rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import edk2-20190829git37eef91017ad-4.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 17:39:26 -05:00 committed by Stepan Oksanichenko
parent 97ad98022c
commit 874f8aa2b8
37 changed files with 2622 additions and 1915 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.edk2.metadata
View File

@ -1,2 +1,2 @@
87a87bbfca0e751b2840f74b0612e2f0dad70535 SOURCES/edk2-89910a39dcfd.tar.xz
f0655dec5d8d815956bab417fcdb25e6da7e21b8 SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
c7ca6a13a5f9e7fe8071010c26a11ba41548308b SOURCES/edk2-37eef91017ad.tar.xz
cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/edk2-89910a39dcfd.tar.xz
SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
SOURCES/edk2-37eef91017ad.tar.xz
SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz

668
SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch Normal file
View File

@ -0,0 +1,668 @@
From ac1a0b44df858e53be9e8af499e80a459f0cef16 Mon Sep 17 00:00:00 2001
From: Shenglei Zhang <shenglei.zhang@intel.com>
Date: Tue, 29 Oct 2019 15:43:11 +0000
Subject: CryptoPkg/OpensslLib: Update process_files.pl to generate .h files
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- New patch (cherry-picked from upstream, to be dropped at the next
downstream rebase).
- Upstream moved to OpenSSL_1.1.1b (for TianoCore#1089) in release
edk2-stable201905. As part of that OpenSSL update, "OpensslLib.inf" and
"OpensslLibCrypto.inf" failed to list some new header files.
- As a part of edk2-stable201908, commit 8906f076de35
("CryptoPkg/OpensslLib: Add missing header files in INF file",
2019-08-16) fixed up "OpensslLib.inf" and "OpensslLibCrypto.inf" with
the missing header files, but did so manually.
- The present patch (which is going to be released in edk2-stable201911)
updates "process_files.pl" to list the subject header files
automatically.
- This patch is being backported primarily in order to keep further
backports for the modified files conflict-free. It might also come in
handy once we adopt RHEL8's own OpenSSL version (in case we have to
re-run "process_files.pl" ourselves).
There are missing headers added into INF files at 8906f076de35b222a..
They are now manually added but not auto-generated. So we update the
perl script to enable this feature.
Meanwhile, update the order of the .h files in INF files, which are
auto-generated now.
https://bugzilla.tianocore.org/show_bug.cgi?id=2085
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
(cherry picked from commit 9f4fbd56d43054cc73d722c1643659f9741c0fcf)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 103 +++++++++---------
.../Library/OpensslLib/OpensslLibCrypto.inf | 96 ++++++++--------
CryptoPkg/Library/OpensslLib/process_files.pl | 28 +++++
3 files changed, 129 insertions(+), 98 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 7432321fd4..dd873a0dcd 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -34,9 +34,7 @@
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
$(OPENSSL_PATH)/crypto/aria/aria.c
- $(OPENSSL_PATH)/crypto/arm_arch.h
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
@@ -101,21 +99,12 @@
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
$(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
$(OPENSSL_PATH)/crypto/async/async.c
$(OPENSSL_PATH)/crypto/async/async_err.c
$(OPENSSL_PATH)/crypto/async/async_wait.c
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
- $(OPENSSL_PATH)/crypto/async/async_locl.h
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
$(OPENSSL_PATH)/crypto/bio/b_addr.c
$(OPENSSL_PATH)/crypto/bio/b_dump.c
$(OPENSSL_PATH)/crypto/bio/b_sock.c
@@ -138,7 +127,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
@@ -170,9 +158,6 @@
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
$(OPENSSL_PATH)/crypto/bn/bn_word.c
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
@@ -181,7 +166,6 @@
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_api.c
$(OPENSSL_PATH)/crypto/conf/conf_def.c
$(OPENSSL_PATH)/crypto/conf/conf_err.c
@@ -190,8 +174,6 @@
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
@@ -215,8 +197,6 @@
$(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/str2key.c
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/spr.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -231,7 +211,6 @@
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
$(OPENSSL_PATH)/crypto/dso/dso_err.c
@@ -239,7 +218,6 @@
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
@@ -304,13 +282,11 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/ex_data.c
$(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/init.c
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
@@ -318,13 +294,10 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/mem.c
$(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
@@ -339,7 +312,6 @@
$(OPENSSL_PATH)/crypto/modes/ofb128.c
$(OPENSSL_PATH)/crypto/modes/wrap128.c
$(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/o_dir.c
$(OPENSSL_PATH)/crypto/o_fips.c
$(OPENSSL_PATH)/crypto/o_fopen.c
@@ -351,9 +323,6 @@
$(OPENSSL_PATH)/crypto/objects/obj_err.c
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
@@ -364,7 +333,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pem/pem_all.c
$(OPENSSL_PATH)/crypto/pem/pem_err.c
$(OPENSSL_PATH)/crypto/pem/pem_info.c
@@ -392,7 +360,6 @@
$(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
$(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
$(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
$(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
@@ -401,7 +368,6 @@
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/ppc_arch.h
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
@@ -410,10 +376,8 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -436,24 +400,18 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
- $(OPENSSL_PATH)/crypto/s390x_arch.h
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
$(OPENSSL_PATH)/crypto/sm4/sm4.c
$(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/threads_none.c
$(OPENSSL_PATH)/crypto/threads_pthread.c
$(OPENSSL_PATH)/crypto/threads_win.c
@@ -463,8 +421,6 @@
$(OPENSSL_PATH)/crypto/ui/ui_null.c
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
$(OPENSSL_PATH)/crypto/ui/ui_util.c
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
- $(OPENSSL_PATH)/crypto/vms_rms.h
$(OPENSSL_PATH)/crypto/uid.c
$(OPENSSL_PATH)/crypto/x509/by_dir.c
$(OPENSSL_PATH)/crypto/x509/by_file.c
@@ -502,7 +458,6 @@
$(OPENSSL_PATH)/crypto/x509/x_req.c
$(OPENSSL_PATH)/crypto/x509/x_x509.c
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
@@ -540,11 +495,57 @@
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+ $(OPENSSL_PATH)/crypto/arm_arch.h
+ $(OPENSSL_PATH)/crypto/mips_arch.h
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
+ $(OPENSSL_PATH)/crypto/vms_rms.h
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
+ $(OPENSSL_PATH)/crypto/des/spr.h
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
- $(OPENSSL_PATH)/ms/uplink.h
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
$(OPENSSL_PATH)/ssl/bio_ssl.c
$(OPENSSL_PATH)/ssl/d1_lib.c
$(OPENSSL_PATH)/ssl/d1_msg.c
@@ -589,13 +590,13 @@
$(OPENSSL_PATH)/ssl/t1_trce.c
$(OPENSSL_PATH)/ssl/tls13_enc.c
$(OPENSSL_PATH)/ssl/tls_srp.c
- $(OPENSSL_PATH)/ssl/record/record_locl.h
$(OPENSSL_PATH)/ssl/statem/statem.h
$(OPENSSL_PATH)/ssl/statem/statem_locl.h
+ $(OPENSSL_PATH)/ssl/packet_locl.h
+ $(OPENSSL_PATH)/ssl/ssl_cert_table.h
$(OPENSSL_PATH)/ssl/ssl_locl.h
$(OPENSSL_PATH)/ssl/record/record.h
- $(OPENSSL_PATH)/ssl/ssl_cert_table.h
- $(OPENSSL_PATH)/ssl/packet_locl.h
+ $(OPENSSL_PATH)/ssl/record/record_locl.h
# Autogenerated files list ends here
ossl_store.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index 8134b45eda..a1bb560255 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -33,9 +33,7 @@
$(OPENSSL_PATH)/crypto/aes/aes_misc.c
$(OPENSSL_PATH)/crypto/aes/aes_ofb.c
$(OPENSSL_PATH)/crypto/aes/aes_wrap.c
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
$(OPENSSL_PATH)/crypto/aria/aria.c
- $(OPENSSL_PATH)/crypto/arm_arch.h
$(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
$(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
$(OPENSSL_PATH)/crypto/asn1/a_digest.c
@@ -100,21 +98,12 @@
$(OPENSSL_PATH)/crypto/asn1/x_sig.c
$(OPENSSL_PATH)/crypto/asn1/x_spki.c
$(OPENSSL_PATH)/crypto/asn1/x_val.c
- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
- $(OPENSSL_PATH)/crypto/asn1/charmap.h
- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
$(OPENSSL_PATH)/crypto/async/arch/async_null.c
$(OPENSSL_PATH)/crypto/async/arch/async_posix.c
$(OPENSSL_PATH)/crypto/async/arch/async_win.c
- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
- $(OPENSSL_PATH)/crypto/async/arch/async_null.h
- $(OPENSSL_PATH)/crypto/async/arch/async_win.h
$(OPENSSL_PATH)/crypto/async/async.c
$(OPENSSL_PATH)/crypto/async/async_err.c
$(OPENSSL_PATH)/crypto/async/async_wait.c
- $(OPENSSL_PATH)/crypto/async/async_locl.h
$(OPENSSL_PATH)/crypto/bio/b_addr.c
$(OPENSSL_PATH)/crypto/bio/b_dump.c
$(OPENSSL_PATH)/crypto/bio/b_sock.c
@@ -137,7 +126,6 @@
$(OPENSSL_PATH)/crypto/bio/bss_mem.c
$(OPENSSL_PATH)/crypto/bio/bss_null.c
$(OPENSSL_PATH)/crypto/bio/bss_sock.c
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
$(OPENSSL_PATH)/crypto/bn/bn_add.c
$(OPENSSL_PATH)/crypto/bn/bn_asm.c
$(OPENSSL_PATH)/crypto/bn/bn_blind.c
@@ -169,9 +157,6 @@
$(OPENSSL_PATH)/crypto/bn/bn_srp.c
$(OPENSSL_PATH)/crypto/bn/bn_word.c
$(OPENSSL_PATH)/crypto/bn/bn_x931p.c
- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
- $(OPENSSL_PATH)/crypto/bn/bn_prime.h
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
$(OPENSSL_PATH)/crypto/buffer/buf_err.c
$(OPENSSL_PATH)/crypto/buffer/buffer.c
$(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
@@ -180,7 +165,6 @@
$(OPENSSL_PATH)/crypto/comp/c_zlib.c
$(OPENSSL_PATH)/crypto/comp/comp_err.c
$(OPENSSL_PATH)/crypto/comp/comp_lib.c
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
$(OPENSSL_PATH)/crypto/conf/conf_api.c
$(OPENSSL_PATH)/crypto/conf/conf_def.c
$(OPENSSL_PATH)/crypto/conf/conf_err.c
@@ -189,8 +173,6 @@
$(OPENSSL_PATH)/crypto/conf/conf_mod.c
$(OPENSSL_PATH)/crypto/conf/conf_sap.c
$(OPENSSL_PATH)/crypto/conf/conf_ssl.c
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
- $(OPENSSL_PATH)/crypto/conf/conf_def.h
$(OPENSSL_PATH)/crypto/cpt_err.c
$(OPENSSL_PATH)/crypto/cryptlib.c
$(OPENSSL_PATH)/crypto/ctype.c
@@ -214,8 +196,6 @@
$(OPENSSL_PATH)/crypto/des/set_key.c
$(OPENSSL_PATH)/crypto/des/str2key.c
$(OPENSSL_PATH)/crypto/des/xcbc_enc.c
- $(OPENSSL_PATH)/crypto/des/spr.h
- $(OPENSSL_PATH)/crypto/des/des_locl.h
$(OPENSSL_PATH)/crypto/dh/dh_ameth.c
$(OPENSSL_PATH)/crypto/dh/dh_asn1.c
$(OPENSSL_PATH)/crypto/dh/dh_check.c
@@ -230,7 +210,6 @@
$(OPENSSL_PATH)/crypto/dh/dh_prn.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
$(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
$(OPENSSL_PATH)/crypto/dso/dso_dl.c
$(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
$(OPENSSL_PATH)/crypto/dso/dso_err.c
@@ -238,7 +217,6 @@
$(OPENSSL_PATH)/crypto/dso/dso_openssl.c
$(OPENSSL_PATH)/crypto/dso/dso_vms.c
$(OPENSSL_PATH)/crypto/dso/dso_win32.c
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
$(OPENSSL_PATH)/crypto/ebcdic.c
$(OPENSSL_PATH)/crypto/err/err.c
$(OPENSSL_PATH)/crypto/err/err_prn.c
@@ -280,7 +258,6 @@
$(OPENSSL_PATH)/crypto/evp/evp_pkey.c
$(OPENSSL_PATH)/crypto/evp/m_md2.c
$(OPENSSL_PATH)/crypto/evp/m_md4.c
- $(OPENSSL_PATH)/crypto/md4/md4_locl.h
$(OPENSSL_PATH)/crypto/evp/m_md5.c
$(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
$(OPENSSL_PATH)/crypto/evp/m_mdc2.c
@@ -304,13 +281,11 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
$(OPENSSL_PATH)/crypto/ex_data.c
$(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
$(OPENSSL_PATH)/crypto/init.c
$(OPENSSL_PATH)/crypto/kdf/hkdf.c
$(OPENSSL_PATH)/crypto/kdf/kdf_err.c
@@ -318,12 +293,10 @@
$(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
$(OPENSSL_PATH)/crypto/lhash/lh_stats.c
$(OPENSSL_PATH)/crypto/lhash/lhash.c
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
$(OPENSSL_PATH)/crypto/md4/md4_dgst.c
$(OPENSSL_PATH)/crypto/md4/md4_one.c
$(OPENSSL_PATH)/crypto/md5/md5_dgst.c
$(OPENSSL_PATH)/crypto/md5/md5_one.c
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
$(OPENSSL_PATH)/crypto/mem.c
$(OPENSSL_PATH)/crypto/mem_clr.c
$(OPENSSL_PATH)/crypto/mem_dbg.c
@@ -338,7 +311,6 @@
$(OPENSSL_PATH)/crypto/modes/ofb128.c
$(OPENSSL_PATH)/crypto/modes/wrap128.c
$(OPENSSL_PATH)/crypto/modes/xts128.c
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
$(OPENSSL_PATH)/crypto/o_dir.c
$(OPENSSL_PATH)/crypto/o_fips.c
$(OPENSSL_PATH)/crypto/o_fopen.c
@@ -350,9 +322,6 @@
$(OPENSSL_PATH)/crypto/objects/obj_err.c
$(OPENSSL_PATH)/crypto/objects/obj_lib.c
$(OPENSSL_PATH)/crypto/objects/obj_xref.c
- $(OPENSSL_PATH)/crypto/objects/obj_dat.h
- $(OPENSSL_PATH)/crypto/objects/obj_xref.h
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
$(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
@@ -363,7 +332,6 @@
$(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
$(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
$(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
$(OPENSSL_PATH)/crypto/pem/pem_all.c
$(OPENSSL_PATH)/crypto/pem/pem_err.c
$(OPENSSL_PATH)/crypto/pem/pem_info.c
@@ -399,8 +367,6 @@
$(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
$(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
$(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
- $(OPENSSL_PATH)/crypto/ppc_arch.h
$(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
$(OPENSSL_PATH)/crypto/rand/drbg_lib.c
$(OPENSSL_PATH)/crypto/rand/rand_egd.c
@@ -409,10 +375,8 @@
$(OPENSSL_PATH)/crypto/rand/rand_unix.c
$(OPENSSL_PATH)/crypto/rand/rand_vms.c
$(OPENSSL_PATH)/crypto/rand/rand_win.c
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
$(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
$(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
$(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
$(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
$(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
@@ -435,24 +399,18 @@
$(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
$(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
$(OPENSSL_PATH)/crypto/sha/keccak1600.c
$(OPENSSL_PATH)/crypto/sha/sha1_one.c
$(OPENSSL_PATH)/crypto/sha/sha1dgst.c
$(OPENSSL_PATH)/crypto/sha/sha256.c
$(OPENSSL_PATH)/crypto/sha/sha512.c
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
$(OPENSSL_PATH)/crypto/siphash/siphash.c
$(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
$(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
$(OPENSSL_PATH)/crypto/sm3/m_sm3.c
$(OPENSSL_PATH)/crypto/sm3/sm3.c
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
$(OPENSSL_PATH)/crypto/sm4/sm4.c
$(OPENSSL_PATH)/crypto/stack/stack.c
- $(OPENSSL_PATH)/crypto/s390x_arch.h
- $(OPENSSL_PATH)/crypto/sparc_arch.h
$(OPENSSL_PATH)/crypto/threads_none.c
$(OPENSSL_PATH)/crypto/threads_pthread.c
$(OPENSSL_PATH)/crypto/threads_win.c
@@ -462,9 +420,7 @@
$(OPENSSL_PATH)/crypto/ui/ui_null.c
$(OPENSSL_PATH)/crypto/ui/ui_openssl.c
$(OPENSSL_PATH)/crypto/ui/ui_util.c
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
$(OPENSSL_PATH)/crypto/uid.c
- $(OPENSSL_PATH)/crypto/vms_rms.h
$(OPENSSL_PATH)/crypto/x509/by_dir.c
$(OPENSSL_PATH)/crypto/x509/by_file.c
$(OPENSSL_PATH)/crypto/x509/t_crl.c
@@ -501,7 +457,6 @@
$(OPENSSL_PATH)/crypto/x509/x_req.c
$(OPENSSL_PATH)/crypto/x509/x_x509.c
$(OPENSSL_PATH)/crypto/x509/x_x509a.c
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
$(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
$(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
$(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
@@ -539,10 +494,57 @@
$(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
$(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
$(OPENSSL_PATH)/crypto/x509v3/v3err.c
+ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+ $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+ $(OPENSSL_PATH)/crypto/conf/conf_def.h
+ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+ $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+ $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+ $(OPENSSL_PATH)/crypto/store/store_locl.h
+ $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+ $(OPENSSL_PATH)/crypto/arm_arch.h
+ $(OPENSSL_PATH)/crypto/mips_arch.h
+ $(OPENSSL_PATH)/crypto/ppc_arch.h
+ $(OPENSSL_PATH)/crypto/s390x_arch.h
+ $(OPENSSL_PATH)/crypto/sparc_arch.h
+ $(OPENSSL_PATH)/crypto/vms_rms.h
+ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+ $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+ $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+ $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+ $(OPENSSL_PATH)/crypto/asn1/charmap.h
+ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+ $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+ $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+ $(OPENSSL_PATH)/crypto/des/des_locl.h
+ $(OPENSSL_PATH)/crypto/des/spr.h
+ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+ $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+ $(OPENSSL_PATH)/crypto/async/async_locl.h
+ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
$(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
+ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+ $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+ $(OPENSSL_PATH)/crypto/objects/obj_xref.h
# Autogenerated files list ends here
buildinf.h
rand_pool_noise.h
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index e13c0acb4d..4fe54cd808 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -144,6 +144,34 @@ foreach my $product ((@{$unified_info{libraries}},
}
}
+
+#
+# Update the perl script to generate the missing header files
+#
+my @dir_list = ();
+for (keys %{$unified_info{dirinfo}}){
+ push @dir_list,$_;
+}
+
+my $dir = getcwd();
+my @files = ();
+my @headers = ();
+chdir ("openssl");
+foreach(@dir_list){
+ @files = glob($_."/*.h");
+ push @headers, @files;
+}
+chdir ($dir);
+
+foreach (@headers){
+ if(/ssl/){
+ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
+ next;
+ }
+ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n";
+}
+
+
#
# Update OpensslLib.inf with autogenerated file list
#
--
2.18.1

