rpms/edk2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Jan 08 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-1.el9

Browse Source 
- Include fixes to build in RHEL 9 environment (bz#1906468)
- Resolves: bz#1906468
  ([RHEL9][FTBFS] edk2 FTBFS on Red Hat Enterprise Linux 9.0.0 Alpha)
This commit is contained in:
Miroslav Rezanina 2021-01-08 14:37:54 +01:00
parent 7e50666112
commit 5b6a4a1f9e
55 changed files with 4801 additions and 4716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -5,3 +5,4 @@
/softfloat-20180726-gitb64af41.tar.xz
/qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz
/qemu-ovmf-secureboot-20200228-gitc3e16b3.tar.xz
/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz

57
0002-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-the-DXE-.patch
View File

@ -1,57 +0,0 @@
From f8f04bc629c0874a4e7a361a55053005f9196152 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in the DXE core
The DXE core logs a bunch of Properties Table and Memory Attributes Table
related information, on the EFI_D_VERBOSE level, that I am at the moment
not interested in. Suppress said output.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 ++
OvmfPkg/OvmfPkgIa32X64.dsc | 2 ++
OvmfPkg/OvmfPkgX64.dsc | 2 ++
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 3ddc0c5edb..146e429126 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -704,6 +704,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index aba4a6cc24..cdf5abba99 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -718,6 +718,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 99c0ba4465..7d59d768fa 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -714,6 +714,8 @@
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
MdeModulePkg/Universal/ReportStatusCodeRouter/RuntimeDxe/ReportStatusCodeRouterRuntimeDxe.inf

54
0003-OvmfPkg-enable-DEBUG_VERBOSE.patch
View File

@ -1,54 +0,0 @@
From 5b0813e1885c0234deafcb828f1747c766287c51 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 8 Jul 2012 14:26:07 +0200
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE
Enable verbose debug logs.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 146e429126..fce6051e47 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -514,7 +514,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cdf5abba99..983eebfaa7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -518,7 +518,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 7d59d768fa..ea62b82ff7 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -518,7 +518,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17

30
0004-OvmfPkg-increase-max-debug-message-length-to-512.patch
View File

@ -1,30 +0,0 @@
From 04d5e4e3e7c8444dbb52784a2d71cf284c9e05a0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
Subject: [PATCH] OvmfPkg: increase max debug message length to 512
Upstream prefers short debug messages (sometimes even limited to 80
characters), but any line length under 512 characters is just unsuitable
for effective debugging. (For example, config strings in HII routing,
logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
level, can be several hundred characters long.) 512 is an empirically good
value.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
index dffb20822d..0577c43c3d 100644
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
@@ -21,7 +21,7 @@
//
// Define the maximum debug and assert message length that this library supports
//
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
//
// VA_LIST can not initialize to NULL for all compiler, so we use this to

3123
0005-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
View File

File diff suppressed because it is too large Load Diff

22
0016-BaseTools-do-not-build-BrotliCompress-RH-only.patch → 0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch
View File

@ -1,7 +1,7 @@
From cab35d13e43ef37e746befaa1f3c8200edf4e420 Mon Sep 17 00:00:00 2001
From db8ccca337e2c5722c1d408d2541cf653d3371a2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 4 Jun 2020 13:34:12 +0200
Subject: [PATCH] BaseTools: do not build BrotliCompress (RH only)
Subject: BaseTools: do not build BrotliCompress (RH only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
@ -18,8 +18,7 @@ Do not attempt to build BrotliCompress.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
BaseTools/Source/C/GNUmakefile | 1 -
MdeModulePkg/MdeModulePkg.dec | 1 -
2 files changed, 2 deletions(-)
1 file changed, 1 deletion(-)
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
index df4eb64ea9..52777eaff1 100644
@ -33,15 +32,6 @@ index df4eb64ea9..52777eaff1 100644
VfrCompile \
EfiRom \
GenFfs \
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index e562bed57e..7367adbaa3 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -25,7 +25,6 @@
Include
[Includes.Common.Private]
- Library/BrotliCustomDecompressLib/brotli/c/include
[LibraryClasses]
## @libraryclass Defines a set of methods to reset whole system.
--
2.18.4

43
0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch Normal file
View File

@ -0,0 +1,43 @@
From e05e0de713c4a2b8adb6ff9809611f222bfe50ed Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 4 Jun 2020 13:39:08 +0200
Subject: MdeModulePkg: remove package-private Brotli include path (RH only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- New patch.
Originating from upstream commit 58802e02c41b
("MdeModulePkg/BrotliCustomDecompressLib: Make brotli a submodule",
2020-04-16), "MdeModulePkg/MdeModulePkg.dec" contains a package-internal
include path into a Brotli submodule.
The edk2 build system requires such include paths to resolve successfully,
regardless of the firmware platform being built. Because
BrotliCustomDecompressLib is not consumed by any OvmfPkg or ArmVirtPkg
platforms, and we've removed the submodule earlier in this patch set,
remove the include path too.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
MdeModulePkg/MdeModulePkg.dec | 3 ---
1 file changed, 3 deletions(-)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index 4f44af6948..031043ec28 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -24,9 +24,6 @@
[Includes]
Include
-[Includes.Common.Private]
- Library/BrotliCustomDecompressLib/brotli/c/include
-
[LibraryClasses]
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
--
2.18.4

614
0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch Normal file
View File

