import edk2-20210527gite1999b264f1f-3.el8
This commit is contained in:
parent
61bad4b6b9
commit
46352fc37f
@ -1,2 +1,2 @@
|
||||
3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz
|
||||
627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
858fffdab12810fb170144ffe1a9c39e9fface80 SOURCES/edk2-e1999b264f1f.tar.xz
|
||||
4c1a80504b0bd3ce87fd9baa30836142620af1eb SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
|
||||
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/edk2-ca407c7246bf.tar.xz
|
||||
SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
SOURCES/edk2-e1999b264f1f.tar.xz
|
||||
SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
|
||||
|
@ -1,8 +1,13 @@
|
||||
From db8ccca337e2c5722c1d408d2541cf653d3371a2 Mon Sep 17 00:00:00 2001
|
||||
From dca56cf4d28bbbb1d3be029ce9a6710cb3f6cd2f Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 4 Jun 2020 13:34:12 +0200
|
||||
Subject: BaseTools: do not build BrotliCompress (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -16,15 +21,16 @@ submodules (RH only").
|
||||
Do not attempt to build BrotliCompress.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2)
|
||||
---
|
||||
BaseTools/Source/C/GNUmakefile | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
|
||||
index df4eb64ea9..52777eaff1 100644
|
||||
index 8c191e0c38..3eae824a1c 100644
|
||||
--- a/BaseTools/Source/C/GNUmakefile
|
||||
+++ b/BaseTools/Source/C/GNUmakefile
|
||||
@@ -45,7 +45,6 @@ all: makerootdir subdirs
|
||||
@@ -48,7 +48,6 @@ all: makerootdir subdirs
|
||||
LIBRARIES = Common
|
||||
VFRAUTOGEN = VfrCompile/VfrLexer.h
|
||||
APPLICATIONS = \
|
||||
@ -33,5 +39,5 @@ index df4eb64ea9..52777eaff1 100644
|
||||
EfiRom \
|
||||
GenFfs \
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
@ -1,8 +1,13 @@
|
||||
From e05e0de713c4a2b8adb6ff9809611f222bfe50ed Mon Sep 17 00:00:00 2001
|
||||
From 9729dd1d6b83961d531e29777d0cc4a610b108be Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 4 Jun 2020 13:39:08 +0200
|
||||
Subject: MdeModulePkg: remove package-private Brotli include path (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -20,12 +25,13 @@ platforms, and we've removed the submodule earlier in this patch set,
|
||||
remove the include path too.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed)
|
||||
---
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 4f44af6948..031043ec28 100644
|
||||
index 8d38383915..ba2d0290e7 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -24,9 +24,6 @@
|
||||
@ -39,5 +45,5 @@ index 4f44af6948..031043ec28 100644
|
||||
## @libraryclass Defines a set of methods to reset whole system.
|
||||
ResetSystemLib|Include/Library/ResetSystemLib.h
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
@ -1,8 +1,24 @@
|
||||
From cee80878b19e51d9b3c63335c681f152dcc59764 Mon Sep 17 00:00:00 2001
|
||||
From 8c815e04dda7897899dfa011063f779280cd4d5d Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 11 Jun 2014 23:33:33 +0200
|
||||
Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Extend the DSC/FDF change to the new OvmfPkg/AmdSev platform, which has
|
||||
been introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base
|
||||
commit to build encrypted boot specific OVMF", 2020-12-14), for
|
||||
TianoCore#3077.
|
||||
|
||||
We've always patched all those DSC/FDF files in OvmfPkg down-stream that
|
||||
made sense at least in theory on QEMU. (For example, we've always
|
||||
patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never
|
||||
build or ship the pure IA32 firmware platform.) Follow suit with
|
||||
"AmdSevX64.dsc" and "AmdSevX64.fdf".
|
||||
|
||||
"AmdSevX64.dsc" consumes OpenSSL when built with "-D TPM_ENABLE".
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -151,6 +167,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
|
||||
(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
|
||||
(cherry picked from commit 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2)
|
||||
(cherry picked from commit cee80878b19e51d9b3c63335c681f152dcc59764)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 2 +-
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
|
||||
@ -159,23 +176,25 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
MdeModulePkg/Logo/Logo-OpenSSL.idf | 10 +++++
|
||||
MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 56 +++++++++++++++++++++++++++
|
||||
MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 17 ++++++++
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.fdf | 2 +-
|
||||
13 files changed, 92 insertions(+), 9 deletions(-)
|
||||
15 files changed, 94 insertions(+), 11 deletions(-)
|
||||
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp
|
||||
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf
|
||||
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 3f649c91d8..360094ab6a 100644
|
||||
index 7ef5e7297b..54d637163c 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -424,7 +424,7 @@
|
||||
@@ -433,7 +433,7 @@
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||
@ -185,10 +204,10 @@ index 3f649c91d8..360094ab6a 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index a2f4bd62c8..9b94043085 100644
|
||||
index 5b1d100575..6cdbfc39be 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -193,7 +193,7 @@ READ_LOCK_STATUS = TRUE
|
||||
@@ -196,7 +196,7 @@ READ_LOCK_STATUS = TRUE
|
||||
#
|
||||
# TianoCore logo (splash screen)
|
||||
#
|
||||
@ -198,10 +217,10 @@ index a2f4bd62c8..9b94043085 100644
|
||||
#
|
||||
# Ramdisk support
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index 2a6fd6bc06..d186263e18 100644
|
||||
index a542fcb157..f598ac6a85 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -363,7 +363,7 @@
|
||||
@@ -369,7 +369,7 @@
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||
@ -531,11 +550,37 @@ index 0000000000..6439502b6a
|
||||
+
|
||||
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
|
||||
+
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 66bbbc80cd..52bcae6cf6 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -688,7 +688,7 @@
|
||||
PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf
|
||||
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||
- MdeModulePkg/Logo/LogoDxe.inf
|
||||
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
MdeModulePkg/Application/UiApp/UiApp.inf {
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index dd0030dbf1..fa5e484e63 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -279,7 +279,7 @@ INF OvmfPkg/AmdSev/Grub/Grub.inf
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
!endif
|
||||
|
||||
-INF MdeModulePkg/Logo/LogoDxe.inf
|
||||
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
#
|
||||
# Usb Support
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index d0df9cbbfb..f8317a4f5d 100644
|
||||
index 33fbd76790..d8f03caa30 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -750,7 +750,7 @@
|
||||
@@ -777,7 +777,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
@ -545,10 +590,10 @@ index d0df9cbbfb..f8317a4f5d 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index e2b759aa8d..ec64551bcb 100644
|
||||
index b3c8b56f3b..e3b1d74ce2 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -294,7 +294,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
@@ -300,7 +300,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
||||
@ -558,10 +603,10 @@ index e2b759aa8d..ec64551bcb 100644
|
||||
#
|
||||
# Network modules
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index b3ae62fee9..55423d356c 100644
|
||||
index b13e5cfd90..312577ebae 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -764,7 +764,7 @@
|
||||
@@ -791,7 +791,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
@ -571,10 +616,10 @@ index b3ae62fee9..55423d356c 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index bfca1eff9e..2f02ac2d73 100644
|
||||
index 86592c2364..f7732382d4 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
@@ -301,7 +301,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
||||
@ -584,10 +629,10 @@ index bfca1eff9e..2f02ac2d73 100644
|
||||
#
|
||||
# Network modules
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index f7fe75ebf5..17aeeed96e 100644
|
||||
index 999738dc39..d72a00e6b4 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -760,7 +760,7 @@
|
||||
@@ -789,7 +789,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
@ -597,10 +642,10 @@ index f7fe75ebf5..17aeeed96e 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index bfca1eff9e..2f02ac2d73 100644
|
||||
index d6be798fca..137ed6bceb 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
@@ -313,7 +313,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
||||
@ -610,5 +655,5 @@ index bfca1eff9e..2f02ac2d73 100644
|
||||
#
|
||||
# Network modules
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
@ -1,580 +0,0 @@
|
||||
From 99da4393139d428baf09d751af3d072229839126 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 12 Jun 2014 00:17:59 +0200
|
||||
Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- update commit message as requested in
|
||||
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
The Int10h VBE Shim is capable of emitting short debug messages when the
|
||||
win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
|
||||
version is preferred; for us debug messages are important as a default.
|
||||
|
||||
For this patch, the DEBUG macro is enabled in the assembly file, and then
|
||||
the header file is regenerated from the assembly, by running
|
||||
"OvmfPkg/QemuVideoDxe/VbeShim.sh".
|
||||
|
||||
"VbeShim.h" is not auto-generated; it is manually generated. The patch
|
||||
does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the
|
||||
manually re-generated) "VbeShim.h" atomically. Doing so helps with local
|
||||
downstream builds, with bisection, and also keeps redhat/README a bit
|
||||
simpler.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
|
||||
(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
|
||||
(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
|
||||
(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
|
||||
(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
|
||||
(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
|
||||
(cherry picked from commit 3aa0316ea1db5416cb528179a3ba5ce37c1279b7)
|
||||
---
|
||||
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
|
||||
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
|
||||
2 files changed, 308 insertions(+), 175 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
index 1d284b2641..0d5cfaf1e4 100644
|
||||
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
@@ -12,7 +12,7 @@
|
||||
;------------------------------------------------------------------------------
|
||||
|
||||
; enable this macro for debug messages
|
||||
-;%define DEBUG
|
||||
+%define DEBUG
|
||||
|
||||
%macro DebugLog 1
|
||||
%ifdef DEBUG
|
||||
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||
index cc9b6e14cd..325d6478a1 100644
|
||||
--- a/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h
|
||||
@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = {
|
||||
/* 000001FE nop */ 0x90,
|
||||
/* 000001FF nop */ 0x90,
|
||||
/* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F,
|
||||
- /* 00000203 jz 0x22d */ 0x74, 0x28,
|
||||
+ /* 00000203 jz 0x235 */ 0x74, 0x30,
|
||||
/* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F,
|
||||
- /* 00000208 jz 0x245 */ 0x74, 0x3B,
|
||||
+ /* 00000208 jz 0x255 */ 0x74, 0x4B,
|
||||
/* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F,
|
||||
- /* 0000020D jz 0x269 */ 0x74, 0x5A,
|
||||
+ /* 0000020D jz 0x289 */ 0x74, 0x7A,
|
||||
/* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F,
|
||||
- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01,
|
||||
+ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01,
|
||||
/* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F,
|
||||
- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01,
|
||||
+ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01,
|
||||
/* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F,
|
||||
- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01,
|
||||
+ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01,
|
||||
/* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00,
|
||||
- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01,
|
||||
- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE,
|
||||
- /* 0000022D push es */ 0x06,
|
||||
- /* 0000022E push di */ 0x57,
|
||||
- /* 0000022F push ds */ 0x1E,
|
||||
- /* 00000230 push si */ 0x56,
|
||||
- /* 00000231 push cx */ 0x51,
|
||||
- /* 00000232 push cs */ 0x0E,
|
||||
- /* 00000233 pop ds */ 0x1F,
|
||||
- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00,
|
||||
- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||
- /* 0000023A cld */ 0xFC,
|
||||
- /* 0000023B rep movsb */ 0xF3, 0xA4,
|
||||
- /* 0000023D pop cx */ 0x59,
|
||||
- /* 0000023E pop si */ 0x5E,
|
||||
- /* 0000023F pop ds */ 0x1F,
|
||||
- /* 00000240 pop di */ 0x5F,
|
||||
- /* 00000241 pop es */ 0x07,
|
||||
- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01,
|
||||
- /* 00000245 push es */ 0x06,
|
||||
- /* 00000246 push di */ 0x57,
|
||||
- /* 00000247 push ds */ 0x1E,
|
||||
- /* 00000248 push si */ 0x56,
|
||||
- /* 00000249 push cx */ 0x51,
|
||||
- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF,
|
||||
- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00,
|
||||
- /* 00000252 jz 0x256 */ 0x74, 0x02,
|
||||
- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5,
|
||||
- /* 00000256 push cs */ 0x0E,
|
||||
- /* 00000257 pop ds */ 0x1F,
|
||||
- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01,
|
||||
- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||
- /* 0000025E cld */ 0xFC,
|
||||
- /* 0000025F rep movsb */ 0xF3, 0xA4,
|
||||
- /* 00000261 pop cx */ 0x59,
|
||||
- /* 00000262 pop si */ 0x5E,
|
||||
- /* 00000263 pop ds */ 0x1F,
|
||||
- /* 00000264 pop di */ 0x5F,
|
||||
- /* 00000265 pop es */ 0x07,
|
||||
- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00,
|
||||
- /* 00000269 push dx */ 0x52,
|
||||
- /* 0000026A push ax */ 0x50,
|
||||
- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40,
|
||||
- /* 0000026F jz 0x273 */ 0x74, 0x02,
|
||||
- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8,
|
||||
- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03,
|
||||
- /* 00000276 mov al,0x20 */ 0xB0, 0x20,
|
||||
- /* 00000278 out dx,al */ 0xEE,
|
||||
- /* 00000279 push dx */ 0x52,
|
||||
- /* 0000027A push ax */ 0x50,
|
||||
- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||
- /* 00000281 out dx,ax */ 0xEF,
|
||||
- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
- /* 00000288 out dx,ax */ 0xEF,
|
||||
- /* 00000289 pop ax */ 0x58,
|
||||
- /* 0000028A pop dx */ 0x5A,
|
||||
- /* 0000028B push dx */ 0x52,
|
||||
- /* 0000028C push ax */ 0x50,
|
||||
- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00,
|
||||
- /* 00000293 out dx,ax */ 0xEF,
|
||||
- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
- /* 0000029A out dx,ax */ 0xEF,
|
||||
- /* 0000029B pop ax */ 0x58,
|
||||
- /* 0000029C pop dx */ 0x5A,
|
||||
- /* 0000029D push dx */ 0x52,
|
||||
- /* 0000029E push ax */ 0x50,
|
||||
- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00,
|
||||
- /* 000002A5 out dx,ax */ 0xEF,
|
||||
- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
- /* 000002AC out dx,ax */ 0xEF,
|
||||
- /* 000002AD pop ax */ 0x58,
|
||||
- /* 000002AE pop dx */ 0x5A,
|
||||
- /* 000002AF push dx */ 0x52,
|
||||
- /* 000002B0 push ax */ 0x50,
|
||||
- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00,
|
||||
- /* 000002B7 out dx,ax */ 0xEF,
|
||||
- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
- /* 000002BE out dx,ax */ 0xEF,
|
||||
- /* 000002BF pop ax */ 0x58,
|
||||
- /* 000002C0 pop dx */ 0x5A,
|
||||
- /* 000002C1 push dx */ 0x52,
|
||||
- /* 000002C2 push ax */ 0x50,
|
||||
- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00,
|
||||
- /* 000002C9 out dx,ax */ 0xEF,
|
||||
- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00,
|
||||
- /* 000002D0 out dx,ax */ 0xEF,
|
||||
- /* 000002D1 pop ax */ 0x58,
|
||||
- /* 000002D2 pop dx */ 0x5A,
|
||||
- /* 000002D3 push dx */ 0x52,
|
||||
- /* 000002D4 push ax */ 0x50,
|
||||
- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00,
|
||||
- /* 000002DB out dx,ax */ 0xEF,
|
||||
- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||
- /* 000002E2 out dx,ax */ 0xEF,
|
||||
- /* 000002E3 pop ax */ 0x58,
|
||||
- /* 000002E4 pop dx */ 0x5A,
|
||||
- /* 000002E5 push dx */ 0x52,
|
||||
- /* 000002E6 push ax */ 0x50,
|
||||
- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00,
|
||||
- /* 000002ED out dx,ax */ 0xEF,
|
||||
- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||
- /* 000002F4 out dx,ax */ 0xEF,
|
||||
- /* 000002F5 pop ax */ 0x58,
|
||||
- /* 000002F6 pop dx */ 0x5A,
|
||||
- /* 000002F7 push dx */ 0x52,
|
||||
- /* 000002F8 push ax */ 0x50,
|
||||
- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00,
|
||||
- /* 000002FF out dx,ax */ 0xEF,
|
||||
- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||
- /* 00000306 out dx,ax */ 0xEF,
|
||||
- /* 00000307 pop ax */ 0x58,
|
||||
- /* 00000308 pop dx */ 0x5A,
|
||||
- /* 00000309 push dx */ 0x52,
|
||||
- /* 0000030A push ax */ 0x50,
|
||||
- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00,
|
||||
- /* 00000311 out dx,ax */ 0xEF,
|
||||
- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||
- /* 00000318 out dx,ax */ 0xEF,
|
||||
- /* 00000319 pop ax */ 0x58,
|
||||
- /* 0000031A pop dx */ 0x5A,
|
||||
- /* 0000031B push dx */ 0x52,
|
||||
- /* 0000031C push ax */ 0x50,
|
||||
- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||
- /* 00000323 out dx,ax */ 0xEF,
|
||||
- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00,
|
||||
- /* 0000032A out dx,ax */ 0xEF,
|
||||
- /* 0000032B pop ax */ 0x58,
|
||||
- /* 0000032C pop dx */ 0x5A,
|
||||
- /* 0000032D pop ax */ 0x58,
|
||||
- /* 0000032E pop dx */ 0x5A,
|
||||
- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B,
|
||||
- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40,
|
||||
- /* 00000334 jmp short 0x34c */ 0xEB, 0x16,
|
||||
- /* 00000336 jmp short 0x350 */ 0xEB, 0x18,
|
||||
- /* 00000338 jmp short 0x350 */ 0xEB, 0x16,
|
||||
- /* 0000033A cmp al,0x3 */ 0x3C, 0x03,
