import edk2-20190829git37eef91017ad-4.el8
This commit is contained in:
parent
97ad98022c
commit
874f8aa2b8
@ -1,2 +1,2 @@
|
||||
87a87bbfca0e751b2840f74b0612e2f0dad70535 SOURCES/edk2-89910a39dcfd.tar.xz
|
||||
f0655dec5d8d815956bab417fcdb25e6da7e21b8 SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
|
||||
c7ca6a13a5f9e7fe8071010c26a11ba41548308b SOURCES/edk2-37eef91017ad.tar.xz
|
||||
cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
|
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/edk2-89910a39dcfd.tar.xz
|
||||
SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
|
||||
SOURCES/edk2-37eef91017ad.tar.xz
|
||||
SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
|
@ -0,0 +1,668 @@
|
||||
From ac1a0b44df858e53be9e8af499e80a459f0cef16 Mon Sep 17 00:00:00 2001
|
||||
From: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||
Date: Tue, 29 Oct 2019 15:43:11 +0000
|
||||
Subject: CryptoPkg/OpensslLib: Update process_files.pl to generate .h files
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- New patch (cherry-picked from upstream, to be dropped at the next
|
||||
downstream rebase).
|
||||
|
||||
- Upstream moved to OpenSSL_1.1.1b (for TianoCore#1089) in release
|
||||
edk2-stable201905. As part of that OpenSSL update, "OpensslLib.inf" and
|
||||
"OpensslLibCrypto.inf" failed to list some new header files.
|
||||
|
||||
- As a part of edk2-stable201908, commit 8906f076de35
|
||||
("CryptoPkg/OpensslLib: Add missing header files in INF file",
|
||||
2019-08-16) fixed up "OpensslLib.inf" and "OpensslLibCrypto.inf" with
|
||||
the missing header files, but did so manually.
|
||||
|
||||
- The present patch (which is going to be released in edk2-stable201911)
|
||||
updates "process_files.pl" to list the subject header files
|
||||
automatically.
|
||||
|
||||
- This patch is being backported primarily in order to keep further
|
||||
backports for the modified files conflict-free. It might also come in
|
||||
handy once we adopt RHEL8's own OpenSSL version (in case we have to
|
||||
re-run "process_files.pl" ourselves).
|
||||
|
||||
There are missing headers added into INF files at 8906f076de35b222a..
|
||||
They are now manually added but not auto-generated. So we update the
|
||||
perl script to enable this feature.
|
||||
Meanwhile, update the order of the .h files in INF files, which are
|
||||
auto-generated now.
|
||||
https://bugzilla.tianocore.org/show_bug.cgi?id=2085
|
||||
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
(cherry picked from commit 9f4fbd56d43054cc73d722c1643659f9741c0fcf)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 103 +++++++++---------
|
||||
.../Library/OpensslLib/OpensslLibCrypto.inf | 96 ++++++++--------
|
||||
CryptoPkg/Library/OpensslLib/process_files.pl | 28 +++++
|
||||
3 files changed, 129 insertions(+), 98 deletions(-)
|
||||
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index 7432321fd4..dd873a0dcd 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -34,9 +34,7 @@
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
$(OPENSSL_PATH)/crypto/aria/aria.c
|
||||
- $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
|
||||
@@ -101,21 +99,12 @@
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_val.c
|
||||
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
|
||||
$(OPENSSL_PATH)/crypto/async/async.c
|
||||
$(OPENSSL_PATH)/crypto/async/async_err.c
|
||||
$(OPENSSL_PATH)/crypto/async/async_wait.c
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
$(OPENSSL_PATH)/crypto/bio/b_addr.c
|
||||
$(OPENSSL_PATH)/crypto/bio/b_dump.c
|
||||
$(OPENSSL_PATH)/crypto/bio/b_sock.c
|
||||
@@ -138,7 +127,6 @@
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_null.c
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_add.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
|
||||
@@ -170,9 +158,6 @@
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_word.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
|
||||
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
|
||||
$(OPENSSL_PATH)/crypto/buffer/buffer.c
|
||||
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
|
||||
@@ -181,7 +166,6 @@
|
||||
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
|
||||
$(OPENSSL_PATH)/crypto/comp/comp_err.c
|
||||
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_api.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_err.c
|
||||
@@ -190,8 +174,6 @@
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
$(OPENSSL_PATH)/crypto/cpt_err.c
|
||||
$(OPENSSL_PATH)/crypto/cryptlib.c
|
||||
$(OPENSSL_PATH)/crypto/ctype.c
|
||||
@@ -215,8 +197,6 @@
|
||||
$(OPENSSL_PATH)/crypto/des/set_key.c
|
||||
$(OPENSSL_PATH)/crypto/des/str2key.c
|
||||
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
|
||||
- $(OPENSSL_PATH)/crypto/des/spr.h
|
||||
- $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_check.c
|
||||
@@ -231,7 +211,6 @@
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_err.c
|
||||
@@ -239,7 +218,6 @@
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
$(OPENSSL_PATH)/crypto/ebcdic.c
|
||||
$(OPENSSL_PATH)/crypto/err/err.c
|
||||
$(OPENSSL_PATH)/crypto/err/err_prn.c
|
||||
@@ -304,13 +282,11 @@
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||
$(OPENSSL_PATH)/crypto/getenv.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/init.c
|
||||
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
|
||||
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
|
||||
@@ -318,13 +294,10 @@
|
||||
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
|
||||
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
|
||||
$(OPENSSL_PATH)/crypto/lhash/lhash.c
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
|
||||
$(OPENSSL_PATH)/crypto/md4/md4_one.c
|
||||
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
|
||||
$(OPENSSL_PATH)/crypto/md5/md5_one.c
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
$(OPENSSL_PATH)/crypto/mem.c
|
||||
$(OPENSSL_PATH)/crypto/mem_clr.c
|
||||
$(OPENSSL_PATH)/crypto/mem_dbg.c
|
||||
@@ -339,7 +312,6 @@
|
||||
$(OPENSSL_PATH)/crypto/modes/ofb128.c
|
||||
$(OPENSSL_PATH)/crypto/modes/wrap128.c
|
||||
$(OPENSSL_PATH)/crypto/modes/xts128.c
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/o_dir.c
|
||||
$(OPENSSL_PATH)/crypto/o_fips.c
|
||||
$(OPENSSL_PATH)/crypto/o_fopen.c
|
||||
@@ -351,9 +323,6 @@
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_err.c
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
|
||||
@@ -364,7 +333,6 @@
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_all.c
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_err.c
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_info.c
|
||||
@@ -392,7 +360,6 @@
|
||||
$(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
|
||||
@@ -401,7 +368,6 @@
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
|
||||
- $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
|
||||
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
|
||||
@@ -410,10 +376,8 @@
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_win.c
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
|
||||
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
|
||||
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
|
||||
@@ -436,24 +400,18 @@
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha256.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha512.c
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash.c
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
|
||||
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
|
||||
$(OPENSSL_PATH)/crypto/sm3/sm3.c
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
$(OPENSSL_PATH)/crypto/sm4/sm4.c
|
||||
$(OPENSSL_PATH)/crypto/stack/stack.c
|
||||
- $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/threads_none.c
|
||||
$(OPENSSL_PATH)/crypto/threads_pthread.c
|
||||
$(OPENSSL_PATH)/crypto/threads_win.c
|
||||
@@ -463,8 +421,6 @@
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_null.c
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_util.c
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
$(OPENSSL_PATH)/crypto/uid.c
|
||||
$(OPENSSL_PATH)/crypto/x509/by_dir.c
|
||||
$(OPENSSL_PATH)/crypto/x509/by_file.c
|
||||
@@ -502,7 +458,6 @@
|
||||
$(OPENSSL_PATH)/crypto/x509/x_req.c
|
||||
$(OPENSSL_PATH)/crypto/x509/x_x509.c
|
||||
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
|
||||
@@ -540,11 +495,57 @@
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/mips_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/des/spr.h
|
||||
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
- $(OPENSSL_PATH)/ms/uplink.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
$(OPENSSL_PATH)/ssl/bio_ssl.c
|
||||
$(OPENSSL_PATH)/ssl/d1_lib.c
|
||||
$(OPENSSL_PATH)/ssl/d1_msg.c
|
||||
@@ -589,13 +590,13 @@
|
||||
$(OPENSSL_PATH)/ssl/t1_trce.c
|
||||
$(OPENSSL_PATH)/ssl/tls13_enc.c
|
||||
$(OPENSSL_PATH)/ssl/tls_srp.c
|
||||
- $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||
$(OPENSSL_PATH)/ssl/ssl_locl.h
|
||||
$(OPENSSL_PATH)/ssl/record/record.h
|
||||
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||
- $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||
# Autogenerated files list ends here
|
||||
|
||||
ossl_store.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index 8134b45eda..a1bb560255 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -33,9 +33,7 @@
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
|
||||
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
$(OPENSSL_PATH)/crypto/aria/aria.c
|
||||
- $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
|
||||
@@ -100,21 +98,12 @@
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
|
||||
$(OPENSSL_PATH)/crypto/asn1/x_val.c
|
||||
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
$(OPENSSL_PATH)/crypto/async/async.c
|
||||
$(OPENSSL_PATH)/crypto/async/async_err.c
|
||||
$(OPENSSL_PATH)/crypto/async/async_wait.c
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
$(OPENSSL_PATH)/crypto/bio/b_addr.c
|
||||
$(OPENSSL_PATH)/crypto/bio/b_dump.c
|
||||
$(OPENSSL_PATH)/crypto/bio/b_sock.c
|
||||
@@ -137,7 +126,6 @@
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_null.c
|
||||
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_add.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
|
||||
@@ -169,9 +157,6 @@
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_word.c
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
|
||||
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
|
||||
$(OPENSSL_PATH)/crypto/buffer/buffer.c
|
||||
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
|
||||
@@ -180,7 +165,6 @@
|
||||
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
|
||||
$(OPENSSL_PATH)/crypto/comp/comp_err.c
|
||||
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_api.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_err.c
|
||||
@@ -189,8 +173,6 @@
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
$(OPENSSL_PATH)/crypto/cpt_err.c
|
||||
$(OPENSSL_PATH)/crypto/cryptlib.c
|
||||
$(OPENSSL_PATH)/crypto/ctype.c
|
||||
@@ -214,8 +196,6 @@
|
||||
$(OPENSSL_PATH)/crypto/des/set_key.c
|
||||
$(OPENSSL_PATH)/crypto/des/str2key.c
|
||||
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
|
||||
- $(OPENSSL_PATH)/crypto/des/spr.h
|
||||
- $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_check.c
|
||||
@@ -230,7 +210,6 @@
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
|
||||
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_err.c
|
||||
@@ -238,7 +217,6 @@
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
|
||||
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
$(OPENSSL_PATH)/crypto/ebcdic.c
|
||||
$(OPENSSL_PATH)/crypto/err/err.c
|
||||
$(OPENSSL_PATH)/crypto/err/err_prn.c
|
||||
@@ -280,7 +258,6 @@
|
||||
$(OPENSSL_PATH)/crypto/evp/evp_pkey.c
|
||||
$(OPENSSL_PATH)/crypto/evp/m_md2.c
|
||||
$(OPENSSL_PATH)/crypto/evp/m_md4.c
|
||||
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||
$(OPENSSL_PATH)/crypto/evp/m_md5.c
|
||||
$(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
|
||||
$(OPENSSL_PATH)/crypto/evp/m_mdc2.c
|
||||
@@ -304,13 +281,11 @@
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||
$(OPENSSL_PATH)/crypto/getenv.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/init.c
|
||||
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
|
||||
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
|
||||
@@ -318,12 +293,10 @@
|
||||
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
|
||||
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
|
||||
$(OPENSSL_PATH)/crypto/lhash/lhash.c
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
|
||||
$(OPENSSL_PATH)/crypto/md4/md4_one.c
|
||||
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
|
||||
$(OPENSSL_PATH)/crypto/md5/md5_one.c
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
$(OPENSSL_PATH)/crypto/mem.c
|
||||
$(OPENSSL_PATH)/crypto/mem_clr.c
|
||||
$(OPENSSL_PATH)/crypto/mem_dbg.c
|
||||
@@ -338,7 +311,6 @@
|
||||
$(OPENSSL_PATH)/crypto/modes/ofb128.c
|
||||
$(OPENSSL_PATH)/crypto/modes/wrap128.c
|
||||
$(OPENSSL_PATH)/crypto/modes/xts128.c
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/o_dir.c
|
||||
$(OPENSSL_PATH)/crypto/o_fips.c
|
||||
$(OPENSSL_PATH)/crypto/o_fopen.c
|
||||
@@ -350,9 +322,6 @@
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_err.c
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
|
||||
@@ -363,7 +332,6 @@
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
|
||||
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_all.c
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_err.c
|
||||
$(OPENSSL_PATH)/crypto/pem/pem_info.c
|
||||
@@ -399,8 +367,6 @@
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
|
||||
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
|
||||
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
|
||||
@@ -409,10 +375,8 @@
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
|
||||
$(OPENSSL_PATH)/crypto/rand/rand_win.c
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
|
||||
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
|
||||
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
|
||||
@@ -435,24 +399,18 @@
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
|
||||
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha256.c
|
||||
$(OPENSSL_PATH)/crypto/sha/sha512.c
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash.c
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
|
||||
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
|
||||
$(OPENSSL_PATH)/crypto/sm3/sm3.c
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
$(OPENSSL_PATH)/crypto/sm4/sm4.c
|
||||
$(OPENSSL_PATH)/crypto/stack/stack.c
|
||||
- $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
- $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/threads_none.c
|
||||
$(OPENSSL_PATH)/crypto/threads_pthread.c
|
||||
$(OPENSSL_PATH)/crypto/threads_win.c
|
||||
@@ -462,9 +420,7 @@
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_null.c
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
|
||||
$(OPENSSL_PATH)/crypto/ui/ui_util.c
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
$(OPENSSL_PATH)/crypto/uid.c
|
||||
- $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
$(OPENSSL_PATH)/crypto/x509/by_dir.c
|
||||
$(OPENSSL_PATH)/crypto/x509/by_file.c
|
||||
$(OPENSSL_PATH)/crypto/x509/t_crl.c
|
||||
@@ -501,7 +457,6 @@
|
||||
$(OPENSSL_PATH)/crypto/x509/x_req.c
|
||||
$(OPENSSL_PATH)/crypto/x509/x_x509.c
|
||||
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
|
||||
@@ -539,10 +494,57 @@
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/arm_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/mips_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
+ $(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/des/spr.h
|
||||
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
# Autogenerated files list ends here
|
||||
buildinf.h
|
||||
rand_pool_noise.h
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
index e13c0acb4d..4fe54cd808 100755
|
||||
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
@@ -144,6 +144,34 @@ foreach my $product ((@{$unified_info{libraries}},
|
||||
}
|
||||
}
|
||||
|
||||
+
|
||||
+#
|
||||
+# Update the perl script to generate the missing header files
|
||||
+#
|
||||
+my @dir_list = ();
|
||||
+for (keys %{$unified_info{dirinfo}}){
|
||||
+ push @dir_list,$_;
|
||||
+}
|
||||
+
|
||||
+my $dir = getcwd();
|
||||
+my @files = ();
|
||||
+my @headers = ();
|
||||
+chdir ("openssl");
|
||||
+foreach(@dir_list){
|
||||
+ @files = glob($_."/*.h");
|
||||
+ push @headers, @files;
|
||||
+}
|
||||
+chdir ($dir);
|
||||
+
|
||||
+foreach (@headers){
|
||||
+ if(/ssl/){
|
||||
+ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
|
||||
+ next;
|
||||
+ }
|
||||
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
|
||||
+}
|
||||
+
|
||||
+
|
||||
#
|
||||
# Update OpensslLib.inf with autogenerated file list
|
||||
#
|
||||
--
|
||||
2.18.1
|
||||
|
159
SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
Normal file
159
SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
Normal file
@ -0,0 +1,159 @@
|
||||
From bbda3f776bfcdbcb77b82f1f7fd5dafd798d9784 Mon Sep 17 00:00:00 2001
|
||||
From: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||
Date: Mon, 21 Oct 2019 15:53:42 +0800
|
||||
Subject: CryptoPkg: Upgrade OpenSSL to 1.1.1d
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- New patch (cherry-picked from upstream, to be dropped at the next
|
||||
downstream rebase).
