rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Mon Dec 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-1

Browse Source 
- Rebase to edk2-stable202411
- Resolves: RHEL-58062
  ([edk2,rhel-10] rebase to edk2-stable202411)
This commit is contained in:
Miroslav Rezanina 2024-12-09 02:43:49 -05:00
parent 21405ae9b0
commit 257f0d1456
60 changed files with 487 additions and 1931 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -15,3 +15,4 @@
/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
/openssl-rhel-*.tar.xz
/DBXUpdate-*.x64.bin
/dtc-1.7.0.tar.xz

6
0003-Remove-paths-leading-to-submodules.patch
View File

@ -1,4 +1,4 @@
From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001
From 7c992488db69cd0f5f4e26eb7819907f3bb3b5b4 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 24 Mar 2022 03:23:02 -0400
Subject: [PATCH] Remove paths leading to submodules
@ -27,7 +27,7 @@ index 5275f657ef..39d7199753 100644
EfiRom \
GenFfs \
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index f7339f0aec..badb93238f 100644
index b9bc7041f2..168f224d4b 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -26,9 +26,6 @@
@ -41,7 +41,7 @@ index f7339f0aec..badb93238f 100644
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index bf94549cbf..605b0f1be8 100644
index 624f626360..46ce26916b 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -29,7 +29,6 @@

6
0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
View File

@ -1,4 +1,4 @@
From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001
From 36fd1664301ede2fb27811f03db77333170bcf05 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
@ -99,10 +99,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index badb93238f..3a67acc090 100644
index 168f224d4b..5b6287341f 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2222,6 +2222,10 @@
@@ -2275,6 +2275,10 @@
# @Prompt The value is use for Usb Network rate limiting supported.
gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028

30
0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
View File

@ -1,4 +1,4 @@
From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001
From 384f25e733e073e3641c7e1889cd423f9f038298 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
@ -83,7 +83,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
9 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 8eb6f4f24f..627fded641 100644
index 40553c0019..b51eba71fc 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -484,6 +484,7 @@
@ -95,7 +95,7 @@ index 8eb6f4f24f..627fded641 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 4996885301..51a49c09ad 100644
index 38137d8c13..542ca013e2 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -581,6 +581,7 @@
@ -107,7 +107,7 @@ index 4996885301..51a49c09ad 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 0931ce061a..9f49b60ff0 100644
index fc1332598e..4b7e1596fc 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -477,6 +477,7 @@
@ -119,7 +119,7 @@ index 0931ce061a..9f49b60ff0 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 69de4dd3f1..fb73f2e089 100644
index bc9be1c5c2..d76fa4269f 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -590,7 +590,7 @@
@ -132,10 +132,10 @@ index 69de4dd3f1..fb73f2e089 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 2ca005d768..dddef5ed0e 100644
index 7ab6af3a69..c56d24a676 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -599,6 +599,7 @@
@@ -600,6 +600,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -144,7 +144,7 @@ index 2ca005d768..dddef5ed0e 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a39070a626..933abb258f 100644
index e7fff78df9..b560fb7718 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -611,6 +611,7 @@
@ -156,7 +156,7 @@ index a39070a626..933abb258f 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 1b90aa8f57..04157ab14b 100644
index 556984bdaa..c46a8e05d6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -629,6 +629,7 @@
@ -168,12 +168,12 @@ index 1b90aa8f57..04157ab14b 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index df35726ff6..6c786bfc1e 100644
index dc81ce9e2b..05b924f99f 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -41,6 +41,18 @@
@@ -43,6 +43,18 @@
#include "Platform.h"
#include "PlatformId.h"
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
@ -190,7 +190,7 @@ index df35726ff6..6c786bfc1e 100644
EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = {
{
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
@@ -355,6 +367,7 @@ InitializePlatform (
@@ -361,6 +373,7 @@ InitializePlatform (
MemTypeInfoInitialization (PlatformInfoHob);
MemMapInitialization (PlatformInfoHob);
NoexecDxeInitialization (PlatformInfoHob);
@ -199,10 +199,10 @@ index df35726ff6..6c786bfc1e 100644
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index e036018eab..a2f59e8fc8 100644
index 0bb1a46291..9185c2398c 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -103,6 +103,7 @@
@@ -106,6 +106,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved

8
0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
View File

@ -1,4 +1,4 @@
From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001
From e7d683517880eb66faf1c54d0afe396f87a62a60 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 64aa4e96e5..c37c4ba61e 100644
index 1ba63d2e16..fa98980acf 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -311,6 +311,8 @@
@@ -313,6 +313,8 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
!endif
@ -108,7 +108,7 @@ index 64aa4e96e5..c37c4ba61e 100644
[PcdsDynamicHii]
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
@@ -416,7 +418,10 @@
@@ -422,7 +424,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf

12
0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001
From 7d24bd2c35d2fc0109c33854b79683e60ac75836 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
@ -65,7 +65,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 627fded641..cef43b34b7 100644
index b51eba71fc..1128968857 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -429,7 +429,7 @@
@ -78,10 +78,10 @@ index 627fded641..cef43b34b7 100644
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index dddef5ed0e..270bd612e5 100644
index c56d24a676..9ff998dda5 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -535,7 +535,7 @@
@@ -536,7 +536,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -91,7 +91,7 @@ index dddef5ed0e..270bd612e5 100644
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 933abb258f..269a4b2b21 100644
index b560fb7718..162f0cf385 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -542,7 +542,7 @@
@ -104,7 +104,7 @@ index 933abb258f..269a4b2b21 100644
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 04157ab14b..9614cc1c56 100644
index c46a8e05d6..d97ccb44cc 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -561,7 +561,7 @@

18
0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
View File

@ -1,4 +1,4 @@
From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001
From f473e531dd0f912326aa0c559bcc8a17556cfbb6 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -86,10 +86,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cef43b34b7..f53380aca2 100644
index 1128968857..0b29aa1157 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -691,8 +691,14 @@
@@ -690,8 +690,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@ -107,10 +107,10 @@ index cef43b34b7..f53380aca2 100644
#
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 270bd612e5..d942c7354a 100644
index 9ff998dda5..92f5fd0850 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -828,8 +828,14 @@
@@ -830,8 +830,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@ -128,10 +128,10 @@ index 270bd612e5..d942c7354a 100644
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 269a4b2b21..d915b847cb 100644
index 162f0cf385..feac55d1dd 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -842,8 +842,14 @@
@@ -843,8 +843,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@ -149,10 +149,10 @@ index 269a4b2b21..d915b847cb 100644
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 9614cc1c56..12ee5510bd 100644
index d97ccb44cc..1c925296a2 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -910,8 +910,14 @@
@@ -908,8 +908,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf

10
0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
View File

@ -1,4 +1,4 @@
From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001
From 1e26f3bcdfab0f2f61675eb351fecc4624e074fd Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index c37c4ba61e..00e656d0c9 100644
index fa98980acf..8735d2881e 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -546,7 +546,10 @@
@@ -552,7 +552,10 @@
#
# Video support
#
@ -77,10 +77,10 @@ index c37c4ba61e..00e656d0c9 100644
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 2cf96accbd..c7918c8cf3 100644
index 9927bdae0e..c15d51dab0 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -450,7 +450,10 @@
@@ -457,7 +457,10 @@
#
# Video support
#

2
0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
View File

@ -1,4 +1,4 @@
From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001
From bb0c1a69e72906992dbb41145dc30217ed80a4bf Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64