|
||||
- /* 0000033C jz 0x345 */ 0x74, 0x07,
|
||||
- /* 0000033E cmp al,0x12 */ 0x3C, 0x12,
|
||||
- /* 00000340 jz 0x349 */ 0x74, 0x07,
|
||||
- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE,
|
||||
- /* 00000345 mov al,0x30 */ 0xB0, 0x30,
|
||||
- /* 00000347 jmp short 0x34b */ 0xEB, 0x02,
|
||||
- /* 00000349 mov al,0x20 */ 0xB0, 0x20,
|
||||
- /* 0000034B iretw */ 0xCF,
|
||||
- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00,
|
||||
- /* 0000034F iretw */ 0xCF,
|
||||
- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01,
|
||||
- /* 00000353 iretw */ 0xCF,
|
||||
+ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01,
|
||||
+ /* 0000022B push si */ 0x56,
|
||||
+ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03,
|
||||
+ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01,
|
||||
+ /* 00000232 pop si */ 0x5E,
|
||||
+ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE,
|
||||
+ /* 00000235 push es */ 0x06,
|
||||
+ /* 00000236 push di */ 0x57,
|
||||
+ /* 00000237 push ds */ 0x1E,
|
||||
+ /* 00000238 push si */ 0x56,
|
||||
+ /* 00000239 push cx */ 0x51,
|
||||
+ /* 0000023A push si */ 0x56,
|
||||
+ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03,
|
||||
+ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01,
|
||||
+ /* 00000241 pop si */ 0x5E,
|
||||
+ /* 00000242 push cs */ 0x0E,
|
||||
+ /* 00000243 pop ds */ 0x1F,
|
||||
+ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00,
|
||||
+ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||
+ /* 0000024A cld */ 0xFC,
|
||||
+ /* 0000024B rep movsb */ 0xF3, 0xA4,
|
||||
+ /* 0000024D pop cx */ 0x59,
|
||||
+ /* 0000024E pop si */ 0x5E,
|
||||
+ /* 0000024F pop ds */ 0x1F,
|
||||
+ /* 00000250 pop di */ 0x5F,
|
||||
+ /* 00000251 pop es */ 0x07,
|
||||
+ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01,
|
||||
+ /* 00000255 push es */ 0x06,
|
||||
+ /* 00000256 push di */ 0x57,
|
||||
+ /* 00000257 push ds */ 0x1E,
|
||||
+ /* 00000258 push si */ 0x56,
|
||||
+ /* 00000259 push cx */ 0x51,
|
||||
+ /* 0000025A push si */ 0x56,
|
||||
+ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04,
|
||||
+ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01,
|
||||
+ /* 00000261 pop si */ 0x5E,
|
||||
+ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF,
|
||||
+ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00,
|
||||
+ /* 0000026A jz 0x276 */ 0x74, 0x0A,
|
||||
+ /* 0000026C push si */ 0x56,
|
||||
+ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||
+ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01,
|
||||
+ /* 00000273 pop si */ 0x5E,
|
||||
+ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD,
|
||||
+ /* 00000276 push cs */ 0x0E,
|
||||
+ /* 00000277 pop ds */ 0x1F,
|
||||
+ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01,
|
||||
+ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01,
|
||||
+ /* 0000027E cld */ 0xFC,
|
||||
+ /* 0000027F rep movsb */ 0xF3, 0xA4,
|
||||
+ /* 00000281 pop cx */ 0x59,
|
||||
+ /* 00000282 pop si */ 0x5E,
|
||||
+ /* 00000283 pop ds */ 0x1F,
|
||||
+ /* 00000284 pop di */ 0x5F,
|
||||
+ /* 00000285 pop es */ 0x07,
|
||||
+ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01,
|
||||
+ /* 00000289 push dx */ 0x52,
|
||||
+ /* 0000028A push ax */ 0x50,
|
||||
+ /* 0000028B push si */ 0x56,
|
||||
+ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04,
|
||||
+ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01,
|
||||
+ /* 00000292 pop si */ 0x5E,
|
||||
+ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40,
|
||||
+ /* 00000297 jz 0x2a3 */ 0x74, 0x0A,
|
||||
+ /* 00000299 push si */ 0x56,
|
||||
+ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||
+ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01,
|
||||
+ /* 000002A0 pop si */ 0x5E,
|
||||
+ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90,
|
||||
+ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03,
|
||||
+ /* 000002A6 mov al,0x20 */ 0xB0, 0x20,
|
||||
+ /* 000002A8 out dx,al */ 0xEE,
|
||||
+ /* 000002A9 push dx */ 0x52,
|
||||
+ /* 000002AA push ax */ 0x50,
|
||||
+ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||
+ /* 000002B1 out dx,ax */ 0xEF,
|
||||
+ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
+ /* 000002B8 out dx,ax */ 0xEF,
|
||||
+ /* 000002B9 pop ax */ 0x58,
|
||||
+ /* 000002BA pop dx */ 0x5A,
|
||||
+ /* 000002BB push dx */ 0x52,
|
||||
+ /* 000002BC push ax */ 0x50,
|
||||
+ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00,
|
||||
+ /* 000002C3 out dx,ax */ 0xEF,
|
||||
+ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
+ /* 000002CA out dx,ax */ 0xEF,
|
||||
+ /* 000002CB pop ax */ 0x58,
|
||||
+ /* 000002CC pop dx */ 0x5A,
|
||||
+ /* 000002CD push dx */ 0x52,
|
||||
+ /* 000002CE push ax */ 0x50,
|
||||
+ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00,
|
||||
+ /* 000002D5 out dx,ax */ 0xEF,
|
||||
+ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
+ /* 000002DC out dx,ax */ 0xEF,
|
||||
+ /* 000002DD pop ax */ 0x58,
|
||||
+ /* 000002DE pop dx */ 0x5A,
|
||||
+ /* 000002DF push dx */ 0x52,
|
||||
+ /* 000002E0 push ax */ 0x50,
|
||||
+ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00,
|
||||
+ /* 000002E7 out dx,ax */ 0xEF,
|
||||
+ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00,
|
||||
+ /* 000002EE out dx,ax */ 0xEF,
|
||||
+ /* 000002EF pop ax */ 0x58,
|
||||
+ /* 000002F0 pop dx */ 0x5A,
|
||||
+ /* 000002F1 push dx */ 0x52,
|
||||
+ /* 000002F2 push ax */ 0x50,
|
||||
+ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00,
|
||||
+ /* 000002F9 out dx,ax */ 0xEF,
|
||||
+ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00,
|
||||
+ /* 00000300 out dx,ax */ 0xEF,
|
||||
+ /* 00000301 pop ax */ 0x58,
|
||||
+ /* 00000302 pop dx */ 0x5A,
|
||||
+ /* 00000303 push dx */ 0x52,
|
||||
+ /* 00000304 push ax */ 0x50,
|
||||
+ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00,
|
||||
+ /* 0000030B out dx,ax */ 0xEF,
|
||||
+ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||
+ /* 00000312 out dx,ax */ 0xEF,
|
||||
+ /* 00000313 pop ax */ 0x58,
|
||||
+ /* 00000314 pop dx */ 0x5A,
|
||||
+ /* 00000315 push dx */ 0x52,
|
||||
+ /* 00000316 push ax */ 0x50,
|
||||
+ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00,
|
||||
+ /* 0000031D out dx,ax */ 0xEF,
|
||||
+ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04,
|
||||
+ /* 00000324 out dx,ax */ 0xEF,
|
||||
+ /* 00000325 pop ax */ 0x58,
|
||||
+ /* 00000326 pop dx */ 0x5A,
|
||||
+ /* 00000327 push dx */ 0x52,
|
||||
+ /* 00000328 push ax */ 0x50,
|
||||
+ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00,
|
||||
+ /* 0000032F out dx,ax */ 0xEF,
|
||||
+ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||
+ /* 00000336 out dx,ax */ 0xEF,
|
||||
+ /* 00000337 pop ax */ 0x58,
|
||||
+ /* 00000338 pop dx */ 0x5A,
|
||||
+ /* 00000339 push dx */ 0x52,
|
||||
+ /* 0000033A push ax */ 0x50,
|
||||
+ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00,
|
||||
+ /* 00000341 out dx,ax */ 0xEF,
|
||||
+ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03,
|
||||
+ /* 00000348 out dx,ax */ 0xEF,
|
||||
+ /* 00000349 pop ax */ 0x58,
|
||||
+ /* 0000034A pop dx */ 0x5A,
|
||||
+ /* 0000034B push dx */ 0x52,
|
||||
+ /* 0000034C push ax */ 0x50,
|
||||
+ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01,
|
||||
+ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00,
|
||||
+ /* 00000353 out dx,ax */ 0xEF,
|
||||
+ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01,
|
||||
+ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00,
|
||||
+ /* 0000035A out dx,ax */ 0xEF,
|
||||
+ /* 0000035B pop ax */ 0x58,
|
||||
+ /* 0000035C pop dx */ 0x5A,
|
||||
+ /* 0000035D pop ax */ 0x58,
|
||||
+ /* 0000035E pop dx */ 0x5A,
|
||||
+ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B,
|
||||
+ /* 00000361 push si */ 0x56,
|
||||
+ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04,
|
||||
+ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00,
|
||||
+ /* 00000368 pop si */ 0x5E,
|
||||
+ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40,
|
||||
+ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E,
|
||||
+ /* 0000036E push si */ 0x56,
|
||||
+ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04,
|
||||
+ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00,
|
||||
+ /* 00000375 pop si */ 0x5E,
|
||||
+ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40,
|
||||
+ /* 00000378 push si */ 0x56,
|
||||
+ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04,
|
||||
+ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00,
|
||||
+ /* 0000037F pop si */ 0x5E,
|
||||
+ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36,
|
||||
+ /* 00000382 push si */ 0x56,
|
||||
+ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04,
|
||||
+ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00,
|
||||
+ /* 00000389 pop si */ 0x5E,
|
||||
+ /* 0000038A cmp al,0x3 */ 0x3C, 0x03,
|
||||
+ /* 0000038C jz 0x39d */ 0x74, 0x0F,
|
||||
+ /* 0000038E cmp al,0x12 */ 0x3C, 0x12,
|
||||
+ /* 00000390 jz 0x3a1 */ 0x74, 0x0F,
|
||||
+ /* 00000392 push si */ 0x56,
|
||||
+ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04,
|
||||
+ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00,
|
||||
+ /* 00000399 pop si */ 0x5E,
|
||||
+ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE,
|
||||
+ /* 0000039D mov al,0x30 */ 0xB0, 0x30,
|
||||
+ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02,
|
||||
+ /* 000003A1 mov al,0x20 */ 0xB0, 0x20,
|
||||
+ /* 000003A3 push si */ 0x56,
|
||||
+ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03,
|
||||
+ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00,
|
||||
+ /* 000003AA pop si */ 0x5E,
|
||||
+ /* 000003AB iretw */ 0xCF,
|
||||
+ /* 000003AC push si */ 0x56,
|
||||
+ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03,
|
||||
+ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00,
|
||||
+ /* 000003B3 pop si */ 0x5E,
|
||||
+ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00,
|
||||
+ /* 000003B7 iretw */ 0xCF,
|
||||
+ /* 000003B8 push si */ 0x56,
|
||||
+ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03,
|
||||
+ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00,
|
||||
+ /* 000003BF pop si */ 0x5E,
|
||||
+ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01,
|
||||
+ /* 000003C3 iretw */ 0xCF,
|
||||
+ /* 000003C4 pushaw */ 0x60,
|
||||
+ /* 000003C5 push ds */ 0x1E,
|
||||
+ /* 000003C6 push cs */ 0x0E,
|
||||
+ /* 000003C7 pop ds */ 0x1F,
|
||||
+ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04,
|
||||
+ /* 000003CB lodsb */ 0xAC,
|
||||
+ /* 000003CC cmp al,0x0 */ 0x3C, 0x00,
|
||||
+ /* 000003CE jz 0x3d3 */ 0x74, 0x03,
|
||||
+ /* 000003D0 out dx,al */ 0xEE,
|
||||
+ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8,
|
||||
+ /* 000003D3 pop ds */ 0x1F,
|
||||
+ /* 000003D4 popaw */ 0x61,
|
||||
+ /* 000003D5 ret */ 0xC3,
|
||||
+ /* 000003D6 inc bp */ 0x45,
|
||||
+ /* 000003D7 js 0x442 */ 0x78, 0x69,
|
||||
+ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A,
|
||||
+ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E,
|
||||
+ /* 000003DE jnc 0x455 */ 0x73, 0x75,
|
||||
+ /* 000003E0 jo 0x452 */ 0x70, 0x70,
|
||||
+ /* 000003E2 outsw */ 0x6F,
|
||||
+ /* 000003E3 jc 0x459 */ 0x72, 0x74,
|
||||
+ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00,
|
||||
+ /* 000003E9 push bp */ 0x55,
|
||||
+ /* 000003EA outsb */ 0x6E,
|
||||
+ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77,
|
||||
+ /* 000003EF outsb */ 0x6E,
|
||||
+ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75,
|
||||
+ /* 000003F3 outsb */ 0x6E,
|
||||
+ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69,
|
||||
+ /* 000003F7 outsw */ 0x6F,
|
||||
+ /* 000003F8 outsb */ 0x6E,
|
||||
+ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00,
|
||||
+ /* 000003FB inc di */ 0x47,
|
||||
+ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49,
|
||||
+ /* 000003FF outsb */ 0x6E,
|
||||
+ /* 00000400 outsd */ 0x66, 0x6F,
|
||||
+ /* 00000402 or al,[bx+si] */ 0x0A, 0x00,
|
||||
+ /* 00000404 inc di */ 0x47,
|
||||
+ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D,
|
||||
+ /* 00000408 outsw */ 0x6F,
|
||||
+ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49,
|
||||
+ /* 0000040C outsb */ 0x6E,
|
||||
+ /* 0000040D outsd */ 0x66, 0x6F,
|
||||
+ /* 0000040F or al,[bx+si] */ 0x0A, 0x00,
|
||||
+ /* 00000411 inc di */ 0x47,
|
||||
+ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D,
|
||||
+ /* 00000415 outsw */ 0x6F,
|
||||
+ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||
+ /* 0000041A push bx */ 0x53,
|
||||
+ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D,
|
||||
+ /* 0000041E outsw */ 0x6F,
|
||||
+ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||
+ /* 00000423 push bx */ 0x53,
|
||||
+ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D,
|
||||
+ /* 00000427 outsw */ 0x6F,
|
||||
+ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C,
|
||||
+ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61,
|
||||
+ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A,
|
||||
+ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E,
|
||||
+ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E,
|
||||
+ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F,
|
||||
+ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00,
|
||||
+ /* 0000043F inc di */ 0x47,
|
||||
+ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50,
|
||||
+ /* 00000443 insw */ 0x6D,
|
||||
+ /* 00000444 inc bx */ 0x43,
|
||||
+ /* 00000445 popaw */ 0x61,
|
||||
+ /* 00000446 jo 0x4a9 */ 0x70, 0x61,
|
||||
+ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C,
|
||||
+ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73,
|
||||
+ /* 00000450 or al,[bx+si] */ 0x0A, 0x00,
|
||||
+ /* 00000452 push dx */ 0x52,
|
||||
+ /* 00000453 gs popaw */ 0x65, 0x61,
|
||||
+ /* 00000455 fs inc bp */ 0x64, 0x45,
|
||||
+ /* 00000457 fs */ 0x64,
|
||||
+ /* 00000458 db 0x69 */ 0x69,
|
||||
+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00,
|
||||
};
|
||||
#endif
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,8 +1,13 @@
|
||||
From a95cff0b9573bf23699551beb4786383f697ff1e Mon Sep 17 00:00:00 2001
|
||||
From ed975a4db7c55e49ab9de1a0919baafdce9661e3 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 20 Feb 2014 22:54:45 +0100
|
||||
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -54,6 +59,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
|
||||
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
|
||||
(cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5)
|
||||
(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e)
|
||||
---
|
||||
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
@ -72,5 +78,5 @@ index dffb20822d..0577c43c3d 100644
|
||||
//
|
||||
// VA_LIST can not initialize to NULL for all compiler, so we use this to
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
@ -1,8 +1,13 @@
|
||||
From 82b9edc5fef3a07227a45059bbe821af7b9abd69 Mon Sep 17 00:00:00 2001
|
||||
From 6901201d2cd1d943ebd41f3d65102f787540d3c4 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 18:40:35 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -101,6 +106,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
|
||||
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
|
||||
(cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18)
|
||||
(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69)
|
||||
---
|
||||
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 3 deletions(-)
|
||||
@ -158,5 +164,5 @@ index a98b690c8b..ded5513c74 100644
|
||||
// New modes can be added here.
|
||||
//
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,21 @@
|
||||
From bc2266f20de5db1636e09a07e4a72c8dbf505f5a Mon Sep 17 00:00:00 2001
|
||||
From 9485b38e5dbfd2e23ea6ad0585e773d7842a1903 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 22:40:01 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Resolve harmless conflict in "MdeModulePkg/MdeModulePkg.dec",
|
||||
originating from new upstream commits
|
||||
- 45bc28172fbf ("MdeModulePkg.dec: Change PCDs for status code.",
|
||||
2020-06-18),
|
||||
- 0785c619a58a ("MdeModulePkg/Bus/Pci/PciBusDxe: Support PCIe Resizable
|
||||
BAR Capability", 2021-01-04),
|
||||
- ef23012e5439 ("MdeModulePkg: Change default value of
|
||||
PcdPcieResizableBarSupport to FALSE", 2021-01-14).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -67,6 +79,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
|
||||
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
|
||||
(cherry picked from commit a11602f5e2ef930be5b693ddfd0c789a1bd4c60c)
|
||||
(cherry picked from commit bc2266f20de5db1636e09a07e4a72c8dbf505f5a)
|
||||
---
|
||||
MdeModulePkg/MdeModulePkg.dec | 4 +++
|
||||
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
|
||||
@ -74,12 +87,12 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
3 files changed, 36 insertions(+)
|
||||
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 031043ec28..3978a500e5 100644
|
||||
index ba2d0290e7..ff70d6e6eb 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -1998,6 +1998,10 @@
|
||||
# @Prompt TCG Platform Firmware Profile revision.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077
|
||||
@@ -2046,6 +2046,10 @@
|
||||
# @Prompt Enable PCIe Resizable BAR Capability support.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024
|
||||
|
||||
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
|
||||
+ # mode change.
|
||||
@ -164,5 +177,5 @@ index b2a8aeba85..eff6253465 100644
|
||||
# [Event]
|
||||
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,8 +1,21 @@
|
||||
From 51e0de961029af84b5bdbfddcc9762b1819d500f Mon Sep 17 00:00:00 2001
|
||||
From 1165bbcec94a97cf1d1509df8210feb2e1db00c5 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 15:59:06 +0200
|
||||
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
|
||||
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
|
||||
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
|
||||
|
||||
We've always patched all those DSC/FDF files in OvmfPkg down-stream that
|
||||
made sense at least in theory on QEMU. (For example, we've always
|
||||
patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never
|
||||
build or ship the pure IA32 firmware platform.) Follow suit with
|
||||
"AmdSevX64.dsc".