159
SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch Normal file
View File

@ -0,0 +1,159 @@
From bbda3f776bfcdbcb77b82f1f7fd5dafd798d9784 Mon Sep 17 00:00:00 2001
From: Shenglei Zhang <shenglei.zhang@intel.com>
Date: Mon, 21 Oct 2019 15:53:42 +0800
Subject: CryptoPkg: Upgrade OpenSSL to 1.1.1d
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- New patch (cherry-picked from upstream, to be dropped at the next
downstream rebase).
- Upstream OpenSSL-1.1.1c contains commit 5fba3afad017 ("Rework DSO API
conditions and configuration option", 2019-04-10). This upstream OpenSSL
change requires edk2 to #define DSO_NONE explicitly.
- The present patch (which is going to be released in edk2-stable201911)
updates "process_files.pl" to generate "dso_conf.h" with the above
macro, and captures the result (i.e. the actual definition of the macro)
in the git tree.
- This patch is being backported primarily for the DSO_NONE macro (OpenSSL
in RHEL-8.2.0 is based on OpenSSL-1.1.1c). The patch could also come in
handy in case we have to re-run "process_files.pl" ourselves.
Upgrade openssl from 1.1.1b to 1.1.1d.
Something needs to be noticed is that, there is a bug existing in the
released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596),
which causes build failure. So we switch the code base to a usable
version, which is 2 commits later than the stable tag.
Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc.
This log is to fix the build failure.
https://bugzilla.tianocore.org/show_bug.cgi?id=2226
Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure
in OvmfPkg. So update process_files.pl to generate information from
"crypto/include/internal/dso_conf.h.in".
shm.h and utsname.h are added to avoid GCC build failure.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 1bcc65b9a1408cf445b7b3f9499b27d9c235db71)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
CryptoPkg/Library/Include/internal/dso_conf.h | 16 ++++++++++++++++
CryptoPkg/Library/Include/sys/shm.h | 9 +++++++++
CryptoPkg/Library/Include/sys/utsname.h | 9 +++++++++
CryptoPkg/Library/OpensslLib/openssl | 2 +-
CryptoPkg/Library/OpensslLib/process_files.pl | 17 +++++++++++++++--
5 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 CryptoPkg/Library/Include/sys/shm.h
create mode 100644 CryptoPkg/Library/Include/sys/utsname.h
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/internal/dso_conf.h
index e69de29bb2..43c891588b 100644
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
+++ b/CryptoPkg/Library/Include/internal/dso_conf.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated from crypto/include/internal/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSO_CONF_H
+# define HEADER_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/CryptoPkg/Library/Include/sys/shm.h b/CryptoPkg/Library/Include/sys/shm.h
new file mode 100644
index 0000000000..dc0b8e81c8
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/shm.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/sys/utsname.h b/CryptoPkg/Library/Include/sys/utsname.h
new file mode 100644
index 0000000000..dc0b8e81c8
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/utsname.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
index 4fe54cd808..bbcfa0d0e7 100755
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
@@ -2,7 +2,7 @@
#
# This script runs the OpenSSL Configure script, then processes the
# resulting file list into our local OpensslLib[Crypto].inf and also
-# takes a copy of opensslconf.h.
+# takes copies of opensslconf.h and dso_conf.h.
#
# This only needs to be done once by a developer when updating to a
# new version of OpenSSL (or changing options, etc.). Normal users
@@ -106,6 +106,14 @@ BEGIN {
) == 0 ||
die "Failed to generate opensslconf.h!\n";
+ # Generate dso_conf.h per config data
+ system(
+ "perl -I. -Mconfigdata util/dofile.pl " .
+ "crypto/include/internal/dso_conf.h.in " .
+ "> include/internal/dso_conf.h"
+ ) == 0 ||
+ die "Failed to generate dso_conf.h!\n";
+
chdir($basedir) ||
die "Cannot change to base directory \"" . $basedir . "\"";
@@ -249,12 +257,17 @@ rename( $new_inf_file, $inf_file ) ||
print "Done!";
#
-# Copy opensslconf.h generated from OpenSSL Configuration
+# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
#
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
$OPENSSL_PATH . "/../../Include/openssl/") ||
die "Cannot copy opensslconf.h!";
+print "Done!";
+print "\n--> Duplicating dso_conf.h into Include/internal ... ";
+copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
+ $OPENSSL_PATH . "/../../Include/internal/") ||
+ die "Cannot copy dso_conf.h!";
print "Done!\n";
print "\nProcessing Files Done!\n";
--
2.18.1

