From 9d13c29e10f43fa250f5de44b35cbd2fcc929326 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 10:07:21 -0400 Subject: [PATCH] import edk2-20220126gitbb1bba3d77-3.el8 --- .edk2.metadata | 2 +- .gitignore | 2 +- ...ecretPei-Mark-SEV-launch-secret-area.patch | 50 +++++++++++++++++++ SPECS/edk2.spec | 16 +++++- 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch diff --git a/.edk2.metadata b/.edk2.metadata index 3ad7168..f94394e 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz -801c454f41332e2dcc783983e65a6930ee7cb810 SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz +50747c8a7bb55619b69e95683c7c4172d52d1974 SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz diff --git a/.gitignore b/.gitignore index 345e141..e3ae634 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/edk2-bb1bba3d77.tar.xz -SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz +SOURCES/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz diff --git a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch new file mode 100644 index 0000000..94d6eb6 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch @@ -0,0 +1,50 @@ +From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001 +From: Dov Murik +Date: Tue, 4 Jan 2022 15:16:40 +0800 +Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as + reserved + +RH-Author: Pawel Polawski +RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved +RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2) +RH-Bugzilla: 2041754 +RH-Acked-by: Oliver Steffen + +Mark the SEV launch secret MEMFD area as reserved, which will allow the +guest OS to use it during the lifetime of the OS, without creating +copies of the sensitive content. + +Cc: Ard Biesheuvel +Cc: Jordan Justen +Cc: Gerd Hoffmann +Cc: Brijesh Singh +Cc: Erdem Aktas +Cc: James Bottomley +Cc: Jiewen Yao +Cc: Min Xu +Cc: Tom Lendacky +Cc: Tobin Feldman-Fitzthum +Signed-off-by: Dov Murik +Acked-by: Gerd Hoffmann +Acked-by: Jiewen Yao +Reviewed-by: Brijesh Singh +--- + OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c +index db94c26b54..6bf1a55dea 100644 +--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c ++++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c +@@ -19,7 +19,7 @@ InitializeSecretPei ( + BuildMemoryAllocationHob ( + PcdGet32 (PcdSevLaunchSecretBase), + ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE), +- EfiBootServicesData ++ EfiReservedMemoryType + ); + + return EFI_SUCCESS; +-- +2.27.0 + diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index a536ac5..95ba556 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 1%{?dist}.test +Release: 3%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT @@ -19,7 +19,7 @@ URL: http://www.tianocore.org # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz +Source2: openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb Source5: RedHatSecureBootPkKek1.pem @@ -49,6 +49,8 @@ Patch0023: 0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch Patch0024: 0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +# For bz#2112307 - Mark SEV launch secret area as reserved +Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch # python3-devel and libuuid-devel are required for building tools. @@ -493,6 +495,16 @@ true %endif %changelog +* Tue Aug 02 2022 Camilla Conte - 20220126gitbb1bba3d77-3 +- Bumping OpenSSL version [bz# 2074834] +- Resolves: bz# 2074834 + (edk2: sync openssl sources with rhel openssl rpm) + +* Tue Mar 01 2022 Jon Maloy - 20220126gitbb1bba3d77-2 +- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2112307] +- Resolves: bz#2112307 + (Mark SEV launch secret area as reserved) + * Wed Feb 02 2022 Jon Maloy - 20220126gitbb1bba3d77-1.el8 - Rebase to latest upstream release [bz#2018386] - Resolves: bz#2018386