@ -0,0 +1,614 @@
From cee80878b19e51d9b3c63335c681f152dcc59764 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 11 Jun 2014 23:33:33 +0200
Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Replace the open-coded BSDL with "SPDX-License-Identifier:
BSD-2-Clause-Patent" in the following files:
- MdeModulePkg/Logo/Logo-OpenSSL.idf
- MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- MdeModulePkg/Logo/LogoOpenSSLDxe.uni
(This should have been done in the previous rebase, because the same
license block changes had been applied to MdeModulePkg/Logo/ in upstream
commit 9d510e61fcee ("MdeModulePkg: Replace BSD License with BSD+Patent
License", 2019-04-09), part of tag edk2-stable201905.)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- trivial context update (performed silently by git-cherry-pick) for
upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume
CSM components in OvmfPkg", 2019-06-14)
- A note for the future: the logo could change completely in a subsequent
rebase. See <https://bugzilla.tianocore.org/show_bug.cgi?id=2050> (in
CONFIRMED status at the time of writing).
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The
OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace
obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The
ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg:
Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14).
Consequently, because the NetworkPkg iSCSI driver requires OpenSSL
unconditionally, as explained in
<https://bugzilla.tianocore.org/show_bug.cgi?id=1278#c3>, this patch now
builds LogoOpenSSLDxe unconditionally, squashing and updating previous
downstream commits
- 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo
(RHEL only)
- 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only)
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove
incorrect comments.", 2018-02-28)
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- After picking previous downstream-only commit 32192c62e289, carry new
upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing
dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to
"LogoOpenSSLDxe.inf".
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- For more fun, upstream completely changed the way logo bitmaps are
embedded in the firmware binary (see for example commit ab970515d2c6,
"OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this
rebase, we reimplement the previous downstream-only commit e775fb20c999,
as described below.
- Beyond the new bitmap file (which we preserve intact from the last
downstream branch), we introduce:
- a new IDF (image description file) referencing the new BMP,
- a new driver INF file, referencing the new BMP and new IDF (same C
source code though),
- a new UNI (~description) file for the new driver INF file.
- In the OVMF DSC and FDF files, we select the new driver INF for
inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they
both make use of OpenSSL (although different subsets of it).
- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE,
because the ArmVirtQemu platform does not support TLS_ENABLE yet.
- This patch is best displayed with "git show --find-copies-harder".
Notes about the d7c0dfa -> 90bb4c5 rebase:
- squash in the following downstream-only commits (made originally for
<https://bugzilla.redhat.com/show_bug.cgi?id=1308678>):
- eef9eb0 restore TianoCore splash logo without OpenSSL advertisment
(RHEL only)
- 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure
Boot (RH only)
The reason is that ideas keep changing when and where to include the
Secure Boot feature, so the logo must be controllable directly on the
build command line, from the RPM spec file. See the following
references:
- https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html
- https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1323363
- This squashed variant should remain the final version of this patch.
Notes about the c9e5618 -> b9ffeab rebase:
- AAVMF gained Secure Boot support, therefore the logo is again modified
in the common location, and no FDF changes are necessary.
Notes about the 9ece15a -> c9e5618 rebase:
- Logo.bmp is no longer modified in-place; instead a modified copy is
created. That's because AAVMF includes the logo too, but it doesn't
include OpenSSL / Secure Boot, so we need the original copy too.
Because we may include the OpenSSL library in our OVMF and AAVMF builds
now, we should advertise it as required by its license. This patch takes
the original TianoCore logo, shifts it up by 20 pixels, and adds the
horizontally centered message
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)
below.
Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24
Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8
Downstream only because upstream edk2 does not intend to release a
secure-boot-enabled OVMF build. (However the advertising requirement in
the OpenSSL license,
"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed
nonetheless, which is why I'm changing the logo.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b)
(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
(cherry picked from commit 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2)
---
ArmVirtPkg/ArmVirtQemu.dsc | 2 +-
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +-
MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes
MdeModulePkg/Logo/Logo-OpenSSL.idf | 10 +++++
MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 56 +++++++++++++++++++++++++++
MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 17 ++++++++
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.fdf | 2 +-
13 files changed, 92 insertions(+), 9 deletions(-)
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp
create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 3f649c91d8..360094ab6a 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -424,7 +424,7 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
- MdeModulePkg/Logo/LogoDxe.inf
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index a2f4bd62c8..9b94043085 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -193,7 +193,7 @@ READ_LOCK_STATUS = TRUE
#
# TianoCore logo (splash screen)
#
- INF MdeModulePkg/Logo/LogoDxe.inf
+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
#
# Ramdisk support
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 2a6fd6bc06..d186263e18 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -363,7 +363,7 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
- MdeModulePkg/Logo/LogoDxe.inf
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp
new file mode 100644
index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29
GIT binary patch
literal 156342
zcmeI5d(>~$xW~&aw_M64<QfWz7#dP?t3($>NYZ7LkVerMIgB$pYT%5)88Oa?KguvP
zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY
zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l
zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12
zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo*
z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t
z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw
z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8
zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&n<tedLa%?xslom<X-FfGo
z|N7Uz;zQR$QEQ9?GD3Gi=7I|@pfCK+KmYs#4?Hjq5uDk6`|VNq*T4RC_0?DJzyJQK
zsC})Wq6;y((@r~m>s#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a?
zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE
z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb
zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK
zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI
zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W)
ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN
z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5&
z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc
z(W5B_Snb5D<<krM8Rdr0QJ*T%G?&$9Kl|Aaedt5q{N^`bbkRjt=pxTd#b-YA8EUQl
zKchfbq0T+_*u#B>LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2`
zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC
z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr
zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O
ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_<AJw{W#8P-F
zCZ+ter#+36>Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm
zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y
z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn<x8h_IHKi^H{SS?OD<7Pl&u5c1iZic)vw55
zPYCS8DxE<E)W+zbHi&JlM^g+iInTa(VydW{U!X0uhR=omt+(FFeX!eo+~Xc+g)Z`x
zdj8N=)=t4F&^=~kG;gb}a*}(FCaQITC`z4#i;q6~=*up<jJqdTY_rWab6qT>7Jr_#
zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT
zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL
z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7
zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9
zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO
zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44<v6$8atncWoEpM%TfyD5
zOKl<QH-<r@2>UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ
zZ)HZA9HQN?fBowS=bd-nQAZucL<BNN<e-BNlK!B=7$Y*peh}MQkER%4wG*?Jk9!5$
za=YO(`jIg>9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT
zMP`<n_i+x3u2}-%qy?KI2ieQE8H)@%t3@GJQLXK^+fEA9!X?Qg9Y7gIU_L>$;+{w6
zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts
zL;~R<E6L(oPAf#^!mHl--`*n_trZ3-svVA^Ip*035tJEaa=!3|FC2E*VF<?^cN{an
zpZw$}k$H$uzVrtb#u$+)_Ji2gdNjoVtDTs&eB3M0mfH=V(T|M5>A-VBcb3QU(O`l6
zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e
zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3<H!}
zOgDezBOgJQ@<<0zX6g9rU;p~pgk<J_zx&<qN?y8jDNh()@{*U}8|xq9T7^bKwH~n|
zXWMPJ?Y8KgL4^VYSF8z9zcvi0+bE*cMlA5;4GMOE>HMf%xC9#(>mO=IFj^}NHV#Lj
z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt
zeC{#^7{V<qOo9rSOuO{bOX-pOULeo<hfja{(=J^*1?~;O)IW6+y5!tu#Iq31@hO~3
zI7SRYrl&O{C>ZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb
zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y
z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A
zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH
z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q
z#U5^JZ4<b$t--qHc9p*$iO#Qj2f3KD%!onr@|V9{>wkHy#0}}mC!ZV}nnU^RZ+|=Y
zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg|
zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz
z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~<Y{if>z)>P3#
z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+<gohY|!t!t&VqcB%E2zeG7{rS&-E|$&A
zRTB%*&a<BNEN1AqDOiZk)nlLW-p=>98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3
z<ZvD3hF6+V9#ePS(OC^gfeB*%0MAbg)*WoKr-?u!kO(9Ki9jNd2qXfDKq8O`Bm#**
zB9I8o3j*^!p))T|r_psDfqQG*va*mB>-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq
zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1
zxc%S<KgjCC1qR8yFA-U2{Vn`qvGClFie8IFrjr)%tnm{2=r>hrZ`6<0RHgQodrAoh
zSgFbiHWu-)l-PgPQu`<dRrqrq-s8s$rTEic{^Z79@#o0g;&op=SNPLN_FA@n!=*+?
zDB|xddq34N2I_`R4OKfVWC~c?-(29YpLt&li<Eg&*GVUx#G5Nv*-lcX3d@bIN#Fb0
zQEpq{?RT^o-vc0nH9Vtx4RC7Xw(U%#3-Zc;X2wY7mi8}y`3rA*P?7iitvoODi?70Q
zk%V}#Vs|Jlk~I(tgDi;yipIBBWO)iq3V&j<{dE;uY%5@@`z!i|LXlG>y9%`-LB*)t
z0JfJO;vrk<L$v7JBGX9=Xf|GAZ#xK$H|j@gXg1z*&)??qN4GEne;CG_Rv;<Nsuk96
z_I?zDn>hX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgB<FFE9q`noa{%J1h_i
zSlZuQ;BSZcQxUM`opT8MStqY4@S8si%Z;u@{HFs43mj<vnAm^aAe)Uw?Op?%#<*=*
zZge5`RIgdkcTBiiGoIu7gV5yN6#O|1L=bC5IUX!`M+!07a5Y*(9{lzSI@4hi{lSQn
zgI`w}RIsU{FEKf&Qz$fsM0CCZY>gk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD
zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Q<b
zsMA2z4y$63Y=3is8xgLBZjr+pt4A4~kzJb(99~t!i$vfrZfN2kST-89du?!P<F;YB
z(FJ3LfCF)Qm&l!0GDZd7tn~i(zn}Ni#LOtW3$j)#YPcG!jQRG88kz!==xX$q36^+L
z%bz*_{7TV!?6u@Vp)n+)^9^7J`C-C`qWNB*tYaaX=)S~0mQp3Yku!d>p|I9?%YE^}
zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc
z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$
zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG
zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ
z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY
zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf
z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;<eqg*5#u10HPzP%#L
zQ()3?FZ#e_HxmwX{`r-n_1L21LZLAvgn()_faOs3GEdRa-JbO3k~#P-fW}Mg?>4>S
zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl>
z7^rJH4OAO`j``+-dZ#@M60IS}<JIU|G%^J^y!n^Qxjym7CvR!UZ{lw>YFFFf)W&VY
za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R)
zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y
zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp
zKFQt>Vbm<Ux`o0el8ugF)~`ZFGk&UL4AeE92C5A|$9!|axFPVI(;w*|iRE~_8eNM<
zrT~ZUZ!%$LBfO}dN6$(&8g<9p;MB%#!*Zhwb`k*x;#3L49-C4iKYl>=t6%*pub_){
zCA$l<)_b;6)NnQ0<R*s6gqR~aetU%+8l3_YYW1E+jF8pv`IQJ1UEuzkm!JLHil6$3
zLL94&At3}*s{t%Uz06a1B0K&3O9+jX?$;cmiN;Ip?>4>SzuFu1i70ta6~A`DdXC=j
zVqk`4D7>weC&k1#JZWL!jy<uUMxErF8jNEmD0xQD`W_yP*emNer>LuB?XwXz%QkDF
zYqrr5PP5vlI>ta<(`lgE@N@8+3#<j?Z?p*F7|=WcW9@+^Vd--B$Tqqrh_s&q9InuO
zW86ldW8TECWTR1cya7&a++w_8xzPnXiGXpYZWzgo=PkF~lEpbpo=D*v-}naPU}ath
z`n9ip%}ERH0y(v_m7<2LHia<e+bgI|he_=`8vMG-ph5&8b|=ccI>4^wr`@sI7!sJZ
zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6
zsm0{}`|r=14;<iOB^)7z_z461*{#cMAoJ+84`K9LcGDKRX342_gd$=$o^&x@i%)fo
zfx4m7MYa1;k_gL~?<w$<@03$cA?9VM@TCT(EHw#0FM5w`t!skF`&og*3*%t~F0rnT
z%*32u>04_w9-uBbSZj=1wN<lBX`>7F69<S`8Ogv7dVc3J@g`)t#THvwlN$?i$afAx
zJXj=aXRE3-T(wQ^$8m-+?;He<BY}?J(>NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+
zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV
zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B
zp7K{7GJLB2)HbE_<iuQ=T@??f{)9o>`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE
z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K%
zc<qSR@(0Y#L-BlgvWhmRt3F+=IYD%Rf0Tqi&J#HEWVZL9^tRQT*;{=~=G<Bv)8aa-
zlTfd-hdw)=2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q
z0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**
zB9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`
zBm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(P$0lJ{_>XytO^3f
zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW
zvK_w54ib*s{pCdx<x~Ir<7gg#)M1ScwTsR@`}C7e)OOZs|6@4{OP4Oa_R1?RyYPbc
zhT5$+--ssL_19djJ;F`bU&mfKWG-E@<gUew?^tx3wma{*BMKyygEe<Kg*icB>`+U+
zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK
zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_ga<bby^J7Q&qT
ziV>B`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g
zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5<Ha3eBxHw&!B4z<)v
z1QLM)0iT5MDWR^&*Mw_9`6v_rt|I?JzT#r&a#s9HMa_-C-Eb}>vhUWL{rld#LnSaW
zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgM<J9r<8$mhZ!wxSe=iM!dP
zzkCI2L+;e2U4coXRAG-AITXSB)TL3G;*tQ2m?D!L>ChaRR3Q`NWYVa52T-<54&6jk
z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi<G
zWFn9Vj77jF60B<e?S{bSU(U&q{LA^w#`!Fv*kech3sXP=jSV&Ui*ud{5GV=#y*A$j
zvyce<i&^&Mvqy)y5fs=%A~XR{5f?98wv-~c+nt4X=mq2}@}lGDV-}V{P2@#gQ830K
zBkEFwpR`C37D!^5e5jDtMSLW2OzyEKiCOqmb;+SojL;%7MOelZT~i0i#4&Q%C{<sO
zvBQtLY`Dt)1AFdl9jaiHq|Cza)Wsk=>}i57aDByd`it`*14L?zOuC7O<Up?iP>`Zb
zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6
zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=|
zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQ<UNc
zq=^DVi8ELrX`aOnKQTK3U7)Af!E<nsaazP}?9h<%k<Gs}ho2N-AG0)s9rUS=Sv*96
z_!m<&jbpGj)#WgIoYW<RDl@KxUooOGnFu5TV-fIq#CawDHQN>fr!>mb@vk@wzKEOR
zUl^giiGN`YjEEEA6vzVN5F<bqVl?a^Ll%l0QNY`odEuoq@h?SKfKwE5sxH(+5nY2{
zsD*v<v4DLjTlypc2QFrh49#JLQZ$7gyoPZ~$su3Ni)9?ZAjWY_b@7wdQAUl6oOEaf
zfgE&@+2fLZkg^&=4GWSXN@RS-INqwFWa_FG{*aFwvPP*Kzz$u2<*BFxs_wHVM_92(
z2Ytwz9^sxaVb3K^K4?F7sHI*akO&kA_(bBgcjW8%*TU5E51hc-AOg!0X2rkI1QZON
z5veIE#2{P%(ZCK+344-o4Q$9B>LCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6
zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc<P_9y!4YSy!AzGmqSi?Ouu_F?MQZXVQs7^1?
zN6mbPH8o0qb+telC(*%4O7RD5vB{o%TBIQupGHN^7^JRyhcznV8_KB3Np2~~CkKD%
z8p`T5nV97wjVTWsgknTxG7(4w#v<SoiF3^J4@KnbB+6n65lU^38YeuO;#u}Ob+uO}
zrL*E+g=R1UG$8_os-P0`B|uVe4L9c8M6*YRJ0v^)g{QCpPsth%u%V2@=z{<P_MslA
z8G}?OhaW*Stb_oYlSwTlR}?O%A?O&ogbnE(eTM<9jDRu~RhMM3en3gwpcNTJUtv3$
zw53e;Vq5k!M?=a-hiPbx$j*#)o(e9TnWGSK!@{_PGG=3sP(Y0z_^3Pbb0#ZPpHaA{
zzu*RdGYa81cBrLZB9I6a2>3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox
z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`<Kx(5PUL1d36lzLD0@c(#-S!%H%
zU>V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@
z;@R>q?8C{=X3m9KyurT&nC9F<fP!Zt$|Xw*&UN=wm>PkxLoM|ZfkdD{z-Jwk38Gqf
zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZs<UH63%W?JlP<
zCkPZHDwByoA}|(#IXMHTH!?F*IkZi0J!`HG1jY`v)Jp^sfdT=apgiX0!48uK+ALcj
zA7!FcG}(x7wMX!#9Mp(UiE6tWu_~F`6WF@-6xLh>iV>B`L?96ui-1pi)&}t0pQmuO
zjkyJsVOUM<GMP{aPNG(uQqU7BO*JrM;MP-Ea}gLj)KV`INCXN5eA>gmwe@7qN10I9
zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q
z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{
zrxeR<HJ#WhYSF8<OT~!FWFn9Vj77j_9rFxCzNXr)5Ff0Wd3yzHPQkx~%q;BHCK9)A
zQGn}t5{MdWV43A`5d=ytLU>A9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH
zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$
zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW)
z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw
z3l@f;rKYP((H5Gr$(|rLmcp<mdN*WceBjS9dShygKx7c5d9x5qeCYIYCG^^;jy34A
z;7VB4trSJ>6r6t4$t%^Y9|aV;zhXpXG7(4w#v<U;Y0l%{IMwSp2Md%I^AE(oS^x)&
zwfPq{Ht5g%E27k2izosmhpPf4NTz7fi|S}dy@r3`Ww9rJBxWcq*ep6R{-qbRE;lH`
z2v;wBhQ!sJ_Sh`?h-Iiy3~Qc6fKRnKQ>;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_
z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C
zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk
zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y
zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA
zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr=
zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W
z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK<i8w#Q2)WYbaoUR{YBqMYY&_
z{sGQaTM#;z83Pyv*j#-<$HWcsnd6{B!qvtvM#?B_A~;&;Wl0Q5M^x*%f*9U*`8UpK
zK;OMT)>>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_
zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO
z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPT<Xx3#lMaCx0rvJ
zZTvfO{=qRROzP)v^a7gm!!+@u_b@UX%GMkIN^NldLGdq>zaT>uOf~q|a}+cx{*6-y
z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB
zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<<Tq+<(2pX33R^wk3;8R^)jD`d{
zsOl&<)EyuHs;>AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9
zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^
zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095
zOig9PT5<lDYXhyY;js1yY?1nHRz@ZVRHhPvL|`-mJ`b5LAhvC9DC@;KB0KgL#C=NY
ztH8EAQWzQkcGo{(ABKfk;X8<uj&xfjD5eO7?)o$FGDSF0RP>`Z>N@_#zD%)aez~YZ
z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{
z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r
zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^
zg<d)aMb=iH4Z;=UP{pbyQ<{k68(BWqf<q~SL)l<esF@#iBeSCqmFow~6Yx6jritP=
zIiNC?2qXfd5%9SLahPzS+PG<L1ACOAHi)vlnfq*fjDTgx4pM`*@T67+$HcRcBeZKZ
zswiJZ{4NW)QZy>damB9JKZs<hjwS?6U22J5DI!1CqD8uoCi$`nJFB_K%aq1m#K&U2
zp{qO67NAAg(`<+U3zGvann1}cnuzlcu`V(di-&tsz$`^<zHD^O%GJ?hEfo`iL|_sD
zpY8DvD<b(u8RhxoU&X(o!pL0qP=a_?+!y(m*;^(VM3>s5qfIuEVafQ{8IFHZ(DOQ1
zL2xbpxXzOgb_Q=@TibU<H4QI=o0TO*-c;0CC=^M8Py$ah2~Hi2qC@N)X9Eg86{Qwa
z6XsudInuQ1dOiWQZmI1n+%B9XIXR#*l?WsPqY?1wr1)2%Zsgo3qYUM>gI`Lgj(=e>
zMU)Nx<vO9YaXjPljlX-r<pCB}%u85Gl**>~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo
zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh
z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{<Xtx0jlLuAq36V
zUD(j5%f*8#)Gf$*unM)>RlEdP#0v4%e#ImMtXlgq`3qxe(=<X&v&d&Ygj$U%Qb4Ch
zyEZsEpfZ&RBm$!m@L5#M|MmvLD9=g!OGL>XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE
zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr
zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?D<v+=r8c!<bcXlB9I7-
zM!@H`<KN!M7si~!`3J&VJ>c?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7>
zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a
z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q
zf7)`qfCKTHn1c<ucMDcvF&WReh=>Vw*|W7Di!H#8j2>&Lm<S{SlL+{H9vT16-}+yB
zlERvWz~q3+R3eZFj7GqxI<X{ws@vXB9;s%tDXjGfj2>&Lm<S{SlL(j{SPiDtvf8t>
z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K
zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@
z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33W<Ob
zm>f`<N(2&t(Fph~>WzQnL<F*xQ%D4i!054-iitoXFo}TAq9XoPvdFY@3W<Obm>f`<
zN(2&t(Fph~a{Oz~wUF}<Mk$3Z0;9)TDkcJnz$5}bog&*t+2l*6l~YIrjKJi8%2Xnd
z2#iL+XOZJy6K+?qateun5g0wzQZW%o1SS#iS(Go<F%&7x3W3Q1m8nD^5g3iYtj@Gl
zP6WCLj2>&Lm<S{SlL&NAr_4zNW`)4yfXY-NkO+)MU{+^ZDklP61V)dwRJ=D3_<z$H
BLUI5A
literal 0
HcmV?d00001
diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf
new file mode 100644
index 0000000000..2a60ac61b7
--- /dev/null
+++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf
@@ -0,0 +1,10 @@
+// /** @file
+// Platform Logo image definition file.
+//
+// Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#image IMG_LOGO Logo-OpenSSL.bmp
diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
new file mode 100644
index 0000000000..d1207663b2
--- /dev/null
+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
@@ -0,0 +1,56 @@
+## @file
+# The default logo bitmap picture shown on setup screen.
+#
+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = LogoOpenSSLDxe
+ MODULE_UNI_FILE = LogoOpenSSLDxe.uni
+ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+
+ ENTRY_POINT = InitializeLogo
+#
+# This flag specifies whether HII resource section is generated into PE image.
+#
+ UEFI_HII_RESOURCE_SECTION = TRUE
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ Logo-OpenSSL.bmp
+ Logo.c
+ Logo-OpenSSL.idf
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+
+[LibraryClasses]
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ DebugLib
+
+[Protocols]
+ gEfiHiiDatabaseProtocolGuid ## CONSUMES
+ gEfiHiiImageExProtocolGuid ## CONSUMES
+ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES
+ gEdkiiPlatformLogoProtocolGuid ## PRODUCES
+
+[Depex]
+ gEfiHiiDatabaseProtocolGuid AND
+ gEfiHiiImageExProtocolGuid
+
+[UserExtensions.TianoCore."ExtraFiles"]
+ LogoDxeExtra.uni
diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
new file mode 100644
index 0000000000..6439502b6a
--- /dev/null
+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
@@ -0,0 +1,17 @@
+// /** @file
+// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen.
+//
+// This module provides the logo bitmap picture (with OpenSSL advertisment)
+// shown on setup screen, through EDKII Platform Logo protocol.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen."
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
+
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d0df9cbbfb..f8317a4f5d 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -750,7 +750,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index e2b759aa8d..ec64551bcb 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -294,7 +294,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
-INF MdeModulePkg/Logo/LogoDxe.inf
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index b3ae62fee9..55423d356c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -764,7 +764,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index bfca1eff9e..2f02ac2d73 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
-INF MdeModulePkg/Logo/LogoDxe.inf
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f7fe75ebf5..17aeeed96e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -760,7 +760,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf
MdeModulePkg/Application/UiApp/UiApp.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index bfca1eff9e..2f02ac2d73 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
-INF MdeModulePkg/Logo/LogoDxe.inf
+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
#
# Network modules
--
2.18.4

