From dbc7a504f9d43bf0dfd59090b91873edd24f7576 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 9 Nov 2021 04:48:36 -0500 Subject: [PATCH] import edk2-20210527gite1999b264f1f-3.el8 --- .edk2.metadata | 4 +- .gitignore | 4 +- ...do-not-build-BrotliCompress-RH-only.patch} | 14 +- ...ve-package-private-Brotli-include-p.patch} | 12 +- ...-on-TianoCore-splash-screen-boot-lo.patch} | 87 ++- ...oDxe-enable-debug-messages-in-VbeShi.patch | 580 ------------------ ...max-debug-message-length-to-512-RHE.patch} | 10 +- ...minalDxe-add-other-text-resolutions-.patch | 10 +- ...minalDxe-set-xterm-resolution-on-mod.patch | 25 +- ...ResizeXterm-from-the-QEMU-command-li.patch | 49 +- ...PcdResizeXterm-from-the-QEMU-command.patch | 16 +- ...clusion-of-the-shell-from-the-firmwa.patch | 51 +- ...ntroduce-fixed-PCD-for-early-hello-m.patch | 14 +- ...rePeiCore-write-early-hello-message-.patch | 16 +- ...tPkg-set-early-hello-message-RH-only.patch | 14 +- ...mfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch | 57 +- ...DEBUG_VERBOSE-0x00400000-in-QemuVide.patch | 66 +- ...ce-DEBUG_VERBOSE-0x00400000-in-QemuR.patch | 18 +- ...bDxe-Do-not-report-DXE-failure-on-Aa.patch | 10 +- ...EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch | 61 +- ...lLib-list-RHEL8-specific-OpenSSL-fil.patch | 94 ++- ...lLoaderFsDxe-suppress-error-on-no-k.patch} | 24 +- ...oadImageLib-handle-EFI_ACCESS_DENIED.patch | 83 --- ...se-generic-QEMU-image-loader-for-sec.patch | 184 ------ ...xe-suppress-error-on-no-swtpm-in-si.patch} | 28 +- ...OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch | 386 ------------ ...aCustomDecompressLib-catch-4GB-uncom.patch | 101 --- ...titionDxe-Ignore-PMBR-BootIndicator-.patch | 73 +++ ...Dxe-assert-that-IScsiBinToHex-always.patch | 13 +- ...Dxe-check-IScsiHexToBin-return-value.patch | 13 +- ...Dxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch | 17 +- ...Dxe-clean-up-library-class-dependenc.patch | 17 +- ...Dxe-fix-IScsiHexToBin-buffer-overflo.patch | 13 +- ...csiDxe-fix-IScsiHexToBin-hex-parsing.patch | 13 +- ...Dxe-fix-potential-integer-overflow-i.patch | 13 +- ...Dxe-reformat-IScsiHexToBin-leading-c.patch | 17 +- ...Dxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch | 17 +- ...Dxe-wrap-IScsiCHAP-source-files-to-8.patch | 17 +- ...ugSmm-fix-CPU-hotplug-race-just-afte.patch | 120 ---- ...ugSmm-fix-CPU-hotplug-race-just-befo.patch | 91 --- ...emuLoadImageLib-log-Not-Found-at-INF.patch | 50 -- ...ol2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch | 140 ----- ...CpuDxeSmm-pause-in-WaitForSemaphore-.patch | 105 ---- SOURCES/edk2-ovmf-cc.json | 33 + SPECS/edk2.spec | 154 +++-- 45 files changed, 752 insertions(+), 2182 deletions(-) rename SOURCES/{0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch => 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch} (72%) rename SOURCES/{0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch => 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch} (80%) rename SOURCES/{0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch => 0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch} (90%) delete mode 100644 SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch rename SOURCES/{0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch => 0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch} (90%) rename SOURCES/{edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch => 0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch} (79%) delete mode 100644 SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch delete mode 100644 SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch rename SOURCES/{edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch => 0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch} (77%) delete mode 100644 SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch delete mode 100644 SOURCES/edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch create mode 100644 SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch delete mode 100644 SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch delete mode 100644 SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch delete mode 100644 SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch delete mode 100644 SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch delete mode 100644 SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch create mode 100644 SOURCES/edk2-ovmf-cc.json diff --git a/.edk2.metadata b/.edk2.metadata index de66e51..e053625 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ -3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz -627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +858fffdab12810fb170144ffe1a9c39e9fface80 SOURCES/edk2-e1999b264f1f.tar.xz +4c1a80504b0bd3ce87fd9baa30836142620af1eb SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/.gitignore b/.gitignore index e8df3bf..ffcb5d4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/edk2-ca407c7246bf.tar.xz -SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +SOURCES/edk2-e1999b264f1f.tar.xz +SOURCES/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz diff --git a/SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch similarity index 72% rename from SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch rename to SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch index fb01acf..78d65ea 100644 --- a/SOURCES/0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch +++ b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch @@ -1,8 +1,13 @@ -From db8ccca337e2c5722c1d408d2541cf653d3371a2 Mon Sep 17 00:00:00 2001 +From dca56cf4d28bbbb1d3be029ce9a6710cb3f6cd2f Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:34:12 +0200 Subject: BaseTools: do not build BrotliCompress (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -16,15 +21,16 @@ submodules (RH only"). Do not attempt to build BrotliCompress. Signed-off-by: Laszlo Ersek +(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2) --- BaseTools/Source/C/GNUmakefile | 1 - 1 file changed, 1 deletion(-) diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile -index df4eb64ea9..52777eaff1 100644 +index 8c191e0c38..3eae824a1c 100644 --- a/BaseTools/Source/C/GNUmakefile +++ b/BaseTools/Source/C/GNUmakefile -@@ -45,7 +45,6 @@ all: makerootdir subdirs +@@ -48,7 +48,6 @@ all: makerootdir subdirs LIBRARIES = Common VFRAUTOGEN = VfrCompile/VfrLexer.h APPLICATIONS = \ @@ -33,5 +39,5 @@ index df4eb64ea9..52777eaff1 100644 EfiRom \ GenFfs \ -- -2.18.1 +2.27.0 diff --git a/SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch similarity index 80% rename from SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch rename to SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch index 718a35f..6046944 100644 --- a/SOURCES/0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch +++ b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch @@ -1,8 +1,13 @@ -From e05e0de713c4a2b8adb6ff9809611f222bfe50ed Mon Sep 17 00:00:00 2001 +From 9729dd1d6b83961d531e29777d0cc4a610b108be Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 4 Jun 2020 13:39:08 +0200 Subject: MdeModulePkg: remove package-private Brotli include path (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -20,12 +25,13 @@ platforms, and we've removed the submodule earlier in this patch set, remove the include path too. Signed-off-by: Laszlo Ersek +(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed) --- MdeModulePkg/MdeModulePkg.dec | 3 --- 1 file changed, 3 deletions(-) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index 4f44af6948..031043ec28 100644 +index 8d38383915..ba2d0290e7 