diff --git a/.edk2.metadata b/.edk2.metadata index de66e51..e053625 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ -3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz -627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +858fffdab12810fb170144ffe1a9c39e9fface80 SOURCES/edk2-e1999b264f1f.tar.xz +4c1a80504b0bd3ce87fd9baa30836142620af1eb SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/.gitignore b/.gitignore index e8df3bf..ffcb5d4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/edk2-ca407c7246bf.tar.xz -SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +SOURCES/edk2-e1999b264f1f.tar.xz +SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch similarity index 72% rename from SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch rename to SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch index fb01acf..78d65ea 100644 --- a/SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch +++ b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch @@ -1,8 +1,13 @@ -From db8ccca337e2c5722c1d408d2541cf653d3371a2 Mon Sep 17 00:00:00 2001 +From dca56cf4d28bbbb1d3be029ce9a6710cb3f6cd2f Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:34:12 +0200 Subject: BaseTools: do not build BrotliCompress (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -16,15 +21,16 @@ submodules (RH only"). Do not attempt to build BrotliCompress. Signed-off-by: Laszlo Ersek +(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2) --- BaseTools/Source/C/GNUmakefile | 1 - 1 file changed, 1 deletion(-) diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile -index df4eb64ea9..52777eaff1 100644 +index 8c191e0c38..3eae824a1c 100644 --- a/BaseTools/Source/C/GNUmakefile +++ b/BaseTools/Source/C/GNUmakefile -@@ -45,7 +45,6 @@ all: makerootdir subdirs +@@ -48,7 +48,6 @@ all: makerootdir subdirs LIBRARIES = Common VFRAUTOGEN = VfrCompile/VfrLexer.h APPLICATIONS = \ @@ -33,5 +39,5 @@ index df4eb64ea9..52777eaff1 100644 EfiRom \ GenFfs \ -- -2.18.1 +2.27.0 diff --git a/SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch similarity index 80% rename from SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch rename to SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch index 718a35f..6046944 100644 --- a/SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch +++ b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch @@ -1,8 +1,13 @@ -From e05e0de713c4a2b8adb6ff9809611f222bfe50ed Mon Sep 17 00:00:00 2001 +From 9729dd1d6b83961d531e29777d0cc4a610b108be Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:39:08 +0200 Subject: MdeModulePkg: remove package-private Brotli include path (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -20,12 +25,13 @@ platforms, and we've removed the submodule earlier in this patch set, remove the include path too. Signed-off-by: Laszlo Ersek +(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed) --- MdeModulePkg/MdeModulePkg.dec | 3 --- 1 file changed, 3 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index 4f44af6948..031043ec28 100644 +index 8d38383915..ba2d0290e7 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -24,9 +24,6 @@ @@ -39,5 +45,5 @@ index 4f44af6948..031043ec28 100644 ## @libraryclass Defines a set of methods to reset whole system. ResetSystemLib|Include/Library/ResetSystemLib.h -- -2.18.1 +2.27.0 diff --git a/SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch similarity index 90% rename from SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch rename to SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch index e41f5cd..6fb626e 100644 --- a/SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ b/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -1,8 +1,24 @@ -From cee80878b19e51d9b3c63335c681f152dcc59764 Mon Sep 17 00:00:00 2001 +From 8c815e04dda7897899dfa011063f779280cd4d5d Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 11 Jun 2014 23:33:33 +0200 Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC/FDF change to the new OvmfPkg/AmdSev platform, which has + been introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base + commit to build encrypted boot specific OVMF", 2020-12-14), for + TianoCore#3077. + + We've always patched all those DSC/FDF files in OvmfPkg down-stream that + made sense at least in theory on QEMU. (For example, we've always + patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never + build or ship the pure IA32 firmware platform.) Follow suit with + "AmdSevX64.dsc" and "AmdSevX64.fdf". + + "AmdSevX64.dsc" consumes OpenSSL when built with "-D TPM_ENABLE". + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -151,6 +167,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) (cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849) (cherry picked from commit 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2) +(cherry picked from commit cee80878b19e51d9b3c63335c681f152dcc59764) --- ArmVirtPkg/ArmVirtQemu.dsc | 2 +- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- @@ -159,23 +176,25 @@ Signed-off-by: Laszlo Ersek MdeModulePkg/Logo/Logo-OpenSSL.idf | 10 +++++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 56 +++++++++++++++++++++++++++ MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 17 ++++++++ + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- + OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32.fdf | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/OvmfPkgX64.fdf | 2 +- - 13 files changed, 92 insertions(+), 9 deletions(-) + 15 files changed, 94 insertions(+), 11 deletions(-) create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 3f649c91d8..360094ab6a 100644 +index 7ef5e7297b..54d637163c 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -424,7 +424,7 @@ +@@ -433,7 +433,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf @@ -185,10 +204,10 @@ index 3f649c91d8..360094ab6a 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index a2f4bd62c8..9b94043085 100644 +index 5b1d100575..6cdbfc39be 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -193,7 +193,7 @@ READ_LOCK_STATUS = TRUE +@@ -196,7 +196,7 @@ READ_LOCK_STATUS = TRUE # # TianoCore logo (splash screen) # @@ -198,10 +217,10 @@ index a2f4bd62c8..9b94043085 100644 # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 2a6fd6bc06..d186263e18 100644 +index a542fcb157..f598ac6a85 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -363,7 +363,7 @@ +@@ -369,7 +369,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf @@ -531,11 +550,37 @@ index 0000000000..6439502b6a + +#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." + +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 66bbbc80cd..52bcae6cf6 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -688,7 +688,7 @@ + PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf +index dd0030dbf1..fa5e484e63 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.fdf ++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf +@@ -279,7 +279,7 @@ INF OvmfPkg/AmdSev/Grub/Grub.inf + INF ShellPkg/Application/Shell/Shell.inf + !endif + +-INF MdeModulePkg/Logo/LogoDxe.inf ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Usb Support diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d0df9cbbfb..f8317a4f5d 100644 +index 33fbd76790..d8f03caa30 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -750,7 +750,7 @@ +@@ -777,7 +777,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -545,10 +590,10 @@ index d0df9cbbfb..f8317a4f5d 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index e2b759aa8d..ec64551bcb 100644 +index b3c8b56f3b..e3b1d74ce2 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -294,7 +294,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -300,7 +300,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -558,10 +603,10 @@ index e2b759aa8d..ec64551bcb 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index b3ae62fee9..55423d356c 100644 +index b13e5cfd90..312577ebae 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -764,7 +764,7 @@ +@@ -791,7 +791,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -571,10 +616,10 @@ index b3ae62fee9..55423d356c 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index bfca1eff9e..2f02ac2d73 100644 +index 86592c2364..f7732382d4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -301,7 +301,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -584,10 +629,10 @@ index bfca1eff9e..2f02ac2d73 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index f7fe75ebf5..17aeeed96e 100644 +index 999738dc39..d72a00e6b4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -760,7 +760,7 @@ +@@ -789,7 +789,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -597,10 +642,10 @@ index f7fe75ebf5..17aeeed96e 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index bfca1eff9e..2f02ac2d73 100644 +index d6be798fca..137ed6bceb 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -313,7 +313,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -610,5 +655,5 @@ index bfca1eff9e..2f02ac2d73 100644 # # Network modules -- -2.18.1 +2.27.0 diff --git a/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch deleted file mode 100644 index ee4a8e6..0000000 --- a/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +++ /dev/null @@ -1,580 +0,0 @@ -From 99da4393139d428baf09d751af3d072229839126 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 12 Jun 2014 00:17:59 +0200 -Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- no changes - -Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> -RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: - -- no changes - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no changes - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- update commit message as requested in - - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -The Int10h VBE Shim is capable of emitting short debug messages when the -win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet -version is preferred; for us debug messages are important as a default. - -For this patch, the DEBUG macro is enabled in the assembly file, and then -the header file is regenerated from the assembly, by running -"OvmfPkg/QemuVideoDxe/VbeShim.sh". - -"VbeShim.h" is not auto-generated; it is manually generated. The patch -does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the -manually re-generated) "VbeShim.h" atomically. Doing so helps with local -downstream builds, with bisection, and also keeps redhat/README a bit -simpler. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) -(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) -(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) -(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba) -(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e) -(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471) -(cherry picked from commit 3aa0316ea1db5416cb528179a3ba5ce37c1279b7) ---- - OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- - OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- - 2 files changed, 308 insertions(+), 175 deletions(-) - -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm -index 1d284b2641..0d5cfaf1e4 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.asm -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm -@@ -12,7 +12,7 @@ - ;------------------------------------------------------------------------------ - - ; enable this macro for debug messages --;%define DEBUG -+%define DEBUG - - %macro DebugLog 1 - %ifdef DEBUG -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h -index cc9b6e14cd..325d6478a1 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.h -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h -@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { - /* 000001FE nop */ 0x90, - /* 000001FF nop */ 0x90, - /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, -- /* 00000203 jz 0x22d */ 0x74, 0x28, -+ /* 00000203 jz 0x235 */ 0x74, 0x30, - /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, -- /* 00000208 jz 0x245 */ 0x74, 0x3B, -+ /* 00000208 jz 0x255 */ 0x74, 0x4B, - /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, -- /* 0000020D jz 0x269 */ 0x74, 0x5A, -+ /* 0000020D jz 0x289 */ 0x74, 0x7A, - /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, -- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, -+ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, - /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, -- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, -+ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, - /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, -- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, -+ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, - /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, -- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, -- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, -- /* 0000022D push es */ 0x06, -- /* 0000022E push di */ 0x57, -- /* 0000022F push ds */ 0x1E, -- /* 00000230 push si */ 0x56, -- /* 00000231 push cx */ 0x51, -- /* 00000232 push cs */ 0x0E, -- /* 00000233 pop ds */ 0x1F, -- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, -- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000023A cld */ 0xFC, -- /* 0000023B rep movsb */ 0xF3, 0xA4, -- /* 0000023D pop cx */ 0x59, -- /* 0000023E pop si */ 0x5E, -- /* 0000023F pop ds */ 0x1F, -- /* 00000240 pop di */ 0x5F, -- /* 00000241 pop es */ 0x07, -- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, -- /* 00000245 push es */ 0x06, -- /* 00000246 push di */ 0x57, -- /* 00000247 push ds */ 0x1E, -- /* 00000248 push si */ 0x56, -- /* 00000249 push cx */ 0x51, -- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -- /* 00000252 jz 0x256 */ 0x74, 0x02, -- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, -- /* 00000256 push cs */ 0x0E, -- /* 00000257 pop ds */ 0x1F, -- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, -- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000025E cld */ 0xFC, -- /* 0000025F rep movsb */ 0xF3, 0xA4, -- /* 00000261 pop cx */ 0x59, -- /* 00000262 pop si */ 0x5E, -- /* 00000263 pop ds */ 0x1F, -- /* 00000264 pop di */ 0x5F, -- /* 00000265 pop es */ 0x07, -- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, -- /* 00000269 push dx */ 0x52, -- /* 0000026A push ax */ 0x50, -- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -- /* 0000026F jz 0x273 */ 0x74, 0x02, -- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, -- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -- /* 00000276 mov al,0x20 */ 0xB0, 0x20, -- /* 00000278 out dx,al */ 0xEE, -- /* 00000279 push dx */ 0x52, -- /* 0000027A push ax */ 0x50, -- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000281 out dx,ax */ 0xEF, -- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 00000288 out dx,ax */ 0xEF, -- /* 00000289 pop ax */ 0x58, -- /* 0000028A pop dx */ 0x5A, -- /* 0000028B push dx */ 0x52, -- /* 0000028C push ax */ 0x50, -- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, -- /* 00000293 out dx,ax */ 0xEF, -- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 0000029A out dx,ax */ 0xEF, -- /* 0000029B pop ax */ 0x58, -- /* 0000029C pop dx */ 0x5A, -- /* 0000029D push dx */ 0x52, -- /* 0000029E push ax */ 0x50, -- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -- /* 000002A5 out dx,ax */ 0xEF, -- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002AC out dx,ax */ 0xEF, -- /* 000002AD pop ax */ 0x58, -- /* 000002AE pop dx */ 0x5A, -- /* 000002AF push dx */ 0x52, -- /* 000002B0 push ax */ 0x50, -- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -- /* 000002B7 out dx,ax */ 0xEF, -- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002BE out dx,ax */ 0xEF, -- /* 000002BF pop ax */ 0x58, -- /* 000002C0 pop dx */ 0x5A, -- /* 000002C1 push dx */ 0x52, -- /* 000002C2 push ax */ 0x50, -- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -- /* 000002C9 out dx,ax */ 0xEF, -- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, -- /* 000002D0 out dx,ax */ 0xEF, -- /* 000002D1 pop ax */ 0x58, -- /* 000002D2 pop dx */ 0x5A, -- /* 000002D3 push dx */ 0x52, -- /* 000002D4 push ax */ 0x50, -- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, -- /* 000002DB out dx,ax */ 0xEF, -- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002E2 out dx,ax */ 0xEF, -- /* 000002E3 pop ax */ 0x58, -- /* 000002E4 pop dx */ 0x5A, -- /* 000002E5 push dx */ 0x52, -- /* 000002E6 push ax */ 0x50, -- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, -- /* 000002ED out dx,ax */ 0xEF, -- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002F4 out dx,ax */ 0xEF, -- /* 000002F5 pop ax */ 0x58, -- /* 000002F6 pop dx */ 0x5A, -- /* 000002F7 push dx */ 0x52, -- /* 000002F8 push ax */ 0x50, -- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, -- /* 000002FF out dx,ax */ 0xEF, -- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000306 out dx,ax */ 0xEF, -- /* 00000307 pop ax */ 0x58, -- /* 00000308 pop dx */ 0x5A, -- /* 00000309 push dx */ 0x52, -- /* 0000030A push ax */ 0x50, -- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, -- /* 00000311 out dx,ax */ 0xEF, -- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000318 out dx,ax */ 0xEF, -- /* 00000319 pop ax */ 0x58, -- /* 0000031A pop dx */ 0x5A, -- /* 0000031B push dx */ 0x52, -- /* 0000031C push ax */ 0x50, -- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000323 out dx,ax */ 