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -51,19 +64,33 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
|
||||
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
|
||||
(cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f)
|
||||
(cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f)
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 +
|
||||
OvmfPkg/PlatformPei/Platform.c | 1 +
|
||||
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
|
||||
5 files changed, 5 insertions(+)
|
||||
6 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 52bcae6cf6..0a8cb7fd3b 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -534,6 +534,7 @@
|
||||
[PcdsDynamicDefault]
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index f8317a4f5d..6ce8a46d4e 100644
|
||||
index d8f03caa30..e6df324c7c 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -574,6 +574,7 @@
|
||||
@@ -594,6 +594,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -72,10 +99,10 @@ index f8317a4f5d..6ce8a46d4e 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 55423d356c..89d414cda7 100644
|
||||
index 312577ebae..8104fe0218 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -580,6 +580,7 @@
|
||||
@@ -600,6 +600,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -84,10 +111,10 @@ index 55423d356c..89d414cda7 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 17aeeed96e..e567eb76e0 100644
|
||||
index d72a00e6b4..3c8b2649a8 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -578,6 +578,7 @@
|
||||
@@ -600,6 +600,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -108,10 +135,10 @@ index 96468701e3..14efbabe39 100644
|
||||
|
||||
InstallClearCacheCallback ();
|
||||
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
index ff397b3ee9..3a012a7fa4 100644
|
||||
index 6ef77ba7bb..22425d34c0 100644
|
||||
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
@@ -93,6 +93,7 @@
|
||||
@@ -97,6 +97,7 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
|
||||
@ -120,5 +147,5 @@ index ff397b3ee9..3a012a7fa4 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,8 +1,13 @@
|
||||
From a5f7a57bf390f1f340ff1d1f1884a73716817ef1 Mon Sep 17 00:00:00 2001
|
||||
From 3f9662c435278564640be672f0c4e17e535f1765 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sun, 26 Jul 2015 08:02:50 +0000
|
||||
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -80,6 +85,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
|
||||
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
|
||||
(cherry picked from commit 8338545260fbb423f796d5196faaaf8ff6e1ed99)
|
||||
(cherry picked from commit a5f7a57bf390f1f340ff1d1f1884a73716817ef1)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 7 +++-
|
||||
.../TerminalPcdProducerLib.c | 34 +++++++++++++++++++
|
||||
@ -89,10 +95,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 360094ab6a..3345987503 100644
|
||||
index 54d637163c..41a26c8d18 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -272,6 +272,8 @@
|
||||
@@ -280,6 +280,8 @@
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
|
||||
!endif
|
||||
|
||||
@ -101,7 +107,7 @@ index 360094ab6a..3345987503 100644
|
||||
[PcdsDynamicHii]
|
||||
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
|
||||
|
||||
@@ -374,7 +376,10 @@
|
||||
@@ -382,7 +384,10 @@
|
||||
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
|
||||
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
|
||||
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
|
||||
@ -193,5 +199,5 @@ index 0000000000..a51dbd1670
|
||||
+[Pcd]
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,27 @@
|
||||
From c2812d7189dee06c780f05a5880eb421c359a687 Mon Sep 17 00:00:00 2001
|
||||
From e9d9e73c317b256c0bdc6530b82a6a625d7d54db Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
||||
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- No manual / explicit code change is necessary, because the newly
|
||||
inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
|
||||
build-time macro (feature test flag), with default value FALSE -- from
|
||||
upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
|
||||
Package", 2020-12-14).
|
||||
|
||||
- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
|
||||
enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
|
||||
introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
|
||||
git-cherry-pick.
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by
|
||||
(RHBZ#1846481).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -42,14 +60,7 @@ Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
|
||||
Patchwork-id: 62119
|
||||
O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
|
||||
from the firmware image (RH only)
|
||||
Bugzilla: 1147592
|
||||
Acked-by: Andrew Jones <drjones@redhat.com>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
||||
binary from the firmware image.
|
||||
@ -92,6 +103,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
||||
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
||||
(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
|
||||
(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
||||
@ -99,16 +111,17 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
3 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index ec64551bcb..44178a0da7 100644
|
||||
index e3b1d74ce2..969524cf3b 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -288,11 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
@@ -293,12 +293,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
@ -117,16 +130,17 @@ index ec64551bcb..44178a0da7 100644
|
||||
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 2f02ac2d73..06259c43d2 100644
|
||||
index f7732382d4..36f078556f 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
@@ -294,12 +294,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
@ -135,16 +149,17 @@ index 2f02ac2d73..06259c43d2 100644
|
||||
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 2f02ac2d73..06259c43d2 100644
|
||||
index 137ed6bceb..a5900d8377 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
@@ -306,12 +306,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
@ -153,5 +168,5 @@ index 2f02ac2d73..06259c43d2 100644
|
||||
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,8 +1,13 @@
|
||||
From c75aea7a738ac7fb944c0695a4bfffc3985afaa9 Mon Sep 17 00:00:00 2001
|
||||
From 6d968342cbfa40a8192cee7c685e1c794e6053df Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:49:43 +0200
|
||||
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -60,15 +65,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
|
||||
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
|
||||
(cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc)
|
||||
(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9)
|
||||
---
|
||||
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
index 696d636aac..1553e1ae92 100644
|
||||
index 3a25ddcdc8..b2b58553c7 100644
|
||||
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
@@ -104,6 +104,13 @@
|
||||
@@ -121,6 +121,13 @@
|
||||
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
|
||||
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
|
||||
|
||||
@ -83,5 +89,5 @@ index 696d636aac..1553e1ae92 100644
|
||||
## PL031 RealTimeClock
|
||||
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,14 @@
|
||||
From 49fe5596cd79c94d903c4d506c563d642ccd69aa Mon Sep 17 00:00:00 2001
|
||||
From e46d1e3f4c9b301acfa15fa4089661947e8742a4 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:59:20 +0200
|
||||
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
|
||||
port (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -58,6 +63,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
|
||||
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
|
||||
(cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453)
|
||||
(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa)
|
||||
---
|
||||
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
|
||||
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
|
||||
@ -67,7 +73,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
5 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
index d379ad8b7a..ff1672f94d 100644
|
||||
index 859f1adf20..cf9e65bb7c 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
@@ -111,6 +111,11 @@ PrimaryMain (
|
||||
@ -83,7 +89,7 @@ index d379ad8b7a..ff1672f94d 100644
|
||||
|
||||
// Enable the GIC Distributor
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
index 1500d2bd51..5b0790beac 100644
|
||||
index 220f9b5680..158cc34c77 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
@@ -29,6 +29,11 @@ PrimaryMain (
|
||||
@ -99,7 +105,7 @@ index 1500d2bd51..5b0790beac 100644
|
||||
|
||||
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
index 7140c7f5b5..1d69a2b468 100644
|
||||
index 7b155a8a61..e9e283f9ec 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
@@ -15,6 +15,7 @@
|
||||
@ -135,5 +141,5 @@ index e9eb092d3a..c98dc82f0c 100644
|
||||
+
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,8 +1,13 @@
|
||||
From 72550e12ae469012a505bf5b98a6543a754028d3 Mon Sep 17 00:00:00 2001
|
||||
From b14a92fafb171ad4a47598076bd028e5cf33ac28 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 14:07:17 +0200
|
||||
Subject: ArmVirtPkg: set early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -55,15 +60,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
|
||||
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
|
||||
(cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b)
|
||||
(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 3345987503..57c5b3f898 100644
|
||||
index 41a26c8d18..971422411d 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -125,6 +125,7 @@
|
||||
@@ -132,6 +132,7 @@
|
||||
gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
|
||||
|
||||
[PcdsFixedAtBuild.common]
|
||||
@ -72,5 +78,5 @@ index 3345987503..57c5b3f898 100644
|
||||
gArmTokenSpaceGuid.PcdVFPEnabled|1
|
||||
!endif
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,8 +1,19 @@
|
||||
From 5ecc18badaabe774d9d0806b027ab63a30c6a2d7 Mon Sep 17 00:00:00 2001
|
||||
From 1771ff7479664c05884dab5a34d128cf8b01086f Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:45 +0100
|
||||
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
|
||||
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
|
||||
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
|
||||
(RHBZ#1846481).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -31,14 +42,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Message-id: <20171120235748.29669-5-pbonzini@redhat.com>
|
||||
Patchwork-id: 77760
|
||||
O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||
Bugzilla: 1488247
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
|
||||
debug messages, and code in OvmfPkg logs many messages on the
|
||||
@ -52,17 +56,32 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
|
||||
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
|
||||
(cherry picked from commit 3cb92f9ba18ac79911bd5258ff4f949cc617ae89)
|
||||
(cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 0a8cb7fd3b..6e8defe5c7 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -486,7 +486,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 6ce8a46d4e..765ffff312 100644
|
||||
index e6df324c7c..52cd87f698 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -516,7 +516,7 @@
|
||||
@@ -534,7 +534,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -72,10 +91,10 @@ index 6ce8a46d4e..765ffff312 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 89d414cda7..277297a964 100644
|
||||
index 8104fe0218..214195a594 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -520,7 +520,7 @@
|
||||
@@ -538,7 +538,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -85,10 +104,10 @@ index 89d414cda7..277297a964 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index e567eb76e0..5c1597fe3c 100644
|
||||
index 3c8b2649a8..02aad65b00 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -520,7 +520,7 @@
|
||||
@@ -540,7 +540,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -98,5 +117,5 @@ index e567eb76e0..5c1597fe3c 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,20 @@
|
||||
From 1355849ad97c1e4a5c430597a377165a5cc118f7 Mon Sep 17 00:00:00 2001
|
||||
From 4b2a35ab1d659068d47baaf1dd5b2918ba8a2573 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:46 +0100
|
||||
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||
QemuVideoDxe/QemuRamfbDxe (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
|
||||
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
|
||||
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
|
||||
(RHBZ#1846481).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -39,15 +50,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Message-id: <20171120235748.29669-6-pbonzini@redhat.com>
|
||||
Patchwork-id: 77761
|
||||
O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
|
||||
QemuVideoDxe (RH only)
|
||||
Bugzilla: 1488247
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
|
||||
MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
|
||||
@ -70,17 +73,40 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
|
||||
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
|
||||
(cherry picked from commit c8c3f893e7c3710afe45c46839e97954871536e4)
|
||||
(cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
|
||||
3 files changed, 24 insertions(+), 6 deletions(-)
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
|
||||
4 files changed, 32 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 6e8defe5c7..568ca369e6 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -747,8 +747,14 @@
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 765ffff312..f5c6cceb4f 100644
|
||||
index 52cd87f698..52fd057c90 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -811,9 +811,15 @@
|
||||
@@ -842,9 +842,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -99,10 +125,10 @@ index 765ffff312..f5c6cceb4f 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 277297a964..c1e52b0acd 100644
|
||||
index 214195a594..653849cc7a 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -825,9 +825,15 @@
|
||||
@@ -856,9 +856,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -121,10 +147,10 @@ index 277297a964..c1e52b0acd 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 5c1597fe3c..e65165b9f0 100644
|
||||
index 02aad65b00..5275f2502b 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -821,9 +821,15 @@
|
||||
@@ -854,9 +854,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -143,5 +169,5 @@ index 5c1597fe3c..e65165b9f0 100644
|
||||
|
||||
#
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,14 @@
|
||||
From e7f57f154439c1c18ea5030b01f8d7bc492698b2 Mon Sep 17 00:00:00 2001
|
||||
From 251653ccf48a973481bb8c90161cccde50c78ad5 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 27 Jan 2016 03:05:18 +0100
|
||||
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -49,16 +54,17 @@ Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit e5b8152bced2364a1ded0926dbba4d65e23e3f84)
|
||||
(cherry picked from commit e7f57f154439c1c18ea5030b01f8d7bc492698b2)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
|
||||
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 57c5b3f898..dda887b2ae 100644
|
||||
index 971422411d..d2a2fdac8e 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -494,7 +494,10 @@
|
||||
@@ -504,7 +504,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
@ -71,10 +77,10 @@ index 57c5b3f898..dda887b2ae 100644
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index d186263e18..711dd63e20 100644
|
||||
index f598ac6a85..7e50ce8b3b 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -427,7 +427,10 @@
|
||||
@@ -434,7 +434,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
@ -87,5 +93,5 @@ index d186263e18..711dd63e20 100644
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,14 @@
|
||||
From deb3451034326b75fd760aba47a5171493ff055e Mon Sep 17 00:00:00 2001
|
||||
From bacf42ebf768aebb8c2b36fb52d154daf19c0c74 Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 20:43:48 +0200
|
||||
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
|
||||
builds (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -35,6 +40,7 @@ Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit aa2b66b18a62d652bdbefae7b5732297294306ca)
|
||||
(cherry picked from commit deb3451034326b75fd760aba47a5171493ff055e)
|
||||
---
|
||||
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
|
||||
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
|
||||
@ -85,5 +91,5 @@ index e3890b8c20..6ffee5acb2 100644
|
||||
FrameBufferBltLib
|
||||
MemoryAllocationLib
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,20 @@
|
||||
From ed89844b47f46cfe911f1bf2bda40e537a908502 Mon Sep 17 00:00:00 2001
|
||||
From 41c61737a6ead56c36edabd1b2e685a04c2e81c6 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:47 +0100
|
||||
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
|
||||
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
|
||||
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
|
||||
(RHBZ#1846481).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -30,15 +41,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Message-id: <20171120235748.29669-7-pbonzini@redhat.com>
|
||||
Patchwork-id: 77759
|
||||
O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
|
||||
NvmExpressDxe (RH only)
|
||||
Bugzilla: 1488247
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Acked-by: Thomas Huth <thuth@redhat.com>
|
||||
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
|
||||
level.
|
||||
@ -51,17 +54,35 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
|
||||
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
|
||||
(cherry picked from commit b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6)
|
||||
(cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
|
||||
3 files changed, 12 insertions(+), 3 deletions(-)
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
|
||||
4 files changed, 16 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 568ca369e6..fb00b12f8c 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -741,7 +741,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index f5c6cceb4f..e8868136d8 100644
|
||||
index 52fd057c90..119267e3c8 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -804,7 +804,10 @@
|
||||
@@ -835,7 +835,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
@ -74,10 +95,10 @@ index f5c6cceb4f..e8868136d8 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index c1e52b0acd..d05275a324 100644
|
||||
index 653849cc7a..166c9f1fef 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -818,7 +818,10 @@
|
||||
@@ -849,7 +849,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
@ -90,10 +111,10 @@ index c1e52b0acd..d05275a324 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index e65165b9f0..cac4cecf18 100644
|
||||
index 5275f2502b..19d0944a72 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -814,7 +814,10 @@
|
||||
@@ -847,7 +847,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
@ -106,5 +127,5 @@ index e65165b9f0..cac4cecf18 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,9 +1,88 @@
|
||||
From 56c4bb81b311dfcee6a34c81d3e4feeda7f88995 Mon Sep 17 00:00:00 2001
|
||||
From 7e6817e96a15f9ce32f0c9cf6326bb682672724c Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
||||
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
||||
(RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
|
||||
|
||||
- Recreate the patch based on downstream commits:
|
||||
|
||||
- 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||||
in the INFs (RH)", 2020-06-05),
|
||||
- e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
|
||||
2020-11-23),
|
||||
- 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
|
||||
RHEL-8.4", 2020-11-23).
|
||||
|
||||
(1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
|
||||
consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
|
||||
("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
|
||||
|
||||
Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
|
||||
files, namely
|
||||
|
||||
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
|
||||
in the following commits only:
|
||||
|
||||
- be01087e0780 ("CryptoPkg/Library: Remove the redundant build
|
||||
option", 2020-08-12), which did not affect the source file list at
|
||||
all,
|
||||
|
||||
- b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
|
||||
entropy in rand_pool", 2020-09-18), which replaced some of the
|
||||
*edk2-specific* "rand_pool_noise" source files with an RngLib
|
||||
dependency.
