diff --git a/.gitignore b/.gitignore index 030f1e0..76e31ba 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ /openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz /openssl-rhel-*.tar.xz /DBXUpdate-*.x64.bin +/dtc-1.7.0.tar.xz diff --git a/0003-Remove-paths-leading-to-submodules.patch b/0003-Remove-paths-leading-to-submodules.patch index 1c76597..31c4f9e 100644 --- a/0003-Remove-paths-leading-to-submodules.patch +++ b/0003-Remove-paths-leading-to-submodules.patch @@ -1,4 +1,4 @@ -From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001 +From 7c992488db69cd0f5f4e26eb7819907f3bb3b5b4 Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 24 Mar 2022 03:23:02 -0400 Subject: [PATCH] Remove paths leading to submodules @@ -27,7 +27,7 @@ index 5275f657ef..39d7199753 100644 EfiRom \ GenFfs \ diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index f7339f0aec..badb93238f 100644 +index b9bc7041f2..168f224d4b 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -26,9 +26,6 @@ @@ -41,7 +41,7 @@ index f7339f0aec..badb93238f 100644 ## @libraryclass Defines a set of methods to reset whole system. ResetSystemLib|Include/Library/ResetSystemLib.h diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec -index bf94549cbf..605b0f1be8 100644 +index 624f626360..46ce26916b 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec @@ -29,7 +29,6 @@ diff --git a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 081fccc..3fbb2b4 100644 --- a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,4 +1,4 @@ -From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001 +From 36fd1664301ede2fb27811f03db77333170bcf05 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode @@ -99,10 +99,10 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index badb93238f..3a67acc090 100644 +index 168f224d4b..5b6287341f 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -2222,6 +2222,10 @@ +@@ -2275,6 +2275,10 @@ # @Prompt The value is use for Usb Network rate limiting supported. gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028 diff --git a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 98fddad..17dbb63 100644 --- a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,4 +1,4 @@ -From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001 +From 384f25e733e073e3641c7e1889cd423f9f038298 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH @@ -83,7 +83,7 @@ Signed-off-by: Laszlo Ersek 9 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 8eb6f4f24f..627fded641 100644 +index 40553c0019..b51eba71fc 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -484,6 +484,7 @@ @@ -95,7 +95,7 @@ index 8eb6f4f24f..627fded641 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc -index 4996885301..51a49c09ad 100644 +index 38137d8c13..542ca013e2 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -581,6 +581,7 @@ @@ -107,7 +107,7 @@ index 4996885301..51a49c09ad 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 0931ce061a..9f49b60ff0 100644 +index fc1332598e..4b7e1596fc 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -477,6 +477,7 @@ @@ -119,7 +119,7 @@ index 0931ce061a..9f49b60ff0 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index 69de4dd3f1..fb73f2e089 100644 +index bc9be1c5c2..d76fa4269f 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -590,7 +590,7 @@ @@ -132,10 +132,10 @@ index 69de4dd3f1..fb73f2e089 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 2ca005d768..dddef5ed0e 100644 +index 7ab6af3a69..c56d24a676 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -599,6 +599,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -144,7 +144,7 @@ index 2ca005d768..dddef5ed0e 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index a39070a626..933abb258f 100644 +index e7fff78df9..b560fb7718 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -611,6 +611,7 @@ @@ -156,7 +156,7 @@ index a39070a626..933abb258f 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 1b90aa8f57..04157ab14b 100644 +index 556984bdaa..c46a8e05d6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -629,6 +629,7 @@ @@ -168,12 +168,12 @@ index 1b90aa8f57..04157ab14b 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index df35726ff6..6c786bfc1e 100644 +index dc81ce9e2b..05b924f99f 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c -@@ -41,6 +41,18 @@ - +@@ -43,6 +43,18 @@ #include "Platform.h" + #include "PlatformId.h" +#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ + do { \ @@ -190,7 +190,7 @@ index df35726ff6..6c786bfc1e 100644 EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = { { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, -@@ -355,6 +367,7 @@ InitializePlatform ( +@@ -361,6 +373,7 @@ InitializePlatform ( MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); NoexecDxeInitialization (PlatformInfoHob); @@ -199,10 +199,10 @@ index df35726ff6..6c786bfc1e 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index e036018eab..a2f59e8fc8 100644 +index 0bb1a46291..9185c2398c 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -103,6 +103,7 @@ +@@ -106,6 +106,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved diff --git a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 1669840..605aba8 100644 --- a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,4 +1,4 @@ -From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001 +From e7d683517880eb66faf1c54d0afe396f87a62a60 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line @@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 64aa4e96e5..c37c4ba61e 100644 +index 1ba63d2e16..fa98980acf 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -311,6 +311,8 @@ +@@ -313,6 +313,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 !endif @@ -108,7 +108,7 @@ index 64aa4e96e5..c37c4ba61e 100644 [PcdsDynamicHii] gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS -@@ -416,7 +418,10 @@ +@@ -422,7 +424,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf diff --git a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 5ad755d..ce2d90a 100644 --- a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,4 +1,4 @@ -From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001 +From 7d24bd2c35d2fc0109c33854b79683e60ac75836 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) @@ -65,7 +65,7 @@ Signed-off-by: Paolo Bonzini 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 627fded641..cef43b34b7 100644 +index b51eba71fc..1128968857 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -429,7 +429,7 @@ @@ -78,10 +78,10 @@ index 627fded641..cef43b34b7 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index dddef5ed0e..270bd612e5 100644 +index c56d24a676..9ff998dda5 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -535,7 +535,7 @@ +@@ -536,7 +536,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -91,7 +91,7 @@ index dddef5ed0e..270bd612e5 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 933abb258f..269a4b2b21 100644 +index b560fb7718..162f0cf385 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -542,7 +542,7 @@ @@ -104,7 +104,7 @@ index 933abb258f..269a4b2b21 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 04157ab14b..9614cc1c56 100644 +index c46a8e05d6..d97ccb44cc 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -561,7 +561,7 @@ diff --git a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index 4fbcec0..d4733fe 100644 --- a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,4 +1,4 @@ -From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001 +From f473e531dd0f912326aa0c559bcc8a17556cfbb6 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -86,10 +86,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 32 insertions(+), 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cef43b34b7..f53380aca2 100644 +index 1128968857..0b29aa1157 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -691,8 +691,14 @@ +@@ -690,8 +690,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -107,10 +107,10 @@ index cef43b34b7..f53380aca2 100644 # diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 270bd612e5..d942c7354a 100644 +index 9ff998dda5..92f5fd0850 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -828,8 +828,14 @@ +@@ -830,8 +830,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -128,10 +128,10 @@ index 270bd612e5..d942c7354a 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 269a4b2b21..d915b847cb 100644 +index 162f0cf385..feac55d1dd 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -842,8 +842,14 @@ +@@ -843,8 +843,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -149,10 +149,10 @@ index 269a4b2b21..d915b847cb 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 9614cc1c56..12ee5510bd 100644 +index d97ccb44cc..1c925296a2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -910,8 +910,14 @@ +@@ -908,8 +908,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index a2e83e7..1277c03 100644 --- a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,4 +1,4 @@ -From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001 +From 1e26f3bcdfab0f2f61675eb351fecc4624e074fd Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index c37c4ba61e..00e656d0c9 100644 +index fa98980acf..8735d2881e 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -546,7 +546,10 @@ +@@ -552,7 +552,10 @@ # # Video support # @@ -77,10 +77,10 @@ index c37c4ba61e..00e656d0c9 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 2cf96accbd..c7918c8cf3 100644 +index 9927bdae0e..c15d51dab0 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -450,7 +450,10 @@ +@@ -457,7 +457,10 @@ # # Video support # diff --git a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index 4ee0977..fa2e195 100644 --- a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,4 +1,4 @@ -From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001 +From bb0c1a69e72906992dbb41145dc30217ed80a4bf Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 diff --git a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index 13abca5..380d848 100644 --- a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,4 +1,4 @@ -From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001 +From b788c5310578081342d178819b2b6c48fb4007a3 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe @@ -63,10 +63,10 @@ Signed-off-by: Paolo Bonzini 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index f53380aca2..32f47704bc 100644 +index 0b29aa1157..4160d8d752 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -686,7 +686,10 @@ +@@ -685,7 +685,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -79,10 +79,10 @@ index f53380aca2..32f47704bc 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d942c7354a..49540d54d0 100644 +index 92f5fd0850..ae4ca08e32 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -823,7 +823,10 @@ +@@ -825,7 +825,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -95,10 +95,10 @@ index d942c7354a..49540d54d0 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d915b847cb..1c4e0514ed 100644 +index feac55d1dd..7f88e89d0f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -837,7 +837,10 @@ +@@ -838,7 +838,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -111,10 +111,10 @@ index d915b847cb..1c4e0514ed 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 12ee5510bd..e50e63b3f6 100644 +index 1c925296a2..50af72adb2 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -905,7 +905,10 @@ +@@ -903,7 +903,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf diff --git a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 573fcb7..fa7beaa 100644 --- a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,4 +1,4 @@ -From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001 +From b34701a562571a8d03c3e9609dea1abafc65d18b Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" @@ -32,7 +32,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -index 3c12085f6c..e192809198 100644 +index cf58c97cd2..023eece6d9 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c @@ -19,6 +19,7 @@ @@ -43,7 +43,7 @@ index 3c12085f6c..e192809198 100644 #include #include #include -@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint ( +@@ -1080,6 +1081,22 @@ QemuKernelLoaderFsDxeEntrypoint ( if (KernelBlob->Data == NULL) { Status = EFI_NOT_FOUND; diff --git a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 13fd6eb..64aa888 100644 --- a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,4 +1,4 @@ -From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001 +From b185c171fa05b8b366dfdbe8c1ae6a057ef42fd1 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent @@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c -index b55b6c12d2..0be885c391 100644 +index 4d0c241f4d..e228d5f39f 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,7 +42,7 @@ index b55b6c12d2..0be885c391 100644 #include #include #include -@@ -2743,6 +2744,22 @@ DriverEntry ( +@@ -2754,6 +2755,22 @@ DriverEntry ( CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); diff --git a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch index 044e031..6137900 100644 --- a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch +++ b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch @@ -1,4 +1,4 @@ -From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001 +From 763877f2bd3bc2e6bb00095c47915a3fb1f8b406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:49 +0200 Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only) @@ -29,7 +29,7 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 32f47704bc..6b6e108d11 100644 +index 4160d8d752..0d21eb795e 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -611,7 +611,6 @@ @@ -41,7 +41,7 @@ index 32f47704bc..6b6e108d11 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 595945181c..c176043482 100644 +index 42178701fc..3dea9b36f8 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -53,10 +53,10 @@ index 595945181c..c176043482 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 49540d54d0..d368aa11fe 100644 +index ae4ca08e32..cbe9a503e8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -746,7 +746,6 @@ +@@ -749,7 +749,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -65,7 +65,7 @@ index 49540d54d0..d368aa11fe 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0d4abb50a8..ef933def99 100644 +index bc7bb678b4..59d15bb77d 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -77,10 +77,10 @@ index 0d4abb50a8..ef933def99 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 1c4e0514ed..cf09bdf785 100644 +index 7f88e89d0f..315ecf7d89 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -760,7 +760,6 @@ +@@ -762,7 +762,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -89,7 +89,7 @@ index 1c4e0514ed..cf09bdf785 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 23a825a012..0cd98ada5a 100644 +index 98c05e491d..048fda9f16 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf @@ -101,10 +101,10 @@ index 23a825a012..0cd98ada5a 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e50e63b3f6..098d569381 100644 +index 50af72adb2..156e52e430 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -805,7 +805,6 @@ +@@ -804,7 +804,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -113,7 +113,7 @@ index e50e63b3f6..098d569381 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf { diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 4dcd6a033c..b201505214 100644 +index 489d03b60e..ef01da45e6 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf diff --git a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch index ac2a76d..c154355 100644 --- a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch +++ b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001 +From 6d6f5919b81d40e46ee18d1a3e54f183c220c91d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:59 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only) @@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 6b6e108d11..5461c1290d 100644 +index 0d21eb795e..89c9b610d1 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -701,7 +701,6 @@ +@@ -700,7 +700,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -41,10 +41,10 @@ index 6b6e108d11..5461c1290d 100644 # # ISA Support diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c176043482..10538a0465 100644 +index 3dea9b36f8..899f02981f 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -299,7 +299,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -53,10 +53,10 @@ index c176043482..10538a0465 100644 INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d368aa11fe..40e78014c4 100644 +index cbe9a503e8..d35d04b39a 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -838,7 +838,6 @@ +@@ -840,7 +840,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -65,10 +65,10 @@ index d368aa11fe..40e78014c4 100644 # diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index ef933def99..68d59968ec 100644 +index 59d15bb77d..7fd9203427 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -316,7 +316,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -77,10 +77,10 @@ index ef933def99..68d59968ec 100644 INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index cf09bdf785..6ade9aa0ef 100644 +index 315ecf7d89..5710183135 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -852,7 +852,6 @@ +@@ -853,7 +853,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -89,10 +89,10 @@ index cf09bdf785..6ade9aa0ef 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 0cd98ada5a..8891d96422 100644 +index 048fda9f16..a15cd72f13 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -322,7 +322,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -101,10 +101,10 @@ index 0cd98ada5a..8891d96422 100644 INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 098d569381..8563835ae5 100644 +index 156e52e430..11a05298b6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -920,7 +920,6 @@ +@@ -918,7 +918,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -113,10 +113,10 @@ index 098d569381..8563835ae5 100644 # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index b201505214..06ac4423da 100644 +index ef01da45e6..e8562442d3 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -355,7 +355,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf diff --git a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch index 7e2fecc..73f9104 100644 --- a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch +++ b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch @@ -1,4 +1,4 @@ -From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001 +From ede6f8b9c357dc1c711a49201459538b265c65dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:13 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina 6 files changed, 6 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 40e78014c4..afd2a3c5c0 100644 +index d35d04b39a..5a1c7058c8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -816,7 +816,6 @@ +@@ -818,7 +818,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -39,10 +39,10 @@ index 40e78014c4..afd2a3c5c0 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 68d59968ec..c392b96470 100644 +index 7fd9203427..7e09e3aac9 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -51,10 +51,10 @@ index 68d59968ec..c392b96470 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 6ade9aa0ef..f5a4c57c8e 100644 +index 5710183135..4fb8b9ba39 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -830,7 +830,6 @@ +@@ -831,7 +831,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -63,10 +63,10 @@ index 6ade9aa0ef..f5a4c57c8e 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 8891d96422..6278daeeee 100644 +index a15cd72f13..8ba0ce211d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -75,10 +75,10 @@ index 8891d96422..6278daeeee 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 8563835ae5..08b73a64c9 100644 +index 11a05298b6..21c6a5b3c0 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -898,7 +898,6 @@ +@@ -896,7 +896,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -87,10 +87,10 @@ index 8563835ae5..08b73a64c9 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 06ac4423da..fc4b6dd3a4 100644 +index e8562442d3..f3cb0ea40c 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch index f78d50f..b978892 100644 --- a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch +++ b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch @@ -1,4 +1,4 @@ -From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001 +From 7b3630372e0ab0b86a94ca7250c791cbe67947c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:16 +0200 Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 00e656d0c9..d1deccaadc 100644 +index 8735d2881e..44bee7c339 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -464,7 +464,6 @@ +@@ -470,7 +470,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -48,10 +48,10 @@ index 38906004d7..7205274bed 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index c7918c8cf3..9643fd5427 100644 +index c15d51dab0..e0bc37ac7c 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -368,7 +368,6 @@ +@@ -375,7 +375,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index c7b6315..0d285fa 100644 --- a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001 +From b8e59f096ab5cebccdd712839cc2fcd8c185ffdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:19 +0200 Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina 8 files changed, 8 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 5461c1290d..cf1ad83e09 100644 +index 89c9b610d1..4edc2a9069 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -679,7 +679,6 @@ +@@ -678,7 +678,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -41,10 +41,10 @@ index 5461c1290d..cf1ad83e09 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 10538a0465..c56c98dc85 100644 +index 899f02981f..2fe05eccdd 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -279,7 +279,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -53,10 +53,10 @@ index 10538a0465..c56c98dc85 100644 INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index afd2a3c5c0..d8ae542686 100644 +index 5a1c7058c8..5333708216 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -815,7 +815,6 @@ +@@ -817,7 +817,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -65,10 +65,10 @@ index afd2a3c5c0..d8ae542686 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index c392b96470..0ffa3be750 100644 +index 7e09e3aac9..30649699cd 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -288,7 +288,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -77,10 +77,10 @@ index c392b96470..0ffa3be750 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index f5a4c57c8e..52ac2c96fc 100644 +index 4fb8b9ba39..9e6f35607d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -829,7 +829,6 @@ +@@ -830,7 +830,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -89,10 +89,10 @@ index f5a4c57c8e..52ac2c96fc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 6278daeeee..c4f3ec0735 100644 +index 8ba0ce211d..8ef8519cfe 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -101,10 +101,10 @@ index 6278daeeee..c4f3ec0735 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 08b73a64c9..f76d0ef7bc 100644 +index 21c6a5b3c0..c127ace963 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -897,7 +897,6 @@ +@@ -895,7 +895,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -113,10 +113,10 @@ index 08b73a64c9..f76d0ef7bc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index fc4b6dd3a4..bedd85ef7a 100644 +index f3cb0ea40c..c0da2672a3 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -320,7 +320,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index 20ab8c5..913c480 100644 --- a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001 +From d394876cac9e91d30858f20b6c5abb2ade4aabbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:22 +0200 Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index d1deccaadc..f91bb09fa3 100644 +index 44bee7c339..e7e9df3b42 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -463,7 +463,6 @@ +@@ -469,7 +469,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -48,10 +48,10 @@ index 7205274bed..24a9dac2fd 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 9643fd5427..c2825aa4c2 100644 +index e0bc37ac7c..ee2459e31d 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -367,7 +367,6 @@ +@@ -374,7 +374,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch index 98fa968..b798e18 100644 --- a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch +++ b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001 +From 96eac5543ee94478cec9db044bea2903adb8940b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:25 +0200 Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only) diff --git a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch b/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch index 2c1aafb..96a3f12 100644 --- a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch +++ b/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch @@ -1,4 +1,4 @@ -From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001 +From bd961e984e6e4dc70e88b38e7277f086405360c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:28 +0200 Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only) @@ -23,10 +23,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 7044790a1e..ee98673e98 100644 +index 5384a41818..2a8236e520 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,10 +391,9 @@ +@@ -393,10 +393,9 @@ # MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf diff --git a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch b/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch index 97ac08a..e0e1c1a 100644 --- a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch +++ b/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001 +From 1176f49c73da2d2bd607dcd565f3bc1d59029209 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:31 +0200 Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only) diff --git a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch b/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch index 833cb16..63a9d40 100644 --- a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch +++ b/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch @@ -1,4 +1,4 @@ -From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001 +From dc68c045087e771dac52733d6b64feb3db38ece0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:34 +0200 Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only) @@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 5 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index ee98673e98..996b4ddfc4 100644 +index 2a8236e520..5bfb16c27e 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -394,10 +394,6 @@ +@@ -396,10 +396,6 @@ # # UEFI application (Shell Embedded Boot Loader) # diff --git a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch b/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch index 320c3dd..f0c49af 100644 --- a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch +++ b/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch @@ -1,4 +1,4 @@ -From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001 +From d140a278bde8ed85efd41f228c471c5d89971ce9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:39 +0200 Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) diff --git a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch b/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch index 11e5379..0d6126b 100644 --- a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch +++ b/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch @@ -1,4 +1,4 @@ -From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001 +From 0abc22a0a5f8d38e31b7e6356de46a2e55e63785 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:46 +0200 Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) @@ -28,10 +28,10 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 996b4ddfc4..2561e10ff5 100644 +index 5bfb16c27e..49e3bf9de4 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,17 +391,13 @@ +@@ -393,17 +393,13 @@ # MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf diff --git a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch b/0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch similarity index 87% rename from 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch rename to 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch index a750874..cfe8783 100644 --- a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +++ b/0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch @@ -1,4 +1,4 @@ -From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001 +From ca812e951cc824d6d7db16ec04a23a4b7fbb6830 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 16 Aug 2023 12:09:40 +0200 Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) @@ -22,12 +22,12 @@ patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch present_in_specfile: true location_in_specfile: 44 --- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++ + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 43 +++++++++++++++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++ - 2 files changed, 44 insertions(+) + 2 files changed, 45 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index d497a343d3..0eb88e50ff 100644 +index d497a343d3..ca345e95da 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -19,6 +19,7 @@ @@ -90,10 +90,11 @@ index d497a343d3..0eb88e50ff 100644 // // Do nothing when SEV is not enabled -@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint ( - ); +@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint ( + return EFI_UNSUPPORTED; } ++ // Shim fallback reboot workaround + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, @@ -104,8 +105,9 @@ index d497a343d3..0eb88e50ff 100644 + ); + ASSERT_EFI_ERROR (Status); + - return EFI_SUCCESS; - } + // + // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent + // memory space. The NonExistent memory space will be used for mapping the diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index e7c7d526c9..09cbd2b0ca 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf diff --git a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch b/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch deleted file mode 100644 index 1de9bc0..0000000 --- a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 28 Feb 2023 15:47:00 +0100 -Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug -RH-Bugzilla: 2124143 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2) - -In case the number of CPUs can in increase beyond 255 -due to CPU hotplug choose x2apic mode. - -Signed-off-by: Gerd Hoffmann - -patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -present_in_specfile: true -location_in_specfile: 38 ---- - UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c -index d724456502..c478878bb0 100644 ---- a/UefiCpuPkg/Library/MpInitLib/MpLib.c -+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c -@@ -534,7 +534,9 @@ CollectProcessorCount ( - // - // Enable x2APIC mode if - // 1. Number of CPU is greater than 255; or -- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater. -+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and -+ // more than 255 logical processors are possible later, with hotplug; or -+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater. - // - X2Apic = FALSE; - if (CpuMpData->CpuCount > 255) { -@@ -542,6 +544,10 @@ CollectProcessorCount ( - // If there are more than 255 processor found, force to enable X2APIC - // - X2Apic = TRUE; -+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) && -+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255)) -+ { -+ X2Apic = TRUE; - } else { - CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; - for (Index = 0; Index < CpuMpData->CpuCount; Index++) { diff --git a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch b/0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch similarity index 92% rename from 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch rename to 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch index 3ce2d6c..e7045ba 100644 --- a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch +++ b/0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch @@ -1,4 +1,4 @@ -From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001 +From 0454b8eaabf7fa0240b6d7c4f6409584161552d4 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:11:02 +0200 Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file. diff --git a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch b/0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch similarity index 84% rename from 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch rename to 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch index 287a7df..0394403 100644 --- a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +++ b/0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch @@ -1,4 +1,4 @@ -From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001 +From b9adc98473593da055c45f036219a469ceddbc34 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:27:09 +0200 Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls @@ -15,10 +15,10 @@ Signed-off-by: Gerd Hoffmann 2 files changed, 87 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -index 37cdecc9bd..dfdb635536 100644 +index b114cc069a..6ba751c1f1 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -@@ -550,6 +550,52 @@ fread ( +@@ -589,6 +589,52 @@ fread ( return 0; } @@ -72,10 +72,10 @@ index 37cdecc9bd..dfdb635536 100644 getuid ( void diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h -index f36fe08f0c..7d98496af8 100644 +index cd51e197e7..b1616a7b4c 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h -@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -79,6 +79,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Definitions for global constants used by CRT library routines // @@ -83,7 +83,7 @@ index f36fe08f0c..7d98496af8 100644 #define EINVAL 22 /* Invalid argument */ #define EAFNOSUPPORT 47 /* Address family not supported by protocol family */ #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ -@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -103,6 +104,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define NS_INADDRSZ 4 /*%< IPv4 T_A */ #define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ @@ -99,7 +99,7 @@ index f36fe08f0c..7d98496af8 100644 // // Basic types mapping // -@@ -324,6 +334,37 @@ fprintf ( +@@ -329,6 +339,37 @@ fprintf ( ... ); diff --git a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch b/0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch similarity index 82% rename from edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch rename to 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch index c751e0f..1812ab5 100644 --- a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +++ b/0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch @@ -1,7 +1,7 @@ -From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001 +From 2837b67434701fc5e3d2ef846e0e3c7d409df631 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 14 Aug 2024 09:53:49 +0200 -Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging +Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging RH-Author: Oliver Steffen RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging @@ -16,15 +16,19 @@ Reword it and also add a message confirming eventual success to deescalate the importance somewhat. Signed-off-by: Oliver Steffen + +patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +present_in_specfile: true +location_in_specfile: 41 --- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 4dfbe91a55..905a944975 100644 +index 9acc21caeb..73ddf8b0fb 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -946,12 +946,13 @@ PseudoRandom ( +@@ -952,12 +952,13 @@ PseudoRandom ( // // Secure Algorithm was supported on this platform // @@ -39,6 +43,3 @@ index 4dfbe91a55..905a944975 100644 // // Try the next secure algorithm --- -2.39.3 - diff --git a/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch b/0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch similarity index 95% rename from edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch rename to 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch index 0e60724..9120a07 100644 --- a/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +++ b/0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch @@ -1,7 +1,7 @@ -From 7dcc1de7727fe15f17d18e727cdd7f11e93d147a Mon Sep 17 00:00:00 2001 +From 24da4bc42a6f16094ea589ffb2a9326cf8a596cc Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Mon, 4 Nov 2024 12:40:12 +0100 -Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only) +Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only) RH-Author: Oliver Steffen RH-MergeRequest: 82: Add a Fallback RNG (RH only) @@ -16,6 +16,10 @@ have the Platform Boot Manager install a pseudo RNG to ensure the network can be used. Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 48 --- .../PlatformBootManagerLib/BdsPlatform.c | 7 + .../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++ @@ -345,6 +349,3 @@ index c6ffc1ed9e..211716e30d 100644 gUefiShellFileGuid gGrubFileGuid + gEfiRngAlgorithmRaw --- -2.39.3 - diff --git a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch b/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch deleted file mode 100644 index 5c97db0..0000000 --- a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:38 +0100 -Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process. - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2) - -Specifically before running lzma uncompress of the main firmware volume. -This is needed to make sure caching is enabled, otherwise the uncompress -can be extremely slow. - -Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. - -Background: Depending on virtual machine configuration kvm may uses EPT -memory types to apply guest MTRR settings. In case MTRRs are disabled -kvm will use the uncachable memory type for all mappings. The -vmx_get_mt_mask() function in the linux kernel handles this and can be -found here: - -https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580 - -In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In -case the VM has a mdev device assigned that is not the case though. - -Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable -should not be set by default in CR0") kvm also ended up using -MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit -kvm evaluates guest mtrr settings, which why setting up MTRRs early is -important now. - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-2-kraxel@redhat.com> - -[ kraxel: Downstream-only for now. Timely upstream merge is unlikely - due to chinese holidays and rhel-9.4 deadlines are close. - QE regression testing passed. So go with upstream posted - series v3 ] - -patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -present_in_specfile: true -location_in_specfile: 49 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ - OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- - OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ - 3 files changed, 69 insertions(+), 5 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 4e750755bf..7094d86159 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -26,6 +26,8 @@ - #include - #include - #include -+#include -+#include - - #define SEC_IDT_ENTRY_COUNT 34 - -@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = { - } - }; - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -203,6 +230,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - PeilessStartup (&SecCoreData); - - ASSERT (FALSE); -diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -index e64c0ee324..b6ba63ef95 100644 ---- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c -+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam ( - MtrrGetAllMtrrs (&MtrrSettings); - - // -- // MTRRs disabled, fixed MTRRs disabled, default type is uncached -+ // See SecMtrrSetup(), default type should be write back - // -- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0); - ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0); -- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK); - - // - // flip default type to writeback - // -- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); -+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK); - ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); -- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6; -+ MtrrSettings.MtrrDefType |= BIT10; - MtrrSetAllMtrrs (&MtrrSettings); - - // -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 60dfa61842..725b57e2fa 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include "AmdSev.h" - - #define SEC_IDT_ENTRY_COUNT 34 -@@ -743,6 +745,31 @@ FindAndReportEntryPoints ( - return; - } - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -942,6 +969,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - // - // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready. - // diff --git a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch b/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch deleted file mode 100644 index 897e776..0000000 --- a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:39 +0100 -Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-3-kraxel@redhat.com> - -patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -present_in_specfile: true -location_in_specfile: 50 ---- - MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -index 756e7c86ec..08ba949cf7 100644 ---- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -@@ -2103,6 +2103,13 @@ typedef union { - #define MSR_IA32_MTRR_PHYSBASE9 0x00000212 - /// @} - -+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0 -+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1 -+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4 -+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5 -+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6 -+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7 -+ - /** - MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to - #MSR_IA32_MTRR_PHYSBASE9 diff --git a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch b/0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch similarity index 91% rename from edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch rename to 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch index c9e9616..f23ef7a 100644 --- a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +++ b/0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch @@ -1,7 +1,7 @@ -From 35d3219a94631eaf437000a60cd63c918b35ba36 Mon Sep 17 00:00:00 2001 +From 14ce76be0e92a9926a7f2b33d64b13966c6bfaf2 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Thu, 7 Nov 2024 11:36:22 +0100 -Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only) +Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only) RH-Author: Oliver Steffen RH-MergeRequest: 82: Add a Fallback RNG (RH only) @@ -19,6 +19,10 @@ This patch adds the fallback rng which was introduced in a previous commit also to the ArmVirtPkg PlatformBootManagerLib. Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 49 --- OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++ .../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++ @@ -96,6 +100,3 @@ index 8e7cd5605f..4583c05ef4 100644 gEfiPciRootBridgeIoProtocolGuid gVirtioDeviceProtocolGuid + gEfiRngProtocolGuid --- -2.39.3 - diff --git a/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch b/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch new file mode 100644 index 0000000..9e64e58 --- /dev/null +++ b/0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch @@ -0,0 +1,37 @@ +From ee75d5f03a473eb4007f7aaa58a41719adca0429 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not use flash with + SEV-SNP + +SEV-SNP does not support the use of the Qemu flash device as SEV-SNP +guests are started using the Qemu -bios option instead of the Qemu -drive +if=pflash option. Perform runtime detection of SEV-SNP and exit early from +the Qemu flash device initialization, indicating the Qemu flash device is +not present. SEV-SNP guests will use the emulated variable support. + +Signed-off-by: Tom Lendacky +(cherry picked from commit f0d2bc3ab268c8e3c6da4158208df38bc9d3677e) +--- + OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +index a577aea556..5e393e98ed 100644 +--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c ++++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c +@@ -259,6 +259,14 @@ QemuFlashInitialize ( + VOID + ) + { ++ // ++ // The SNP model does not provide for QEMU flash device support, so exit ++ // early before attempting to initialize any QEMU flash device support. ++ // ++ if (MemEncryptSevSnpIsEnabled ()) { ++ return EFI_UNSUPPORTED; ++ } ++ + mFlashBase = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFdBaseAddress); + mFdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize); + ASSERT (PcdGet32 (PcdOvmfFirmwareFdSize) % mFdBlockSize == 0); diff --git a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch b/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch deleted file mode 100644 index c92f2b1..0000000 --- a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:40 +0100 -Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from - ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-4-kraxel@redhat.com> - -patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -present_in_specfile: true -location_in_specfile: 51 ---- - UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------ - 1 file changed, 14 insertions(+), 12 deletions(-) - -diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h -index 86cc1aab3b..287d249a99 100644 ---- a/UefiCpuPkg/Include/Library/MtrrLib.h -+++ b/UefiCpuPkg/Include/Library/MtrrLib.h -@@ -9,6 +9,8 @@ - #ifndef _MTRR_LIB_H_ - #define _MTRR_LIB_H_ - -+#include -+ - // - // According to IA32 SDM, MTRRs number and MSR offset are always consistent - // for IA32 processor family -@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ { - // Memory cache types - // - typedef enum { -- CacheUncacheable = 0, -- CacheWriteCombining = 1, -- CacheWriteThrough = 4, -- CacheWriteProtected = 5, -- CacheWriteBack = 6, -- CacheInvalid = 7 -+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE, -+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING, -+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH, -+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED, -+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK, -+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE, - } MTRR_MEMORY_CACHE_TYPE; - --#define MTRR_CACHE_UNCACHEABLE 0 --#define MTRR_CACHE_WRITE_COMBINING 1 --#define MTRR_CACHE_WRITE_THROUGH 4 --#define MTRR_CACHE_WRITE_PROTECTED 5 --#define MTRR_CACHE_WRITE_BACK 6 --#define MTRR_CACHE_INVALID_TYPE 7 -+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE -+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING -+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH -+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED -+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK -+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE - - typedef struct { - UINT64 BaseAddress; diff --git a/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch b/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch new file mode 100644 index 0000000..c53bcf6 --- /dev/null +++ b/0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch @@ -0,0 +1,52 @@ +From 6fc76f3572566a83a34bb26d21e16c0e75de3609 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP + memory acceptance + +When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and +initializing the emulated variable store happens before memory has been +accepted under SEV-SNP. This results in a #VC exception for accessing +memory that hasn't been validated (error code 0x404). The #VC handler +treats this error code as a fatal error, causing the OVMF boot to fail. + +Move the call to ReserveEmuVariableNvStore() to after memory has been +accepted by AmdSevInitialize(). + +Signed-off-by: Tom Lendacky +(cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87) +--- + OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 05b924f99f..54903cfca2 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -365,10 +365,6 @@ InitializePlatform ( + InitializeRamRegions (PlatformInfoHob); + + if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { +- if (!PlatformInfoHob->SmmSmramRequire) { +- ReserveEmuVariableNvStore (); +- } +- + PeiFvInitialization (PlatformInfoHob); + MemTypeInfoInitialization (PlatformInfoHob); + MemMapInitialization (PlatformInfoHob); +@@ -391,5 +387,15 @@ InitializePlatform ( + RelocateSmBase (); + } + ++ // ++ // Performed after CoCo (SEV/TDX) initialization to allow the memory ++ // used to be validated before being used. ++ // ++ if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) { ++ if (!PlatformInfoHob->SmmSmramRequire) { ++ ReserveEmuVariableNvStore (); ++ } ++ } ++ + return EFI_SUCCESS; + } diff --git a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch b/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch deleted file mode 100644 index af197ec..0000000 --- a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:41 +0100 -Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-5-kraxel@redhat.com> - -patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -present_in_specfile: true -location_in_specfile: 52 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +- - OvmfPkg/Sec/SecMain.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 7094d86159..1a19f26178 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -69,7 +69,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 725b57e2fa..26963b924d 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -765,7 +765,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } diff --git a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch b/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch deleted file mode 100644 index b79e47f..0000000 --- a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001 -From: Sam -Date: Wed, 29 May 2024 07:46:03 +0800 -Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in - iPXE environment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH" -REF: 1904a64 - -Issue Description: -An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle); - -Root Cause Analysis: -The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle. - -Implemented Solution: -To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle); - -This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error. - -Verification: -Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment. - -Cc: Doug Flick [MSFT] - -Signed-off-by: Sam Tsai [Wiwynn] -Reviewed-by: Saloni Kasbekar -(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3) ---- - NetworkPkg/TcpDxe/TcpDriver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c -index 40bba4080c..c6e7c0df54 100644 ---- a/NetworkPkg/TcpDxe/TcpDriver.c -+++ b/NetworkPkg/TcpDxe/TcpDriver.c -@@ -509,7 +509,7 @@ TcpDestroyService ( - // - // Destroy the instance of the hashing protocol for this controller. - // -- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle); -+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } diff --git a/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch b/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch new file mode 100644 index 0000000..9604e05 --- /dev/null +++ b/0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch @@ -0,0 +1,103 @@ +From 3ae6cb5329ce5e48efc29989943e19cfccbfb38b Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/PlatformInitLib: Retry NV vars FV check as shared + +When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be +populated and validated in PlatformValidateNvVarStore(). When an SEV +or an SEV-ES guest is running, this may be encrypted or unencrypted +depending on how the guest was started. If the guest was started with the +combined code and variable contents (OVMF.fd), then the variable store +will be encrypted. If the guest was started with the separate code and +variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable +store will be unencrypted. + +When PlatformValidateNvVarStore() is first invoked, the variable store +area is initially mapped encrypted, which may or may not pass the variable +validation step depending how the guest was launched. To accomodate this, +retry the validation step on failure after remapping the variable store +area as unencrypted. + +Signed-off-by: Tom Lendacky +(cherry picked from commit d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6) +--- + OvmfPkg/Library/PlatformInitLib/Platform.c | 32 +++++++++++++++++-- + .../PlatformInitLib/PlatformInitLib.inf | 1 + + 2 files changed, 31 insertions(+), 2 deletions(-) + +diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c +index 10fc17355f..715533b1f2 100644 +--- a/OvmfPkg/Library/PlatformInitLib/Platform.c ++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + #include + +@@ -774,6 +775,8 @@ PlatformValidateNvVarStore ( + EFI_FIRMWARE_VOLUME_HEADER *NvVarStoreFvHeader; + VARIABLE_STORE_HEADER *NvVarStoreHeader; + AUTHENTICATED_VARIABLE_HEADER *VariableHeader; ++ BOOLEAN Retry; ++ EFI_STATUS Status; + + static EFI_GUID FvHdrGUID = EFI_SYSTEM_NV_DATA_FV_GUID; + static EFI_GUID VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID; +@@ -792,6 +795,15 @@ PlatformValidateNvVarStore ( + // + NvVarStoreFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)NvVarStoreBase; + ++ // ++ // SEV and SEV-ES can use separate flash devices for OVMF code and ++ // OVMF variables. In this case, the OVMF variables will need to be ++ // mapped unencrypted. If the initial validation fails, remap the ++ // NV variable store as unencrypted and retry the validation. ++ // ++ Retry = MemEncryptSevIsEnabled (); ++ ++RETRY: + if ((!IsZeroBuffer (NvVarStoreFvHeader->ZeroVector, 16)) || + (!CompareGuid (&FvHdrGUID, &NvVarStoreFvHeader->FileSystemGuid)) || + (NvVarStoreFvHeader->Signature != EFI_FVH_SIGNATURE) || +@@ -801,8 +813,24 @@ PlatformValidateNvVarStore ( + (NvVarStoreFvHeader->FvLength != NvVarStoreSize) + ) + { +- DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n")); +- return FALSE; ++ if (!Retry) { ++ DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n")); ++ return FALSE; ++ } ++ ++ DEBUG ((DEBUG_INFO, "Remapping NvVarStore as shared\n")); ++ Status = MemEncryptSevClearMmioPageEncMask ( ++ 0, ++ (UINTN)NvVarStoreBase, ++ EFI_SIZE_TO_PAGES (NvVarStoreSize) ++ ); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Failed to map NvVarStore as shared\n")); ++ return FALSE; ++ } ++ ++ Retry = FALSE; ++ goto RETRY; + } + + // +diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +index 3e63ef4423..fb179e6791 100644 +--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf ++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +@@ -48,6 +48,7 @@ + HobLib + QemuFwCfgLib + QemuFwCfgSimpleParserLib ++ MemEncryptSevLib + MemoryAllocationLib + MtrrLib + PcdLib diff --git a/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch b/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch new file mode 100644 index 0000000..43e371b --- /dev/null +++ b/0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch @@ -0,0 +1,28 @@ +From 6944acabf2aa916e7f321c28f19e7d95b155df99 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Mon, 18 Nov 2024 12:59:32 -0600 +Subject: [PATCH] OvmfPkg/EmuVariableFvbRuntimeDxe: Issue NV vars + initializitation message + +Add a debug message that indicates when the NV variables are being +initialized through the template structure. + +Signed-off-by: Tom Lendacky +(cherry picked from commit 6142f0a8a53557ba50300c762a15bf3c18382162) +--- + OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c +index c07e38966e..cc476c7df2 100644 +--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c ++++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c +@@ -692,6 +692,8 @@ InitializeFvAndVariableStoreHeaders ( + // + Fv = (EFI_FIRMWARE_VOLUME_HEADER *)Ptr; + Fv->Checksum = CalculateCheckSum16 (Ptr, Fv->HeaderLength); ++ ++ DEBUG ((DEBUG_INFO, "EMU Variable FVB: Initialized FV using template structure\n")); + } + + /** diff --git a/0035-OvmfPkg-add-morlock-support.patch b/0035-OvmfPkg-add-morlock-support.patch deleted file mode 100644 index ed673ae..0000000 --- a/0035-OvmfPkg-add-morlock-support.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 8 May 2024 13:14:26 +0200 -Subject: [PATCH] OvmfPkg: add morlock support - -Add dsc + fdf include files to add the MorLock drivers to the build. -Add the include files to OVMF build configurations. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca) ---- - OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++ - OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++ - OvmfPkg/OvmfPkgIa32.dsc | 1 + - OvmfPkg/OvmfPkgIa32.fdf | 1 + - OvmfPkg/OvmfPkgIa32X64.dsc | 1 + - OvmfPkg/OvmfPkgIa32X64.fdf | 1 + - OvmfPkg/OvmfPkgX64.dsc | 1 + - OvmfPkg/OvmfPkgX64.fdf | 1 + - 8 files changed, 26 insertions(+) - create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc - -diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -new file mode 100644 -index 0000000000..a8c5fb24b8 ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -new file mode 100644 -index 0000000000..20b7d6619a ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d8ae542686..65a866ae0c 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -887,6 +887,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0ffa3be750..10eb6fe72b 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 52ac2c96fc..679e25501b 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -901,6 +901,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index c4f3ec0735..ff06bbfc6f 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index f76d0ef7bc..d294fd4625 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -969,6 +969,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index bedd85ef7a..f3b787201f 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - diff --git a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch b/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch deleted file mode 100644 index 710d5d7..0000000 --- a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001 -From: Pedro Falcato -Date: Tue, 22 Nov 2022 22:31:03 +0000 -Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID - -RDRAND has notoriously been broken many times over its lifespan. -Add a smoketest to RDRAND, in order to better sniff out potential -security concerns. - -Also add a proper CPUID test in order to support older CPUs which may -not have it; it was previously being tested but then promptly ignored. - -Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c -:x86_init_rdrand() per commit 049f9ae9.. - -Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection -code to MIT and the public domain. - ->On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld wrote: - <..> -> I (re)wrote that function in Linux. I hereby relicense it as MIT, and -> also place it into public domain. Do with it what you will now. -> -> Jason - -BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163 - -Signed-off-by: Pedro Falcato -Cc: Michael D Kinney -Cc: Liming Gao -Cc: Zhiguang Liu -Cc: Jason A. Donenfeld -(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a) ---- - MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++-- - 1 file changed, 91 insertions(+), 8 deletions(-) - -diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -index 9bd68352f9..06d2a6f12d 100644 ---- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c -+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -@@ -3,6 +3,7 @@ - to provide high-quality random numbers. - - Copyright (c) 2023, Arm Limited. All rights reserved.