0xEF, -- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, -- /* 0000032A out dx,ax */ 0xEF, -- /* 0000032B pop ax */ 0x58, -- /* 0000032C pop dx */ 0x5A, -- /* 0000032D pop ax */ 0x58, -- /* 0000032E pop dx */ 0x5A, -- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, -- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, -- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, -- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, -- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, -- /* 0000033C jz 0x345 */ 0x74, 0x07, -- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, -- /* 00000340 jz 0x349 */ 0x74, 0x07, -- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, -- /* 00000345 mov al,0x30 */ 0xB0, 0x30, -- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, -- /* 00000349 mov al,0x20 */ 0xB0, 0x20, -- /* 0000034B iretw */ 0xCF, -- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, -- /* 0000034F iretw */ 0xCF, -- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -- /* 00000353 iretw */ 0xCF, -+ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, -+ /* 0000022B push si */ 0x56, -+ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, -+ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, -+ /* 00000232 pop si */ 0x5E, -+ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, -+ /* 00000235 push es */ 0x06, -+ /* 00000236 push di */ 0x57, -+ /* 00000237 push ds */ 0x1E, -+ /* 00000238 push si */ 0x56, -+ /* 00000239 push cx */ 0x51, -+ /* 0000023A push si */ 0x56, -+ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, -+ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, -+ /* 00000241 pop si */ 0x5E, -+ /* 00000242 push cs */ 0x0E, -+ /* 00000243 pop ds */ 0x1F, -+ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, -+ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000024A cld */ 0xFC, -+ /* 0000024B rep movsb */ 0xF3, 0xA4, -+ /* 0000024D pop cx */ 0x59, -+ /* 0000024E pop si */ 0x5E, -+ /* 0000024F pop ds */ 0x1F, -+ /* 00000250 pop di */ 0x5F, -+ /* 00000251 pop es */ 0x07, -+ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, -+ /* 00000255 push es */ 0x06, -+ /* 00000256 push di */ 0x57, -+ /* 00000257 push ds */ 0x1E, -+ /* 00000258 push si */ 0x56, -+ /* 00000259 push cx */ 0x51, -+ /* 0000025A push si */ 0x56, -+ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, -+ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, -+ /* 00000261 pop si */ 0x5E, -+ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -+ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -+ /* 0000026A jz 0x276 */ 0x74, 0x0A, -+ /* 0000026C push si */ 0x56, -+ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, -+ /* 00000273 pop si */ 0x5E, -+ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, -+ /* 00000276 push cs */ 0x0E, -+ /* 00000277 pop ds */ 0x1F, -+ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, -+ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000027E cld */ 0xFC, -+ /* 0000027F rep movsb */ 0xF3, 0xA4, -+ /* 00000281 pop cx */ 0x59, -+ /* 00000282 pop si */ 0x5E, -+ /* 00000283 pop ds */ 0x1F, -+ /* 00000284 pop di */ 0x5F, -+ /* 00000285 pop es */ 0x07, -+ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, -+ /* 00000289 push dx */ 0x52, -+ /* 0000028A push ax */ 0x50, -+ /* 0000028B push si */ 0x56, -+ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, -+ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, -+ /* 00000292 pop si */ 0x5E, -+ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -+ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, -+ /* 00000299 push si */ 0x56, -+ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, -+ /* 000002A0 pop si */ 0x5E, -+ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, -+ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -+ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, -+ /* 000002A8 out dx,al */ 0xEE, -+ /* 000002A9 push dx */ 0x52, -+ /* 000002AA push ax */ 0x50, -+ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 000002B1 out dx,ax */ 0xEF, -+ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002B8 out dx,ax */ 0xEF, -+ /* 000002B9 pop ax */ 0x58, -+ /* 000002BA pop dx */ 0x5A, -+ /* 000002BB push dx */ 0x52, -+ /* 000002BC push ax */ 0x50, -+ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, -+ /* 000002C3 out dx,ax */ 0xEF, -+ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002CA out dx,ax */ 0xEF, -+ /* 000002CB pop ax */ 0x58, -+ /* 000002CC pop dx */ 0x5A, -+ /* 000002CD push dx */ 0x52, -+ /* 000002CE push ax */ 0x50, -+ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -+ /* 000002D5 out dx,ax */ 0xEF, -+ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002DC out dx,ax */ 0xEF, -+ /* 000002DD pop ax */ 0x58, -+ /* 000002DE pop dx */ 0x5A, -+ /* 000002DF push dx */ 0x52, -+ /* 000002E0 push ax */ 0x50, -+ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -+ /* 000002E7 out dx,ax */ 0xEF, -+ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002EE out dx,ax */ 0xEF, -+ /* 000002EF pop ax */ 0x58, -+ /* 000002F0 pop dx */ 0x5A, -+ /* 000002F1 push dx */ 0x52, -+ /* 000002F2 push ax */ 0x50, -+ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -+ /* 000002F9 out dx,ax */ 0xEF, -+ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, -+ /* 00000300 out dx,ax */ 0xEF, -+ /* 00000301 pop ax */ 0x58, -+ /* 00000302 pop dx */ 0x5A, -+ /* 00000303 push dx */ 0x52, -+ /* 00000304 push ax */ 0x50, -+ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, -+ /* 0000030B out dx,ax */ 0xEF, -+ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000312 out dx,ax */ 0xEF, -+ /* 00000313 pop ax */ 0x58, -+ /* 00000314 pop dx */ 0x5A, -+ /* 00000315 push dx */ 0x52, -+ /* 00000316 push ax */ 0x50, -+ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, -+ /* 0000031D out dx,ax */ 0xEF, -+ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000324 out dx,ax */ 0xEF, -+ /* 00000325 pop ax */ 0x58, -+ /* 00000326 pop dx */ 0x5A, -+ /* 00000327 push dx */ 0x52, -+ /* 00000328 push ax */ 0x50, -+ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, -+ /* 0000032F out dx,ax */ 0xEF, -+ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000336 out dx,ax */ 0xEF, -+ /* 00000337 pop ax */ 0x58, -+ /* 00000338 pop dx */ 0x5A, -+ /* 00000339 push dx */ 0x52, -+ /* 0000033A push ax */ 0x50, -+ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, -+ /* 00000341 out dx,ax */ 0xEF, -+ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000348 out dx,ax */ 0xEF, -+ /* 00000349 pop ax */ 0x58, -+ /* 0000034A pop dx */ 0x5A, -+ /* 0000034B push dx */ 0x52, -+ /* 0000034C push ax */ 0x50, -+ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 00000353 out dx,ax */ 0xEF, -+ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, -+ /* 0000035A out dx,ax */ 0xEF, -+ /* 0000035B pop ax */ 0x58, -+ /* 0000035C pop dx */ 0x5A, -+ /* 0000035D pop ax */ 0x58, -+ /* 0000035E pop dx */ 0x5A, -+ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, -+ /* 00000361 push si */ 0x56, -+ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, -+ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, -+ /* 00000368 pop si */ 0x5E, -+ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -+ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, -+ /* 0000036E push si */ 0x56, -+ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, -+ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, -+ /* 00000375 pop si */ 0x5E, -+ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, -+ /* 00000378 push si */ 0x56, -+ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, -+ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, -+ /* 0000037F pop si */ 0x5E, -+ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, -+ /* 00000382 push si */ 0x56, -+ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, -+ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, -+ /* 00000389 pop si */ 0x5E, -+ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, -+ /* 0000038C jz 0x39d */ 0x74, 0x0F, -+ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, -+ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, -+ /* 00000392 push si */ 0x56, -+ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, -+ /* 00000399 pop si */ 0x5E, -+ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, -+ /* 0000039D mov al,0x30 */ 0xB0, 0x30, -+ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, -+ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, -+ /* 000003A3 push si */ 0x56, -+ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, -+ /* 000003AA pop si */ 0x5E, -+ /* 000003AB iretw */ 0xCF, -+ /* 000003AC push si */ 0x56, -+ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, -+ /* 000003B3 pop si */ 0x5E, -+ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, -+ /* 000003B7 iretw */ 0xCF, -+ /* 000003B8 push si */ 0x56, -+ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, -+ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, -+ /* 000003BF pop si */ 0x5E, -+ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -+ /* 000003C3 iretw */ 0xCF, -+ /* 000003C4 pushaw */ 0x60, -+ /* 000003C5 push ds */ 0x1E, -+ /* 000003C6 push cs */ 0x0E, -+ /* 000003C7 pop ds */ 0x1F, -+ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, -+ /* 000003CB lodsb */ 0xAC, -+ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, -+ /* 000003CE jz 0x3d3 */ 0x74, 0x03, -+ /* 000003D0 out dx,al */ 0xEE, -+ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, -+ /* 000003D3 pop ds */ 0x1F, -+ /* 000003D4 popaw */ 0x61, -+ /* 000003D5 ret */ 0xC3, -+ /* 000003D6 inc bp */ 0x45, -+ /* 000003D7 js 0x442 */ 0x78, 0x69, -+ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, -+ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 000003DE jnc 0x455 */ 0x73, 0x75, -+ /* 000003E0 jo 0x452 */ 0x70, 0x70, -+ /* 000003E2 outsw */ 0x6F, -+ /* 000003E3 jc 0x459 */ 0x72, 0x74, -+ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, -+ /* 000003E9 push bp */ 0x55, -+ /* 000003EA outsb */ 0x6E, -+ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, -+ /* 000003EF outsb */ 0x6E, -+ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, -+ /* 000003F3 outsb */ 0x6E, -+ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, -+ /* 000003F7 outsw */ 0x6F, -+ /* 000003F8 outsb */ 0x6E, -+ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, -+ /* 000003FB inc di */ 0x47, -+ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, -+ /* 000003FF outsb */ 0x6E, -+ /* 00000400 outsd */ 0x66, 0x6F, -+ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000404 inc di */ 0x47, -+ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, -+ /* 00000408 outsw */ 0x6F, -+ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, -+ /* 0000040C outsb */ 0x6E, -+ /* 0000040D outsd */ 0x66, 0x6F, -+ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000411 inc di */ 0x47, -+ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, -+ /* 00000415 outsw */ 0x6F, -+ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000041A push bx */ 0x53, -+ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, -+ /* 0000041E outsw */ 0x6F, -+ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 00000423 push bx */ 0x53, -+ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, -+ /* 00000427 outsw */ 0x6F, -+ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, -+ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, -+ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, -+ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, -+ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, -+ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000043F inc di */ 0x47, -+ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, -+ /* 00000443 insw */ 0x6D, -+ /* 00000444 inc bx */ 0x43, -+ /* 00000445 popaw */ 0x61, -+ /* 00000446 jo 0x4a9 */ 0x70, 0x61, -+ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, -+ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, -+ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000452 push dx */ 0x52, -+ /* 00000453 gs popaw */ 0x65, 0x61, -+ /* 00000455 fs inc bp */ 0x64, 0x45, -+ /* 00000457 fs */ 0x64, -+ /* 00000458 db 0x69 */ 0x69, -+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, - }; - #endif --- -2.18.1 - diff --git a/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch similarity index 90% rename from SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch rename to SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch index eceafaa..ad9dd72 100644 --- a/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +++ b/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -1,8 +1,13 @@ -From a95cff0b9573bf23699551beb4786383f697ff1e Mon Sep 17 00:00:00 2001 +From ed975a4db7c55e49ab9de1a0919baafdce9661e3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 20 Feb 2014 22:54:45 +0100 Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -54,6 +59,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a) (cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2) (cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5) +(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e) --- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -72,5 +78,5 @@ index dffb20822d..0577c43c3d 100644 // // VA_LIST can not initialize to NULL for all compiler, so we use this to -- -2.18.1 +2.27.0 diff --git a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch index e238edb..73d2995 100644 --- a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +++ b/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -1,8 +1,13 @@ -From 82b9edc5fef3a07227a45059bbe821af7b9abd69 Mon Sep 17 00:00:00 2001 +From 6901201d2cd1d943ebd41f3d65102f787540d3c4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 18:40:35 +0100 Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -101,6 +106,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37) (cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51) (cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18) +(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69) --- .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) @@ -158,5 +164,5 @@ index a98b690c8b..ded5513c74 100644 // New modes can be added here. // -- -2.18.1 +2.27.0 diff --git a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 123a180..5fe8ff6 100644 --- a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,9 +1,21 @@ -From bc2266f20de5db1636e09a07e4a72c8dbf505f5a Mon Sep 17 00:00:00 2001 +From 9485b38e5dbfd2e23ea6ad0585e773d7842a1903 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Resolve harmless conflict in "MdeModulePkg/MdeModulePkg.dec", + originating from new upstream commits + - 45bc28172fbf ("MdeModulePkg.dec: Change PCDs for status code.", + 2020-06-18), + - 0785c619a58a ("MdeModulePkg/Bus/Pci/PciBusDxe: Support PCIe Resizable + BAR Capability", 2021-01-04), + - ef23012e5439 ("MdeModulePkg: Change default value of + PcdPcieResizableBarSupport to FALSE", 2021-01-14). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -67,6 +79,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb) (cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc) (cherry picked from commit a11602f5e2ef930be5b693ddfd0c789a1bd4c60c) +(cherry picked from commit bc2266f20de5db1636e09a07e4a72c8dbf505f5a) --- MdeModulePkg/MdeModulePkg.dec | 4 +++ .