|
||||
|
||||
- Upstream OpenSSL-1.1.1c contains commit 5fba3afad017 ("Rework DSO API
|
||||
conditions and configuration option", 2019-04-10). This upstream OpenSSL
|
||||
change requires edk2 to #define DSO_NONE explicitly.
|
||||
|
||||
- The present patch (which is going to be released in edk2-stable201911)
|
||||
updates "process_files.pl" to generate "dso_conf.h" with the above
|
||||
macro, and captures the result (i.e. the actual definition of the macro)
|
||||
in the git tree.
|
||||
|
||||
- This patch is being backported primarily for the DSO_NONE macro (OpenSSL
|
||||
in RHEL-8.2.0 is based on OpenSSL-1.1.1c). The patch could also come in
|
||||
handy in case we have to re-run "process_files.pl" ourselves.
|
||||
|
||||
Upgrade openssl from 1.1.1b to 1.1.1d.
|
||||
Something needs to be noticed is that, there is a bug existing in the
|
||||
released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596),
|
||||
which causes build failure. So we switch the code base to a usable
|
||||
version, which is 2 commits later than the stable tag.
|
||||
Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc.
|
||||
This log is to fix the build failure.
|
||||
https://bugzilla.tianocore.org/show_bug.cgi?id=2226
|
||||
|
||||
Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure
|
||||
in OvmfPkg. So update process_files.pl to generate information from
|
||||
"crypto/include/internal/dso_conf.h.in".
|
||||
|
||||
shm.h and utsname.h are added to avoid GCC build failure.
|
||||
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Cc: Liming Gao <liming.gao@intel.com>
|
||||
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Tested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 1bcc65b9a1408cf445b7b3f9499b27d9c235db71)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
CryptoPkg/Library/Include/internal/dso_conf.h | 16 ++++++++++++++++
|
||||
CryptoPkg/Library/Include/sys/shm.h | 9 +++++++++
|
||||
CryptoPkg/Library/Include/sys/utsname.h | 9 +++++++++
|
||||
CryptoPkg/Library/OpensslLib/openssl | 2 +-
|
||||
CryptoPkg/Library/OpensslLib/process_files.pl | 17 +++++++++++++++--
|
||||
5 files changed, 50 insertions(+), 3 deletions(-)
|
||||
create mode 100644 CryptoPkg/Library/Include/sys/shm.h
|
||||
create mode 100644 CryptoPkg/Library/Include/sys/utsname.h
|
||||
|
||||
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
index e69de29bb2..43c891588b 100644
|
||||
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
+++ b/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
@@ -0,0 +1,16 @@
|
||||
+/* WARNING: do not edit! */
|
||||
+/* Generated from crypto/include/internal/dso_conf.h.in */
|
||||
+/*
|
||||
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef HEADER_DSO_CONF_H
|
||||
+# define HEADER_DSO_CONF_H
|
||||
+# define DSO_NONE
|
||||
+# define DSO_EXTENSION ".so"
|
||||
+#endif
|
||||
diff --git a/CryptoPkg/Library/Include/sys/shm.h b/CryptoPkg/Library/Include/sys/shm.h
|
||||
new file mode 100644
|
||||
index 0000000000..dc0b8e81c8
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/sys/shm.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building the third-party cryptographic library.
|
||||
+
|
||||
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/Include/sys/utsname.h b/CryptoPkg/Library/Include/sys/utsname.h
|
||||
new file mode 100644
|
||||
index 0000000000..dc0b8e81c8
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/sys/utsname.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building the third-party cryptographic library.
|
||||
+
|
||||
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
index 4fe54cd808..bbcfa0d0e7 100755
|
||||
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# This script runs the OpenSSL Configure script, then processes the
|
||||
# resulting file list into our local OpensslLib[Crypto].inf and also
|
||||
-# takes a copy of opensslconf.h.
|
||||
+# takes copies of opensslconf.h and dso_conf.h.
|
||||
#
|
||||
# This only needs to be done once by a developer when updating to a
|
||||
# new version of OpenSSL (or changing options, etc.). Normal users
|
||||
@@ -106,6 +106,14 @@ BEGIN {
|
||||
) == 0 ||
|
||||
die "Failed to generate opensslconf.h!\n";
|
||||
|
||||
+ # Generate dso_conf.h per config data
|
||||
+ system(
|
||||
+ "perl -I. -Mconfigdata util/dofile.pl " .
|
||||
+ "crypto/include/internal/dso_conf.h.in " .
|
||||
+ "> include/internal/dso_conf.h"
|
||||
+ ) == 0 ||
|
||||
+ die "Failed to generate dso_conf.h!\n";
|
||||
+
|
||||
chdir($basedir) ||
|
||||
die "Cannot change to base directory \"" . $basedir . "\"";
|
||||
|
||||
@@ -249,12 +257,17 @@ rename( $new_inf_file, $inf_file ) ||
|
||||
print "Done!";
|
||||
|
||||
#
|
||||
-# Copy opensslconf.h generated from OpenSSL Configuration
|
||||
+# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
|
||||
#
|
||||
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||
$OPENSSL_PATH . "/../../Include/openssl/") ||
|
||||
die "Cannot copy opensslconf.h!";
|
||||
+print "Done!";
|
||||
+print "\n--> Duplicating dso_conf.h into Include/internal ... ";
|
||||
+copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
|
||||
+ $OPENSSL_PATH . "/../../Include/internal/") ||
|
||||
+ die "Cannot copy dso_conf.h!";
|
||||
print "Done!\n";
|
||||
|
||||
print "\nProcessing Files Done!\n";
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,8 +1,19 @@
|
||||
From 727c11ecd9f34990312e14f239e6238693619849 Mon Sep 17 00:00:00 2001
|
||||
From 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 11 Jun 2014 23:33:33 +0200
|
||||
Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- trivial context update (performed silently by git-cherry-pick) for
|
||||
upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume
|
||||
CSM components in OvmfPkg", 2019-06-14)
|
||||
|
||||
- A note for the future: the logo could change completely in a subsequent
|
||||
rebase. See <https://bugzilla.tianocore.org/show_bug.cgi?id=2050> (in
|
||||
CONFIRMED status at the time of writing).
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -123,7 +134,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
|
||||
(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
|
||||
(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 2 +-
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
|
||||
@ -145,10 +156,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index a77d71bcea..f2e5125494 100644
|
||||
index 7ae6702ac1..a3cc3f26ec 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -347,7 +347,7 @@
|
||||
@@ -364,7 +364,7 @@
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||
@ -158,10 +169,10 @@ index a77d71bcea..f2e5125494 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index 098d40b61b..ab799ca67f 100644
|
||||
index 31f615a9d0..57f2f625fe 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -203,7 +203,7 @@ READ_LOCK_STATUS = TRUE
|
||||
@@ -176,7 +176,7 @@ READ_LOCK_STATUS = TRUE
|
||||
#
|
||||
# TianoCore logo (splash screen)
|
||||
#
|
||||
@ -171,10 +182,10 @@ index 098d40b61b..ab799ca67f 100644
|
||||
#
|
||||
# Ramdisk support
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index 1e5388ae70..d2b3f24394 100644
|
||||
index 3b0f04967a..27e65b7638 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -331,7 +331,7 @@
|
||||
@@ -348,7 +348,7 @@
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
|
||||
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
|
||||
@ -520,11 +531,11 @@ index 0000000000..7227ac3910
|
||||
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
|
||||
+
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 5b885590b2..249b1d8dc0 100644
|
||||
index 66e944436a..044379e1ed 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -693,7 +693,7 @@
|
||||
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
@@ -688,7 +688,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
- MdeModulePkg/Logo/LogoDxe.inf
|
||||
@ -533,10 +544,10 @@ index 5b885590b2..249b1d8dc0 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 4999403ad7..be3d3b4d14 100644
|
||||
index 785affeb90..326f82384e 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -293,7 +293,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
@@ -283,7 +283,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
||||
@ -546,11 +557,11 @@ index 4999403ad7..be3d3b4d14 100644
|
||||
#
|
||||
# Network modules
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index bbf0853ee6..5ec186df4b 100644
|
||||
index 51c2bfb44f..2ff68102d3 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -702,7 +702,7 @@
|
||||
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
@@ -701,7 +701,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
- MdeModulePkg/Logo/LogoDxe.inf
|
||||
@ -559,10 +570,10 @@ index bbf0853ee6..5ec186df4b 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index d0cc107928..b56160b3bf 100644
|
||||
index 7440707256..aefb6614ad 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
||||
@ -572,11 +583,11 @@ index d0cc107928..b56160b3bf 100644
|
||||
#
|
||||
# Network modules
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index d81460f520..29538ade4d 100644
|
||||
index ba7a758844..3a66d4d424 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -700,7 +700,7 @@
|
||||
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
@@ -699,7 +699,7 @@
|
||||
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
|
||||
!endif
|
||||
}
|
||||
- MdeModulePkg/Logo/LogoDxe.inf
|
||||
@ -585,10 +596,10 @@ index d81460f520..29538ade4d 100644
|
||||
<LibraryClasses>
|
||||
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index d0cc107928..b56160b3bf 100644
|
||||
index 7440707256..aefb6614ad 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
|
@ -1,8 +1,15 @@
|
||||
From a1260c9122c95bcbef1efc5eebe11902767813c2 Mon Sep 17 00:00:00 2001
|
||||
From e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 20 Feb 2014 22:54:45 +0100
|
||||
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- trivial context difference due to upstream commit 2fe5f2f52918
|
||||
("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
|
||||
by git-cherry-pick automatically
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -40,24 +47,24 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
|
||||
(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
|
||||
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
|
||||
---
|
||||
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
index 36cde54976..c0c4eaee0f 100644
|
||||
index 3dfa3126c3..9451c50c70 100644
|
||||
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
@@ -27,7 +27,7 @@
|
||||
@@ -21,7 +21,7 @@
|
||||
//
|
||||
// Define the maximum debug and assert message length that this library supports
|
||||
//
|
||||
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
|
||||
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
|
||||
|
||||
/**
|
||||
Prints a debug message to the debug output device if the specified error level is enabled.
|
||||
//
|
||||
// VA_LIST can not initialize to NULL for all compiler, so we use this to
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,8 +1,13 @@
|
||||
From bd264265a99c60f45cadaa4109a9db59ae218471 Mon Sep 17 00:00:00 2001
|
||||
From 3aa0316ea1db5416cb528179a3ba5ce37c1279b7 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 12 Jun 2014 00:17:59 +0200
|
||||
Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -48,17 +53,17 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
|
||||
(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
|
||||
(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
|
||||
---
|
||||
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
|
||||
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
|
||||
2 files changed, 308 insertions(+), 175 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
index 18fa9209d4..f87ed5cf30 100644
|
||||
index cb2a60d827..26fe1bcc32 100644
|
||||
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
|
||||
@@ -18,7 +18,7 @@
|
||||
@@ -12,7 +12,7 @@
|
||||
;------------------------------------------------------------------------------
|
||||
|
||||
; enable this macro for debug messages
|
@ -1,8 +1,13 @@
|
||||
From 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51 Mon Sep 17 00:00:00 2001
|
||||
From 12cb13a1da913912bd9148ce8f2353a75be77f18 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 18:40:35 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -89,16 +94,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
|
||||
(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
|
||||
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
|
||||
---
|
||||
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
index 66dd3ad550..78a198379a 100644
|
||||
index c76b2c5100..eff9d9787f 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
|
||||
@@ -107,9 +107,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
|
||||
};
|
||||
|
||||
TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
|
@ -1,9 +1,19 @@
|
||||
From cfccb98d13e955beb0b93b4a75a973f30c273ffc Mon Sep 17 00:00:00 2001
|
||||
From a11602f5e2ef930be5b693ddfd0c789a1bd4c60c Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 22:40:01 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
|
||||
- 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
|
||||
2019-06-26),
|
||||
- 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
|
||||
PcdUse5LevelPageTable", 2019-08-09),
|
||||
with easy manual resolution.