|
||||
|
||||
This means that the list of required, actual OpenSSL source files
|
||||
has not changed in upstream edk2 since our downstream edk2 commit
|
||||
e81751a1c303.
|
||||
|
||||
(2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
|
||||
downstream edk2's OpenSSL dependency was satisfied with RHEL-8
|
||||
OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
|
||||
shipped in RHEL-8.3.0.z", 2020-10-23).
|
||||
|
||||
Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
|
||||
(fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
|
||||
2021-05-25), which is the current head of the rhel-8.5.0 branch.
|
||||
(See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
|
||||
|
||||
At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
|
||||
respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
|
||||
source tree, with "rpmbuild -bp". Subsequently I compared the
|
||||
prepped source trees recursively.
|
||||
|
||||
- The following files disappeared:
|
||||
|
||||
- 29 backup files created by "patch",
|
||||
|
||||
- the assembly generator perl script called
|
||||
"ecp_nistz256-avx2.pl", which is not used during the build.
|
||||
|
||||
- The following new files appeared:
|
||||
|
||||
- 18 files directly or indirectly under the "test" subdirectory,
|
||||
which are not used during the build,
|
||||
|
||||
- 5 backup files created by "patch",
|
||||
|
||||
- 2 DCL scripts used when building OpenSSL on OpenVMS.
|
||||
|
||||
This means that the total list of RHEL-8 OpenSSL source files has
|
||||
not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
|
||||
commit 3e3fe5e62079.
|
||||
|
||||
As a result, copy the "RHEL8-specific OpenSSL file list" sections
|
||||
verbatim from the INF files, at downstream commit e81751a1c303. (I used
|
||||
the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
@ -45,18 +124,19 @@ Note: "process_files.pl" is not re-run at this time manually, because
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
|
||||
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
|
||||
---
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index c8ec9454bd..24e790b538 100644
|
||||
index b00bb74ce6..71e32f26ea 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -570,6 +570,17 @@
|
||||
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||||
# Autogenerated files list ends here
|
||||
+# RHEL8-specific OpenSSL file list starts here
|
||||
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
@ -70,10 +150,10 @@ index c8ec9454bd..24e790b538 100644
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
buildinf.h
|
||||
rand_pool_noise.h
|
||||
ossl_store.c
|
||||
rand_pool.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index 2f232e3e12..52e70a2d03 100644
|
||||
index 3557711bd8..003dcbad7a 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -519,6 +519,17 @@
|
||||
@ -92,8 +172,8 @@ index 2f232e3e12..52e70a2d03 100644
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
buildinf.h
|
||||
rand_pool_noise.h
|
||||
ossl_store.c
|
||||
rand_pool.c
|
||||
--
|
||||
2.18.1
|
||||
2.27.0
|
||||
|
||||
|
@ -1,20 +1,17 @@
|
||||
From 9adcdf493ebbd11efb74e2905ab5f6c8996e096d Mon Sep 17 00:00:00 2001
|
||||
From 29be717a1ae0a2617a7ae95698940286201d1612 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 24 Jun 2020 11:31:36 +0200
|
||||
Subject: [PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no
|
||||
"-kernel" in silent aa64 build (RH)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in
|
||||
silent aa64 build (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by, From,
|
||||
RH-Acked-by, RH-Author (RHBZ#1846481).
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20200615080105.11859-2-lersek@redhat.com>
|
||||
Patchwork-id: 97532
|
||||
O-Subject: [RHEL-8.3.0 edk2 PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in silent aa64 build (RH)
|
||||
Bugzilla: 1844682
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
If the "-kernel" QEMU option is not used, then QemuKernelLoaderFsDxe
|
||||
should return EFI_NOT_FOUND, so that the DXE Core can unload it. However,
|
||||
@ -28,6 +25,7 @@ ExitBootServices().
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
(cherry picked from commit 9adcdf493ebbd11efb74e2905ab5f6c8996e096d)
|
||||
---
|
||||
.../QemuKernelLoaderFsDxe.c | 17 +++++++++++++++++
|
||||
.../QemuKernelLoaderFsDxe.inf | 1 +
|
@ -1,83 +0,0 @@
|
||||
From bf88198555ce964377a56176de8e5e9b45e43e25 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sat, 6 Jun 2020 01:16:09 +0200
|
||||
Subject: OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from
|
||||
LoadImage()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- new patch
|
||||
|
||||
- the patch is being upstreamed; it's not a backport because the rebase
|
||||
deadline is close
|
||||
|
||||
- upstream references:
|
||||
- https://bugzilla.tianocore.org/show_bug.cgi?id=2785
|
||||
- http://mid.mail-archive.com/20200605235242.32442-1-lersek@redhat.com
|
||||
- https://edk2.groups.io/g/devel/message/60825
|
||||
- https://www.redhat.com/archives/edk2-devel-archive/2020-June/msg00344.html
|
||||
|
||||
[downstream note ends, upstream commit message starts]
|
||||
|
||||
When an image fails Secure Boot validation, LoadImage() returns
|
||||
EFI_SECURITY_VIOLATION if the platform policy is
|
||||
DEFER_EXECUTE_ON_SECURITY_VIOLATION.
|
||||
|
||||
If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then
|
||||
LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain
|
||||
loaded).
|
||||
|
||||
(Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this
|
||||
difference would be masked, as DxeImageVerificationLib would incorrectly
|
||||
return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as
|
||||
well.)
|
||||
|
||||
In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon
|
||||
seeing EFI_ACCESS_DENIED too.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
.../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 14 ++++++++++----
|
||||
1 file changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
|
||||
index ef753be7ea..931553c0c1 100644
|
||||
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
|
||||
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
|
||||
@@ -320,15 +320,21 @@ QemuLoadKernelImage (
|
||||
|
||||
case EFI_SECURITY_VIOLATION:
|
||||
//
|
||||
- // We are running with UEFI secure boot enabled, and the image failed to
|
||||
- // authenticate. For compatibility reasons, we fall back to the legacy
|
||||
- // loader in this case. Since the image has been loaded, we need to unload
|
||||
- // it before proceeding
|
||||
+ // Since the image has been loaded, we need to unload it before proceeding
|
||||
+ // to the EFI_ACCESS_DENIED case below.
|
||||
//
|
||||
gBS->UnloadImage (KernelImageHandle);
|
||||
//
|
||||
// Fall through
|
||||
//
|
||||
+ case EFI_ACCESS_DENIED:
|
||||
+ //
|
||||
+ // We are running with UEFI secure boot enabled, and the image failed to
|
||||
+ // authenticate. For compatibility reasons, we fall back to the legacy
|
||||
+ // loader in this case.
|
||||
+ //
|
||||
+ // Fall through
|
||||
+ //
|
||||
case EFI_UNSUPPORTED:
|
||||
//
|
||||
// The image is not natively supported or cross-type supported. Let's try
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,184 +0,0 @@
|
||||
From 74e5313dfa6719f7990c7e175e035d17c9b3f657 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Fri, 5 Jun 2020 23:44:43 +0200
|
||||
Subject: Revert "OvmfPkg: use generic QEMU image loader for secure boot
|
||||
enabled builds"
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- new patch (to be dropped later, hopefully)
|
||||
|
||||
This reverts commit ced77332cab626f35fbdb36630be27303d289d79.
|
||||
|
||||
Upstream commit ced77332cab6 ("OvmfPkg: use generic QEMU image loader for
|
||||
secure boot enabled builds", 2020-03-05) changes the "Secure Boot threat
|
||||
model" in a way that is incompatible with at least two use cases.
|
||||
|
||||
Namely, OVMF has always considered kernel images direct-booted via fw_cfg
|
||||
as trusted, bypassing Secure Boot validation. While that approach is
|
||||
rooted in a technicality (namely, OVMF doesn't load such images with the
|
||||
LoadImage() UEFI boot service / through the UEFI stub, but with the
|
||||
Linux/x86 Boot Protocol), that doesn't mean it's wrong. The direct-booted
|
||||
kernel from fw_cfg comes from the host side, and Secure Boot in the guest
|
||||
is a barrier between the guest firmware and the guest operating system --
|
||||
it's not a barrier between host and guest.
|
||||
|
||||
Upstream commit ced77332cab6 points out that the above (historical) OVMF
|
||||
behavior differs from ArmVirtQemu's -- the latter direct-boots kernels
|
||||
from fw_cfg with the LoadImage() / StartImage() boot services. While that
|
||||
difference indeed exists between OVMF and ArmVirtQemu, it's not relevant
|
||||
for RHEL downstream. That's because we never build the ArmVirtQemu
|
||||
firmware with the Secure Boot feature, so LoadImage() can never reject the
|
||||
direct-booted kernel due to a signing issue.
|
||||
|
||||
Subjecting a kernel direct-booted via fw_cfg to Secure Boot verification
|
||||
breaks at least two use cases with OVMF:
|
||||
|
||||
- It breaks the %check stage in the SPEC file.
|
||||
|
||||
In that stage, we use the "ovmf-vars-generator" utility from the
|
||||
"qemu-ovmf-secureboot" project, for verifying whether the Secure Boot
|
||||
operational mode is enabled. The guest kernel is supposed to boot, and
|
||||
to print "Secure boot enabled".
|
||||
|
||||
As guest kernel, we pick whatever host kernel is available in the Brew
|
||||
build root. The kernel in question may be a publicly released RHEL
|
||||
kernel, signed with "Red Hat Secure Boot (signing key 1)", or a
|
||||
development build, signed for example with "Red Hat Secure Boot Signing
|
||||
3 (beta)". Either way, none of these keys are accepted by the
|
||||
certificates that were enrolled by "ovmf-vars-generator" /
|
||||
"EnrollDefaultKeys.efi" in the %build stage. Therefore, the %check stage
|
||||
fails.
|
||||
|
||||
- It breaks "virt-install --location NETWORK-URL" Linux guest
|
||||
installations, if the variable store template used for the new domain
|
||||
has the Secure Boot operational mode enabled. "virt-install --location"
|
||||
fetches the kernel from the remote OS tree, and passes it to the guest
|
||||
firmware via fw_cfg. Therefore the above symptom appears (even for
|
||||
publicly released OSes).
|
||||
|
||||
Importantly, if the user downloads the installer ISO of the publicly
|
||||
released Fedora / RHEL OS, and exposes the ISO to the guest for example
|
||||
as a virtio-scsi CD-ROM, then the installation with "virt-install"
|
||||
(without "--location") does succeed. That's because that way, "shim" is
|
||||
booted first, from the UEFI-bootable CD-ROM. "Shim" does pass Secure
|
||||
Boot verification against the Microsoft certificates, and then it is
|
||||
"shim" that accepts the "Red Hat Secure Boot (signing key 1)" signature
|
||||
on the guest kernel.
|
||||
|
||||
Some ways to approach this problem (without reverting upstream commit
|
||||
ced77332cab6):
|
||||
|
||||
- Equip "ovmf-vars-generator" / "EnrollDefaultKeys.efi" to enroll the
|
||||
public half of "Red Hat Secure Boot (signing key 1)" in the %build
|
||||
stage. Use a publicly released RHEL kernel in the %check stage.
|
||||
|
||||
Downsides:
|
||||
|
||||
- The Brew build root does not offer any particular released RHEL
|
||||
kernel, so either the %check stage would have to download it, or the
|
||||
SRPM would have to bundle it. However, Brew build environments do not
|
||||
have unfettered network access (rightly so), so the download wouldn't
|
||||
work. Furthermore, for bundling with the SRPM, such a kernel image
|
||||
could be considered too large.
|
||||
|
||||
- Does not solve the "virt-install --location" issue for other vendors'
|
||||
signed kernels.
|
||||
|
||||
- Invoke "ovmf-vars-generator" / "EnrollDefaultKeys.efi" multiple times
|
||||
during %build, to create multiple varstore templates. One that would
|
||||
accept publicly released RHEL kernels, and another to accept development
|
||||
kernels. Don't try to use a particular guest kernel for verification;
|
||||
instead, check what kernel Brew offers in the build environment, and use
|
||||
the varstore template matching *that* kernel.
|
||||
|
||||
Downsides:
|
||||
|
||||
- It may be considered useless to perform %check with a varstore
|
||||
template that is *not* the one that we ship.
|
||||
|
||||
- Does not solve the "virt-install --location" issue for other vendors'
|
||||
signed kernels.
|
||||
|
||||
- Sign the RHEL kernels such that the currently enrolled certificates
|
||||
accept them.
|
||||
|
||||
Downsides:
|
||||
|
||||
- Not feasible at all; it would require Microsoft to sign our kernels.
|
||||
"Shim" exists exactly to eliminate such signing requirements.
|
||||
|
||||
- Modify "virt-install --location NETWORK-URL" such that it download a
|
||||
complete (UEFI-bootable) installer ISO image, rather than broken-out
|
||||
vmlinuz / initrd files. In other words, replace direct (fw_cfg) kernel
|
||||
boot with a CD-ROM / "shim" boot, internally to "virt-install".
|
||||
|
||||
Downsides:
|
||||
|
||||
- Defeats the goal of "virt-install --location NETWORK-URL", and defeats
|
||||
the network installation method of (for example) Anaconda.
|
||||
|
||||
For now, revert upstream commit ced77332cab6, in order to return to the
|
||||
model we had used in RHEL-8.2 and before. The following ticket has been
|
||||
filed to investigate the problem separately:
|
||||
<https://bugzilla.redhat.com/show_bug.cgi?id=1844653>.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgX64.dsc | 4 ----
|
||||
3 files changed, 12 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index e8868136d8..5b1e757cb9 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -379,11 +379,7 @@
|
||||
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
|
||||
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
||||
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
||||
-!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
|
||||
-!else
|
||||
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
||||
-!endif
|
||||
!if $(TPM_ENABLE) == TRUE
|
||||
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
||||
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index d05275a324..5dffc32105 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -383,11 +383,7 @@
|
||||
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
|
||||
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
||||
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
||||
-!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
|
||||
-!else
|
||||
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
||||
-!endif
|
||||
!if $(TPM_ENABLE) == TRUE
|
||||
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
||||
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index cac4cecf18..a2a76fdeea 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -383,11 +383,7 @@
|
||||
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
|
||||
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
|
||||
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
|
||||
-!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
|
||||
-!else
|
||||
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
|
||||
-!endif
|
||||
!if $(TPM_ENABLE) == TRUE
|
||||
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
|
||||
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,20 +1,17 @@
|
||||
From cbce29f7749477e271f9764fed82de94724af5df Mon Sep 17 00:00:00 2001
|
||||
From dc27035d2a8ca09dc5b0113c97a643341f286c08 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 24 Jun 2020 11:40:09 +0200
|
||||
Subject: [PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
|
||||
aa64 build (RH)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build
|
||||
(RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by, From,
|
||||
RH-Acked-by, RH-Author (RHBZ#1846481).
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20200615080105.11859-4-lersek@redhat.com>
|
||||
Patchwork-id: 97534
|
||||
O-Subject: [RHEL-8.3.0 edk2 PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build (RH)
|
||||
Bugzilla: 1844682
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
If swtpm / vTPM2 is not being used, Tcg2Dxe should return EFI_UNSUPPORTED,
|
||||
so that the DXE Core can unload it. However, the associated error message,
|
||||
@ -27,13 +24,14 @@ guest RAM still gets freed after ExitBootServices().