57
SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch → SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
View File

@ -1,8 +1,19 @@
From 727c11ecd9f34990312e14f239e6238693619849 Mon Sep 17 00:00:00 2001
From 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 11 Jun 2014 23:33:33 +0200
Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- trivial context update (performed silently by git-cherry-pick) for
upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume
CSM components in OvmfPkg", 2019-06-14)
- A note for the future: the logo could change completely in a subsequent
rebase. See <https://bugzilla.tianocore.org/show_bug.cgi?id=2050> (in
CONFIRMED status at the time of writing).
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -123,7 +134,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
---
ArmVirtPkg/ArmVirtQemu.dsc | 2 +-
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
@ -145,10 +156,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index a77d71bcea..f2e5125494 100644
index 7ae6702ac1..a3cc3f26ec 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -347,7 +347,7 @@
@@ -364,7 +364,7 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@ -158,10 +169,10 @@ index a77d71bcea..f2e5125494 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 098d40b61b..ab799ca67f 100644
index 31f615a9d0..57f2f625fe 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -203,7 +203,7 @@ READ_LOCK_STATUS = TRUE
@@ -176,7 +176,7 @@ READ_LOCK_STATUS = TRUE
#
# TianoCore logo (splash screen)
#
@ -171,10 +182,10 @@ index 098d40b61b..ab799ca67f 100644
#
# Ramdisk support
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 1e5388ae70..d2b3f24394 100644
index 3b0f04967a..27e65b7638 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -331,7 +331,7 @@
@@ -348,7 +348,7 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
@ -520,11 +531,11 @@ index 0000000000..7227ac3910
+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
+
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 5b885590b2..249b1d8dc0 100644
index 66e944436a..044379e1ed 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -693,7 +693,7 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
@@ -688,7 +688,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
@ -533,10 +544,10 @@ index 5b885590b2..249b1d8dc0 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 4999403ad7..be3d3b4d14 100644
index 785affeb90..326f82384e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -293,7 +293,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
@@ -283,7 +283,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
@ -546,11 +557,11 @@ index 4999403ad7..be3d3b4d14 100644
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index bbf0853ee6..5ec186df4b 100644
index 51c2bfb44f..2ff68102d3 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -702,7 +702,7 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
@@ -701,7 +701,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
@ -559,10 +570,10 @@ index bbf0853ee6..5ec186df4b 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index d0cc107928..b56160b3bf 100644
index 7440707256..aefb6614ad 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf
@ -572,11 +583,11 @@ index d0cc107928..b56160b3bf 100644
#
# Network modules
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d81460f520..29538ade4d 100644
index ba7a758844..3a66d4d424 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -700,7 +700,7 @@
NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
@@ -699,7 +699,7 @@
NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
!endif
}
- MdeModulePkg/Logo/LogoDxe.inf
@ -585,10 +596,10 @@ index d81460f520..29538ade4d 100644
<LibraryClasses>
NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index d0cc107928..b56160b3bf 100644
index 7440707256..aefb6614ad 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf

19
SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch → SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
View File

@ -1,8 +1,15 @@
From a1260c9122c95bcbef1efc5eebe11902767813c2 Mon Sep 17 00:00:00 2001
From e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 20 Feb 2014 22:54:45 +0100
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- trivial context difference due to upstream commit 2fe5f2f52918
("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
by git-cherry-pick automatically
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -40,24 +47,24 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
---
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
index 36cde54976..c0c4eaee0f 100644
index 3dfa3126c3..9451c50c70 100644
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
@@ -27,7 +27,7 @@
@@ -21,7 +21,7 @@
//
// Define the maximum debug and assert message length that this library supports
//
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
/**
Prints a debug message to the debug output device if the specified error level is enabled.
//
// VA_LIST can not initialize to NULL for all compiler, so we use this to
--
2.18.1

13
SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch → SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
View File

@ -1,8 +1,13 @@
From bd264265a99c60f45cadaa4109a9db59ae218471 Mon Sep 17 00:00:00 2001
From 3aa0316ea1db5416cb528179a3ba5ce37c1279b7 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 12 Jun 2014 00:17:59 +0200
Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no changes
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -48,17 +53,17 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
---
OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +-
OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++-----------
2 files changed, 308 insertions(+), 175 deletions(-)
diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
index 18fa9209d4..f87ed5cf30 100644
index cb2a60d827..26fe1bcc32 100644
--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
@@ -18,7 +18,7 @@
@@ -12,7 +12,7 @@
;------------------------------------------------------------------------------
; enable this macro for debug messages

13
SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch → SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
View File

@ -1,8 +1,13 @@
From 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51 Mon Sep 17 00:00:00 2001
From 12cb13a1da913912bd9148ce8f2353a75be77f18 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 18:40:35 +0100
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no changes
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -89,16 +94,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
---
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
1 file changed, 38 insertions(+), 3 deletions(-)
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
index 66dd3ad550..78a198379a 100644
index c76b2c5100..eff9d9787f 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
@@ -107,9 +107,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
};
TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {

36
SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch → SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
View File

@ -1,9 +1,19 @@
From cfccb98d13e955beb0b93b4a75a973f30c273ffc Mon Sep 17 00:00:00 2001
From a11602f5e2ef930be5b693ddfd0c789a1bd4c60c Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
- 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
2019-06-26),
- 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
PcdUse5LevelPageTable", 2019-08-09),
with easy manual resolution.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -48,7 +58,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
---
MdeModulePkg/MdeModulePkg.dec | 4 +++
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
@ -56,12 +66,12 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index a2130bc439..dcd118ba62 100644
index 19935c88fa..5690bbd8b3 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1968,6 +1968,10 @@
# @Prompt The address mask when memory encryption is enabled.
gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
@@ -2002,6 +2002,10 @@
# @Prompt Capsule On Disk relocation device path.
gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x0000002f
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
@ -71,10 +81,10 @@ index a2130bc439..dcd118ba62 100644
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
index 4d7218e415..295e7641a5 100644
index 7ef655cca5..1113252df2 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -83,7 +93,7 @@ index 4d7218e415..295e7641a5 100644
#include "Terminal.h"
//
@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
@ -100,7 +110,7 @@ index 4d7218e415..295e7641a5 100644
//
// Body of the ConOut functions
//
@@ -508,6 +520,24 @@ TerminalConOutSetMode (
@@ -502,6 +514,24 @@ TerminalConOutSetMode (
return EFI_DEVICE_ERROR;
}
@ -126,10 +136,10 @@ index 4d7218e415..295e7641a5 100644
Status = This->ClearScreen (This);
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
index 15b4ac1c33..a704bc17e5 100644
index 24e164ef4d..d1160ed1c7 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
@@ -60,6 +60,7 @@
@@ -55,6 +55,7 @@
DebugLib
PcdLib
BaseLib
@ -137,7 +147,7 @@ index 15b4ac1c33..a704bc17e5 100644
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
@@ -88,6 +89,7 @@
@@ -83,6 +84,7 @@
[Pcd]
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES

29
SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch → SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
View File

@ -1,8 +1,13 @@
From f9b73437b9b231773c1a20e0c516168817a930a2 Mon Sep 17 00:00:00 2001
From 2cc462ee963d0be119bc97bfc9c70d292a40516f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -37,7 +42,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
---
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
@ -47,10 +52,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
5 files changed, 5 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 249b1d8dc0..3f1da66aab 100644
index 044379e1ed..accf5c0211 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -531,6 +531,7 @@
@@ -525,6 +525,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -59,10 +64,10 @@ index 249b1d8dc0..3f1da66aab 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 5ec186df4b..9bb0a4cede 100644
index 2ff68102d3..8812da9943 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -537,6 +537,7 @@
@@ -531,6 +531,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -71,10 +76,10 @@ index 5ec186df4b..9bb0a4cede 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 29538ade4d..3b7fc5328c 100644
index 3a66d4d424..73e1b7824f 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -536,6 +536,7 @@
@@ -530,6 +530,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -83,10 +88,10 @@ index 29538ade4d..3b7fc5328c 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 22139a64cb..64b8034117 100644
index 3ba2459872..bbbf1ac2a8 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -670,6 +670,7 @@ InitializePlatform (
@@ -667,6 +667,7 @@ InitializePlatform (
PeiFvInitialization ();
MemMapInitialization ();
NoexecDxeInitialization ();
@ -95,10 +100,10 @@ index 22139a64cb..64b8034117 100644
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index 5c8dd0fe6d..035ce249fe 100644
index d9fd9c8f05..666803916c 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -96,6 +96,7 @@
@@ -89,6 +89,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration

13
SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch → SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
View File

@ -1,8 +1,13 @@
From f372886be5f1c41677f168be77c484bae5841361 Mon Sep 17 00:00:00 2001
From 0dd0ad0dcdfd1189ed8aa880765403d1f587cc59 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 12 Apr 2016 20:50:25 +0200
Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -34,16 +39,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03)
(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9)
(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit f372886be5f1c41677f168be77c484bae5841361)
---
ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
index eff4a21650..adf1ff6c6a 100644
index 4d27d7d30b..feceed5f93 100644
--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
@@ -22,7 +22,7 @@
@@ -15,7 +15,7 @@
FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
MODULE_TYPE = BASE
VERSION_STRING = 1.0

1360
SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
View File

File diff suppressed because it is too large Load Diff

15
SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch → SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
View File

@ -1,8 +1,13 @@
From 232fcf06f6b3048b7c2ebd6931f23186b3852f04 Mon Sep 17 00:00:00 2001
From 8338545260fbb423f796d5196faaaf8ff6e1ed99 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -39,7 +44,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
---
ArmVirtPkg/ArmVirtQemu.dsc | 7 +-
.../TerminalPcdProducerLib.c | 87 +++++++++++++++++++
@ -49,10 +54,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index f2e5125494..9fc78d4e0a 100644
index a3cc3f26ec..696b0b5bcd 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -221,6 +221,8 @@
@@ -237,6 +237,8 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
@ -61,7 +66,7 @@ index f2e5125494..9fc78d4e0a 100644
[PcdsDynamicHii]
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
@@ -297,7 +299,10 @@
@@ -314,7 +316,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf

21
SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch → SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
View File