-+Copyright (c) 2022, Pedro Falcato. All rights reserved.
- Copyright (c) 2021, NUVIA Inc. All rights reserved.
- Copyright (c) 2015, Intel Corporation. All rights reserved.
- -@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - STATIC BOOLEAN mRdRandSupported; - -+// -+// Intel SDM says 10 tries is good enough for reliable RDRAND usage. -+// -+#define RDRAND_RETRIES 10 -+ -+#define RDRAND_TEST_SAMPLES 8 -+ -+#define RDRAND_MIN_CHANGE 5 -+ -+// -+// Add a define for native-word RDRAND, just for the test. -+// -+#ifdef MDE_CPU_X64 -+#define ASM_RDRAND AsmRdRand64 -+#else -+#define ASM_RDRAND AsmRdRand32 -+#endif -+ -+/** -+ Tests RDRAND for broken implementations. -+ -+ @retval TRUE RDRAND is reliable (and hopefully safe). -+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID. -+ -+**/ -+STATIC -+BOOLEAN -+TestRdRand ( -+ VOID -+ ) -+{ -+ // -+ // Test for notoriously broken rdrand implementations that always return the same -+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s). -+ // Note that this should be expanded to extensively test for other sorts of possible errata. -+ // -+ -+ // -+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects -+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage. -+ // -+ UINTN Prev; -+ UINT8 Idx; -+ UINT8 TestIteration; -+ UINT32 Changed; -+ -+ Changed = 0; -+ -+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) { -+ UINTN Sample; -+ // -+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c -+ // Any failure to get a random number will assume RDRAND does not work. -+ // -+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) { -+ if (ASM_RDRAND (&Sample)) { -+ break; -+ } -+ } -+ -+ if (Idx == RDRAND_RETRIES) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n")); -+ return FALSE; -+ } -+ -+ if (TestIteration != 0) { -+ Changed += Sample != Prev; -+ } -+ -+ Prev = Sample; -+ } -+ -+ if (Changed < RDRAND_MIN_CHANGE) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n")); -+ return FALSE; -+ } -+ -+ return TRUE; -+} -+ -+#undef ASM_RDRAND -+ - /** - The constructor function checks whether or not RDRAND instruction is supported - by the host hardware. -@@ -48,10 +131,13 @@ BaseRngLibConstructor ( - // CPUID. A value of 1 indicates that processor support RDRAND instruction. - // - AsmCpuid (1, 0, 0, &RegEcx, 0); -- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - - mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - -+ if (mRdRandSupported) { -+ mRdRandSupported = TestRdRand (); -+ } -+ - return EFI_SUCCESS; - } - -@@ -70,6 +156,7 @@ ArchGetRandomNumber16 ( - OUT UINT16 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand16 (Rand); - } - -@@ -88,6 +175,7 @@ ArchGetRandomNumber32 ( - OUT UINT32 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand32 (Rand); - } - -@@ -106,6 +194,7 @@ ArchGetRandomNumber64 ( - OUT UINT64 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand64 (Rand); - } - -@@ -122,13 +211,7 @@ ArchIsRngSupported ( - VOID - ) - { -- /* -- Existing software depends on this always returning TRUE, so for -- now hard-code it. -- -- return mRdRandSupported; -- */ -- return TRUE; -+ return mRdRandSupported; - } - - /** diff --git a/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch b/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch new file mode 100644 index 0000000..cbce7af --- /dev/null +++ b/0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch @@ -0,0 +1,51 @@ +From 87a3869f6d509e36d8c5dfe5a1bd8dea62195dab Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 23 Aug 2024 11:55:31 +0200 +Subject: [PATCH] OvmfPkg/PlatformInitLib: enable x2apic mode if needed + +Enable x2apic mode in case the number of possible CPUs (including +hotplug-able CPus which are not (yet) online) is larger than 255. + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit 8c8e05db24d8578cf87669e491f983fbd8357d55) +--- + OvmfPkg/Library/PlatformInitLib/Platform.c | 6 ++++++ + OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c +index 715533b1f2..afe8b0abd6 100644 +--- a/OvmfPkg/Library/PlatformInitLib/Platform.c ++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -720,6 +721,11 @@ PlatformMaxCpuCountInitialization ( + )); + ASSERT (BootCpuCount <= MaxCpuCount); + ++ if (MaxCpuCount > 255) { ++ DEBUG ((DEBUG_INFO, "%a: enable x2apic mode\n", __func__)); ++ SetApicMode (LOCAL_APIC_MODE_X2APIC); ++ } ++ + PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber = MaxCpuCount; + PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount; + } +diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +index fb179e6791..c79b2ee106 100644 +--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf ++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +@@ -48,6 +48,7 @@ + HobLib + QemuFwCfgLib + QemuFwCfgSimpleParserLib ++ LocalApicLib + MemEncryptSevLib + MemoryAllocationLib + MtrrLib diff --git a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch b/0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch similarity index 76% rename from edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch rename to 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch index 876eeaa..be057b8 100644 --- a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch +++ b/0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch @@ -1,16 +1,8 @@ -From 4a770a9b67b67e1254f42ca00c077f9263be7f4c Mon Sep 17 00:00:00 2001 +From 8f117e06457536a78feeee1e49c43ca435d94842 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Mon, 4 Nov 2024 19:00:11 +0100 Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng -RH-Author: Oliver Steffen -RH-MergeRequest: 83: OvmfPkg: Rerun dispatcher after initializing virtio-rng -RH-Jira: RHEL-64642 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] 90757b4268b841637cbd08ac94f0febe9cfdffa5 (osteffen/edk2) - -Upstream PR: https://github.com/tianocore/edk2/pull/6403 - Since the pixiefail CVE fix the network stack requires a hardware random number generator. This can currently be a modern CPU supporting the RDRAND instruction or a virtio-rng device. @@ -25,6 +17,7 @@ Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") Analysed-by: Stefano Garzarella Suggested-by: Gerd Hoffmann Signed-off-by: Oliver Steffen +(cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f) --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++ 1 file changed, 2 insertions(+) @@ -42,6 +35,3 @@ index 87d1ac3142..1f1298eb0b 100644 } return EFI_SUCCESS; --- -2.39.3 - diff --git a/0037-SecurityPkg-RngDxe-add-rng-test.patch b/0037-SecurityPkg-RngDxe-add-rng-test.patch deleted file mode 100644 index abe2ab4..0000000 --- a/0037-SecurityPkg-RngDxe-add-rng-test.patch +++ /dev/null @@ -1,43 +0,0 @@ -From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 31 May 2024 09:49:13 +0200 -Subject: [PATCH] SecurityPkg/RngDxe: add rng test - -Check whenever RngLib actually returns random numbers, only return -a non-zero number of Algorithms if that is the case. - -This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL -only in case it can actually deliver random numbers. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d) ---- - SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -index 5723ed6957..8b0742bab6 100644 ---- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -@@ -23,6 +23,7 @@ - - #include - #include -+#include - - #include "RngDxeInternals.h" - -@@ -43,7 +44,12 @@ GetAvailableAlgorithms ( - VOID - ) - { -- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ UINT64 RngTest; -+ -+ if (GetRandomNumber64 (&RngTest)) { -+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ } -+ - return EFI_SUCCESS; - } - diff --git a/0038-OvmfPkg-wire-up-RngDxe.patch b/0038-OvmfPkg-wire-up-RngDxe.patch deleted file mode 100644 index e3a18f2..0000000 --- a/0038-OvmfPkg-wire-up-RngDxe.patch +++ /dev/null @@ -1,301 +0,0 @@ -From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 24 May 2024 12:51:17 +0200 -Subject: [PATCH] OvmfPkg: wire up RngDxe - -Add OvmfRng include snippets with the random number generator -configuration for OVMF. Include RngDxe, build with BaseRngLib, -so the rdrand instruction is used (if available). - -Also move VirtioRng to the include snippets. - -Use the new include snippets for OVMF builds. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b) ---- - OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- - OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- - OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++ - OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++ - OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- - OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +- - OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- - OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 14 files changed, 27 insertions(+), 12 deletions(-) - create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - -diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cf1ad83e09..4edc2a9069 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.dsc -+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -649,7 +649,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -740,6 +739,7 @@ - OvmfPkg/AmdSev/Grub/Grub.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf { -diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c56c98dc85..480837b0fa 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.fdf -+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -new file mode 100644 -index 0000000000..68839a0caa ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -@@ -0,0 +1,9 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { -+ -+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf -+ } -+ OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -new file mode 100644 -index 0000000000..99cb4a32b1 ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -@@ -0,0 +1,6 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf -+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 9f49b60ff0..4b7e1596fc 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -@@ -636,7 +636,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -719,6 +718,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -index ce5d542048..88d0f75ae2 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE - # - INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - INF OvmfPkg/PlatformDxe/Platform.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index fb73f2e089..9206f01816 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.dsc -+++ b/OvmfPkg/Microvm/MicrovmX64.dsc -@@ -760,7 +760,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf - MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -@@ -846,6 +845,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf -index 055e659a35..c8268d7e8c 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.fdf -+++ b/OvmfPkg/Microvm/MicrovmX64.fdf -@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - - !if $(SECURE_BOOT_ENABLE) == TRUE -@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 65a866ae0c..b64c215585 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -784,7 +784,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -888,6 +887,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 10eb6fe72b..c31276e4a3 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 679e25501b..ececac3757 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -798,7 +798,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -902,6 +901,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index ff06bbfc6f..a7b4aeac08 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d294fd4625..0ab4d3df06 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -866,7 +866,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -970,6 +969,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index f3b787201f..ae08ac4fe9 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - diff --git a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch b/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch deleted file mode 100644 index fc469c4..0000000 --- a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:49 +0200 -Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList - -Needed to properly initialize BaseRngLib. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201) ---- - .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -index d0c1c7a4f7..48d463b8ad 100644 ---- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -@@ -8,6 +8,12 @@ - **/ - #include "TestBaseCryptLib.h" - -+VOID -+EFIAPI -+ProcessLibraryConstructorList ( -+ VOID -+ ); -+ - /** - Initialize the unit test framework, suite, and unit tests for the - sample unit tests and run the unit tests. -@@ -76,5 +82,6 @@ main ( - char *argv[] - ) - { -+ ProcessLibraryConstructorList (); - return UefiTestMain (); - } diff --git a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch b/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch deleted file mode 100644 index ca30f84..0000000 --- a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:53 +0200 -Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit - -Set the rdrand feature bit when faking cpuid for host test cases. -Needed to make the CryptoPkg test cases work. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4) ---- - MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c -index 8ba4f54a38..7f7276f7f4 100644 ---- a/MdePkg/Library/BaseLib/X86UnitTestHost.c -+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c -@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid ( - OUT UINT32 *Edx OPTIONAL - ) - { -+ UINT32 RetEcx; -+ -+ RetEcx = 0; -+ switch (Index) { -+ case 1: -+ RetEcx |= BIT30; /* RdRand */ -+ break; -+ } -+ - if (Eax != NULL) { - *Eax = 0; - } -@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid ( - } - - if (Ecx != NULL) { -- *Ecx = 0; -+ *Ecx = RetEcx; - } - - if (Edx != NULL) { diff --git a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch b/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch deleted file mode 100644 index 302c577..0000000 --- a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch +++ /dev/null @@ -1,63 +0,0 @@ -From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 26 Aug 2024 19:25:52 +0200 -Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP - -RH-Author: Oliver Steffen -RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP -RH-Jira: RHEL-56082 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2) - -The shim fallback reboot workaround (introduced for SEV-ES) does -not always work for SEV-SNP, due to a conditional early return. - -Let's just register the workaround earlier in this function to -fix that. - -Signed-off-by: Oliver Steffen ---- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index 0eb88e50ff..ca345e95da 100644 ---- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c -+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint ( - return EFI_UNSUPPORTED; - } - -+ // Shim fallback reboot workaround -+ Status = gBS->CreateEventEx ( -+ EVT_NOTIFY_SIGNAL, -+ TPL_CALLBACK, -+ PopulateVarstore, -+ SystemTable, -+ &gEfiEndOfDxeEventGroupGuid, -+ &PopulateVarstoreEvent -+ ); -+ ASSERT_EFI_ERROR (Status); -+ - // - // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent - // memory space. The NonExistent memory space will be used for mapping the -@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint ( - ); - } - -- Status = gBS->CreateEventEx ( -- EVT_NOTIFY_SIGNAL, -- TPL_CALLBACK, -- PopulateVarstore, -- SystemTable, -- &gEfiEndOfDxeEventGroupGuid, -- &PopulateVarstoreEvent -- ); -- ASSERT_EFI_ERROR (Status); -- - return EFI_SUCCESS; - } --- -2.39.3 - diff --git a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch b/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch deleted file mode 100644 index 635a256..0000000 --- a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch +++ /dev/null @@ -1,43 +0,0 @@ -From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 4 Mar 2024 15:32:58 +0100 -Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing - variables - -RH-Author: Oliver Steffen -RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables -RH-Jira: RHEL-45261 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2) - -Emit a DEBUG_WARN message if there is not enough flash space left to -write/update a variable. This condition is currently not logged -appropriately in all cases, given that full variable store can easily -render the system unbootable. -This new message helps identifying this condition. - -Signed-off-by: Oliver Steffen -Reviewed-by: Laszlo Ersek -Reviewed-by: Gerd Hoffmann -(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88) -Signed-off-by: Oliver Steffen ---- - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -index d394d237a5..1c7659031d 100644 ---- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -@@ -2364,6 +2364,8 @@ Done: - ); - ASSERT_EFI_ERROR (Status); - } -+ } else if (Status == EFI_OUT_OF_RESOURCES) { -+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n")); - } - - return Status; --- -2.39.3 - diff --git a/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch b/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch deleted file mode 100644 index b75541d..0000000 --- a/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch +++ /dev/null @@ -1,50 +0,0 @@ -From f0facba2e1458636c73399b8b0aea8c8db47f5f2 Mon Sep 17 00:00:00 2001 -From: Jon Maloy -Date: Tue, 1 Oct 2024 18:40:41 -0400 -Subject: [PATCH 3/3] MdePkg: Fix overflow issue in BasePeCoffLib - -RH-Author: Jon Maloy -RH-MergeRequest: 79: MdePkg: Fix overflow issue in BasePeCoffLib -RH-Jira: RHEL-60829 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/1] 295f85a105fe778de5e555a65fdd2b7297c721a6 - -JIRA: https://issues.redhat.com/browse/RHEL-60829 -CVE: CVE-2024-38796 -Upstream: Merged - -commit c95233b8525ca6828921affd1496146cff262e65 -Author: Doug Flick -Date: Fri Sep 27 12:08:55 2024 -0700 - - MdePkg: Fix overflow issue in BasePeCoffLib - - The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is - also a UINT32 value. The current code does not check for overflow when - adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a - check to ensure that the addition does not overflow. - - Signed-off-by: Doug Flick - Authored-by: sriraamx gobichettipalayam - -Signed-off-by: Jon Maloy ---- - MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -index 86ff2e769b..128090d98e 100644 ---- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c -@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage ( - RelocDir = &Hdr.Te->DataDirectory[0]; - } - -- if ((RelocDir != NULL) && (RelocDir->Size > 0)) { -+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) { - RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset); - RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress ( - ImageContext, --- -2.39.3 - diff --git a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch b/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch deleted file mode 100644 index 9623683..0000000 --- a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch +++ /dev/null @@ -1,49 +0,0 @@ -From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 19 Jun 2024 09:07:56 +0200 -Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging - -RH-Author: Oliver Steffen -RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging -RH-Jira: RHEL-45829 -RH-Acked-by: Miroslav Rezanina -RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2) - -There is a list of allowed rng algorithms, if /one/ of them is not -supported this is not a problem, only /all/ of them failing is an -error condition. - -Downgrade the message for a single unsupported algorithm from ERROR to -VERBOSE. Add an error message in case we finish the loop without -finding a supported algorithm. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 6862b9d538d96363635677198899e1669e591259) ---- - NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 01c13c08d2..4dfbe91a55 100644 ---- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -951,7 +951,7 @@ PseudoRandom ( - // - // Secure Algorithm was not supported on this platform - // -- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); -+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); - - // - // Try the next secure algorithm -@@ -971,6 +971,7 @@ PseudoRandom ( - // If we get here, we failed to generate random data using any secure algorithm - // Platform owner should ensure that at least one secure algorithm is supported - // -+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n")); - ASSERT_EFI_ERROR (Status); - return Status; - } --- -2.39.3 - diff --git a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch b/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch deleted file mode 100644 index 68fea42..0000000 --- a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 29 Aug 2024 09:20:29 +0200 -Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit -RH-Jira: RHEL-56154 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2) - -Let APs wait until the BSP has completed the register updates to remove -the CPU. This makes sure all APs stay in SMM mode until the CPU -hot-unplug operation is complete, which in turn makes sure the ACPI lock -is released only after the CPU hot-unplug operation is complete. - -Some background: The CPU hotplug SMI is triggered from an ACPI function -which is protected by an ACPI lock. The ACPI function is in the ACPI -tables generated by qemu. - -Signed-off-by: Gerd Hoffmann - -upstream: submitted (https://github.com/tianocore/edk2/pull/6138) ---- - OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -index d504163026..5af78211d3 100644 ---- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -@@ -355,6 +355,11 @@ EjectCpu ( - // - QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum]; - if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) { -+ /* wait until BSP is done */ -+ while (mCpuHotEjectData->Handler != NULL) { -+ CpuPause (); -+ } -+ - return; - } - --- -2.39.3 - diff --git a/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch b/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch deleted file mode 100644 index 04229b5..0000000 --- a/edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 0ddcdbae55f2dd6bbd4c4893ecfc0feeb21b9d91 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 23 Aug 2024 14:36:16 +0200 -Subject: [PATCH 2/3] OvmfPkg/QemuVideoDxe: ignore display resolutions smaller - than 640x480 - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 73: ignore display resolutions smaller than 640x480 -RH-Jira: RHEL-56249 -RH-Acked-by: Oliver Steffen -RH-Commit: [2/2] 95d973e06f759c00637831a9521063794ce5cf28 (kraxel.rh/centos-src-edk2) - -GraphicsConsoleDxe will assert in case the resolution is too small. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 391666da2c1dc5671bbb3393079d86f46e3435af) ---- - OvmfPkg/QemuVideoDxe/Initialize.