76
0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch Normal file
View File

@ -0,0 +1,76 @@
From a95cff0b9573bf23699551beb4786383f697ff1e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- trivial context difference due to upstream commit 2fe5f2f52918
("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
by git-cherry-pick automatically
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no changes
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Upstream prefers short debug messages (sometimes even limited to 80
characters), but any line length under 512 characters is just unsuitable
for effective debugging. (For example, config strings in HII routing,
logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
level, can be several hundred characters long.) 512 is an empirically good
value.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
(cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5)
---
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
index dffb20822d..0577c43c3d 100644
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
@@ -21,7 +21,7 @@
//
// Define the maximum debug and assert message length that this library supports
//
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
//
// VA_LIST can not initialize to NULL for all compiler, so we use this to
--
2.18.4

60
0006-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch → 0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
View File

@ -1,7 +1,42 @@
From 31dcc494a7c3ce1bbb1d35b42ba3b6359ca971cf Mon Sep 17 00:00:00 2001
From 99da4393139d428baf09d751af3d072229839126 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Jun 2014 00:17:59 +0200
Subject: [PATCH] OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim
Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no changes
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no changes
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no changes
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- update commit message as requested in
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
The Int10h VBE Shim is capable of emitting short debug messages when the
win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
@ -11,18 +46,20 @@ For this patch, the DEBUG macro is enabled in the assembly file, and then
the header file is regenerated from the assembly, by running
"OvmfPkg/QemuVideoDxe/VbeShim.sh".
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
"VbeShim.h" is not auto-generated; it is manually generated. The patch
does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the
manually re-generated) "VbeShim.h" atomically. Doing so helps with local
downstream builds, with bisection, and also keeps redhat/README a bit
simpler.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
(cherry picked from commit 3aa0316ea1db5416cb528179a3ba5ce37c1279b7)
---
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
@ -538,3 +575,6 @@ index cc9b6e14cd..325d6478a1 100644
+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00,
};
#endif
--
2.18.4

65
0007-MdeModulePkg-TerminalDxe-add-other-text-resolutions.patch → 0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
View File

@ -1,7 +1,44 @@
From 3b413c99f3a5087710f4932b4ba61c2646ae84b9 Mon Sep 17 00:00:00 2001
From 82b9edc5fef3a07227a45059bbe821af7b9abd69 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 18:40:35 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: add other text resolutions
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no changes
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no changes
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- update commit message as requested in
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
InitializeTerminalConsoleTextMode", 2017-01-10).
When the console output is multiplexed to several devices by
ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
@ -54,23 +91,16 @@ the most frequent (1d) values from the intersection, and eg. the MODE
command in the UEFI shell will offer the "best" (ie. full screen)
resolution too.
Upstream status: three calendar months (with on-and-off discussion and
patches) have not been enough to find a solution to this problem that
would please all stakeholders.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
InitializeTerminalConsoleTextMode", 2017-01-10).
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Upstreaming efforts for this patch have been discontinued; it was clear
from the off-list thread that consensus was impossible to reach.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
(cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18)
---
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
1 file changed, 38 insertions(+), 3 deletions(-)
@ -127,3 +157,6 @@ index a98b690c8b..ded5513c74 100644
//
// New modes can be added here.
//
--
2.18.4

78
0008-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch → 0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
View File

@ -1,8 +1,52 @@
From 50b53194f7caea602e04df663358617c280f299c Mon Sep 17 00:00:00 2001
From bc2266f20de5db1636e09a07e4a72c8dbf505f5a Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
change (RH only)
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Resolve trivial conflict in "MdeModulePkg/MdeModulePkg.dec", arising
from upstream commit 166830d8f7ca ("MdeModulePkg/dec: add
PcdTcgPfpMeasurementRevision PCD", 2020-01-06).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
- 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
2019-06-26),
- 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
PcdUse5LevelPageTable", 2019-08-09),
with easy manual resolution.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- refresh commit 519b9751573e against various context changes
The
@ -14,22 +58,15 @@ escape sequence serves for window manipulation. We can use the
sequence to adapt eg. the xterm window size to the selected console mode.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- refresh commit 519b9751573e against various context changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
(cherry picked from commit a11602f5e2ef930be5b693ddfd0c789a1bd4c60c)
---
MdeModulePkg/MdeModulePkg.dec | 4 +++
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
@ -37,12 +74,12 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index cb30a79758..e562bed57e 100644
index 031043ec28..3978a500e5 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2013,6 +2013,10 @@
# @Prompt Enable StatusCode via memory.
gEfiMdeModulePkgTokenSpaceGuid.PcdStatusCodeUseMemory|FALSE|BOOLEAN|0x00010023
@@ -1998,6 +1998,10 @@
# @Prompt TCG Platform Firmware Profile revision.
gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
@ -126,3 +163,6 @@ index b2a8aeba85..eff6253465 100644
# [Event]
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
--
2.18.4

40
0014-ArmVirtPkg-set-early-hello-message-RH-only.patch
View File

@ -1,40 +0,0 @@
From 34a88714097996e34811d27b32e77ff71ca763a6 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 14:07:17 +0200
Subject: [PATCH] ArmVirtPkg: set early hello message (RH only)
Print a friendly banner on QEMU, regardless of debug mask settings.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 24c6ea2e64..ad6af7f1c6 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -125,6 +125,7 @@
gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
[PcdsFixedAtBuild.common]
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1
!endif

98
0009-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch → 0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
View File

@ -1,12 +1,35 @@
From 0616c1d69ef552bd35700992fae37263ddd8c4ce Mon Sep 17 00:00:00 2001
From 51e0de961029af84b5bdbfddcc9762b1819d500f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
only)
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no changes
- Resolve contextual conflict in the DSC files, from upstream commit
b0ed7ebdebd1 ("OvmfPkg: set fixed FlashNvStorage base addresses with -D
SMM_REQUIRE", 2020-03-12).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
@ -15,11 +38,19 @@ Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
SMM_REQUIRE", 2017-03-12).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
(cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f)
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
@ -29,41 +60,41 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 files changed, 5 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 2886c10b1b..b974740e2f 100644
index f8317a4f5d..6ce8a46d4e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -577,6 +577,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
!endif
@@ -574,6 +574,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5a9e9a707a..65a8c6764c 100644
index 55423d356c..89d414cda7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -586,6 +586,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
@@ -580,6 +580,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId|0
gUefiOvmfPkgTokenSpaceGuid.PcdPciIoBase|0x0
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 70c2c3e3b9..72bc289f26 100644
index 17aeeed96e..e567eb76e0 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -582,6 +582,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
!endif
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration|FALSE
@@ -578,6 +578,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|800
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 96468701e3..14efbabe39 100644
--- a/OvmfPkg/PlatformPei/Platform.c
@ -77,10 +108,10 @@ index 96468701e3..14efbabe39 100644
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index c53be2f492..e5744ed818 100644
index ff397b3ee9..3a012a7fa4 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -97,6 +97,7 @@
@@ -93,6 +93,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
@ -88,3 +119,6 @@ index c53be2f492..e5744ed818 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
--
2.18.4

195
0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch → 0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
View File

@ -1,15 +1,62 @@
From 4de2ee915d9f3eea6d32cd010ab856ac176f3983 Mon Sep 17 00:00:00 2001
From a5f7a57bf390f1f340ff1d1f1884a73716817ef1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
(RH only)
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
setter functions for dynamic PCDs that don't return a status code (such
as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
there's really no circumstance in this case when it could fail.
- Resolve leading context divergence in "ArmVirtPkg/ArmVirtQemu.dsc",
arising from upstream commits:
- 82662a3b5f56 ("ArmVirtPkg/PlatformPeiLib: discover the TPM base
address from the DT", 2020-03-04)
- ddd34a818315 ("ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI
phase", 2020-03-04)
- cdc3fa54184a ("ArmVirtPkg: control PXEv4 / PXEv6 boot support from the
QEMU command line", 2020-04-28)
- Rework the downstream patch quite a bit, paralleling the upstream work
done for <https://bugzilla.tianocore.org/show_bug.cgi?id=2681> in commit
range 64ab457d1f21..cdc3fa54184a:
- Refresh copyright year in TerminalPcdProducerLib.{inf,c}. Also replace
open-coded BSDL with "SPDX-License-Identifier: BSD-2-Clause-Patent".
- Simplify LIBRARY_CLASS: this lib instance is meant to be consumed only
via NULL class resolution (basically: as a plugin), so use NULL for
LIBRARY_CLASS, not "TerminalPcdProducerLib|DXE_DRIVER".
- Sort the [Packages] section alphabetically in the INF file.
- Replace the open-coded GetNamedFwCfgBoolean() function with a call to
QemuFwCfgParseBool(), from QemuFwCfgSimpleParserLib.
- Add the SOMETIMES_PRODUCES usage comment in the [Pcd] section of the
INF file.
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
@ -18,31 +65,43 @@ Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
override", 2017-03-29).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
setter functions for dynamic PCDs that don't return a status code (such
as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
there's really no circumstance in this case when it could fail.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
(cherry picked from commit 8338545260fbb423f796d5196faaaf8ff6e1ed99)
---
ArmVirtPkg/ArmVirtQemu.dsc | 6 +-
.../TerminalPcdProducerLib.c | 87 +++++++++++++++++++
.../TerminalPcdProducerLib.inf | 41 +++++++++
3 files changed, 133 insertions(+), 1 deletion(-)
ArmVirtPkg/ArmVirtQemu.dsc | 7 +++-
.../TerminalPcdProducerLib.c | 34 +++++++++++++++++++
.../TerminalPcdProducerLib.inf | 33 ++++++++++++++++++
3 files changed, 73 insertions(+), 1 deletion(-)
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 2405636af6..24c6ea2e64 100644
index 360094ab6a..3345987503 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -249,6 +249,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution|600
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoHorizontalResolution|640
gEfiMdeModulePkgTokenSpaceGuid.PcdSetupVideoVerticalResolution|480
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
@@ -272,6 +272,8 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
!endif
#
# SMBIOS entry point version
@@ -374,7 +375,10 @@
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -374,7 +376,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
@ -56,82 +115,29 @@ index 2405636af6..24c6ea2e64 100644
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
new file mode 100644
index 0000000000..814ad48199
index 0000000000..bfd3a6a535
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
@@ -0,0 +1,87 @@
@@ -0,0 +1,34 @@
+/** @file
+* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+*
+* Copyright (C) 2015-2016, Red Hat, Inc.
+* Copyright (C) 2015-2020, Red Hat, Inc.
+* Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+*
+* This program and the accompanying materials are licensed and made available
+* under the terms and conditions of the BSD License which accompanies this
+* distribution. The full text of the license may be found at
+* http://opensource.org/licenses/bsd-license.php
+*
+* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+* IMPLIED.
+*
+* SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/QemuFwCfgLib.h>
+
+STATIC
+RETURN_STATUS
+GetNamedFwCfgBoolean (
+ IN CONST CHAR8 *FwCfgFileName,
+ OUT BOOLEAN *Setting
+ )
+{
+ RETURN_STATUS Status;
+ FIRMWARE_CONFIG_ITEM FwCfgItem;
+ UINTN FwCfgSize;
+ UINT8 Value[3];
+
+ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize);
+ if (RETURN_ERROR (Status)) {
+ return Status;
+ }
+ if (FwCfgSize > sizeof Value) {
+ return RETURN_BAD_BUFFER_SIZE;
+ }
+ QemuFwCfgSelectItem (FwCfgItem);
+ QemuFwCfgReadBytes (FwCfgSize, Value);
+
+ if ((FwCfgSize == 1) ||
+ (FwCfgSize == 2 && Value[1] == '\n') ||
+ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) {
+ switch (Value[0]) {
+ case '0':
+ case 'n':
+ case 'N':
+ *Setting = FALSE;
+ return RETURN_SUCCESS;
+
+ case '1':
+ case 'y':
+ case 'Y':
+ *Setting = TRUE;
+ return RETURN_SUCCESS;
+
+ default:
+ break;
+ }
+ }
+ return RETURN_PROTOCOL_ERROR;
+}
+#include <Library/QemuFwCfgSimpleParserLib.h>
+
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
+ BOOLEAN Setting; \
+ RETURN_STATUS PcdStatus; \
+ \
+ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \
+ if (!RETURN_ERROR (QemuFwCfgParseBool ( \
+ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
+ ASSERT_RETURN_ERROR (PcdStatus); \
@ -149,25 +155,17 @@ index 0000000000..814ad48199
+}
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
new file mode 100644
index 0000000000..fecb37bcdf
index 0000000000..a51dbd1670
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
@@ -0,0 +1,41 @@
@@ -0,0 +1,33 @@
+## @file
+# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+#
+# Copyright (C) 2015-2016, Red Hat, Inc.
+# Copyright (C) 2015-2020, Red Hat, Inc.
+# Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+#
+# This program and the accompanying materials are licensed and made available
+# under the terms and conditions of the BSD License which accompanies this
+# distribution. The full text of the license may be found at
+# http://opensource.org/licenses/bsd-license.php
+#
+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED.
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
@ -176,21 +174,24 @@ index 0000000000..fecb37bcdf
+ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = TerminalPcdProducerLibConstructor
+
+[Sources]
+ TerminalPcdProducerLib.c
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+ DebugLib
+ PcdLib
+ QemuFwCfgLib
+ QemuFwCfgSimpleParserLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES
--
2.18.4