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -24,9 +24,6 @@ @@ -39,5 +45,5 @@ index 4f44af6948..031043ec28 100644 ## @libraryclass Defines a set of methods to reset whole system. ResetSystemLib|Include/Library/ResetSystemLib.h -- -2.18.1 +2.27.0 diff --git a/SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch similarity index 90% rename from SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch rename to SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch index e41f5cd..6fb626e 100644 --- a/SOURCES/0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ b/SOURCES/0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -1,8 +1,24 @@ -From cee80878b19e51d9b3c63335c681f152dcc59764 Mon Sep 17 00:00:00 2001 +From 8c815e04dda7897899dfa011063f779280cd4d5d Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 11 Jun 2014 23:33:33 +0200 Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC/FDF change to the new OvmfPkg/AmdSev platform, which has + been introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base + commit to build encrypted boot specific OVMF", 2020-12-14), for + TianoCore#3077. + + We've always patched all those DSC/FDF files in OvmfPkg down-stream that + made sense at least in theory on QEMU. (For example, we've always + patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never + build or ship the pure IA32 firmware platform.) Follow suit with + "AmdSevX64.dsc" and "AmdSevX64.fdf". + + "AmdSevX64.dsc" consumes OpenSSL when built with "-D TPM_ENABLE". + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -151,6 +167,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) (cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849) (cherry picked from commit 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2) +(cherry picked from commit cee80878b19e51d9b3c63335c681f152dcc59764) --- ArmVirtPkg/ArmVirtQemu.dsc | 2 +- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- @@ -159,23 +176,25 @@ Signed-off-by: Laszlo Ersek MdeModulePkg/Logo/Logo-OpenSSL.idf | 10 +++++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 56 +++++++++++++++++++++++++++ MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 17 ++++++++ + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- + OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32.fdf | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/OvmfPkgX64.fdf | 2 +- - 13 files changed, 92 insertions(+), 9 deletions(-) + 15 files changed, 94 insertions(+), 11 deletions(-) create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 3f649c91d8..360094ab6a 100644 +index 7ef5e7297b..54d637163c 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -424,7 +424,7 @@ +@@ -433,7 +433,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf @@ -185,10 +204,10 @@ index 3f649c91d8..360094ab6a 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index a2f4bd62c8..9b94043085 100644 +index 5b1d100575..6cdbfc39be 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -193,7 +193,7 @@ READ_LOCK_STATUS = TRUE +@@ -196,7 +196,7 @@ READ_LOCK_STATUS = TRUE # # TianoCore logo (splash screen) # @@ -198,10 +217,10 @@ index a2f4bd62c8..9b94043085 100644 # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 2a6fd6bc06..d186263e18 100644 +index a542fcb157..f598ac6a85 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -363,7 +363,7 @@ +@@ -369,7 +369,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf @@ -531,11 +550,37 @@ index 0000000000..6439502b6a + +#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." + +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 66bbbc80cd..52bcae6cf6 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -688,7 +688,7 @@ + PcAtChipsetPkg/PcatRealTimeClockRuntimeDxe/PcatRealTimeClockRuntimeDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf +index dd0030dbf1..fa5e484e63 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.fdf ++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf +@@ -279,7 +279,7 @@ INF OvmfPkg/AmdSev/Grub/Grub.inf + INF ShellPkg/Application/Shell/Shell.inf + !endif + +-INF MdeModulePkg/Logo/LogoDxe.inf ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Usb Support diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d0df9cbbfb..f8317a4f5d 100644 +index 33fbd76790..d8f03caa30 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -750,7 +750,7 @@ +@@ -777,7 +777,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -545,10 +590,10 @@ index d0df9cbbfb..f8317a4f5d 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index e2b759aa8d..ec64551bcb 100644 +index b3c8b56f3b..e3b1d74ce2 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -294,7 +294,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -300,7 +300,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -558,10 +603,10 @@ index e2b759aa8d..ec64551bcb 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index b3ae62fee9..55423d356c 100644 +index b13e5cfd90..312577ebae 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -764,7 +764,7 @@ +@@ -791,7 +791,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -571,10 +616,10 @@ index b3ae62fee9..55423d356c 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index bfca1eff9e..2f02ac2d73 100644 +index 86592c2364..f7732382d4 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -301,7 +301,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -584,10 +629,10 @@ index bfca1eff9e..2f02ac2d73 100644 # # Network modules diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index f7fe75ebf5..17aeeed96e 100644 +index 999738dc39..d72a00e6b4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -760,7 +760,7 @@ +@@ -789,7 +789,7 @@ NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } @@ -597,10 +642,10 @@ index f7fe75ebf5..17aeeed96e 100644 NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index bfca1eff9e..2f02ac2d73 100644 +index d6be798fca..137ed6bceb 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -295,7 +295,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf +@@ -313,7 +313,7 @@ INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -610,5 +655,5 @@ index bfca1eff9e..2f02ac2d73 100644 # # Network modules -- -2.18.1 +2.27.0 diff --git a/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch deleted file mode 100644 index ee4a8e6..0000000 --- a/SOURCES/0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +++ /dev/null @@ -1,580 +0,0 @@ -From 99da4393139d428baf09d751af3d072229839126 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 12 Jun 2014 00:17:59 +0200 -Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- no changes - -Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> -RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: - -- no changes - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no changes - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- update commit message as requested in - - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -The Int10h VBE Shim is capable of emitting short debug messages when the -win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet -version is preferred; for us debug messages are important as a default. - -For this patch, the DEBUG macro is enabled in the assembly file, and then -the header file is regenerated from the assembly, by running -"OvmfPkg/QemuVideoDxe/VbeShim.sh". - -"VbeShim.h" is not auto-generated; it is manually generated. The patch -does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the -manually re-generated) "VbeShim.h" atomically. Doing so helps with local -downstream builds, with bisection, and also keeps redhat/README a bit -simpler. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) -(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) -(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) -(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba) -(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e) -(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471) -(cherry picked from commit 3aa0316ea1db5416cb528179a3ba5ce37c1279b7) ---- - OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- - OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- - 2 files changed, 308 insertions(+), 175 deletions(-) - -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm -index 1d284b2641..0d5cfaf1e4 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.asm -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm -@@ -12,7 +12,7 @@ - ;------------------------------------------------------------------------------ - - ; enable this macro for debug messages --;%define DEBUG -+%define DEBUG - - %macro DebugLog 1 - %ifdef DEBUG -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h -index cc9b6e14cd..325d6478a1 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.h -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h -@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { - /* 000001FE nop */ 0x90, - /* 000001FF nop */ 0x90, - /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, -- /* 00000203 jz 0x22d */ 0x74, 0x28, -+ /* 00000203 jz 0x235 */ 0x74, 0x30, - /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, -- /* 00000208 jz 0x245 */ 0x74, 0x3B, -+ /* 00000208 jz 0x255 */ 0x74, 0x4B, - /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, -- /* 0000020D jz 0x269 */ 0x74, 0x5A, -+ /* 0000020D jz 0x289 */ 0x74, 0x7A, - /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, -- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, -+ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, - /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, -- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, -+ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, - /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, -- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, -+ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, - /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, -- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, -- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, -- /* 0000022D push es */ 0x06, -- /* 0000022E push di */ 0x57, -- /* 0000022F push ds */ 0x1E, -- /* 00000230 push si */ 0x56, -- /* 00000231 push cx */ 0x51, -- /* 00000232 push cs */ 0x0E, -- /* 00000233 pop ds */ 0x1F, -- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, -- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000023A cld */ 0xFC, -- /* 0000023B rep movsb */ 0xF3, 0xA4, -- /* 0000023D pop cx */ 0x59, -- /* 0000023E pop si */ 0x5E, -- /* 0000023F pop ds */ 0x1F, -- /* 00000240 pop di */ 0x5F, -- /* 00000241 pop es */ 0x07, -- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, -- /* 00000245 push es */ 0x06, -- /* 00000246 push di */ 0x57, -- /* 00000247 push ds */ 0x1E, -- /* 00000248 push si */ 0x56, -- /* 00000249 push cx */ 0x51, -- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -- /* 00000252 jz 0x256 */ 0x74, 0x02, -- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, -- /* 00000256 push cs */ 0x0E, -- /* 00000257 pop ds */ 0x1F, -- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, -- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000025E cld */ 0xFC, -- /* 0000025F rep movsb */ 0xF3, 0xA4, -- /* 00000261 pop cx */ 0x59, -- /* 00000262 pop si */ 0x5E, -- /* 00000263 pop ds */ 0x1F, -- /* 00000264 pop di */ 0x5F, -- /* 00000265 pop es */ 0x07, -- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, -- /* 00000269 push dx */ 0x52, -- /* 0000026A push ax */ 0x50, -- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -- /* 0000026F jz 0x273 */ 0x74, 0x02, -- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, -- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -- /* 00000276 mov al,0x20 */ 0xB0, 0x20, -- /* 00000278 out dx,al */ 0xEE, -- /* 00000279 push dx */ 0x52, -- /* 0000027A push ax */ 0x50, -- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000281 out dx,ax */ 0xEF, -- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 00000288 out dx,ax */ 0xEF, -- /* 00000289 pop ax */ 0x58, -- /* 0000028A pop dx */ 0x5A, -- /* 0000028B push dx */ 0x52, -- /* 0000028C push ax */ 0x50, -- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, -- /* 00000293 out dx,ax */ 0xEF, -- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 0000029A out dx,ax */ 0xEF, -- /* 0000029B pop ax */ 0x58, -- /* 0000029C pop dx */ 0x5A, -- /* 0000029D push dx */ 0x52, -- /* 0000029E push ax */ 0x50, -- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -- /* 000002A5 out dx,ax */ 0xEF, -- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002AC out dx,ax */ 0xEF, -- /* 000002AD pop ax */ 0x58, -- /* 000002AE pop dx */ 0x5A, -- /* 000002AF push dx */ 0x52, -- /* 000002B0 push ax */ 0x50, -- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -- /* 000002B7 out dx,ax */ 0xEF, -- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002BE out dx,ax */ 0xEF, -- /* 000002BF pop ax */ 0x58, -- /* 000002C0 pop dx */ 0x5A, -- /* 000002C1 push dx */ 0x52, -- /* 000002C2 push ax */ 0x50, -- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -- /* 000002C9 out dx,ax */ 0xEF, -- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, -- /* 000002D0 out dx,ax */ 0xEF, -- /* 000002D1 pop ax */ 0x58, -- /* 000002D2 pop dx */ 0x5A, -- /* 000002D3 push dx */ 0x52, -- /* 000002D4 push ax */ 0x50, -- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, -- /* 000002DB out dx,ax */ 0xEF, -- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002E2 out dx,ax */ 0xEF, -- /* 000002E3 pop ax */ 0x58, -- /* 000002E4 pop dx */ 0x5A, -- /* 000002E5 push dx */ 0x52, -- /* 000002E6 push ax */ 0x50, -- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, -- /* 000002ED out dx,ax */ 0xEF, -- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002F4 out dx,ax */ 0xEF, -- /* 000002F5 pop ax */ 0x58, -- /* 000002F6 pop dx */ 0x5A, -- /* 000002F7 push dx */ 0x52, -- /* 000002F8 push ax */ 0x50, -- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, -- /* 000002FF out dx,ax */ 0xEF, -- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000306 out dx,ax */ 0xEF, -- /* 00000307 pop ax */ 0x58, -- /* 00000308 pop dx */ 0x5A, -- /* 00000309 push dx */ 0x52, -- /* 0000030A push ax */ 0x50, -- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, -- /* 00000311 out dx,ax */ 0xEF, -- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000318 out dx,ax */ 0xEF, -- /* 00000319 pop ax */ 0x58, -- /* 0000031A pop dx */ 0x5A, -- /* 0000031B push dx */ 0x52, -- /* 0000031C push ax */ 0x50, -- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000323 out dx,ax */ 0xEF, -- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, -- /* 0000032A out dx,ax */ 0xEF, -- /* 0000032B pop ax */ 0x58, -- /* 0000032C pop dx */ 0x5A, -- /* 0000032D pop ax */ 0x58, -- /* 0000032E pop dx */ 0x5A, -- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, -- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, -- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, -- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, -- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, -- /* 0000033C jz 0x345 */ 0x74, 0x07, -- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, -- /* 00000340 jz 0x349 */ 0x74, 0x07, -- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, -- /* 