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/OvmfPkg/QemuVideoDxe/Initialize.c b/OvmfPkg/QemuVideoDxe/Initialize.c -index 050ae878ec..2d1f50637f 100644 ---- a/OvmfPkg/QemuVideoDxe/Initialize.c -+++ b/OvmfPkg/QemuVideoDxe/Initialize.c -@@ -293,6 +293,8 @@ QemuVideoBochsEdid ( - ) - { - EFI_STATUS Status; -+ UINT32 X; -+ UINT32 Y; - - if (Private->Variant != QEMU_VIDEO_BOCHS_MMIO) { - return; -@@ -344,16 +346,24 @@ QemuVideoBochsEdid ( - return; - } - -- *XRes = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4); -- *YRes = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4); -+ X = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4); -+ Y = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4); - DEBUG (( - DEBUG_INFO, - "%a: default resolution: %dx%d\n", - __func__, -- *XRes, -- *YRes -+ X, -+ Y - )); - -+ if ((X < 640) || (Y < 480)) { -+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */ -+ return; -+ } -+ -+ *XRes = X; -+ *YRes = Y; -+ - if (PcdGet8 (PcdVideoResolutionSource) == 0) { - Status = PcdSet32S (PcdVideoHorizontalResolution, *XRes); - ASSERT_RETURN_ERROR (Status); --- -2.39.3 - diff --git a/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch b/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch deleted file mode 100644 index e96d631..0000000 --- a/edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 66b4a85fcb8ec13c5e4e152d1265dbf31eaa34f3 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 23 Aug 2024 14:35:53 +0200 -Subject: [PATCH 1/3] OvmfPkg/VirtioGpuDxe: ignore display resolutions smaller - than 640x480 - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 73: ignore display resolutions smaller than 640x480 -RH-Jira: RHEL-56249 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/2] 24ec635d43a396ceb50197136ad7ffdc4a614a47 (kraxel.rh/centos-src-edk2) - -GraphicsConsoleDxe will assert in case the resolution is too small. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 58035e8b5e11cfe2b9e6428d14c7817b6b1c83a2) ---- - OvmfPkg/VirtioGpuDxe/Gop.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/OvmfPkg/VirtioGpuDxe/Gop.c b/OvmfPkg/VirtioGpuDxe/Gop.c -index f64dfce5f4..d767114bbb 100644 ---- a/OvmfPkg/VirtioGpuDxe/Gop.c -+++ b/OvmfPkg/VirtioGpuDxe/Gop.c -@@ -265,7 +265,8 @@ GopInitialize ( - // query host for display resolution - // - GopNativeResolution (VgpuGop, &XRes, &YRes); -- if ((XRes == 0) || (YRes == 0)) { -+ if ((XRes < 640) || (YRes < 480)) { -+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */ - return; - } - --- -2.39.3 - diff --git a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch b/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch deleted file mode 100644 index e41d301..0000000 --- a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 27 Aug 2024 12:06:15 +0200 -Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if - not needed. - -RH-Author: Oliver Steffen -RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed. -RH-Jira: RHEL-50185 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2) - -Add the new global mMsrIa32MiscEnableSupported variable to track -whenever support for the IA32_MISC_ENABLE MSR is present or not. - -Add new local PatchingNeeded variable to CheckFeatureSupported() -to track if patching the SMM setup code is needed or not. - -Issue PatchInstructionX86() calls only if needed, i.e. if one of -the *Supported variables has been updated. - -Result is that on a typical SMP machine where all processors are -identical the PatchInstructionX86() calls are issued only once, -when checking the first processor. Specifically this avoids -PatchInstructionX86() being called in OVMF on CPU hotplug. That -is important because instruction patching at runtime does not not -work and leads to page faults. - -This fixes CPU hotplug on OVMF not working with AMD cpus. - -Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase") -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4) -Signed-off-by: Oliver Steffen ---- - UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++----- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -index 8142d3ceac..8e299fd29a 100644 ---- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE; - // - BOOLEAN mBtsSupported = TRUE; - -+// -+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor -+// -+BOOLEAN mMsrIa32MiscEnableSupported = TRUE; -+ - // - // The flag indicates if SMM profile starts to record data. - // -@@ -904,18 +909,23 @@ CheckFeatureSupported ( - UINT32 RegEcx; - UINT32 RegEdx; - MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr; -+ BOOLEAN PatchingNeeded = FALSE; - - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) { - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); - if ((RegEcx & CPUID_CET_SS) == 0) { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } else { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -925,8 +935,10 @@ CheckFeatureSupported ( - // - // Extended CPUID functions are not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); -@@ -934,15 +946,20 @@ CheckFeatureSupported ( - // - // Execute Disable Bit feature is not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - if (StandardSignatureIsAuthenticAMD ()) { - // - // AMD processors do not support MSR_IA32_MISC_ENABLE - // -- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ if (mMsrIa32MiscEnableSupported) { -+ mMsrIa32MiscEnableSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -966,6 +983,20 @@ CheckFeatureSupported ( - } - } - } -+ -+ if (PatchingNeeded) { -+ if (!mCetSupported) { -+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ } -+ -+ if (!mXdSupported) { -+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ } -+ -+ if (!mMsrIa32MiscEnableSupported) { -+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ } -+ } - } - - /** --- -2.39.3 - diff --git a/edk2-build.py b/edk2-build.py index cee7541..5f02ecb 100755 --- a/edk2-build.py +++ b/edk2-build.py @@ -248,7 +248,7 @@ def build_one(cfg, build, jobs = None, silent = False, nologs = False): def build_basetools(silent = False, nologs = False): build_message('building: BaseTools', silent = silent) - basedir = os.environ['EDK_TOOLS_PATH'] + basedir = os.environ['EDK_TOOLS_PATH'] + '/Source/C' cmdline = [ 'make', '-C', basedir ] build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs) diff --git a/edk2-build.rhel-9 b/edk2-build.rhel-9 index 9088bf8..97564a6 100644 --- a/edk2-build.rhel-9 +++ b/edk2-build.rhel-9 @@ -16,14 +16,12 @@ FD_SIZE_4MB = TRUE [opts.ovmf.sb.smm] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = TRUE -# old downstream -EXCLUDE_SHELL_FROM_FD = TRUE -# new upstream BUILD_SHELL = FALSE [opts.ovmf.sb.stateless] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = FALSE +BUILD_SHELL = FALSE [opts.armvirt.verbose] DEBUG_PRINT_ERROR_LEVEL = 0x8040004F @@ -32,6 +30,9 @@ DEBUG_PRINT_ERROR_LEVEL = 0x8040004F DEBUG_PRINT_ERROR_LEVEL = 0x80000000 +[pcds.la57] +PcdUse5LevelPageTable = TRUE + [pcds.nx.strict] PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 PcdUninstallMemAttrProtocol = FALSE @@ -52,6 +53,7 @@ conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m +pcds = la57 plat = OvmfX64 dest = RHEL-9/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd @@ -65,6 +67,7 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm +pcds = la57 plat = OvmfX64 dest = RHEL-9/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd @@ -91,6 +94,7 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.stateless +pcds = la57 plat = IntelTdx dest = RHEL-9/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd diff --git a/edk2.spec b/edk2.spec index 079e6c4..5379922 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,8 +1,8 @@ ExclusiveArch: x86_64 aarch64 -# edk2-stable202405 -%define GITDATE 20240524 -%define GITCOMMIT 3e722403cd +# edk2-stable202411 +%define GITDATE 20241117 +%define GITCOMMIT 0f3867fa6ef0 %define TOOLCHAIN GCC %define OPENSSL_VER 3.0.7 @@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 12%{?dist} +Release: 1%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -33,6 +33,7 @@ URL: http://www.tianocore.org Source0: edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz +Source3: dtc-1.7.0.tar.xz # json description files Source10: 50-edk2-aarch64-qcow2.json @@ -74,45 +75,18 @@ Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch -Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch -Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch -Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch -Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch -Patch33: 0035-OvmfPkg-add-morlock-support.patch -Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch -Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch -Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch -Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch -Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch -# For RHEL-45261 - [RHEL10] edk2 disconnects abnormally before loading the kernel -Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch -# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data -Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch -# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data -Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch -# For RHEL-56082 - [EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10] -Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch -# For RHEL-50185 - [RHEL10] Hit soft lockup when hotplug vcpu -Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch -# For RHEL-56154 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10] -Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch -# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10] -Patch45: edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch -# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10] -Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch -# For RHEL-60829 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0] -Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch -# For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10] -Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch -# For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10] -Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch -# For RHEL-64642 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10] -Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch +Patch24: 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +Patch25: 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch +Patch26: 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +Patch27: 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +Patch28: 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +Patch29: 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +Patch30: 0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch +Patch31: 0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch +Patch32: 0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch +Patch33: 0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch +Patch34: 0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch +Patch35: 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -222,6 +196,7 @@ cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} . cp -a -- %{SOURCE80} %{SOURCE82} . cp -a -- %{SOURCE90} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x +tar -xf %{SOURCE3} --strip-components=1 --directory MdePkg/Library/BaseFdtLib/libfdt # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . @@ -447,6 +422,11 @@ install -m 0644 \ %changelog +* Mon Dec 09 2024 Miroslav Rezanina - 20241117-1 +- Rebase to edk2-stable202411 +- Resolves: RHEL-58062 + ([edk2,rhel-10] rebase to edk2-stable202411) + * Tue Nov 26 2024 Miroslav Rezanina - 20240524-12 - edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642] - Resolves: RHEL-64642 diff --git a/sources b/sources index 3d96e18..947271f 100644 --- a/sources +++ b/sources @@ -1,3 +1,4 @@ SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 -SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d +SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb +SHA512 (edk2-0f3867fa6ef0.tar.xz) = 256280ea6f777d1c0f6b803ec791b28955d6568128f303bbf1447f512dc808c5a72f1e8074d9cebb89605c330569fcdcf2d5fdf5611bf3c442c72c67a5a100e0 SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9