75
0015-Tweak-the-tools_def-to-support-cross-compiling.patch
View File

@ -1,75 +0,0 @@
From d8b75ad1013b21c089a1af579b510f32c49c5b14 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 16 Aug 2018 15:45:47 -0400
Subject: [PATCH] Tweak the tools_def to support cross-compiling.
These files are meant for customization, so this is not upstream.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
BaseTools/Conf/tools_def.template | 44 +++++++++++++++----------------
1 file changed, 22 insertions(+), 22 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 933b3160fd..e62ccc322d 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -2350,17 +2350,17 @@ RELEASE_GCC49_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
##################
# GCC5 IA32 definitions
##################
-*_GCC5_IA32_OBJCOPY_PATH = DEF(GCC5_IA32_PREFIX)objcopy
-*_GCC5_IA32_CC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_SLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc-ar
-*_GCC5_IA32_DLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLDLINK_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASM_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_PP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_VFRPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLCC_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_ASLPP_PATH = DEF(GCC5_IA32_PREFIX)gcc
-*_GCC5_IA32_RC_PATH = DEF(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_OBJCOPY_PATH = ENV(GCC5_IA32_PREFIX)objcopy
+*_GCC5_IA32_CC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_SLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc-ar
+*_GCC5_IA32_DLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLDLINK_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASM_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_PP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_VFRPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLCC_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_ASLPP_PATH = ENV(GCC5_IA32_PREFIX)gcc
+*_GCC5_IA32_RC_PATH = ENV(GCC5_IA32_PREFIX)objcopy
*_GCC5_IA32_ASLCC_FLAGS = DEF(GCC5_ASLCC_FLAGS) -m32
*_GCC5_IA32_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_i386 -no-pie
@@ -2382,17 +2382,17 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
##################
# GCC5 X64 definitions
##################
-*_GCC5_X64_OBJCOPY_PATH = DEF(GCC5_X64_PREFIX)objcopy
-*_GCC5_X64_CC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_SLINK_PATH = DEF(GCC5_X64_PREFIX)gcc-ar
-*_GCC5_X64_DLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLDLINK_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASM_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_PP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_VFRPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLCC_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_ASLPP_PATH = DEF(GCC5_X64_PREFIX)gcc
-*_GCC5_X64_RC_PATH = DEF(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_OBJCOPY_PATH = ENV(GCC5_X64_PREFIX)objcopy
+*_GCC5_X64_CC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_SLINK_PATH = ENV(GCC5_X64_PREFIX)gcc-ar
+*_GCC5_X64_DLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLDLINK_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASM_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_PP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_VFRPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLCC_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_ASLPP_PATH = ENV(GCC5_X64_PREFIX)gcc
+*_GCC5_X64_RC_PATH = ENV(GCC5_X64_PREFIX)objcopy
*_GCC5_X64_ASLCC_FLAGS = DEF(GCC5_ASLCC_FLAGS) -m64
*_GCC5_X64_ASLDLINK_FLAGS = DEF(GCC5_IA32_X64_ASLDLINK_FLAGS) -Wl,-m,elf_x86_64

95
0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch → 0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
View File

@ -1,7 +1,55 @@
From c1d277217b6d4115277cac4de26943fde3b7f170 Mon Sep 17 00:00:00 2001
From c2812d7189dee06c780f05a5880eb421c359a687 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Nov 2014 23:02:53 +0100
Subject: [PATCH] OvmfPkg: allow exclusion of the shell from the firmware image
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- update the patch against the following upstream commits:
- 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
- 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
tool chain", 2018-11-27)
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
Patchwork-id: 62119
O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
from the firmware image (RH only)
Bugzilla: 1147592
Acked-by: Andrew Jones <drjones@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
binary from the firmware image.
@ -36,29 +84,25 @@ Intended use of the new build option:
is specified, the shell binary needs to be built the same, only it
will be included in UefiShell.iso.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
---
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.fdf | 3 +++
OvmfPkg/OvmfPkgX64.fdf | 3 +++
3 files changed, 8 insertions(+)
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
OvmfPkg/OvmfPkgX64.fdf | 2 ++
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 6e1e7f5f44..07c1cdbe81 100644
index ec64551bcb..44178a0da7 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -291,11 +291,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -288,11 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -70,13 +114,13 @@ index 6e1e7f5f44..07c1cdbe81 100644
INF ShellPkg/Application/Shell/Shell.inf
+!endif
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 1fab3d5014..b1560d6218 100644
index 2f02ac2d73..06259c43d2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -292,11 +292,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -87,15 +131,14 @@ index 1fab3d5014..b1560d6218 100644
!endif
INF ShellPkg/Application/Shell/Shell.inf
+!endif
+
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 6dc48977a0..34cd97aac4 100644
index 2f02ac2d73..06259c43d2 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -301,11 +301,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -106,7 +149,9 @@ index 6dc48977a0..34cd97aac4 100644
!endif
INF ShellPkg/Application/Shell/Shell.inf
+!endif
+
!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE)
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
--
2.18.4

56
0012-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch → 0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
View File

@ -1,8 +1,41 @@
From cdd42dea1b59285def15d38feaf2093f9f1688dd Mon Sep 17 00:00:00 2001
From c75aea7a738ac7fb944c0695a4bfffc3985afaa9 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:49:43 +0200
Subject: [PATCH] ArmPlatformPkg: introduce fixed PCD for early hello message
(RH only)
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
machine firmware) print a reasonably early, simple hello message to the
@ -17,20 +50,16 @@ RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Suggested-by: Drew Jones <drjones@redhat.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
(cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc)
---
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
1 file changed, 7 insertions(+)
@ -53,3 +82,6 @@ index 696d636aac..1553e1ae92 100644
[PcdsFixedAtBuild.common,PcdsDynamic.common]
## PL031 RealTimeClock
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
--
2.18.4

68
0013-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch → 0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
View File

@ -1,8 +1,44 @@
From f9b6876cb7e14d4e863cc33c8999ece2cf399ff6 Mon Sep 17 00:00:00 2001
From 49fe5596cd79c94d903c4d506c563d642ccd69aa Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:59:20 +0200
Subject: [PATCH] ArmPlatformPkg: PrePeiCore: write early hello message to the
serial port (RH)
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
port (RH)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
temporary stack before entering PEI core", 2017-11-09) -- conflict
resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
The FixedPcdGetSize() macro expands to an integer constant, therefore an
optimizing compiler can eliminate the new code, if the platform DSC
@ -13,19 +49,15 @@ RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
(cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453)
---
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
@ -92,12 +124,16 @@ index fb01dd1a11..a6681c1032 100644
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
gArmTokenSpaceGuid.PcdGicSgiIntId
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
index e9eb092d3a..a02ff39b7a 100644
index e9eb092d3a..c98dc82f0c 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
@@ -68,3 +68,5 @@
@@ -67,4 +67,6 @@
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
+
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
--
2.18.4

76
0019-ArmVirtPkg-set-early-hello-message-RH-only.patch Normal file
View File

@ -0,0 +1,76 @@
From 72550e12ae469012a505bf5b98a6543a754028d3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 14:07:17 +0200
Subject: ArmVirtPkg: set early hello message (RH only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- context difference from upstream commit f5cb3767038e
("ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2
support", 2020-03-04) automatically resolved correctly
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
don't set PcdCoreCount", 2019-02-13)
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- no changes
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Print a friendly banner on QEMU, regardless of debug mask settings.
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
Downstream only:
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
(cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b)
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 3345987503..57c5b3f898 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -125,6 +125,7 @@
gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
[PcdsFixedAtBuild.common]
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
!if $(ARCH) == AARCH64
gArmTokenSpaceGuid.PcdVFPEnabled|1
!endif
--
2.18.4

102
0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch Normal file
View File

@ -0,0 +1,102 @@
From 5ecc18badaabe774d9d0806b027ab63a30c6a2d7 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- context difference from upstream commit 46bb81200742 ("OvmfPkg: Make
SOURCE_DEBUG_ENABLE actually need to be set to TRUE", 2019-10-22)
resolved automatically
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Message-id: <20171120235748.29669-5-pbonzini@redhat.com>
Patchwork-id: 77760
O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
Bugzilla: 1488247
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
From: Laszlo Ersek <lersek@redhat.com>
Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
debug messages, and code in OvmfPkg logs many messages on the
DEBUG_VERBOSE level.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117)
(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
(cherry picked from commit 3cb92f9ba18ac79911bd5258ff4f949cc617ae89)
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 6ce8a46d4e..765ffff312 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -516,7 +516,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 89d414cda7..277297a964 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -520,7 +520,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e567eb76e0..5c1597fe3c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -520,7 +520,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
--
2.18.4

147
0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch Normal file
View File

@ -0,0 +1,147 @@
From 1355849ad97c1e4a5c430597a377165a5cc118f7 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
QemuVideoDxe/QemuRamfbDxe (RH)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
"QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
Resolve the conflict manually.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14)
introduced another GOP driver that consumes FrameBufferBltLib, and
thereby produces a large number of (mostly useless) debug messages at
the DEBUG_VERBOSE level. Extend the patch to suppress those messages in
both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly.
QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also
the original commit message at the bottom of this downstream patch).
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Message-id: <20171120235748.29669-6-pbonzini@redhat.com>
Patchwork-id: 77761
O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
QemuVideoDxe (RH only)
Bugzilla: 1488247
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
From: Laszlo Ersek <lersek@redhat.com>
In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
FrameBufferBltLib.
The FrameBufferBltLib instance added in commit b1ca386074bd
("MdeModulePkg: Add FrameBufferBltLib library instance") logs many
messages on the VERBOSE level; for example, a normal boot with OVMF can
produce 500+ "VideoFill" messages, dependent on the progress bar, when the
VERBOSE bit is set in PcdDebugPrintErrorLevel.
QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose
none of its messages this way.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52)
(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
(cherry picked from commit c8c3f893e7c3710afe45c46839e97954871536e4)
---
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
3 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 765ffff312..f5c6cceb4f 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -811,9 +811,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 277297a964..c1e52b0acd 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -825,9 +825,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 5c1597fe3c..e65165b9f0 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -821,9 +821,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
--
2.18.4

91
0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch Normal file
View File

@ -0,0 +1,91 @@
From e7f57f154439c1c18ea5030b01f8d7bc492698b2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- The previous version of this patch (downstream commit 76b4ac28e975)
caused a regression (RHBZ#1714446), which was fixed up in downstream
commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
Squash the fixup into the original patch. Fuse the commit messages.
(Acked-by tags are not preserved, lest we confuse ourselves while
reviewing this rebase.)
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add
QemuRamfbDxe", 2018-06-14)
QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in
commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library
instance") logs many messages on the VERBOSE level; for example, a normal
boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
dependent on the progress bar, when the VERBOSE bit is set in
PcdDebugPrintErrorLevel.
Clear the VERBOSE bit without touching other bits -- those other bits
differ between the "silent" and "verbose" builds, so we can't set them as
constants.
QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
none of its messages, with the VERBOSE bit clear.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
Reported-by: Andrew Jones <drjones@redhat.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit e5b8152bced2364a1ded0926dbba4d65e23e3f84)
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 57c5b3f898..dda887b2ae 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -494,7 +494,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index d186263e18..711dd63e20 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -427,7 +427,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf
--
2.18.4

89
0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch Normal file
View File

@ -0,0 +1,89 @@
From deb3451034326b75fd760aba47a5171493ff055e Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
builds (RH only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- We have to carry this downstream-only patch -- committed originally as
aaaedc1e2cfd -- indefinitely.
- To avoid confusion, remove the tags from the commit message that had
been added by the downstream maintainer scripts, such as: Message-id,
Patchwork-id, O-Subject, Acked-by. These remain available on the
original downstream commit. The Bugzilla line is preserved, as it
doesn't relate to a specific posting, but to the problem.
Bugzilla: 1714446
To suppress an error message on the silent build when ramfb is
not configured, change QemuRamfbDxe to return EFI_SUCCESS even
when it fails.
Some memory is wasted (driver stays resident without
any good use), but it is mostly harmless, as the memory
is released by the OS after ExitBootServices().
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit aa2b66b18a62d652bdbefae7b5732297294306ca)
---
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
2 files changed, 15 insertions(+)
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
index 0d49d8bbab..dbf9bcbe16 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
@@ -13,6 +13,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/FrameBufferBltLib.h>
#include <Library/MemoryAllocationLib.h>
@@ -242,6 +243,19 @@ InitializeQemuRamfb (
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
if (EFI_ERROR (Status)) {
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1714446
+ // If no ramfb device was configured, this platform DXE driver should
+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
+ // using a silent build, an error message is issued to the guest console.
+ // Since this confuse users, return success and stay resident. The wasted
+ // guest RAM still gets freed later after ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ return EFI_SUCCESS;
+ }
+#endif
return EFI_NOT_FOUND;
}
if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
index e3890b8c20..6ffee5acb2 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@@ -29,6 +29,7 @@
BaseLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
FrameBufferBltLib
MemoryAllocationLib
--
2.18.4

89
0001-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch → 0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
View File

@ -1,14 +1,56 @@
From 46e9cd5dd6cb731d33e79b22619b217ba1600e52 Mon Sep 17 00:00:00 2001
From ed89844b47f46cfe911f1bf2bda40e537a908502 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
only)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Message-id: <20171120235748.29669-7-pbonzini@redhat.com>
Patchwork-id: 77759
O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
NvmExpressDxe (RH only)
Bugzilla: 1488247
Acked-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
level.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f)
(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
(cherry picked from commit b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6)
---
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
@ -16,50 +58,53 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 133a9a93c0..3ddc0c5edb 100644
index f5c6cceb4f..e8868136d8 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -809,7 +809,10 @@
@@ -804,7 +804,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 338c38db29..aba4a6cc24 100644
index c1e52b0acd..d05275a324 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -823,7 +823,10 @@
@@ -818,7 +818,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index b80710fbdc..99c0ba4465 100644
index e65165b9f0..cac4cecf18 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -819,7 +819,10 @@
@@ -814,7 +814,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
--
2.18.4

99
0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch Normal file
View File

@ -0,0 +1,99 @@
From 56c4bb81b311dfcee6a34c81d3e4feeda7f88995 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sat, 16 Nov 2019 17:11:27 +0100
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
(RH)
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- "OpensslLib.inf":
- Automatic leading context refresh against upstream commit c72ca4666886
("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
loop", 2020-03-10).
- Manual trailing context refresh against upstream commit b49a6c8f80d9
("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
- "OpensslLibCrypto.inf":
- Automatic leading context refresh against upstream commits
8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
process_files.pl to generate .h files", 2019-10-30).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- new patch
The downstream changes in RHEL8's OpenSSL package, for example in
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
preexistent code into those new files. In order to avoid undefined
references in link editing, we have to list the new files.
Note: "process_files.pl" is not re-run at this time manually, because
(a) "process_files.pl" would pollute the file list (and some of the
auto-generated header files) with RHEL8-specific FIPS artifacts, which
are explicitly unwanted in edk2,
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
and will help with future changes too.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index c8ec9454bd..24e790b538 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -570,6 +570,17 @@
$(OPENSSL_PATH)/ssl/statem/statem.h
$(OPENSSL_PATH)/ssl/statem/statem_locl.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
buildinf.h
rand_pool_noise.h
ossl_store.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 2f232e3e12..52e70a2d03 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -519,6 +519,17 @@
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
buildinf.h
rand_pool_noise.h
ossl_store.c
--
2.18.4