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -48,7 +58,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
|
||||
(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
|
||||
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
|
||||
---
|
||||
MdeModulePkg/MdeModulePkg.dec | 4 +++
|
||||
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
|
||||
@ -56,12 +66,12 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
3 files changed, 36 insertions(+)
|
||||
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index a2130bc439..dcd118ba62 100644
|
||||
index 19935c88fa..5690bbd8b3 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -1968,6 +1968,10 @@
|
||||
# @Prompt The address mask when memory encryption is enabled.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
|
||||
@@ -2002,6 +2002,10 @@
|
||||
# @Prompt Capsule On Disk relocation device path.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x0000002f
|
||||
|
||||
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
|
||||
+ # mode change.
|
||||
@ -71,10 +81,10 @@ index a2130bc439..dcd118ba62 100644
|
||||
## Specify memory size with page number for PEI code when
|
||||
# Loading Module at Fixed Address feature is enabled.
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
index 4d7218e415..295e7641a5 100644
|
||||
index 7ef655cca5..1113252df2 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
@ -83,7 +93,7 @@ index 4d7218e415..295e7641a5 100644
|
||||
#include "Terminal.h"
|
||||
|
||||
//
|
||||
@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
|
||||
@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
|
||||
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
|
||||
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
|
||||
|
||||
@ -100,7 +110,7 @@ index 4d7218e415..295e7641a5 100644
|
||||
//
|
||||
// Body of the ConOut functions
|
||||
//
|
||||
@@ -508,6 +520,24 @@ TerminalConOutSetMode (
|
||||
@@ -502,6 +514,24 @@ TerminalConOutSetMode (
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
@ -126,10 +136,10 @@ index 4d7218e415..295e7641a5 100644
|
||||
|
||||
Status = This->ClearScreen (This);
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
index 15b4ac1c33..a704bc17e5 100644
|
||||
index 24e164ef4d..d1160ed1c7 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
@@ -60,6 +60,7 @@
|
||||
@@ -55,6 +55,7 @@
|
||||
DebugLib
|
||||
PcdLib
|
||||
BaseLib
|
||||
@ -137,7 +147,7 @@ index 15b4ac1c33..a704bc17e5 100644
|
||||
|
||||
[Guids]
|
||||
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
|
||||
@@ -88,6 +89,7 @@
|
||||
@@ -83,6 +84,7 @@
|
||||
[Pcd]
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES
|
@ -1,8 +1,13 @@
|
||||
From f9b73437b9b231773c1a20e0c516168817a930a2 Mon Sep 17 00:00:00 2001
|
||||
From 2cc462ee963d0be119bc97bfc9c70d292a40516f Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 15:59:06 +0200
|
||||
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -37,7 +42,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
|
||||
(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
|
||||
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
|
||||
@ -47,10 +52,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
5 files changed, 5 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 249b1d8dc0..3f1da66aab 100644
|
||||
index 044379e1ed..accf5c0211 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -531,6 +531,7 @@
|
||||
@@ -525,6 +525,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -59,10 +64,10 @@ index 249b1d8dc0..3f1da66aab 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 5ec186df4b..9bb0a4cede 100644
|
||||
index 2ff68102d3..8812da9943 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -537,6 +537,7 @@
|
||||
@@ -531,6 +531,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -71,10 +76,10 @@ index 5ec186df4b..9bb0a4cede 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 29538ade4d..3b7fc5328c 100644
|
||||
index 3a66d4d424..73e1b7824f 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -536,6 +536,7 @@
|
||||
@@ -530,6 +530,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
@ -83,10 +88,10 @@ index 29538ade4d..3b7fc5328c 100644
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
|
||||
index 22139a64cb..64b8034117 100644
|
||||
index 3ba2459872..bbbf1ac2a8 100644
|
||||
--- a/OvmfPkg/PlatformPei/Platform.c
|
||||
+++ b/OvmfPkg/PlatformPei/Platform.c
|
||||
@@ -670,6 +670,7 @@ InitializePlatform (
|
||||
@@ -667,6 +667,7 @@ InitializePlatform (
|
||||
PeiFvInitialization ();
|
||||
MemMapInitialization ();
|
||||
NoexecDxeInitialization ();
|
||||
@ -95,10 +100,10 @@ index 22139a64cb..64b8034117 100644
|
||||
|
||||
InstallClearCacheCallback ();
|
||||
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
index 5c8dd0fe6d..035ce249fe 100644
|
||||
index d9fd9c8f05..666803916c 100644
|
||||
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
@@ -96,6 +96,7 @@
|
||||
@@ -89,6 +89,7 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
|
@ -1,8 +1,13 @@
|
||||
From f372886be5f1c41677f168be77c484bae5841361 Mon Sep 17 00:00:00 2001
|
||||
From 0dd0ad0dcdfd1189ed8aa880765403d1f587cc59 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 12 Apr 2016 20:50:25 +0200
|
||||
Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -34,16 +39,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03)
|
||||
(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9)
|
||||
(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit f372886be5f1c41677f168be77c484bae5841361)
|
||||
---
|
||||
ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||
index eff4a21650..adf1ff6c6a 100644
|
||||
index 4d27d7d30b..feceed5f93 100644
|
||||
--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||
+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
|
||||
@@ -22,7 +22,7 @@
|
||||
@@ -15,7 +15,7 @@
|
||||
FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
File diff suppressed because it is too large
Load Diff
@ -1,8 +1,13 @@
|
||||
From 232fcf06f6b3048b7c2ebd6931f23186b3852f04 Mon Sep 17 00:00:00 2001
|
||||
From 8338545260fbb423f796d5196faaaf8ff6e1ed99 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sun, 26 Jul 2015 08:02:50 +0000
|
||||
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -39,7 +44,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
|
||||
(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
|
||||
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 7 +-
|
||||
.../TerminalPcdProducerLib.c | 87 +++++++++++++++++++
|
||||
@ -49,10 +54,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index f2e5125494..9fc78d4e0a 100644
|
||||
index a3cc3f26ec..696b0b5bcd 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -221,6 +221,8 @@
|
||||
@@ -237,6 +237,8 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
|
||||
|
||||
@ -61,7 +66,7 @@ index f2e5125494..9fc78d4e0a 100644
|
||||
[PcdsDynamicHii]
|
||||
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
|
||||
|
||||
@@ -297,7 +299,10 @@
|
||||
@@ -314,7 +316,10 @@
|
||||
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
|
||||
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
|
||||
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
|
@ -1,9 +1,14 @@
|
||||
From 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4 Mon Sep 17 00:00:00 2001
|
||||
From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
||||
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -79,7 +84,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
||||
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
|
||||
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
||||
@ -87,10 +92,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
3 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index be3d3b4d14..a545f7c2a6 100644
|
||||
index 326f82384e..dff2fcd9f6 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
@@ -278,10 +278,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
@ -104,10 +109,10 @@ index be3d3b4d14..a545f7c2a6 100644
|
||||
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index b56160b3bf..fe24e86b92 100644
|
||||
index aefb6614ad..6684a2e799 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
@ -121,10 +126,10 @@ index b56160b3bf..fe24e86b92 100644
|
||||
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index b56160b3bf..fe24e86b92 100644
|
||||
index aefb6614ad..6684a2e799 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
@ -1,8 +1,13 @@
|
||||
From c3f07e323e76856f1b42ea7b8c598ba3201c28a2 Mon Sep 17 00:00:00 2001
|
||||
From 9f756c1ad83cc81f7d892cd036d59a2b567b02dc Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:49:43 +0200
|
||||
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -48,16 +53,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
|
||||
(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
|
||||
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
|
||||
---
|
||||
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
index 44c00bd0c1..40c8ec3251 100644
|
||||
index c8ea183313..bab4804a17 100644
|
||||
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
@@ -114,6 +114,13 @@
|
||||
@@ -108,6 +108,13 @@
|
||||
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
|
||||
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
|
||||
|
@ -1,9 +1,14 @@
|
||||
From bb71490fdda3b38fa9f071d281b863f9b64363bf Mon Sep 17 00:00:00 2001
|
||||
From 8d5a8827aabc67cb2a046697e1a750ca8d9cc453 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:59:20 +0200
|
||||
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
|
||||
port (RH)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -46,7 +51,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
|
||||
(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
|
||||
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
|
||||
---
|
||||
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
|
||||
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
|
||||
@ -56,10 +61,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
5 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
index dc47adbaff..cbd72232c7 100644
|
||||
index d379ad8b7a..ff1672f94d 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
@@ -117,6 +117,11 @@ PrimaryMain (
|
||||
@@ -111,6 +111,11 @@ PrimaryMain (
|
||||
UINTN TemporaryRamBase;
|
||||
UINTN TemporaryRamSize;
|
||||
|
||||
@ -72,10 +77,10 @@ index dc47adbaff..cbd72232c7 100644
|
||||
|
||||
// Enable the GIC Distributor
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
index 134a469427..af39fc017c 100644
|
||||
index 1500d2bd51..5b0790beac 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
@@ -35,6 +35,11 @@ PrimaryMain (
|
||||
@@ -29,6 +29,11 @@ PrimaryMain (
|
||||
UINTN TemporaryRamBase;
|
||||
UINTN TemporaryRamSize;
|
||||
|
||||
@ -88,10 +93,10 @@ index 134a469427..af39fc017c 100644
|
||||
|
||||
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
index 160894620c..bf843d7768 100644
|
||||
index 7140c7f5b5..1d69a2b468 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
@@ -21,6 +21,7 @@
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/IoLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
@ -100,10 +105,10 @@ index 160894620c..bf843d7768 100644
|
||||
#include <PiPei.h>
|
||||
#include <Ppi/TemporaryRamSupport.h>
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
index e3a31fa7c6..1bc0c45420 100644
|
||||
index f2ac45d171..fc93fda965 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
@@ -72,6 +72,8 @@
|
||||
@@ -67,6 +67,8 @@
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||
|
||||
@ -113,10 +118,10 @@ index e3a31fa7c6..1bc0c45420 100644
|
||||
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
|
||||
gArmTokenSpaceGuid.PcdGicSgiIntId
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
index ec83cec2d8..b100820491 100644
|
||||
index 84c319c367..46d1b30978 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
@@ -70,4 +70,6 @@
|
||||
@@ -65,4 +65,6 @@
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||
|
@ -1,8 +1,13 @@
|
||||
From fb2032bbea7e02c426855cf86a323556d493fd8a Mon Sep 17 00:00:00 2001
|
||||
From ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 14:07:17 +0200
|
||||
Subject: ArmVirtPkg: set early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -41,16 +46,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
|
||||
(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
|
||||
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 9fc78d4e0a..a4cd66b846 100644
|
||||
index 696b0b5bcd..08c7a36339 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -94,6 +94,7 @@
|
||||
@@ -101,6 +101,7 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
|
||||
|
||||
[PcdsFixedAtBuild.common]
|
@ -1,8 +1,13 @@
|
||||
From 7e6d5dc4078c64be6d55d8fc3317c59a91507a50 Mon Sep 17 00:00:00 2001
|
||||
From 3cb92f9ba18ac79911bd5258ff4f949cc617ae89 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:45 +0100
|
||||
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -38,7 +43,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
|
||||
(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
|
||||
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
||||
@ -46,10 +51,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
3 files changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index bc75e03d47..8093e6f000 100644
|
||||
index accf5c0211..759075a815 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -484,7 +484,7 @@
|
||||
@@ -479,7 +479,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -59,10 +64,10 @@ index bc75e03d47..8093e6f000 100644
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index f630737662..eca9b4e6db 100644
|
||||
index 8812da9943..634e20f09c 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -489,7 +489,7 @@
|
||||
@@ -484,7 +484,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -72,10 +77,10 @@ index f630737662..eca9b4e6db 100644
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index ac70a0cac1..3ff9a3181e 100644
|
||||
index 73e1b7824f..bc5a345a37 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -489,7 +489,7 @@
|
||||
@@ -484,7 +484,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
@ -1,9 +1,17 @@
|
||||
From b06b87f8ffd4fed4ef7eacb13689a9b6d111f850 Mon Sep 17 00:00:00 2001
|
||||
From c8c3f893e7c3710afe45c46839e97954871536e4 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:46 +0100
|
||||
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||
QemuVideoDxe/QemuRamfbDxe (RH)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
|
||||
QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
|
||||
"QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
|
||||
Resolve the conflict manually.
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -55,7 +63,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
|
||||
(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
|
||||
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
|
||||
@ -63,19 +71,20 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
3 files changed, 24 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 8093e6f000..8f1cf80fe6 100644
|
||||
index 759075a815..6a07a6af81 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -746,8 +746,14 @@
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
@@ -742,9 +742,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
@ -84,19 +93,20 @@ index 8093e6f000..8f1cf80fe6 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index eca9b4e6db..62d6d6c406 100644
|
||||
index 634e20f09c..c7f52992e9 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -755,8 +755,14 @@
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
@@ -755,9 +755,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
@ -105,19 +115,20 @@ index eca9b4e6db..62d6d6c406 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 3ff9a3181e..992b141113 100644
|
||||
index bc5a345a37..594ecb5362 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -753,8 +753,14 @@
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
@@ -753,9 +753,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
@ -1,9 +1,21 @@
|
||||
From 76b4ac28e975bd63c25db903a1d42c47b38cc756 Mon Sep 17 00:00:00 2001
|
||||
From e5b8152bced2364a1ded0926dbba4d65e23e3f84 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 27 Jan 2016 03:05:18 +0100
|
||||
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- The previous version of this patch (downstream commit 76b4ac28e975)
|
||||
caused a regression (RHBZ#1714446), which was fixed up in downstream
|
||||
commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
|
||||
~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
|
||||
|
||||
Squash the fixup into the original patch. Fuse the commit messages.
|
||||
(Acked-by tags are not preserved, lest we confuse ourselves while
|
||||
reviewing this rebase.)