18
0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
View File

@ -1,4 +1,4 @@
From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001
From b788c5310578081342d178819b2b6c48fb4007a3 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
@ -63,10 +63,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
4 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index f53380aca2..32f47704bc 100644
index 0b29aa1157..4160d8d752 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -686,7 +686,10 @@
@@ -685,7 +685,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -79,10 +79,10 @@ index f53380aca2..32f47704bc 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d942c7354a..49540d54d0 100644
index 92f5fd0850..ae4ca08e32 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -823,7 +823,10 @@
@@ -825,7 +825,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -95,10 +95,10 @@ index d942c7354a..49540d54d0 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d915b847cb..1c4e0514ed 100644
index feac55d1dd..7f88e89d0f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -837,7 +837,10 @@
@@ -838,7 +838,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -111,10 +111,10 @@ index d915b847cb..1c4e0514ed 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 12ee5510bd..e50e63b3f6 100644
index 1c925296a2..50af72adb2 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -905,7 +905,10 @@
@@ -903,7 +903,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf

6
0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
View File

@ -1,4 +1,4 @@
From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001
From b34701a562571a8d03c3e9609dea1abafc65d18b Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:31:36 +0200
Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
@ -32,7 +32,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 18 insertions(+)
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index 3c12085f6c..e192809198 100644
index cf58c97cd2..023eece6d9 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -19,6 +19,7 @@
@ -43,7 +43,7 @@ index 3c12085f6c..e192809198 100644
#include <Library/DevicePathLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/QemuFwCfgLib.h>
@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint (
@@ -1080,6 +1081,22 @@ QemuKernelLoaderFsDxeEntrypoint (
if (KernelBlob->Data == NULL) {
Status = EFI_NOT_FOUND;

6
0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
View File

@ -1,4 +1,4 @@
From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001
From b185c171fa05b8b366dfdbe8c1ae6a057ef42fd1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:40:09 +0200
Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 18 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index b55b6c12d2..0be885c391 100644
index 4d0c241f4d..e228d5f39f 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@ -42,7 +42,7 @@ index b55b6c12d2..0be885c391 100644
#include <Library/BaseMemoryLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -2743,6 +2744,22 @@ DriverEntry (
@@ -2754,6 +2755,22 @@ DriverEntry (
CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
{
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));

24
0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001
From 763877f2bd3bc2e6bb00095c47915a3fb1f8b406 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:49 +0200
Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
@ -29,7 +29,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 32f47704bc..6b6e108d11 100644
index 4160d8d752..0d21eb795e 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -611,7 +611,6 @@
@ -41,7 +41,7 @@ index 32f47704bc..6b6e108d11 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 595945181c..c176043482 100644
index 42178701fc..3dea9b36f8 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@ -53,10 +53,10 @@ index 595945181c..c176043482 100644
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 49540d54d0..d368aa11fe 100644
index ae4ca08e32..cbe9a503e8 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -746,7 +746,6 @@
@@ -749,7 +749,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -65,7 +65,7 @@ index 49540d54d0..d368aa11fe 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0d4abb50a8..ef933def99 100644
index bc7bb678b4..59d15bb77d 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@ -77,10 +77,10 @@ index 0d4abb50a8..ef933def99 100644
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1c4e0514ed..cf09bdf785 100644
index 7f88e89d0f..315ecf7d89 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -760,7 +760,6 @@
@@ -762,7 +762,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -89,7 +89,7 @@ index 1c4e0514ed..cf09bdf785 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 23a825a012..0cd98ada5a 100644
index 98c05e491d..048fda9f16 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@ -101,10 +101,10 @@ index 23a825a012..0cd98ada5a 100644
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e50e63b3f6..098d569381 100644
index 50af72adb2..156e52e430 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -805,7 +805,6 @@
@@ -804,7 +804,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -113,7 +113,7 @@ index e50e63b3f6..098d569381 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf {
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 4dcd6a033c..b201505214 100644
index 489d03b60e..ef01da45e6 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf

34
0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001
From 6d6f5919b81d40e46ee18d1a3e54f183c220c91d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:59 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 6b6e108d11..5461c1290d 100644
index 0d21eb795e..89c9b610d1 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -701,7 +701,6 @@
@@ -700,7 +700,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -41,10 +41,10 @@ index 6b6e108d11..5461c1290d 100644
#
# ISA Support
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c176043482..10538a0465 100644
index 3dea9b36f8..899f02981f 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -299,7 +299,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@ -53,10 +53,10 @@ index c176043482..10538a0465 100644
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d368aa11fe..40e78014c4 100644
index cbe9a503e8..d35d04b39a 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -838,7 +838,6 @@
@@ -840,7 +840,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -65,10 +65,10 @@ index d368aa11fe..40e78014c4 100644
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index ef933def99..68d59968ec 100644
index 59d15bb77d..7fd9203427 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -316,7 +316,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@ -77,10 +77,10 @@ index ef933def99..68d59968ec 100644
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cf09bdf785..6ade9aa0ef 100644
index 315ecf7d89..5710183135 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -852,7 +852,6 @@
@@ -853,7 +853,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -89,10 +89,10 @@ index cf09bdf785..6ade9aa0ef 100644
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0cd98ada5a..8891d96422 100644
index 048fda9f16..a15cd72f13 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -322,7 +322,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@ -101,10 +101,10 @@ index 0cd98ada5a..8891d96422 100644
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 098d569381..8563835ae5 100644
index 156e52e430..11a05298b6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -920,7 +920,6 @@
@@ -918,7 +918,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -113,10 +113,10 @@ index 098d569381..8563835ae5 100644
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b201505214..06ac4423da 100644
index ef01da45e6..e8562442d3 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -355,7 +355,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf

26
0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001
From ede6f8b9c357dc1c711a49201459538b265c65dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:13 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
6 files changed, 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 40e78014c4..afd2a3c5c0 100644
index d35d04b39a..5a1c7058c8 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -816,7 +816,6 @@
@@ -818,7 +818,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -39,10 +39,10 @@ index 40e78014c4..afd2a3c5c0 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 68d59968ec..c392b96470 100644
index 7fd9203427..7e09e3aac9 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -51,10 +51,10 @@ index 68d59968ec..c392b96470 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6ade9aa0ef..f5a4c57c8e 100644
index 5710183135..4fb8b9ba39 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -830,7 +830,6 @@
@@ -831,7 +831,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -63,10 +63,10 @@ index 6ade9aa0ef..f5a4c57c8e 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 8891d96422..6278daeeee 100644
index a15cd72f13..8ba0ce211d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -75,10 +75,10 @@ index 8891d96422..6278daeeee 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8563835ae5..08b73a64c9 100644
index 11a05298b6..21c6a5b3c0 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -898,7 +898,6 @@
@@ -896,7 +896,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -87,10 +87,10 @@ index 8563835ae5..08b73a64c9 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 06ac4423da..fc4b6dd3a4 100644
index e8562442d3..f3cb0ea40c 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

10
0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch
View File

@ -1,4 +1,4 @@
From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001
From 7b3630372e0ab0b86a94ca7250c791cbe67947c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:16 +0200
Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 00e656d0c9..d1deccaadc 100644
index 8735d2881e..44bee7c339 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -464,7 +464,6 @@
@@ -470,7 +470,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -48,10 +48,10 @@ index 38906004d7..7205274bed 100644
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index c7918c8cf3..9643fd5427 100644
index c15d51dab0..e0bc37ac7c 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -368,7 +368,6 @@
@@ -375,7 +375,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