83
0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch Normal file
View File

@ -0,0 +1,83 @@
From bf88198555ce964377a56176de8e5e9b45e43e25 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sat, 6 Jun 2020 01:16:09 +0200
Subject: OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from
LoadImage()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- new patch
- the patch is being upstreamed; it's not a backport because the rebase
deadline is close
- upstream references:
- https://bugzilla.tianocore.org/show_bug.cgi?id=2785
- http://mid.mail-archive.com/20200605235242.32442-1-lersek@redhat.com
- https://edk2.groups.io/g/devel/message/60825
- https://www.redhat.com/archives/edk2-devel-archive/2020-June/msg00344.html
[downstream note ends, upstream commit message starts]
When an image fails Secure Boot validation, LoadImage() returns
EFI_SECURITY_VIOLATION if the platform policy is
DEFER_EXECUTE_ON_SECURITY_VIOLATION.
If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then
LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain
loaded).
(Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this
difference would be masked, as DxeImageVerificationLib would incorrectly
return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as
well.)
In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon
seeing EFI_ACCESS_DENIED too.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
.../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
index ef753be7ea..931553c0c1 100644
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@@ -320,15 +320,21 @@ QemuLoadKernelImage (
case EFI_SECURITY_VIOLATION:
//
- // We are running with UEFI secure boot enabled, and the image failed to
- // authenticate. For compatibility reasons, we fall back to the legacy
- // loader in this case. Since the image has been loaded, we need to unload
- // it before proceeding
+ // Since the image has been loaded, we need to unload it before proceeding
+ // to the EFI_ACCESS_DENIED case below.
//
gBS->UnloadImage (KernelImageHandle);
//
// Fall through
//
+ case EFI_ACCESS_DENIED:
+ //
+ // We are running with UEFI secure boot enabled, and the image failed to
+ // authenticate. For compatibility reasons, we fall back to the legacy
+ // loader in this case.
+ //
+ // Fall through
+ //
case EFI_UNSUPPORTED:
//
// The image is not natively supported or cross-type supported. Let's try
--
2.18.4

184
0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch Normal file
View File

@ -0,0 +1,184 @@
From 74e5313dfa6719f7990c7e175e035d17c9b3f657 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 5 Jun 2020 23:44:43 +0200
Subject: Revert "OvmfPkg: use generic QEMU image loader for secure boot
enabled builds"
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- new patch (to be dropped later, hopefully)
This reverts commit ced77332cab626f35fbdb36630be27303d289d79.
Upstream commit ced77332cab6 ("OvmfPkg: use generic QEMU image loader for
secure boot enabled builds", 2020-03-05) changes the "Secure Boot threat
model" in a way that is incompatible with at least two use cases.
Namely, OVMF has always considered kernel images direct-booted via fw_cfg
as trusted, bypassing Secure Boot validation. While that approach is
rooted in a technicality (namely, OVMF doesn't load such images with the
LoadImage() UEFI boot service / through the UEFI stub, but with the
Linux/x86 Boot Protocol), that doesn't mean it's wrong. The direct-booted
kernel from fw_cfg comes from the host side, and Secure Boot in the guest
is a barrier between the guest firmware and the guest operating system --
it's not a barrier between host and guest.
Upstream commit ced77332cab6 points out that the above (historical) OVMF
behavior differs from ArmVirtQemu's -- the latter direct-boots kernels
from fw_cfg with the LoadImage() / StartImage() boot services. While that
difference indeed exists between OVMF and ArmVirtQemu, it's not relevant
for RHEL downstream. That's because we never build the ArmVirtQemu
firmware with the Secure Boot feature, so LoadImage() can never reject the
direct-booted kernel due to a signing issue.
Subjecting a kernel direct-booted via fw_cfg to Secure Boot verification
breaks at least two use cases with OVMF:
- It breaks the %check stage in the SPEC file.
In that stage, we use the "ovmf-vars-generator" utility from the
"qemu-ovmf-secureboot" project, for verifying whether the Secure Boot
operational mode is enabled. The guest kernel is supposed to boot, and
to print "Secure boot enabled".
As guest kernel, we pick whatever host kernel is available in the Brew
build root. The kernel in question may be a publicly released RHEL
kernel, signed with "Red Hat Secure Boot (signing key 1)", or a
development build, signed for example with "Red Hat Secure Boot Signing
3 (beta)". Either way, none of these keys are accepted by the
certificates that were enrolled by "ovmf-vars-generator" /
"EnrollDefaultKeys.efi" in the %build stage. Therefore, the %check stage
fails.
- It breaks "virt-install --location NETWORK-URL" Linux guest
installations, if the variable store template used for the new domain
has the Secure Boot operational mode enabled. "virt-install --location"
fetches the kernel from the remote OS tree, and passes it to the guest
firmware via fw_cfg. Therefore the above symptom appears (even for
publicly released OSes).
Importantly, if the user downloads the installer ISO of the publicly
released Fedora / RHEL OS, and exposes the ISO to the guest for example
as a virtio-scsi CD-ROM, then the installation with "virt-install"
(without "--location") does succeed. That's because that way, "shim" is
booted first, from the UEFI-bootable CD-ROM. "Shim" does pass Secure
Boot verification against the Microsoft certificates, and then it is
"shim" that accepts the "Red Hat Secure Boot (signing key 1)" signature
on the guest kernel.
Some ways to approach this problem (without reverting upstream commit
ced77332cab6):
- Equip "ovmf-vars-generator" / "EnrollDefaultKeys.efi" to enroll the
public half of "Red Hat Secure Boot (signing key 1)" in the %build
stage. Use a publicly released RHEL kernel in the %check stage.
Downsides:
- The Brew build root does not offer any particular released RHEL
kernel, so either the %check stage would have to download it, or the
SRPM would have to bundle it. However, Brew build environments do not
have unfettered network access (rightly so), so the download wouldn't
work. Furthermore, for bundling with the SRPM, such a kernel image
could be considered too large.
- Does not solve the "virt-install --location" issue for other vendors'
signed kernels.
- Invoke "ovmf-vars-generator" / "EnrollDefaultKeys.efi" multiple times
during %build, to create multiple varstore templates. One that would
accept publicly released RHEL kernels, and another to accept development
kernels. Don't try to use a particular guest kernel for verification;
instead, check what kernel Brew offers in the build environment, and use
the varstore template matching *that* kernel.
Downsides:
- It may be considered useless to perform %check with a varstore
template that is *not* the one that we ship.
- Does not solve the "virt-install --location" issue for other vendors'
signed kernels.
- Sign the RHEL kernels such that the currently enrolled certificates
accept them.
Downsides:
- Not feasible at all; it would require Microsoft to sign our kernels.
"Shim" exists exactly to eliminate such signing requirements.
- Modify "virt-install --location NETWORK-URL" such that it download a
complete (UEFI-bootable) installer ISO image, rather than broken-out
vmlinuz / initrd files. In other words, replace direct (fw_cfg) kernel
boot with a CD-ROM / "shim" boot, internally to "virt-install".
Downsides:
- Defeats the goal of "virt-install --location NETWORK-URL", and defeats
the network installation method of (for example) Anaconda.
For now, revert upstream commit ced77332cab6, in order to return to the
model we had used in RHEL-8.2 and before. The following ticket has been
filed to investigate the problem separately:
<https://bugzilla.redhat.com/show_bug.cgi?id=1844653>.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 4 ----
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
OvmfPkg/OvmfPkgX64.dsc | 4 ----
3 files changed, 12 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index e8868136d8..5b1e757cb9 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -379,11 +379,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
-!else
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!endif
!if $(TPM_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d05275a324..5dffc32105 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -383,11 +383,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
-!else
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!endif
!if $(TPM_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index cac4cecf18..a2a76fdeea 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -383,11 +383,7 @@
PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf
MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf
QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf
-!if $(SECURE_BOOT_ENABLE) == TRUE
- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf
-!else
QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf
-!endif
!if $(TPM_ENABLE) == TRUE
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf
--
2.18.4

85
0038-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch Normal file
View File

@ -0,0 +1,85 @@
From 9adcdf493ebbd11efb74e2905ab5f6c8996e096d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:31:36 +0200
Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in
silent aa64 build (RH)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20200615080105.11859-2-lersek@redhat.com>
Patchwork-id: 97532
O-Subject: [RHEL-8.3.0 edk2 PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in silent aa64 build (RH)
Bugzilla: 1844682
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
If the "-kernel" QEMU option is not used, then QemuKernelLoaderFsDxe
should return EFI_NOT_FOUND, so that the DXE Core can unload it. However,
the associated error message, logged by the DXE Core to the serial
console, is not desired in the silent edk2-aarch64 build, given that the
absence of "-kernel" is nothing out of the ordinary. Therefore, return
success and stay resident. The wasted guest RAM still gets freed after
ExitBootServices().
(Inspired by RHEL-8.1.0 commit aaaedc1e2cfd.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
.../QemuKernelLoaderFsDxe.c | 17 +++++++++++++++++
.../QemuKernelLoaderFsDxe.inf | 1 +
2 files changed, 18 insertions(+)
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index b09ff6a359..ec0244d61b 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -18,6 +18,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/QemuFwCfgLib.h>
@@ -1039,6 +1040,22 @@ QemuKernelLoaderFsDxeEntrypoint (
if (KernelBlob->Data == NULL) {
Status = EFI_NOT_FOUND;
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1844682
+ //
+ // If the "-kernel" QEMU option is not being used, this platform DXE driver
+ // should return EFI_NOT_FOUND, so that the DXE Core can unload it.
+ // However, the associated error message, logged by the DXE Core to the
+ // serial console, is not desired in the silent edk2-aarch64 build, given
+ // that the absence of "-kernel" is nothing out of the ordinary. Therefore,
+ // return success and stay resident. The wasted guest RAM still gets freed
+ // after ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ Status = EFI_SUCCESS;
+ }
+#endif
goto FreeBlobs;
}
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
index 7b35adb8e0..e0331c6e2c 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
@@ -28,6 +28,7 @@
BaseLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
MemoryAllocationLib
QemuFwCfgLib
--
2.18.4

49
0039-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch Normal file
View File

@ -0,0 +1,49 @@
From 135d3d4b4ff12927f7b0c44e067fd42ceae83bb7 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:37:50 +0200
Subject: OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO level
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20200615080105.11859-3-lersek@redhat.com>
Patchwork-id: 97533
O-Subject: [RHEL-8.3.0 edk2 PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO level
Bugzilla: 1844682
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
gBS->LoadImage() returning EFI_NOT_FOUND is an expected condition; it
means that QEMU wasn't started with "-kernel". Log this status code as
INFO rather than ERROR.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200609105414.12474-1-lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
(cherry picked from commit 14c7ed8b51f60097ad771277da69f74b22a7a759)
---
.../Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
index 14c8417d43..114db7e844 100644
--- a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
+++ b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c
@@ -106,7 +106,8 @@ QemuLoadKernelImage (
goto UnloadImage;
default:
- DEBUG ((DEBUG_ERROR, "%a: LoadImage(): %r\n", __FUNCTION__, Status));
+ DEBUG ((Status == EFI_NOT_FOUND ? DEBUG_INFO : DEBUG_ERROR,
+ "%a: LoadImage(): %r\n", __FUNCTION__, Status));
return Status;
}
--
2.18.4

84
0040-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch Normal file
View File

@ -0,0 +1,84 @@
From cbce29f7749477e271f9764fed82de94724af5df Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:40:09 +0200
Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build
(RH)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20200615080105.11859-4-lersek@redhat.com>
Patchwork-id: 97534
O-Subject: [RHEL-8.3.0 edk2 PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build (RH)
Bugzilla: 1844682
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
If swtpm / vTPM2 is not being used, Tcg2Dxe should return EFI_UNSUPPORTED,
so that the DXE Core can unload it. However, the associated error message,
logged by the DXE Core to the serial console, is not desired in the silent
edk2-aarch64 build, given that the absence of swtpm / vTPM2 is nothing out
of the ordinary. Therefore, return success and stay resident. The wasted
guest RAM still gets freed after ExitBootServices().
(Inspired by RHEL-8.1.0 commit aaaedc1e2cfd.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 +++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 18 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 9a5f987e68..da2153cb25 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -2642,6 +2643,22 @@ DriverEntry (
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1844682
+ //
+ // If swtpm / vTPM2 is not being used, this driver should return
+ // EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the
+ // associated error message, logged by the DXE Core to the serial console,
+ // is not desired in the silent edk2-aarch64 build, given that the absence
+ // of swtpm / vTPM2 is nothing out of the ordinary. Therefore, return
+ // success and stay resident. The wasted guest RAM still gets freed after
+ // ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ return EFI_SUCCESS;
+ }
+#endif
return EFI_UNSUPPORTED;
}
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 576cf80d06..851471afb7 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -55,6 +55,7 @@
UefiRuntimeServicesTableLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
Tpm2CommandLib
PrintLib
UefiLib
--
2.18.4

105
0042-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch Normal file
View File