00000345 mov al,0x30 */ 0xB0, 0x30, -- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, -- /* 00000349 mov al,0x20 */ 0xB0, 0x20, -- /* 0000034B iretw */ 0xCF, -- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, -- /* 0000034F iretw */ 0xCF, -- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -- /* 00000353 iretw */ 0xCF, -+ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, -+ /* 0000022B push si */ 0x56, -+ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, -+ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, -+ /* 00000232 pop si */ 0x5E, -+ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, -+ /* 00000235 push es */ 0x06, -+ /* 00000236 push di */ 0x57, -+ /* 00000237 push ds */ 0x1E, -+ /* 00000238 push si */ 0x56, -+ /* 00000239 push cx */ 0x51, -+ /* 0000023A push si */ 0x56, -+ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, -+ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, -+ /* 00000241 pop si */ 0x5E, -+ /* 00000242 push cs */ 0x0E, -+ /* 00000243 pop ds */ 0x1F, -+ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, -+ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000024A cld */ 0xFC, -+ /* 0000024B rep movsb */ 0xF3, 0xA4, -+ /* 0000024D pop cx */ 0x59, -+ /* 0000024E pop si */ 0x5E, -+ /* 0000024F pop ds */ 0x1F, -+ /* 00000250 pop di */ 0x5F, -+ /* 00000251 pop es */ 0x07, -+ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, -+ /* 00000255 push es */ 0x06, -+ /* 00000256 push di */ 0x57, -+ /* 00000257 push ds */ 0x1E, -+ /* 00000258 push si */ 0x56, -+ /* 00000259 push cx */ 0x51, -+ /* 0000025A push si */ 0x56, -+ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, -+ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, -+ /* 00000261 pop si */ 0x5E, -+ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -+ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -+ /* 0000026A jz 0x276 */ 0x74, 0x0A, -+ /* 0000026C push si */ 0x56, -+ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, -+ /* 00000273 pop si */ 0x5E, -+ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, -+ /* 00000276 push cs */ 0x0E, -+ /* 00000277 pop ds */ 0x1F, -+ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, -+ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000027E cld */ 0xFC, -+ /* 0000027F rep movsb */ 0xF3, 0xA4, -+ /* 00000281 pop cx */ 0x59, -+ /* 00000282 pop si */ 0x5E, -+ /* 00000283 pop ds */ 0x1F, -+ /* 00000284 pop di */ 0x5F, -+ /* 00000285 pop es */ 0x07, -+ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, -+ /* 00000289 push dx */ 0x52, -+ /* 0000028A push ax */ 0x50, -+ /* 0000028B push si */ 0x56, -+ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, -+ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, -+ /* 00000292 pop si */ 0x5E, -+ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -+ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, -+ /* 00000299 push si */ 0x56, -+ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, -+ /* 000002A0 pop si */ 0x5E, -+ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, -+ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -+ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, -+ /* 000002A8 out dx,al */ 0xEE, -+ /* 000002A9 push dx */ 0x52, -+ /* 000002AA push ax */ 0x50, -+ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 000002B1 out dx,ax */ 0xEF, -+ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002B8 out dx,ax */ 0xEF, -+ /* 000002B9 pop ax */ 0x58, -+ /* 000002BA pop dx */ 0x5A, -+ /* 000002BB push dx */ 0x52, -+ /* 000002BC push ax */ 0x50, -+ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, -+ /* 000002C3 out dx,ax */ 0xEF, -+ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002CA out dx,ax */ 0xEF, -+ /* 000002CB pop ax */ 0x58, -+ /* 000002CC pop dx */ 0x5A, -+ /* 000002CD push dx */ 0x52, -+ /* 000002CE push ax */ 0x50, -+ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -+ /* 000002D5 out dx,ax */ 0xEF, -+ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002DC out dx,ax */ 0xEF, -+ /* 000002DD pop ax */ 0x58, -+ /* 000002DE pop dx */ 0x5A, -+ /* 000002DF push dx */ 0x52, -+ /* 000002E0 push ax */ 0x50, -+ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -+ /* 000002E7 out dx,ax */ 0xEF, -+ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002EE out dx,ax */ 0xEF, -+ /* 000002EF pop ax */ 0x58, -+ /* 000002F0 pop dx */ 0x5A, -+ /* 000002F1 push dx */ 0x52, -+ /* 000002F2 push ax */ 0x50, -+ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -+ /* 000002F9 out dx,ax */ 0xEF, -+ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, -+ /* 00000300 out dx,ax */ 0xEF, -+ /* 00000301 pop ax */ 0x58, -+ /* 00000302 pop dx */ 0x5A, -+ /* 00000303 push dx */ 0x52, -+ /* 00000304 push ax */ 0x50, -+ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, -+ /* 0000030B out dx,ax */ 0xEF, -+ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000312 out dx,ax */ 0xEF, -+ /* 00000313 pop ax */ 0x58, -+ /* 00000314 pop dx */ 0x5A, -+ /* 00000315 push dx */ 0x52, -+ /* 00000316 push ax */ 0x50, -+ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, -+ /* 0000031D out dx,ax */ 0xEF, -+ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000324 out dx,ax */ 0xEF, -+ /* 00000325 pop ax */ 0x58, -+ /* 00000326 pop dx */ 0x5A, -+ /* 00000327 push dx */ 0x52, -+ /* 00000328 push ax */ 0x50, -+ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, -+ /* 0000032F out dx,ax */ 0xEF, -+ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000336 out dx,ax */ 0xEF, -+ /* 00000337 pop ax */ 0x58, -+ /* 00000338 pop dx */ 0x5A, -+ /* 00000339 push dx */ 0x52, -+ /* 0000033A push ax */ 0x50, -+ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, -+ /* 00000341 out dx,ax */ 0xEF, -+ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000348 out dx,ax */ 0xEF, -+ /* 00000349 pop ax */ 0x58, -+ /* 0000034A pop dx */ 0x5A, -+ /* 0000034B push dx */ 0x52, -+ /* 0000034C push ax */ 0x50, -+ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 00000353 out dx,ax */ 0xEF, -+ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, -+ /* 0000035A out dx,ax */ 0xEF, -+ /* 0000035B pop ax */ 0x58, -+ /* 0000035C pop dx */ 0x5A, -+ /* 0000035D pop ax */ 0x58, -+ /* 0000035E pop dx */ 0x5A, -+ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, -+ /* 00000361 push si */ 0x56, -+ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, -+ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, -+ /* 00000368 pop si */ 0x5E, -+ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -+ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, -+ /* 0000036E push si */ 0x56, -+ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, -+ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, -+ /* 00000375 pop si */ 0x5E, -+ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, -+ /* 00000378 push si */ 0x56, -+ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, -+ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, -+ /* 0000037F pop si */ 0x5E, -+ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, -+ /* 00000382 push si */ 0x56, -+ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, -+ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, -+ /* 00000389 pop si */ 0x5E, -+ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, -+ /* 0000038C jz 0x39d */ 0x74, 0x0F, -+ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, -+ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, -+ /* 00000392 push si */ 0x56, -+ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, -+ /* 00000399 pop si */ 0x5E, -+ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, -+ /* 0000039D mov al,0x30 */ 0xB0, 0x30, -+ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, -+ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, -+ /* 000003A3 push si */ 0x56, -+ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, -+ /* 000003AA pop si */ 0x5E, -+ /* 000003AB iretw */ 0xCF, -+ /* 000003AC push si */ 0x56, -+ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, -+ /* 000003B3 pop si */ 0x5E, -+ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, -+ /* 000003B7 iretw */ 0xCF, -+ /* 000003B8 push si */ 0x56, -+ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, -+ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, -+ /* 000003BF pop si */ 0x5E, -+ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -+ /* 000003C3 iretw */ 0xCF, -+ /* 000003C4 pushaw */ 0x60, -+ /* 000003C5 push ds */ 0x1E, -+ /* 000003C6 push cs */ 0x0E, -+ /* 000003C7 pop ds */ 0x1F, -+ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, -+ /* 000003CB lodsb */ 0xAC, -+ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, -+ /* 000003CE jz 0x3d3 */ 0x74, 0x03, -+ /* 000003D0 out dx,al */ 0xEE, -+ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, -+ /* 000003D3 pop ds */ 0x1F, -+ /* 000003D4 popaw */ 0x61, -+ /* 000003D5 ret */ 0xC3, -+ /* 000003D6 inc bp */ 0x45, -+ /* 000003D7 js 0x442 */ 0x78, 0x69, -+ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, -+ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 000003DE jnc 0x455 */ 0x73, 0x75, -+ /* 000003E0 jo 0x452 */ 0x70, 0x70, -+ /* 000003E2 outsw */ 0x6F, -+ /* 000003E3 jc 0x459 */ 0x72, 0x74, -+ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, -+ /* 000003E9 push bp */ 0x55, -+ /* 000003EA outsb */ 0x6E, -+ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, -+ /* 000003EF outsb */ 0x6E, -+ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, -+ /* 000003F3 outsb */ 0x6E, -+ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, -+ /* 000003F7 outsw */ 0x6F, -+ /* 000003F8 outsb */ 0x6E, -+ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, -+ /* 000003FB inc di */ 0x47, -+ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, -+ /* 000003FF outsb */ 0x6E, -+ /* 00000400 outsd */ 0x66, 0x6F, -+ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000404 inc di */ 0x47, -+ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, -+ /* 00000408 outsw */ 0x6F, -+ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, -+ /* 0000040C outsb */ 0x6E, -+ /* 0000040D outsd */ 0x66, 0x6F, -+ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000411 inc di */ 0x47, -+ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, -+ /* 00000415 outsw */ 0x6F, -+ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000041A push bx */ 0x53, -+ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, -+ /* 0000041E outsw */ 0x6F, -+ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 00000423 push bx */ 0x53, -+ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, -+ /* 00000427 outsw */ 0x6F, -+ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, -+ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, -+ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, -+ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, -+ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, -+ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000043F inc di */ 0x47, -+ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, -+ /* 00000443 insw */ 0x6D, -+ /* 00000444 inc bx */ 0x43, -+ /* 00000445 popaw */ 0x61, -+ /* 00000446 jo 0x4a9 */ 0x70, 0x61, -+ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, -+ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, -+ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000452 push dx */ 0x52, -+ /* 00000453 gs popaw */ 0x65, 0x61, -+ /* 00000455 fs inc bp */ 0x64, 0x45, -+ /* 00000457 fs */ 0x64, -+ /* 00000458 db 0x69 */ 0x69, -+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, - }; - #endif --- -2.18.1 - diff --git a/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch similarity index 90% rename from SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch rename to SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch index eceafaa..ad9dd72 100644 --- a/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +++ b/SOURCES/0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -1,8 +1,13 @@ -From a95cff0b9573bf23699551beb4786383f697ff1e Mon Sep 17 00:00:00 2001 +From ed975a4db7c55e49ab9de1a0919baafdce9661e3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 20 Feb 2014 22:54:45 +0100 Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -54,6 +59,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a) (cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2) (cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5) +(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e) --- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -72,5 +78,5 @@ index dffb20822d..0577c43c3d 100644 // // VA_LIST can not initialize to NULL for all compiler, so we use this to -- -2.18.1 +2.27.0 diff --git a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch index e238edb..73d2995 100644 --- a/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +++ b/SOURCES/0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -1,8 +1,13 @@ -From 82b9edc5fef3a07227a45059bbe821af7b9abd69 Mon Sep 17 00:00:00 2001 +From 6901201d2cd1d943ebd41f3d65102f787540d3c4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 18:40:35 +0100 Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -101,6 +106,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37) (cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51) (cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18) +(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69) --- .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) @@ -158,5 +164,5 @@ index a98b690c8b..ded5513c74 100644 // New modes can be added here. // -- -2.18.1 +2.27.0 diff --git a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 123a180..5fe8ff6 100644 --- a/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/SOURCES/0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,9 +1,21 @@ -From bc2266f20de5db1636e09a07e4a72c8dbf505f5a Mon Sep 17 00:00:00 2001 +From 9485b38e5dbfd2e23ea6ad0585e773d7842a1903 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Resolve harmless conflict in "MdeModulePkg/MdeModulePkg.dec", + originating from new upstream commits + - 45bc28172fbf ("MdeModulePkg.dec: Change PCDs for status code.", + 2020-06-18), + - 0785c619a58a ("MdeModulePkg/Bus/Pci/PciBusDxe: Support PCIe Resizable + BAR Capability", 2021-01-04), + - ef23012e5439 ("MdeModulePkg: Change default value of + PcdPcieResizableBarSupport to FALSE", 2021-01-14). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -67,6 +79,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb) (cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc) (cherry picked from commit a11602f5e2ef930be5b693ddfd0c789a1bd4c60c) +(cherry picked from commit bc2266f20de5db1636e09a07e4a72c8dbf505f5a) --- MdeModulePkg/MdeModulePkg.dec | 4 +++ .