@ -1,9 +1,14 @@
From 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4 Mon Sep 17 00:00:00 2001
From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Nov 2014 23:02:53 +0100
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -79,7 +84,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
---
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
@ -87,10 +92,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
3 files changed, 6 insertions(+)
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index be3d3b4d14..a545f7c2a6 100644
index 326f82384e..dff2fcd9f6 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -278,10 +278,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -104,10 +109,10 @@ index be3d3b4d14..a545f7c2a6 100644
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index b56160b3bf..fe24e86b92 100644
index aefb6614ad..6684a2e799 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -121,10 +126,10 @@ index b56160b3bf..fe24e86b92 100644
INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b56160b3bf..fe24e86b92 100644
index aefb6614ad..6684a2e799 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

13
SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch → SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
View File

@ -1,8 +1,13 @@
From c3f07e323e76856f1b42ea7b8c598ba3201c28a2 Mon Sep 17 00:00:00 2001
From 9f756c1ad83cc81f7d892cd036d59a2b567b02dc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:49:43 +0200
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -48,16 +53,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
---
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
index 44c00bd0c1..40c8ec3251 100644
index c8ea183313..bab4804a17 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
@@ -114,6 +114,13 @@
@@ -108,6 +108,13 @@
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045

29
SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch → SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
View File

@ -1,9 +1,14 @@
From bb71490fdda3b38fa9f071d281b863f9b64363bf Mon Sep 17 00:00:00 2001
From 8d5a8827aabc67cb2a046697e1a750ca8d9cc453 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 13:59:20 +0200
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
port (RH)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -46,7 +51,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
---
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
@ -56,10 +61,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
5 files changed, 15 insertions(+)
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
index dc47adbaff..cbd72232c7 100644
index d379ad8b7a..ff1672f94d 100644
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
@@ -117,6 +117,11 @@ PrimaryMain (
@@ -111,6 +111,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
@ -72,10 +77,10 @@ index dc47adbaff..cbd72232c7 100644
// Enable the GIC Distributor
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
index 134a469427..af39fc017c 100644
index 1500d2bd51..5b0790beac 100644
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
@@ -35,6 +35,11 @@ PrimaryMain (
@@ -29,6 +29,11 @@ PrimaryMain (
UINTN TemporaryRamBase;
UINTN TemporaryRamSize;
@ -88,10 +93,10 @@ index 134a469427..af39fc017c 100644
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
index 160894620c..bf843d7768 100644
index 7140c7f5b5..1d69a2b468 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
@@ -21,6 +21,7 @@
@@ -15,6 +15,7 @@
#include <Library/DebugLib.h>
#include <Library/IoLib.h>
#include <Library/PcdLib.h>
@ -100,10 +105,10 @@ index 160894620c..bf843d7768 100644
#include <PiPei.h>
#include <Ppi/TemporaryRamSupport.h>
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
index e3a31fa7c6..1bc0c45420 100644
index f2ac45d171..fc93fda965 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
@@ -72,6 +72,8 @@
@@ -67,6 +67,8 @@
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
@ -113,10 +118,10 @@ index e3a31fa7c6..1bc0c45420 100644
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
gArmTokenSpaceGuid.PcdGicSgiIntId
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
index ec83cec2d8..b100820491 100644
index 84c319c367..46d1b30978 100644
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
@@ -70,4 +70,6 @@
@@ -65,4 +65,6 @@
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize

13
SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch → SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
View File

@ -1,8 +1,13 @@
From fb2032bbea7e02c426855cf86a323556d493fd8a Mon Sep 17 00:00:00 2001
From ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 14:07:17 +0200
Subject: ArmVirtPkg: set early hello message (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -41,16 +46,16 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
1 file changed, 1 insertion(+)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 9fc78d4e0a..a4cd66b846 100644
index 696b0b5bcd..08c7a36339 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -94,6 +94,7 @@
@@ -101,6 +101,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
[PcdsFixedAtBuild.common]

21
SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch → SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
View File

@ -1,8 +1,13 @@
From 7e6d5dc4078c64be6d55d8fc3317c59a91507a50 Mon Sep 17 00:00:00 2001
From 3cb92f9ba18ac79911bd5258ff4f949cc617ae89 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -38,7 +43,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
---
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
@ -46,10 +51,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index bc75e03d47..8093e6f000 100644
index accf5c0211..759075a815 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -484,7 +484,7 @@
@@ -479,7 +479,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -59,10 +64,10 @@ index bc75e03d47..8093e6f000 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f630737662..eca9b4e6db 100644
index 8812da9943..634e20f09c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -489,7 +489,7 @@
@@ -484,7 +484,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -72,10 +77,10 @@ index f630737662..eca9b4e6db 100644
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index ac70a0cac1..3ff9a3181e 100644
index 73e1b7824f..bc5a345a37 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -489,7 +489,7 @@
@@ -484,7 +484,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error

39
SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch → SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
View File

@ -1,9 +1,17 @@
From b06b87f8ffd4fed4ef7eacb13689a9b6d111f850 Mon Sep 17 00:00:00 2001
From c8c3f893e7c3710afe45c46839e97954871536e4 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
QemuVideoDxe/QemuRamfbDxe (RH)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
"QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
Resolve the conflict manually.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -55,7 +63,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
---
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
@ -63,19 +71,20 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
3 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 8093e6f000..8f1cf80fe6 100644
index 759075a815..6a07a6af81 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -746,8 +746,14 @@
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@@ -742,9 +742,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
@ -84,19 +93,20 @@ index 8093e6f000..8f1cf80fe6 100644
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index eca9b4e6db..62d6d6c406 100644
index 634e20f09c..c7f52992e9 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -755,8 +755,14 @@
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@@ -755,9 +755,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
@ -105,19 +115,20 @@ index eca9b4e6db..62d6d6c406 100644
#
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3ff9a3181e..992b141113 100644
index bc5a345a37..594ecb5362 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -753,8 +753,14 @@
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@@ -753,9 +753,15 @@
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
!ifndef $(CSM_ENABLE)
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
!endif
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F

39
SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch → SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
View File

@ -1,9 +1,21 @@
From 76b4ac28e975bd63c25db903a1d42c47b38cc756 Mon Sep 17 00:00:00 2001
From e5b8152bced2364a1ded0926dbba4d65e23e3f84 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- The previous version of this patch (downstream commit 76b4ac28e975)
caused a regression (RHBZ#1714446), which was fixed up in downstream
commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
Squash the fixup into the original patch. Fuse the commit messages.
(Acked-by tags are not preserved, lest we confuse ourselves while
reviewing this rebase.)
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -17,44 +29,53 @@ boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
dependent on the progress bar, when the VERBOSE bit is set in
PcdDebugPrintErrorLevel.
Clear the VERBOSE bit without touching other bits -- those other bits
differ between the "silent" and "verbose" builds, so we can't set them as
constants.
QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
none of its messages this way.
none of its messages, with the VERBOSE bit clear.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
Reported-by: Andrew Jones <drjones@redhat.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index a4cd66b846..aac4094665 100644
index 08c7a36339..b3dcdd747b 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -421,7 +421,10 @@
@@ -422,7 +422,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index d2b3f24394..c9a635e80b 100644
index 27e65b7638..008181055a 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -399,7 +399,10 @@
@@ -400,7 +400,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf

83
SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch Normal file
View File

@ -0,0 +1,83 @@
From aa2b66b18a62d652bdbefae7b5732297294306ca Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
builds (RH only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- We have to carry this downstream-only patch -- committed originally as
aaaedc1e2cfd -- indefinitely.
- To avoid confusion, remove the tags from the commit message that had
been added by the downstream maintainer scripts, such as: Message-id,
Patchwork-id, O-Subject, Acked-by. These remain available on the
original downstream commit. The Bugzilla line is preserved, as it
doesn't relate to a specific posting, but to the problem.
Bugzilla: 1714446
To suppress an error message on the silent build when ramfb is
not configured, change QemuRamfbDxe to return EFI_SUCCESS even
when it fails.
Some memory is wasted (driver stays resident without
any good use), but it is mostly harmless, as the memory
is released by the OS after ExitBootServices().
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
2 files changed, 15 insertions(+)
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
index 0d49d8bbab..dbf9bcbe16 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
@@ -13,6 +13,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/FrameBufferBltLib.h>
#include <Library/MemoryAllocationLib.h>
@@ -242,6 +243,19 @@ InitializeQemuRamfb (
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
if (EFI_ERROR (Status)) {
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1714446
+ // If no ramfb device was configured, this platform DXE driver should
+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
+ // using a silent build, an error message is issued to the guest console.
+ // Since this confuse users, return success and stay resident. The wasted
+ // guest RAM still gets freed later after ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ return EFI_SUCCESS;
+ }
+#endif
return EFI_NOT_FOUND;
}
if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
index e3890b8c20..6ffee5acb2 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@@ -29,6 +29,7 @@
BaseLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
FrameBufferBltLib
MemoryAllocationLib
--
2.18.1

21
SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch → SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
View File

@ -1,9 +1,14 @@
From 58bba429b9ec7b78109940ef945d0dc93f3cd958 Mon Sep 17 00:00:00 2001
From b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
only)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
@ -39,7 +44,7 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
---
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
@ -47,10 +52,10 @@ Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 8f1cf80fe6..bbf5e38274 100644
index 6a07a6af81..1c56e0948a 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -740,7 +740,10 @@
@@ -735,7 +735,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -63,10 +68,10 @@ index 8f1cf80fe6..bbf5e38274 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 62d6d6c406..3ec1b916e7 100644
index c7f52992e9..29e12c9dff 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -749,7 +749,10 @@
@@ -748,7 +748,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -79,10 +84,10 @@ index 62d6d6c406..3ec1b916e7 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 992b141113..ea54b4b8e8 100644
index 594ecb5362..11fe9f6050 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -747,7 +747,10 @@
@@ -746,7 +746,10 @@
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf

59
SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
View File

@ -1,59 +0,0 @@
From d382b66affafe06c7e470e0a2dffbd3634b363f1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 19 Mar 2019 15:48:34 +0100
Subject: Downgrade CryptoPkg INF files to OpenSSL 1.1.0i (RH only)
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- new patch, due to upstream commit a18f784cfdbe ("Upgrade OpenSSL to
1.1.0j", 2018-12-21)
Upstream commit a18f784cfdbe (see above) advanced the OpenSSL git
submodule from upstream OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h
release", 2018-03-27) to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare
for 1.1.0j release", 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i.
However, Fedora 28 only offers 1.1.0i at this point (and it will not be
rebased again until 1.1.0k is released). Therefore hunks in the upstream
CryptoPkg commit that relate specifically to 1.1.0j have to be backed out.
The only such hunks are the "crypto/getenv.c" additions to the INF files.
The related upstream OpenSSL change was commit 1abdf08284af ("Use
secure_getenv(3) when available.", 2018-09-24), part of tag
"OpenSSL_1_1_0j".
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 -
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
2 files changed, 2 deletions(-)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index 6162d29143..fcb8bfddde 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -282,7 +282,6 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index b04bf62b4e..99ff89da0e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -282,7 +282,6 @@
$(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
$(OPENSSL_PATH)/crypto/evp/scrypt.c
$(OPENSSL_PATH)/crypto/ex_data.c
- $(OPENSSL_PATH)/crypto/getenv.c
$(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
$(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
$(OPENSSL_PATH)/crypto/hmac/hmac.c
--
2.18.1