34
0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001
From b8e59f096ab5cebccdd712839cc2fcd8c185ffdb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:19 +0200
Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
@ -29,10 +29,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 5461c1290d..cf1ad83e09 100644
index 89c9b610d1..4edc2a9069 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -679,7 +679,6 @@
@@ -678,7 +678,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -41,10 +41,10 @@ index 5461c1290d..cf1ad83e09 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 10538a0465..c56c98dc85 100644
index 899f02981f..2fe05eccdd 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -279,7 +279,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
@ -53,10 +53,10 @@ index 10538a0465..c56c98dc85 100644
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
INF OvmfPkg/AmdSev/Grub/Grub.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index afd2a3c5c0..d8ae542686 100644
index 5a1c7058c8..5333708216 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -815,7 +815,6 @@
@@ -817,7 +817,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -65,10 +65,10 @@ index afd2a3c5c0..d8ae542686 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index c392b96470..0ffa3be750 100644
index 7e09e3aac9..30649699cd 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -288,7 +288,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
@ -77,10 +77,10 @@ index c392b96470..0ffa3be750 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f5a4c57c8e..52ac2c96fc 100644
index 4fb8b9ba39..9e6f35607d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -829,7 +829,6 @@
@@ -830,7 +830,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -89,10 +89,10 @@ index f5a4c57c8e..52ac2c96fc 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6278daeeee..c4f3ec0735 100644
index 8ba0ce211d..8ef8519cfe 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
@ -101,10 +101,10 @@ index 6278daeeee..c4f3ec0735 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 08b73a64c9..f76d0ef7bc 100644
index 21c6a5b3c0..c127ace963 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -897,7 +897,6 @@
@@ -895,7 +895,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -113,10 +113,10 @@ index 08b73a64c9..f76d0ef7bc 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index fc4b6dd3a4..bedd85ef7a 100644
index f3cb0ea40c..c0da2672a3 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -320,7 +320,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf

10
0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001
From d394876cac9e91d30858f20b6c5abb2ade4aabbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:22 +0200
Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1deccaadc..f91bb09fa3 100644
index 44bee7c339..e7e9df3b42 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -463,7 +463,6 @@
@@ -469,7 +469,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -48,10 +48,10 @@ index 7205274bed..24a9dac2fd 100644
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 9643fd5427..c2825aa4c2 100644
index e0bc37ac7c..ee2459e31d 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -367,7 +367,6 @@
@@ -374,7 +374,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf

2
0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001
From 96eac5543ee94478cec9db044bea2903adb8940b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:25 +0200
Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)

6
0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch
View File

@ -1,4 +1,4 @@
From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001
From bd961e984e6e4dc70e88b38e7277f086405360c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:28 +0200
Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
@ -23,10 +23,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 7044790a1e..ee98673e98 100644
index 5384a41818..2a8236e520 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,10 +391,9 @@
@@ -393,10 +393,9 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf

2
0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001
From 1176f49c73da2d2bd607dcd565f3bc1d59029209 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:31 +0200
Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)

6
0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch
View File

@ -1,4 +1,4 @@
From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001
From dc68c045087e771dac52733d6b64feb3db38ece0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:34 +0200
Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
@ -27,10 +27,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index ee98673e98..996b4ddfc4 100644
index 2a8236e520..5bfb16c27e 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -394,10 +394,6 @@
@@ -396,10 +396,6 @@
#
# UEFI application (Shell Embedded Boot Loader)
#

2
0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
View File

@ -1,4 +1,4 @@
From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001
From d140a278bde8ed85efd41f228c471c5d89971ce9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:39 +0200
Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)

6
0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch
View File

@ -1,4 +1,4 @@
From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001
From 0abc22a0a5f8d38e31b7e6356de46a2e55e63785 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:46 +0200
Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
@ -28,10 +28,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 996b4ddfc4..2561e10ff5 100644
index 5bfb16c27e..49e3bf9de4 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,17 +391,13 @@
@@ -393,17 +393,13 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf

18
0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch → 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001
From ca812e951cc824d6d7db16ec04a23a4b7fbb6830 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 16 Aug 2023 12:09:40 +0200
Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
@ -22,12 +22,12 @@ patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
present_in_specfile: true
location_in_specfile: 44
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 43 +++++++++++++++++++++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++
2 files changed, 44 insertions(+)
2 files changed, 45 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index d497a343d3..0eb88e50ff 100644
index d497a343d3..ca345e95da 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -19,6 +19,7 @@
@ -90,10 +90,11 @@ index d497a343d3..0eb88e50ff 100644
//
// Do nothing when SEV is not enabled
@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
);
@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint (
return EFI_UNSUPPORTED;
}
+ // Shim fallback reboot workaround
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
@ -104,8 +105,9 @@ index d497a343d3..0eb88e50ff 100644
+ );
+ ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}
//
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
// memory space. The NonExistent memory space will be used for mapping the
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index e7c7d526c9..09cbd2b0ca 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf

49
0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
View File

@ -1,49 +0,0 @@
From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 28 Feb 2023 15:47:00 +0100
Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Bugzilla: 2124143
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2)
In case the number of CPUs can in increase beyond 255
due to CPU hotplug choose x2apic mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
present_in_specfile: true
location_in_specfile: 38
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index d724456502..c478878bb0 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -534,7 +534,9 @@ CollectProcessorCount (
//
// Enable x2APIC mode if
// 1. Number of CPU is greater than 255; or
- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater.
+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and
+ // more than 255 logical processors are possible later, with hotplug; or
+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater.
//
X2Apic = FALSE;
if (CpuMpData->CpuCount > 255) {
@@ -542,6 +544,10 @@ CollectProcessorCount (
// If there are more than 255 processor found, force to enable X2APIC
//
X2Apic = TRUE;
+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) &&
+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255))
+ {
+ X2Apic = TRUE;
} else {
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
for (Index = 0; Index < CpuMpData->CpuCount; Index++) {

2
0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch → 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch
View File

@ -1,4 +1,4 @@
From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001
From 0454b8eaabf7fa0240b6d7c4f6409584161552d4 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:11:02 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.

14
0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch → 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
View File

@ -1,4 +1,4 @@
From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001
From b9adc98473593da055c45f036219a469ceddbc34 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:27:09 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
@ -15,10 +15,10 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 files changed, 87 insertions(+)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 37cdecc9bd..dfdb635536 100644
index b114cc069a..6ba751c1f1 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -550,6 +550,52 @@ fread (
@@ -589,6 +589,52 @@ fread (
return 0;
}
@ -72,10 +72,10 @@ index 37cdecc9bd..dfdb635536 100644
getuid (
void
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index f36fe08f0c..7d98496af8 100644
index cd51e197e7..b1616a7b4c 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -79,6 +79,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Definitions for global constants used by CRT library routines
//
@ -83,7 +83,7 @@ index f36fe08f0c..7d98496af8 100644
#define EINVAL 22 /* Invalid argument */
#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -103,6 +104,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define NS_INADDRSZ 4 /*%< IPv4 T_A */
#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
@ -99,7 +99,7 @@ index f36fe08f0c..7d98496af8 100644
//
// Basic types mapping
//
@@ -324,6 +334,37 @@ fprintf (
@@ -329,6 +339,37 @@ fprintf (
...
);

15
edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch → 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
View File