@ -0,0 +1,105 @@
From 70c9d989107c6ac964bb437c5a4ea6ffe3214e45 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Mon, 10 Aug 2020 07:52:28 +0200
Subject: UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before
re-fetch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20200731141037.1941-2-lersek@redhat.com>
Patchwork-id: 98121
O-Subject: [RHEL-8.3.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before re-fetch
Bugzilla: 1861718
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
Most busy waits (spinlocks) in "UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c"
already call CpuPause() in their loop bodies; see SmmWaitForApArrival(),
APHandler(), and SmiRendezvous(). However, the "main wait" within
APHandler():
> //
> // Wait for something to happen
> //
> WaitForSemaphore (mSmmMpSyncData->CpuData[CpuIndex].Run);
doesn't do so, as WaitForSemaphore() keeps trying to acquire the semaphore
without pausing.
The performance impact is especially notable in QEMU/KVM + OVMF
virtualization with CPU overcommit (that is, when the guest has
significantly more VCPUs than the host has physical CPUs). The guest BSP
is working heavily in:
BSPHandler() [MpService.c]
PerformRemainingTasks() [PiSmmCpuDxeSmm.c]
SetUefiMemMapAttributes() [SmmCpuMemoryManagement.c]
while the many guest APs are spinning in the "Wait for something to
happen" semaphore acquisition, in APHandler(). The guest APs are
generating useless memory traffic and saturating host CPUs, hindering the
guest BSP's progress in SetUefiMemMapAttributes().
Rework the loop in WaitForSemaphore(): call CpuPause() in every iteration
after the first check fails. Due to Pause Loop Exiting (known as Pause
Filter on AMD), the host scheduler can favor the guest BSP over the guest
APs.
Running a 16 GB RAM + 512 VCPU guest on a 448 PCPU host, this patch
reduces OVMF boot time (counted until reaching grub) from 20-30 minutes to
less than 4 minutes.
The patch should benefit physical machines as well -- according to the
Intel SDM, PAUSE "Improves the performance of spin-wait loops". Adding
PAUSE to the generic WaitForSemaphore() function is considered a general
improvement.
Cc: Eric Dong <eric.dong@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1861718
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200729185217.10084-1-lersek@redhat.com>
Reviewed-by: Eric Dong <eric.dong@intel.com>
(cherry picked from commit 9001b750df64b25b14ec45a2efa1361a7b96c00a)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
index 57e788c01b..4bcd217917 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
@@ -40,14 +40,18 @@ WaitForSemaphore (
{
UINT32 Value;
- do {
+ for (;;) {
Value = *Sem;
- } while (Value == 0 ||
- InterlockedCompareExchange32 (
- (UINT32*)Sem,
- Value,
- Value - 1
- ) != Value);
+ if (Value != 0 &&
+ InterlockedCompareExchange32 (
+ (UINT32*)Sem,
+ Value,
+ Value - 1
+ ) == Value) {
+ break;
+ }
+ CpuPause ();
+ }
return Value - 1;
}
--
2.18.4

139
0045-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch Normal file
View File

@ -0,0 +1,139 @@
From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 14 Jul 2020 20:43:05 +0200
Subject: OvmfPkg/SmmControl2Dxe: negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek (lersek)
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2)
RH-Bugzilla: 1849177
The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags
cause QEMU to behave as follows:
BROADCAST CPU_HOTPLUG use case / behavior
--------- ----------- ------------------------------------------------
clear clear OVMF built without SMM_REQUIRE; or very old OVMF
(from before commit a316d7ac91d3 / 2017-02-07).
QEMU permits CPU hotplug operations, and does
not cause the OS to inject an SMI upon hotplug.
Firmware is not expected to be aware of hotplug
events.
clear set Invalid feature set; QEMU rejects the feature
negotiation.
set clear OVMF after a316d7ac91d3 / 2017-02-07, built with
SMM_REQUIRE, but no support for CPU hotplug.
QEMU gracefully refuses hotplug operations.
set set OVMF after a316d7ac91d3 / 2017-02-07, built with
SMM_REQUIRE, and supporting CPU hotplug. QEMU
permits CPU hotplug operations, and causes the
OS to inject an SMI upon hotplug. Firmware is
expected to deal with hotplug events.
Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as
OvmfPkg/CpuHotplugSmm can't deal with SEV yet.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200714184305.9814-1-lersek@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++--
OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 +
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
index 6210b7515e..c9d8755432 100644
--- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
@@ -9,6 +9,7 @@
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
+#include <Library/MemEncryptSevLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/PcdLib.h>
#include <Library/QemuFwCfgLib.h>
@@ -21,6 +22,12 @@
// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
//
#define ICH9_LPC_SMI_F_BROADCAST BIT0
+//
+// The following bit value stands for "enable CPU hotplug, and inject an SMI
+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the
+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
+//
+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1
//
// Provides a scratch buffer (allocated in EfiReservedMemoryType type memory)
@@ -67,6 +74,7 @@ NegotiateSmiFeatures (
UINTN SupportedFeaturesSize;
UINTN RequestedFeaturesSize;
UINTN FeaturesOkSize;
+ UINT64 RequestedFeaturesMask;
//
// Look up the fw_cfg files used for feature negotiation. The selector keys
@@ -104,9 +112,16 @@ NegotiateSmiFeatures (
QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures);
//
- // We want broadcast SMI and nothing else.
+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else.
//
- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST;
+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST;
+ if (!MemEncryptSevIsEnabled ()) {
+ //
+ // For now, we only support hotplug with SEV disabled.
+ //
+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG;
+ }
+ mSmiFeatures &= RequestedFeaturesMask;
QemuFwCfgSelectItem (mRequestedFeaturesItem);
QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures);
@@ -144,6 +159,13 @@ NegotiateSmiFeatures (
DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__));
}
+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) {
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__));
+ } else {
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n",
+ __FUNCTION__));
+ }
+
//
// Negotiation successful (although we may not have gotten the optimal
// feature set).
diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
index 3abed141e6..b8fdea8deb 100644
--- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
@@ -46,6 +46,7 @@
BaseLib
DebugLib
IoLib
+ MemEncryptSevLib
MemoryAllocationLib
PcdLib
PciLib
--
2.18.4

90
0046-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch Normal file
View File

@ -0,0 +1,90 @@
From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 27 Aug 2020 00:21:28 +0200
Subject: OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before SMI broadcast
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek (lersek)
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2)
RH-Bugzilla: 1849177
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
succession -- it means a series of "device_add" QEMU monitor commands,
back-to-back.
If a "device_add" occurs *just before* ACPI raises the broadcast SMI,
then:
- OVMF processes the hot-added CPU well.
- However, QEMU's post-SMI ACPI loop -- which clears the pending events
for the hot-added CPUs that were collected before raising the SMI -- is
unaware of the stray CPU. Thus, the pending event is not cleared for it.
As a result of the stuck event, at the next hot-plug, OVMF tries to re-add
(relocate for the 2nd time) the already-known CPU. At that time, the AP is
already in the normal edk2 SMM busy-wait however, so it doesn't respond to
the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM
gets stuck in SMM.
(Because of the above symptom, this is not considered a security patch; it
doesn't seem exploitable by a malicious guest OS.)
In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already
known. The post-SMI ACPI loop will clear the pending event for it this
time.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200826222129.25798-2-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index 20e6bec04f..cfe698ed2b 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -193,9 +193,28 @@ CpuHotplugMmi (
NewSlot = 0;
while (PluggedIdx < PluggedCount) {
APIC_ID NewApicId;
+ UINT32 CheckSlot;
UINTN NewProcessorNumberByProtocol;
NewApicId = mPluggedApicIds[PluggedIdx];
+
+ //
+ // Check if the supposedly hot-added CPU is already known to us.
+ //
+ for (CheckSlot = 0;
+ CheckSlot < mCpuHotPlugData->ArrayLength;
+ CheckSlot++) {
+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) {
+ break;
+ }
+ }
+ if (CheckSlot < mCpuHotPlugData->ArrayLength) {
+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged "
+ "before; ignoring it\n", __FUNCTION__, NewApicId));
+ PluggedIdx++;
+ continue;
+ }
+
//
// Find the first empty slot in CPU_HOT_PLUG_DATA.
//
--
2.18.4

119
0047-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch Normal file
View File

@ -0,0 +1,119 @@
From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 27 Aug 2020 00:21:29 +0200
Subject: OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after SMI broadcast
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek (lersek)
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2)
RH-Bugzilla: 1849177
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
succession -- it means a series of "device_add" QEMU monitor commands,
back-to-back.
If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then:
- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the
SMI pending for the new CPU -- at that time, the new CPU doesn't even
exist yet,
- OVMF will find the new CPU however (in the CPU hotplug register block),
in QemuCpuhpCollectApicIds().
As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in
SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI),
the new CPU instead boots straight into the post-RSM (normal mode) "pen",
skipping its initial SMI handler.
The CPU halts nicely in the pen, but its SMBASE is never relocated, and
the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck
in the following loop:
//
// Wait until the hot-added CPU is just about to execute RSM.
//
while (Context->AboutToLeaveSmm == 0) {
CpuPause ();
}
because the new CPU's initial SMI handler never sets the flag to nonzero.
Fix this by sending a directed SMI to the new CPU just before sending it
the INIT-SIPI-SIPI. The various scenarios are documented in the code --
the cases affected by the patch are documented under point (2).
Note that this is not considered a security patch, as for a malicious
guest OS, the issue is not exploitable -- the symptom is a hang on the
BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes
behavior for a benign guest OS.
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200826222129.25798-3-lersek@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------
1 file changed, 29 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
index 170571221d..d8f45c4313 100644
--- a/OvmfPkg/CpuHotplugSmm/Smbase.c
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
@@ -220,14 +220,37 @@ SmbaseRelocate (
//
// Boot the hot-added CPU.
//
- // If the OS is benign, and so the hot-added CPU is still in RESET state,
- // then the broadcast SMI is still pending for it; it will now launch
- // directly into SMM.
+ // There are 2*2 cases to consider:
//
- // If the OS is malicious, the hot-added CPU has been booted already, and so
- // it is already spinning on the APIC ID gate. In that case, the
- // INIT-SIPI-SIPI below will be ignored.
+ // (1) The CPU was hot-added before the SMI was broadcast.
//
+ // (1.1) The OS is benign.
+ //
+ // The hot-added CPU is in RESET state, with the broadcast SMI pending
+ // for it. The directed SMI below will be ignored (it's idempotent),
+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM.
+ //
+ // (1.2) The OS is malicious.
+ //
+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added
+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and
+ // the INIT-SIPI-SIPI below will be ignored.
+ //
+ // (2) The CPU was hot-added after the SMI was broadcast.
+ //
+ // (2.1) The OS is benign.
+ //
+ // The hot-added CPU is in RESET state, with no SMI pending for it. The
+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI
+ // will launch the CPU into SMM.
+ //
+ // (2.2) The OS is malicious.
+ //
+ // The hot-added CPU is executing OS code. The directed SMI will pull
+ // the hot-added CPU into SMM, where it will start spinning on the APIC
+ // ID gate. The INIT-SIPI-SIPI will be ignored.
+ //
+ SendSmiIpi (ApicId);
SendInitSipiSipi (ApicId, PenAddress);
//
--
2.18.4

386
0048-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch Normal file
View File

@ -0,0 +1,386 @@
From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001
From: Guomin Jiang <guomin.jiang@intel.com>
Date: Fri, 10 Jul 2020 09:47:31 +0800
Subject: CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
RH-Author: Laszlo Ersek (lersek)
RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g
RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2)
RH-Bugzilla: 1893806
--v-- RHEL8 notes --v--
- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream
edk2's OpenSSL submodule reference, has been stripped from this
backport. (Refer to downstream commit c5d729df70f8 ("remove upstream
edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The
corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent
patch in this series.
This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept
separate for easing the next rebase, even at the cost of introducing a
brief interval in the git history where the downstream exploded tree
does not build.
- Contextual difference in "OpensslLib.inf" due to downstream commit
56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
in the INFs (RH)", 2020-06-05); automatically resolved by
git-cherry-pick.
--^-- RHEL8 notes --^--
Upgrade openssl to 1.1.1g. the directory have been reorganized,
openssl moved crypto/include/internal to include/crypto folder.
So we change directory to match the re-organization.
The dso_conf.h and opensslconf.h will generated in UNIX format,
change process_files.pl to covent the EOL automatically.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
CryptoPkg/CryptoPkg.dec | 1 -
.../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +-
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +-
.../Include/{internal => crypto}/dso_conf.h | 32 +++++-----
.../Library/Include/openssl/opensslconf.h | 3 -
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++----------
.../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++--------
CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +-
9 files changed, 90 insertions(+), 87 deletions(-)
rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
index 4d1a1368a8..5888941bab 100644
--- a/CryptoPkg/CryptoPkg.dec
+++ b/CryptoPkg/CryptoPkg.dec
@@ -23,7 +23,6 @@
Private
Library/Include
Library/OpensslLib/openssl/include
- Library/OpensslLib/openssl/crypto/include
[LibraryClasses]
## @libraryclass Provides basic library functions for cryptographic primitives.
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
index eacf4826c4..235331c2a0 100644
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include "InternalCryptLib.h"
-#include "internal/sm3.h"
+#include "crypto/sm3.h"
/**
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
index 229c244b26..c9fdb65b99 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
@@ -15,13 +15,13 @@
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/bio.h>
-#include <internal/x509_int.h>
+#include <crypto/x509.h>
#include <openssl/pkcs7.h>
#include <openssl/bn.h>
#include <openssl/x509_vfy.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
-#include <internal/asn1_int.h>
+#include <crypto/asn1.h>
/**
This function will return the leaf signer certificate in a chain. This is
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
similarity index 76%
rename from CryptoPkg/Library/Include/internal/dso_conf.h
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
index 43c891588b..95f4db2b15 100644
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
@@ -1,16 +1,16 @@
-/* WARNING: do not edit! */
-/* Generated from crypto/include/internal/dso_conf.h.in */
-/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#ifndef HEADER_DSO_CONF_H
-# define HEADER_DSO_CONF_H
-# define DSO_NONE
-# define DSO_EXTENSION ".so"
-#endif
+/* WARNING: do not edit! */
+/* Generated from include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
index 62c2736cb0..3a2544ea5c 100644
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
@@ -247,9 +247,6 @@ extern "C" {
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
# define OPENSSL_NO_DYNAMIC_ENGINE
#endif
-#ifndef OPENSSL_NO_AFALGENG
-# define OPENSSL_NO_AFALGENG
-#endif
/*
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 24e790b538..4c21b11d0a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -477,45 +477,45 @@
$(OPENSSL_PATH)/crypto/s390x_arch.h
$(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
$(OPENSSL_PATH)/crypto/asn1/charmap.h
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/async/async_locl.h
+ $(OPENSSL_PATH)/crypto/async/async_local.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
- $(OPENSSL_PATH)/crypto/store/store_locl.h
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+ $(OPENSSL_PATH)/crypto/store/store_local.h
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
$(OPENSSL_PATH)/ssl/bio_ssl.c
@@ -562,13 +562,13 @@
$(OPENSSL_PATH)/ssl/t1_trce.c
$(OPENSSL_PATH)/ssl/tls13_enc.c
$(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/packet_locl.h
+ $(OPENSSL_PATH)/ssl/packet_local.h
$(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/ssl_locl.h
+ $(OPENSSL_PATH)/ssl/ssl_local.h
$(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/record/record_locl.h
+ $(OPENSSL_PATH)/ssl/record/record_local.h
$(OPENSSL_PATH)/ssl/statem/statem.h
- $(OPENSSL_PATH)/ssl/statem/statem_locl.h
+ $(OPENSSL_PATH)/ssl/statem/statem_local.h
# Autogenerated files list ends here
# RHEL8-specific OpenSSL file list starts here
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 52e70a2d03..0c3b210d6a 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -477,45 +477,45 @@
$(OPENSSL_PATH)/crypto/s390x_arch.h
$(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/vms_rms.h
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
$(OPENSSL_PATH)/crypto/asn1/charmap.h
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/async/async_locl.h
+ $(OPENSSL_PATH)/crypto/async/async_local.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
$(OPENSSL_PATH)/crypto/conf/conf_def.h
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
- $(OPENSSL_PATH)/crypto/store/store_locl.h
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
+ $(OPENSSL_PATH)/crypto/store/store_local.h
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
# Autogenerated files list ends here
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 65d07a2aed..57ce195394 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -111,8 +111,8 @@ BEGIN {
# Generate dso_conf.h per config data
system(
"perl -I. -Mconfigdata util/dofile.pl " .
- "crypto/include/internal/dso_conf.h.in " .
- "> include/internal/dso_conf.h"
+ "include/crypto/dso_conf.h.in " .
+ "> include/crypto/dso_conf.h"
) == 0 ||
die "Failed to generate dso_conf.h!\n";
@@ -263,14 +263,21 @@ print "Done!";
# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
#
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
- $OPENSSL_PATH . "/../../Include/openssl/") ||
- die "Cannot copy opensslconf.h!";
+system(
+ "perl -pe 's/\\n/\\r\\n/' " .
+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
+ ) == 0 ||
+ die "Cannot copy opensslconf.h!";
print "Done!";
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
- $OPENSSL_PATH . "/../../Include/internal/") ||
- die "Cannot copy dso_conf.h!";
+
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
+system(
+ "perl -pe 's/\\n/\\r\\n/' " .
+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
+ ) == 0 ||
+ die "Cannot copy dso_conf.h!";
print "Done!\n";
print "\nProcessing Files Done!\n";
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
index 9f3983f7c3..9e0179b034 100644
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
#include <openssl/aes.h>
#include <Uefi.h>
--
2.18.4

