import edk2-20220126gitbb1bba3d77-3.el8

2022-09-27 10:07:21 -04:00 · 2022-09-27 10:07:21 -04:00 · 9d13c29e10
commit 9d13c29e10
parent 077a31008e
4 changed files with 66 additions and 4 deletions
--- a/.edk2.metadata
+++ b/.edk2.metadata
@ -1,2 +1,2 @@
 ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
-801c454f41332e2dcc783983e65a6930ee7cb810 SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
+50747c8a7bb55619b69e95683c7c4172d52d1974 SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
 SOURCES/edk2-bb1bba3d77.tar.xz
-SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
+SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
--- a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
+++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
@ -0,0 +1,50 @@
+From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001
+From: Dov Murik <dovmurik@linux.ibm.com>
+Date: Tue, 4 Jan 2022 15:16:40 +0800
+Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
+ reserved
+
+RH-Author: Pawel Polawski <None>
+RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
+RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2)
+RH-Bugzilla: 2041754
+RH-Acked-by: Oliver Steffen <None>
+
+Mark the SEV launch secret MEMFD area as reserved, which will allow the
+guest OS to use it during the lifetime of the OS, without creating
+copies of the sensitive content.
+
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jordan Justen <jordan.l.justen@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+Cc: Brijesh Singh <brijesh.singh@amd.com>
+Cc: Erdem Aktas <erdemaktas@google.com>
+Cc: James Bottomley <jejb@linux.ibm.com>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Min Xu <min.m.xu@intel.com>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
+Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
+Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
+---
+ OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+index db94c26b54..6bf1a55dea 100644
+--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+@@ -19,7 +19,7 @@ InitializeSecretPei (
+   BuildMemoryAllocationHob (
+     PcdGet32 (PcdSevLaunchSecretBase),
+     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
+-    EfiBootServicesData
+    EfiReservedMemoryType
+     );
+ 
+   return EFI_SUCCESS;
+-- 
+2.27.0
+
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    1%{?dist}.test
+Release:    3%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@ -19,7 +19,7 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
+Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
 Source3: ovmf-vars-generator
 Source4: LICENSE.qosb
 Source5: RedHatSecureBootPkKek1.pem
@ -49,6 +49,8 @@ Patch0023: 0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
 Patch0024: 0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
 Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
 Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
+# For bz#2112307 - Mark SEV launch secret area as reserved
+Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch


 # python3-devel and libuuid-devel are required for building tools.
@ -493,6 +495,16 @@ true
 %endif

 %changelog
+* Tue Aug 02 2022 Camilla Conte <cconte@redhat.com> - 20220126gitbb1bba3d77-3
+- Bumping OpenSSL version [bz# 2074834]
+- Resolves: bz# 2074834
+  (edk2: sync openssl sources with rhel openssl rpm)
+
+* Tue Mar 01 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-2
+- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2112307]
+- Resolves: bz#2112307
+  (Mark SEV launch secret area as reserved)
+
 * Wed Feb 02 2022 Jon Maloy <jmaloy@redhat.com> - 20220126gitbb1bba3d77-1.el8
 - Rebase to latest upstream release [bz#2018386]
 - Resolves: bz#2018386