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -17,44 +29,53 @@ boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
|
||||
dependent on the progress bar, when the VERBOSE bit is set in
|
||||
PcdDebugPrintErrorLevel.
|
||||
|
||||
Clear the VERBOSE bit without touching other bits -- those other bits
|
||||
differ between the "silent" and "verbose" builds, so we can't set them as
|
||||
constants.
|
||||
|
||||
QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
|
||||
none of its messages this way.
|
||||
none of its messages, with the VERBOSE bit clear.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
|
||||
Reported-by: Andrew Jones <drjones@redhat.com>
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
|
||||
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index a4cd66b846..aac4094665 100644
|
||||
index 08c7a36339..b3dcdd747b 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -421,7 +421,10 @@
|
||||
@@ -422,7 +422,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
|
||||
+ }
|
||||
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index d2b3f24394..c9a635e80b 100644
|
||||
index 27e65b7638..008181055a 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -399,7 +399,10 @@
|
||||
@@ -400,7 +400,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
|
||||
+ }
|
||||
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
@ -0,0 +1,83 @@
|
||||
From aa2b66b18a62d652bdbefae7b5732297294306ca Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 20:43:48 +0200
|
||||
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
|
||||
builds (RH only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- We have to carry this downstream-only patch -- committed originally as
|
||||
aaaedc1e2cfd -- indefinitely.
|
||||
|
||||
- To avoid confusion, remove the tags from the commit message that had
|
||||
been added by the downstream maintainer scripts, such as: Message-id,
|
||||
Patchwork-id, O-Subject, Acked-by. These remain available on the
|
||||
original downstream commit. The Bugzilla line is preserved, as it
|
||||
doesn't relate to a specific posting, but to the problem.
|
||||
|
||||
Bugzilla: 1714446
|
||||
|
||||
To suppress an error message on the silent build when ramfb is
|
||||
not configured, change QemuRamfbDxe to return EFI_SUCCESS even
|
||||
when it fails.
|
||||
Some memory is wasted (driver stays resident without
|
||||
any good use), but it is mostly harmless, as the memory
|
||||
is released by the OS after ExitBootServices().
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
|
||||
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
index 0d49d8bbab..dbf9bcbe16 100644
|
||||
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
@@ -13,6 +13,7 @@
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
+#include <Library/DebugPrintErrorLevelLib.h>
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/FrameBufferBltLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
@@ -242,6 +243,19 @@ InitializeQemuRamfb (
|
||||
|
||||
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
|
||||
if (EFI_ERROR (Status)) {
|
||||
+#if defined (MDE_CPU_AARCH64)
|
||||
+ //
|
||||
+ // RHBZ#1714446
|
||||
+ // If no ramfb device was configured, this platform DXE driver should
|
||||
+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
|
||||
+ // using a silent build, an error message is issued to the guest console.
|
||||
+ // Since this confuse users, return success and stay resident. The wasted
|
||||
+ // guest RAM still gets freed later after ExitBootServices().
|
||||
+ //
|
||||
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
|
||||
+ return EFI_SUCCESS;
|
||||
+ }
|
||||
+#endif
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
|
||||
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
index e3890b8c20..6ffee5acb2 100644
|
||||
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
@@ -29,6 +29,7 @@
|
||||
BaseLib
|
||||
BaseMemoryLib
|
||||
DebugLib
|
||||
+ DebugPrintErrorLevelLib
|
||||
DevicePathLib
|
||||
FrameBufferBltLib
|
||||
MemoryAllocationLib
|
||||
--
|
||||
2.18.1
|
||||
|
@ -1,9 +1,14 @@
|
||||
From 58bba429b9ec7b78109940ef945d0dc93f3cd958 Mon Sep 17 00:00:00 2001
|
||||
From b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6 Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:47 +0100
|
||||
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
@ -39,7 +44,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
|
||||
(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
|
||||
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
|
||||
@ -47,10 +52,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
3 files changed, 12 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 8f1cf80fe6..bbf5e38274 100644
|
||||
index 6a07a6af81..1c56e0948a 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -740,7 +740,10 @@
|
||||
@@ -735,7 +735,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
@ -63,10 +68,10 @@ index 8f1cf80fe6..bbf5e38274 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 62d6d6c406..3ec1b916e7 100644
|
||||
index c7f52992e9..29e12c9dff 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -749,7 +749,10 @@
|
||||
@@ -748,7 +748,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
@ -79,10 +84,10 @@ index 62d6d6c406..3ec1b916e7 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 992b141113..ea54b4b8e8 100644
|
||||
index 594ecb5362..11fe9f6050 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -747,7 +747,10 @@
|
||||
@@ -746,7 +746,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
@ -1,59 +0,0 @@
|
||||
From d382b66affafe06c7e470e0a2dffbd3634b363f1 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 19 Mar 2019 15:48:34 +0100
|
||||
Subject: Downgrade CryptoPkg INF files to OpenSSL 1.1.0i (RH only)
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- new patch, due to upstream commit a18f784cfdbe ("Upgrade OpenSSL to
|
||||
1.1.0j", 2018-12-21)
|
||||
|
||||
Upstream commit a18f784cfdbe (see above) advanced the OpenSSL git
|
||||
submodule from upstream OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h
|
||||
release", 2018-03-27) to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare
|
||||
for 1.1.0j release", 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i.
|
||||
|
||||
However, Fedora 28 only offers 1.1.0i at this point (and it will not be
|
||||
rebased again until 1.1.0k is released). Therefore hunks in the upstream
|
||||
CryptoPkg commit that relate specifically to 1.1.0j have to be backed out.
|
||||
|
||||
The only such hunks are the "crypto/getenv.c" additions to the INF files.
|
||||
The related upstream OpenSSL change was commit 1abdf08284af ("Use
|
||||
secure_getenv(3) when available.", 2018-09-24), part of tag
|
||||
"OpenSSL_1_1_0j".
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
|
||||
---
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
|
||||
2 files changed, 2 deletions(-)
|
||||
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index 6162d29143..fcb8bfddde 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -282,7 +282,6 @@
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||
$(OPENSSL_PATH)/crypto/evp/scrypt.c
|
||||
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||
- $(OPENSSL_PATH)/crypto/getenv.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index b04bf62b4e..99ff89da0e 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -282,7 +282,6 @@
|
||||
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
|
||||
$(OPENSSL_PATH)/crypto/evp/scrypt.c
|
||||
$(OPENSSL_PATH)/crypto/ex_data.c
|
||||
- $(OPENSSL_PATH)/crypto/getenv.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
|
||||
$(OPENSSL_PATH)/crypto/hmac/hmac.c
|
||||
--
|
||||
2.18.1
|
||||
|
@ -0,0 +1,79 @@
|
||||
From 57bd3f146590df8757865d8f2cdd1db3cf3f4d40 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
||||
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
||||
(RH)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- new patch
|
||||
|
||||
The downstream changes in RHEL8's OpenSSL package, for example in
|
||||
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
|
||||
preexistent code into those new files. In order to avoid undefined
|
||||
references in link editing, we have to list the new files.
|
||||
|
||||
Note: "process_files.pl" is not re-run at this time manually, because
|
||||
|
||||
(a) "process_files.pl" would pollute the file list (and some of the
|
||||
auto-generated header files) with RHEL8-specific FIPS artifacts, which
|
||||
are explicitly unwanted in edk2,
|
||||
|
||||
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
|
||||
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
|
||||
and will help with future changes too.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index dd873a0dcd..d1c7602b87 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -598,6 +598,17 @@
|
||||
$(OPENSSL_PATH)/ssl/record/record.h
|
||||
$(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||
# Autogenerated files list ends here
|
||||
+# RHEL8-specific OpenSSL file list starts here
|
||||
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
|
||||
ossl_store.c
|
||||
rand_pool.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index a1bb560255..0785a421dd 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -546,6 +546,17 @@
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
# Autogenerated files list ends here
|
||||
+# RHEL8-specific OpenSSL file list starts here
|
||||
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
buildinf.h
|
||||
rand_pool_noise.h
|
||||
ossl_store.c
|
||||
--
|
||||
2.18.1
|
||||
|
22
SOURCES/RedHatSecureBootPkKek1.pem
Normal file
22
SOURCES/RedHatSecureBootPkKek1.pem
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
|
||||
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
|
||||
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
|
||||
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
|
||||
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
|
||||
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
|
||||
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
|
||||
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
|
||||
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
|
||||
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
|
||||
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
|
||||
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
|
||||
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
|
||||
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
|
||||
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
|
||||
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
|
||||
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
|
||||
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
|
||||
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
|
||||
R+SqIs/vdWGA40O3SFdzET14m2k=
|
||||
-----END CERTIFICATE-----
|
@ -0,0 +1,338 @@
|
||||
From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:53 +0100
|
||||
Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-6-lersek@redhat.com>
|
||||
Patchwork-id: 92461
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
|
||||
edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib,
|
||||
StdLibPrivateInternalFiles", 2019-04-29).
|
||||
|
||||
We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
|
||||
"inet_pton.c" file from just before the StdLib removal, as follows:
|
||||
|
||||
$ git show \
|
||||
964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
|
||||
> CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||
|
||||
The inet_pton() function is only intended for the DXE phase at this time,
|
||||
therefore only the "BaseCryptLib" instance INF file receives the new file.
|
||||
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3)
|
||||
---
|
||||
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
|
||||
CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++
|
||||
CryptoPkg/Library/Include/CrtLibSupport.h | 1 +
|
||||
3 files changed, 259 insertions(+)
|
||||
create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
index 8d4988e..b5cfd8b 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
||||
@@ -58,6 +58,7 @@
|
||||
SysCall/CrtWrapper.c
|
||||
SysCall/TimerWrapper.c
|
||||
SysCall/BaseMemAllocation.c
|
||||
+ SysCall/inet_pton.c
|
||||
|
||||
[Sources.Ia32]
|
||||
Rand/CryptRandTsc.c
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||
new file mode 100644
|
||||
index 0000000..32e1ab8
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
||||
@@ -0,0 +1,257 @@
|
||||
+/* Copyright (c) 1996 by Internet Software Consortium.
|
||||
+ *
|
||||
+ * Permission to use, copy, modify, and distribute this software for any
|
||||
+ * purpose with or without fee is hereby granted, provided that the above
|
||||
+ * copyright notice and this permission notice appear in all copies.
|
||||
+ *
|
||||
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
||||
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
||||
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
||||
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
||||
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
||||
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
||||
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
||||
+ * SOFTWARE.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * Portions copyright (c) 1999, 2000
|
||||
+ * Intel Corporation.
|
||||
+ * All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in the
|
||||
+ * documentation and/or other materials provided with the distribution.
|
||||
+ *
|
||||
+ * 3. All advertising materials mentioning features or use of this software
|
||||
+ * must display the following acknowledgement:
|
||||
+ *
|
||||
+ * This product includes software developed by Intel Corporation and
|
||||
+ * its contributors.
|
||||
+ *
|
||||
+ * 4. Neither the name of Intel Corporation or its contributors may be
|
||||
+ * used to endorse or promote products derived from this software
|
||||
+ * without specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
|
||||
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
+ * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE
|
||||
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
||||
+ * THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+ *
|
||||
+ */
|
||||
+
|
||||
+#if defined(LIBC_SCCS) && !defined(lint)
|
||||
+static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
|
||||
+#endif /* LIBC_SCCS and not lint */
|
||||
+
|
||||
+#include <sys/param.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <sys/socket.h>
|
||||
+#include <netinet/in.h>
|
||||
+#include <arpa/inet.h>
|
||||
+#include <arpa/nameser.h>
|
||||
+#include <string.h>
|
||||
+#include <errno.h>
|
||||
+
|
||||
+/*
|
||||
+ * WARNING: Don't even consider trying to compile this on a system where
|
||||
+ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
|
||||
+ */
|
||||
+
|
||||
+static int inet_pton4 (const char *src, u_char *dst);
|
||||
+static int inet_pton6 (const char *src, u_char *dst);
|
||||
+
|
||||
+/* int
|
||||
+ * inet_pton(af, src, dst)
|
||||
+ * convert from presentation format (which usually means ASCII printable)
|
||||
+ * to network format (which is usually some kind of binary format).
|
||||
+ * return:
|
||||
+ * 1 if the address was valid for the specified address family
|
||||
+ * 0 if the address wasn't valid (`dst' is untouched in this case)
|
||||
+ * -1 if some other error occurred (`dst' is untouched in this case, too)
|
||||
+ * author:
|
||||
+ * Paul Vixie, 1996.
|
||||
+ */
|
||||
+int
|
||||
+inet_pton(
|
||||
+ int af,
|
||||
+ const char *src,
|
||||
+ void *dst
|
||||
+ )
|
||||
+{
|
||||
+ switch (af) {
|
||||
+ case AF_INET:
|
||||
+ return (inet_pton4(src, dst));
|
||||
+ case AF_INET6:
|
||||
+ return (inet_pton6(src, dst));
|
||||
+ default:
|
||||
+ errno = EAFNOSUPPORT;
|
||||
+ return (-1);
|
||||
+ }
|
||||
+ /* NOTREACHED */
|
||||
+}
|
||||
+
|
||||
+/* int
|
||||
+ * inet_pton4(src, dst)
|
||||
+ * like inet_aton() but without all the hexadecimal and shorthand.
|
||||
+ * return:
|
||||
+ * 1 if `src' is a valid dotted quad, else 0.
|
||||
+ * notice:
|
||||
+ * does not touch `dst' unless it's returning 1.
|
||||
+ * author:
|
||||
+ * Paul Vixie, 1996.