@ -1,7 +1,7 @@
From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001
From 2837b67434701fc5e3d2ef846e0e3c7d409df631 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 14 Aug 2024 09:53:49 +0200
Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
@ -16,15 +16,19 @@ Reword it and also add a message confirming eventual success to
deescalate the importance somewhat.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
present_in_specfile: true
location_in_specfile: 41
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..905a944975 100644
index 9acc21caeb..73ddf8b0fb 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -946,12 +946,13 @@ PseudoRandom (
@@ -952,12 +952,13 @@ PseudoRandom (
//
// Secure Algorithm was supported on this platform
//
@ -39,6 +43,3 @@ index 4dfbe91a55..905a944975 100644
//
// Try the next secure algorithm
--
2.39.3

11
edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch → 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
View File

@ -1,7 +1,7 @@
From 7dcc1de7727fe15f17d18e727cdd7f11e93d147a Mon Sep 17 00:00:00 2001
From 24da4bc42a6f16094ea589ffb2a9326cf8a596cc Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 12:40:12 +0100
Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only)
Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 82: Add a Fallback RNG (RH only)
@ -16,6 +16,10 @@ have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
present_in_specfile: true
location_in_specfile: 48
---
.../PlatformBootManagerLib/BdsPlatform.c | 7 +
.../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++
@ -345,6 +349,3 @@ index c6ffc1ed9e..211716e30d 100644
gUefiShellFileGuid
gGrubFileGuid
+ gEfiRngAlgorithmRaw
--
2.39.3

194
0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
View File

@ -1,194 +0,0 @@
From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:38 +0100
Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2)
Specifically before running lzma uncompress of the main firmware volume.
This is needed to make sure caching is enabled, otherwise the uncompress
can be extremely slow.
Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
Background: Depending on virtual machine configuration kvm may uses EPT
memory types to apply guest MTRR settings. In case MTRRs are disabled
kvm will use the uncachable memory type for all mappings. The
vmx_get_mt_mask() function in the linux kernel handles this and can be
found here:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In
case the VM has a mdev device assigned that is not the case though.
Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
should not be set by default in CR0") kvm also ended up using
MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit
kvm evaluates guest mtrr settings, which why setting up MTRRs early is
important now.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-2-kraxel@redhat.com>
[ kraxel: Downstream-only for now. Timely upstream merge is unlikely
due to chinese holidays and rhel-9.4 deadlines are close.
QE regression testing passed. So go with upstream posted
series v3 ]
patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
present_in_specfile: true
location_in_specfile: 49
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++----
OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++
3 files changed, 69 insertions(+), 5 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 4e750755bf..7094d86159 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -26,6 +26,8 @@
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
#include <Library/PeilessStartupLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#define SEC_IDT_ENTRY_COUNT 34
@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = {
}
};
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -203,6 +230,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
PeilessStartup (&SecCoreData);
ASSERT (FALSE);
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index e64c0ee324..b6ba63ef95 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam (
MtrrGetAllMtrrs (&MtrrSettings);
//
- // MTRRs disabled, fixed MTRRs disabled, default type is uncached
+ // See SecMtrrSetup(), default type should be write back
//
- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0);
ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0);
- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK);
//
// flip default type to writeback
//
- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06);
+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK);
ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables);
- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6;
+ MtrrSettings.MtrrDefType |= BIT10;
MtrrSetAllMtrrs (&MtrrSettings);
//
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 60dfa61842..725b57e2fa 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -29,6 +29,8 @@
#include <Ppi/MpInitLibDep.h>
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#include "AmdSev.h"
#define SEC_IDT_ENTRY_COUNT 34
@@ -743,6 +745,31 @@ FindAndReportEntryPoints (
return;
}
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -942,6 +969,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
//
// Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
//

41
0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
View File

@ -1,41 +0,0 @@
From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:39 +0100
Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-3-kraxel@redhat.com>
patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
present_in_specfile: true
location_in_specfile: 50
---
MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
index 756e7c86ec..08ba949cf7 100644
--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
@@ -2103,6 +2103,13 @@ typedef union {
#define MSR_IA32_MTRR_PHYSBASE9 0x00000212
/// @}
+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0
+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1
+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4
+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5
+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6
+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7
+
/**
MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to
#MSR_IA32_MTRR_PHYSBASE9

11
edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch → 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
View File

@ -1,7 +1,7 @@
From 35d3219a94631eaf437000a60cd63c918b35ba36 Mon Sep 17 00:00:00 2001
From 14ce76be0e92a9926a7f2b33d64b13966c6bfaf2 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 82: Add a Fallback RNG (RH only)
@ -19,6 +19,10 @@ This patch adds the fallback rng which was introduced in a
previous commit also to the ArmVirtPkg PlatformBootManagerLib.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
present_in_specfile: true
location_in_specfile: 49
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
@ -96,6 +100,3 @@ index 8e7cd5605f..4583c05ef4 100644
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid
--
2.39.3

37
0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch Normal file
View File

@ -0,0 +1,37 @@
From ee75d5f03a473eb4007f7aaa58a41719adca0429 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 18 Nov 2024 12:59:32 -0600
Subject: [PATCH] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not use flash with
SEV-SNP
SEV-SNP does not support the use of the Qemu flash device as SEV-SNP
guests are started using the Qemu -bios option instead of the Qemu -drive
if=pflash option. Perform runtime detection of SEV-SNP and exit early from
the Qemu flash device initialization, indicating the Qemu flash device is
not present. SEV-SNP guests will use the emulated variable support.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
(cherry picked from commit f0d2bc3ab268c8e3c6da4158208df38bc9d3677e)
---
OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
index a577aea556..5e393e98ed 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
@@ -259,6 +259,14 @@ QemuFlashInitialize (
VOID
)
{
+ //
+ // The SNP model does not provide for QEMU flash device support, so exit
+ // early before attempting to initialize any QEMU flash device support.
+ //
+ if (MemEncryptSevSnpIsEnabled ()) {
+ return EFI_UNSUPPORTED;
+ }
+
mFlashBase = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFdBaseAddress);
mFdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize);
ASSERT (PcdGet32 (PcdOvmfFirmwareFdSize) % mFdBlockSize == 0);

70
0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
View File

@ -1,70 +0,0 @@
From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:40 +0100
Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from
ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-4-kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
present_in_specfile: true
location_in_specfile: 51
---
UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h
index 86cc1aab3b..287d249a99 100644
--- a/UefiCpuPkg/Include/Library/MtrrLib.h
+++ b/UefiCpuPkg/Include/Library/MtrrLib.h
@@ -9,6 +9,8 @@
#ifndef _MTRR_LIB_H_
#define _MTRR_LIB_H_
+#include <Register/Intel/ArchitecturalMsr.h>
+
//
// According to IA32 SDM, MTRRs number and MSR offset are always consistent
// for IA32 processor family
@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ {
// Memory cache types
//
typedef enum {
- CacheUncacheable = 0,
- CacheWriteCombining = 1,
- CacheWriteThrough = 4,
- CacheWriteProtected = 5,
- CacheWriteBack = 6,
- CacheInvalid = 7
+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE,
+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING,
+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH,
+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED,
+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK,
+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE,
} MTRR_MEMORY_CACHE_TYPE;
-#define MTRR_CACHE_UNCACHEABLE 0
-#define MTRR_CACHE_WRITE_COMBINING 1
-#define MTRR_CACHE_WRITE_THROUGH 4
-#define MTRR_CACHE_WRITE_PROTECTED 5
-#define MTRR_CACHE_WRITE_BACK 6
-#define MTRR_CACHE_INVALID_TYPE 7
+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE
+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING
+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH
+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED
+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK
+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE
typedef struct {
UINT64 BaseAddress;