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
(cherry picked from commit cbce29f7749477e271f9764fed82de94724af5df)
|
||||
---
|
||||
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 +++++++++++++++++
|
||||
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
|
||||
2 files changed, 18 insertions(+)
|
||||
|
||||
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
index 9a5f987e68..da2153cb25 100644
|
||||
index 6d17616c1c..f1a97d4b2d 100644
|
||||
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
@@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
@ -68,7 +66,7 @@ index 9a5f987e68..da2153cb25 100644
|
||||
}
|
||||
|
||||
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
index 576cf80d06..851471afb7 100644
|
||||
index 7dc7a2683d..3bc8833931 100644
|
||||
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
@@ -55,6 +55,7 @@
|
@ -1,386 +0,0 @@
|
||||
From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001
|
||||
From: Guomin Jiang <guomin.jiang@intel.com>
|
||||
Date: Fri, 10 Jul 2020 09:47:31 +0800
|
||||
Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g
|
||||
RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2)
|
||||
RH-Bugzilla: 1893806
|
||||
|
||||
--v-- RHEL8 notes --v--
|
||||
|
||||
- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream
|
||||
edk2's OpenSSL submodule reference, has been stripped from this
|
||||
backport. (Refer to downstream commit c5d729df70f8 ("remove upstream
|
||||
edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The
|
||||
corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent
|
||||
patch in this series.
|
||||
|
||||
This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept
|
||||
separate for easing the next rebase, even at the cost of introducing a
|
||||
brief interval in the git history where the downstream exploded tree
|
||||
does not build.
|
||||
|
||||
- Contextual difference in "OpensslLib.inf" due to downstream commit
|
||||
56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||||
in the INFs (RH)", 2020-06-05); automatically resolved by
|
||||
git-cherry-pick.
|
||||
|
||||
--^-- RHEL8 notes --^--
|
||||
|
||||
Upgrade openssl to 1.1.1g. the directory have been reorganized,
|
||||
openssl moved crypto/include/internal to include/crypto folder.
|
||||
So we change directory to match the re-organization.
|
||||
|
||||
The dso_conf.h and opensslconf.h will generated in UNIX format,
|
||||
change process_files.pl to covent the EOL automatically.
|
||||
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Tested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
CryptoPkg/CryptoPkg.dec | 1 -
|
||||
.../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +-
|
||||
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +-
|
||||
.../Include/{internal => crypto}/dso_conf.h | 32 +++++-----
|
||||
.../Library/Include/openssl/opensslconf.h | 3 -
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++----------
|
||||
.../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++--------
|
||||
CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
|
||||
CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +-
|
||||
9 files changed, 90 insertions(+), 87 deletions(-)
|
||||
rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
|
||||
|
||||
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
|
||||
index 4d1a1368a8..5888941bab 100644
|
||||
--- a/CryptoPkg/CryptoPkg.dec
|
||||
+++ b/CryptoPkg/CryptoPkg.dec
|
||||
@@ -23,7 +23,6 @@
|
||||
Private
|
||||
Library/Include
|
||||
Library/OpensslLib/openssl/include
|
||||
- Library/OpensslLib/openssl/crypto/include
|
||||
|
||||
[LibraryClasses]
|
||||
## @libraryclass Provides basic library functions for cryptographic primitives.
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
index eacf4826c4..235331c2a0 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
-#include "internal/sm3.h"
|
||||
+#include "crypto/sm3.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
index 229c244b26..c9fdb65b99 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
@@ -15,13 +15,13 @@
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/bio.h>
|
||||
-#include <internal/x509_int.h>
|
||||
+#include <crypto/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/evp.h>
|
||||
-#include <internal/asn1_int.h>
|
||||
+#include <crypto/asn1.h>
|
||||
|
||||
/**
|
||||
This function will return the leaf signer certificate in a chain. This is
|
||||
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
similarity index 76%
|
||||
rename from CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
index 43c891588b..95f4db2b15 100644
|
||||
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
@@ -1,16 +1,16 @@
|
||||
-/* WARNING: do not edit! */
|
||||
-/* Generated from crypto/include/internal/dso_conf.h.in */
|
||||
-/*
|
||||
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
- *
|
||||
- * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
- * this file except in compliance with the License. You can obtain a copy
|
||||
- * in the file LICENSE in the source distribution or at
|
||||
- * https://www.openssl.org/source/license.html
|
||||
- */
|
||||
-
|
||||
-#ifndef HEADER_DSO_CONF_H
|
||||
-# define HEADER_DSO_CONF_H
|
||||
-# define DSO_NONE
|
||||
-# define DSO_EXTENSION ".so"
|
||||
-#endif
|
||||
+/* WARNING: do not edit! */
|
||||
+/* Generated from include/crypto/dso_conf.h.in */
|
||||
+/*
|
||||
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef OSSL_CRYPTO_DSO_CONF_H
|
||||
+# define OSSL_CRYPTO_DSO_CONF_H
|
||||
+# define DSO_NONE
|
||||
+# define DSO_EXTENSION ".so"
|
||||
+#endif
|
||||
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
index 62c2736cb0..3a2544ea5c 100644
|
||||
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
@@ -247,9 +247,6 @@ extern "C" {
|
||||
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
||||
# define OPENSSL_NO_DYNAMIC_ENGINE
|
||||
#endif
|
||||
-#ifndef OPENSSL_NO_AFALGENG
|
||||
-# define OPENSSL_NO_AFALGENG
|
||||
-#endif
|
||||
|
||||
|
||||
/*
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index 24e790b538..4c21b11d0a 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -477,45 +477,45 @@
|
||||
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
$(OPENSSL_PATH)/ssl/bio_ssl.c
|
||||
@@ -562,13 +562,13 @@
|
||||
$(OPENSSL_PATH)/ssl/t1_trce.c
|
||||
$(OPENSSL_PATH)/ssl/tls13_enc.c
|
||||
$(OPENSSL_PATH)/ssl/tls_srp.c
|
||||
- $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/packet_local.h
|
||||
$(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||
- $(OPENSSL_PATH)/ssl/ssl_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/ssl_local.h
|
||||
$(OPENSSL_PATH)/ssl/record/record.h
|
||||
- $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/record/record_local.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||
- $(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||||
# Autogenerated files list ends here
|
||||
# RHEL8-specific OpenSSL file list starts here
|
||||
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index 52e70a2d03..0c3b210d6a 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -477,45 +477,45 @@
|
||||
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
# Autogenerated files list ends here
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
index 65d07a2aed..57ce195394 100755
|
||||
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
@@ -111,8 +111,8 @@ BEGIN {
|
||||
# Generate dso_conf.h per config data
|
||||
system(
|
||||
"perl -I. -Mconfigdata util/dofile.pl " .
|
||||
- "crypto/include/internal/dso_conf.h.in " .
|
||||
- "> include/internal/dso_conf.h"
|
||||
+ "include/crypto/dso_conf.h.in " .
|
||||
+ "> include/crypto/dso_conf.h"
|
||||
) == 0 ||
|
||||
die "Failed to generate dso_conf.h!\n";
|
||||
|
||||
@@ -263,14 +263,21 @@ print "Done!";
|
||||
# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
|
||||
#
|
||||
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||
- $OPENSSL_PATH . "/../../Include/openssl/") ||
|
||||
- die "Cannot copy opensslconf.h!";
|
||||
+system(
|
||||
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||
+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
|
||||
+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
|
||||
+ ) == 0 ||
|
||||
+ die "Cannot copy opensslconf.h!";
|
||||
print "Done!";
|
||||
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
|
||||
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
|
||||
- $OPENSSL_PATH . "/../../Include/internal/") ||
|
||||
- die "Cannot copy dso_conf.h!";
|
||||
+
|
||||
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
|
||||
+system(
|
||||
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||
+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
|
||||
+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
|
||||
+ ) == 0 ||
|
||||
+ die "Cannot copy dso_conf.h!";
|
||||
print "Done!\n";
|
||||
|
||||
print "\nProcessing Files Done!\n";
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
index 9f3983f7c3..9e0179b034 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
-#include "internal/rand_int.h"
|
||||
+#include "crypto/rand.h"
|
||||
#include <openssl/aes.h>
|
||||
|
||||
#include <Uefi.h>
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,73 @@
|
||||
From 9596c779a27b4ae2261aadd91b8dac8ed7546f38 Mon Sep 17 00:00:00 2001
|
||||
From: Neal Gompa <ngompa@fedoraproject.org>
|
||||
Date: Mon, 5 Jul 2021 05:36:03 -0400
|
||||
Subject: [PATCH] MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI
|
||||
spec
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 6: MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [1/1] 1fef74489947c81e26e5afb7c933c80beb641751
|
||||
RH-Bugzilla: 1988762
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Per UEFI Spec 2.8 (UEFI_Spec_2_8_final.pdf, page 114)
|
||||
5.2.3 Protective MBR
|
||||
Table 20. Protective MBR Partition Record protecting the entire disk
|
||||
|
||||
The description for BootIndicator states the following:
|
||||
|
||||
> Set to 0x00 to indicate a non-bootable partition. If set to any
|
||||
> value other than 0x00 the behavior of this flag on non-UEFI
|
||||
> systems is undefined. Must be ignored by UEFI implementations.
|
||||
|
||||
Unfortunately, we have been incorrectly assuming that the
|
||||
BootIndicator value must be 0x00, which leads to problems
|
||||
when the 'pmbr_boot' flag is set on a disk containing a GPT
|
||||
(such as with GNU parted). When the flag is set, the value
|
||||
changes to 0x01, causing this check to fail and the system
|
||||
is rendered unbootable despite it being valid from the
|
||||
perspective of the UEFI spec.
|
||||
|
||||
To resolve this, we drop the check for the BootIndicator
|
||||
so that we stop caring about the value set there, which
|
||||
restores the capability to boot such disks.
|
||||
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3474
|
||||
|
||||
Cc: Chris Murphy <chrismurphy@fedoraproject.org>
|
||||
Cc: David Duncan <davdunc@amazon.com>
|
||||
Cc: Lazlo Ersek <lersek@redhat.com>
|
||||
Cc: Hao A Wu <hao.a.wu@intel.com>
|
||||
Cc: Ray Ni <ray.ni@intel.com>
|
||||
Cc: Zhichao Gao <zhichao.gao@intel.com>
|
||||
|
||||
Signed-off-by: Neal Gompa <ngompa@fedoraproject.org>
|
||||
Message-Id: <20210705093603.575707-1-ngompa@fedoraproject.org>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Hao A Wu <hao.a.wu@intel.com>
|
||||
(cherry picked from commit b3db0cb1f8d163f22b769c205c6347376a315dcd)
|
||||
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
---
|
||||
MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 3 +--
|
||||
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
|
||||
index aefb2d6ecb..efaff5e080 100644
|
||||
--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
|
||||
+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c
|
||||
@@ -264,8 +264,7 @@ PartitionInstallGptChildHandles (
|
||||
// Verify that the Protective MBR is valid
|
||||
//
|
||||
for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) {
|
||||
- if (ProtectiveMbr->Partition[Index].BootIndicator == 0x00 &&
|
||||
- ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION &&
|
||||
+ if (ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION &&
|
||||
UNPACK_UINT32 (ProtectiveMbr->Partition[Index].StartingLBA) == 1
|
||||
) {
|
||||
break;
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,95 @@
|
||||
From 1e6a8c43241febbec56ffc2141c55d8de34e13e6 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:55 +0200
|
||||
Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always
|
||||
succeeds
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [6/10] 2f697819ce0731f99f95f29a3b30c777b754db37
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
IScsiBinToHex() is called for encoding:
|
||||
|
||||
- the answer to the target's challenge; that is, CHAP_R;
|
||||
|
||||
- the challenge for the target, in case mutual authentication is enabled;
|
||||
that is, CHAP_C.
|
||||
|
||||
The initiator controls the size of both blobs, the sizes of their hex
|
||||
encodings are correctly calculated in "RspLen" and "ChallengeLen".
|
||||
Therefore the IScsiBinToHex() calls never fail; assert that.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Message-Id: <20210608121259.32451-7-lersek@redhat.com>
|
||||
(cherry picked from commit d90fff40cb2502b627370a77f5608c8a178c3f78)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------
|
||||
1 file changed, 15 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
index 9e192ce292..dbe3c8ef46 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
@@ -391,6 +391,7 @@ IScsiCHAPToSendReq (
|
||||
UINT32 RspLen;
|
||||
CHAR8 *Challenge;
|
||||
UINT32 ChallengeLen;
|
||||
+ EFI_STATUS BinToHexStatus;
|
||||
|
||||
ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION);
|
||||
|
||||
@@ -471,12 +472,13 @@ IScsiCHAPToSendReq (
|
||||
//
|
||||
// CHAP_R=<R>
|
||||
//
|
||||
- IScsiBinToHex (
|
||||
- (UINT8 *) AuthData->CHAPResponse,
|
||||
- ISCSI_CHAP_RSP_LEN,
|
||||
- Response,
|
||||
- &RspLen
|
||||
- );
|
||||
+ BinToHexStatus = IScsiBinToHex (
|
||||
+ (UINT8 *) AuthData->CHAPResponse,
|
||||
+ ISCSI_CHAP_RSP_LEN,
|
||||
+ Response,
|
||||
+ &RspLen
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (BinToHexStatus);
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response);
|
||||
|
||||
if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) {
|
||||
@@ -490,12 +492,13 @@ IScsiCHAPToSendReq (
|
||||
// CHAP_C=<C>
|
||||
//
|
||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
||||
- IScsiBinToHex (
|
||||
- (UINT8 *) AuthData->OutChallenge,
|
||||
- ISCSI_CHAP_RSP_LEN,
|
||||
- Challenge,
|
||||
- &ChallengeLen
|
||||
- );
|
||||
+ BinToHexStatus = IScsiBinToHex (
|
||||
+ (UINT8 *) AuthData->OutChallenge,
|
||||
+ ISCSI_CHAP_RSP_LEN,
|
||||
+ Challenge,
|
||||
+ &ChallengeLen
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (BinToHexStatus);
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge);
|
||||
|
||||
Conn->AuthStep = ISCSI_CHAP_STEP_FOUR;
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,91 @@
|
||||
From 5171f67062e606a4e606780ff5a5787bde7198eb Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:59 +0200
|
||||
Subject: [PATCH 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return
|
||||
values
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [10/10] 1c65763fef57cfd9b1bd55779ec6eba4e086e100
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
IScsiDxe (that is, the initiator) receives two hex-encoded strings from
|
||||
the iSCSI target:
|
||||
|
||||
- CHAP_C, where the target challenges the initiator,
|
||||
|
||||
- CHAP_R, where the target answers the challenge from the initiator (in
|
||||
case the initiator wants mutual authentication).
|
||||
|
||||
Accordingly, we have two IScsiHexToBin() call sites:
|
||||
|
||||
- At the CHAP_C decoding site, check whether the decoding succeeds. The
|
||||
decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes,
|
||||
which is a permissible restriction on the target, per
|
||||
<https://tools.ietf.org/html/rfc7143#section-12.1.3>. Shorter challenges
|
||||
from the target are acceptable.
|
||||
|
||||
- At the CHAP_R decoding site, enforce that the decoding both succeed, and
|
||||
provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest
|
||||
calculated by the target, therefore it must be of fixed size. We may
|
||||
only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Message-Id: <20210608121259.32451-11-lersek@redhat.com>
|
||||
(cherry picked from commit b8649cf2a3e673a4a8cb6c255e394b354b771550)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.c | 20 ++++++++++++++------
|
||||
1 file changed, 14 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
index dbe3c8ef46..7e930c0d1e 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
@@ -290,11 +290,15 @@ IScsiCHAPOnRspReceived (
|
||||
|
||||
AuthData->InIdentifier = (UINT32) Result;
|
||||
AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge);
|
||||
- IScsiHexToBin (
|
||||
- (UINT8 *) AuthData->InChallenge,
|
||||
- &AuthData->InChallengeLength,
|
||||
- Challenge
|
||||
- );
|
||||
+ Status = IScsiHexToBin (
|
||||
+ (UINT8 *) AuthData->InChallenge,
|
||||
+ &AuthData->InChallengeLength,
|
||||
+ Challenge
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ Status = EFI_PROTOCOL_ERROR;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
Status = IScsiCHAPCalculateResponse (
|
||||
AuthData->InIdentifier,
|
||||
AuthData->AuthConfig->CHAPSecret,
|
||||
@@ -337,7 +341,11 @@ IScsiCHAPOnRspReceived (
|
||||
}
|
||||
|
||||
RspLen = ISCSI_CHAP_RSP_LEN;
|
||||
- IScsiHexToBin (TargetRsp, &RspLen, Response);
|
||||
+ Status = IScsiHexToBin (TargetRsp, &RspLen, Response);
|
||||
+ if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) {
|
||||
+ Status = EFI_PROTOCOL_ERROR;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
|
||||
//
|
||||
// Check the CHAP Name and Response replied by Target.