79
SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch Normal file
View File

@ -0,0 +1,79 @@
From 57bd3f146590df8757865d8f2cdd1db3cf3f4d40 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sat, 16 Nov 2019 17:11:27 +0100
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
(RH)
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- new patch
The downstream changes in RHEL8's OpenSSL package, for example in
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
preexistent code into those new files. In order to avoid undefined
references in link editing, we have to list the new files.
Note: "process_files.pl" is not re-run at this time manually, because
(a) "process_files.pl" would pollute the file list (and some of the
auto-generated header files) with RHEL8-specific FIPS artifacts, which
are explicitly unwanted in edk2,
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
and will help with future changes too.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
2 files changed, 22 insertions(+)
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
index dd873a0dcd..d1c7602b87 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
@@ -598,6 +598,17 @@
$(OPENSSL_PATH)/ssl/record/record.h
$(OPENSSL_PATH)/ssl/record/record_locl.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
ossl_store.c
rand_pool.c
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
index a1bb560255..0785a421dd 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
@@ -546,6 +546,17 @@
$(OPENSSL_PATH)/crypto/objects/obj_lcl.h
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
# Autogenerated files list ends here
+# RHEL8-specific OpenSSL file list starts here
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
+# RHEL8-specific OpenSSL file list ends here
buildinf.h
rand_pool_noise.h
ossl_store.c
--
2.18.1

22
SOURCES/RedHatSecureBootPkKek1.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
R+SqIs/vdWGA40O3SFdzET14m2k=
-----END CERTIFICATE-----

338
SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch Normal file
View File

@ -0,0 +1,338 @@
From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:53 +0100
Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-6-lersek@redhat.com>
Patchwork-id: 92461
O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib,
StdLibPrivateInternalFiles", 2019-04-29).
We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
"inet_pton.c" file from just before the StdLib removal, as follows:
$ git show \
964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
> CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
The inet_pton() function is only intended for the DXE phase at this time,
therefore only the "BaseCryptLib" instance INF file receives the new file.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3)
---
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++
CryptoPkg/Library/Include/CrtLibSupport.h | 1 +
3 files changed, 259 insertions(+)
create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
index 8d4988e..b5cfd8b 100644
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
@@ -58,6 +58,7 @@
SysCall/CrtWrapper.c
SysCall/TimerWrapper.c
SysCall/BaseMemAllocation.c
+ SysCall/inet_pton.c
[Sources.Ia32]
Rand/CryptRandTsc.c
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
new file mode 100644
index 0000000..32e1ab8
--- /dev/null
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
@@ -0,0 +1,257 @@
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Portions copyright (c) 1999, 2000
+ * Intel Corporation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ *
+ * This product includes software developed by Intel Corporation and
+ * its contributors.
+ *
+ * 4. Neither the name of Intel Corporation or its contributors may be
+ * used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <string.h>
+#include <errno.h>
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static int inet_pton4 (const char *src, u_char *dst);
+static int inet_pton6 (const char *src, u_char *dst);
+
+/* int
+ * inet_pton(af, src, dst)
+ * convert from presentation format (which usually means ASCII printable)
+ * to network format (which is usually some kind of binary format).
+ * return:
+ * 1 if the address was valid for the specified address family
+ * 0 if the address wasn't valid (`dst' is untouched in this case)
+ * -1 if some other error occurred (`dst' is untouched in this case, too)
+ * author:
+ * Paul Vixie, 1996.
+ */
+int
+inet_pton(
+ int af,
+ const char *src,
+ void *dst
+ )
+{
+ switch (af) {
+ case AF_INET:
+ return (inet_pton4(src, dst));
+ case AF_INET6:
+ return (inet_pton6(src, dst));
+ default:
+ errno = EAFNOSUPPORT;
+ return (-1);
+ }
+ /* NOTREACHED */
+}
+
+/* int
+ * inet_pton4(src, dst)
+ * like inet_aton() but without all the hexadecimal and shorthand.
+ * return:
+ * 1 if `src' is a valid dotted quad, else 0.
+ * notice:
+ * does not touch `dst' unless it's returning 1.
+ * author:
+ * Paul Vixie, 1996.
+ */
+static int
+inet_pton4(
+ const char *src,
+ u_char *dst
+ )
+{
+ static const char digits[] = "0123456789";
+ int saw_digit, octets, ch;
+ u_char tmp[NS_INADDRSZ], *tp;
+
+ saw_digit = 0;
+ octets = 0;
+ *(tp = tmp) = 0;
+ while ((ch = *src++) != '\0') {
+ const char *pch;
+
+ if ((pch = strchr(digits, ch)) != NULL) {
+ u_int new = *tp * 10 + (u_int)(pch - digits);
+
+ if (new > 255)
+ return (0);
+ *tp = (u_char)new;
+ if (! saw_digit) {
+ if (++octets > 4)
+ return (0);
+ saw_digit = 1;
+ }
+ } else if (ch == '.' && saw_digit) {
+ if (octets == 4)
+ return (0);
+ *++tp = 0;
+ saw_digit = 0;
+ } else
+ return (0);
+ }
+ if (octets < 4)
+ return (0);
+
+ memcpy(dst, tmp, NS_INADDRSZ);
+ return (1);
+}
+
+/* int
+ * inet_pton6(src, dst)
+ * convert presentation level address to network order binary form.
+ * return:
+ * 1 if `src' is a valid [RFC1884 2.2] address, else 0.
+ * notice:
+ * (1) does not touch `dst' unless it's returning 1.
+ * (2) :: in a full address is silently ignored.
+ * credit:
+ * inspired by Mark Andrews.
+ * author:
+ * Paul Vixie, 1996.
+ */
+static int
+inet_pton6(
+ const char *src,
+ u_char *dst
+ )
+{
+ static const char xdigits_l[] = "0123456789abcdef",
+ xdigits_u[] = "0123456789ABCDEF";
+ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+ const char *xdigits, *curtok;
+ int ch, saw_xdigit;
+ u_int val;
+
+ memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+ endp = tp + NS_IN6ADDRSZ;
+ colonp = NULL;
+ /* Leading :: requires some special handling. */
+ if (*src == ':')
+ if (*++src != ':')
+ return (0);
+ curtok = src;
+ saw_xdigit = 0;
+ val = 0;
+ while ((ch = *src++) != '\0') {
+ const char *pch;
+
+ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+ pch = strchr((xdigits = xdigits_u), ch);
+ if (pch != NULL) {
+ val <<= 4;
+ val |= (pch - xdigits);
+ if (val > 0xffff)
+ return (0);
+ saw_xdigit = 1;
+ continue;
+ }
+ if (ch == ':') {
+ curtok = src;
+ if (!saw_xdigit) {
+ if (colonp)
+ return (0);
+ colonp = tp;
+ continue;
+ }
+ if (tp + NS_INT16SZ > endp)
+ return (0);
+ *tp++ = (u_char) (val >> 8) & 0xff;
+ *tp++ = (u_char) val & 0xff;
+ saw_xdigit = 0;
+ val = 0;
+ continue;
+ }
+ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+ inet_pton4(curtok, tp) > 0) {
+ tp += NS_INADDRSZ;
+ saw_xdigit = 0;
+ break; /* '\0' was seen by inet_pton4(). */
+ }
+ return (0);
+ }
+ if (saw_xdigit) {
+ if (tp + NS_INT16SZ > endp)
+ return (0);
+ *tp++ = (u_char) (val >> 8) & 0xff;
+ *tp++ = (u_char) val & 0xff;
+ }
+ if (colonp != NULL) {
+ /*
+ * Since some memmove()'s erroneously fail to handle
+ * overlapping regions, we'll do the shift by hand.
+ */
+ const int n = (int)(tp - colonp);
+ int i;
+
+ for (i = 1; i <= n; i++) {
+ endp[- i] = colonp[n - i];
+ colonp[n - i] = 0;
+ }
+ tp = endp;
+ }
+ if (tp != endp)
+ return (0);
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
+ return (1);
+}
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index e603fad..5a20ba6 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -192,6 +192,7 @@ void abort (void) __attribute__((__noreturn__));
#else
void abort (void);
#endif
+int inet_pton (int, const char *, void *);
//
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
--
1.8.3.1

188
SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch Normal file
View File

@ -0,0 +1,188 @@
From 1ab1024f94401300fe9a1d5cdce6c15a2b091e02 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:50 +0100
Subject: [PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies
(CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-5-lersek@redhat.com>
Patchwork-id: 92453
O-Subject: [RHEL-8.2.0 edk2 PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package). That source file has a number of
standard C and BSD socket dependencies. Provide those dependencies here:
- The header files below will simply #include <CrtLibSupport.h>:
- arpa/inet.h
- arpa/nameser.h
- netinet/in.h
- sys/param.h
- sys/socket.h
- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
e2d3a25f1a31; which is the commit immediately preceding the removal of
StdLib from edk2 (964f432b9b0a).
Note that the other error macro, which we alread #define, namely EINVAL,
has a value (22) that also matches "StdLib/Include/errno.h".
- The AF_INET and AF_INET6 address family macros come from
"StdLib/Include/sys/socket.h".
- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
"StdLib/Include/arpa/nameser.h".
- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
(cherry picked from commit 2ac41c12c0d4b3d3ee8f905ab80da019e784de00)
---
CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++
CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++
CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++
CryptoPkg/Library/Include/sys/param.h | 9 +++++++++
CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++
6 files changed, 61 insertions(+)
create mode 100644 CryptoPkg/Library/Include/arpa/inet.h
create mode 100644 CryptoPkg/Library/Include/arpa/nameser.h
create mode 100644 CryptoPkg/Library/Include/netinet/in.h
create mode 100644 CryptoPkg/Library/Include/sys/param.h
create mode 100644 CryptoPkg/Library/Include/sys/socket.h
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index b90da20..e603fad 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -74,6 +74,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Definitions for global constants used by CRT library routines
//
#define EINVAL 22 /* Invalid argument */
+#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
#define LONG_MAX 0X7FFFFFFFL /* max value for a long */
#define LONG_MIN (-LONG_MAX-1) /* min value for a long */
@@ -81,13 +82,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define CHAR_BIT 8 /* Number of bits in a char */
//
+// Address families.
+//
+#define AF_INET 2 /* internetwork: UDP, TCP, etc. */
+#define AF_INET6 24 /* IP version 6 */
+
+//
+// Define constants based on RFC0883, RFC1034, RFC 1035
+//
+#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */
+#define NS_INADDRSZ 4 /*%< IPv4 T_A */
+#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
+
+//
// Basic types mapping
//
typedef UINTN size_t;
+typedef UINTN u_int;
typedef INTN ssize_t;
typedef INT32 time_t;
typedef UINT8 __uint8_t;
typedef UINT8 sa_family_t;
+typedef UINT8 u_char;
typedef UINT32 uid_t;
typedef UINT32 gid_t;
diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h
new file mode 100644
index 0000000..988e4e0
--- /dev/null
+++ b/CryptoPkg/Library/Include/arpa/inet.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building third-party standard C / BSD sockets code.
+
+ Copyright (C) 2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h
new file mode 100644
index 0000000..988e4e0
--- /dev/null
+++ b/CryptoPkg/Library/Include/arpa/nameser.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building third-party standard C / BSD sockets code.
+
+ Copyright (C) 2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h
new file mode 100644
index 0000000..988e4e0
--- /dev/null
+++ b/CryptoPkg/Library/Include/netinet/in.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building third-party standard C / BSD sockets code.
+
+ Copyright (C) 2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h
new file mode 100644
index 0000000..988e4e0
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/param.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building third-party standard C / BSD sockets code.
+
+ Copyright (C) 2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h
new file mode 100644
index 0000000..988e4e0
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/socket.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building third-party standard C / BSD sockets code.
+
+ Copyright (C) 2019, Red Hat, Inc.
+
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
--
1.8.3.1