52
0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch Normal file
View File

@ -0,0 +1,52 @@
From 6fc76f3572566a83a34bb26d21e16c0e75de3609 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 18 Nov 2024 12:59:32 -0600
Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP
memory acceptance
When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and
initializing the emulated variable store happens before memory has been
accepted under SEV-SNP. This results in a #VC exception for accessing
memory that hasn't been validated (error code 0x404). The #VC handler
treats this error code as a fatal error, causing the OVMF boot to fail.
Move the call to ReserveEmuVariableNvStore() to after memory has been
accepted by AmdSevInitialize().
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
(cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87)
---
OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 05b924f99f..54903cfca2 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -365,10 +365,6 @@ InitializePlatform (
InitializeRamRegions (PlatformInfoHob);
if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
- if (!PlatformInfoHob->SmmSmramRequire) {
- ReserveEmuVariableNvStore ();
- }
-
PeiFvInitialization (PlatformInfoHob);
MemTypeInfoInitialization (PlatformInfoHob);
MemMapInitialization (PlatformInfoHob);
@@ -391,5 +387,15 @@ InitializePlatform (
RelocateSmBase ();
}
+ //
+ // Performed after CoCo (SEV/TDX) initialization to allow the memory
+ // used to be validated before being used.
+ //
+ if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
+ if (!PlatformInfoHob->SmmSmramRequire) {
+ ReserveEmuVariableNvStore ();
+ }
+ }
+
return EFI_SUCCESS;
}

49
0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
View File

@ -1,49 +0,0 @@
From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:41 +0100
Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2)
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-5-kraxel@redhat.com>
patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
present_in_specfile: true
location_in_specfile: 52
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +-
OvmfPkg/Sec/SecMain.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 7094d86159..1a19f26178 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -69,7 +69,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 725b57e2fa..26963b924d 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -765,7 +765,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}

54
0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
View File

@ -1,54 +0,0 @@
From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001
From: Sam <Sam_Tsai@wiwynn.com>
Date: Wed, 29 May 2024 07:46:03 +0800
Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64
Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3)
---
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 40bba4080c..c6e7c0df54 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
//
// Destroy the instance of the hashing protocol for this controller.
//
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}

103
0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch Normal file
View File

@ -0,0 +1,103 @@
From 3ae6cb5329ce5e48efc29989943e19cfccbfb38b Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 18 Nov 2024 12:59:32 -0600
Subject: [PATCH] OvmfPkg/PlatformInitLib: Retry NV vars FV check as shared
When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be
populated and validated in PlatformValidateNvVarStore(). When an SEV
or an SEV-ES guest is running, this may be encrypted or unencrypted
depending on how the guest was started. If the guest was started with the
combined code and variable contents (OVMF.fd), then the variable store
will be encrypted. If the guest was started with the separate code and
variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable
store will be unencrypted.
When PlatformValidateNvVarStore() is first invoked, the variable store
area is initially mapped encrypted, which may or may not pass the variable
validation step depending how the guest was launched. To accomodate this,
retry the validation step on failure after remapping the variable store
area as unencrypted.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
(cherry picked from commit d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6)
---
OvmfPkg/Library/PlatformInitLib/Platform.c | 32 +++++++++++++++++--
.../PlatformInitLib/PlatformInitLib.inf | 1 +
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c
index 10fc17355f..715533b1f2 100644
--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
+++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
@@ -34,6 +34,7 @@
#include <Guid/VariableFormat.h>
#include <OvmfPlatforms.h>
#include <Library/TdxLib.h>
+#include <Library/MemEncryptSevLib.h>
#include <Library/PlatformInitLib.h>
@@ -774,6 +775,8 @@ PlatformValidateNvVarStore (
EFI_FIRMWARE_VOLUME_HEADER *NvVarStoreFvHeader;
VARIABLE_STORE_HEADER *NvVarStoreHeader;
AUTHENTICATED_VARIABLE_HEADER *VariableHeader;
+ BOOLEAN Retry;
+ EFI_STATUS Status;
static EFI_GUID FvHdrGUID = EFI_SYSTEM_NV_DATA_FV_GUID;
static EFI_GUID VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID;
@@ -792,6 +795,15 @@ PlatformValidateNvVarStore (
//
NvVarStoreFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)NvVarStoreBase;
+ //
+ // SEV and SEV-ES can use separate flash devices for OVMF code and
+ // OVMF variables. In this case, the OVMF variables will need to be
+ // mapped unencrypted. If the initial validation fails, remap the
+ // NV variable store as unencrypted and retry the validation.
+ //
+ Retry = MemEncryptSevIsEnabled ();
+
+RETRY:
if ((!IsZeroBuffer (NvVarStoreFvHeader->ZeroVector, 16)) ||
(!CompareGuid (&FvHdrGUID, &NvVarStoreFvHeader->FileSystemGuid)) ||
(NvVarStoreFvHeader->Signature != EFI_FVH_SIGNATURE) ||
@@ -801,8 +813,24 @@ PlatformValidateNvVarStore (
(NvVarStoreFvHeader->FvLength != NvVarStoreSize)
)
{
- DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n"));
- return FALSE;
+ if (!Retry) {
+ DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n"));
+ return FALSE;
+ }
+
+ DEBUG ((DEBUG_INFO, "Remapping NvVarStore as shared\n"));
+ Status = MemEncryptSevClearMmioPageEncMask (
+ 0,
+ (UINTN)NvVarStoreBase,
+ EFI_SIZE_TO_PAGES (NvVarStoreSize)
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to map NvVarStore as shared\n"));
+ return FALSE;
+ }
+
+ Retry = FALSE;
+ goto RETRY;
}
//
diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
index 3e63ef4423..fb179e6791 100644
--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
@@ -48,6 +48,7 @@
HobLib
QemuFwCfgLib
QemuFwCfgSimpleParserLib
+ MemEncryptSevLib
MemoryAllocationLib
MtrrLib
PcdLib

28
0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch Normal file
View File

@ -0,0 +1,28 @@
From 6944acabf2aa916e7f321c28f19e7d95b155df99 Mon Sep 17 00:00:00 2001
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Mon, 18 Nov 2024 12:59:32 -0600
Subject: [PATCH] OvmfPkg/EmuVariableFvbRuntimeDxe: Issue NV vars
initializitation message
Add a debug message that indicates when the NV variables are being
initialized through the template structure.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
(cherry picked from commit 6142f0a8a53557ba50300c762a15bf3c18382162)
---
OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
index c07e38966e..cc476c7df2 100644
--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
+++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
@@ -692,6 +692,8 @@ InitializeFvAndVariableStoreHeaders (
//
Fv = (EFI_FIRMWARE_VOLUME_HEADER *)Ptr;
Fv->Checksum = CalculateCheckSum16 (Ptr, Fv->HeaderLength);
+
+ DEBUG ((DEBUG_INFO, "EMU Variable FVB: Initialized FV using template structure\n"));
}
/**