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,102 @@
|
||||
From fca7e61fa3ba21cbf6e89d75b23fea03af5d517e Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:52 +0200
|
||||
Subject: [PATCH 03/10] NetworkPkg/IScsiDxe: clean up
|
||||
"ISCSI_CHAP_AUTH_DATA.OutChallengeLength"
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [3/10] cc7118399f64979f2d81fe9fc381ed22c3815f9e
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array
|
||||
with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge
|
||||
is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used
|
||||
in the array.
|
||||
|
||||
Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused)
|
||||
ISCSI_CHAP_AUTH_MAX_LEN macro.
|
||||
|
||||
Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is
|
||||
superfluous too.
|
||||
|
||||
Most importantly, explain in a new comment *why* tying the challenge size
|
||||
to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also
|
||||
Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge
|
||||
length to the hash digest size", 2019-11-06.) For sure, the motivation
|
||||
that the new comment now explains has always been there, and has always
|
||||
been the same, for IScsiDxe; it's just that now we spell it out too.
|
||||
|
||||
No change in peer-visible behavior.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Message-Id: <20210608121259.32451-4-lersek@redhat.com>
|
||||
(cherry picked from commit 95616b866187b00355042953efa5c198df07250f)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.c | 3 +--
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.h | 9 ++++++---
|
||||
2 files changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
index df3c2eb120..9e192ce292 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
@@ -122,7 +122,7 @@ IScsiCHAPAuthTarget (
|
||||
AuthData->AuthConfig->ReverseCHAPSecret,
|
||||
SecretSize,
|
||||
AuthData->OutChallenge,
|
||||
- AuthData->OutChallengeLength,
|
||||
+ ISCSI_CHAP_RSP_LEN, // ChallengeLength
|
||||
VerifyRsp
|
||||
);
|
||||
|
||||
@@ -490,7 +490,6 @@ IScsiCHAPToSendReq (
|
||||
// CHAP_C=<C>
|
||||
//
|
||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
||||
- AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN;
|
||||
IScsiBinToHex (
|
||||
(UINT8 *) AuthData->OutChallenge,
|
||||
ISCSI_CHAP_RSP_LEN,
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
index 1fc1d96ea3..35d5d6ec29 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
@@ -19,7 +19,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#define ISCSI_CHAP_ALGORITHM_MD5 5
|
||||
|
||||
-#define ISCSI_CHAP_AUTH_MAX_LEN 1024
|
||||
///
|
||||
/// MD5_HASHSIZE
|
||||
///
|
||||
@@ -59,9 +58,13 @@ typedef struct _ISCSI_CHAP_AUTH_DATA {
|
||||
//
|
||||
// Auth-data to be sent out for mutual authentication.
|
||||
//
|
||||
+ // While the challenge size is technically independent of the hashing
|
||||
+ // algorithm, it is good practice to avoid hashing *fewer bytes* than the
|
||||
+ // digest size. In other words, it's good practice to feed *at least as many
|
||||
+ // bytes* to the hashing algorithm as the hashing algorithm will output.
|
||||
+ //
|
||||
UINT32 OutIdentifier;
|
||||
- UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN];
|
||||
- UINT32 OutChallengeLength;
|
||||
+ UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN];
|
||||
} ISCSI_CHAP_AUTH_DATA;
|
||||
|
||||
/**
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,101 @@
|
||||
From 176366aba5680537ee8249e9b3b182677d95feb8 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:53 +0200
|
||||
Subject: [PATCH 04/10] NetworkPkg/IScsiDxe: clean up library class
|
||||
dependencies
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [4/10] 77ab82d2308848613325317c267bf5954d2c7a7c
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
Sort the library class dependencies in the #include directives and in the
|
||||
INF file. Remove the DpcLib class from the #include directives -- it is
|
||||
not listed in the INF file, and IScsiDxe doesn't call either DpcLib API
|
||||
(QueueDpc(), DispatchDpc()). No functional changes.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Message-Id: <20210608121259.32451-5-lersek@redhat.com>
|
||||
(cherry picked from commit e8f28b09e63dfdbb4169969a43c65f86c44b035a)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiDxe.inf | 6 +++---
|
||||
NetworkPkg/IScsiDxe/IScsiImpl.h | 17 ++++++++---------
|
||||
2 files changed, 11 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
index 0ffb340ce0..543c408302 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
@@ -65,6 +65,7 @@
|
||||
NetworkPkg/NetworkPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
+ BaseCryptLib
|
||||
BaseLib
|
||||
BaseMemoryLib
|
||||
DebugLib
|
||||
@@ -72,14 +73,13 @@
|
||||
HiiLib
|
||||
MemoryAllocationLib
|
||||
NetLib
|
||||
- TcpIoLib
|
||||
PrintLib
|
||||
+ TcpIoLib
|
||||
UefiBootServicesTableLib
|
||||
UefiDriverEntryPoint
|
||||
+ UefiHiiServicesLib
|
||||
UefiLib
|
||||
UefiRuntimeServicesTableLib
|
||||
- UefiHiiServicesLib
|
||||
- BaseCryptLib
|
||||
|
||||
[Protocols]
|
||||
gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## SystemTable
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
index 387ab9765e..d895c7feb9 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
@@ -35,21 +35,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Protocol/AdapterInformation.h>
|
||||
#include <Protocol/NetworkInterfaceIdentifier.h>
|
||||
|
||||
-#include <Library/HiiLib.h>
|
||||
-#include <Library/UefiHiiServicesLib.h>
|
||||
-#include <Library/DevicePathLib.h>
|
||||
-#include <Library/DebugLib.h>
|
||||
+#include <Library/BaseCryptLib.h>
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
+#include <Library/DebugLib.h>
|
||||
+#include <Library/DevicePathLib.h>
|
||||
+#include <Library/HiiLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
+#include <Library/NetLib.h>
|
||||
#include <Library/PrintLib.h>
|
||||
+#include <Library/TcpIoLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
-#include <Library/UefiRuntimeServicesTableLib.h>
|
||||
+#include <Library/UefiHiiServicesLib.h>
|
||||
#include <Library/UefiLib.h>
|
||||
-#include <Library/DpcLib.h>
|
||||
-#include <Library/NetLib.h>
|
||||
-#include <Library/TcpIoLib.h>
|
||||
-#include <Library/BaseCryptLib.h>
|
||||
+#include <Library/UefiRuntimeServicesTableLib.h>
|
||||
|
||||
#include <Guid/MdeModuleHii.h>
|
||||
#include <Guid/EventGroup.h>
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,113 @@
|
||||
From f423b7078d291b84952464aca6930a9d772319b0 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:58 +0200
|
||||
Subject: [PATCH 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer
|
||||
overflow
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [9/10] acf102203198d575a12e5257c12b8e43ccdfc589
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return
|
||||
condition, but never actually checks whether the decoded buffer fits into
|
||||
the caller-provided room (i.e., the input value of "BinLength"), and
|
||||
EFI_BUFFER_TOO_SMALL is never returned. The decoding of "HexStr" can
|
||||
overflow "BinBuffer".
|
||||
|
||||
This is remotely exploitable, as shown in a subsequent patch, which adds
|
||||
error checking to the IScsiHexToBin() call sites. This issue allows the
|
||||
target to compromise the initiator.
|
||||
|
||||
Introduce EFI_BAD_BUFFER_SIZE, in addition to the existent
|
||||
EFI_BUFFER_TOO_SMALL, for reporting a special case of the buffer overflow,
|
||||
plus actually catch the buffer overflow.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-Id: <20210608121259.32451-10-lersek@redhat.com>
|
||||
(cherry picked from commit 54e90edaed0d7c15230902ac4d74f4304bad2ebd)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.c | 20 +++++++++++++++++---
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.h | 3 +++
|
||||
2 files changed, 20 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
index f0f4992b07..4069547867 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
@@ -377,6 +377,9 @@ IScsiBinToHex (
|
||||
@retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
binary encoded buffer.
|
||||
@retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr.
|
||||
+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding:
|
||||
+ the decoded size cannot be expressed in
|
||||
+ BinLength on output.
|
||||
@retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
converted data.
|
||||
**/
|
||||
@@ -387,6 +390,8 @@ IScsiHexToBin (
|
||||
IN CHAR8 *HexStr
|
||||
)
|
||||
{
|
||||
+ UINTN BinLengthMin;
|
||||
+ UINT32 BinLengthProvided;
|
||||
UINTN Index;
|
||||
UINTN Length;
|
||||
UINT8 Digit;
|
||||
@@ -409,6 +414,18 @@ IScsiHexToBin (
|
||||
if (Length == 0 || Length % 2 != 0) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
+ //
|
||||
+ // Check if the caller provides enough room for the decoded blob.
|
||||
+ //
|
||||
+ BinLengthMin = Length / 2;
|
||||
+ if (BinLengthMin > MAX_UINT32) {
|
||||
+ return EFI_BAD_BUFFER_SIZE;
|
||||
+ }
|
||||
+ BinLengthProvided = *BinLength;
|
||||
+ *BinLength = (UINT32)BinLengthMin;
|
||||
+ if (BinLengthProvided < BinLengthMin) {
|
||||
+ return EFI_BUFFER_TOO_SMALL;
|
||||
+ }
|
||||
|
||||
for (Index = 0; Index < Length; Index ++) {
|
||||
TemStr[0] = HexStr[Index];
|
||||
@@ -425,9 +442,6 @@ IScsiHexToBin (
|
||||
BinBuffer [Index/2] = (UINT8) ((BinBuffer [Index/2] << 4) + Digit);
|
||||
}
|
||||
}
|
||||
-
|
||||
- *BinLength = (UINT32) ((Index + 1)/2);
|
||||
-
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
index 404a482e57..fddef4f466 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
@@ -172,6 +172,9 @@ IScsiBinToHex (
|
||||
@retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
binary encoded buffer.
|
||||
@retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr.
|
||||
+ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding:
|
||||
+ the decoded size cannot be expressed in
|
||||
+ BinLength on output.
|
||||
@retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
converted data.
|
||||
**/
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,104 @@
|
||||
From 2f0e51dcfea6d9101c4694636a948eb4b6e6d4d4 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:57 +0200
|
||||
Subject: [PATCH 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [8/10] febb96c07dbd0e4a191e855742cb47fc6e39dfba
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
The IScsiHexToBin() function has the following parser issues:
|
||||
|
||||
(1) If the *subject sequence* in "HexStr" is empty, the function returns
|
||||
EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should
|
||||
be rejected.
|
||||
|
||||
(2) The function mis-handles a "HexStr" that ends with a stray nibble. For
|
||||
example, if "HexStr" is "0xABC", the function decodes it to the bytes
|
||||
{0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns
|
||||
EFI_SUCCESS. Such inputs should be rejected.
|
||||
|
||||
(3) If an invalid hex char is found in "HexStr", the function treats it as
|
||||
end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be
|
||||
rejected.
|
||||
|
||||
All of the above cases are remotely triggerable, as shown in a subsequent
|
||||
patch, which adds error checking to the IScsiHexToBin() call sites. While
|
||||
the initiator is not immediately compromised, incorrectly parsing CHAP_R
|
||||
from the target, in case of mutual authentication, is not great.
|
||||
|
||||
Extend the interface contract of IScsiHexToBin() with
|
||||
EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement
|
||||
the new checks.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-Id: <20210608121259.32451-9-lersek@redhat.com>
|
||||
(cherry picked from commit 47b76780b487dbfde4efb6843b16064c4a97e94d)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.c | 12 ++++++++++--
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.h | 1 +
|
||||
2 files changed, 11 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
index 014700e87a..f0f4992b07 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
@@ -376,6 +376,7 @@ IScsiBinToHex (
|
||||
|
||||
@retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
binary encoded buffer.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr.
|
||||
@retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
converted data.
|
||||
**/
|
||||
@@ -402,14 +403,21 @@ IScsiHexToBin (
|
||||
|
||||
Length = AsciiStrLen (HexStr);
|
||||
|
||||
+ //
|
||||
+ // Reject an empty hex string; reject a stray nibble.
|
||||
+ //
|
||||
+ if (Length == 0 || Length % 2 != 0) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
for (Index = 0; Index < Length; Index ++) {
|
||||
TemStr[0] = HexStr[Index];
|
||||
Digit = (UINT8) AsciiStrHexToUint64 (TemStr);
|
||||
if (Digit == 0 && TemStr[0] != '0') {
|
||||
//
|
||||
- // Invalid Lun Char.
|
||||
+ // Invalid Hex Char.
|
||||
//
|
||||
- break;
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
if ((Index & 1) == 0) {
|
||||
BinBuffer [Index/2] = Digit;
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
index 28cf408cd5..404a482e57 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
@@ -171,6 +171,7 @@ IScsiBinToHex (
|
||||
|
||||
@retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
binary encoded buffer.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr.
|
||||
@retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
converted data.
|
||||
**/
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,154 @@
|
||||
From 4171bd515a2dcfec59513d3a83adce7ed2903d50 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:54 +0200
|
||||
Subject: [PATCH 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in
|
||||
IScsiBinToHex()
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [5/10] f52aaaa03b15280eb4a821eeb378d8051ea5ec2a
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
Considering IScsiBinToHex():
|
||||
|
||||
> if (((*HexLength) - 3) < BinLength * 2) {
|
||||
> *HexLength = BinLength * 2 + 3;
|
||||
> }
|
||||
|
||||
the following subexpressions are problematic:
|
||||
|
||||
(*HexLength) - 3
|
||||
BinLength * 2
|
||||
BinLength * 2 + 3
|
||||
|
||||
The first one may wrap under zero, the latter two may wrap over
|
||||
MAX_UINT32.
|
||||
|
||||
Rewrite the calculation using SafeIntLib.
|
||||
|
||||
While at it, change the type of the "Index" variable from UINTN to UINT32.
|
||||
The largest "Index"-based value that we calculate is
|
||||
|
||||
Index * 2 + 2 (with (Index == BinLength))
|
||||
|
||||
Because the patch makes
|
||||
|
||||
BinLength * 2 + 3
|
||||
|
||||
safe to calculate in UINT32, using UINT32 for
|
||||
|
||||
Index * 2 + 2 (with (Index == BinLength))
|
||||
|
||||
is safe too. Consistently using UINT32 improves readability.
|
||||
|
||||
This patch is best reviewed with "git show -W".
|
||||
|
||||
The integer overflows that this patch fixes are theoretical; a subsequent
|
||||
patch in the series will audit the IScsiBinToHex() call sites, and show
|
||||
that none of them can fail.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Message-Id: <20210608121259.32451-6-lersek@redhat.com>
|
||||
(cherry picked from commit cf01b2dc8fc3ff9cf49fb891af5703dc03e3193e)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiDxe.inf | 1 +
|
||||
NetworkPkg/IScsiDxe/IScsiImpl.h | 1 +
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.c | 19 +++++++++++++++----
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.h | 1 +
|
||||
4 files changed, 18 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
index 543c408302..1dde56d00c 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf
|
||||
@@ -74,6 +74,7 @@
|
||||
MemoryAllocationLib
|
||||
NetLib
|
||||
PrintLib
|
||||
+ SafeIntLib
|
||||
TcpIoLib
|
||||
UefiBootServicesTableLib
|
||||
UefiDriverEntryPoint
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
index d895c7feb9..ac3a25730e 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiImpl.h
|
||||
@@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/NetLib.h>
|
||||
#include <Library/PrintLib.h>
|
||||
+#include <Library/SafeIntLib.h>
|
||||
#include <Library/TcpIoLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Library/UefiHiiServicesLib.h>
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
index b8fef3ff6f..42988e15cb 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
@@ -316,6 +316,7 @@ IScsiMacAddrToStr (
|
||||
@retval EFI_SUCCESS The binary data is converted to the hexadecimal string
|
||||
and the length of the string is updated.
|
||||
@retval EFI_BUFFER_TOO_SMALL The string is too small.
|
||||
+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding.
|
||||
@retval EFI_INVALID_PARAMETER The IP string is malformatted.
|
||||
|
||||
**/
|
||||
@@ -327,18 +328,28 @@ IScsiBinToHex (
|
||||
IN OUT UINT32 *HexLength
|
||||
)
|
||||
{
|
||||
- UINTN Index;
|
||||
+ UINT32 HexLengthMin;
|
||||
+ UINT32 HexLengthProvided;
|
||||
+ UINT32 Index;
|
||||
|
||||
if ((HexStr == NULL) || (BinBuffer == NULL) || (BinLength == 0)) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
- if (((*HexLength) - 3) < BinLength * 2) {
|
||||
- *HexLength = BinLength * 2 + 3;
|
||||
+ //
|
||||
+ // Safely calculate: HexLengthMin := BinLength * 2 + 3.
|
||||
+ //
|
||||
+ if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) ||
|
||||
+ RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) {
|
||||
+ return EFI_BAD_BUFFER_SIZE;
|
||||
+ }
|
||||
+
|
||||
+ HexLengthProvided = *HexLength;
|
||||
+ *HexLength = HexLengthMin;
|
||||
+ if (HexLengthProvided < HexLengthMin) {
|
||||
return EFI_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
- *HexLength = BinLength * 2 + 3;
|
||||
//
|
||||
// Prefix for Hex String.
|
||||
//
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
index 46c725aab3..231413993b 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
@@ -150,6 +150,7 @@ IScsiAsciiStrToIp (
|
||||
@retval EFI_SUCCESS The binary data is converted to the hexadecimal string
|
||||
and the length of the string is updated.
|
||||
@retval EFI_BUFFER_TOO_SMALL The string is too small.
|
||||
+ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding.
|
||||
@retval EFI_INVALID_PARAMETER The IP string is malformatted.
|
||||
|
||||
**/
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,93 @@
|
||||
From 172b2928c24c0ab955127afcdc9e3a52b3913ba5 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:56 +0200
|
||||
Subject: [PATCH 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading
|
||||
comment block
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [7/10] 4f867fa4ad8f7305961b83224107c1452a7d44ed
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
We'll need further return values for IScsiHexToBin() in a subsequent
|
||||
patch; make room for them in the leading comment block of the function.
|
||||
While at it, rewrap the comment block to 80 characters width.
|
||||
|
||||
No functional changes.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Reviewed-by: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Message-Id: <20210608121259.32451-8-lersek@redhat.com>
|
||||
(cherry picked from commit dc469f137110fe79704b8b92c552972c739bb915)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.c | 16 ++++++++--------
|
||||
NetworkPkg/IScsiDxe/IScsiMisc.h | 16 ++++++++--------
|
||||
2 files changed, 16 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
index 42988e15cb..014700e87a 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.c
|
||||
@@ -370,14 +370,14 @@ IScsiBinToHex (
|
||||
/**
|
||||
Convert the hexadecimal string into a binary encoded buffer.
|
||||
|
||||
- @param[in, out] BinBuffer The binary buffer.
|
||||
- @param[in, out] BinLength Length of the binary buffer.
|
||||
- @param[in] HexStr The hexadecimal string.
|
||||
-
|
||||
- @retval EFI_SUCCESS The hexadecimal string is converted into a binary
|
||||
- encoded buffer.
|
||||
- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data.
|
||||
-
|
||||
+ @param[in, out] BinBuffer The binary buffer.
|
||||
+ @param[in, out] BinLength Length of the binary buffer.
|
||||
+ @param[in] HexStr The hexadecimal string.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
+ binary encoded buffer.
|
||||
+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
+ converted data.
|
||||
**/
|
||||
EFI_STATUS
|
||||
IScsiHexToBin (
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
index 231413993b..28cf408cd5 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiMisc.h
|
||||
@@ -165,14 +165,14 @@ IScsiBinToHex (
|
||||
/**
|
||||
Convert the hexadecimal string into a binary encoded buffer.