86
SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch Normal file
View File

@ -0,0 +1,86 @@
From 697cb1880b624f83bc9e926c3614d070eb365f06 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:47 +0100
Subject: [PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function
(CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-4-lersek@redhat.com>
Patchwork-id: 92458
O-Subject: [RHEL-8.2.0 edk2 PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
According to the ISO C standard, strchr() is a function. We #define it as
a macro. Unfortunately, our macro evaluates the first argument ("str")
twice. If the expression passed for "str" has side effects, the behavior
may be undefined.
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package), which calls strchr() just like that:
strchr((xdigits = xdigits_l), ch)
strchr((xdigits = xdigits_u), ch)
To enable this kind of function call, turn strchr() into a function.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
(cherry picked from commit eb520d94dba7369d1886cd5522d5a2c36fb02209)
---
CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++
CryptoPkg/Library/Include/CrtLibSupport.h | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 71a2ef3..42235ab 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -115,6 +115,11 @@ QuickSortWorker (
// -- String Manipulation Routines --
//
+char *strchr(const char *str, int ch)
+{
+ return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
+}
+
/* Scan a string for the last occurrence of a character */
char *strrchr (const char *str, int c)
{
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index 5806f50..b90da20 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -147,6 +147,7 @@ int isupper (int);
int tolower (int);
int strcmp (const char *, const char *);
int strncasecmp (const char *, const char *, size_t);
+char *strchr (const char *, int);
char *strrchr (const char *, int);
unsigned long strtoul (const char *, char **, int);
long strtol (const char *, char **, int);
@@ -188,7 +189,6 @@ void abort (void);
#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
#define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
#define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
#define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2)
#define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
--
1.8.3.1

134
SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch Normal file
View File

@ -0,0 +1,134 @@
From 3885ce313d1d06359aa76b085668c1391d8a5f50 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:43 +0100
Subject: [PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"
(CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-3-lersek@redhat.com>
Patchwork-id: 92460
O-Subject: [RHEL-8.2.0 edk2 PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
In the patch, we add the new API "TlsSetVerifyHost" for the TLS
protocol to set the specified host name that need to be verified.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
(cherry picked from commit 2ca74e1a175232cc201798e27437700adc7fb07e)
---
CryptoPkg/Include/Library/TlsLib.h | 20 +++++++++++++++++++
CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++++++++++++++++++-
2 files changed, 57 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
index 9875cb6..3af7d4b 100644
--- a/CryptoPkg/Include/Library/TlsLib.h
+++ b/CryptoPkg/Include/Library/TlsLib.h
@@ -397,6 +397,26 @@ TlsSetVerify (
);
/**
+ Set the specified host name to be verified.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Flags The setting flags during the validation.
+ @param[in] HostName The specified host name to be verified.
+
+ @retval EFI_SUCCESS The HostName setting was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+ IN VOID *Tls,
+ IN UINT32 Flags,
+ IN CHAR8 *HostName
+ );
+
+/**
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
This function sets a session ID to be used when the TLS/SSL connection is
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 74b577d..2bf5aee 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -1,7 +1,7 @@
/** @file
SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -498,6 +498,42 @@ TlsSetVerify (
}
/**
+ Set the specified host name to be verified.
+
+ @param[in] Tls Pointer to the TLS object.
+ @param[in] Flags The setting flags during the validation.
+ @param[in] HostName The specified host name to be verified.
+
+ @retval EFI_SUCCESS The HostName setting was set successfully.
+ @retval EFI_INVALID_PARAMETER The parameter is invalid.
+ @retval EFI_ABORTED Invalid HostName setting.
+
+**/
+EFI_STATUS
+EFIAPI
+TlsSetVerifyHost (
+ IN VOID *Tls,
+ IN UINT32 Flags,
+ IN CHAR8 *HostName
+ )
+{
+ TLS_CONNECTION *TlsConn;
+
+ TlsConn = (TLS_CONNECTION *) Tls;
+ if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ SSL_set_hostflags(TlsConn->Ssl, Flags);
+
+ if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
+ return EFI_ABORTED;
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
Sets a TLS/SSL session ID to be used during TLS/SSL connect.
This function sets a session ID to be used when the TLS/SSL connection is
--
1.8.3.1

100
SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch Normal file
View File

@ -0,0 +1,100 @@
From 970b5f67512e00fb26765a14b4a1cb8a8a04276d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:57 +0100
Subject: [PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address
literals as such (CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-7-lersek@redhat.com>
Patchwork-id: 92452
O-Subject: [RHEL-8.2.0 edk2 PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Using the inet_pton() function that we imported in the previous patches,
recognize if "HostName" is an IP address literal, and then parse it into
binary representation. Passing the latter to OpenSSL for server
certificate validation is important, per RFC-2818
<https://tools.ietf.org/html/rfc2818#section-3.1>:
> In some cases, the URI is specified as an IP address rather than a
> hostname. In this case, the iPAddress subjectAltName must be present in
> the certificate and must exactly match the IP in the URI.
Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL
version that is currently consumed by edk2, said function depends on
sscanf() for parsing IPv4 literals. In
"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an
empty -- always failing -- stub for sscanf(), however.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Suggested-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
(cherry picked from commit 1e72b1fb2ec597caedb5170079bb213f6d67f32a)
---
CryptoPkg/Library/TlsLib/TlsConfig.c | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
index 2bf5aee..307eb57 100644
--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
+++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
@@ -517,7 +517,11 @@ TlsSetVerifyHost (
IN CHAR8 *HostName
)
{
- TLS_CONNECTION *TlsConn;
+ TLS_CONNECTION *TlsConn;
+ X509_VERIFY_PARAM *VerifyParam;
+ UINTN BinaryAddressSize;
+ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
+ INTN ParamStatus;
TlsConn = (TLS_CONNECTION *) Tls;
if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
@@ -526,11 +530,27 @@ TlsSetVerifyHost (
SSL_set_hostflags(TlsConn->Ssl, Flags);
- if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
- return EFI_ABORTED;
+ VerifyParam = SSL_get0_param (TlsConn->Ssl);
+ ASSERT (VerifyParam != NULL);
+
+ BinaryAddressSize = 0;
+ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
+ BinaryAddressSize = NS_IN6ADDRSZ;
+ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
+ BinaryAddressSize = NS_INADDRSZ;
}
- return EFI_SUCCESS;
+ if (BinaryAddressSize > 0) {
+ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
+ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
+ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
+ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
+ BinaryAddressSize);
+ } else {
+ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
+ }
+
+ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
}
/**
--
1.8.3.1

156
SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch Normal file
View File

@ -0,0 +1,156 @@
From 22ebe3ff84003e9256759e230ac68da35c6d77a2 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:31:37 +0100
Subject: [PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of
EfiTlsVerifyHost (CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-2-lersek@redhat.com>
Patchwork-id: 92457
O-Subject: [RHEL-8.2.0 edk2 PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
In the patch, we add the new data type named "EfiTlsVerifyHost" and
the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
to enable the host name check so as to avoid the potential
Man-In-The-Middle attack.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
(cherry picked from commit 31efec82796cb950e99d1622aa9c0eb8380613a0)
---
MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++++++++++++++++++++++-------
1 file changed, 57 insertions(+), 11 deletions(-)
diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
index bf1b672..af524ae 100644
--- a/MdePkg/Include/Protocol/Tls.h
+++ b/MdePkg/Include/Protocol/Tls.h
@@ -42,10 +42,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
///
typedef enum {
///
- /// Session Configuration
- ///
-
- ///
/// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
///
EfiTlsVersion,
@@ -86,11 +82,6 @@ typedef enum {
/// The corresponding Data is of type EFI_TLS_SESSION_STATE.
///
EfiTlsSessionState,
-
- ///
- /// Session information
- ///
-
///
/// TLS session data client random.
/// The corresponding Data is of type EFI_TLS_RANDOM.
@@ -106,9 +97,15 @@ typedef enum {
/// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
///
EfiTlsKeyMaterial,
+ ///
+ /// TLS session hostname for validation which is used to verify whether the name
+ /// within the peer certificate matches a given host name.
+ /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.
+ /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.
+ ///
+ EfiTlsVerifyHost,
EfiTlsSessionDataTypeMaximum
-
} EFI_TLS_SESSION_DATA_TYPE;
///
@@ -178,7 +175,8 @@ typedef UINT32 EFI_TLS_VERIFY;
///
#define EFI_TLS_VERIFY_PEER 0x1
///
-/// TLS session will fail peer certificate is absent.
+/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.
+/// TLS session will fail if client certificate is absent.
///
#define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2
///
@@ -188,6 +186,54 @@ typedef UINT32 EFI_TLS_VERIFY;
#define EFI_TLS_VERIFY_CLIENT_ONCE 0x4
///
+/// EFI_TLS_VERIFY_HOST_FLAG
+///
+typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;
+///
+/// There is no additional flags set for hostname validation.
+/// Wildcards are supported and they match only in the left-most label.
+///
+#define EFI_TLS_VERIFY_FLAG_NONE 0x00
+///
+/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the
+/// certificate contains Subject Alternative Name (SAN).
+///
+#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01
+///
+/// Disable the match of all wildcards.
+///
+#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02
+///
+/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").
+///
+#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04
+///
+/// Allow the "*" to match more than one labels. Otherwise, only matches a single label.
+///
+#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08
+///
+/// Restrict to only match direct child sub-domains which start with ".".
+/// For example, a name of ".example.com" would match "www.example.com" with this flag,
+/// but would not match "www.sub.example.com".
+///
+#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+///
+/// Never check the Subject Distinguished Name (DN) even there is no
+/// Subject Alternative Name (SAN) in the certificate.
+///
+#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20
+
+///
+/// EFI_TLS_VERIFY_HOST
+///
+#pragma pack (1)
+typedef struct {
+ EFI_TLS_VERIFY_HOST_FLAG Flags;
+ CHAR8 *HostName;
+} EFI_TLS_VERIFY_HOST;
+#pragma pack ()
+
+///
/// EFI_TLS_RANDOM
/// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
/// Hello Messages".
--
1.8.3.1

99
SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch Normal file
View File

@ -0,0 +1,99 @@
From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:32:04 +0100
Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification
(CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-9-lersek@redhat.com>
Patchwork-id: 92459
O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Set the HostName by consuming TLS protocol to enable the host name
check so as to avoid the potential Man-In-The-Middle attack.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f)
---
NetworkPkg/HttpDxe/HttpProto.h | 1 +
NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++----
2 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
index 6e1f517..34308e0 100644
--- a/NetworkPkg/HttpDxe/HttpProto.h
+++ b/NetworkPkg/HttpDxe/HttpProto.h
@@ -82,6 +82,7 @@ typedef struct {
EFI_TLS_VERSION Version;
EFI_TLS_CONNECTION_END ConnectionEnd;
EFI_TLS_VERIFY VerifyMethod;
+ EFI_TLS_VERIFY_HOST VerifyHost;
EFI_TLS_SESSION_STATE SessionState;
} TLS_CONFIG_DATA;
diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
index 988bbcb..5dfb13b 100644
--- a/NetworkPkg/HttpDxe/HttpsSupport.c
+++ b/NetworkPkg/HttpDxe/HttpsSupport.c
@@ -623,13 +623,16 @@ TlsConfigureSession (
//
// TlsConfigData initialization
//
- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
+ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;
+ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
+ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
//
// EfiTlsConnectionEnd,
- // EfiTlsVerifyMethod
+ // EfiTlsVerifyMethod,
+ // EfiTlsVerifyHost,
// EfiTlsSessionState
//
Status = HttpInstance->Tls->SetSessionData (
@@ -654,6 +657,16 @@ TlsConfigureSession (
Status = HttpInstance->Tls->SetSessionData (
HttpInstance->Tls,
+ EfiTlsVerifyHost,
+ &HttpInstance->TlsConfigData.VerifyHost,
+ sizeof (EFI_TLS_VERIFY_HOST)
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = HttpInstance->Tls->SetSessionData (
+ HttpInstance->Tls,
EfiTlsSessionState,
&(HttpInstance->TlsConfigData.SessionState),
sizeof (EFI_TLS_SESSION_STATE)
--
1.8.3.1