127
0035-OvmfPkg-add-morlock-support.patch
View File

@ -1,127 +0,0 @@
From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 8 May 2024 13:14:26 +0200
Subject: [PATCH] OvmfPkg: add morlock support
Add dsc + fdf include files to add the MorLock drivers to the build.
Add the include files to OVMF build configurations.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca)
---
OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++
OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
8 files changed, 26 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
new file mode 100644
index 0000000000..a8c5fb24b8
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
new file mode 100644
index 0000000000..20b7d6619a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d8ae542686..65a866ae0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -887,6 +887,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0ffa3be750..10eb6fe72b 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 52ac2c96fc..679e25501b 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -901,6 +901,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index c4f3ec0735..ff06bbfc6f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f76d0ef7bc..d294fd4625 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -969,6 +969,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index bedd85ef7a..f3b787201f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################

192
0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
View File

@ -1,192 +0,0 @@
From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001
From: Pedro Falcato <pedro.falcato@gmail.com>
Date: Tue, 22 Nov 2022 22:31:03 +0000
Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
Also add a proper CPUID test in order to support older CPUs which may
not have it; it was previously being tested but then promptly ignored.
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
:x86_init_rdrand() per commit 049f9ae9..
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain.
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
> also place it into public domain. Do with it what you will now.
>
> Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a)
---
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
1 file changed, 91 insertions(+), 8 deletions(-)
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
index 9bd68352f9..06d2a6f12d 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -3,6 +3,7 @@
to provide high-quality random numbers.
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
STATIC BOOLEAN mRdRandSupported;
+//
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
+//
+#define RDRAND_RETRIES 10
+
+#define RDRAND_TEST_SAMPLES 8
+
+#define RDRAND_MIN_CHANGE 5
+
+//
+// Add a define for native-word RDRAND, just for the test.
+//
+#ifdef MDE_CPU_X64
+#define ASM_RDRAND AsmRdRand64
+#else
+#define ASM_RDRAND AsmRdRand32
+#endif
+
+/**
+ Tests RDRAND for broken implementations.
+
+ @retval TRUE RDRAND is reliable (and hopefully safe).
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
+
+**/
+STATIC
+BOOLEAN
+TestRdRand (
+ VOID
+ )
+{
+ //
+ // Test for notoriously broken rdrand implementations that always return the same
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
+ //
+
+ //
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
+ //
+ UINTN Prev;
+ UINT8 Idx;
+ UINT8 TestIteration;
+ UINT32 Changed;
+
+ Changed = 0;
+
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
+ UINTN Sample;
+ //
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
+ // Any failure to get a random number will assume RDRAND does not work.
+ //
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
+ if (ASM_RDRAND (&Sample)) {
+ break;
+ }
+ }
+
+ if (Idx == RDRAND_RETRIES) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
+ return FALSE;
+ }
+
+ if (TestIteration != 0) {
+ Changed += Sample != Prev;
+ }
+
+ Prev = Sample;
+ }
+
+ if (Changed < RDRAND_MIN_CHANGE) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+#undef ASM_RDRAND
+
/**
The constructor function checks whether or not RDRAND instruction is supported
by the host hardware.
@@ -48,10 +131,13 @@ BaseRngLibConstructor (
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
//
AsmCpuid (1, 0, 0, &RegEcx, 0);
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+ if (mRdRandSupported) {
+ mRdRandSupported = TestRdRand ();
+ }
+
return EFI_SUCCESS;
}
@@ -70,6 +156,7 @@ ArchGetRandomNumber16 (
OUT UINT16 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand16 (Rand);
}
@@ -88,6 +175,7 @@ ArchGetRandomNumber32 (
OUT UINT32 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand32 (Rand);
}
@@ -106,6 +194,7 @@ ArchGetRandomNumber64 (
OUT UINT64 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand64 (Rand);
}
@@ -122,13 +211,7 @@ ArchIsRngSupported (
VOID
)
{
- /*
- Existing software depends on this always returning TRUE, so for
- now hard-code it.
-
- return mRdRandSupported;
- */
- return TRUE;
+ return mRdRandSupported;
}
/**

51
0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch Normal file
View File

@ -0,0 +1,51 @@
From 87a3869f6d509e36d8c5dfe5a1bd8dea62195dab Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 23 Aug 2024 11:55:31 +0200
Subject: [PATCH] OvmfPkg/PlatformInitLib: enable x2apic mode if needed
Enable x2apic mode in case the number of possible CPUs (including
hotplug-able CPus which are not (yet) online) is larger than 255.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 8c8e05db24d8578cf87669e491f983fbd8357d55)
---
OvmfPkg/Library/PlatformInitLib/Platform.c | 6 ++++++
OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 +
2 files changed, 7 insertions(+)
diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c
index 715533b1f2..afe8b0abd6 100644
--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
+++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
@@ -30,6 +30,7 @@
#include <Library/QemuFwCfgS3Lib.h>
#include <Library/QemuFwCfgSimpleParserLib.h>
#include <Library/PciLib.h>
+#include <Library/LocalApicLib.h>
#include <Guid/SystemNvDataGuid.h>
#include <Guid/VariableFormat.h>
#include <OvmfPlatforms.h>
@@ -720,6 +721,11 @@ PlatformMaxCpuCountInitialization (
));
ASSERT (BootCpuCount <= MaxCpuCount);
+ if (MaxCpuCount > 255) {
+ DEBUG ((DEBUG_INFO, "%a: enable x2apic mode\n", __func__));
+ SetApicMode (LOCAL_APIC_MODE_X2APIC);
+ }
+
PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber = MaxCpuCount;
PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount;
}
diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
index fb179e6791..c79b2ee106 100644
--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
@@ -48,6 +48,7 @@
HobLib
QemuFwCfgLib
QemuFwCfgSimpleParserLib
+ LocalApicLib
MemEncryptSevLib
MemoryAllocationLib
MtrrLib

14
edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch → 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
View File

@ -1,16 +1,8 @@
From 4a770a9b67b67e1254f42ca00c077f9263be7f4c Mon Sep 17 00:00:00 2001
From 8f117e06457536a78feeee1e49c43ca435d94842 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 19:00:11 +0100
Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 83: OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Jira: RHEL-64642
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/1] 90757b4268b841637cbd08ac94f0febe9cfdffa5 (osteffen/edk2)
Upstream PR: https://github.com/tianocore/edk2/pull/6403
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
@ -25,6 +17,7 @@ Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
(cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f)
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
1 file changed, 2 insertions(+)
@ -42,6 +35,3 @@ index 87d1ac3142..1f1298eb0b 100644
}
return EFI_SUCCESS;
--
2.39.3

43
0037-SecurityPkg-RngDxe-add-rng-test.patch
View File

@ -1,43 +0,0 @@
From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200
Subject: [PATCH] SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d)
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 5723ed6957..8b0742bab6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
#include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID
)
{
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest;
+
+ if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ }
+
return EFI_SUCCESS;
}

301
0038-OvmfPkg-wire-up-RngDxe.patch
View File

@ -1,301 +0,0 @@
From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 24 May 2024 12:51:17 +0200
Subject: [PATCH] OvmfPkg: wire up RngDxe
Add OvmfRng include snippets with the random number generator
configuration for OVMF. Include RngDxe, build with BaseRngLib,
so the rdrand instruction is used (if available).
Also move VirtioRng to the include snippets.
Use the new include snippets for OVMF builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +-
OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.fdf | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.fdf | 2 +-
14 files changed, 27 insertions(+), 12 deletions(-)
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cf1ad83e09..4edc2a9069 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -649,7 +649,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -740,6 +739,7 @@
OvmfPkg/AmdSev/Grub/Grub.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c56c98dc85..480837b0fa 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
new file mode 100644
index 0000000000..68839a0caa
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+ <LibraryClasses>
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ }
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
new file mode 100644
index 0000000000..99cb4a32b1
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
@@ -0,0 +1,6 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 9f49b60ff0..4b7e1596fc 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -636,7 +636,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -719,6 +718,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index ce5d542048..88d0f75ae2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE
#
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index fb73f2e089..9206f01816 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -760,7 +760,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
@@ -846,6 +845,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index 055e659a35..c8268d7e8c 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 65a866ae0c..b64c215585 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -784,7 +784,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -888,6 +887,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 10eb6fe72b..c31276e4a3 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 679e25501b..ececac3757 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -798,7 +798,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -902,6 +901,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ff06bbfc6f..a7b4aeac08 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d294fd4625..0ab4d3df06 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -866,7 +866,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -970,6 +969,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f3b787201f..ae08ac4fe9 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################

