generate random data -Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch -# For RHEL-56081 - [EDK2] Shim fallback reboot workaround might not work on SNP -Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch -# For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic -Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch -# For RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9] -Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch -# For RHEL-56248 - 507x510 display resolution should not crash the firmware [edk2,rhel-9.6] -Patch45: edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch -# For RHEL-56248 - 507x510 display resolution should not crash the firmware [edk2,rhel-9.6] -Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch -# For RHEL-60833 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-9.6] -Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch -# For RHEL-65725 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6] -Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch -# For RHEL-66230 - [Regression] [aarch64] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.6] -Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch -# For RHEL-58631 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater -Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch +Patch24: 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +Patch25: 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch +Patch26: 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +Patch27: 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +Patch28: 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +Patch29: 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +Patch30: 0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch +Patch31: 0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch +Patch32: 0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch +Patch33: 0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch +Patch34: 0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch +Patch35: 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -222,6 +196,7 @@ cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} . cp -a -- %{SOURCE80} %{SOURCE82} . cp -a -- %{SOURCE90} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x +tar -xf %{SOURCE3} --strip-components=1 --directory MdePkg/Library/BaseFdtLib/libfdt # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . @@ -447,6 +422,11 @@ install -m 0644 \ %changelog +* Mon Dec 09 2024 Miroslav Rezanina - 20241117-1 +- Update to edk2-stable202411 +- Resolves: RHEL-58063 + ([edk2,rhel-9] rebase to edk2-stable202411) + * Fri Nov 22 2024 Jon Maloy - 20240524-10 - edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-58631] - Resolves: RHEL-58631 diff --git a/sources b/sources index 3d96e18..947271f 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 -SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d +SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb +SHA512 (edk2-0f3867fa6ef0.tar.xz) = 256280ea6f777d1c0f6b803ec791b28955d6568128f303bbf1447f512dc808c5a72f1e8074d9cebb89605c330569fcdcf2d5fdf5611bf3c442c72c67a5a100e0 SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9