|
||||
|
||||
- @param[in, out] BinBuffer The binary buffer.
|
||||
- @param[in, out] BinLength Length of the binary buffer.
|
||||
- @param[in] HexStr The hexadecimal string.
|
||||
-
|
||||
- @retval EFI_SUCCESS The hexadecimal string is converted into a binary
|
||||
- encoded buffer.
|
||||
- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data.
|
||||
-
|
||||
+ @param[in, out] BinBuffer The binary buffer.
|
||||
+ @param[in, out] BinLength Length of the binary buffer.
|
||||
+ @param[in] HexStr The hexadecimal string.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The hexadecimal string is converted into a
|
||||
+ binary encoded buffer.
|
||||
+ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the
|
||||
+ converted data.
|
||||
**/
|
||||
EFI_STATUS
|
||||
IScsiHexToBin (
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,71 @@
|
||||
From 0dac937f2845a1bc4943a0cfed3392d35afba733 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:51 +0200
|
||||
Subject: [PATCH 02/10] NetworkPkg/IScsiDxe: simplify
|
||||
"ISCSI_CHAP_AUTH_DATA.InChallenge" size
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [2/10] 8b57211651e13185a636daa5369993054bd7334b
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024.
|
||||
|
||||
The usage of this macro currently involves a semantic (not functional)
|
||||
bug, which we're going to fix in a subsequent patch, eliminating
|
||||
ISCSI_CHAP_AUTH_MAX_LEN altogether.
|
||||
|
||||
For now, remove the macro's usage from all
|
||||
"ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without
|
||||
duplicating open-coded constants.
|
||||
|
||||
No changes in functionality.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Message-Id: <20210608121259.32451-3-lersek@redhat.com>
|
||||
(cherry picked from commit 29cab43bb7912a12efa5a78dac15394aee866e4c)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +-
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
index cbbc56ae5b..df3c2eb120 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
@@ -289,7 +289,7 @@ IScsiCHAPOnRspReceived (
|
||||
}
|
||||
|
||||
AuthData->InIdentifier = (UINT32) Result;
|
||||
- AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN;
|
||||
+ AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge);
|
||||
IScsiHexToBin (
|
||||
(UINT8 *) AuthData->InChallenge,
|
||||
&AuthData->InChallengeLength,
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
index 5e59fb678b..1fc1d96ea3 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
@@ -49,7 +49,7 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA {
|
||||
typedef struct _ISCSI_CHAP_AUTH_DATA {
|
||||
ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig;
|
||||
UINT32 InIdentifier;
|
||||
- UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN];
|
||||
+ UINT8 InChallenge[1024];
|
||||
UINT32 InChallengeLength;
|
||||
//
|
||||
// Calculated CHAP Response (CHAP_R) value.
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,251 @@
|
||||
From 28e260828557340709ef14e8132e96b54128c5a3 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 8 Jun 2021 14:12:50 +0200
|
||||
Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80
|
||||
characters
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase]
|
||||
RH-Commit: [1/10] 7ae9c45fbc0ffd807a95fad802619cd838257cc8
|
||||
RH-Bugzilla: 1956408
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
Working with overlong lines is difficult for me; rewrap the CHAP-related
|
||||
source files in IScsiDxe to 80 characters width. No functional changes.
|
||||
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Cc: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Cc: Siyuan Fu <siyuan.fu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
|
||||
Reviewed-by: Philippe Mathieu-Daud <philmd@redhat.com>
|
||||
Message-Id: <20210608121259.32451-2-lersek@redhat.com>
|
||||
(cherry picked from commit 83761337ec91fbd459c55d7d956fcc25df3bfa50)
|
||||
---
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++--------
|
||||
NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +-
|
||||
2 files changed, 71 insertions(+), 22 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
index 355c6f129f..cbbc56ae5b 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c
|
||||
@@ -1,5 +1,6 @@
|
||||
/** @file
|
||||
- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration.
|
||||
+ This file is for Challenge-Handshake Authentication Protocol (CHAP)
|
||||
+ Configuration.
|
||||
|
||||
Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
@@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
@param[in] ChallengeLength The length of iSCSI CHAP challenge message.
|
||||
@param[out] ChapResponse The calculation of the expected hash value.
|
||||
|
||||
- @retval EFI_SUCCESS The expected hash value was calculatedly successfully.
|
||||
- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the
|
||||
- length of the hash value for the hashing algorithm chosen.
|
||||
+ @retval EFI_SUCCESS The expected hash value was calculatedly
|
||||
+ successfully.
|
||||
+ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least
|
||||
+ the length of the hash value for the hashing
|
||||
+ algorithm chosen.
|
||||
@retval EFI_PROTOCOL_ERROR MD5 hash operation fail.
|
||||
@retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5.
|
||||
|
||||
@@ -94,8 +97,10 @@ Exit:
|
||||
@param[in] AuthData iSCSI CHAP authentication data.
|
||||
@param[in] TargetResponse The response from target.
|
||||
|
||||
- @retval EFI_SUCCESS The response from target passed authentication.
|
||||
- @retval EFI_SECURITY_VIOLATION The response from target was not expected value.
|
||||
+ @retval EFI_SUCCESS The response from target passed
|
||||
+ authentication.
|
||||
+ @retval EFI_SECURITY_VIOLATION The response from target was not expected
|
||||
+ value.
|
||||
@retval Others Other errors as indicated.
|
||||
|
||||
**/
|
||||
@@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived (
|
||||
//
|
||||
// The first Login Response.
|
||||
//
|
||||
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG);
|
||||
+ Value = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG
|
||||
+ );
|
||||
if (Value == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
@@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived (
|
||||
|
||||
Session->TargetPortalGroupTag = (UINT16) Result;
|
||||
|
||||
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD);
|
||||
+ Value = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_AUTH_METHOD
|
||||
+ );
|
||||
if (Value == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
//
|
||||
- // Initiator mandates CHAP authentication but target replies without "CHAP", or
|
||||
- // initiator suggets "None" but target replies with some kind of auth method.
|
||||
+ // Initiator mandates CHAP authentication but target replies without
|
||||
+ // "CHAP", or initiator suggets "None" but target replies with some kind of
|
||||
+ // auth method.
|
||||
//
|
||||
if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) {
|
||||
if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) {
|
||||
@@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived (
|
||||
//
|
||||
// The Target replies with CHAP_A=<A> CHAP_I=<I> CHAP_C=<C>
|
||||
//
|
||||
- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM);
|
||||
+ Value = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_CHAP_ALGORITHM
|
||||
+ );
|
||||
if (Value == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
@@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived (
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER);
|
||||
+ Identifier = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_CHAP_IDENTIFIER
|
||||
+ );
|
||||
if (Identifier == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE);
|
||||
+ Challenge = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_CHAP_CHALLENGE
|
||||
+ );
|
||||
if (Challenge == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
@@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived (
|
||||
|
||||
AuthData->InIdentifier = (UINT32) Result;
|
||||
AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN;
|
||||
- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge);
|
||||
+ IScsiHexToBin (
|
||||
+ (UINT8 *) AuthData->InChallenge,
|
||||
+ &AuthData->InChallengeLength,
|
||||
+ Challenge
|
||||
+ );
|
||||
Status = IScsiCHAPCalculateResponse (
|
||||
AuthData->InIdentifier,
|
||||
AuthData->AuthConfig->CHAPSecret,
|
||||
@@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived (
|
||||
goto ON_EXIT;
|
||||
}
|
||||
|
||||
- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE);
|
||||
+ Response = IScsiGetValueByKeyFromList (
|
||||
+ KeyValueList,
|
||||
+ ISCSI_KEY_CHAP_RESPONSE
|
||||
+ );
|
||||
if (Response == NULL) {
|
||||
goto ON_EXIT;
|
||||
}
|
||||
@@ -341,7 +369,8 @@ ON_EXIT:
|
||||
@param[in, out] Pdu The PDU to send out.
|
||||
|
||||
@retval EFI_SUCCESS All check passed and the phase-related CHAP
|
||||
- authentication info is filled into the iSCSI PDU.
|
||||
+ authentication info is filled into the iSCSI
|
||||
+ PDU.
|
||||
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
|
||||
@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
|
||||
|
||||
@@ -392,7 +421,11 @@ IScsiCHAPToSendReq (
|
||||
// It's the initial Login Request. Fill in the key=value pairs mandatory
|
||||
// for the initial Login Request.
|
||||
//
|
||||
- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName);
|
||||
+ IScsiAddKeyValuePair (
|
||||
+ Pdu,
|
||||
+ ISCSI_KEY_INITIATOR_NAME,
|
||||
+ mPrivate->InitiatorName
|
||||
+ );
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal");
|
||||
IScsiAddKeyValuePair (
|
||||
Pdu,
|
||||
@@ -413,7 +446,8 @@ IScsiCHAPToSendReq (
|
||||
|
||||
case ISCSI_CHAP_STEP_ONE:
|
||||
//
|
||||
- // First step, send the Login Request with CHAP_A=<A1,A2...> key-value pair.
|
||||
+ // First step, send the Login Request with CHAP_A=<A1,A2...> key-value
|
||||
+ // pair.
|
||||
//
|
||||
AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5);
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr);
|
||||
@@ -429,11 +463,20 @@ IScsiCHAPToSendReq (
|
||||
//
|
||||
// CHAP_N=<N>
|
||||
//
|
||||
- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName);
|
||||
+ IScsiAddKeyValuePair (
|
||||
+ Pdu,
|
||||
+ ISCSI_KEY_CHAP_NAME,
|
||||
+ (CHAR8 *) &AuthData->AuthConfig->CHAPName
|
||||
+ );
|
||||
//
|
||||
// CHAP_R=<R>
|
||||
//
|
||||
- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen);
|
||||
+ IScsiBinToHex (
|
||||
+ (UINT8 *) AuthData->CHAPResponse,
|
||||
+ ISCSI_CHAP_RSP_LEN,
|
||||
+ Response,
|
||||
+ &RspLen
|
||||
+ );
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response);
|
||||
|
||||
if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) {
|
||||
@@ -448,7 +491,12 @@ IScsiCHAPToSendReq (
|
||||
//
|
||||
IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);
|
||||
AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN;
|
||||
- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen);
|
||||
+ IScsiBinToHex (
|
||||
+ (UINT8 *) AuthData->OutChallenge,
|
||||
+ ISCSI_CHAP_RSP_LEN,
|
||||
+ Challenge,
|
||||
+ &ChallengeLen
|
||||
+ );
|
||||
IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge);
|
||||
|
||||
Conn->AuthStep = ISCSI_CHAP_STEP_FOUR;
|
||||
diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
index 140bba0dcd..5e59fb678b 100644
|
||||
--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h
|
||||
@@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived (
|
||||
@param[in, out] Pdu The PDU to send out.
|
||||
|
||||
@retval EFI_SUCCESS All check passed and the phase-related CHAP
|
||||
- authentication info is filled into the iSCSI PDU.
|
||||
+ authentication info is filled into the iSCSI
|
||||
+ PDU.
|
||||
@retval EFI_OUT_OF_RESOURCES Failed to allocate memory.
|
||||
@retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred.
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,120 +0,0 @@
|
||||
From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 27 Aug 2020 00:21:29 +0200
|
||||
Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after
|
||||
SMI broadcast
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||
back-to-back.
|
||||
|
||||
If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then:
|
||||
|
||||
- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the
|
||||
SMI pending for the new CPU -- at that time, the new CPU doesn't even
|
||||
exist yet,
|
||||
|
||||
- OVMF will find the new CPU however (in the CPU hotplug register block),
|
||||
in QemuCpuhpCollectApicIds().
|
||||
|
||||
As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in
|
||||
SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI),
|
||||
the new CPU instead boots straight into the post-RSM (normal mode) "pen",
|
||||
skipping its initial SMI handler.
|
||||
|
||||
The CPU halts nicely in the pen, but its SMBASE is never relocated, and
|
||||
the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck
|
||||
in the following loop:
|
||||
|
||||
//
|
||||
// Wait until the hot-added CPU is just about to execute RSM.
|
||||
//
|
||||
while (Context->AboutToLeaveSmm == 0) {
|
||||
CpuPause ();
|
||||
}
|
||||
|
||||
because the new CPU's initial SMI handler never sets the flag to nonzero.
|
||||
|
||||
Fix this by sending a directed SMI to the new CPU just before sending it
|
||||
the INIT-SIPI-SIPI. The various scenarios are documented in the code --
|
||||
the cases affected by the patch are documented under point (2).
|
||||
|
||||
Note that this is not considered a security patch, as for a malicious
|
||||
guest OS, the issue is not exploitable -- the symptom is a hang on the
|
||||
BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes
|
||||
behavior for a benign guest OS.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200826222129.25798-3-lersek@redhat.com>
|
||||
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------
|
||||
1 file changed, 29 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
index 170571221d..d8f45c4313 100644
|
||||
--- a/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
@@ -220,14 +220,37 @@ SmbaseRelocate (
|
||||
//
|
||||
// Boot the hot-added CPU.
|
||||
//
|
||||
- // If the OS is benign, and so the hot-added CPU is still in RESET state,
|
||||
- // then the broadcast SMI is still pending for it; it will now launch
|
||||
- // directly into SMM.
|
||||
+ // There are 2*2 cases to consider:
|
||||
//
|
||||
- // If the OS is malicious, the hot-added CPU has been booted already, and so
|
||||
- // it is already spinning on the APIC ID gate. In that case, the
|
||||
- // INIT-SIPI-SIPI below will be ignored.
|
||||
+ // (1) The CPU was hot-added before the SMI was broadcast.
|
||||
//
|
||||
+ // (1.1) The OS is benign.
|
||||
+ //
|
||||
+ // The hot-added CPU is in RESET state, with the broadcast SMI pending
|
||||
+ // for it. The directed SMI below will be ignored (it's idempotent),
|
||||
+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM.
|
||||
+ //
|
||||
+ // (1.2) The OS is malicious.
|
||||
+ //
|
||||
+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added
|
||||
+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and
|
||||
+ // the INIT-SIPI-SIPI below will be ignored.
|
||||
+ //
|
||||
+ // (2) The CPU was hot-added after the SMI was broadcast.
|
||||
+ //
|
||||
+ // (2.1) The OS is benign.
|
||||
+ //
|
||||
+ // The hot-added CPU is in RESET state, with no SMI pending for it. The
|
||||
+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI
|
||||
+ // will launch the CPU into SMM.
|
||||
+ //
|
||||
+ // (2.2) The OS is malicious.
|
||||
+ //
|
||||
+ // The hot-added CPU is executing OS code. The directed SMI will pull
|
||||
+ // the hot-added CPU into SMM, where it will start spinning on the APIC
|
||||
+ // ID gate. The INIT-SIPI-SIPI will be ignored.
|
||||
+ //
|
||||
+ SendSmiIpi (ApicId);
|
||||
SendInitSipiSipi (ApicId, PenAddress);
|
||||
|
||||
//
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,91 +0,0 @@
|
||||
From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 27 Aug 2020 00:21:28 +0200
|
||||
Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before
|
||||
SMI broadcast
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||
back-to-back.
|
||||
|
||||
If a "device_add" occurs *just before* ACPI raises the broadcast SMI,
|
||||
then:
|
||||
|
||||
- OVMF processes the hot-added CPU well.
|
||||
|
||||
- However, QEMU's post-SMI ACPI loop -- which clears the pending events
|
||||
for the hot-added CPUs that were collected before raising the SMI -- is
|
||||
unaware of the stray CPU. Thus, the pending event is not cleared for it.
|
||||
|
||||
As a result of the stuck event, at the next hot-plug, OVMF tries to re-add
|
||||
(relocate for the 2nd time) the already-known CPU. At that time, the AP is
|
||||
already in the normal edk2 SMM busy-wait however, so it doesn't respond to
|
||||
the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM
|
||||
gets stuck in SMM.
|
||||
|
||||
(Because of the above symptom, this is not considered a security patch; it
|
||||
doesn't seem exploitable by a malicious guest OS.)
|
||||
|
||||
In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already
|
||||
known. The post-SMI ACPI loop will clear the pending event for it this
|
||||
time.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200826222129.25798-2-lersek@redhat.com>
|
||||
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
index 20e6bec04f..cfe698ed2b 100644
|
||||
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
@@ -193,9 +193,28 @@ CpuHotplugMmi (
|
||||
NewSlot = 0;
|
||||
while (PluggedIdx < PluggedCount) {
|
||||
APIC_ID NewApicId;
|
||||
+ UINT32 CheckSlot;
|
||||
UINTN NewProcessorNumberByProtocol;
|
||||
|
||||
NewApicId = mPluggedApicIds[PluggedIdx];
|
||||
+
|
||||
+ //
|
||||
+ // Check if the supposedly hot-added CPU is already known to us.
|
||||
+ //
|
||||
+ for (CheckSlot = 0;
|
||||
+ CheckSlot < mCpuHotPlugData->ArrayLength;
|
||||
+ CheckSlot++) {
|
||||
+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ if (CheckSlot < mCpuHotPlugData->ArrayLength) {
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged "
|
||||
+ "before; ignoring it\n", __FUNCTION__, NewApicId));
|
||||
+ PluggedIdx++;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Find the first empty slot in CPU_HOT_PLUG_DATA.