117
SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch Normal file
View File

@ -0,0 +1,117 @@
From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 2 Dec 2019 12:32:00 +0100
Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to
TlsDxe driver (CVE-2019-14553)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Laszlo Ersek <lersek@redhat.com>
Message-id: <20191117220052.15700-8-lersek@redhat.com>
Patchwork-id: 92456
O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553)
Bugzilla: 1536624
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
The new data type named "EfiTlsVerifyHost" and the
EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol.
Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
Reviewed-by: Long Qin <qin.long@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947)
---
NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 41 insertions(+), 3 deletions(-)
diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c
index a7a993f..001e540 100644
--- a/NetworkPkg/TlsDxe/TlsProtocol.c
+++ b/NetworkPkg/TlsDxe/TlsProtocol.c
@@ -1,7 +1,7 @@
/** @file
Implementation of EFI TLS Protocol Interfaces.
- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -56,12 +56,16 @@ TlsSetSessionData (
UINT16 *CipherId;
CONST EFI_TLS_CIPHER *TlsCipherList;
UINTN CipherCount;
+ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
+ EFI_TLS_VERIFY VerifyMethod;
+ UINTN VerifyMethodSize;
UINTN Index;
EFI_TPL OldTpl;
- Status = EFI_SUCCESS;
- CipherId = NULL;
+ Status = EFI_SUCCESS;
+ CipherId = NULL;
+ VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
if (This == NULL || Data == NULL || DataSize == 0) {
return EFI_INVALID_PARAMETER;
@@ -149,6 +153,40 @@ TlsSetSessionData (
TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
break;
+ case EfiTlsVerifyHost:
+ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
+
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
+ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
+ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
+ if (EFI_ERROR (Status)) {
+ goto ON_EXIT;
+ }
+
+ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
+ Status = EFI_INVALID_PARAMETER;
+ goto ON_EXIT;
+ }
+
+ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
+
+ break;
case EfiTlsSessionID:
if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
Status = EFI_INVALID_PARAMETER;
--
1.8.3.1

198
SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
View File

@ -1,198 +0,0 @@
From 71c39f0fb0b9a3e9856cebc58ef3812752fd07cc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Jun 2019 11:06:45 +0200
Subject: [PATCH 3/3] OvmfPkg/PlatformPei: set 32-bit UC area at PciBase /
PciExBarBase (pc/q35)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-id: <20190604090645.2847-4-lersek@redhat.com>
Patchwork-id: 88483
O-Subject: [RHEL-8.1.0 edk2 PATCH v2 3/3] OvmfPkg/PlatformPei: set 32-bit UC
area at PciBase / PciExBarBase (pc/q35)
Bugzilla: 1666941
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
(This is a replacement for commit 39b9a5ffe661 ("OvmfPkg/PlatformPei: fix
MTRR for low-RAM sizes that have many bits clear", 2019-05-16).)
Reintroduce the same logic as seen in commit 39b9a5ffe661 for the pc
(i440fx) board type.
For q35, the same approach doesn't work any longer, given that (a) we'd
like to keep the PCIEXBAR in the platform DSC a fixed-at-build PCD, and
(b) QEMU expects the PCIEXBAR to reside at a lower address than the 32-bit
PCI MMIO aperture.
Therefore, introduce a helper function for determining the 32-bit
"uncacheable" (MMIO) area base address:
- On q35, this function behaves statically. Furthermore, the MTRR setup
exploits that the range [0xB000_0000, 0xFFFF_FFFF] can be marked UC with
just two variable MTRRs (one at 0xB000_0000 (size 256MB), another at
0xC000_0000 (size 1GB)).
- On pc (i440fx), the function behaves dynamically, implementing the same
logic as commit 39b9a5ffe661 did. The PciBase value is adjusted to the
value calculated, similarly to commit 39b9a5ffe661. A further
simplification is that we show that the UC32 area size truncation to a
whole power of two automatically guarantees a >=2GB base address.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
(cherry picked from commit 49edde15230a5bfd6746225eb95535eaa2ec1ba4)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/PlatformPei/MemDetect.c | 59 ++++++++++++++++++++++++++++++++++++++---
OvmfPkg/PlatformPei/Platform.c | 5 +++-
OvmfPkg/PlatformPei/Platform.h | 7 +++++
3 files changed, 66 insertions(+), 5 deletions(-)
diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
index 2f9e835..0c38b70 100644
--- a/OvmfPkg/PlatformPei/MemDetect.c
+++ b/OvmfPkg/PlatformPei/MemDetect.c
@@ -20,6 +20,7 @@ Module Name:
// The package level header files this module uses
//
#include <IndustryStandard/E820.h>
+#include <IndustryStandard/I440FxPiix4.h>
#include <IndustryStandard/Q35MchIch9.h>
#include <PiPei.h>
@@ -48,6 +49,8 @@ STATIC UINT32 mS3AcpiReservedMemorySize;
STATIC UINT16 mQ35TsegMbytes;
+UINT32 mQemuUc32Base;
+
VOID
Q35TsegMbytesInitialization (
VOID
@@ -104,6 +107,54 @@ Q35TsegMbytesInitialization (
}
+VOID
+QemuUc32BaseInitialization (
+ VOID
+ )
+{
+ UINT32 LowerMemorySize;
+ UINT32 Uc32Size;
+
+ if (mXen) {
+ return;
+ }
+
+ if (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
+ //
+ // On q35, the 32-bit area that we'll mark as UC, through variable MTRRs,
+ // starts at PcdPciExpressBaseAddress. The platform DSC is responsible for
+ // setting PcdPciExpressBaseAddress such that describing the
+ // [PcdPciExpressBaseAddress, 4GB) range require a very small number of
+ // variable MTRRs (preferably 1 or 2).
+ //
+ ASSERT (FixedPcdGet64 (PcdPciExpressBaseAddress) <= MAX_UINT32);
+ mQemuUc32Base = (UINT32)FixedPcdGet64 (PcdPciExpressBaseAddress);
+ return;
+ }
+
+ ASSERT (mHostBridgeDevId == INTEL_82441_DEVICE_ID);
+ //
+ // On i440fx, start with the [LowerMemorySize, 4GB) range. Make sure one
+ // variable MTRR suffices by truncating the size to a whole power of two,
+ // while keeping the end affixed to 4GB. This will round the base up.
+ //
+ LowerMemorySize = GetSystemMemorySizeBelow4gb ();
+ Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - LowerMemorySize));
+ mQemuUc32Base = (UINT32)(SIZE_4GB - Uc32Size);
+ //
+ // Assuming that LowerMemorySize is at least 1 byte, Uc32Size is at most 2GB.
+ // Therefore mQemuUc32Base is at least 2GB.
+ //
+ ASSERT (mQemuUc32Base >= BASE_2GB);
+
+ if (mQemuUc32Base != LowerMemorySize) {
+ DEBUG ((DEBUG_VERBOSE, "%a: rounded UC32 base from 0x%x up to 0x%x, for "
+ "an UC32 size of 0x%x\n", __FUNCTION__, LowerMemorySize, mQemuUc32Base,
+ Uc32Size));
+ }
+}
+
+
/**
Iterate over the RAM entries in QEMU's fw_cfg E820 RAM map that start outside
of the 32-bit address range.
@@ -694,11 +745,11 @@ QemuInitializeRam (
ASSERT_EFI_ERROR (Status);
//
- // Set memory range from the "top of lower RAM" (RAM below 4GB) to 4GB as
- // uncacheable
+ // Set the memory range from the start of the 32-bit MMIO area (32-bit PCI
+ // MMIO aperture on i440fx, PCIEXBAR on q35) to 4GB as uncacheable.
//
- Status = MtrrSetMemoryAttribute (LowerMemorySize,
- SIZE_4GB - LowerMemorySize, CacheUncacheable);
+ Status = MtrrSetMemoryAttribute (mQemuUc32Base, SIZE_4GB - mQemuUc32Base,
+ CacheUncacheable);
ASSERT_EFI_ERROR (Status);
}
}
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index 64b8034..de19f5c 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -197,7 +197,8 @@ MemMapInitialization (
ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB);
PciBase = (UINT32)(PciExBarBase + SIZE_256MB);
} else {
- PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam;
+ ASSERT (TopOfLowRam <= mQemuUc32Base);
+ PciBase = mQemuUc32Base;
}
//
@@ -656,6 +657,8 @@ InitializePlatform (
PublishPeiMemory ();
+ QemuUc32BaseInitialization ();
+
InitializeRamRegions ();
if (mXen) {
diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
index b12a5c1..2b486ce 100644
--- a/OvmfPkg/PlatformPei/Platform.h
+++ b/OvmfPkg/PlatformPei/Platform.h
@@ -69,6 +69,11 @@ GetSystemMemorySizeBelow4gb (
);
VOID
+QemuUc32BaseInitialization (
+ VOID
+ );
+
+VOID
InitializeRamRegions (
VOID
);
@@ -120,4 +125,6 @@ extern UINT32 mMaxCpuCount;
extern UINT16 mHostBridgeDevId;
+extern UINT32 mQemuUc32Base;
+
#endif // _PLATFORM_PEI_H_INCLUDED_
--
1.8.3.1

109
SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
View File

@ -1,109 +0,0 @@
From d362291ada9ee22316e3c069dc788c4c801b0796 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 4 Jun 2019 11:06:44 +0200
Subject: [PATCH 2/3] OvmfPkg: raise the PCIEXBAR base to 2816 MB on Q35
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-id: <20190604090645.2847-3-lersek@redhat.com>
Patchwork-id: 88481
O-Subject: [RHEL-8.1.0 edk2 PATCH v2 2/3] OvmfPkg: raise the PCIEXBAR base to
2816 MB on Q35
Bugzilla: 1666941
Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
(This is a replacement for commit 75136b29541b, "OvmfPkg/PlatformPei:
reorder the 32-bit PCI window vs. the PCIEXBAR on q35", 2019-05-16).
Commit 7b8fe63561b4 ("OvmfPkg: PlatformPei: enable PCIEXBAR (aka MMCONFIG
/ ECAM) on Q35", 2016-03-10) claimed that,
On Q35 machine types that QEMU intends to support in the long term, QEMU
never lets the RAM below 4 GB exceed 2 GB.
Alas, this statement came from a misunderstanding that occurred while we
worked out the interface contract. In fact QEMU does allow the 32-bit RAM
extend up to 0xB000_0000 (exclusive), in case the RAM size falls in the
range (0x8000_0000, 0xB000_0000) (i.e., the RAM size is greater than
2048MB and smaller than 2816MB).
In turn, such a RAM size (justifiedly) triggers
ASSERT (TopOfLowRam <= PciExBarBase);
in MemMapInitialization(), because we placed the 256MB PCIEXBAR at
0x8000_0000 (2GB) exactly, relying on the interface contract. (And, the
32-bit PCI window would follow the PCIEXBAR, covering the [0x9000_0000,
0xFC00_0000) range.)
In order to fix this, place the PCIEXBAR at 2816MB (0xB000_0000), and
start the 32-bit PCI window at 3 GB (0xC000_0000). This shrinks the 32-bit
PCI window to
0xFC00_0000 - 0xC000_0000 = 0x3C00_0000 = 960 MB.
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
(cherry picked from commit b07de0974b65a6a393c2d477427d1d6c7acce002)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 4 ++--
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++--
OvmfPkg/OvmfPkgX64.dsc | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index bbf5e38..cf5f2ea 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -497,8 +497,8 @@
# the PCIEXBAR register.
#
# On Q35 machine types that QEMU intends to support in the long term, QEMU
- # never lets the RAM below 4 GB exceed 2 GB.
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
+ # never lets the RAM below 4 GB exceed 2816 MB.
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 3ec1b91..5a24065 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -502,8 +502,8 @@
# the PCIEXBAR register.
#
# On Q35 machine types that QEMU intends to support in the long term, QEMU
- # never lets the RAM below 4 GB exceed 2 GB.
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
+ # never lets the RAM below 4 GB exceed 2816 MB.
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index ea54b4b..6ab50c9 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -502,8 +502,8 @@
# the PCIEXBAR register.
#
# On Q35 machine types that QEMU intends to support in the long term, QEMU
- # never lets the RAM below 4 GB exceed 2 GB.
- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
+ # never lets the RAM below 4 GB exceed 2816 MB.
+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
!ifdef $(SOURCE_DEBUG_ENABLE)
gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
--
1.8.3.1