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ @@ -74,12 +87,12 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index 031043ec28..3978a500e5 100644 +index ba2d0290e7..ff70d6e6eb 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -1998,6 +1998,10 @@ - # @Prompt TCG Platform Firmware Profile revision. - gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077 +@@ -2046,6 +2046,10 @@ + # @Prompt Enable PCIe Resizable BAR Capability support. + gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024 + ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal + # mode change. @@ -164,5 +177,5 @@ index b2a8aeba85..eff6253465 100644 # [Event] # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. -- -2.18.1 +2.27.0 diff --git a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 5837240..6e2689a 100644 --- a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,8 +1,21 @@ -From 51e0de961029af84b5bdbfddcc9762b1819d500f Mon Sep 17 00:00:00 2001 +From 1165bbcec94a97cf1d1509df8210feb2e1db00c5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + + We've always patched all those DSC/FDF files in OvmfPkg down-stream that + made sense at least in theory on QEMU. (For example, we've always + patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never + build or ship the pure IA32 firmware platform.) Follow suit with + "AmdSevX64.dsc". + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -51,19 +64,33 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853) (cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2) (cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f) +(cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f) --- + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/PlatformPei/Platform.c | 1 + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + - 5 files changed, 5 insertions(+) + 6 files changed, 6 insertions(+) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 52bcae6cf6..0a8cb7fd3b 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -534,6 +534,7 @@ + [PcdsDynamicDefault] + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index f8317a4f5d..6ce8a46d4e 100644 +index d8f03caa30..e6df324c7c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -574,6 +574,7 @@ +@@ -594,6 +594,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -72,10 +99,10 @@ index f8317a4f5d..6ce8a46d4e 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 55423d356c..89d414cda7 100644 +index 312577ebae..8104fe0218 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -580,6 +580,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -84,10 +111,10 @@ index 55423d356c..89d414cda7 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 17aeeed96e..e567eb76e0 100644 +index d72a00e6b4..3c8b2649a8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -578,6 +578,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -108,10 +135,10 @@ index 96468701e3..14efbabe39 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index ff397b3ee9..3a012a7fa4 100644 +index 6ef77ba7bb..22425d34c0 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -93,6 +93,7 @@ +@@ -97,6 +97,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration @@ -120,5 +147,5 @@ index ff397b3ee9..3a012a7fa4 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack -- -2.18.1 +2.27.0 diff --git a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 525137d..aeb9736 100644 --- a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,8 +1,13 @@ -From a5f7a57bf390f1f340ff1d1f1884a73716817ef1 Mon Sep 17 00:00:00 2001 +From 3f9662c435278564640be672f0c4e17e535f1765 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -80,6 +85,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806) (cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04) (cherry picked from commit 8338545260fbb423f796d5196faaaf8ff6e1ed99) +(cherry picked from commit a5f7a57bf390f1f340ff1d1f1884a73716817ef1) --- ArmVirtPkg/ArmVirtQemu.dsc | 7 +++- .../TerminalPcdProducerLib.c | 34 +++++++++++++++++++ @@ -89,10 +95,10 @@ Signed-off-by: Laszlo Ersek create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 360094ab6a..3345987503 100644 +index 54d637163c..41a26c8d18 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -272,6 +272,8 @@ +@@ -280,6 +280,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 !endif @@ -101,7 +107,7 @@ index 360094ab6a..3345987503 100644 [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS -@@ -374,7 +376,10 @@ +@@ -382,7 +384,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf @@ -193,5 +199,5 @@ index 0000000000..a51dbd1670 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES -- -2.18.1 +2.27.0 diff --git a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch index 456b8ce..165dd67 100644 --- a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ b/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -1,9 +1,27 @@ -From c2812d7189dee06c780f05a5880eb421c359a687 Mon Sep 17 00:00:00 2001 +From e9d9e73c317b256c0bdc6530b82a6a625d7d54db Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:53 +0100 Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- No manual / explicit code change is necessary, because the newly + inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL + build-time macro (feature test flag), with default value FALSE -- from + upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume + Package", 2020-12-14). + +- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg: + enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg: + introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by + git-cherry-pick. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -42,14 +60,7 @@ Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - no changes -Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com> -Patchwork-id: 62119 -O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell - from the firmware image (RH only) Bugzilla: 1147592 -Acked-by: Andrew Jones -Acked-by: Gerd Hoffmann -Acked-by: Vitaly Kuznetsov When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell binary from the firmware image. @@ -92,6 +103,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687) (cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4) (cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e) +(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687) --- OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ @@ -99,16 +111,17 @@ Signed-off-by: Laszlo Ersek 3 files changed, 6 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index ec64551bcb..44178a0da7 100644 +index e3b1d74ce2..969524cf3b 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -288,11 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -293,12 +293,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -117,16 +130,17 @@ index ec64551bcb..44178a0da7 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 2f02ac2d73..06259c43d2 100644 +index f7732382d4..36f078556f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -294,12 +294,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -135,16 +149,17 @@ index 2f02ac2d73..06259c43d2 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 2f02ac2d73..06259c43d2 100644 +index 137ed6bceb..a5900d8377 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -306,12 +306,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -153,5 +168,5 @@ index 2f02ac2d73..06259c43d2 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch index 63c187c..590baed 100644 --- a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +++ b/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -1,8 +1,13 @@ -From c75aea7a738ac7fb944c0695a4bfffc3985afaa9 Mon Sep 17 00:00:00 2001 +From 6d968342cbfa40a8192cee7c685e1c794e6053df Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:49:43 +0200 Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -60,15 +65,16 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1) (cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2) (cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc) +(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9) --- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec -index 696d636aac..1553e1ae92 100644 +index 3a25ddcdc8..b2b58553c7 100644 --- a/ArmPlatformPkg/ArmPlatformPkg.dec +++ b/ArmPlatformPkg/ArmPlatformPkg.dec -@@ -104,6 +104,13 @@ +@@ -121,6 +121,13 @@ ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 @@ -83,5 +89,5 @@ index 696d636aac..1553e1ae92 100644 ## PL031 RealTimeClock gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 -- -2.18.1 +2.27.0 diff --git a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch index 85e32b4..affbde1 100644 --- a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +++ b/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -1,9 +1,14 @@ -From 49fe5596cd79c94d903c4d506c563d642ccd69aa Mon Sep 17 00:00:00 2001 +From e46d1e3f4c9b301acfa15fa4089661947e8742a4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:59:20 +0200 Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial port (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -58,6 +63,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de) (cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf) (cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453) +(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa) --- ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ @@ -67,7 +73,7 @@ Signed-off-by: Laszlo Ersek 5 files changed, 15 insertions(+) diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c -index d379ad8b7a..ff1672f94d 100644 +index 859f1adf20..cf9e65bb7c 100644 --- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c @@ -111,6 +111,11 @@ PrimaryMain ( @@ -83,7 +89,7 @@ index d379ad8b7a..ff1672f94d 100644 // Enable the GIC Distributor diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c -index 1500d2bd51..5b0790beac 100644 +index 220f9b5680..158cc34c77 100644 --- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c @@ -29,6 +29,11 @@ PrimaryMain ( @@ -99,7 +105,7 @@ index 1500d2bd51..5b0790beac 100644 // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -index 7140c7f5b5..1d69a2b468 100644 +index 7b155a8a61..e9e283f9ec 100644 --- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h @@ -15,6 +15,7 @@ @@ -135,5 +141,5 @@ index e9eb092d3a..c98dc82f0c 100644 + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack -- -2.18.1 +2.27.0 diff --git a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch index 8f3a510..5e4f5c9 100644 --- a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch +++ b/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -1,8 +1,13 @@ -From 72550e12ae469012a505bf5b98a6543a754028d3 Mon Sep 17 00:00:00 2001 +From b14a92fafb171ad4a47598076bd028e5cf33ac28 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 14:07:17 +0200 Subject: ArmVirtPkg: set early hello message (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -55,15 +60,16 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18) (cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a) (cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b) +(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3) --- ArmVirtPkg/ArmVirtQemu.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 3345987503..57c5b3f898 100644 +index 41a26c8d18..971422411d 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -125,6 +125,7 @@ +@@ -132,6 +132,7 @@ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) [PcdsFixedAtBuild.common] @@ -72,5 +78,5 @@ index 3345987503..57c5b3f898 100644 gArmTokenSpaceGuid.PcdVFPEnabled|1 !endif -- -2.18.1 +2.27.0 diff --git a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 63b794d..51c0342 100644 --- a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,8 +1,19 @@ -From 5ecc18badaabe774d9d0806b027ab63a30c6a2d7 Mon Sep 17 00:00:00 2001 +From 1771ff7479664c05884dab5a34d128cf8b01086f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -31,14 +42,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-5-pbonzini@redhat.com> -Patchwork-id: 77760 -O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed debug messages, and code in OvmfPkg logs many messages on the @@ -52,17 +56,32 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027) (cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50) (cherry picked from commit 3cb92f9ba18ac79911bd5258ff4f949cc617ae89) +(cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7) --- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 0a8cb7fd3b..6e8defe5c7 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -486,7 +486,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !if $(SOURCE_DEBUG_ENABLE) == TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 6ce8a46d4e..765ffff312 100644 +index e6df324c7c..52cd87f698 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -516,7 +516,7 @@ +@@ -534,7 +534,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -72,10 +91,10 @@ index 6ce8a46d4e..765ffff312 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 89d414cda7..277297a964 100644 +index 8104fe0218..214195a594 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -520,7 +520,7 @@ +@@ -538,7 +538,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -85,10 +104,10 @@ index 89d414cda7..277297a964 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e567eb76e0..5c1597fe3c 100644 +index 3c8b2649a8..02aad65b00 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -520,7 +520,7 @@ +@@ -540,7 +540,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -98,5 +117,5 @@ index e567eb76e0..5c1597fe3c 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -- -2.18.1 +2.27.0 diff --git a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index 4e1464b..4cea103 100644 --- a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,9 +1,20 @@ -From 1355849ad97c1e4a5c430597a377165a5cc118f7 Mon Sep 17 00:00:00 2001 +From 4b2a35ab1d659068d47baaf1dd5b2918ba8a2573 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in QemuVideoDxe/QemuRamfbDxe (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -39,15 +50,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-6-pbonzini@redhat.com> -Patchwork-id: 77761 -O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - QemuVideoDxe (RH only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to @@ -70,17 +73,40 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1) (cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850) (cherry picked from commit c8c3f893e7c3710afe45c46839e97954871536e4) +(cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7) --- - OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- - 3 files changed, 24 insertions(+), 6 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- + 4 files changed, 32 insertions(+), 8 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 6e8defe5c7..568ca369e6 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -747,8 +747,14 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 765ffff312..f5c6cceb4f 100644 +index 52cd87f698..52fd057c90 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -811,9 +811,15 @@ +@@ -842,9 +842,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -99,10 +125,10 @@ index 765ffff312..f5c6cceb4f 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 277297a964..c1e52b0acd 100644 +index 214195a594..653849cc7a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -825,9 +825,15 @@ +@@ -856,9 +856,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -121,10 +147,10 @@ index 277297a964..c1e52b0acd 100644 # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 5c1597fe3c..e65165b9f0 100644 +index 02aad65b00..5275f2502b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -821,9 +821,15 @@ +@@ -854,9 +854,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -143,5 +169,5 @@ index 5c1597fe3c..e65165b9f0 100644 # -- -2.18.1 +2.27.0 diff --git a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index cf0bf21..18d30be 100644 --- a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,9 +1,14 @@ -From e7f57f154439c1c18ea5030b01f8d7bc492698b2 Mon Sep 17 00:00:00 2001 +From 251653ccf48a973481bb8c90161cccde50c78ad5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -49,16 +54,17 @@ Signed-off-by: Philippe Mathieu-Daude (cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc) Signed-off-by: Laszlo Ersek (cherry picked from commit e5b8152bced2364a1ded0926dbba4d65e23e3f84) +(cherry picked from commit e7f57f154439c1c18ea5030b01f8d7bc492698b2) --- ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++- ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 57c5b3f898..dda887b2ae 100644 +index 971422411d..d2a2fdac8e 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -494,7 +494,10 @@ +@@ -504,7 +504,10 @@ # # Video support # @@ -71,10 +77,10 @@ index 57c5b3f898..dda887b2ae 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index d186263e18..711dd63e20 100644 +index f598ac6a85..7e50ce8b3b 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -427,7 +427,10 @@ +@@ -434,7 +434,10 @@ # # Video support # @@ -87,5 +93,5 @@ index d186263e18..711dd63e20 100644 OvmfPkg/PlatformDxe/Platform.