37
0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
View File

@ -1,37 +0,0 @@
From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:49 +0200
Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList
Needed to properly initialize BaseRngLib.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201)
---
.../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
index d0c1c7a4f7..48d463b8ad 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
@@ -8,6 +8,12 @@
**/
#include "TestBaseCryptLib.h"
+VOID
+EFIAPI
+ProcessLibraryConstructorList (
+ VOID
+ );
+
/**
Initialize the unit test framework, suite, and unit tests for the
sample unit tests and run the unit tests.
@@ -76,5 +82,6 @@ main (
char *argv[]
)
{
+ ProcessLibraryConstructorList ();
return UefiTestMain ();
}

43
0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
View File

@ -1,43 +0,0 @@
From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:53 +0200
Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4)
---
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
index 8ba4f54a38..7f7276f7f4 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
OUT UINT32 *Edx OPTIONAL
)
{
+ UINT32 RetEcx;
+
+ RetEcx = 0;
+ switch (Index) {
+ case 1:
+ RetEcx |= BIT30; /* RdRand */
+ break;
+ }
+
if (Eax != NULL) {
*Eax = 0;
}
@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid (
}
if (Ecx != NULL) {
- *Ecx = 0;
+ *Ecx = RetEcx;
}
if (Edx != NULL) {

63
edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
View File

@ -1,63 +0,0 @@
From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 26 Aug 2024 19:25:52 +0200
Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Jira: RHEL-56082
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2)
The shim fallback reboot workaround (introduced for SEV-ES) does
not always work for SEV-SNP, due to a conditional early return.
Let's just register the workaround earlier in this function to
fix that.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 0eb88e50ff..ca345e95da 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint (
return EFI_UNSUPPORTED;
}
+ // Shim fallback reboot workaround
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ PopulateVarstore,
+ SystemTable,
+ &gEfiEndOfDxeEventGroupGuid,
+ &PopulateVarstoreEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
// memory space. The NonExistent memory space will be used for mapping the
@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint (
);
}
- Status = gBS->CreateEventEx (
- EVT_NOTIFY_SIGNAL,
- TPL_CALLBACK,
- PopulateVarstore,
- SystemTable,
- &gEfiEndOfDxeEventGroupGuid,
- &PopulateVarstoreEvent
- );
- ASSERT_EFI_ERROR (Status);
-
return EFI_SUCCESS;
}
--
2.39.3

43
edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch
View File

@ -1,43 +0,0 @@
From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Mar 2024 15:32:58 +0100
Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing
variables
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables
RH-Jira: RHEL-45261
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2)
Emit a DEBUG_WARN message if there is not enough flash space left to
write/update a variable. This condition is currently not logged
appropriately in all cases, given that full variable store can easily
render the system unbootable.
This new message helps identifying this condition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index d394d237a5..1c7659031d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2364,6 +2364,8 @@ Done:
);
ASSERT_EFI_ERROR (Status);
}
+ } else if (Status == EFI_OUT_OF_RESOURCES) {
+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n"));
}
return Status;
--
2.39.3

50
edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
View File

@ -1,50 +0,0 @@
From f0facba2e1458636c73399b8b0aea8c8db47f5f2 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 1 Oct 2024 18:40:41 -0400
Subject: [PATCH 3/3] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 79: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60829
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 295f85a105fe778de5e555a65fdd2b7297c721a6
JIRA: https://issues.redhat.com/browse/RHEL-60829
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e769b..128090d98e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.39.3

49
edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
View File

@ -1,49 +0,0 @@
From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 19 Jun 2024 09:07:56 +0200
Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2)
There is a list of allowed rng algorithms, if /one/ of them is not
supported this is not a problem, only /all/ of them failing is an
error condition.
Downgrade the message for a single unsupported algorithm from ERROR to
VERBOSE. Add an error message in case we finish the loop without
finding a supported algorithm.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6862b9d538d96363635677198899e1669e591259)
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 01c13c08d2..4dfbe91a55 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -951,7 +951,7 @@ PseudoRandom (
//
// Secure Algorithm was not supported on this platform
//
- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
//
// Try the next secure algorithm
@@ -971,6 +971,7 @@ PseudoRandom (
// If we get here, we failed to generate random data using any secure algorithm
// Platform owner should ensure that at least one secure algorithm is supported
//
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n"));
ASSERT_EFI_ERROR (Status);
return Status;
}
--
2.39.3

46
edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
View File

@ -1,46 +0,0 @@
From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56154
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

65
edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch
View File

@ -1,65 +0,0 @@
From 0ddcdbae55f2dd6bbd4c4893ecfc0feeb21b9d91 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 23 Aug 2024 14:36:16 +0200
Subject: [PATCH 2/3] OvmfPkg/QemuVideoDxe: ignore display resolutions smaller
than 640x480
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 73: ignore display resolutions smaller than 640x480
RH-Jira: RHEL-56249
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [2/2] 95d973e06f759c00637831a9521063794ce5cf28 (kraxel.rh/centos-src-edk2)
GraphicsConsoleDxe will assert in case the resolution is too small.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 391666da2c1dc5671bbb3393079d86f46e3435af)
---
OvmfPkg/QemuVideoDxe/Initialize.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/QemuVideoDxe/Initialize.c b/OvmfPkg/QemuVideoDxe/Initialize.c
index 050ae878ec..2d1f50637f 100644
--- a/OvmfPkg/QemuVideoDxe/Initialize.c
+++ b/OvmfPkg/QemuVideoDxe/Initialize.c
@@ -293,6 +293,8 @@ QemuVideoBochsEdid (
)
{
EFI_STATUS Status;
+ UINT32 X;
+ UINT32 Y;
if (Private->Variant != QEMU_VIDEO_BOCHS_MMIO) {
return;
@@ -344,16 +346,24 @@ QemuVideoBochsEdid (
return;
}
- *XRes = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4);
- *YRes = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4);
+ X = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4);
+ Y = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4);
DEBUG ((
DEBUG_INFO,
"%a: default resolution: %dx%d\n",
__func__,
- *XRes,
- *YRes
+ X,
+ Y
));
+ if ((X < 640) || (Y < 480)) {
+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */
+ return;
+ }
+
+ *XRes = X;
+ *YRes = Y;
+
if (PcdGet8 (PcdVideoResolutionSource) == 0) {
Status = PcdSet32S (PcdVideoHorizontalResolution, *XRes);
ASSERT_RETURN_ERROR (Status);
--
2.39.3