28
SOURCES/ovmf-vars-generator
View File

@ -1,4 +1,4 @@
#!/bin/python
#!/bin/python3
# Copyright (C) 2017 Red Hat
# Authors:
# - Patrick Uiterwijk <puiterwijk@redhat.com>
@ -32,13 +32,23 @@ def generate_qemu_cmd(args, readonly, *extra_args):
else:
machinetype = 'q35,smm=on'
machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg')
if args.oem_string is None:
oemstrings = []
else:
oemstring_values = [
",value=" + s.replace(",", ",,") for s in args.oem_string ]
oemstrings = [
'-smbios',
"type=11" + ''.join(oemstring_values) ]
return [
args.qemu_binary,
'-machine', machinetype,
'-display', 'none',
'-no-user-config',
'-nodefaults',
'-m', '256',
'-m', '768',
'-smp', '2,sockets=2,cores=1,threads=1',
'-chardev', 'pty,id=charserial1',
'-device', 'isa-serial,chardev=charserial1,id=serial1',
@ -50,7 +60,7 @@ def generate_qemu_cmd(args, readonly, *extra_args):
'-drive',
'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % (
args.out_temp, 'on' if readonly else 'off'),
'-serial', 'stdio'] + list(extra_args)
'-serial', 'stdio'] + oemstrings + list(extra_args)
def download(url, target, suffix, no_download):
@ -98,6 +108,10 @@ def enroll_keys(args):
read = p.stdout.readline()
if b'char device redirected' in read:
read = p.stdout.readline()
# Skip passed QEMU warnings, like the following one we see in Ubuntu:
# qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
while b'qemu-system-x86_64: warning:' in read:
read = p.stdout.readline()
if args.print_output:
print(strip_special(read), end='')
print()
@ -213,6 +227,14 @@ def parse_args():
'used for testing, could undermine Secure '
'Boot.'),
action='store_true')
parser.add_argument('--oem-string',
help=('Pass the argument to the guest as a string in '
'the SMBIOS Type 11 (OEM Strings) table. '
'Multiple occurrences of this option are '
'collected into a single SMBIOS Type 11 table. '
'A pure ASCII string argument is strongly '
'suggested.'),
action='append')
args = parser.parse_args()
args.kernel_url = args.kernel_url % {'version': args.fedora_version}

155
SPECS/edk2.spec
View File

@ -1,16 +1,16 @@
ExclusiveArch: x86_64 aarch64
%define GITDATE 20190308
%define GITCOMMIT 89910a39dcfd
%define GITDATE 20190829
%define GITCOMMIT 37eef91017ad
%define TOOLCHAIN GCC5
%define OPENSSL_VER 1.1.0i
%define OPENSSL_VER 1.1.1c
Name: edk2
Version: %{GITDATE}git%{GITCOMMIT}
Release: 4%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
Group: Applications/Emulators
License: BSD and OpenSSL and MIT
License: BSD-2-Clause-Patent and OpenSSL and MIT
URL: http://www.tianocore.org
# The source tarball is created using following commands:
@ -19,37 +19,52 @@ URL: http://www.tianocore.org
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
Source3: ovmf-vars-generator
Source4: LICENSE.qosb
Source5: RedHatSecureBootPkKek1.pem
Source10: edk2-aarch64-verbose.json
Source11: edk2-aarch64.json
Source12: edk2-ovmf-sb.json
Source13: edk2-ovmf.json
Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
Patch0006: 0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
Patch0007: 0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch0008: 0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch0009: 0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
Patch0012: 0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
Patch0016: 0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Patch0017: 0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
Patch0018: 0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0026: 0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
Patch27: edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
Patch28: edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
Patch0001: 0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch
Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
Patch0006: 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
Patch0007: 0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
Patch0008: 0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
Patch0009: 0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
Patch0010: 0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch0011: 0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch0012: 0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
Patch0013: 0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch0014: 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
Patch0015: 0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
Patch0016: 0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
Patch0017: 0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
Patch0018: 0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Patch0019: 0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
Patch0020: 0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
Patch0021: 0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
Patch0022: 0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0033: 0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch34: edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch35: edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch36: edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch37: edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch38: edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch39: edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch40: edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch
# For bz#1536624 - HTTPS enablement in OVMF
Patch41: edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch
# python3-devel and libuuid-devel are required for building tools.
@ -72,11 +87,11 @@ BuildRequires: genisoimage
# For generating the variable store template with the default certificates
# enrolled, we need qemu-kvm.
BuildRequires: qemu-kvm
BuildRequires: qemu-kvm >= 2.12.0-89
# For verifying SB enablement in the above variable store template, we need a
# guest kernel that prints "Secure boot enabled".
BuildRequires: kernel-core
BuildRequires: kernel-core >= 4.18.0-161
BuildRequires: rpmdevtools
%package ovmf
@ -88,7 +103,7 @@ Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
# library.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD and OpenSSL
License: BSD-2-Clause-Patent and OpenSSL
# URL taken from the Maintainers.txt file.
URL: http://www.tianocore.org/ovmf/
@ -107,7 +122,7 @@ Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD and OpenSSL
License: BSD-2-Clause-Patent and OpenSSL
# URL taken from the Maintainers.txt file.
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
@ -121,7 +136,7 @@ package contains a 64-bit build.
%package tools
Summary: EFI Development Kit II Tools
Group: Development/Tools
License: BSD
License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
%description tools
This package provides tools that are needed to
@ -131,7 +146,7 @@ build EFI executables and ROMs using the GNU tools.
Summary: Documentation for EFI Development Kit II Tools
Group: Development/Tools
BuildArch: noarch
License: BSD
License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
%description tools-doc
This package documents the tools that are needed to
@ -145,9 +160,6 @@ environment for the UEFI and PI specifications. This package contains sample
%prep
%setup -q -n edk2-%{GITCOMMIT}
# Ensure binary packages are not used
rm -rf ShellBinPkg
%{lua:
tmp = os.tmpname();
f = io.open(tmp, "w+");
@ -187,6 +199,18 @@ cp -a -- %{SOURCE1} %{SOURCE3} .
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# Format the Red Hat-issued certificate that is to be enrolled as both Platform
# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping
# the PEM header and footer, and prepending the textual representation of the
# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi",
# plus the separator ":". For details, see
# <https://bugzilla.tianocore.org/show_bug.cgi?id=1747> comments 2, 7, 14.
sed \
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
-e '/^-----END CERTIFICATE-----$/d' \
%{SOURCE5} \
> PkKek1.oemstr
# Done by %setup, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
@ -206,15 +230,17 @@ fi
CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE"
%ifarch x86_64
# Build with neither SB nor SMM; include UEFI shell.
build ${CC_FLAGS} -D FD_SIZE_4MB -a X64 -p OvmfPkg/OvmfPkgX64.dsc
build ${CC_FLAGS} -D TPM2_ENABLE -D FD_SIZE_4MB -a X64 \
-p OvmfPkg/OvmfPkgX64.dsc
# Build with SB and SMM; exclude UEFI shell.
build -D SECURE_BOOT_ENABLE -D EXCLUDE_SHELL_FROM_FD ${CC_FLAGS} \
-a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc -D SMM_REQUIRE \
-D FD_SIZE_4MB
-D TPM2_ENABLE -D FD_SIZE_4MB
# Sanity check: the varstore templates must be identical.
cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
@ -260,6 +286,7 @@ cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
--ovmf-binary Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
--ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
--uefi-shell-iso UefiShell.iso \
--oem-string "$(< PkKek1.oemstr)" \
--skip-testing \
OVMF_VARS.secboot.fd
@ -279,7 +306,7 @@ build ${CC_FLAGS} -a AARCH64 \
%install
cp -a License.txt License.edk2.txt
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware
%ifarch x86_64
@ -388,8 +415,9 @@ install BaseTools/Scripts/GccBase.lds \
%endif
%defattr(-,root,root,-)
%license License.edk2.txt
%license OvmfPkg/License.txt
%license License.txt
%license License.OvmfPkg.txt
%license License-History.txt
%license LICENSE.openssl
%dir %{_datadir}/%{name}/
%dir %{_datadir}/qemu
@ -435,6 +463,7 @@ install BaseTools/Scripts/GccBase.lds \
%files tools
%license License.txt
%license License-History.txt
%{_bindir}/Brotli
%{_bindir}/DevicePath
%{_bindir}/EfiRom
@ -481,6 +510,47 @@ true
%endif
%changelog
* Wed Dec 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-4.el8
- edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301]
- edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301]
- Resolves: bz#1778301
(re-enable Secure Boot (varstore template) verification in %check)
* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-3.el8
- Update used openssl version [bz#1616029]
- Resolves: bz#1616029
(rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1)
* Mon Dec 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-2.el8
- edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624]
- edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624]
- edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624]
- edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624]
- edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624]
- edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624]
- edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624]
- edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624]
- edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624]
- Resolves: bz#1536624
(HTTPS enablement in OVMF)
* Fri Nov 29 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-1.el8
- Rebase to edk2-stable201908 [bz#1748180]
- Resolves: bz#1748180
((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2)
* Mon Aug 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-6.el8
- edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch [bz#1714446]
- edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch [bz#1714446]
- edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch [bz#1714446]
- Resolves: bz#1714446
(edk2-aarch64 silent build is not silent enough)
* Tue Jul 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-5.el8
- edk2-redhat-add-D-TPM2_ENABLE-to-the-edk2-ovmf-build-flag.patch [bz#1693205]
- Resolves: bz#1693205
(edk2: Enable TPM2 support)
* Tue Jun 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-4.el8
- edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch [bz#1666941]
- edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch [bz#1666941]
@ -492,9 +562,6 @@ true
- Resolves: bz#1600230
([RHEL 8.1] RFE: provide firmware descriptor meta-files for the edk2-ovmf and edk2-aarch64 firmware images)
* Mon Apr 08 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20190308git89910a39dcfd-1.el8
- Rebase to edk2-20190308git89910a39dcfd
* Mon Jan 21 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20180508gitee3198e672e2-9.el8
- edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1662184]
- edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch [bz#1662184]