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index 6b41eff..e75701e 100644 --- a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,9 +1,14 @@ -From deb3451034326b75fd760aba47a5171493ff055e Mon Sep 17 00:00:00 2001 +From bacf42ebf768aebb8c2b36fb52d154daf19c0c74 Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent builds (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -35,6 +40,7 @@ Signed-off-by: Philippe Mathieu-Daude (cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7) Signed-off-by: Laszlo Ersek (cherry picked from commit aa2b66b18a62d652bdbefae7b5732297294306ca) +(cherry picked from commit deb3451034326b75fd760aba47a5171493ff055e) --- OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 + @@ -85,5 +91,5 @@ index e3890b8c20..6ffee5acb2 100644 FrameBufferBltLib MemoryAllocationLib -- -2.18.1 +2.27.0 diff --git a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index c01b00b..d08e6fd 100644 --- a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,9 +1,20 @@ -From ed89844b47f46cfe911f1bf2bda40e537a908502 Mon Sep 17 00:00:00 2001 +From 41c61737a6ead56c36edabd1b2e685a04c2e81c6 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -30,15 +41,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-7-pbonzini@redhat.com> -Patchwork-id: 77759 -O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - NvmExpressDxe (RH only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE level. @@ -51,17 +54,35 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6) (cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958) (cherry picked from commit b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6) +(cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502) --- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- - OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 3 files changed, 12 insertions(+), 3 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 4 files changed, 16 insertions(+), 4 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 568ca369e6..fb00b12f8c 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -741,7 +741,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index f5c6cceb4f..e8868136d8 100644 +index 52fd057c90..119267e3c8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -804,7 +804,10 @@ +@@ -835,7 +835,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -74,10 +95,10 @@ index f5c6cceb4f..e8868136d8 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index c1e52b0acd..d05275a324 100644 +index 653849cc7a..166c9f1fef 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -818,7 +818,10 @@ +@@ -849,7 +849,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -90,10 +111,10 @@ index c1e52b0acd..d05275a324 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e65165b9f0..cac4cecf18 100644 +index 5275f2502b..19d0944a72 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -814,7 +814,10 @@ +@@ -847,7 +847,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -106,5 +127,5 @@ index e65165b9f0..cac4cecf18 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch b/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch index 2233cea..9310962 100644 --- a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch +++ b/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch @@ -1,9 +1,88 @@ -From 56c4bb81b311dfcee6a34c81d3e4feeda7f88995 Mon Sep 17 00:00:00 2001 +From 7e6817e96a15f9ce32f0c9cf6326bb682672724c Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sat, 16 Nov 2019 17:11:27 +0100 Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257 + +- Recreate the patch based on downstream commits: + + - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files + in the INFs (RH)", 2020-06-05), + - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", + 2020-11-23), + - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ / + RHEL-8.4", 2020-11-23). + + (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2 + consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2 + ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)). + + Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF + files, namely + + - CryptoPkg/Library/OpensslLib/OpensslLib.inf + - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + + in the following commits only: + + - be01087e0780 ("CryptoPkg/Library: Remove the redundant build + option", 2020-08-12), which did not affect the source file list at + all, + + - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate + entropy in rand_pool", 2020-09-18), which replaced some of the + *edk2-specific* "rand_pool_noise" source files with an RngLib + dependency. + + This means that the list of required, actual OpenSSL source files + has not changed in upstream edk2 since our downstream edk2 commit + e81751a1c303. + + (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303), + downstream edk2's OpenSSL dependency was satisfied with RHEL-8 + OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be + shipped in RHEL-8.3.0.z", 2020-10-23). + + Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced + (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k", + 2021-05-25), which is the current head of the rhel-8.5.0 branch. + (See also .) + + At both dist-git bdd048e929dc and dist-git a75722161d20, I built the + respective RHEL-8 OpenSSL *source* RPM, and prepped the respective + source tree, with "rpmbuild -bp". Subsequently I compared the + prepped source trees recursively. + + - The following files disappeared: + + - 29 backup files created by "patch", + + - the assembly generator perl script called + "ecp_nistz256-avx2.pl", which is not used during the build. + + - The following new files appeared: + + - 18 files directly or indirectly under the "test" subdirectory, + which are not used during the build, + + - 5 backup files created by "patch", + + - 2 DCL scripts used when building OpenSSL on OpenVMS. + + This means that the total list of RHEL-8 OpenSSL source files has + not changed in RHEL-8 OpenSSL dist-git since our downstream edk2 + commit 3e3fe5e62079. + + As a result, copy the "RHEL8-specific OpenSSL file list" sections + verbatim from the INF files, at downstream commit e81751a1c303. (I used + the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.) + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -45,18 +124,19 @@ Note: "process_files.pl" is not re-run at this time manually, because Signed-off-by: Laszlo Ersek (cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40) +(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995) --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index c8ec9454bd..24e790b538 100644 +index b00bb74ce6..71e32f26ea 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -570,6 +570,17 @@ $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_locl.h + $(OPENSSL_PATH)/ssl/statem/statem_local.h # Autogenerated files list ends here +# RHEL8-specific OpenSSL file list starts here + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c @@ -70,10 +150,10 @@ index c8ec9454bd..24e790b538 100644 + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h - rand_pool_noise.h ossl_store.c + rand_pool.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index 2f232e3e12..52e70a2d03 100644 +index 3557711bd8..003dcbad7a 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -519,6 +519,17 @@ @@ -92,8 +172,8 @@ index 2f232e3e12..52e70a2d03 100644 + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h - rand_pool_noise.h ossl_store.c + rand_pool.c -- -2.18.1 +2.27.0 diff --git a/SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch similarity index 79% rename from SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch rename to SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 63910e8..1533000 100644 --- a/SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,20 +1,17 @@ -From 9adcdf493ebbd11efb74e2905ab5f6c8996e096d Mon Sep 17 00:00:00 2001 +From 29be717a1ae0a2617a7ae95698940286201d1612 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 -Subject: [PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no - "-kernel" in silent aa64 build (RH) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in + silent aa64 build (RH) + +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From, + RH-Acked-by, RH-Author (RHBZ#1846481). -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-2-lersek@redhat.com> -Patchwork-id: 97532 -O-Subject: [RHEL-8.3.0 edk2 PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in silent aa64 build (RH) Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé If the "-kernel" QEMU option is not used, then QemuKernelLoaderFsDxe should return EFI_NOT_FOUND, so that the DXE Core can unload it. However, @@ -28,6 +25,7 @@ ExitBootServices(). Signed-off-by: Laszlo Ersek Signed-off-by: Miroslav Rezanina +(cherry picked from commit 9adcdf493ebbd11efb74e2905ab5f6c8996e096d) --- .../QemuKernelLoaderFsDxe.c | 17 +++++++++++++++++ .../QemuKernelLoaderFsDxe.inf | 1 + diff --git a/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch b/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch deleted file mode 100644 index 4947710..0000000 --- a/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch +++ /dev/null @@ -1,83 +0,0 @@ -From bf88198555ce964377a56176de8e5e9b45e43e25 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Sat, 6 Jun 2020 01:16:09 +0200 -Subject: OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from - LoadImage() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- new patch - -- the patch is being upstreamed; it's not a backport because the rebase - deadline is close - -- upstream references: - - https://bugzilla.tianocore.org/show_bug.cgi?id=2785 - - http://mid.mail-archive.com/20200605235242.32442-1-lersek@redhat.com - - https://edk2.groups.io/g/devel/message/60825 - - https://www.redhat.com/archives/edk2-devel-archive/2020-June/msg00344.html - -[downstream note ends, upstream commit message starts] - -When an image fails Secure Boot validation, LoadImage() returns -EFI_SECURITY_VIOLATION if the platform policy is -DEFER_EXECUTE_ON_SECURITY_VIOLATION. - -If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then -LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain -loaded). - -(Before , this -difference would be masked, as DxeImageVerificationLib would incorrectly -return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as -well.) - -In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon -seeing EFI_ACCESS_DENIED too. - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785 -Signed-off-by: Laszlo Ersek ---- - .../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -index ef753be7ea..931553c0c1 100644 ---- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -@@ -320,15 +320,21 @@ QemuLoadKernelImage ( - - case EFI_SECURITY_VIOLATION: - // -- // We are running with UEFI secure boot enabled, and the image failed to -- // authenticate. For compatibility reasons, we fall back to the legacy -- // loader in this case. Since the image has been loaded, we need to unload -- // it before proceeding -+ // Since the image has been loaded, we need to unload it before proceeding -+ // to the EFI_ACCESS_DENIED case below. - // - gBS->UnloadImage (KernelImageHandle); - // - // Fall through - // -+ case EFI_ACCESS_DENIED: -+ // -+ // We are running with UEFI secure boot enabled, and the image failed to -+ // authenticate. For compatibility reasons, we fall back to the legacy -+ // loader in this case. -+ // -+ // Fall through -+ // - case EFI_UNSUPPORTED: - // - // The image is not natively supported or cross-type supported. Let's try --- -2.18.1 - diff --git a/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch b/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch deleted file mode 100644 index 21fa333..0000000 --- a/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 74e5313dfa6719f7990c7e175e035d17c9b3f657 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 5 Jun 2020 23:44:43 +0200 -Subject: Revert "OvmfPkg: use generic QEMU image loader for secure boot - enabled builds" - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- new patch (to be dropped later, hopefully) - -This reverts commit ced77332cab626f35fbdb36630be27303d289d79. - -Upstream commit ced77332cab6 ("OvmfPkg: use generic QEMU image loader for -secure boot enabled builds", 2020-03-05) changes the "Secure Boot threat -model" in a way that is incompatible with at least two use cases. - -Namely, OVMF has always considered kernel images direct-booted via fw_cfg -as trusted, bypassing Secure Boot validation. While that approach is -rooted in a technicality (namely, OVMF doesn't load such images with the -LoadImage() UEFI boot service / through the UEFI stub, but with the -Linux/x86 Boot Protocol), that doesn't mean it's wrong. The direct-booted -kernel from fw_cfg comes from the host side, and Secure Boot in the guest -is a barrier between the guest firmware and the guest operating system -- -it's not a barrier between host and guest. - -Upstream commit ced77332cab6 points out that the above (historical) OVMF -behavior differs from ArmVirtQemu's -- the latter direct-boots kernels -from fw_cfg with the LoadImage() / StartImage() boot services. While that -difference indeed exists between OVMF and ArmVirtQemu, it's not relevant -for RHEL downstream. That's because we never build the ArmVirtQemu -firmware with the Secure Boot feature, so LoadImage() can never reject the -direct-booted kernel due to a signing issue. - -Subjecting a kernel direct-booted via fw_cfg to Secure Boot verification -breaks at least two use cases with OVMF: - -- It breaks the %check stage in the SPEC file. - - In that stage, we use the "ovmf-vars-generator" utility from the - "qemu-ovmf-secureboot" project, for verifying whether the Secure Boot - operational mode is enabled. The guest kernel is supposed to boot, and - to print "Secure boot enabled". - - As guest kernel, we pick whatever host kernel is available in the Brew - build root. The kernel in question may be a publicly released RHEL - kernel, signed with "Red Hat Secure Boot (signing key 1)", or a - development build, signed for example with "Red Hat Secure Boot Signing - 3 (beta)". Either way, none of these keys are accepted by the - certificates that were enrolled by "ovmf-vars-generator" / - "EnrollDefaultKeys.efi" in the %build stage. Therefore, the %check stage - fails. - -- It breaks "virt-install --location NETWORK-URL" Linux guest - installations, if the variable store template used for the new domain - has the Secure Boot operational mode enabled. "virt-install --location" - fetches the kernel from the remote OS tree, and passes it to the guest - firmware via fw_cfg. Therefore the above symptom appears (even for - publicly released OSes). - - Importantly, if the user downloads the installer ISO of the publicly - released Fedora / RHEL OS, and exposes the ISO to the guest for example - as a virtio-scsi CD-ROM, then the installation with "virt-install" - (without "--location") does succeed. That's because that way, "shim" is - booted first, from the UEFI-bootable CD-ROM. "Shim" does pass Secure - Boot verification against the Microsoft certificates, and then it is - "shim" that accepts the "Red Hat Secure Boot (signing key 1)" signature - on the guest kernel. - -Some ways to approach this problem (without reverting upstream commit -ced77332cab6): - -- Equip "ovmf-vars-generator" / "EnrollDefaultKeys.efi" to enroll the - public half of "Red Hat Secure Boot (signing key 1)" in the %build - stage. Use a publicly released RHEL kernel in the %check stage. - - Downsides: - - - The Brew build root does not offer any particular released RHEL - kernel, so either the %check stage would have to download it, or the - SRPM would have to bundle it. However, Brew build environments do not - have unfettered network access (rightly so), so the download wouldn't - work. Furthermore, for bundling with the SRPM, such a kernel image - could be considered too large. - - - Does not solve the "virt-install --location" issue for other vendors' - signed kernels. - -- Invoke "ovmf-vars-generator" / "EnrollDefaultKeys.efi" multiple times - during %build, to create multiple varstore templates. One that would - accept publicly released RHEL kernels, and another to accept development - kernels. Don't try to use a particular guest kernel for verification; - instead, check what kernel Brew offers in the build environment, and use - the varstore template matching *that* kernel. - - Downsides: - - - It may be considered useless to perform %check with a varstore - template that is *not* the one that we ship. - - - Does not solve the "virt-install --location" issue for other vendors' - signed kernels. - -- Sign the RHEL kernels such that the currently enrolled certificates - accept them. - - Downsides: - - - Not feasible at all; it would require Microsoft to sign our kernels. - "Shim" exists exactly to eliminate such signing requirements. - -- Modify "virt-install --location NETWORK-URL" such that it download a - complete (UEFI-bootable) installer ISO image, rather than broken-out - vmlinuz / initrd files. In other words, replace direct (fw_cfg) kernel - boot with a CD-ROM / "shim" boot, internally to "virt-install". - - Downsides: - - - Defeats the goal of "virt-install --location NETWORK-URL", and defeats - the network installation method of (for example) Anaconda. - -For now, revert upstream commit ced77332cab6, in order to return to the -model we had used in RHEL-8.2 and before. The following ticket has been -filed to investigate the problem separately: -. - -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/OvmfPkgIa32.dsc | 4 ---- - OvmfPkg/OvmfPkgIa32X64.dsc | 4 ---- - OvmfPkg/OvmfPkgX64.dsc | 4 ---- - 3 files changed, 12 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index e8868136d8..5b1e757cb9 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -379,11 +379,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d05275a324..5dffc32105 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -383,11 +383,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index cac4cecf18..a2a76fdeea 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -383,11 +383,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf --- -2.18.1 - diff --git a/SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch similarity index 77% rename from SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch rename to SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 7586124..3cc5803 100644 --- a/SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,20 +1,17 @@ -From cbce29f7749477e271f9764fed82de94724af5df Mon Sep 17 00:00:00 2001 +From dc27035d2a8ca09dc5b0113c97a643341f286c08 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 -Subject: [PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent - aa64 build (RH) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build + (RH) + +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From, + RH-Acked-by, RH-Author (RHBZ#1846481). -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-4-lersek@redhat.com> -Patchwork-id: 97534 -O-Subject: [RHEL-8.3.0 edk2 PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build (RH) Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé If swtpm / vTPM2 is not being used, Tcg2Dxe should return EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the associated error message, @@ -27,13 +24,14 @@ guest RAM still gets freed after ExitBootServices(). Signed-off-by: Laszlo Ersek Signed-off-by: Miroslav Rezanina +(cherry picked from commit cbce29f7749477e271f9764fed82de94724af5df) --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 +++++++++++++++++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c -index 9a5f987e68..da2153cb25 100644 +index 6d17616c1c..f1a97d4b2d 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -68,7 +66,7 @@ index 9a5f987e68..da2153cb25 100644 } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -index 576cf80d06..851471afb7 100644 +index 7dc7a2683d..3bc8833931 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -55,6 +55,7 @@ diff --git a/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch b/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch deleted file mode 100644 index 7280197..0000000 --- a/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch +++ /dev/null @@ -1,386 +0,0 @@ -From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001 -From: Guomin Jiang -Date: Fri, 10 Jul 2020 09:47:31 +0800 -Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g -RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2) -RH-Bugzilla: 1893806 - ---v-- RHEL8 notes --v-- - -- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream - edk2's OpenSSL submodule reference, has been stripped from this - backport. (Refer to downstream commit c5d729df70f8 ("remove upstream - edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The - corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent - patch in this series. - - This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept - separate for easing the next rebase, even at the cost of introducing a - brief interval in the git history where the downstream exploded tree - does not build. - -- Contextual difference in "OpensslLib.inf" due to downstream commit - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files - in the INFs (RH)", 2020-06-05); automatically resolved by - git-cherry-pick. - ---^-- RHEL8 notes --^-- - -Upgrade openssl to 1.1.1g. the directory have been reorganized, -openssl moved crypto/include/internal to include/crypto folder. -So we change directory to match the re-organization. - -The dso_conf.h and opensslconf.h will generated in UNIX format, -change process_files.pl to covent the EOL automatically. - -Cc: Jian J Wang -Cc: Xiaoyu Lu -Signed-off-by: Guomin Jiang -Reviewed-by: Laszlo Ersek -Tested-by: Laszlo Ersek -Reviewed-by: Jian J Wang -(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac) -Signed-off-by: Laszlo Ersek ---- - CryptoPkg/CryptoPkg.dec | 1 - - .../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +- - .