53
0052-BaseTools-fix-ucs-2-lookup-on-python-3.9.patch Normal file
View File

@ -0,0 +1,53 @@
From 87c2f21837e15c51ddb1cf3aac218a24c997362d Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Wed, 12 Aug 2020 01:28:17 +0800
Subject: BaseTools: fix ucs-2 lookup on python 3.9
python3.9 changed/fixed codec.register behavior to always replace
hyphen with underscore for passed in codec names:
https://bugs.python.org/issue37751
So the custom Ucs2Search needs to be adapted to handle 'ucs_2' in
addition to existing 'ucs-2' for back compat.
This fixes test failures on python3.9, example:
======================================================================
FAIL: testUtf16InUniFile (CheckUnicodeSourceFiles.Tests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 375, in PreProcess
FileIn = UniFileClassObject.OpenUniFile(LongFilePath(File.Path))
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 303, in OpenUniFile
UniFileClassObject.VerifyUcs2Data(FileIn, FileName, Encoding)
File "/builddir/build/BUILD/edk2-edk2-stable202002/BaseTools/Source/Python/AutoGen/UniClassObject.py", line 312, in VerifyUcs2Data
Ucs2Info = codecs.lookup('ucs-2')
LookupError: unknown encoding: ucs-2
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
(cherry picked from commit 5d8648345cd9ad729837118c731063c59edea192)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
BaseTools/Source/Python/AutoGen/UniClassObject.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/Python/AutoGen/UniClassObject.py b/BaseTools/Source/Python/AutoGen/UniClassObject.py
index b2895f7e5c..883c2356e0 100644
--- a/BaseTools/Source/Python/AutoGen/UniClassObject.py
+++ b/BaseTools/Source/Python/AutoGen/UniClassObject.py
@@ -152,7 +152,7 @@ class Ucs2Codec(codecs.Codec):
TheUcs2Codec = Ucs2Codec()
def Ucs2Search(name):
- if name == 'ucs-2':
+ if name in ['ucs-2', 'ucs_2']:
return codecs.CodecInfo(
name=name,
encode=TheUcs2Codec.encode,
--
2.18.4

51
0053-BaseTools-Work-around-array.array.tostring-removal-i.patch Normal file
View File

@ -0,0 +1,51 @@
From 866640ccf29f6572bed1c201cdbf73774cb8649b Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Wed, 12 Aug 2020 01:28:18 +0800
Subject: BaseTools: Work around array.array.tostring() removal in python 3.9
In python3, array.array.tostring() was a compat alias for tobytes().
tostring() was removed in python 3.9.
Convert this to use tolist() which should be valid for all python
versions.
This fixes this build error on python3.9:
(Python 3.9.0b5 on linux) Traceback (most recent call last):
File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 593, in Main
GenerateVfrBinSec(CommandOptions.ModuleName, CommandOptions.DebugDir, CommandOptions.OutputFile)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/BinWrappers/PosixLike/../../Source/Python/Trim/Trim.py", line 449, in GenerateVfrBinSec
VfrUniOffsetList = GetVariableOffset(MapFileName, EfiFileName, VfrNameList)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 88, in GetVariableOffset
return _parseForGCC(lines, efifilepath, varnames)
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 151, in _parseForGCC
efisecs = PeImageClass(efifilepath).SectionHeaderList
File "/root/edk2/edk2-edk2-stable202002/BaseTools/Source/Python/Common/Misc.py", line 1638, in __init__
if ByteArray.tostring() != b'PE\0\0':
AttributeError: 'array.array' object has no attribute 'tostring'
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Yuwei Chen <yuwei.chen@intel.com>
Reviewed-by: Bob Feng <bob.c.feng@intel.com>
(cherry picked from commit 43bec9ea3d56f3662ede78023baa2a791b66acac)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
BaseTools/Source/Python/Common/Misc.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/BaseTools/Source/Python/Common/Misc.py b/BaseTools/Source/Python/Common/Misc.py
index ad55671080..4be7957138 100755
--- a/BaseTools/Source/Python/Common/Misc.py
+++ b/BaseTools/Source/Python/Common/Misc.py
@@ -1635,7 +1635,7 @@ class PeImageClass():
ByteArray = array.array('B')
ByteArray.fromfile(PeObject, 4)
# PE signature should be 'PE\0\0'
- if ByteArray.tostring() != b'PE\0\0':
+ if ByteArray.tolist() != [ord('P'), ord('E'), 0, 0]:
self.ErrorInfo = self.FileName + ' has no valid PE signature PE00'
return
--
2.18.4

75
0054-BaseTools-Fix-the-issue-caused-by-tostring-removal-o.patch Normal file
View File

@ -0,0 +1,75 @@
From 28bd5e98630cc22830ed352c248bafdb60794391 Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Tue, 29 Dec 2020 17:03:53 +0800
Subject: BaseTools: Fix the issue caused by tostring() removal on Py39
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3136
Python 3.9 remove the array.array.tostring and
array.array.fromstring() function. This patch
is to use other method to replace tostring() and
fromstring()
Signed-off-by: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Cc: Mingyue Liang <mingyuex.liang@intel.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
(cherry picked from commit 20b292d0cdf7dce58d824fdf9ab1613c2a1ad2ec)
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
.../Python/GenFds/GenFdsGlobalVariable.py | 23 ++++++++++++++++---
1 file changed, 20 insertions(+), 3 deletions(-)
diff --git a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
index dc1727c466..3019ec63c3 100644
--- a/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
+++ b/BaseTools/Source/Python/GenFds/GenFdsGlobalVariable.py
@@ -27,10 +27,11 @@ from Common.TargetTxtClassObject import TargetTxtDict
from Common.ToolDefClassObject import ToolDefDict
from AutoGen.BuildEngine import ToolBuildRule
import Common.DataType as DataType
-from Common.Misc import PathClass
+from Common.Misc import PathClass,CreateDirectory
from Common.LongFilePathSupport import OpenLongFilePath as open
from Common.MultipleWorkspace import MultipleWorkspace as mws
import Common.GlobalData as GlobalData
+from Common.BuildToolError import *
## Global variables
#
@@ -463,12 +464,28 @@ class GenFdsGlobalVariable:
GenFdsGlobalVariable.SecCmdList.append(' '.join(Cmd).strip())
else:
SectionData = array('B', [0, 0, 0, 0])
- SectionData.fromstring(Ui.encode("utf_16_le"))
+ SectionData.fromlist(array('B',Ui.encode('utf-16-le')).tolist())
SectionData.append(0)
SectionData.append(0)
Len = len(SectionData)
GenFdsGlobalVariable.SectionHeader.pack_into(SectionData, 0, Len & 0xff, (Len >> 8) & 0xff, (Len >> 16) & 0xff, 0x15)
- SaveFileOnChange(Output, SectionData.tostring())
+
+
+ DirName = os.path.dirname(Output)
+ if not CreateDirectory(DirName):
+ EdkLogger.error(None, FILE_CREATE_FAILURE, "Could not create directory %s" % DirName)
+ else:
+ if DirName == '':
+ DirName = os.getcwd()
+ if not os.access(DirName, os.W_OK):
+ EdkLogger.error(None, PERMISSION_FAILURE, "Do not have write permission on directory %s" % DirName)
+
+ try:
+ with open(Output, "wb") as Fd:
+ SectionData.tofile(Fd)
+ Fd.flush()
+ except IOError as X:
+ EdkLogger.error(None, FILE_CREATE_FAILURE, ExtraData='IOError %s' % X)
elif Ver:
Cmd += ("-n", Ver)
--
2.18.4

35
40-edk2-ovmf-ia32-sb-enrolled.json
View File

@ -1,35 +0,0 @@
{
"description": "OVMF for i386, with SB+SMM, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"enrolled-keys",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

34
50-edk2-ovmf-ia32-sb.json
View File

@ -1,34 +0,0 @@
{
"description": "OVMF for i386, with SB+SMM, empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

33
60-edk2-ovmf-ia32.json
View File

@ -1,33 +0,0 @@
{
"description": "OVMF for i386, without SB, without SMM, with empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf-ia32/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "i386",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"verbose-dynamic"
],
"tags": [
]
}

34
60-edk2-ovmf-x64.json
View File

@ -1,34 +0,0 @@
{
"description": "OVMF for x86_64, without SB, without SMM, with empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-i440fx-*",
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"verbose-dynamic"
],
"tags": [
]
}

21
LICENSE.qosb Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2017 Patrick Uiterwijk
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

26
build-iso.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
# args
dir="$1"
# cfg
shell="$dir/Shell.efi"
enroll="$dir/EnrollDefaultKeys.efi"
root="$dir/image"
vfat="$dir/shell.img"
iso="$dir/UefiShell.iso"
# create non-partitioned (1.44 MB floppy disk) FAT image
mkdir "$root"
mkdir "$root"/efi
mkdir "$root"/efi/boot
cp "$shell" "$root"/efi/boot/bootx64.efi
cp "$enroll" "$root"
qemu-img convert --image-opts \
driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir="$root/" \
$vfat
# build ISO with FAT image file as El Torito EFI boot image
genisoimage -input-charset ASCII -J -rational-rock \
-efi-boot "${vfat##*/}" -no-emul-boot -o "$iso" -- "$vfat"
rm -rf "$root/" "$vfat"

2
70-edk2-aarch64-verbose.json → edk2-aarch64-verbose.json
View File

@ -1,5 +1,5 @@
{
"description": "UEFI firmware for aarch64, verbose logs",
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
"interface-types": [
"uefi"
],

10
70-edk2-arm-verbose.json → edk2-aarch64.json
View File

@ -1,29 +1,29 @@
{
"description": "UEFI firmware for arm, verbose logs",
"description": "UEFI firmware for ARM64 virtual machines",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"executable": {
"filename": "/usr/share/edk2/arm/QEMU_EFI-pflash.raw",
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/arm/vars-template-pflash.raw",
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
"format": "raw"
}
},
"targets": [
{
"architecture": "arm",
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [

2
40-edk2-ovmf-x64-sb-enrolled.json → edk2-ovmf-sb.json
View File

@ -1,5 +1,5 @@
{
"description": "OVMF for x86_64, with SB+SMM, SB enabled, MS certs enrolled",
"description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],

2
50-edk2-ovmf-x64-sb.json → edk2-ovmf.json
View File

@ -1,5 +1,5 @@
{
"description": "OVMF for x86_64, with SB+SMM, empty varstore",
"description": "OVMF with SB+SMM, empty varstore",
"interface-types": [
"uefi"
],

1814
edk2.spec
View File

File diff suppressed because it is too large Load Diff

40
hobble-openssl
View File

@ -1,40 +0,0 @@
#!/bin/sh
# Quit out if anything fails.
set -e
# Clean out patent-or-otherwise-encumbered code.
# MDC-2: 4,908,861 13/03/2007 - expired, we do not remove it but do not enable it anyway
# IDEA: 5,214,703 07/01/2012 - expired, we do not remove it anymore
# RC5: 5,724,428 01/11/2015 - expired, we do not remove it anymore
# EC: ????????? ??/??/2020
# SRP: ????????? ??/??/2017 - expired, we do not remove it anymore
# Remove assembler portions of IDEA, MDC2, and RC5.
# (find crypto/rc5/asm -type f | xargs -r rm -fv)
for c in `find crypto/bn -name "*gf2m.c"`; do
echo Destroying $c
> $c
done
for c in `find crypto/ec -name "ec2*.c" -o -name "ec_curve.c"`; do
echo Destroying $c
> $c
done
for c in `find test -name "ectest.c"`; do
echo Destroying $c
> $c
done
for h in `find crypto ssl apps test -name "*.h"` ; do
echo Removing EC2M references from $h
cat $h | \
awk 'BEGIN {ech=1;} \
/^#[ \t]*ifndef.*NO_EC2M/ {ech--; next;} \
/^#[ \t]*if/ {if(ech < 1) ech--;} \
{if(ech>0) {;print $0};} \
/^#[ \t]*endif/ {if(ech < 1) ech++;}' > $h.hobbled && \
mv $h.hobbled $h
done