37
edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch
View File

@ -1,37 +0,0 @@
From 66b4a85fcb8ec13c5e4e152d1265dbf31eaa34f3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 23 Aug 2024 14:35:53 +0200
Subject: [PATCH 1/3] OvmfPkg/VirtioGpuDxe: ignore display resolutions smaller
than 640x480
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 73: ignore display resolutions smaller than 640x480
RH-Jira: RHEL-56249
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/2] 24ec635d43a396ceb50197136ad7ffdc4a614a47 (kraxel.rh/centos-src-edk2)
GraphicsConsoleDxe will assert in case the resolution is too small.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 58035e8b5e11cfe2b9e6428d14c7817b6b1c83a2)
---
OvmfPkg/VirtioGpuDxe/Gop.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/VirtioGpuDxe/Gop.c b/OvmfPkg/VirtioGpuDxe/Gop.c
index f64dfce5f4..d767114bbb 100644
--- a/OvmfPkg/VirtioGpuDxe/Gop.c
+++ b/OvmfPkg/VirtioGpuDxe/Gop.c
@@ -265,7 +265,8 @@ GopInitialize (
// query host for display resolution
//
GopNativeResolution (VgpuGop, &XRes, &YRes);
- if ((XRes == 0) || (YRes == 0)) {
+ if ((XRes < 640) || (YRes < 480)) {
+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */
return;
}
--
2.39.3

143
edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
View File

@ -1,143 +0,0 @@
From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 27 Aug 2024 12:06:15 +0200
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if
not needed.
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed.
RH-Jira: RHEL-50185
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2)
Add the new global mMsrIa32MiscEnableSupported variable to track
whenever support for the IA32_MISC_ENABLE MSR is present or not.
Add new local PatchingNeeded variable to CheckFeatureSupported()
to track if patching the SMM setup code is needed or not.
Issue PatchInstructionX86() calls only if needed, i.e. if one of
the *Supported variables has been updated.
Result is that on a typical SMP machine where all processors are
identical the PatchInstructionX86() calls are issued only once,
when checking the first processor. Specifically this avoids
PatchInstructionX86() being called in OVMF on CPU hotplug. That
is important because instruction patching at runtime does not not
work and leads to page faults.
This fixes CPU hotplug on OVMF not working with AMD cpus.
Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++-----
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 8142d3ceac..8e299fd29a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE;
//
BOOLEAN mBtsSupported = TRUE;
+//
+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor
+//
+BOOLEAN mMsrIa32MiscEnableSupported = TRUE;
+
//
// The flag indicates if SMM profile starts to record data.
//
@@ -904,18 +909,23 @@ CheckFeatureSupported (
UINT32 RegEcx;
UINT32 RegEdx;
MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr;
+ BOOLEAN PatchingNeeded = FALSE;
if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {
AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL);
if ((RegEcx & CPUID_CET_SS) == 0) {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
} else {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -925,8 +935,10 @@ CheckFeatureSupported (
//
// Extended CPUID functions are not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
@@ -934,15 +946,20 @@ CheckFeatureSupported (
//
// Execute Disable Bit feature is not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
if (StandardSignatureIsAuthenticAMD ()) {
//
// AMD processors do not support MSR_IA32_MISC_ENABLE
//
- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ if (mMsrIa32MiscEnableSupported) {
+ mMsrIa32MiscEnableSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -966,6 +983,20 @@ CheckFeatureSupported (
}
}
}
+
+ if (PatchingNeeded) {
+ if (!mCetSupported) {
+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ }
+
+ if (!mXdSupported) {
+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ }
+
+ if (!mMsrIa32MiscEnableSupported) {
+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ }
+ }
}
/**
--
2.39.3

2
edk2-build.py
View File

@ -248,7 +248,7 @@ def build_one(cfg, build, jobs = None, silent = False, nologs = False):
def build_basetools(silent = False, nologs = False):
build_message('building: BaseTools', silent = silent)
basedir = os.environ['EDK_TOOLS_PATH']
basedir = os.environ['EDK_TOOLS_PATH'] + '/Source/C'
cmdline = [ 'make', '-C', basedir ]
build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs)

10
edk2-build.rhel-9
View File

@ -16,14 +16,12 @@ FD_SIZE_4MB = TRUE
[opts.ovmf.sb.smm]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = TRUE
# old downstream
EXCLUDE_SHELL_FROM_FD = TRUE
# new upstream
BUILD_SHELL = FALSE
[opts.ovmf.sb.stateless]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = FALSE
BUILD_SHELL = FALSE
[opts.armvirt.verbose]
DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
@ -32,6 +30,9 @@ DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
DEBUG_PRINT_ERROR_LEVEL = 0x80000000
[pcds.la57]
PcdUse5LevelPageTable = TRUE
[pcds.nx.strict]
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5
PcdUninstallMemAttrProtocol = FALSE
@ -52,6 +53,7 @@ conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
pcds = la57
plat = OvmfX64
dest = RHEL-9/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd
@ -65,6 +67,7 @@ arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.smm
pcds = la57
plat = OvmfX64
dest = RHEL-9/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
@ -91,6 +94,7 @@ arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.stateless
pcds = la57
plat = IntelTdx
dest = RHEL-9/ovmf
cpy1 = FV/OVMF.fd OVMF.inteltdx.fd

66
edk2.spec
View File

@ -1,8 +1,8 @@
ExclusiveArch: x86_64 aarch64
# edk2-stable202405
%define GITDATE 20240524
%define GITCOMMIT 3e722403cd
# edk2-stable202411
%define GITDATE 20241117
%define GITCOMMIT 0f3867fa6ef0
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}
Release: 12%{?dist}
Release: 1%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -33,6 +33,7 @@ URL: http://www.tianocore.org
Source0: edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz
Source3: dtc-1.7.0.tar.xz
# json description files
Source10: 50-edk2-aarch64-qcow2.json
@ -74,45 +75,18 @@ Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch
Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch
Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
Patch33: 0035-OvmfPkg-add-morlock-support.patch
Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch
Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch
Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
# For RHEL-45261 - [RHEL10] edk2 disconnects abnormally before loading the kernel
Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
# For RHEL-56082 - [EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10]
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-50185 - [RHEL10] Hit soft lockup when hotplug vcpu
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56154 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10]
Patch45: edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch
# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10]
Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch
# For RHEL-60829 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0]
Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10]
Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10]
Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-64642 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10]
Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
Patch24: 0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
Patch25: 0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Patch26: 0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
Patch27: 0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
Patch28: 0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
Patch29: 0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
Patch30: 0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch
Patch31: 0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch
Patch32: 0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch
Patch33: 0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch
Patch34: 0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch
Patch35: 0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -222,6 +196,7 @@ cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
cp -a -- %{SOURCE80} %{SOURCE82} .
cp -a -- %{SOURCE90} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
tar -xf %{SOURCE3} --strip-components=1 --directory MdePkg/Library/BaseFdtLib/libfdt
# Done by %setup, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
@ -447,6 +422,11 @@ install -m 0644 \
%changelog
* Mon Dec 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-1
- Rebase to edk2-stable202411
- Resolves: RHEL-58062
([edk2,rhel-10] rebase to edk2-stable202411)
* Tue Nov 26 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-12
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642]
- Resolves: RHEL-64642

3
sources
View File

@ -1,3 +1,4 @@
SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624
SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d
SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb
SHA512 (edk2-0f3867fa6ef0.tar.xz) = 256280ea6f777d1c0f6b803ec791b28955d6568128f303bbf1447f512dc808c5a72f1e8074d9cebb89605c330569fcdcf2d5fdf5611bf3c442c72c67a5a100e0
SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9