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +- - .../Include/{internal => crypto}/dso_conf.h | 32 +++++----- - .../Library/Include/openssl/opensslconf.h | 3 - - CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++---------- - .../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++-------- - CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++--- - CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +- - 9 files changed, 90 insertions(+), 87 deletions(-) - rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%) - -diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec -index 4d1a1368a8..5888941bab 100644 ---- a/CryptoPkg/CryptoPkg.dec -+++ b/CryptoPkg/CryptoPkg.dec -@@ -23,7 +23,6 @@ - Private - Library/Include - Library/OpensslLib/openssl/include -- Library/OpensslLib/openssl/crypto/include - - [LibraryClasses] - ## @libraryclass Provides basic library functions for cryptographic primitives. -diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -index eacf4826c4..235331c2a0 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - **/ - - #include "InternalCryptLib.h" --#include "internal/sm3.h" -+#include "crypto/sm3.h" - - /** - Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. -diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -index 229c244b26..c9fdb65b99 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -@@ -15,13 +15,13 @@ - #include - #include - #include --#include -+#include - #include - #include - #include - #include - #include --#include -+#include - - /** - This function will return the leaf signer certificate in a chain. This is -diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h -similarity index 76% -rename from CryptoPkg/Library/Include/internal/dso_conf.h -rename to CryptoPkg/Library/Include/crypto/dso_conf.h -index 43c891588b..95f4db2b15 100644 ---- a/CryptoPkg/Library/Include/internal/dso_conf.h -+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h -@@ -1,16 +1,16 @@ --/* WARNING: do not edit! */ --/* Generated from crypto/include/internal/dso_conf.h.in */ --/* -- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_DSO_CONF_H --# define HEADER_DSO_CONF_H --# define DSO_NONE --# define DSO_EXTENSION ".so" --#endif -+/* WARNING: do not edit! */ -+/* Generated from include/crypto/dso_conf.h.in */ -+/* -+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#ifndef OSSL_CRYPTO_DSO_CONF_H -+# define OSSL_CRYPTO_DSO_CONF_H -+# define DSO_NONE -+# define DSO_EXTENSION ".so" -+#endif -diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h -index 62c2736cb0..3a2544ea5c 100644 ---- a/CryptoPkg/Library/Include/openssl/opensslconf.h -+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h -@@ -247,9 +247,6 @@ extern "C" { - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - # define OPENSSL_NO_DYNAMIC_ENGINE - #endif --#ifndef OPENSSL_NO_AFALGENG --# define OPENSSL_NO_AFALGENG --#endif - - - /* -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index 24e790b538..4c21b11d0a 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -@@ -477,45 +477,45 @@ - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/ssl/bio_ssl.c -@@ -562,13 +562,13 @@ - $(OPENSSL_PATH)/ssl/t1_trce.c - $(OPENSSL_PATH)/ssl/tls13_enc.c - $(OPENSSL_PATH)/ssl/tls_srp.c -- $(OPENSSL_PATH)/ssl/packet_locl.h -+ $(OPENSSL_PATH)/ssl/packet_local.h - $(OPENSSL_PATH)/ssl/ssl_cert_table.h -- $(OPENSSL_PATH)/ssl/ssl_locl.h -+ $(OPENSSL_PATH)/ssl/ssl_local.h - $(OPENSSL_PATH)/ssl/record/record.h -- $(OPENSSL_PATH)/ssl/record/record_locl.h -+ $(OPENSSL_PATH)/ssl/record/record_local.h - $(OPENSSL_PATH)/ssl/statem/statem.h -- $(OPENSSL_PATH)/ssl/statem/statem_locl.h -+ $(OPENSSL_PATH)/ssl/statem/statem_local.h - # Autogenerated files list ends here - # RHEL8-specific OpenSSL file list starts here - $(OPENSSL_PATH)/crypto/evp/kdf_lib.c -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index 52e70a2d03..0c3b210d6a 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -@@ -477,45 +477,45 @@ - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - # Autogenerated files list ends here -diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl -index 65d07a2aed..57ce195394 100755 ---- a/CryptoPkg/Library/OpensslLib/process_files.pl -+++ b/CryptoPkg/Library/OpensslLib/process_files.pl -@@ -111,8 +111,8 @@ BEGIN { - # Generate dso_conf.h per config data - system( - "perl -I. -Mconfigdata util/dofile.pl " . -- "crypto/include/internal/dso_conf.h.in " . -- "> include/internal/dso_conf.h" -+ "include/crypto/dso_conf.h.in " . -+ "> include/crypto/dso_conf.h" - ) == 0 || - die "Failed to generate dso_conf.h!\n"; - -@@ -263,14 +263,21 @@ print "Done!"; - # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration - # - print "\n--> Duplicating opensslconf.h into Include/openssl ... "; --copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", -- $OPENSSL_PATH . "/../../Include/openssl/") || -- die "Cannot copy opensslconf.h!"; -+system( -+ "perl -pe 's/\\n/\\r\\n/' " . -+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " . -+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h" -+ ) == 0 || -+ die "Cannot copy opensslconf.h!"; - print "Done!"; --print "\n--> Duplicating dso_conf.h into Include/internal ... "; --copy($OPENSSL_PATH . "/include/internal/dso_conf.h", -- $OPENSSL_PATH . "/../../Include/internal/") || -- die "Cannot copy dso_conf.h!"; -+ -+print "\n--> Duplicating dso_conf.h into Include/crypto ... "; -+system( -+ "perl -pe 's/\\n/\\r\\n/' " . -+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" . -+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h" -+ ) == 0 || -+ die "Cannot copy dso_conf.h!"; - print "Done!\n"; - - print "\nProcessing Files Done!\n"; -diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c -index 9f3983f7c3..9e0179b034 100644 ---- a/CryptoPkg/Library/OpensslLib/rand_pool.c -+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - **/ - --#include "internal/rand_int.h" -+#include "crypto/rand.h" - #include - - #include --- -2.27.0 - diff --git a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch new file mode 100644 index 0000000..321d5c4 --- /dev/null +++ b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch @@ -0,0 +1,73 @@ +From 9596c779a27b4ae2261aadd91b8dac8ed7546f38 Mon Sep 17 00:00:00 2001 +From: Neal Gompa +Date: Mon, 5 Jul 2021 05:36:03 -0400 +Subject: [PATCH] MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI + spec +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +RH-MergeRequest: 6: MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec [rhel-8.5.0, post-rebase] +RH-Commit: [1/1] 1fef74489947c81e26e5afb7c933c80beb641751 +RH-Bugzilla: 1988762 +RH-Acked-by: Miroslav Rezanina + +Per UEFI Spec 2.8 (UEFI_Spec_2_8_final.pdf, page 114) +5.2.3 Protective MBR +Table 20. Protective MBR Partition Record protecting the entire disk + +The description for BootIndicator states the following: + +> Set to 0x00 to indicate a non-bootable partition. If set to any +> value other than 0x00 the behavior of this flag on non-UEFI +> systems is undefined. Must be ignored by UEFI implementations. + +Unfortunately, we have been incorrectly assuming that the +BootIndicator value must be 0x00, which leads to problems +when the 'pmbr_boot' flag is set on a disk containing a GPT +(such as with GNU parted). When the flag is set, the value +changes to 0x01, causing this check to fail and the system +is rendered unbootable despite it being valid from the +perspective of the UEFI spec. + +To resolve this, we drop the check for the BootIndicator +so that we stop caring about the value set there, which +restores the capability to boot such disks. + +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3474 + +Cc: Chris Murphy +Cc: David Duncan +Cc: Lazlo Ersek +Cc: Hao A Wu +Cc: Ray Ni +Cc: Zhichao Gao + +Signed-off-by: Neal Gompa +Message-Id: <20210705093603.575707-1-ngompa@fedoraproject.org> +Reviewed-by: Laszlo Ersek +Reviewed-by: Hao A Wu +(cherry picked from commit b3db0cb1f8d163f22b769c205c6347376a315dcd) +Signed-off-by: Philippe Mathieu-Daude +--- + MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +index aefb2d6ecb..efaff5e080 100644 +--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c ++++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +@@ -264,8 +264,7 @@ PartitionInstallGptChildHandles ( + // Verify that the Protective MBR is valid + // + for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) { +- if (ProtectiveMbr->Partition[Index].BootIndicator == 0x00 && +- ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && ++ if (ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && + UNPACK_UINT32 (ProtectiveMbr->Partition[Index].StartingLBA) == 1 + ) { + break; +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch new file mode 100644 index 0000000..6828cd7 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch @@ -0,0 +1,95 @@ +From 1e6a8c43241febbec56ffc2141c55d8de34e13e6 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:55 +0200 +Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always + succeeds +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [6/10] 2f697819ce0731f99f95f29a3b30c777b754db37 +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +IScsiBinToHex() is called for encoding: + +- the answer to the target's challenge; that is, CHAP_R; + +- the challenge for the target, in case mutual authentication is enabled; + that is, CHAP_C. + +The initiator controls the size of both blobs, the sizes of their hex +encodings are correctly calculated in "RspLen" and "ChallengeLen". +Therefore the IScsiBinToHex() calls never fail; assert that. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daudé +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Maciej Rabeda +Message-Id: <20210608121259.32451-7-lersek@redhat.com> +(cherry picked from commit d90fff40cb2502b627370a77f5608c8a178c3f78) +--- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------ + 1 file changed, 15 insertions(+), 12 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index 9e192ce292..dbe3c8ef46 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -391,6 +391,7 @@ IScsiCHAPToSendReq ( + UINT32 RspLen; + CHAR8 *Challenge; + UINT32 ChallengeLen; ++ EFI_STATUS BinToHexStatus; + + ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); + +@@ -471,12 +472,13 @@ IScsiCHAPToSendReq ( + // + // CHAP_R= + // +- IScsiBinToHex ( +- (UINT8 *) AuthData->CHAPResponse, +- ISCSI_CHAP_RSP_LEN, +- Response, +- &RspLen +- ); ++ BinToHexStatus = IScsiBinToHex ( ++ (UINT8 *) AuthData->CHAPResponse, ++ ISCSI_CHAP_RSP_LEN, ++ Response, ++ &RspLen ++ ); ++ ASSERT_EFI_ERROR (BinToHexStatus); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); + + if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { +@@ -490,12 +492,13 @@ IScsiCHAPToSendReq ( + // CHAP_C= + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); +- IScsiBinToHex ( +- (UINT8 *) AuthData->OutChallenge, +- ISCSI_CHAP_RSP_LEN, +- Challenge, +- &ChallengeLen +- ); ++ BinToHexStatus = IScsiBinToHex ( ++ (UINT8 *) AuthData->OutChallenge, ++ ISCSI_CHAP_RSP_LEN, ++ Challenge, ++ &ChallengeLen ++ ); ++ ASSERT_EFI_ERROR (BinToHexStatus); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); + + Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch new file mode 100644 index 0000000..dad94ad --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch @@ -0,0 +1,91 @@ +From 5171f67062e606a4e606780ff5a5787bde7198eb Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:59 +0200 +Subject: [PATCH 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return + values +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [10/10] 1c65763fef57cfd9b1bd55779ec6eba4e086e100 +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +IScsiDxe (that is, the initiator) receives two hex-encoded strings from +the iSCSI target: + +- CHAP_C, where the target challenges the initiator, + +- CHAP_R, where the target answers the challenge from the initiator (in + case the initiator wants mutual authentication). + +Accordingly, we have two IScsiHexToBin() call sites: + +- At the CHAP_C decoding site, check whether the decoding succeeds. The + decoded buffer ("AuthData->InChallenge") can accommodate 1024 bytes, + which is a permissible restriction on the target, per + . Shorter challenges + from the target are acceptable. + +- At the CHAP_R decoding site, enforce that the decoding both succeed, and + provide exactly ISCSI_CHAP_RSP_LEN bytes. CHAP_R contains the digest + calculated by the target, therefore it must be of fixed size. We may + only call IScsiCHAPAuthTarget() if "TargetRsp" has been fully populated. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daudé +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Maciej Rabeda +Message-Id: <20210608121259.32451-11-lersek@redhat.com> +(cherry picked from commit b8649cf2a3e673a4a8cb6c255e394b354b771550) +--- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index dbe3c8ef46..7e930c0d1e 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -290,11 +290,15 @@ IScsiCHAPOnRspReceived ( + + AuthData->InIdentifier = (UINT32) Result; + AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); +- IScsiHexToBin ( +- (UINT8 *) AuthData->InChallenge, +- &AuthData->InChallengeLength, +- Challenge +- ); ++ Status = IScsiHexToBin ( ++ (UINT8 *) AuthData->InChallenge, ++ &AuthData->InChallengeLength, ++ Challenge ++ ); ++ if (EFI_ERROR (Status)) { ++ Status = EFI_PROTOCOL_ERROR; ++ goto ON_EXIT; ++ } + Status = IScsiCHAPCalculateResponse ( + AuthData->InIdentifier, + AuthData->AuthConfig->CHAPSecret, +@@ -337,7 +341,11 @@ IScsiCHAPOnRspReceived ( + } + + RspLen = ISCSI_CHAP_RSP_LEN; +- IScsiHexToBin (TargetRsp, &RspLen, Response); ++ Status = IScsiHexToBin (TargetRsp, &RspLen, Response); ++ if (EFI_ERROR (Status) || RspLen != ISCSI_CHAP_RSP_LEN) { ++ Status = EFI_PROTOCOL_ERROR; ++ goto ON_EXIT; ++ } + + // + // Check the CHAP Name and Response replied by Target. +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch new file mode 100644 index 0000000..2f199b3 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch @@ -0,0 +1,102 @@ +From fca7e61fa3ba21cbf6e89d75b23fea03af5d517e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:52 +0200 +Subject: [PATCH 03/10] NetworkPkg/IScsiDxe: clean up + "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [3/10] cc7118399f64979f2d81fe9fc381ed22c3815f9e +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array +with ISCSI_CHAP_AUTH_MAX_LEN (1024) elements. However, when the challenge +is generated and formatted, only ISCSI_CHAP_RSP_LEN (16) octets are used +in the array. + +Change the array size to ISCSI_CHAP_RSP_LEN, and remove the (now unused) +ISCSI_CHAP_AUTH_MAX_LEN macro. + +Remove the "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" field, which is +superfluous too. + +Most importantly, explain in a new comment *why* tying the challenge size +to the digest size (ISCSI_CHAP_RSP_LEN) has always made sense. (See also +Linux kernel commit 19f5f88ed779, "scsi: target: iscsi: tie the challenge +length to the hash digest size", 2019-11-06.) For sure, the motivation +that the new comment now explains has always been there, and has always +been the same, for IScsiDxe; it's just that now we spell it out too. + +No change in peer-visible behavior. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daud +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daud +Reviewed-by: Maciej Rabeda +Message-Id: <20210608121259.32451-4-lersek@redhat.com> +(cherry picked from commit 95616b866187b00355042953efa5c198df07250f) +--- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 3 +-- + NetworkPkg/IScsiDxe/IScsiCHAP.h | 9 ++++++--- + 2 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index df3c2eb120..9e192ce292 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -122,7 +122,7 @@ IScsiCHAPAuthTarget ( + AuthData->AuthConfig->ReverseCHAPSecret, + SecretSize, + AuthData->OutChallenge, +- AuthData->OutChallengeLength, ++ ISCSI_CHAP_RSP_LEN, // ChallengeLength + VerifyRsp + ); + +@@ -490,7 +490,6 @@ IScsiCHAPToSendReq ( + // CHAP_C= + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); +- AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; + IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h +index 1fc1d96ea3..35d5d6ec29 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h +@@ -19,7 +19,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + + #define ISCSI_CHAP_ALGORITHM_MD5 5 + +-#define ISCSI_CHAP_AUTH_MAX_LEN 1024 + /// + /// MD5_HASHSIZE + /// +@@ -59,9 +58,13 @@ typedef struct _ISCSI_CHAP_AUTH_DATA { + // + // Auth-data to be sent out for mutual authentication. + // ++ // While the challenge size is technically independent of the hashing ++ // algorithm, it is good practice to avoid hashing *fewer bytes* than the ++ // digest size. In other words, it's good practice to feed *at least as many ++ // bytes* to the hashing algorithm as the hashing algorithm will output. ++ // + UINT32 OutIdentifier; +- UINT8 OutChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; +- UINT32 OutChallengeLength; ++ UINT8 OutChallenge[ISCSI_CHAP_RSP_LEN]; + } ISCSI_CHAP_AUTH_DATA; + + /** +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch new file mode 100644 index 0000000..5be4e12 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch @@ -0,0 +1,101 @@ +From 176366aba5680537ee8249e9b3b182677d95feb8 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:53 +0200 +Subject: [PATCH 04/10] NetworkPkg/IScsiDxe: clean up library class + dependencies +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [4/10] 77ab82d2308848613325317c267bf5954d2c7a7c +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +Sort the library class dependencies in the #include directives and in the +INF file. Remove the DpcLib class from the #include directives -- it is +not listed in the INF file, and IScsiDxe doesn't call either DpcLib API +(QueueDpc(), DispatchDpc()). No functional changes. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daud +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daud +Reviewed-by: Maciej Rabeda +Message-Id: <20210608121259.32451-5-lersek@redhat.com> +(cherry picked from commit e8f28b09e63dfdbb4169969a43c65f86c44b035a) +--- + NetworkPkg/IScsiDxe/IScsiDxe.inf | 6 +++--- + NetworkPkg/IScsiDxe/IScsiImpl.h | 17 ++++++++--------- + 2 files changed, 11 insertions(+), 12 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf +index 0ffb340ce0..543c408302 100644 +--- a/NetworkPkg/IScsiDxe/IScsiDxe.inf ++++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf +@@ -65,6 +65,7 @@ + NetworkPkg/NetworkPkg.dec + + [LibraryClasses] ++ BaseCryptLib + BaseLib + BaseMemoryLib + DebugLib +@@ -72,14 +73,13 @@ + HiiLib + MemoryAllocationLib + NetLib +- TcpIoLib + PrintLib ++ TcpIoLib + UefiBootServicesTableLib + UefiDriverEntryPoint ++ UefiHiiServicesLib + UefiLib + UefiRuntimeServicesTableLib +- UefiHiiServicesLib +- BaseCryptLib + + [Protocols] + gEfiAcpiTableProtocolGuid ## SOMETIMES_CONSUMES ## SystemTable +diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h +index 387ab9765e..d895c7feb9 100644 +--- a/NetworkPkg/IScsiDxe/IScsiImpl.h ++++ b/NetworkPkg/IScsiDxe/IScsiImpl.h +@@ -35,21 +35,20 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + #include + #include + +-#include +-#include +-#include +-#include ++#include + #include + #include ++#include ++#include ++#include + #include ++#include + #include ++#include + #include +-#include ++#include + #include +-#include +-#include +-#include +-#include ++#include + + #include + #include +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch new file mode 100644 index 0000000..b85ccb8 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch @@ -0,0 +1,113 @@ +From f423b7078d291b84952464aca6930a9d772319b0 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:58 +0200 +Subject: [PATCH 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer + overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [9/10] acf102203198d575a12e5257c12b8e43ccdfc589 +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return +condition, but never actually checks whether the decoded buffer fits into +the caller-provided room (i.e., the input value of "BinLength"), and +EFI_BUFFER_TOO_SMALL is never returned. The decoding of "HexStr" can +overflow "BinBuffer". + +This is remotely exploitable, as shown in a subsequent patch, which adds +error checking to the IScsiHexToBin() call sites. This issue allows the +target to compromise the initiator. + +Introduce EFI_BAD_BUFFER_SIZE, in addition to the existent +EFI_BUFFER_TOO_SMALL, for reporting a special case of the buffer overflow, +plus actually catch the buffer overflow. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daudé +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Maciej Rabeda +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20210608121259.32451-10-lersek@redhat.com> +(cherry picked from commit 54e90edaed0d7c15230902ac4d74f4304bad2ebd) +--- + NetworkPkg/IScsiDxe/IScsiMisc.c | 20 +++++++++++++++++--- + NetworkPkg/IScsiDxe/IScsiMisc.h | 3 +++ + 2 files changed, 20 insertions(+), 3 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c +index f0f4992b07..4069547867 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.c ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.c +@@ -377,6 +377,9 @@ IScsiBinToHex ( + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. ++ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: ++ the decoded size cannot be expressed in ++ BinLength on output. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ +@@ -387,6 +390,8 @@ IScsiHexToBin ( + IN CHAR8 *HexStr + ) + { ++ UINTN BinLengthMin; ++ UINT32 BinLengthProvided; + UINTN Index; + UINTN Length; + UINT8 Digit; +@@ -409,6 +414,18 @@ IScsiHexToBin ( + if (Length == 0 || Length % 2 != 0) { + return EFI_INVALID_PARAMETER; + } ++ // ++ // Check if the caller provides enough room for the decoded blob. ++ // ++ BinLengthMin = Length / 2; ++ if (BinLengthMin > MAX_UINT32) { ++ return EFI_BAD_BUFFER_SIZE; ++ } ++ BinLengthProvided = *BinLength; ++ *BinLength = (UINT32)BinLengthMin; ++ if (BinLengthProvided < BinLengthMin) { ++ return EFI_BUFFER_TOO_SMALL; ++ } + + for (Index = 0; Index < Length; Index ++) { + TemStr[0] = HexStr[Index]; +@@ -425,9 +442,6 @@ IScsiHexToBin ( + BinBuffer [Index/2] = (UINT8) ((BinBuffer [Index/2] << 4) + Digit); + } + } +- +- *BinLength = (UINT32) ((Index + 1)/2); +- + return EFI_SUCCESS; + } + +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h +index 404a482e57..fddef4f466 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.h ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.h +@@ -172,6 +172,9 @@ IScsiBinToHex ( + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. + @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. ++ @retval EFI_BAD_BUFFER_SIZE The length of HexStr is too large for decoding: ++ the decoded size cannot be expressed in ++ BinLength on output. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch new file mode 100644 index 0000000..15f671d --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch @@ -0,0 +1,104 @@ +From 2f0e51dcfea6d9101c4694636a948eb4b6e6d4d4 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:57 +0200 +Subject: [PATCH 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [8/10] febb96c07dbd0e4a191e855742cb47fc6e39dfba +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +The IScsiHexToBin() function has the following parser issues: + +(1) If the *subject sequence* in "HexStr" is empty, the function returns + EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should + be rejected. + +(2) The function mis-handles a "HexStr" that ends with a stray nibble. For + example, if "HexStr" is "0xABC", the function decodes it to the bytes + {0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns + EFI_SUCCESS. Such inputs should be rejected. + +(3) If an invalid hex char is found in "HexStr", the function treats it as + end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be + rejected. + +All of the above cases are remotely triggerable, as shown in a subsequent +patch, which adds error checking to the IScsiHexToBin() call sites. While +the initiator is not immediately compromised, incorrectly parsing CHAP_R +from the target, in case of mutual authentication, is not great. + +Extend the interface contract of IScsiHexToBin() with +EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement +the new checks. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daudé +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Maciej Rabeda +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20210608121259.32451-9-lersek@redhat.com> +(cherry picked from commit 47b76780b487dbfde4efb6843b16064c4a97e94d) +--- + NetworkPkg/IScsiDxe/IScsiMisc.c | 12 ++++++++++-- + NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c +index 014700e87a..f0f4992b07 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.c ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.c +@@ -376,6 +376,7 @@ IScsiBinToHex ( + + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. ++ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ +@@ -402,14 +403,21 @@ IScsiHexToBin ( + + Length = AsciiStrLen (HexStr); + ++ // ++ // Reject an empty hex string; reject a stray nibble. ++ // ++ if (Length == 0 || Length % 2 != 0) { ++ return EFI_INVALID_PARAMETER; ++ } ++ + for (Index = 0; Index < Length; Index ++) { + TemStr[0] = HexStr[Index]; + Digit = (UINT8) AsciiStrHexToUint64 (TemStr); + if (Digit == 0 && TemStr[0] != '0') { + // +- // Invalid Lun Char. ++ // Invalid Hex Char. + // +- break; ++ return EFI_INVALID_PARAMETER; + } + if ((Index & 1) == 0) { + BinBuffer [Index/2] = Digit; +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h +index 28cf408cd5..404a482e57 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.h ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.h +@@ -171,6 +171,7 @@ IScsiBinToHex ( + + @retval EFI_SUCCESS The hexadecimal string is converted into a + binary encoded buffer. ++ @retval EFI_INVALID_PARAMETER Invalid hex encoding found in HexStr. + @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the + converted data. + **/ +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch new file mode 100644 index 0000000..72f9e44 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch @@ -0,0 +1,154 @@ +From 4171bd515a2dcfec59513d3a83adce7ed2903d50 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:54 +0200 +Subject: [PATCH 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in + IScsiBinToHex() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [5/10] f52aaaa03b15280eb4a821eeb378d8051ea5ec2a +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +Considering IScsiBinToHex(): + +> if (((*HexLength) - 3) < BinLength * 2) { +> *HexLength = BinLength * 2 + 3; +> } + +the following subexpressions are problematic: + + (*HexLength) - 3 + BinLength * 2 + BinLength * 2 + 3 + +The first one may wrap under zero, the latter two may wrap over +MAX_UINT32. + +Rewrite the calculation using SafeIntLib. + +While at it, change the type of the "Index" variable from UINTN to UINT32. +The largest "Index"-based value that we calculate is + + Index * 2 + 2 (with (Index == BinLength)) + +Because the patch makes + + BinLength * 2 + 3 + +safe to calculate in UINT32, using UINT32 for + + Index * 2 + 2 (with (Index == BinLength)) + +is safe too. Consistently using UINT32 improves readability. + +This patch is best reviewed with "git show -W". + +The integer overflows that this patch fixes are theoretical; a subsequent +patch in the series will audit the IScsiBinToHex() call sites, and show +that none of them can fail. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daudé +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Maciej Rabeda +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20210608121259.32451-6-lersek@redhat.com> +(cherry picked from commit cf01b2dc8fc3ff9cf49fb891af5703dc03e3193e) +--- + NetworkPkg/IScsiDxe/IScsiDxe.inf | 1 + + NetworkPkg/IScsiDxe/IScsiImpl.h | 1 + + NetworkPkg/IScsiDxe/IScsiMisc.c | 19 +++++++++++++++---- + NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + + 4 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiDxe.inf b/NetworkPkg/IScsiDxe/IScsiDxe.inf +index 543c408302..1dde56d00c 100644 +--- a/NetworkPkg/IScsiDxe/IScsiDxe.inf ++++ b/NetworkPkg/IScsiDxe/IScsiDxe.inf +@@ -74,6 +74,7 @@ + MemoryAllocationLib + NetLib + PrintLib ++ SafeIntLib + TcpIoLib + UefiBootServicesTableLib + UefiDriverEntryPoint +diff --git a/NetworkPkg/IScsiDxe/IScsiImpl.h b/NetworkPkg/IScsiDxe/IScsiImpl.h +index d895c7feb9..ac3a25730e 100644 +--- a/NetworkPkg/IScsiDxe/IScsiImpl.h ++++ b/NetworkPkg/IScsiDxe/IScsiImpl.h +@@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + #include + #include + #include ++#include + #include + #include + #include +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c +index b8fef3ff6f..42988e15cb 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.c ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.c +@@ -316,6 +316,7 @@ IScsiMacAddrToStr ( + @retval EFI_SUCCESS The binary data is converted to the hexadecimal string + and the length of the string is updated. + @retval EFI_BUFFER_TOO_SMALL The string is too small. ++ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. + @retval EFI_INVALID_PARAMETER The IP string is malformatted. + + **/ +@@ -327,18 +328,28 @@ IScsiBinToHex ( + IN OUT UINT32 *HexLength + ) + { +- UINTN Index; ++ UINT32 HexLengthMin; ++ UINT32 HexLengthProvided; ++ UINT32 Index; + + if ((HexStr == NULL) || (BinBuffer == NULL) || (BinLength == 0)) { + return EFI_INVALID_PARAMETER; + } + +- if (((*HexLength) - 3) < BinLength * 2) { +- *HexLength = BinLength * 2 + 3; ++ // ++ // Safely calculate: HexLengthMin := BinLength * 2 + 3. ++ // ++ if (RETURN_ERROR (SafeUint32Mult (BinLength, 2, &HexLengthMin)) || ++ RETURN_ERROR (SafeUint32Add (HexLengthMin, 3, &HexLengthMin))) { ++ return EFI_BAD_BUFFER_SIZE; ++ } ++ ++ HexLengthProvided = *HexLength; ++ *HexLength = HexLengthMin; ++ if (HexLengthProvided < HexLengthMin) { + return EFI_BUFFER_TOO_SMALL; + } + +- *HexLength = BinLength * 2 + 3; + // + // Prefix for Hex String. + // +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h +index 46c725aab3..231413993b 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.h ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.h +@@ -150,6 +150,7 @@ IScsiAsciiStrToIp ( + @retval EFI_SUCCESS The binary data is converted to the hexadecimal string + and the length of the string is updated. + @retval EFI_BUFFER_TOO_SMALL The string is too small. ++ @retval EFI_BAD_BUFFER_SIZE BinLength is too large for hex encoding. + @retval EFI_INVALID_PARAMETER The IP string is malformatted. + + **/ +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch new file mode 100644 index 0000000..23b2601 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch @@ -0,0 +1,93 @@ +From 172b2928c24c0ab955127afcdc9e3a52b3913ba5 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:56 +0200 +Subject: [PATCH 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading + comment block +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [7/10] 4f867fa4ad8f7305961b83224107c1452a7d44ed +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +We'll need further return values for IScsiHexToBin() in a subsequent +patch; make room for them in the leading comment block of the function. +While at it, rewrap the comment block to 80 characters width. + +No functional changes. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daud +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Maciej Rabeda +Reviewed-by: Philippe Mathieu-Daud +Message-Id: <20210608121259.32451-8-lersek@redhat.com> +(cherry picked from commit dc469f137110fe79704b8b92c552972c739bb915) +--- + NetworkPkg/IScsiDxe/IScsiMisc.c | 16 ++++++++-------- + NetworkPkg/IScsiDxe/IScsiMisc.h | 16 ++++++++-------- + 2 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.c b/NetworkPkg/IScsiDxe/IScsiMisc.c +index 42988e15cb..014700e87a 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.c ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.c +@@ -370,14 +370,14 @@ IScsiBinToHex ( + /** + Convert the hexadecimal string into a binary encoded buffer. + +- @param[in, out] BinBuffer The binary buffer. +- @param[in, out] BinLength Length of the binary buffer. +- @param[in] HexStr The hexadecimal string. +- +- @retval EFI_SUCCESS The hexadecimal string is converted into a binary +- encoded buffer. +- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. +- ++ @param[in, out] BinBuffer The binary buffer. ++ @param[in, out] BinLength Length of the binary buffer. ++ @param[in] HexStr The hexadecimal string. ++ ++ @retval EFI_SUCCESS The hexadecimal string is converted into a ++ binary encoded buffer. ++ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the ++ converted data. + **/ + EFI_STATUS + IScsiHexToBin ( +diff --git a/NetworkPkg/IScsiDxe/IScsiMisc.h b/NetworkPkg/IScsiDxe/IScsiMisc.h +index 231413993b..28cf408cd5 100644 +--- a/NetworkPkg/IScsiDxe/IScsiMisc.h ++++ b/NetworkPkg/IScsiDxe/IScsiMisc.h +@@ -165,14 +165,14 @@ IScsiBinToHex ( + /** + Convert the hexadecimal string into a binary encoded buffer. + +- @param[in, out] BinBuffer The binary buffer. +- @param[in, out] BinLength Length of the binary buffer. +- @param[in] HexStr The hexadecimal string. +- +- @retval EFI_SUCCESS The hexadecimal string is converted into a binary +- encoded buffer. +- @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the converted data. +- ++ @param[in, out] BinBuffer The binary buffer. ++ @param[in, out] BinLength Length of the binary buffer. ++ @param[in] HexStr The hexadecimal string. ++ ++ @retval EFI_SUCCESS The hexadecimal string is converted into a ++ binary encoded buffer. ++ @retval EFI_BUFFER_TOO_SMALL The binary buffer is too small to hold the ++ converted data. + **/ + EFI_STATUS + IScsiHexToBin ( +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch new file mode 100644 index 0000000..96256cb --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch @@ -0,0 +1,71 @@ +From 0dac937f2845a1bc4943a0cfed3392d35afba733 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:51 +0200 +Subject: [PATCH 02/10] NetworkPkg/IScsiDxe: simplify + "ISCSI_CHAP_AUTH_DATA.InChallenge" size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [2/10] 8b57211651e13185a636daa5369993054bd7334b +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. + +The usage of this macro currently involves a semantic (not functional) +bug, which we're going to fix in a subsequent patch, eliminating +ISCSI_CHAP_AUTH_MAX_LEN altogether. + +For now, remove the macro's usage from all +"ISCSI_CHAP_AUTH_DATA.InChallenge" contexts. This is doable without +duplicating open-coded constants. + +No changes in functionality. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daud +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daud +Reviewed-by: Maciej Rabeda +Message-Id: <20210608121259.32451-3-lersek@redhat.com> +(cherry picked from commit 29cab43bb7912a12efa5a78dac15394aee866e4c) +--- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +- + NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index cbbc56ae5b..df3c2eb120 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -289,7 +289,7 @@ IScsiCHAPOnRspReceived ( + } + + AuthData->InIdentifier = (UINT32) Result; +- AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; ++ AuthData->InChallengeLength = (UINT32) sizeof (AuthData->InChallenge); + IScsiHexToBin ( + (UINT8 *) AuthData->InChallenge, + &AuthData->InChallengeLength, +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h +index 5e59fb678b..1fc1d96ea3 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h +@@ -49,7 +49,7 @@ typedef struct _ISCSI_CHAP_AUTH_CONFIG_NVDATA { + typedef struct _ISCSI_CHAP_AUTH_DATA { + ISCSI_CHAP_AUTH_CONFIG_NVDATA *AuthConfig; + UINT32 InIdentifier; +- UINT8 InChallenge[ISCSI_CHAP_AUTH_MAX_LEN]; ++ UINT8 InChallenge[1024]; + UINT32 InChallengeLength; + // + // Calculated CHAP Response (CHAP_R) value. +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch new file mode 100644 index 0000000..768e9e7 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch @@ -0,0 +1,251 @@ +From 28e260828557340709ef14e8132e96b54128c5a3 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 8 Jun 2021 14:12:50 +0200 +Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 + characters +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [1/10] 7ae9c45fbc0ffd807a95fad802619cd838257cc8 +RH-Bugzilla: 1956408 +RH-Acked-by: Philippe Mathieu-Daudé + +Working with overlong lines is difficult for me; rewrap the CHAP-related +source files in IScsiDxe to 80 characters width. No functional changes. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Philippe Mathieu-Daud +Cc: Siyuan Fu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 +Signed-off-by: Laszlo Ersek +Reviewed-by: Maciej Rabeda +Reviewed-by: Philippe Mathieu-Daud +Message-Id: <20210608121259.32451-2-lersek@redhat.com> +(cherry picked from commit 83761337ec91fbd459c55d7d956fcc25df3bfa50) +--- + NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++-------- + NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +- + 2 files changed, 71 insertions(+), 22 deletions(-) + +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c +index 355c6f129f..cbbc56ae5b 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c +@@ -1,5 +1,6 @@ + /** @file +- This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration. ++ This file is for Challenge-Handshake Authentication Protocol (CHAP) ++ Configuration. + + Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + @param[in] ChallengeLength The length of iSCSI CHAP challenge message. + @param[out] ChapResponse The calculation of the expected hash value. + +- @retval EFI_SUCCESS The expected hash value was calculatedly successfully. +- @retval EFI_PROTOCOL_ERROR The length of the secret should be at least the +- length of the hash value for the hashing algorithm chosen. ++ @retval EFI_SUCCESS The expected hash value was calculatedly ++ successfully. ++ @retval EFI_PROTOCOL_ERROR The length of the secret should be at least ++ the length of the hash value for the hashing ++ algorithm chosen. + @retval EFI_PROTOCOL_ERROR MD5 hash operation fail. + @retval EFI_OUT_OF_RESOURCES Fail to allocate resource to complete MD5. + +@@ -94,8 +97,10 @@ Exit: + @param[in] AuthData iSCSI CHAP authentication data. + @param[in] TargetResponse The response from target. + +- @retval EFI_SUCCESS The response from target passed authentication. +- @retval EFI_SECURITY_VIOLATION The response from target was not expected value. ++ @retval EFI_SUCCESS The response from target passed ++ authentication. ++ @retval EFI_SECURITY_VIOLATION The response from target was not expected ++ value. + @retval Others Other errors as indicated. + + **/ +@@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived ( + // + // The first Login Response. + // +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_TARGET_PORTAL_GROUP_TAG ++ ); + if (Value == NULL) { + goto ON_EXIT; + } +@@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived ( + + Session->TargetPortalGroupTag = (UINT16) Result; + +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_AUTH_METHOD ++ ); + if (Value == NULL) { + goto ON_EXIT; + } + // +- // Initiator mandates CHAP authentication but target replies without "CHAP", or +- // initiator suggets "None" but target replies with some kind of auth method. ++ // Initiator mandates CHAP authentication but target replies without ++ // "CHAP", or initiator suggets "None" but target replies with some kind of ++ // auth method. + // + if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) { + if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) { +@@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived ( + // + // The Target replies with CHAP_A= CHAP_I= CHAP_C= + // +- Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM); ++ Value = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_ALGORITHM ++ ); + if (Value == NULL) { + goto ON_EXIT; + } +@@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived ( + goto ON_EXIT; + } + +- Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER); ++ Identifier = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_IDENTIFIER ++ ); + if (Identifier == NULL) { + goto ON_EXIT; + } + +- Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE); ++ Challenge = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_CHALLENGE ++ ); + if (Challenge == NULL) { + goto ON_EXIT; + } +@@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived ( + + AuthData->InIdentifier = (UINT32) Result; + AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN; +- IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge); ++ IScsiHexToBin ( ++ (UINT8 *) AuthData->InChallenge, ++ &AuthData->InChallengeLength, ++ Challenge ++ ); + Status = IScsiCHAPCalculateResponse ( + AuthData->InIdentifier, + AuthData->AuthConfig->CHAPSecret, +@@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived ( + goto ON_EXIT; + } + +- Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE); ++ Response = IScsiGetValueByKeyFromList ( ++ KeyValueList, ++ ISCSI_KEY_CHAP_RESPONSE ++ ); + if (Response == NULL) { + goto ON_EXIT; + } +@@ -341,7 +369,8 @@ ON_EXIT: + @param[in, out] Pdu The PDU to send out. + + @retval EFI_SUCCESS All check passed and the phase-related CHAP +- authentication info is filled into the iSCSI PDU. ++ authentication info is filled into the iSCSI ++ PDU. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. + +@@ -392,7 +421,11 @@ IScsiCHAPToSendReq ( + // It's the initial Login Request. Fill in the key=value pairs mandatory + // for the initial Login Request. + // +- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName); ++ IScsiAddKeyValuePair ( ++ Pdu, ++ ISCSI_KEY_INITIATOR_NAME, ++ mPrivate->InitiatorName ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal"); + IScsiAddKeyValuePair ( + Pdu, +@@ -413,7 +446,8 @@ IScsiCHAPToSendReq ( + + case ISCSI_CHAP_STEP_ONE: + // +- // First step, send the Login Request with CHAP_A= key-value pair. ++ // First step, send the Login Request with CHAP_A= key-value ++ // pair. + // + AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr); +@@ -429,11 +463,20 @@ IScsiCHAPToSendReq ( + // + // CHAP_N= + // +- IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName); ++ IScsiAddKeyValuePair ( ++ Pdu, ++ ISCSI_KEY_CHAP_NAME, ++ (CHAR8 *) &AuthData->AuthConfig->CHAPName ++ ); + // + // CHAP_R= + // +- IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen); ++ IScsiBinToHex ( ++ (UINT8 *) AuthData->CHAPResponse, ++ ISCSI_CHAP_RSP_LEN, ++ Response, ++ &RspLen ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); + + if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { +@@ -448,7 +491,12 @@ IScsiCHAPToSendReq ( + // + IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); + AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN; +- IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen); ++ IScsiBinToHex ( ++ (UINT8 *) AuthData->OutChallenge, ++ ISCSI_CHAP_RSP_LEN, ++ Challenge, ++ &ChallengeLen ++ ); + IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); + + Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; +diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h +index 140bba0dcd..5e59fb678b 100644 +--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h ++++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h +@@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived ( + @param[in, out] Pdu The PDU to send out. + + @retval EFI_SUCCESS All check passed and the phase-related CHAP +- authentication info is filled into the iSCSI PDU. ++ authentication info is filled into the iSCSI ++ PDU. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval EFI_PROTOCOL_ERROR Some kind of protocol error occurred. + +-- +2.27.0 + diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch deleted file mode 100644 index 761077b..0000000 --- a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 27 Aug 2020 00:21:29 +0200 -Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after - SMI broadcast -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2) -RH-Bugzilla: 1849177 - -The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick -succession -- it means a series of "device_add" QEMU monitor commands, -back-to-back. - -If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then: - -- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the - SMI pending for the new CPU -- at that time, the new CPU doesn't even - exist yet, - -- OVMF will find the new CPU however (in the CPU hotplug register block), - in QemuCpuhpCollectApicIds(). - -As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in -SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI), -the new CPU instead boots straight into the post-RSM (normal mode) "pen", -skipping its initial SMI handler. - -The CPU halts nicely in the pen, but its SMBASE is never relocated, and -the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck -in the following loop: - - // - // Wait until the hot-added CPU is just about to execute RSM. - // - while (Context->AboutToLeaveSmm == 0) { - CpuPause (); - } - -because the new CPU's initial SMI handler never sets the flag to nonzero. - -Fix this by sending a directed SMI to the new CPU just before sending it -the INIT-SIPI-SIPI. The various scenarios are documented in the code -- -the cases affected by the patch are documented under point (2). - -Note that this is not considered a security patch, as for a malicious -guest OS, the issue is not exploitable -- the symptom is a hang on the -BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes -behavior for a benign guest OS. - -Cc: Ard Biesheuvel -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6 -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 -Signed-off-by: Laszlo Ersek -Message-Id: <20200826222129.25798-3-lersek@redhat.com> -Reviewed-by: Ard Biesheuvel -(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------ - 1 file changed, 29 insertions(+), 6 deletions(-) - -diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c -index 170571221d..d8f45c4313 100644 ---- a/OvmfPkg/CpuHotplugSmm/Smbase.c -+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c -@@ -220,14 +220,37 @@ SmbaseRelocate ( - // - // Boot the hot-added CPU. - // -- // If the OS is benign, and so the hot-added CPU is still in RESET state, -- // then the broadcast SMI is still pending for it; it will now launch -- // directly into SMM. -+ // There are 2*2 cases to consider: - // -- // If the OS is malicious, the hot-added CPU has been booted already, and so -- // it is already spinning on the APIC ID gate. In that case, the -- // INIT-SIPI-SIPI below will be ignored. -+ // (1) The CPU was hot-added before the SMI was broadcast. - // -+ // (1.1) The OS is benign. -+ // -+ // The hot-added CPU is in RESET state, with the broadcast SMI pending -+ // for it. The directed SMI below will be ignored (it's idempotent), -+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM. -+ // -+ // (1.2) The OS is malicious. -+ // -+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added -+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and -+ // the INIT-SIPI-SIPI below will be ignored. -+ // -+ // (2) The CPU was hot-added after the SMI was broadcast. -+ // -+ // (2.1) The OS is benign. -+ // -+ // The hot-added CPU is in RESET state, with no SMI pending for it. The -+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI -+ // will launch the CPU into SMM. -+ // -+ // (2.2) The OS is malicious. -+ // -+ // The hot-added CPU is executing OS code. The directed SMI will pull -+ // the hot-added CPU into SMM, where it will start spinning on the APIC -+ // ID gate. The INIT-SIPI-SIPI will be ignored. -+ // -+ SendSmiIpi (ApicId); - SendInitSipiSipi (ApicId, PenAddress); - - // --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch deleted file mode 100644 index c35df49..0000000 --- a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 27 Aug 2020 00:21:28 +0200 -Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before - SMI broadcast -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2) -RH-Bugzilla: 1849177 - -The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick -succession -- it means a series of "device_add" QEMU monitor commands, -back-to-back. - -If a "device_add" occurs *just before* ACPI raises the broadcast SMI, -then: - -- OVMF processes the hot-added CPU well. - -- However, QEMU's post-SMI ACPI loop -- which clears the pending events - for the hot-added CPUs that were collected before raising the SMI -- is - unaware of the stray CPU. Thus, the pending event is not cleared for it. - -As a result of the stuck event, at the next hot-plug, OVMF tries to re-add -(relocate for the 2nd time) the already-known CPU. At that time, the AP is -already in the normal edk2 SMM busy-wait however, so it doesn't respond to -the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM -gets stuck in SMM. - -(Because of the above symptom, this is not considered a security patch; it -doesn't seem exploitable by a malicious guest OS.) - -In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already -known. The post-SMI ACPI loop will clear the pending event for it this -time. - -Cc: Ard Biesheuvel -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21 -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 -Signed-off-by: Laszlo Ersek -Message-Id: <20200826222129.25798-2-lersek@redhat.com> -Reviewed-by: Ard Biesheuvel -(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -index 20e6bec04f..cfe698ed2b 100644 ---- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -@@ -193,9 +193,28 @@ CpuHotplugMmi ( - NewSlot = 0; - while (PluggedIdx < PluggedCount) { - APIC_ID NewApicId; -+ UINT32 CheckSlot; - UINTN NewProcessorNumberByProtocol; - - NewApicId = mPluggedApicIds[PluggedIdx]; -+ -+ // -+ // Check if the supposedly hot-added CPU is already known to us. -+ // -+ for (CheckSlot = 0; -+ CheckSlot < mCpuHotPlugData->ArrayLength; -+ CheckSlot++) { -+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) { -+ break; -+ } -+ } -+ if (CheckSlot < mCpuHotPlugData->ArrayLength) { -+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged " -+ "before; ignoring it\n", __FUNCTION__, NewApicId)); -+ PluggedIdx++; -+ continue; -+ } -+ - // - // Find the first empty slot in CPU_HOT_PLUG_DATA. - // --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch b/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch deleted file mode 100644 index 5183b4a..0000000 --- a/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 135d3d4b4ff12927f7b0c44e067fd42ceae83bb7 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Jun 2020 11:37:50 +0200 -Subject: [PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO - level -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-3-lersek@redhat.com> -Patchwork-id: 97533 -O-Subject: [RHEL-8.3.0 edk2 PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO level -Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé - -gBS->LoadImage() returning EFI_NOT_FOUND is an expected condition; it -means that QEMU wasn't started with "-kernel". Log this status code as -INFO rather than ERROR. - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Signed-off-by: Laszlo Ersek -Message-Id: <20200609105414.12474-1-lersek@redhat.com> -Acked-by: Ard Biesheuvel -(cherry picked from commit 14c7ed8b51f60097ad771277da69f74b22a7a759) ---- - .../Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -index 14c8417d43..114db7e844 100644 ---- a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -+++ b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -@@ -106,7 +106,8 @@ QemuLoadKernelImage ( - goto UnloadImage; - - default: -- DEBUG ((DEBUG_ERROR, "%a: LoadImage(): %r\n", __FUNCTION__, Status)); -+ DEBUG ((Status == EFI_NOT_FOUND ? DEBUG_INFO : DEBUG_ERROR, -+ "%a: LoadImage(): %r\n", __FUNCTION__, Status)); - return Status; - } - --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch b/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch deleted file mode 100644 index 73d05b4..0000000 --- a/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch +++ /dev/null @@ -1,140 +0,0 @@ -From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 14 Jul 2020 20:43:05 +0200 -Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate - ICH9_LPC_SMI_F_CPU_HOTPLUG -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2) -RH-Bugzilla: 1849177 - -The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags -cause QEMU to behave as follows: - - BROADCAST CPU_HOTPLUG use case / behavior - --------- ----------- ------------------------------------------------ - clear clear OVMF built without SMM_REQUIRE; or very old OVMF - (from before commit a316d7ac91d3 / 2017-02-07). - QEMU permits CPU hotplug operations, and does - not cause the OS to inject an SMI upon hotplug. - Firmware is not expected to be aware of hotplug - events. - - clear set Invalid feature set; QEMU rejects the feature - negotiation. - - set clear OVMF after a316d7ac91d3 / 2017-02-07, built with - SMM_REQUIRE, but no support for CPU hotplug. - QEMU gracefully refuses hotplug operations. - - set set OVMF after a316d7ac91d3 / 2017-02-07, built with - SMM_REQUIRE, and supporting CPU hotplug. QEMU - permits CPU hotplug operations, and causes the - OS to inject an SMI upon hotplug. Firmware is - expected to deal with hotplug events. - -Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as -OvmfPkg/CpuHotplugSmm can't deal with SEV yet. - -Cc: Ard Biesheuvel -Cc: Boris Ostrovsky -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Liran Alon -Cc: Philippe Mathieu-Daudé -Signed-off-by: Laszlo Ersek -Message-Id: <20200714184305.9814-1-lersek@redhat.com> -Acked-by: Ard Biesheuvel -Reviewed-by: Philippe Mathieu-Daudé -(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++-- - OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 + - 2 files changed, 25 insertions(+), 2 deletions(-) - -diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -index 6210b7515e..c9d8755432 100644 ---- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -@@ -9,6 +9,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -21,6 +22,12 @@ - // "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. - // - #define ICH9_LPC_SMI_F_BROADCAST BIT0 -+// -+// The following bit value stands for "enable CPU hotplug, and inject an SMI -+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the -+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. -+// -+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1 - - // - // Provides a scratch buffer (allocated in EfiReservedMemoryType type memory) -@@ -67,6 +74,7 @@ NegotiateSmiFeatures ( - UINTN SupportedFeaturesSize; - UINTN RequestedFeaturesSize; - UINTN FeaturesOkSize; -+ UINT64 RequestedFeaturesMask; - - // - // Look up the fw_cfg files used for feature negotiation. The selector keys -@@ -104,9 +112,16 @@ NegotiateSmiFeatures ( - QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures); - - // -- // We want broadcast SMI and nothing else. -+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else. - // -- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST; -+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST; -+ if (!MemEncryptSevIsEnabled ()) { -+ // -+ // For now, we only support hotplug with SEV disabled. -+ // -+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG; -+ } -+ mSmiFeatures &= RequestedFeaturesMask; - QemuFwCfgSelectItem (mRequestedFeaturesItem); - QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures); - -@@ -144,6 +159,13 @@ NegotiateSmiFeatures ( - DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__)); - } - -+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) { -+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__)); -+ } else { -+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n", -+ __FUNCTION__)); -+ } -+ - // - // Negotiation successful (although we may not have gotten the optimal - // feature set). -diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -index 3abed141e6..b8fdea8deb 100644 ---- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -@@ -46,6 +46,7 @@ - BaseLib - DebugLib - IoLib -+ MemEncryptSevLib - MemoryAllocationLib - PcdLib - PciLib --- -2.27.0 - diff --git a/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch b/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch deleted file mode 100644 index a1700de..0000000 --- a/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 70c9d989107c6ac964bb437c5a4ea6ffe3214e45 Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Mon, 10 Aug 2020 07:52:28 +0200 -Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before - re-fetch -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -Message-id: <20200731141037.1941-2-lersek@redhat.com> -Patchwork-id: 98121 -O-Subject: [RHEL-8.3.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before re-fetch -Bugzilla: 1861718 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Eduardo Habkost - -Most busy waits (spinlocks) in "UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c" -already call CpuPause() in their loop bodies; see SmmWaitForApArrival(), -APHandler(), and SmiRendezvous(). However, the "main wait" within -APHandler(): - -> // -> // Wait for something to happen -> // -> WaitForSemaphore (mSmmMpSyncData->CpuData[CpuIndex].Run); - -doesn't do so, as WaitForSemaphore() keeps trying to acquire the semaphore -without pausing. - -The performance impact is especially notable in QEMU/KVM + OVMF -virtualization with CPU overcommit (that is, when the guest has -significantly more VCPUs than the host has physical CPUs). The guest BSP -is working heavily in: - - BSPHandler() [MpService.c] - PerformRemainingTasks() [PiSmmCpuDxeSmm.c] - SetUefiMemMapAttributes() [SmmCpuMemoryManagement.c] - -while the many guest APs are spinning in the "Wait for something to -happen" semaphore acquisition, in APHandler(). The guest APs are -generating useless memory traffic and saturating host CPUs, hindering the -guest BSP's progress in SetUefiMemMapAttributes(). - -Rework the loop in WaitForSemaphore(): call CpuPause() in every iteration -after the first check fails. Due to Pause Loop Exiting (known as Pause -Filter on AMD), the host scheduler can favor the guest BSP over the guest -APs. - -Running a 16 GB RAM + 512 VCPU guest on a 448 PCPU host, this patch -reduces OVMF boot time (counted until reaching grub) from 20-30 minutes to -less than 4 minutes. - -The patch should benefit physical machines as well -- according to the -Intel SDM, PAUSE "Improves the performance of spin-wait loops". Adding -PAUSE to the generic WaitForSemaphore() function is considered a general -improvement. - -Cc: Eric Dong -Cc: Philippe Mathieu-Daudé -Cc: Rahul Kumar -Cc: Ray Ni -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1861718 -Signed-off-by: Laszlo Ersek -Message-Id: <20200729185217.10084-1-lersek@redhat.com> -Reviewed-by: Eric Dong -(cherry picked from commit 9001b750df64b25b14ec45a2efa1361a7b96c00a) -Signed-off-by: Miroslav Rezanina ---- - UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -index 57e788c..4bcd217 100644 ---- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -@@ -40,14 +40,18 @@ WaitForSemaphore ( - { - UINT32 Value; - -- do { -+ for (;;) { - Value = *Sem; -- } while (Value == 0 || -- InterlockedCompareExchange32 ( -- (UINT32*)Sem, -- Value, -- Value - 1 -- ) != Value); -+ if (Value != 0 && -+ InterlockedCompareExchange32 ( -+ (UINT32*)Sem, -+ Value, -+ Value - 1 -+ ) == Value) { -+ break; -+ } -+ CpuPause (); -+ } - return Value - 1; - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-ovmf-cc.json b/SOURCES/edk2-ovmf-cc.json new file mode 100644 index 0000000..2e52745 --- /dev/null +++ b/SOURCES/edk2-ovmf-cc.json @@ -0,0 +1,33 @@ +{ + "description": "OVMF with SEV-ES support", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-rhel8.5.0" + ] + } + ], + "features": [ + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 3231b35..7daf5b5 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -1,25 +1,25 @@ ExclusiveArch: x86_64 aarch64 -%define GITDATE 20200602 -%define GITCOMMIT ca407c7246bf +%define GITDATE 20210527 +%define GITCOMMIT e1999b264f1f %define TOOLCHAIN GCC5 -%define OPENSSL_VER 1.1.1g +%define OPENSSL_VER 1.1.1k Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 4%{?dist} +Release: 3%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT URL: http://www.tianocore.org # The source tarball is created using following commands: -# COMMIT=%{GITCOMMIT} +# COMMIT=e1999b264f1f # git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \ # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +Source2: openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb Source5: RedHatSecureBootPkKek1.pem @@ -28,12 +28,12 @@ Source10: edk2-aarch64-verbose.json Source11: edk2-aarch64.json Source12: edk2-ovmf-sb.json Source13: edk2-ovmf.json +Source14: edk2-ovmf-cc.json -Patch0007: 0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch -Patch0008: 0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch -Patch0009: 0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch -Patch0010: 0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch -Patch0011: 0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch +Patch0009: 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch +Patch0010: 0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +Patch0011: 0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch Patch0012: 0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch Patch0013: 0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch0014: 0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -48,24 +48,30 @@ Patch0022: 0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch Patch0023: 0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch Patch0024: 0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch Patch0025: 0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch -Patch0026: 0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch -Patch0027: 0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch28: edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch -# For bz#1861718 - Very slow boot when overcommitting CPU -Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch -# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later) -Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch +Patch0026: 0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +Patch0027: 0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch28: edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch29: edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch30: edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch31: edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch32: edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch33: edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch34: edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch35: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch36: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch37: edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +# For bz#1988762 - edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec +Patch38: edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch # python3-devel and libuuid-devel are required for building tools. @@ -87,8 +93,8 @@ BuildRequires: mtools BuildRequires: genisoimage # For generating the variable store template with the default certificates -# enrolled, we need qemu-kvm. -BuildRequires: qemu-kvm >= 2.12.0-89 +# enrolled, we need the qemu-kvm executable. +BuildRequires: qemu-kvm-core >= 2.12.0-89 # For verifying SB enablement in the above variable store template, we need a # guest kernel that prints "Secure boot enabled". @@ -197,7 +203,7 @@ echo "Applied $COUNT patches" rm -f $PATCHLIST cp -a -- %{SOURCE1} %{SOURCE3} . -cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . +cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # Format the Red Hat-issued certificate that is to be enrolled as both Platform @@ -320,12 +326,8 @@ mkdir -p \ $RPM_BUILD_ROOT%{_datadir}/OVMF \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf -# We don't ship the SB-less, SMM-less binary. -%if 0 install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ - $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.fd -ln -s ../%{name}/ovmf/OVMF_CODE.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/ -%endif + $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd @@ -350,6 +352,8 @@ install -m 0644 edk2-ovmf-sb.json \ $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json install -m 0644 edk2-ovmf.json \ $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf.json +install -m 0644 edk2-ovmf-cc.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json %else mkdir -p \ @@ -434,10 +438,7 @@ install BaseTools/Scripts/GccBase.lds \ %doc ovmf-whitepaper-c770f8c.txt %dir %{_datadir}/OVMF/ %dir %{_datadir}/%{name}/ovmf/ -%if 0 -%{_datadir}/%{name}/ovmf/OVMF_CODE.fd -%{_datadir}/OVMF/OVMF_CODE.fd -%endif +%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd %{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd @@ -449,6 +450,7 @@ install BaseTools/Scripts/GccBase.lds \ %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi %{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json +%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json %{_datadir}/qemu/firmware/50-edk2-ovmf.json %else @@ -479,7 +481,6 @@ install BaseTools/Scripts/GccBase.lds \ %{_bindir}/GenSec %{_bindir}/LzmaCompress %{_bindir}/LzmaF86Compress -%{_bindir}/Split %{_bindir}/TianoCompress %{_bindir}/VfrCompile %{_bindir}/VolInfo @@ -515,6 +516,38 @@ true %endif %changelog +* Fri Aug 06 2021 Miroslav Rezanina - 20210527gite1999b264f1f-3 +- edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762] +- Resolves: bz#1988762 + (edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec) + +* Fri Jul 02 2021 Miroslav Rezanina - 20210527gite1999b264f1f-2 +- edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch [bz#1956408] +- Resolves: bz#1956408 + (edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]) + +* Wed Jun 23 2021 Miroslav Rezanina - 20210527gite1999b264f1f-1 +- Rebase to edk2-stable202105 [bz#1938238] +- Resolves: bz#1938238 + ((edk2-rebase-rhel-8.5) - rebase edk2 to edk2-stable202105 for RHEL-8.5) + +* Wed May 12 2021 Miroslav Rezanina - 20200602gitca407c7246bf-5.el8 +- edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1892318] +- edk2-redhat-add-OVMF-binary-that-will-support-SEV-ES.patch [bz#1956837] +- Resolves: bz#1892318 + (edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8]) +- Resolves: bz#1956837 + (Additional build of edk2 without SMM (dual build / sub-package) for SEV-ES) + * Mon Nov 23 2020 Miroslav Rezanina - 20200602gitca407c7246bf-4.el8 - edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177] - edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch [bz#1849177]