|
||||
+ */
|
||||
+static int
|
||||
+inet_pton4(
|
||||
+ const char *src,
|
||||
+ u_char *dst
|
||||
+ )
|
||||
+{
|
||||
+ static const char digits[] = "0123456789";
|
||||
+ int saw_digit, octets, ch;
|
||||
+ u_char tmp[NS_INADDRSZ], *tp;
|
||||
+
|
||||
+ saw_digit = 0;
|
||||
+ octets = 0;
|
||||
+ *(tp = tmp) = 0;
|
||||
+ while ((ch = *src++) != '\0') {
|
||||
+ const char *pch;
|
||||
+
|
||||
+ if ((pch = strchr(digits, ch)) != NULL) {
|
||||
+ u_int new = *tp * 10 + (u_int)(pch - digits);
|
||||
+
|
||||
+ if (new > 255)
|
||||
+ return (0);
|
||||
+ *tp = (u_char)new;
|
||||
+ if (! saw_digit) {
|
||||
+ if (++octets > 4)
|
||||
+ return (0);
|
||||
+ saw_digit = 1;
|
||||
+ }
|
||||
+ } else if (ch == '.' && saw_digit) {
|
||||
+ if (octets == 4)
|
||||
+ return (0);
|
||||
+ *++tp = 0;
|
||||
+ saw_digit = 0;
|
||||
+ } else
|
||||
+ return (0);
|
||||
+ }
|
||||
+ if (octets < 4)
|
||||
+ return (0);
|
||||
+
|
||||
+ memcpy(dst, tmp, NS_INADDRSZ);
|
||||
+ return (1);
|
||||
+}
|
||||
+
|
||||
+/* int
|
||||
+ * inet_pton6(src, dst)
|
||||
+ * convert presentation level address to network order binary form.
|
||||
+ * return:
|
||||
+ * 1 if `src' is a valid [RFC1884 2.2] address, else 0.
|
||||
+ * notice:
|
||||
+ * (1) does not touch `dst' unless it's returning 1.
|
||||
+ * (2) :: in a full address is silently ignored.
|
||||
+ * credit:
|
||||
+ * inspired by Mark Andrews.
|
||||
+ * author:
|
||||
+ * Paul Vixie, 1996.
|
||||
+ */
|
||||
+static int
|
||||
+inet_pton6(
|
||||
+ const char *src,
|
||||
+ u_char *dst
|
||||
+ )
|
||||
+{
|
||||
+ static const char xdigits_l[] = "0123456789abcdef",
|
||||
+ xdigits_u[] = "0123456789ABCDEF";
|
||||
+ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
||||
+ const char *xdigits, *curtok;
|
||||
+ int ch, saw_xdigit;
|
||||
+ u_int val;
|
||||
+
|
||||
+ memset((tp = tmp), '\0', NS_IN6ADDRSZ);
|
||||
+ endp = tp + NS_IN6ADDRSZ;
|
||||
+ colonp = NULL;
|
||||
+ /* Leading :: requires some special handling. */
|
||||
+ if (*src == ':')
|
||||
+ if (*++src != ':')
|
||||
+ return (0);
|
||||
+ curtok = src;
|
||||
+ saw_xdigit = 0;
|
||||
+ val = 0;
|
||||
+ while ((ch = *src++) != '\0') {
|
||||
+ const char *pch;
|
||||
+
|
||||
+ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
|
||||
+ pch = strchr((xdigits = xdigits_u), ch);
|
||||
+ if (pch != NULL) {
|
||||
+ val <<= 4;
|
||||
+ val |= (pch - xdigits);
|
||||
+ if (val > 0xffff)
|
||||
+ return (0);
|
||||
+ saw_xdigit = 1;
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (ch == ':') {
|
||||
+ curtok = src;
|
||||
+ if (!saw_xdigit) {
|
||||
+ if (colonp)
|
||||
+ return (0);
|
||||
+ colonp = tp;
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (tp + NS_INT16SZ > endp)
|
||||
+ return (0);
|
||||
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
||||
+ *tp++ = (u_char) val & 0xff;
|
||||
+ saw_xdigit = 0;
|
||||
+ val = 0;
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
|
||||
+ inet_pton4(curtok, tp) > 0) {
|
||||
+ tp += NS_INADDRSZ;
|
||||
+ saw_xdigit = 0;
|
||||
+ break; /* '\0' was seen by inet_pton4(). */
|
||||
+ }
|
||||
+ return (0);
|
||||
+ }
|
||||
+ if (saw_xdigit) {
|
||||
+ if (tp + NS_INT16SZ > endp)
|
||||
+ return (0);
|
||||
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
||||
+ *tp++ = (u_char) val & 0xff;
|
||||
+ }
|
||||
+ if (colonp != NULL) {
|
||||
+ /*
|
||||
+ * Since some memmove()'s erroneously fail to handle
|
||||
+ * overlapping regions, we'll do the shift by hand.
|
||||
+ */
|
||||
+ const int n = (int)(tp - colonp);
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 1; i <= n; i++) {
|
||||
+ endp[- i] = colonp[n - i];
|
||||
+ colonp[n - i] = 0;
|
||||
+ }
|
||||
+ tp = endp;
|
||||
+ }
|
||||
+ if (tp != endp)
|
||||
+ return (0);
|
||||
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
|
||||
+ return (1);
|
||||
+}
|
||||
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
index e603fad..5a20ba6 100644
|
||||
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
@@ -192,6 +192,7 @@ void abort (void) __attribute__((__noreturn__));
|
||||
#else
|
||||
void abort (void);
|
||||
#endif
|
||||
+int inet_pton (int, const char *, void *);
|
||||
|
||||
//
|
||||
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,188 @@
|
||||
From 1ab1024f94401300fe9a1d5cdce6c15a2b091e02 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:50 +0100
|
||||
Subject: [PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies
|
||||
(CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-5-lersek@redhat.com>
|
||||
Patchwork-id: 92453
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
In a later patch in this series, we're going to resurrect "inet_pton.c"
|
||||
(originally from the StdLib package). That source file has a number of
|
||||
standard C and BSD socket dependencies. Provide those dependencies here:
|
||||
|
||||
- The header files below will simply #include <CrtLibSupport.h>:
|
||||
|
||||
- arpa/inet.h
|
||||
- arpa/nameser.h
|
||||
- netinet/in.h
|
||||
- sys/param.h
|
||||
- sys/socket.h
|
||||
|
||||
- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
|
||||
e2d3a25f1a31; which is the commit immediately preceding the removal of
|
||||
StdLib from edk2 (964f432b9b0a).
|
||||
|
||||
Note that the other error macro, which we alread #define, namely EINVAL,
|
||||
has a value (22) that also matches "StdLib/Include/errno.h".
|
||||
|
||||
- The AF_INET and AF_INET6 address family macros come from
|
||||
"StdLib/Include/sys/socket.h".
|
||||
|
||||
- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
|
||||
"StdLib/Include/arpa/nameser.h".
|
||||
|
||||
- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
|
||||
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
(cherry picked from commit 2ac41c12c0d4b3d3ee8f905ab80da019e784de00)
|
||||
---
|
||||
CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
|
||||
CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++
|
||||
CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++
|
||||
CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++
|
||||
CryptoPkg/Library/Include/sys/param.h | 9 +++++++++
|
||||
CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++
|
||||
6 files changed, 61 insertions(+)
|
||||
create mode 100644 CryptoPkg/Library/Include/arpa/inet.h
|
||||
create mode 100644 CryptoPkg/Library/Include/arpa/nameser.h
|
||||
create mode 100644 CryptoPkg/Library/Include/netinet/in.h
|
||||
create mode 100644 CryptoPkg/Library/Include/sys/param.h
|
||||
create mode 100644 CryptoPkg/Library/Include/sys/socket.h
|
||||
|
||||
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
index b90da20..e603fad 100644
|
||||
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
@@ -74,6 +74,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
// Definitions for global constants used by CRT library routines
|
||||
//
|
||||
#define EINVAL 22 /* Invalid argument */
|
||||
+#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
|
||||
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
|
||||
#define LONG_MAX 0X7FFFFFFFL /* max value for a long */
|
||||
#define LONG_MIN (-LONG_MAX-1) /* min value for a long */
|
||||
@@ -81,13 +82,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#define CHAR_BIT 8 /* Number of bits in a char */
|
||||
|
||||
//
|
||||
+// Address families.
|
||||
+//
|
||||
+#define AF_INET 2 /* internetwork: UDP, TCP, etc. */
|
||||
+#define AF_INET6 24 /* IP version 6 */
|
||||
+
|
||||
+//
|
||||
+// Define constants based on RFC0883, RFC1034, RFC 1035
|
||||
+//
|
||||
+#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */
|
||||
+#define NS_INADDRSZ 4 /*%< IPv4 T_A */
|
||||
+#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
|
||||
+
|
||||
+//
|
||||
// Basic types mapping
|
||||
//
|
||||
typedef UINTN size_t;
|
||||
+typedef UINTN u_int;
|
||||
typedef INTN ssize_t;
|
||||
typedef INT32 time_t;
|
||||
typedef UINT8 __uint8_t;
|
||||
typedef UINT8 sa_family_t;
|
||||
+typedef UINT8 u_char;
|
||||
typedef UINT32 uid_t;
|
||||
typedef UINT32 gid_t;
|
||||
|
||||
diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h
|
||||
new file mode 100644
|
||||
index 0000000..988e4e0
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/arpa/inet.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building third-party standard C / BSD sockets code.
|
||||
+
|
||||
+ Copyright (C) 2019, Red Hat, Inc.
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h
|
||||
new file mode 100644
|
||||
index 0000000..988e4e0
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/arpa/nameser.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building third-party standard C / BSD sockets code.
|
||||
+
|
||||
+ Copyright (C) 2019, Red Hat, Inc.
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h
|
||||
new file mode 100644
|
||||
index 0000000..988e4e0
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/netinet/in.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building third-party standard C / BSD sockets code.
|
||||
+
|
||||
+ Copyright (C) 2019, Red Hat, Inc.
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h
|
||||
new file mode 100644
|
||||
index 0000000..988e4e0
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/sys/param.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building third-party standard C / BSD sockets code.
|
||||
+
|
||||
+ Copyright (C) 2019, Red Hat, Inc.
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h
|
||||
new file mode 100644
|
||||
index 0000000..988e4e0
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/sys/socket.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building third-party standard C / BSD sockets code.
|
||||
+
|
||||
+ Copyright (C) 2019, Red Hat, Inc.
|
||||
+
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,86 @@
|
||||
From 697cb1880b624f83bc9e926c3614d070eb365f06 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:47 +0100
|
||||
Subject: [PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function
|
||||
(CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-4-lersek@redhat.com>
|
||||
Patchwork-id: 92458
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
According to the ISO C standard, strchr() is a function. We #define it as
|
||||
a macro. Unfortunately, our macro evaluates the first argument ("str")
|
||||
twice. If the expression passed for "str" has side effects, the behavior
|
||||
may be undefined.
|
||||
|
||||
In a later patch in this series, we're going to resurrect "inet_pton.c"
|
||||
(originally from the StdLib package), which calls strchr() just like that:
|
||||
|
||||
strchr((xdigits = xdigits_l), ch)
|
||||
strchr((xdigits = xdigits_u), ch)
|
||||
|
||||
To enable this kind of function call, turn strchr() into a function.
|
||||
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
(cherry picked from commit eb520d94dba7369d1886cd5522d5a2c36fb02209)
|
||||
---
|
||||
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++
|
||||
CryptoPkg/Library/Include/CrtLibSupport.h | 2 +-
|
||||
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
index 71a2ef3..42235ab 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
@@ -115,6 +115,11 @@ QuickSortWorker (
|
||||
// -- String Manipulation Routines --
|
||||
//
|
||||
|
||||
+char *strchr(const char *str, int ch)
|
||||
+{
|
||||
+ return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
|
||||
+}
|
||||
+
|
||||
/* Scan a string for the last occurrence of a character */
|
||||
char *strrchr (const char *str, int c)
|
||||
{
|
||||
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
index 5806f50..b90da20 100644
|
||||
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
@@ -147,6 +147,7 @@ int isupper (int);
|
||||
int tolower (int);
|
||||
int strcmp (const char *, const char *);
|
||||
int strncasecmp (const char *, const char *, size_t);
|
||||
+char *strchr (const char *, int);
|
||||
char *strrchr (const char *, int);
|
||||
unsigned long strtoul (const char *, char **, int);
|
||||
long strtol (const char *, char **, int);
|
||||
@@ -188,7 +189,6 @@ void abort (void);
|
||||
#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
|
||||
#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
|
||||
#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
|
||||
-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
|
||||
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
|
||||
#define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2)
|
||||
#define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,134 @@
|
||||
From 3885ce313d1d06359aa76b085668c1391d8a5f50 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:43 +0100
|
||||
Subject: [PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"
|
||||
(CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-3-lersek@redhat.com>
|
||||
Patchwork-id: 92460
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
In the patch, we add the new API "TlsSetVerifyHost" for the TLS
|
||||
protocol to set the specified host name that need to be verified.
|
||||
|
||||
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com>
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
(cherry picked from commit 2ca74e1a175232cc201798e27437700adc7fb07e)
|
||||
---
|
||||
CryptoPkg/Include/Library/TlsLib.h | 20 +++++++++++++++++++
|
||||
CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++++++++++++++++++-
|
||||
2 files changed, 57 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
|
||||
index 9875cb6..3af7d4b 100644
|
||||
--- a/CryptoPkg/Include/Library/TlsLib.h
|
||||
+++ b/CryptoPkg/Include/Library/TlsLib.h
|
||||
@@ -397,6 +397,26 @@ TlsSetVerify (
|
||||
);
|
||||
|
||||
/**
|
||||
+ Set the specified host name to be verified.
|
||||
+
|
||||
+ @param[in] Tls Pointer to the TLS object.
|
||||
+ @param[in] Flags The setting flags during the validation.
|
||||
+ @param[in] HostName The specified host name to be verified.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The HostName setting was set successfully.