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ @@ -74,12 +87,12 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index 031043ec28..3978a500e5 100644 +index ba2d0290e7..ff70d6e6eb 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -1998,6 +1998,10 @@ - # @Prompt TCG Platform Firmware Profile revision. - gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x00010077 +@@ -2046,6 +2046,10 @@ + # @Prompt Enable PCIe Resizable BAR Capability support. + gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024 + ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal + # mode change. @@ -164,5 +177,5 @@ index b2a8aeba85..eff6253465 100644 # [Event] # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. -- -2.18.1 +2.27.0 diff --git a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 5837240..6e2689a 100644 --- a/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/SOURCES/0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,8 +1,21 @@ -From 51e0de961029af84b5bdbfddcc9762b1819d500f Mon Sep 17 00:00:00 2001 +From 1165bbcec94a97cf1d1509df8210feb2e1db00c5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + + We've always patched all those DSC/FDF files in OvmfPkg down-stream that + made sense at least in theory on QEMU. (For example, we've always + patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never + build or ship the pure IA32 firmware platform.) Follow suit with + "AmdSevX64.dsc". + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -51,19 +64,33 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853) (cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2) (cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f) +(cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f) --- + OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/PlatformPei/Platform.c | 1 + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + - 5 files changed, 5 insertions(+) + 6 files changed, 6 insertions(+) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 52bcae6cf6..0a8cb7fd3b 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -534,6 +534,7 @@ + [PcdsDynamicDefault] + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index f8317a4f5d..6ce8a46d4e 100644 +index d8f03caa30..e6df324c7c 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -574,6 +574,7 @@ +@@ -594,6 +594,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -72,10 +99,10 @@ index f8317a4f5d..6ce8a46d4e 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 55423d356c..89d414cda7 100644 +index 312577ebae..8104fe0218 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -580,6 +580,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -84,10 +111,10 @@ index 55423d356c..89d414cda7 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 17aeeed96e..e567eb76e0 100644 +index d72a00e6b4..3c8b2649a8 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -578,6 +578,7 @@ +@@ -600,6 +600,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -108,10 +135,10 @@ index 96468701e3..14efbabe39 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index ff397b3ee9..3a012a7fa4 100644 +index 6ef77ba7bb..22425d34c0 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -93,6 +93,7 @@ +@@ -97,6 +97,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration @@ -120,5 +147,5 @@ index ff397b3ee9..3a012a7fa4 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack -- -2.18.1 +2.27.0 diff --git a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 525137d..aeb9736 100644 --- a/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/SOURCES/0015-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,8 +1,13 @@ -From a5f7a57bf390f1f340ff1d1f1884a73716817ef1 Mon Sep 17 00:00:00 2001 +From 3f9662c435278564640be672f0c4e17e535f1765 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -80,6 +85,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806) (cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04) (cherry picked from commit 8338545260fbb423f796d5196faaaf8ff6e1ed99) +(cherry picked from commit a5f7a57bf390f1f340ff1d1f1884a73716817ef1) --- ArmVirtPkg/ArmVirtQemu.dsc | 7 +++- .../TerminalPcdProducerLib.c | 34 +++++++++++++++++++ @@ -89,10 +95,10 @@ Signed-off-by: Laszlo Ersek create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 360094ab6a..3345987503 100644 +index 54d637163c..41a26c8d18 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -272,6 +272,8 @@ +@@ -280,6 +280,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0 !endif @@ -101,7 +107,7 @@ index 360094ab6a..3345987503 100644 [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS -@@ -374,7 +376,10 @@ +@@ -382,7 +384,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf @@ -193,5 +199,5 @@ index 0000000000..a51dbd1670 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES -- -2.18.1 +2.27.0 diff --git a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch index 456b8ce..165dd67 100644 --- a/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ b/SOURCES/0016-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -1,9 +1,27 @@ -From c2812d7189dee06c780f05a5880eb421c359a687 Mon Sep 17 00:00:00 2001 +From e9d9e73c317b256c0bdc6530b82a6a625d7d54db Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:53 +0100 Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- No manual / explicit code change is necessary, because the newly + inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL + build-time macro (feature test flag), with default value FALSE -- from + upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume + Package", 2020-12-14). + +- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg: + enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg: + introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by + git-cherry-pick. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -42,14 +60,7 @@ Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - no changes -Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com> -Patchwork-id: 62119 -O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell - from the firmware image (RH only) Bugzilla: 1147592 -Acked-by: Andrew Jones -Acked-by: Gerd Hoffmann -Acked-by: Vitaly Kuznetsov When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell binary from the firmware image. @@ -92,6 +103,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687) (cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4) (cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e) +(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687) --- OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ @@ -99,16 +111,17 @@ Signed-off-by: Laszlo Ersek 3 files changed, 6 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index ec64551bcb..44178a0da7 100644 +index e3b1d74ce2..969524cf3b 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -288,11 +288,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -293,12 +293,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -117,16 +130,17 @@ index ec64551bcb..44178a0da7 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 2f02ac2d73..06259c43d2 100644 +index f7732382d4..36f078556f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -294,12 +294,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -135,16 +149,17 @@ index 2f02ac2d73..06259c43d2 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 2f02ac2d73..06259c43d2 100644 +index 137ed6bceb..a5900d8377 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -289,11 +289,13 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf +@@ -306,12 +306,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf !endif INF ShellPkg/Application/Shell/Shell.inf @@ -153,5 +168,5 @@ index 2f02ac2d73..06259c43d2 100644 INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch index 63c187c..590baed 100644 --- a/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +++ b/SOURCES/0017-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -1,8 +1,13 @@ -From c75aea7a738ac7fb944c0695a4bfffc3985afaa9 Mon Sep 17 00:00:00 2001 +From 6d968342cbfa40a8192cee7c685e1c794e6053df Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:49:43 +0200 Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -60,15 +65,16 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1) (cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2) (cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc) +(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9) --- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec -index 696d636aac..1553e1ae92 100644 +index 3a25ddcdc8..b2b58553c7 100644 --- a/ArmPlatformPkg/ArmPlatformPkg.dec +++ b/ArmPlatformPkg/ArmPlatformPkg.dec -@@ -104,6 +104,13 @@ +@@ -121,6 +121,13 @@ ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 @@ -83,5 +89,5 @@ index 696d636aac..1553e1ae92 100644 ## PL031 RealTimeClock gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 -- -2.18.1 +2.27.0 diff --git a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch index 85e32b4..affbde1 100644 --- a/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +++ b/SOURCES/0018-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -1,9 +1,14 @@ -From 49fe5596cd79c94d903c4d506c563d642ccd69aa Mon Sep 17 00:00:00 2001 +From e46d1e3f4c9b301acfa15fa4089661947e8742a4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:59:20 +0200 Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial port (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -58,6 +63,7 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de) (cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf) (cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453) +(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa) --- ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ @@ -67,7 +73,7 @@ Signed-off-by: Laszlo Ersek 5 files changed, 15 insertions(+) diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c -index d379ad8b7a..ff1672f94d 100644 +index 859f1adf20..cf9e65bb7c 100644 --- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c @@ -111,6 +111,11 @@ PrimaryMain ( @@ -83,7 +89,7 @@ index d379ad8b7a..ff1672f94d 100644 // Enable the GIC Distributor diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c -index 1500d2bd51..5b0790beac 100644 +index 220f9b5680..158cc34c77 100644 --- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c @@ -29,6 +29,11 @@ PrimaryMain ( @@ -99,7 +105,7 @@ index 1500d2bd51..5b0790beac 100644 // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -index 7140c7f5b5..1d69a2b468 100644 +index 7b155a8a61..e9e283f9ec 100644 --- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h @@ -15,6 +15,7 @@ @@ -135,5 +141,5 @@ index e9eb092d3a..c98dc82f0c 100644 + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack -- -2.18.1 +2.27.0 diff --git a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch index 8f3a510..5e4f5c9 100644 --- a/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch +++ b/SOURCES/0019-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -1,8 +1,13 @@ -From 72550e12ae469012a505bf5b98a6543a754028d3 Mon Sep 17 00:00:00 2001 +From b14a92fafb171ad4a47598076bd028e5cf33ac28 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 14:07:17 +0200 Subject: ArmVirtPkg: set early hello message (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -55,15 +60,16 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18) (cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a) (cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b) +(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3) --- ArmVirtPkg/ArmVirtQemu.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 3345987503..57c5b3f898 100644 +index 41a26c8d18..971422411d 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -125,6 +125,7 @@ +@@ -132,6 +132,7 @@ gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE) [PcdsFixedAtBuild.common] @@ -72,5 +78,5 @@ index 3345987503..57c5b3f898 100644 gArmTokenSpaceGuid.PcdVFPEnabled|1 !endif -- -2.18.1 +2.27.0 diff --git a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 63b794d..51c0342 100644 --- a/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/SOURCES/0020-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,8 +1,19 @@ -From 5ecc18badaabe774d9d0806b027ab63a30c6a2d7 Mon Sep 17 00:00:00 2001 +From 1771ff7479664c05884dab5a34d128cf8b01086f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -31,14 +42,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-5-pbonzini@redhat.com> -Patchwork-id: 77760 -O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed debug messages, and code in OvmfPkg logs many messages on the @@ -52,17 +56,32 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027) (cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50) (cherry picked from commit 3cb92f9ba18ac79911bd5258ff4f949cc617ae89) +(cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7) --- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + 4 files changed, 4 insertions(+), 4 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 0a8cb7fd3b..6e8defe5c7 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -486,7 +486,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !if $(SOURCE_DEBUG_ENABLE) == TRUE + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 6ce8a46d4e..765ffff312 100644 +index e6df324c7c..52cd87f698 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -516,7 +516,7 @@ +@@ -534,7 +534,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -72,10 +91,10 @@ index 6ce8a46d4e..765ffff312 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 89d414cda7..277297a964 100644 +index 8104fe0218..214195a594 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -520,7 +520,7 @@ +@@ -538,7 +538,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -85,10 +104,10 @@ index 89d414cda7..277297a964 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e567eb76e0..5c1597fe3c 100644 +index 3c8b2649a8..02aad65b00 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -520,7 +520,7 @@ +@@ -540,7 +540,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -98,5 +117,5 @@ index e567eb76e0..5c1597fe3c 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -- -2.18.1 +2.27.0 diff --git a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index 4e1464b..4cea103 100644 --- a/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/SOURCES/0021-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,9 +1,20 @@ -From 1355849ad97c1e4a5c430597a377165a5cc118f7 Mon Sep 17 00:00:00 2001 +From 4b2a35ab1d659068d47baaf1dd5b2918ba8a2573 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in QemuVideoDxe/QemuRamfbDxe (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -39,15 +50,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-6-pbonzini@redhat.com> -Patchwork-id: 77761 -O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - QemuVideoDxe (RH only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to @@ -70,17 +73,40 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1) (cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850) (cherry picked from commit c8c3f893e7c3710afe45c46839e97954871536e4) +(cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7) --- - OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- - 3 files changed, 24 insertions(+), 6 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- + 4 files changed, 32 insertions(+), 8 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 6e8defe5c7..568ca369e6 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -747,8 +747,14 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 765ffff312..f5c6cceb4f 100644 +index 52cd87f698..52fd057c90 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -811,9 +811,15 @@ +@@ -842,9 +842,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -99,10 +125,10 @@ index 765ffff312..f5c6cceb4f 