63
openssl-patch-to-tarball.sh
View File

@ -1,63 +0,0 @@
#! /bin/sh
: << \EOF
For importing the hobbled OpenSSL tarball from Fedora, the following
steps are necessary. Note that both the "sources" file format and the
pkgs.fedoraproject.org directory structure have changed, accommodating
SHA512 checksums.
# in a separate directory
fedpkg clone -a openssl
cd openssl
fedpkg switch-branch master
gitk -- sources
# the commit that added the 1.1.0h hobbled tarball is 6eb8f620273
# subject "update to upstream version 1.1.0h"
git checkout 6eb8f620273
# fetch the hobbled tarball and verify the checksum
(
set -e
while read HASH_TYPE FN EQ HASH; do
# remove leading and trailing parens
FN="${FN#(*}"
FN="${FN%*)}"
wget \
http://pkgs.fedoraproject.org/repo/pkgs/openssl/$FN/sha512/$HASH/$FN
done <sources
sha512sum -c sources
)
# unpack the hobbled tarball into edk2, according to
# "OpenSSL-HOWTO.txt"; WORKSPACE stands for the root of the edk2 project
# tree
tar -x --xz -f openssl-1.1.0h-hobbled.tar.xz
mv -- openssl-1.1.0h "$WORKSPACE"/CryptoPkg/Library/OpensslLib/openssl
# update the INF files as described in "OpenSSL-HOWTO.txt", then save
# the results as a single commit
(cd "$WORKSPACE"/CryptoPkg/Library/OpensslLib && perl process_files.pl)
git rm --cached CryptoPkg/Library/OpensslLib/openssl
git commit -m'remove openssl submodule'
git add -A CryptoPkg/Library/OpensslLib/openssl
git commit -m'add openssl 1.1.0h'
git format-patch -1
Then run the patch through this script which will build a new tar file.
EOF
set -e
edk2_githash=$(awk '/^%global edk2_githash/ {print $3}' edk2.spec)
openssl_version=$(awk '/^%global openssl_version/ {print $3}' edk2.spec)
mkdir -p tianocore-openssl-${openssl_version}
(exec 3> openssl-${openssl_version}-hobbled.tar.xz
cd tianocore-openssl-${openssl_version}
git init .
git config core.whitespace cr-at-eol
git config am.keepcr true
git am
git archive --format=tar --prefix=tianocore-edk2-${edk2_githash}/ \
HEAD CryptoPkg/Library/OpensslLib/ | \
xz -9ev >&3) < $1
rm -rf tianocore-openssl-${openssl_version}

295
ovmf-vars-generator Executable file
View File

@ -0,0 +1,295 @@
#!/bin/python3
# Copyright (C) 2017 Red Hat
# Authors:
# - Patrick Uiterwijk <puiterwijk@redhat.com>
# - Kashyap Chamarthy <kchamart@redhat.com>
#
# Licensed under MIT License, for full text see LICENSE
#
# Purpose: Launch a QEMU guest and enroll ithe UEFI keys into an OVMF
# variables ("VARS") file. Then boot a Linux kernel with QEMU.
# Finally, perform a check to verify if Secure Boot
# is enabled.
from __future__ import print_function
import argparse
import os
import logging
import tempfile
import shutil
import string
import subprocess
def strip_special(line):
return ''.join([c for c in str(line) if c in string.printable])
def generate_qemu_cmd(args, readonly, *extra_args):
if args.disable_smm:
machinetype = 'pc'
else:
machinetype = 'q35,smm=on'
machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg')
if args.oem_string is None:
oemstrings = []
else:
oemstring_values = [
",value=" + s.replace(",", ",,") for s in args.oem_string ]
oemstrings = [
'-smbios',
"type=11" + ''.join(oemstring_values) ]
return [
args.qemu_binary,
'-machine', machinetype,
'-display', 'none',
'-no-user-config',
'-nodefaults',
'-m', '768',
'-smp', '2,sockets=2,cores=1,threads=1',
'-chardev', 'pty,id=charserial1',
'-device', 'isa-serial,chardev=charserial1,id=serial1',
'-global', 'driver=cfi.pflash01,property=secure,value=%s' % (
'off' if args.disable_smm else 'on'),
'-drive',
'file=%s,if=pflash,format=raw,unit=0,readonly=on' % (
args.ovmf_binary),
'-drive',
'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % (
args.out_temp, 'on' if readonly else 'off'),
'-serial', 'stdio'] + oemstrings + list(extra_args)
def download(url, target, suffix, no_download):
istemp = False
if target and os.path.exists(target):
return target, istemp
if not target:
temped = tempfile.mkstemp(prefix='qosb.', suffix='.%s' % suffix)
os.close(temped[0])
target = temped[1]
istemp = True
if no_download:
raise Exception('%s did not exist, but downloading was disabled' %
target)
import requests
logging.debug('Downloading %s to %s', url, target)
r = requests.get(url, stream=True)
with open(target, 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
if chunk:
f.write(chunk)
return target, istemp
def enroll_keys(args):
shutil.copy(args.ovmf_template_vars, args.out_temp)
logging.info('Starting enrollment')
cmd = generate_qemu_cmd(
args,
False,
'-drive',
'file=%s,format=raw,if=none,media=cdrom,id=drive-cd1,'
'readonly=on' % args.uefi_shell_iso,
'-device',
'ide-cd,drive=drive-cd1,id=cd1,'
'bootindex=1')
p = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
logging.info('Performing enrollment')
# Wait until the UEFI shell starts (first line is printed)
read = p.stdout.readline()
if b'char device redirected' in read:
read = p.stdout.readline()
# Skip passed QEMU warnings, like the following one we see in Ubuntu:
# qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
while b'qemu-system-x86_64: warning:' in read:
read = p.stdout.readline()
if args.print_output:
print(strip_special(read), end='')
print()
# Send the escape char to enter the UEFI shell early
p.stdin.write(b'\x1b')
p.stdin.flush()
# And then run the following three commands from the UEFI shell:
# change into the first file system device; install the default
# keys and certificates, and reboot
p.stdin.write(b'fs0:\r\n')
p.stdin.write(b'EnrollDefaultKeys.efi\r\n')
p.stdin.write(b'reset -s\r\n')
p.stdin.flush()
while True:
read = p.stdout.readline()
if args.print_output:
print('OUT: %s' % strip_special(read), end='')
print()
if b'info: success' in read:
break
p.wait()
if args.print_output:
print(strip_special(p.stdout.read()), end='')
logging.info('Finished enrollment')
def test_keys(args):
logging.info('Grabbing test kernel')
kernel, kerneltemp = download(args.kernel_url, args.kernel_path,
'kernel', args.no_download)
logging.info('Starting verification')
try:
cmd = generate_qemu_cmd(
args,
True,
'-append', 'console=tty0 console=ttyS0,115200n8',
'-kernel', kernel)
p = subprocess.Popen(cmd,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
logging.info('Performing verification')
while True:
read = p.stdout.readline()
if args.print_output:
print('OUT: %s' % strip_special(read), end='')
print()
if b'Secure boot disabled' in read:
raise Exception('Secure Boot was disabled')
elif b'Secure boot enabled' in read:
logging.info('Confirmed: Secure Boot is enabled')
break
elif b'Kernel is locked down from EFI secure boot' in read:
logging.info('Confirmed: Secure Boot is enabled')
break
p.kill()
if args.print_output:
print(strip_special(p.stdout.read()), end='')
logging.info('Finished verification')
finally:
if kerneltemp:
os.remove(kernel)
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument('output', help='Filename for output vars file')
parser.add_argument('--out-temp', help=argparse.SUPPRESS)
parser.add_argument('--force', help='Overwrite existing output file',
action='store_true')
parser.add_argument('--print-output', help='Print the QEMU guest output',
action='store_true')
parser.add_argument('--verbose', '-v', help='Increase verbosity',
action='count')
parser.add_argument('--quiet', '-q', help='Decrease verbosity',
action='count')
parser.add_argument('--qemu-binary', help='QEMU binary path',
default='/usr/bin/qemu-system-x86_64')
parser.add_argument('--enable-kvm', help='Enable KVM acceleration',
action='store_true')
parser.add_argument('--ovmf-binary', help='OVMF secureboot code file',
default='/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd')
parser.add_argument('--ovmf-template-vars', help='OVMF empty vars file',
default='/usr/share/edk2/ovmf/OVMF_VARS.fd')
parser.add_argument('--uefi-shell-iso', help='Path to uefi shell iso',
default='/usr/share/edk2/ovmf/UefiShell.iso')
parser.add_argument('--skip-enrollment',
help='Skip enrollment, only test', action='store_true')
parser.add_argument('--skip-testing',
help='Skip testing generated "VARS" file',
action='store_true')
parser.add_argument('--kernel-path',
help='Specify a consistent path for kernel')
parser.add_argument('--no-download', action='store_true',
help='Never download a kernel')
parser.add_argument('--fedora-version',
help='Fedora version to get kernel for checking',
default='27')
parser.add_argument('--kernel-url', help='Kernel URL',
default='https://download.fedoraproject.org/pub/fedora'
'/linux/releases/%(version)s/Everything/x86_64'
'/os/images/pxeboot/vmlinuz')
parser.add_argument('--disable-smm',
help=('Don\'t restrict varstore pflash writes to '
'guest code that executes in SMM. Use this '
'option only if your OVMF binary doesn\'t have '
'the edk2 SMM driver stack built into it '
'(possibly because your QEMU binary lacks SMM '
'emulation). Note that without restricting '
'varstore pflash writes to guest code that '
'executes in SMM, a malicious guest kernel, '
'used for testing, could undermine Secure '
'Boot.'),
action='store_true')
parser.add_argument('--oem-string',
help=('Pass the argument to the guest as a string in '
'the SMBIOS Type 11 (OEM Strings) table. '
'Multiple occurrences of this option are '
'collected into a single SMBIOS Type 11 table. '
'A pure ASCII string argument is strongly '
'suggested.'),
action='append')
args = parser.parse_args()
args.kernel_url = args.kernel_url % {'version': args.fedora_version}
validate_args(args)
return args
def validate_args(args):
if (os.path.exists(args.output)
and not args.force
and not args.skip_enrollment):
raise Exception('%s already exists' % args.output)
if args.skip_enrollment and not os.path.exists(args.output):
raise Exception('%s does not yet exist' % args.output)
verbosity = (args.verbose or 1) - (args.quiet or 0)
if verbosity >= 2:
logging.basicConfig(level=logging.DEBUG)
elif verbosity == 1:
logging.basicConfig(level=logging.INFO)
elif verbosity < 0:
logging.basicConfig(level=logging.ERROR)
else:
logging.basicConfig(level=logging.WARN)
if args.skip_enrollment:
args.out_temp = args.output
else:
temped = tempfile.mkstemp(prefix='qosb.', suffix='.vars')
os.close(temped[0])
args.out_temp = temped[1]
logging.debug('Temp output: %s', args.out_temp)
def move_to_dest(args):
shutil.copy(args.out_temp, args.output)
os.remove(args.out_temp)
def main():
args = parse_args()
if not args.skip_enrollment:
enroll_keys(args)
if not args.skip_testing:
test_keys(args)
if not args.skip_enrollment:
move_to_dest(args)
if args.skip_testing:
logging.info('Created %s' % args.output)
else:
logging.info('Created and verified %s' % args.output)
else:
logging.info('Verified %s', args.output)
if __name__ == '__main__':
main()

6
sources
View File

@ -1,4 +1,2 @@
SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30
SHA512 (edk2-stable202008.tar.gz) = c32340104f27b9b85f79e934cc9eeb739d47b01e13975c88f39b053e9bc5a1ecfe579ab3b63fc7747cc328e104b337b53d41deb4470c3f20dbbd5552173a4666
SHA512 (openssl-1.1.1g-hobbled.tar.xz) = 7cd351d8fd4a028edcdc6804d8b73af7ff5693ab96cafd4f9252534d4e8e9000e22aefa45f51db490da52d89f4e5b41d02452be0b516fbb0fe84e36d5ca54971
SHA512 (qemu-ovmf-secureboot-20200228-gitc3e16b3.tar.xz) = 123889b9277adda472035f72e4836b6fe8e0cd8e2e87d28400bbc846ea1308378fc7aae413d463e0c1bfda096d85e51be100eb8d7dfb0738707c3412f2855711
SHA512 (edk2-ca407c7246bf.tar.xz) = c3a4dda1030580b9189e7fbc2cbd3a1080aee886ba2880201fc76f530c4328ee05bb9b9269b73782a4a1c7866c59a086c5d94201bbc3122212ef7a3451e99370
SHA512 (openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz) = d989bb5591acfa3ede8807210117bd9af24ff83add2d9cf6fc249574bf04335322ecf06b580e7b5f03ec54c6baca1410162a4ef329043ac9e5896dc76908c3a4

54
update-tarball.sh
View File

@ -1,54 +0,0 @@
#!/bin/bash
user="tianocore"
repo="edk2"
branch="master"
uri="https://github.com/${user}/${repo}"
api="${uri/github.com/api.github.com/repos}"
tar="${uri/github.com/codeload.github.com}/legacy.tar.gz"
if test $# -ge 1; then
hash=$1
short=$1
else
hash=$(curl -s "${api}/git/refs/heads/${branch}" | grep '"sha"' | cut -d'"' -f4)
if test "$hash" = ""; then
echo "# failed to fetch $branch hash"
exit 1
fi
short=$(echo $hash | sed -e 's/^\(.......\).*/\1/')
fi
if test $# = 2; then
date=$2
else
date=$(curl -s "${api}/git/commits/$hash" | awk '
/"committer"/ { c=1 }
/"date"/ { if (c) { print } }
' | cut -d'"' -f4)
date="${date%T*}"
date="${date//-/}"
fi
name="${repo}-${date}-${short}.tar.xz"
if test -f "$name"; then
echo "# exists: $name"
exit 1
fi
echo
echo "# specfile update: version $date, release $short"
sed -i.old \
-e "s/\(%global edk2_date[ \t]\+\)\(.*\)/\1$date/" \
-e "s/\(%global edk2_githash[ \t]\+\)\(.*\)/\1$short/" \
edk2.spec
diff -u edk2.spec.old edk2.spec
echo
echo "# cleanup ..."
rm -vf ${repo}-*.tar*
echo "# fetching $name ..."
curl "$tar/$hash" | zcat | xz -9e > "$name"
exit 0