|
||||
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
|
||||
+ @retval EFI_ABORTED Invalid HostName setting.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+TlsSetVerifyHost (
|
||||
+ IN VOID *Tls,
|
||||
+ IN UINT32 Flags,
|
||||
+ IN CHAR8 *HostName
|
||||
+ );
|
||||
+
|
||||
+/**
|
||||
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
||||
|
||||
This function sets a session ID to be used when the TLS/SSL connection is
|
||||
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
index 74b577d..2bf5aee 100644
|
||||
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
|
||||
|
||||
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -498,6 +498,42 @@ TlsSetVerify (
|
||||
}
|
||||
|
||||
/**
|
||||
+ Set the specified host name to be verified.
|
||||
+
|
||||
+ @param[in] Tls Pointer to the TLS object.
|
||||
+ @param[in] Flags The setting flags during the validation.
|
||||
+ @param[in] HostName The specified host name to be verified.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The HostName setting was set successfully.
|
||||
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
|
||||
+ @retval EFI_ABORTED Invalid HostName setting.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+TlsSetVerifyHost (
|
||||
+ IN VOID *Tls,
|
||||
+ IN UINT32 Flags,
|
||||
+ IN CHAR8 *HostName
|
||||
+ )
|
||||
+{
|
||||
+ TLS_CONNECTION *TlsConn;
|
||||
+
|
||||
+ TlsConn = (TLS_CONNECTION *) Tls;
|
||||
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ SSL_set_hostflags(TlsConn->Ssl, Flags);
|
||||
+
|
||||
+ if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
|
||||
+ return EFI_ABORTED;
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
+
|
||||
+/**
|
||||
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
|
||||
|
||||
This function sets a session ID to be used when the TLS/SSL connection is
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,100 @@
|
||||
From 970b5f67512e00fb26765a14b4a1cb8a8a04276d Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:57 +0100
|
||||
Subject: [PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address
|
||||
literals as such (CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-7-lersek@redhat.com>
|
||||
Patchwork-id: 92452
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
Using the inet_pton() function that we imported in the previous patches,
|
||||
recognize if "HostName" is an IP address literal, and then parse it into
|
||||
binary representation. Passing the latter to OpenSSL for server
|
||||
certificate validation is important, per RFC-2818
|
||||
<https://tools.ietf.org/html/rfc2818#section-3.1>:
|
||||
|
||||
> In some cases, the URI is specified as an IP address rather than a
|
||||
> hostname. In this case, the iPAddress subjectAltName must be present in
|
||||
> the certificate and must exactly match the IP in the URI.
|
||||
|
||||
Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL
|
||||
version that is currently consumed by edk2, said function depends on
|
||||
sscanf() for parsing IPv4 literals. In
|
||||
"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an
|
||||
empty -- always failing -- stub for sscanf(), however.
|
||||
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
Suggested-by: David Woodhouse <dwmw2@infradead.org>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Acked-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
(cherry picked from commit 1e72b1fb2ec597caedb5170079bb213f6d67f32a)
|
||||
---
|
||||
CryptoPkg/Library/TlsLib/TlsConfig.c | 28 ++++++++++++++++++++++++----
|
||||
1 file changed, 24 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
index 2bf5aee..307eb57 100644
|
||||
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
|
||||
@@ -517,7 +517,11 @@ TlsSetVerifyHost (
|
||||
IN CHAR8 *HostName
|
||||
)
|
||||
{
|
||||
- TLS_CONNECTION *TlsConn;
|
||||
+ TLS_CONNECTION *TlsConn;
|
||||
+ X509_VERIFY_PARAM *VerifyParam;
|
||||
+ UINTN BinaryAddressSize;
|
||||
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
|
||||
+ INTN ParamStatus;
|
||||
|
||||
TlsConn = (TLS_CONNECTION *) Tls;
|
||||
if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
|
||||
@@ -526,11 +530,27 @@ TlsSetVerifyHost (
|
||||
|
||||
SSL_set_hostflags(TlsConn->Ssl, Flags);
|
||||
|
||||
- if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
|
||||
- return EFI_ABORTED;
|
||||
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);
|
||||
+ ASSERT (VerifyParam != NULL);
|
||||
+
|
||||
+ BinaryAddressSize = 0;
|
||||
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
|
||||
+ BinaryAddressSize = NS_IN6ADDRSZ;
|
||||
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
|
||||
+ BinaryAddressSize = NS_INADDRSZ;
|
||||
}
|
||||
|
||||
- return EFI_SUCCESS;
|
||||
+ if (BinaryAddressSize > 0) {
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
|
||||
+ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
|
||||
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
|
||||
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
|
||||
+ BinaryAddressSize);
|
||||
+ } else {
|
||||
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
|
||||
+ }
|
||||
+
|
||||
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,156 @@
|
||||
From 22ebe3ff84003e9256759e230ac68da35c6d77a2 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:31:37 +0100
|
||||
Subject: [PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of
|
||||
EfiTlsVerifyHost (CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-2-lersek@redhat.com>
|
||||
Patchwork-id: 92457
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
In the patch, we add the new data type named "EfiTlsVerifyHost" and
|
||||
the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
|
||||
to enable the host name check so as to avoid the potential
|
||||
Man-In-The-Middle attack.
|
||||
|
||||
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Liming Gao <liming.gao@intel.com>
|
||||
(cherry picked from commit 31efec82796cb950e99d1622aa9c0eb8380613a0)
|
||||
---
|
||||
MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++++++++++++++++++++++-------
|
||||
1 file changed, 57 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
|
||||
index bf1b672..af524ae 100644
|
||||
--- a/MdePkg/Include/Protocol/Tls.h
|
||||
+++ b/MdePkg/Include/Protocol/Tls.h
|
||||
@@ -42,10 +42,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
|
||||
///
|
||||
typedef enum {
|
||||
///
|
||||
- /// Session Configuration
|
||||
- ///
|
||||
-
|
||||
- ///
|
||||
/// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
|
||||
///
|
||||
EfiTlsVersion,
|
||||
@@ -86,11 +82,6 @@ typedef enum {
|
||||
/// The corresponding Data is of type EFI_TLS_SESSION_STATE.
|
||||
///
|
||||
EfiTlsSessionState,
|
||||
-
|
||||
- ///
|
||||
- /// Session information
|
||||
- ///
|
||||
-
|
||||
///
|
||||
/// TLS session data client random.
|
||||
/// The corresponding Data is of type EFI_TLS_RANDOM.
|
||||
@@ -106,9 +97,15 @@ typedef enum {
|
||||
/// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
|
||||
///
|
||||
EfiTlsKeyMaterial,
|
||||
+ ///
|
||||
+ /// TLS session hostname for validation which is used to verify whether the name
|
||||
+ /// within the peer certificate matches a given host name.
|
||||
+ /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.
|
||||
+ /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.
|
||||
+ ///
|
||||
+ EfiTlsVerifyHost,
|
||||
|
||||
EfiTlsSessionDataTypeMaximum
|
||||
-
|
||||
} EFI_TLS_SESSION_DATA_TYPE;
|
||||
|
||||
///
|
||||
@@ -178,7 +175,8 @@ typedef UINT32 EFI_TLS_VERIFY;
|
||||
///
|
||||
#define EFI_TLS_VERIFY_PEER 0x1
|
||||
///
|
||||
-/// TLS session will fail peer certificate is absent.
|
||||
+/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.
|
||||
+/// TLS session will fail if client certificate is absent.
|
||||
///
|
||||
#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
|
||||
///
|
||||
@@ -188,6 +186,54 @@ typedef UINT32 EFI_TLS_VERIFY;
|
||||
#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
|
||||
|
||||
///
|
||||
+/// EFI_TLS_VERIFY_HOST_FLAG
|
||||
+///
|
||||
+typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;
|
||||
+///
|
||||
+/// There is no additional flags set for hostname validation.
|
||||
+/// Wildcards are supported and they match only in the left-most label.
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_NONE 0x00
|
||||
+///
|
||||
+/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the
|
||||
+/// certificate contains Subject Alternative Name (SAN).
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01
|
||||
+///
|
||||
+/// Disable the match of all wildcards.
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02
|
||||
+///
|
||||
+/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04
|
||||
+///
|
||||
+/// Allow the "*" to match more than one labels. Otherwise, only matches a single label.
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08
|
||||
+///
|
||||
+/// Restrict to only match direct child sub-domains which start with ".".
|
||||
+/// For example, a name of ".example.com" would match "www.example.com" with this flag,
|
||||
+/// but would not match "www.sub.example.com".
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
|
||||
+///
|
||||
+/// Never check the Subject Distinguished Name (DN) even there is no
|
||||
+/// Subject Alternative Name (SAN) in the certificate.
|
||||
+///
|
||||
+#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20
|
||||
+
|
||||
+///
|
||||
+/// EFI_TLS_VERIFY_HOST
|
||||
+///
|
||||
+#pragma pack (1)
|
||||
+typedef struct {
|
||||
+ EFI_TLS_VERIFY_HOST_FLAG Flags;
|
||||
+ CHAR8 *HostName;
|
||||
+} EFI_TLS_VERIFY_HOST;
|
||||
+#pragma pack ()
|
||||
+
|
||||
+///
|
||||
/// EFI_TLS_RANDOM
|
||||
/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
|
||||
/// Hello Messages".
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,99 @@
|
||||
From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:32:04 +0100
|
||||
Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification
|
||||
(CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-9-lersek@redhat.com>
|
||||
Patchwork-id: 92459
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
|
||||
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
Set the HostName by consuming TLS protocol to enable the host name
|
||||
check so as to avoid the potential Man-In-The-Middle attack.
|
||||
|
||||
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f)
|
||||
---
|
||||
NetworkPkg/HttpDxe/HttpProto.h | 1 +
|
||||
NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++----
|
||||
2 files changed, 18 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
|
||||
index 6e1f517..34308e0 100644
|
||||
--- a/NetworkPkg/HttpDxe/HttpProto.h
|
||||
+++ b/NetworkPkg/HttpDxe/HttpProto.h
|
||||
@@ -82,6 +82,7 @@ typedef struct {
|
||||
EFI_TLS_VERSION Version;
|
||||
EFI_TLS_CONNECTION_END ConnectionEnd;
|
||||
EFI_TLS_VERIFY VerifyMethod;
|
||||
+ EFI_TLS_VERIFY_HOST VerifyHost;
|
||||
EFI_TLS_SESSION_STATE SessionState;
|
||||
} TLS_CONFIG_DATA;
|
||||
|
||||
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||
index 988bbcb..5dfb13b 100644
|
||||
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
|
||||
@@ -623,13 +623,16 @@ TlsConfigureSession (
|
||||
//
|
||||
// TlsConfigData initialization
|
||||
//
|
||||
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
|
||||
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
|
||||
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
|
||||
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
|
||||
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
|
||||
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;
|
||||
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
|
||||
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
|
||||
|
||||
//
|
||||
// EfiTlsConnectionEnd,
|
||||
- // EfiTlsVerifyMethod
|
||||
+ // EfiTlsVerifyMethod,
|
||||
+ // EfiTlsVerifyHost,
|
||||
// EfiTlsSessionState
|
||||
//
|
||||
Status = HttpInstance->Tls->SetSessionData (
|
||||
@@ -654,6 +657,16 @@ TlsConfigureSession (
|
||||
|
||||
Status = HttpInstance->Tls->SetSessionData (
|
||||
HttpInstance->Tls,
|
||||
+ EfiTlsVerifyHost,
|
||||
+ &HttpInstance->TlsConfigData.VerifyHost,
|
||||
+ sizeof (EFI_TLS_VERIFY_HOST)
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ Status = HttpInstance->Tls->SetSessionData (
|
||||
+ HttpInstance->Tls,
|
||||
EfiTlsSessionState,
|
||||
&(HttpInstance->TlsConfigData.SessionState),
|
||||
sizeof (EFI_TLS_SESSION_STATE)
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,117 @@
|
||||
From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Mon, 2 Dec 2019 12:32:00 +0100
|
||||
Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to
|
||||
TlsDxe driver (CVE-2019-14553)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20191117220052.15700-8-lersek@redhat.com>
|
||||
Patchwork-id: 92456
|
||||
O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553)
|
||||
Bugzilla: 1536624
|
||||
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
||||
CVE: CVE-2019-14553
|
||||
The new data type named "EfiTlsVerifyHost" and the
|
||||
EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol.
|
||||
|
||||
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
|
||||
Reviewed-by: Ye Ting <ting.ye@intel.com>
|
||||
Reviewed-by: Long Qin <qin.long@intel.com>
|
||||
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
|
||||
Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com>
|
||||
Cc: David Woodhouse <dwmw2@infradead.org>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
||||
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947)
|
||||
---
|
||||
NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++---
|
||||
1 file changed, 41 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||
index a7a993f..001e540 100644
|
||||
--- a/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||
+++ b/NetworkPkg/TlsDxe/TlsProtocol.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/** @file
|
||||
Implementation of EFI TLS Protocol Interfaces.