|
||||
//
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,50 +0,0 @@
|
||||
From 135d3d4b4ff12927f7b0c44e067fd42ceae83bb7 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 24 Jun 2020 11:37:50 +0200
|
||||
Subject: [PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO
|
||||
level
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20200615080105.11859-3-lersek@redhat.com>
|
||||
Patchwork-id: 97533
|
||||
O-Subject: [RHEL-8.3.0 edk2 PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO level
|
||||
Bugzilla: 1844682
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
gBS->LoadImage() returning EFI_NOT_FOUND is an expected condition; it
|
||||
means that QEMU wasn't started with "-kernel". Log this status code as
|
||||
INFO rather than ERROR.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200609105414.12474-1-lersek@redhat.com>
|
||||
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
(cherry picked from commit 14c7ed8b51f60097ad771277da69f74b22a7a759)
|
||||
---
|
||||
.../Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
|
||||
index 14c8417d43..114db7e844 100644
|
||||
--- a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
|
||||
+++ b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
|
||||
@@ -106,7 +106,8 @@ QemuLoadKernelImage (
|
||||
goto UnloadImage;
|
||||
|
||||
default:
|
||||
- DEBUG ((DEBUG_ERROR, "%a: LoadImage(): %r\n", __FUNCTION__, Status));
|
||||
+ DEBUG ((Status == EFI_NOT_FOUND ? DEBUG_INFO : DEBUG_ERROR,
|
||||
+ "%a: LoadImage(): %r\n", __FUNCTION__, Status));
|
||||
return Status;
|
||||
}
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,140 +0,0 @@
|
||||
From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 14 Jul 2020 20:43:05 +0200
|
||||
Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate
|
||||
ICH9_LPC_SMI_F_CPU_HOTPLUG
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags
|
||||
cause QEMU to behave as follows:
|
||||
|
||||
BROADCAST CPU_HOTPLUG use case / behavior
|
||||
--------- ----------- ------------------------------------------------
|
||||
clear clear OVMF built without SMM_REQUIRE; or very old OVMF
|
||||
(from before commit a316d7ac91d3 / 2017-02-07).
|
||||
QEMU permits CPU hotplug operations, and does
|
||||
not cause the OS to inject an SMI upon hotplug.
|
||||
Firmware is not expected to be aware of hotplug
|
||||
events.
|
||||
|
||||
clear set Invalid feature set; QEMU rejects the feature
|
||||
negotiation.
|
||||
|
||||
set clear OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||
SMM_REQUIRE, but no support for CPU hotplug.
|
||||
QEMU gracefully refuses hotplug operations.
|
||||
|
||||
set set OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||
SMM_REQUIRE, and supporting CPU hotplug. QEMU
|
||||
permits CPU hotplug operations, and causes the
|
||||
OS to inject an SMI upon hotplug. Firmware is
|
||||
expected to deal with hotplug events.
|
||||
|
||||
Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as
|
||||
OvmfPkg/CpuHotplugSmm can't deal with SEV yet.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Liran Alon <liran.alon@oracle.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200714184305.9814-1-lersek@redhat.com>
|
||||
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++--
|
||||
OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 +
|
||||
2 files changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
index 6210b7515e..c9d8755432 100644
|
||||
--- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
@@ -9,6 +9,7 @@
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
+#include <Library/MemEncryptSevLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/QemuFwCfgLib.h>
|
||||
@@ -21,6 +22,12 @@
|
||||
// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||
//
|
||||
#define ICH9_LPC_SMI_F_BROADCAST BIT0
|
||||
+//
|
||||
+// The following bit value stands for "enable CPU hotplug, and inject an SMI
|
||||
+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the
|
||||
+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||
+//
|
||||
+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1
|
||||
|
||||
//
|
||||
// Provides a scratch buffer (allocated in EfiReservedMemoryType type memory)
|
||||
@@ -67,6 +74,7 @@ NegotiateSmiFeatures (
|
||||
UINTN SupportedFeaturesSize;
|
||||
UINTN RequestedFeaturesSize;
|
||||
UINTN FeaturesOkSize;
|
||||
+ UINT64 RequestedFeaturesMask;
|
||||
|
||||
//
|
||||
// Look up the fw_cfg files used for feature negotiation. The selector keys
|
||||
@@ -104,9 +112,16 @@ NegotiateSmiFeatures (
|
||||
QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||
|
||||
//
|
||||
- // We want broadcast SMI and nothing else.
|
||||
+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else.
|
||||
//
|
||||
- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST;
|
||||
+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST;
|
||||
+ if (!MemEncryptSevIsEnabled ()) {
|
||||
+ //
|
||||
+ // For now, we only support hotplug with SEV disabled.
|
||||
+ //
|
||||
+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG;
|
||||
+ }
|
||||
+ mSmiFeatures &= RequestedFeaturesMask;
|
||||
QemuFwCfgSelectItem (mRequestedFeaturesItem);
|
||||
QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||
|
||||
@@ -144,6 +159,13 @@ NegotiateSmiFeatures (
|
||||
DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__));
|
||||
}
|
||||
|
||||
+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) {
|
||||
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__));
|
||||
+ } else {
|
||||
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n",
|
||||
+ __FUNCTION__));
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Negotiation successful (although we may not have gotten the optimal
|
||||
// feature set).
|
||||
diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
index 3abed141e6..b8fdea8deb 100644
|
||||
--- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
@@ -46,6 +46,7 @@
|
||||
BaseLib
|
||||
DebugLib
|
||||
IoLib
|
||||
+ MemEncryptSevLib
|
||||
MemoryAllocationLib
|
||||
PcdLib
|
||||
PciLib
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,105 +0,0 @@
|
||||
From 70c9d989107c6ac964bb437c5a4ea6ffe3214e45 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Mon, 10 Aug 2020 07:52:28 +0200
|
||||
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before
|
||||
re-fetch
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20200731141037.1941-2-lersek@redhat.com>
|
||||
Patchwork-id: 98121
|
||||
O-Subject: [RHEL-8.3.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before re-fetch
|
||||
Bugzilla: 1861718
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
|
||||
Most busy waits (spinlocks) in "UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c"
|
||||
already call CpuPause() in their loop bodies; see SmmWaitForApArrival(),
|
||||
APHandler(), and SmiRendezvous(). However, the "main wait" within
|
||||
APHandler():
|
||||
|
||||
> //
|
||||
> // Wait for something to happen
|
||||
> //
|
||||
> WaitForSemaphore (mSmmMpSyncData->CpuData[CpuIndex].Run);
|
||||
|
||||
doesn't do so, as WaitForSemaphore() keeps trying to acquire the semaphore
|
||||
without pausing.
|
||||
|
||||
The performance impact is especially notable in QEMU/KVM + OVMF
|
||||
virtualization with CPU overcommit (that is, when the guest has
|
||||
significantly more VCPUs than the host has physical CPUs). The guest BSP
|
||||
is working heavily in:
|
||||
|
||||
BSPHandler() [MpService.c]
|
||||
PerformRemainingTasks() [PiSmmCpuDxeSmm.c]
|
||||
SetUefiMemMapAttributes() [SmmCpuMemoryManagement.c]
|
||||
|
||||
while the many guest APs are spinning in the "Wait for something to
|
||||
happen" semaphore acquisition, in APHandler(). The guest APs are
|
||||
generating useless memory traffic and saturating host CPUs, hindering the
|
||||
guest BSP's progress in SetUefiMemMapAttributes().
|
||||
|
||||
Rework the loop in WaitForSemaphore(): call CpuPause() in every iteration
|
||||
after the first check fails. Due to Pause Loop Exiting (known as Pause
|
||||
Filter on AMD), the host scheduler can favor the guest BSP over the guest
|
||||
APs.
|
||||
|
||||
Running a 16 GB RAM + 512 VCPU guest on a 448 PCPU host, this patch
|
||||
reduces OVMF boot time (counted until reaching grub) from 20-30 minutes to
|
||||
less than 4 minutes.
|
||||
|
||||
The patch should benefit physical machines as well -- according to the
|
||||
Intel SDM, PAUSE "Improves the performance of spin-wait loops". Adding
|
||||
PAUSE to the generic WaitForSemaphore() function is considered a general
|
||||
improvement.
|
||||
|
||||
Cc: Eric Dong <eric.dong@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Rahul Kumar <rahul1.kumar@intel.com>
|
||||
Cc: Ray Ni <ray.ni@intel.com>
|
||||
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1861718
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200729185217.10084-1-lersek@redhat.com>
|
||||
Reviewed-by: Eric Dong <eric.dong@intel.com>
|
||||
(cherry picked from commit 9001b750df64b25b14ec45a2efa1361a7b96c00a)
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 18 +++++++++++-------
|
||||
1 file changed, 11 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
index 57e788c..4bcd217 100644
|
||||
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
@@ -40,14 +40,18 @@ WaitForSemaphore (
|
||||
{
|
||||
UINT32 Value;
|
||||
|
||||
- do {
|
||||
+ for (;;) {
|
||||
Value = *Sem;
|
||||
- } while (Value == 0 ||
|
||||
- InterlockedCompareExchange32 (
|
||||
- (UINT32*)Sem,
|
||||
- Value,
|
||||
- Value - 1
|
||||
- ) != Value);
|
||||
+ if (Value != 0 &&
|
||||
+ InterlockedCompareExchange32 (
|
||||
+ (UINT32*)Sem,
|
||||
+ Value,
|
||||
+ Value - 1
|
||||
+ ) == Value) {
|
||||
+ break;
|
||||
+ }
|
||||
+ CpuPause ();
|
||||
+ }
|
||||
return Value - 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
33
SOURCES/edk2-ovmf-cc.json
Normal file
33
SOURCES/edk2-ovmf-cc.json
Normal file
@ -0,0 +1,33 @@
|
||||
{
|
||||
"description": "OVMF with SEV-ES support",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd",
|
||||
"format": "raw"
|
||||
},
|
||||
"nvram-template": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
|
||||
"format": "raw"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "x86_64",
|
||||
"machines": [
|
||||
"pc-q35-rhel8.5.0"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
"amd-sev",
|
||||
"amd-sev-es",
|
||||
"verbose-dynamic"
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
117
SPECS/edk2.spec
117
SPECS/edk2.spec
@ -1,25 +1,25 @@
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
|
||||
%define GITDATE 20200602
|
||||
%define GITCOMMIT ca407c7246bf
|
||||
%define GITDATE 20210527
|
||||
%define GITCOMMIT e1999b264f1f
|
||||
%define TOOLCHAIN GCC5
|
||||
%define OPENSSL_VER 1.1.1g
|
||||
%define OPENSSL_VER 1.1.1k
|
||||
|
||||
Name: edk2
|
||||
Version: %{GITDATE}git%{GITCOMMIT}
|
||||
Release: 4%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: UEFI firmware for 64-bit virtual machines
|
||||
Group: Applications/Emulators
|
||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||
URL: http://www.tianocore.org
|
||||
|
||||
# The source tarball is created using following commands:
|
||||
# COMMIT=%{GITCOMMIT}
|
||||
# COMMIT=e1999b264f1f
|
||||
# git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \
|
||||
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
||||
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
|
||||
Source1: ovmf-whitepaper-c770f8c.txt
|
||||
Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
Source2: openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
|
||||
Source3: ovmf-vars-generator
|
||||
Source4: LICENSE.qosb
|
||||
Source5: RedHatSecureBootPkKek1.pem
|
||||
@ -28,12 +28,12 @@ Source10: edk2-aarch64-verbose.json
|
||||
Source11: edk2-aarch64.json
|
||||
Source12: edk2-ovmf-sb.json
|
||||
Source13: edk2-ovmf.json
|
||||
Source14: edk2-ovmf-cc.json
|
||||
|
||||
Patch0007: 0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch
|
||||
Patch0008: 0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch
|
||||
Patch0009: 0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
|
||||
Patch0010: 0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
|
||||
Patch0011: 0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
|
||||
Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch
|
||||
Patch0009: 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch
|
||||
Patch0010: 0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
|
||||
Patch0011: 0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
|
||||
Patch0012: 0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
|
||||
Patch0013: 0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
||||
Patch0014: 0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
||||
@ -48,24 +48,30 @@ Patch0022: 0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
|
||||
Patch0023: 0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
|
||||
Patch0024: 0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
|
||||
Patch0025: 0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
|
||||
Patch0026: 0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch
|
||||
Patch0027: 0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch
|
||||
# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors
|
||||
Patch28: edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
|
||||
# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors
|
||||
Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch
|
||||
# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors
|
||||
Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
||||
# For bz#1861718 - Very slow boot when overcommitting CPU
|
||||
Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch
|
||||
# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later)
|
||||
Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch
|
||||
Patch0026: 0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
|
||||
Patch0027: 0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch28: edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch29: edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch30: edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch31: edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch32: edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch33: edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch34: edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch35: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch36: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch
|
||||
# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]
|
||||
Patch37: edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch
|
||||
# For bz#1988762 - edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec
|
||||
Patch38: edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch
|
||||
|
||||
|
||||
# python3-devel and libuuid-devel are required for building tools.
|
||||
@ -87,8 +93,8 @@ BuildRequires: mtools
|
||||
BuildRequires: genisoimage
|
||||
|
||||
# For generating the variable store template with the default certificates
|
||||
# enrolled, we need qemu-kvm.
|
||||
BuildRequires: qemu-kvm >= 2.12.0-89
|
||||
# enrolled, we need the qemu-kvm executable.
|
||||
BuildRequires: qemu-kvm-core >= 2.12.0-89
|
||||
|
||||
# For verifying SB enablement in the above variable store template, we need a
|
||||
# guest kernel that prints "Secure boot enabled".
|
||||
@ -197,7 +203,7 @@ echo "Applied $COUNT patches"
|
||||
rm -f $PATCHLIST
|
||||
|
||||
cp -a -- %{SOURCE1} %{SOURCE3} .
|
||||
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
|
||||
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} .
|
||||
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
|
||||
|
||||
# Format the Red Hat-issued certificate that is to be enrolled as both Platform
|
||||
@ -320,12 +326,8 @@ mkdir -p \
|
||||
$RPM_BUILD_ROOT%{_datadir}/OVMF \
|
||||
$RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf
|
||||
|
||||
# We don't ship the SB-less, SMM-less binary.
|
||||
%if 0
|
||||
install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
||||
$RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
|
||||
ln -s ../%{name}/ovmf/OVMF_CODE.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/
|
||||
%endif
|
||||
$RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
|
||||
install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
||||
$RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
|
||||
|
||||
@ -350,6 +352,8 @@ install -m 0644 edk2-ovmf-sb.json \
|
||||
$RPM_BUILD_ROOT%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
|
||||
install -m 0644 edk2-ovmf.json \
|
||||
$RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf.json
|
||||
install -m 0644 edk2-ovmf-cc.json \
|
||||
$RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
|
||||
|
||||
%else
|
||||
mkdir -p \
|
||||
@ -434,10 +438,7 @@ install BaseTools/Scripts/GccBase.lds \
|
||||
%doc ovmf-whitepaper-c770f8c.txt
|
||||
%dir %{_datadir}/OVMF/
|
||||
%dir %{_datadir}/%{name}/ovmf/
|
||||
%if 0
|
||||
%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
|
||||
%{_datadir}/OVMF/OVMF_CODE.fd
|
||||
%endif
|
||||
%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
|
||||
%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
|
||||
%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
|
||||
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
|
||||
@ -449,6 +450,7 @@ install BaseTools/Scripts/GccBase.lds \
|
||||
%{_datadir}/%{name}/ovmf/Shell.efi
|
||||
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
|
||||
%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
|
||||
%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
|
||||
%{_datadir}/qemu/firmware/50-edk2-ovmf.json
|
||||
|
||||
%else
|
||||
@ -479,7 +481,6 @@ install BaseTools/Scripts/GccBase.lds \
|
||||
%{_bindir}/GenSec
|
||||
%{_bindir}/LzmaCompress
|
||||
%{_bindir}/LzmaF86Compress
|
||||
%{_bindir}/Split
|
||||
%{_bindir}/TianoCompress
|
||||
%{_bindir}/VfrCompile
|
||||
%{_bindir}/VolInfo
|
||||
@ -515,6 +516,38 @@ true
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Aug 06 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-3
|
||||
- edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762]
|
||||
- Resolves: bz#1988762
|
||||
(edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec)
|
||||
|
||||
* Fri Jul 02 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-2
|
||||
- edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch [bz#1956408]
|
||||
- edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch [bz#1956408]
|
||||
- Resolves: bz#1956408
|
||||
(edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0])
|
||||
|
||||
* Wed Jun 23 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20210527gite1999b264f1f-1
|
||||
- Rebase to edk2-stable202105 [bz#1938238]
|
||||
- Resolves: bz#1938238
|
||||
((edk2-rebase-rhel-8.5) - rebase edk2 to edk2-stable202105 for RHEL-8.5)
|
||||
|
||||
* Wed May 12 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-5.el8
|
||||
- edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1892318]
|
||||
- edk2-redhat-add-OVMF-binary-that-will-support-SEV-ES.patch [bz#1956837]
|
||||
- Resolves: bz#1892318
|
||||
(edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8])
|
||||
- Resolves: bz#1956837
|
||||
(Additional build of edk2 without SMM (dual build / sub-package) for SEV-ES)
|
||||
|
||||
* Mon Nov 23 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-4.el8
|
||||
- edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177]
|
||||
- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch [bz#1849177]
|
||||
|
Loading…
Reference in New Issue
Block a user