import edk2-20220126gitbb1bba3d77-2.el8

2022-03-09 16:04:47 +00:00 · 2022-03-09 16:04:47 +00:00 · 314a3863ce
commit 314a3863ce
parent aae0054575
2 changed files with 58 additions and 1 deletions
--- a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
+++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
@ -0,0 +1,50 @@
+From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001
+From: Dov Murik <dovmurik@linux.ibm.com>
+Date: Tue, 4 Jan 2022 15:16:40 +0800
+Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
+ reserved
+
+RH-Author: Pawel Polawski <None>
+RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
+RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2)
+RH-Bugzilla: 2041754
+RH-Acked-by: Oliver Steffen <None>
+
+Mark the SEV launch secret MEMFD area as reserved, which will allow the
+guest OS to use it during the lifetime of the OS, without creating
+copies of the sensitive content.
+
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jordan Justen <jordan.l.justen@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+Cc: Brijesh Singh <brijesh.singh@amd.com>
+Cc: Erdem Aktas <erdemaktas@google.com>
+Cc: James Bottomley <jejb@linux.ibm.com>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Min Xu <min.m.xu@intel.com>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
+Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
+Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
+---
+ OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+index db94c26b54..6bf1a55dea 100644
+--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+@@ -19,7 +19,7 @@ InitializeSecretPei (
+   BuildMemoryAllocationHob (
+     PcdGet32 (PcdSevLaunchSecretBase),
+     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
+-    EfiBootServicesData
+    EfiReservedMemoryType
+     );
+ 
+   return EFI_SUCCESS;
+-- 
+2.27.0
+
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    1%{?dist}.test
+Release:    2%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@ -49,6 +49,8 @@ Patch0023: 0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
 Patch0024: 0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
 Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
 Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
+# For bz#2041754 - Mark SEV launch secret area as reserved
+Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch


 # python3-devel and libuuid-devel are required for building tools.
@ -493,6 +495,11 @@ true
 %endif

 %changelog
+* Tue Mar 01 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-2
+- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2041754]
+- Resolves: bz#2041754
+  (Mark SEV launch secret area as reserved)
+
 * Wed Feb 02 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-1.el8
 - Rebase to latest upstream release [bz#2018386]
 - Resolves: bz#2018386