|
||||
|
||||
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -56,12 +56,16 @@ TlsSetSessionData (
|
||||
UINT16 *CipherId;
|
||||
CONST EFI_TLS_CIPHER *TlsCipherList;
|
||||
UINTN CipherCount;
|
||||
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
|
||||
+ EFI_TLS_VERIFY VerifyMethod;
|
||||
+ UINTN VerifyMethodSize;
|
||||
UINTN Index;
|
||||
|
||||
EFI_TPL OldTpl;
|
||||
|
||||
- Status = EFI_SUCCESS;
|
||||
- CipherId = NULL;
|
||||
+ Status = EFI_SUCCESS;
|
||||
+ CipherId = NULL;
|
||||
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
|
||||
|
||||
if (This == NULL || Data == NULL || DataSize == 0) {
|
||||
return EFI_INVALID_PARAMETER;
|
||||
@@ -149,6 +153,40 @@ TlsSetSessionData (
|
||||
|
||||
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
|
||||
break;
|
||||
+ case EfiTlsVerifyHost:
|
||||
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
|
||||
+ Status = EFI_INVALID_PARAMETER;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
+
|
||||
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
|
||||
+
|
||||
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
|
||||
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
|
||||
+ Status = EFI_INVALID_PARAMETER;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
+
|
||||
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
|
||||
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
|
||||
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
|
||||
+ Status = EFI_INVALID_PARAMETER;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
+
|
||||
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
+
|
||||
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
|
||||
+ Status = EFI_INVALID_PARAMETER;
|
||||
+ goto ON_EXIT;
|
||||
+ }
|
||||
+
|
||||
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
|
||||
+
|
||||
+ break;
|
||||
case EfiTlsSessionID:
|
||||
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
|
||||
Status = EFI_INVALID_PARAMETER;
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,198 +0,0 @@
|
||||
From 71c39f0fb0b9a3e9856cebc58ef3812752fd07cc Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 4 Jun 2019 11:06:45 +0200
|
||||
Subject: [PATCH 3/3] OvmfPkg/PlatformPei: set 32-bit UC area at PciBase /
|
||||
PciExBarBase (pc/q35)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Message-id: <20190604090645.2847-4-lersek@redhat.com>
|
||||
Patchwork-id: 88483
|
||||
O-Subject: [RHEL-8.1.0 edk2 PATCH v2 3/3] OvmfPkg/PlatformPei: set 32-bit UC
|
||||
area at PciBase / PciExBarBase (pc/q35)
|
||||
Bugzilla: 1666941
|
||||
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
(This is a replacement for commit 39b9a5ffe661 ("OvmfPkg/PlatformPei: fix
|
||||
MTRR for low-RAM sizes that have many bits clear", 2019-05-16).)
|
||||
|
||||
Reintroduce the same logic as seen in commit 39b9a5ffe661 for the pc
|
||||
(i440fx) board type.
|
||||
|
||||
For q35, the same approach doesn't work any longer, given that (a) we'd
|
||||
like to keep the PCIEXBAR in the platform DSC a fixed-at-build PCD, and
|
||||
(b) QEMU expects the PCIEXBAR to reside at a lower address than the 32-bit
|
||||
PCI MMIO aperture.
|
||||
|
||||
Therefore, introduce a helper function for determining the 32-bit
|
||||
"uncacheable" (MMIO) area base address:
|
||||
|
||||
- On q35, this function behaves statically. Furthermore, the MTRR setup
|
||||
exploits that the range [0xB000_0000, 0xFFFF_FFFF] can be marked UC with
|
||||
just two variable MTRRs (one at 0xB000_0000 (size 256MB), another at
|
||||
0xC000_0000 (size 1GB)).
|
||||
|
||||
- On pc (i440fx), the function behaves dynamically, implementing the same
|
||||
logic as commit 39b9a5ffe661 did. The PciBase value is adjusted to the
|
||||
value calculated, similarly to commit 39b9a5ffe661. A further
|
||||
simplification is that we show that the UC32 area size truncation to a
|
||||
whole power of two automatically guarantees a >=2GB base address.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
(cherry picked from commit 49edde15230a5bfd6746225eb95535eaa2ec1ba4)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/PlatformPei/MemDetect.c | 59 ++++++++++++++++++++++++++++++++++++++---
|
||||
OvmfPkg/PlatformPei/Platform.c | 5 +++-
|
||||
OvmfPkg/PlatformPei/Platform.h | 7 +++++
|
||||
3 files changed, 66 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
|
||||
index 2f9e835..0c38b70 100644
|
||||
--- a/OvmfPkg/PlatformPei/MemDetect.c
|
||||
+++ b/OvmfPkg/PlatformPei/MemDetect.c
|
||||
@@ -20,6 +20,7 @@ Module Name:
|
||||
// The package level header files this module uses
|
||||
//
|
||||
#include <IndustryStandard/E820.h>
|
||||
+#include <IndustryStandard/I440FxPiix4.h>
|
||||
#include <IndustryStandard/Q35MchIch9.h>
|
||||
#include <PiPei.h>
|
||||
|
||||
@@ -48,6 +49,8 @@ STATIC UINT32 mS3AcpiReservedMemorySize;
|
||||
|
||||
STATIC UINT16 mQ35TsegMbytes;
|
||||
|
||||
+UINT32 mQemuUc32Base;
|
||||
+
|
||||
VOID
|
||||
Q35TsegMbytesInitialization (
|
||||
VOID
|
||||
@@ -104,6 +107,54 @@ Q35TsegMbytesInitialization (
|
||||
}
|
||||
|
||||
|
||||
+VOID
|
||||
+QemuUc32BaseInitialization (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ UINT32 LowerMemorySize;
|
||||
+ UINT32 Uc32Size;
|
||||
+
|
||||
+ if (mXen) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ if (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
|
||||
+ //
|
||||
+ // On q35, the 32-bit area that we'll mark as UC, through variable MTRRs,
|
||||
+ // starts at PcdPciExpressBaseAddress. The platform DSC is responsible for
|
||||
+ // setting PcdPciExpressBaseAddress such that describing the
|
||||
+ // [PcdPciExpressBaseAddress, 4GB) range require a very small number of
|
||||
+ // variable MTRRs (preferably 1 or 2).
|
||||
+ //
|
||||
+ ASSERT (FixedPcdGet64 (PcdPciExpressBaseAddress) <= MAX_UINT32);
|
||||
+ mQemuUc32Base = (UINT32)FixedPcdGet64 (PcdPciExpressBaseAddress);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ ASSERT (mHostBridgeDevId == INTEL_82441_DEVICE_ID);
|
||||
+ //
|
||||
+ // On i440fx, start with the [LowerMemorySize, 4GB) range. Make sure one
|
||||
+ // variable MTRR suffices by truncating the size to a whole power of two,
|
||||
+ // while keeping the end affixed to 4GB. This will round the base up.
|
||||
+ //
|
||||
+ LowerMemorySize = GetSystemMemorySizeBelow4gb ();
|
||||
+ Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - LowerMemorySize));
|
||||
+ mQemuUc32Base = (UINT32)(SIZE_4GB - Uc32Size);
|
||||
+ //
|
||||
+ // Assuming that LowerMemorySize is at least 1 byte, Uc32Size is at most 2GB.
|
||||
+ // Therefore mQemuUc32Base is at least 2GB.
|
||||
+ //
|
||||
+ ASSERT (mQemuUc32Base >= BASE_2GB);
|
||||
+
|
||||
+ if (mQemuUc32Base != LowerMemorySize) {
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: rounded UC32 base from 0x%x up to 0x%x, for "
|
||||
+ "an UC32 size of 0x%x\n", __FUNCTION__, LowerMemorySize, mQemuUc32Base,
|
||||
+ Uc32Size));
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
/**
|
||||
Iterate over the RAM entries in QEMU's fw_cfg E820 RAM map that start outside
|
||||
of the 32-bit address range.
|
||||
@@ -694,11 +745,11 @@ QemuInitializeRam (
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
|
||||
//
|
||||
- // Set memory range from the "top of lower RAM" (RAM below 4GB) to 4GB as
|
||||
- // uncacheable
|
||||
+ // Set the memory range from the start of the 32-bit MMIO area (32-bit PCI
|
||||
+ // MMIO aperture on i440fx, PCIEXBAR on q35) to 4GB as uncacheable.
|
||||
//
|
||||
- Status = MtrrSetMemoryAttribute (LowerMemorySize,
|
||||
- SIZE_4GB - LowerMemorySize, CacheUncacheable);
|
||||
+ Status = MtrrSetMemoryAttribute (mQemuUc32Base, SIZE_4GB - mQemuUc32Base,
|
||||
+ CacheUncacheable);
|
||||
ASSERT_EFI_ERROR (Status);
|
||||
}
|
||||
}
|
||||
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
|
||||
index 64b8034..de19f5c 100644
|
||||
--- a/OvmfPkg/PlatformPei/Platform.c
|
||||
+++ b/OvmfPkg/PlatformPei/Platform.c
|
||||
@@ -197,7 +197,8 @@ MemMapInitialization (
|
||||
ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB);
|
||||
PciBase = (UINT32)(PciExBarBase + SIZE_256MB);
|
||||
} else {
|
||||
- PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam;
|
||||
+ ASSERT (TopOfLowRam <= mQemuUc32Base);
|
||||
+ PciBase = mQemuUc32Base;
|
||||
}
|
||||
|
||||
//
|
||||
@@ -656,6 +657,8 @@ InitializePlatform (
|
||||
|
||||
PublishPeiMemory ();
|
||||
|
||||
+ QemuUc32BaseInitialization ();
|
||||
+
|
||||
InitializeRamRegions ();
|
||||
|
||||
if (mXen) {
|
||||
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
|
||||
index b12a5c1..2b486ce 100644
|
||||
--- a/OvmfPkg/PlatformPei/Platform.h
|
||||
+++ b/OvmfPkg/PlatformPei/Platform.h
|
||||
@@ -69,6 +69,11 @@ GetSystemMemorySizeBelow4gb (
|
||||
);
|
||||
|
||||
VOID
|
||||
+QemuUc32BaseInitialization (
|
||||
+ VOID
|
||||
+ );
|
||||
+
|
||||
+VOID
|
||||
InitializeRamRegions (
|
||||
VOID
|
||||
);
|
||||
@@ -120,4 +125,6 @@ extern UINT32 mMaxCpuCount;
|
||||
|
||||
extern UINT16 mHostBridgeDevId;
|
||||
|
||||
+extern UINT32 mQemuUc32Base;
|
||||
+
|
||||
#endif // _PLATFORM_PEI_H_INCLUDED_
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,109 +0,0 @@
|
||||
From d362291ada9ee22316e3c069dc788c4c801b0796 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 4 Jun 2019 11:06:44 +0200
|
||||
Subject: [PATCH 2/3] OvmfPkg: raise the PCIEXBAR base to 2816 MB on Q35
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Message-id: <20190604090645.2847-3-lersek@redhat.com>
|
||||
Patchwork-id: 88481
|
||||
O-Subject: [RHEL-8.1.0 edk2 PATCH v2 2/3] OvmfPkg: raise the PCIEXBAR base to
|
||||
2816 MB on Q35
|
||||
Bugzilla: 1666941
|
||||
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
|
||||
(This is a replacement for commit 75136b29541b, "OvmfPkg/PlatformPei:
|
||||
reorder the 32-bit PCI window vs. the PCIEXBAR on q35", 2019-05-16).
|
||||
|
||||
Commit 7b8fe63561b4 ("OvmfPkg: PlatformPei: enable PCIEXBAR (aka MMCONFIG
|
||||
/ ECAM) on Q35", 2016-03-10) claimed that,
|
||||
|
||||
On Q35 machine types that QEMU intends to support in the long term, QEMU
|
||||
never lets the RAM below 4 GB exceed 2 GB.
|
||||
|
||||
Alas, this statement came from a misunderstanding that occurred while we
|
||||
worked out the interface contract. In fact QEMU does allow the 32-bit RAM
|
||||
extend up to 0xB000_0000 (exclusive), in case the RAM size falls in the
|
||||
range (0x8000_0000, 0xB000_0000) (i.e., the RAM size is greater than
|
||||
2048MB and smaller than 2816MB).
|
||||
|
||||
In turn, such a RAM size (justifiedly) triggers
|
||||
|
||||
ASSERT (TopOfLowRam <= PciExBarBase);
|
||||
|
||||
in MemMapInitialization(), because we placed the 256MB PCIEXBAR at
|
||||
0x8000_0000 (2GB) exactly, relying on the interface contract. (And, the
|
||||
32-bit PCI window would follow the PCIEXBAR, covering the [0x9000_0000,
|
||||
0xFC00_0000) range.)
|
||||
|
||||
In order to fix this, place the PCIEXBAR at 2816MB (0xB000_0000), and
|
||||
start the 32-bit PCI window at 3 GB (0xC000_0000). This shrinks the 32-bit
|
||||
PCI window to
|
||||
|
||||
0xFC00_0000 - 0xC000_0000 = 0x3C00_0000 = 960 MB.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
|
||||
(cherry picked from commit b07de0974b65a6a393c2d477427d1d6c7acce002)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 4 ++--
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++--
|
||||
OvmfPkg/OvmfPkgX64.dsc | 4 ++--
|
||||
3 files changed, 6 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index bbf5e38..cf5f2ea 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -497,8 +497,8 @@
|
||||
# the PCIEXBAR register.
|
||||
#
|
||||
# On Q35 machine types that QEMU intends to support in the long term, QEMU
|
||||
- # never lets the RAM below 4 GB exceed 2 GB.
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
|
||||
+ # never lets the RAM below 4 GB exceed 2816 MB.
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 3ec1b91..5a24065 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -502,8 +502,8 @@
|
||||
# the PCIEXBAR register.
|
||||
#
|
||||
# On Q35 machine types that QEMU intends to support in the long term, QEMU
|
||||
- # never lets the RAM below 4 GB exceed 2 GB.
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
|
||||
+ # never lets the RAM below 4 GB exceed 2816 MB.
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index ea54b4b..6ab50c9 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -502,8 +502,8 @@
|
||||
# the PCIEXBAR register.
|
||||
#
|
||||
# On Q35 machine types that QEMU intends to support in the long term, QEMU
|
||||
- # never lets the RAM below 4 GB exceed 2 GB.
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
|
||||
+ # never lets the RAM below 4 GB exceed 2816 MB.
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
|
||||
|
||||
!ifdef $(SOURCE_DEBUG_ENABLE)
|
||||
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/bin/python
|
||||
#!/bin/python3
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Authors:
|
||||
# - Patrick Uiterwijk <puiterwijk@redhat.com>
|
||||
@ -32,13 +32,23 @@ def generate_qemu_cmd(args, readonly, *extra_args):
|
||||
else:
|
||||
machinetype = 'q35,smm=on'
|
||||
machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg')
|
||||
|
||||
if args.oem_string is None:
|
||||
oemstrings = []
|
||||
else:
|
||||
oemstring_values = [
|
||||
",value=" + s.replace(",", ",,") for s in args.oem_string ]
|
||||
oemstrings = [
|
||||
'-smbios',
|
||||
"type=11" + ''.join(oemstring_values) ]
|
||||
|
||||
return [
|
||||
args.qemu_binary,
|
||||
'-machine', machinetype,
|
||||
'-display', 'none',
|
||||
'-no-user-config',
|
||||
'-nodefaults',
|
||||
'-m', '256',
|
||||
'-m', '768',
|
||||
'-smp', '2,sockets=2,cores=1,threads=1',
|
||||
'-chardev', 'pty,id=charserial1',
|
||||
'-device', 'isa-serial,chardev=charserial1,id=serial1',
|
||||
@ -50,7 +60,7 @@ def generate_qemu_cmd(args, readonly, *extra_args):
|
||||
'-drive',
|
||||
'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % (
|
||||
args.out_temp, 'on' if readonly else 'off'),
|
||||
'-serial', 'stdio'] + list(extra_args)
|
||||
'-serial', 'stdio'] + oemstrings + list(extra_args)
|
||||
|
||||
|
||||
def download(url, target, suffix, no_download):
|
||||
@ -98,6 +108,10 @@ def enroll_keys(args):
|
||||
read = p.stdout.readline()
|
||||
if b'char device redirected' in read:
|
||||
read = p.stdout.readline()
|
||||
# Skip passed QEMU warnings, like the following one we see in Ubuntu:
|
||||
# qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
|
||||
while b'qemu-system-x86_64: warning:' in read:
|
||||
read = p.stdout.readline()
|
||||
if args.print_output:
|
||||
print(strip_special(read), end='')
|
||||
print()
|
||||
@ -213,6 +227,14 @@ def parse_args():
|
||||
'used for testing, could undermine Secure '
|
||||
'Boot.'),
|
||||
action='store_true')
|
||||
parser.add_argument('--oem-string',
|
||||
help=('Pass the argument to the guest as a string in '
|
||||
'the SMBIOS Type 11 (OEM Strings) table. '
|
||||
'Multiple occurrences of this option are '
|
||||
'collected into a single SMBIOS Type 11 table. '
|
||||
'A pure ASCII string argument is strongly '
|
||||
'suggested.'),
|
||||
action='append')
|
||||
args = parser.parse_args()
|
||||
args.kernel_url = args.kernel_url % {'version': args.fedora_version}
|
||||
|
||||
|
155
SPECS/edk2.spec
155
SPECS/edk2.spec
@ -1,16 +1,16 @@
|
||||
ExclusiveArch: x86_64 aarch64
|
||||
|
||||
%define GITDATE 20190308
|
||||
%define GITCOMMIT 89910a39dcfd
|
||||
%define GITDATE 20190829
|
||||
%define GITCOMMIT 37eef91017ad
|
||||
%define TOOLCHAIN GCC5
|
||||
%define OPENSSL_VER 1.1.0i
|
||||
%define OPENSSL_VER 1.1.1c
|
||||
|
||||
Name: edk2
|
||||
Version: %{GITDATE}git%{GITCOMMIT}
|
||||
Release: 4%{?dist}
|
||||
Summary: UEFI firmware for 64-bit virtual machines
|
||||
Group: Applications/Emulators
|
||||
License: BSD and OpenSSL and MIT
|
||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||
URL: http://www.tianocore.org
|
||||
|
||||
# The source tarball is created using following commands:
|
||||
@ -19,37 +19,52 @@ URL: http://www.tianocore.org
|
||||
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
||||
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
|
||||
Source1: ovmf-whitepaper-c770f8c.txt
|
||||
Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
|
||||
Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
Source3: ovmf-vars-generator
|
||||
Source4: LICENSE.qosb
|
||||
Source5: RedHatSecureBootPkKek1.pem
|
||||
|
||||
Source10: edk2-aarch64-verbose.json
|
||||
Source11: edk2-aarch64.json
|
||||
Source12: edk2-ovmf-sb.json
|
||||
Source13: edk2-ovmf.json
|
||||
|
||||
Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
|
||||
Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
|
||||
Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
|
||||
Patch0006: 0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
|
||||
Patch0007: 0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
||||
Patch0008: 0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
||||
Patch0009: 0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
|
||||
Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
|
||||
Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
|
||||
Patch0012: 0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
|
||||
Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
|
||||
Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
|
||||
Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
|
||||
Patch0016: 0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
|
||||
Patch0017: 0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
|
||||
Patch0018: 0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
|
||||
Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
|
||||
Patch0026: 0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
|
||||
# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
|
||||
Patch27: edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
|
||||
# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
|
||||
Patch28: edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
|
||||
Patch0001: 0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch
|
||||
Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
|
||||
Patch0006: 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
|
||||
Patch0007: 0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
|
||||
Patch0008: 0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
|
||||
Patch0009: 0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
|
||||
Patch0010: 0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
|
||||
Patch0011: 0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
|
||||
Patch0012: 0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
|
||||
Patch0013: 0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
|
||||
Patch0014: 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
|
||||
Patch0015: 0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
|
||||
Patch0016: 0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
|
||||
Patch0017: 0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
|
||||
Patch0018: 0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
|
||||
Patch0019: 0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
|
||||
Patch0020: 0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
|
||||
Patch0021: 0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
|
||||
Patch0022: 0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
|
||||
Patch0033: 0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch34: edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch35: edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch36: edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch37: edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch38: edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch39: edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch40: edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch
|
||||
# For bz#1536624 - HTTPS enablement in OVMF
|
||||
Patch41: edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch
|
||||
|
||||
|
||||
# python3-devel and libuuid-devel are required for building tools.
|
||||
@ -72,11 +87,11 @@ BuildRequires: genisoimage
|
||||
|
||||
# For generating the variable store template with the default certificates
|
||||
# enrolled, we need qemu-kvm.
|
||||
BuildRequires: qemu-kvm
|
||||
BuildRequires: qemu-kvm >= 2.12.0-89
|
||||
|
||||
# For verifying SB enablement in the above variable store template, we need a
|
||||
# guest kernel that prints "Secure boot enabled".
|
||||
BuildRequires: kernel-core
|
||||
BuildRequires: kernel-core >= 4.18.0-161
|
||||
BuildRequires: rpmdevtools
|
||||
|
||||
%package ovmf
|
||||
@ -88,7 +103,7 @@ Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
|
||||
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
|
||||
# library.
|
||||
Provides: bundled(openssl) = %{OPENSSL_VER}
|
||||
License: BSD and OpenSSL
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
|
||||
# URL taken from the Maintainers.txt file.
|
||||
URL: http://www.tianocore.org/ovmf/
|
||||
@ -107,7 +122,7 @@ Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
|
||||
|
||||
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
|
||||
Provides: bundled(openssl) = %{OPENSSL_VER}
|
||||
License: BSD and OpenSSL
|
||||
License: BSD-2-Clause-Patent and OpenSSL
|
||||
|
||||
# URL taken from the Maintainers.txt file.
|
||||
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
|
||||
@ -121,7 +136,7 @@ package contains a 64-bit build.
|
||||
%package tools
|
||||
Summary: EFI Development Kit II Tools
|
||||
Group: Development/Tools
|
||||
License: BSD
|
||||
License: BSD-2-Clause-Patent
|
||||
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
|
||||
%description tools
|
||||
This package provides tools that are needed to
|
||||
@ -131,7 +146,7 @@ build EFI executables and ROMs using the GNU tools.
|
||||
Summary: Documentation for EFI Development Kit II Tools
|
||||
Group: Development/Tools
|
||||
BuildArch: noarch
|
||||
License: BSD
|
||||
License: BSD-2-Clause-Patent
|
||||
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
|
||||
%description tools-doc
|
||||
This package documents the tools that are needed to
|
||||
@ -145,9 +160,6 @@ environment for the UEFI and PI specifications. This package contains sample
|
||||
%prep
|
||||
%setup -q -n edk2-%{GITCOMMIT}
|
||||
|
||||
# Ensure binary packages are not used
|
||||
rm -rf ShellBinPkg
|
||||
|
||||
%{lua:
|
||||
tmp = os.tmpname();
|
||||
f = io.open(tmp, "w+");
|
||||
@ -187,6 +199,18 @@ cp -a -- %{SOURCE1} %{SOURCE3} .
|
||||
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
|
||||
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
|
||||
|
||||
# Format the Red Hat-issued certificate that is to be enrolled as both Platform
|
||||
# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping
|
||||
# the PEM header and footer, and prepending the textual representation of the
|
||||
# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi",
|
||||
# plus the separator ":". For details, see
|
||||
# <https://bugzilla.tianocore.org/show_bug.cgi?id=1747> comments 2, 7, 14.
|
||||
sed \
|
||||
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
|
||||
-e '/^-----END CERTIFICATE-----$/d' \
|
||||
%{SOURCE5} \
|
||||
> PkKek1.oemstr
|
||||
|
||||
# Done by %setup, but we do not use it for the auxiliary tarballs
|
||||
chmod -Rf a+rX,u+w,g-w,o-w .
|
||||
|
||||
@ -206,15 +230,17 @@ fi
|
||||
|
||||
CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
|
||||
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
|
||||
CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE"
|
||||
|
||||
%ifarch x86_64
|
||||
# Build with neither SB nor SMM; include UEFI shell.
|
||||
build ${CC_FLAGS} -D FD_SIZE_4MB -a X64 -p OvmfPkg/OvmfPkgX64.dsc
|
||||
build ${CC_FLAGS} -D TPM2_ENABLE -D FD_SIZE_4MB -a X64 \
|
||||
-p OvmfPkg/OvmfPkgX64.dsc
|
||||
|
||||
# Build with SB and SMM; exclude UEFI shell.
|
||||
build -D SECURE_BOOT_ENABLE -D EXCLUDE_SHELL_FROM_FD ${CC_FLAGS} \
|
||||
-a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc -D SMM_REQUIRE \
|
||||
-D FD_SIZE_4MB
|
||||
-D TPM2_ENABLE -D FD_SIZE_4MB
|
||||
|
||||
# Sanity check: the varstore templates must be identical.
|
||||
cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
||||
@ -260,6 +286,7 @@ cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
||||
--ovmf-binary Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
|
||||
--ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
|
||||
--uefi-shell-iso UefiShell.iso \
|
||||
--oem-string "$(< PkKek1.oemstr)" \
|
||||
--skip-testing \
|
||||
OVMF_VARS.secboot.fd
|
||||
|
||||
@ -279,7 +306,7 @@ build ${CC_FLAGS} -a AARCH64 \
|
||||
|
||||
%install
|
||||
|
||||
cp -a License.txt License.edk2.txt
|
||||
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
|
||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware
|
||||
|
||||
%ifarch x86_64
|
||||
@ -388,8 +415,9 @@ install BaseTools/Scripts/GccBase.lds \
|
||||
%endif
|
||||
|
||||
%defattr(-,root,root,-)
|
||||
%license License.edk2.txt
|
||||
%license OvmfPkg/License.txt
|
||||
%license License.txt
|
||||
%license License.OvmfPkg.txt
|
||||
%license License-History.txt
|
||||
%license LICENSE.openssl
|
||||
%dir %{_datadir}/%{name}/
|
||||
%dir %{_datadir}/qemu
|
||||
@ -435,6 +463,7 @@ install BaseTools/Scripts/GccBase.lds \
|
||||
|
||||
%files tools
|
||||
%license License.txt
|
||||
%license License-History.txt
|
||||
%{_bindir}/Brotli
|
||||
%{_bindir}/DevicePath
|
||||
%{_bindir}/EfiRom
|
||||
@ -481,6 +510,47 @@ true
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Dec 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-4.el8
|
||||
- edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301]
|
||||
- edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301]
|
||||
- Resolves: bz#1778301
|
||||
(re-enable Secure Boot (varstore template) verification in %check)
|
||||
|
||||
* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-3.el8
|
||||
- Update used openssl version [bz#1616029]
|
||||
- Resolves: bz#1616029
|
||||
(rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1)
|
||||
|
||||
* Mon Dec 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-2.el8
|
||||
- edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624]
|
||||
- edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624]
|
||||
- edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624]
|
||||
- edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624]
|
||||
- edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624]
|
||||
- edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624]
|
||||
- edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624]
|
||||
- edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624]
|
||||
- edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624]
|
||||
- Resolves: bz#1536624
|
||||
(HTTPS enablement in OVMF)
|
||||
|
||||
* Fri Nov 29 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-1.el8
|
||||
- Rebase to edk2-stable201908 [bz#1748180]
|
||||
- Resolves: bz#1748180
|
||||
((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2)
|
||||
|
||||
* Mon Aug 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-6.el8
|
||||
- edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch [bz#1714446]
|
||||
- edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch [bz#1714446]
|
||||
- edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch [bz#1714446]
|
||||
- Resolves: bz#1714446
|
||||
(edk2-aarch64 silent build is not silent enough)
|
||||
|
||||
* Tue Jul 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-5.el8
|
||||
- edk2-redhat-add-D-TPM2_ENABLE-to-the-edk2-ovmf-build-flag.patch [bz#1693205]
|
||||
- Resolves: bz#1693205
|
||||
(edk2: Enable TPM2 support)
|
||||
|
||||
* Tue Jun 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-4.el8
|
||||
- edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch [bz#1666941]
|
||||
- edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch [bz#1666941]
|
||||
@ -492,9 +562,6 @@ true
|
||||
- Resolves: bz#1600230
|
||||
([RHEL 8.1] RFE: provide firmware descriptor meta-files for the edk2-ovmf and edk2-aarch64 firmware images)
|
||||
|
||||
* Mon Apr 08 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20190308git89910a39dcfd-1.el8
|
||||
- Rebase to edk2-20190308git89910a39dcfd
|
||||
|
||||
* Mon Jan 21 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20180508gitee3198e672e2-9.el8
|
||||
- edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1662184]
|
||||
- edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch [bz#1662184]
|
||||
|
Loading…
Reference in New Issue
Block a user