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 277297a964..c1e52b0acd 100644 +index 214195a594..653849cc7a 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -825,9 +825,15 @@ +@@ -856,9 +856,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -121,10 +147,10 @@ index 277297a964..c1e52b0acd 100644 # diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 5c1597fe3c..e65165b9f0 100644 +index 02aad65b00..5275f2502b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -821,9 +821,15 @@ +@@ -854,9 +854,15 @@ MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf !ifndef $(CSM_ENABLE) @@ -143,5 +169,5 @@ index 5c1597fe3c..e65165b9f0 100644 # -- -2.18.1 +2.27.0 diff --git a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index cf0bf21..18d30be 100644 --- a/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/SOURCES/0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,9 +1,14 @@ -From e7f57f154439c1c18ea5030b01f8d7bc492698b2 Mon Sep 17 00:00:00 2001 +From 251653ccf48a973481bb8c90161cccde50c78ad5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -49,16 +54,17 @@ Signed-off-by: Philippe Mathieu-Daude (cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc) Signed-off-by: Laszlo Ersek (cherry picked from commit e5b8152bced2364a1ded0926dbba4d65e23e3f84) +(cherry picked from commit e7f57f154439c1c18ea5030b01f8d7bc492698b2) --- ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++- ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 57c5b3f898..dda887b2ae 100644 +index 971422411d..d2a2fdac8e 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -494,7 +494,10 @@ +@@ -504,7 +504,10 @@ # # Video support # @@ -71,10 +77,10 @@ index 57c5b3f898..dda887b2ae 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index d186263e18..711dd63e20 100644 +index f598ac6a85..7e50ce8b3b 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -427,7 +427,10 @@ +@@ -434,7 +434,10 @@ # # Video support # @@ -87,5 +93,5 @@ index d186263e18..711dd63e20 100644 OvmfPkg/PlatformDxe/Platform.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index 6b41eff..e75701e 100644 --- a/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/SOURCES/0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,9 +1,14 @@ -From deb3451034326b75fd760aba47a5171493ff055e Mon Sep 17 00:00:00 2001 +From bacf42ebf768aebb8c2b36fb52d154daf19c0c74 Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent builds (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- no change + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -35,6 +40,7 @@ Signed-off-by: Philippe Mathieu-Daude (cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7) Signed-off-by: Laszlo Ersek (cherry picked from commit aa2b66b18a62d652bdbefae7b5732297294306ca) +(cherry picked from commit deb3451034326b75fd760aba47a5171493ff055e) --- OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 + @@ -85,5 +91,5 @@ index e3890b8c20..6ffee5acb2 100644 FrameBufferBltLib MemoryAllocationLib -- -2.18.1 +2.27.0 diff --git a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index c01b00b..d08e6fd 100644 --- a/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/SOURCES/0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,9 +1,20 @@ -From ed89844b47f46cfe911f1bf2bda40e537a908502 Mon Sep 17 00:00:00 2001 +From 41c61737a6ead56c36edabd1b2e685a04c2e81c6 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH only) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been + introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit + to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077. + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From + (RHBZ#1846481). + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -30,15 +41,7 @@ Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - no changes -Message-id: <20171120235748.29669-7-pbonzini@redhat.com> -Patchwork-id: 77759 -O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - NvmExpressDxe (RH only) Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE level. @@ -51,17 +54,35 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6) (cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958) (cherry picked from commit b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6) +(cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502) --- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- - OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 3 files changed, 12 insertions(+), 3 deletions(-) + OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 4 files changed, 16 insertions(+), 4 deletions(-) +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 568ca369e6..fb00b12f8c 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -741,7 +741,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index f5c6cceb4f..e8868136d8 100644 +index 52fd057c90..119267e3c8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -804,7 +804,10 @@ +@@ -835,7 +835,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -74,10 +95,10 @@ index f5c6cceb4f..e8868136d8 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index c1e52b0acd..d05275a324 100644 +index 653849cc7a..166c9f1fef 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -818,7 +818,10 @@ +@@ -849,7 +849,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -90,10 +111,10 @@ index c1e52b0acd..d05275a324 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e65165b9f0..cac4cecf18 100644 +index 5275f2502b..19d0944a72 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -814,7 +814,10 @@ +@@ -847,7 +847,10 @@ OvmfPkg/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -106,5 +127,5 @@ index e65165b9f0..cac4cecf18 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -- -2.18.1 +2.27.0 diff --git a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch b/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch index 2233cea..9310962 100644 --- a/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch +++ b/SOURCES/0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch @@ -1,9 +1,88 @@ -From 56c4bb81b311dfcee6a34c81d3e4feeda7f88995 Mon Sep 17 00:00:00 2001 +From 7e6817e96a15f9ce32f0c9cf6326bb682672724c Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sat, 16 Nov 2019 17:11:27 +0100 Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs (RH) +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257 + +- Recreate the patch based on downstream commits: + + - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files + in the INFs (RH)", 2020-06-05), + - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", + 2020-11-23), + - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ / + RHEL-8.4", 2020-11-23). + + (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2 + consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2 + ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)). + + Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF + files, namely + + - CryptoPkg/Library/OpensslLib/OpensslLib.inf + - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf + + in the following commits only: + + - be01087e0780 ("CryptoPkg/Library: Remove the redundant build + option", 2020-08-12), which did not affect the source file list at + all, + + - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate + entropy in rand_pool", 2020-09-18), which replaced some of the + *edk2-specific* "rand_pool_noise" source files with an RngLib + dependency. + + This means that the list of required, actual OpenSSL source files + has not changed in upstream edk2 since our downstream edk2 commit + e81751a1c303. + + (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303), + downstream edk2's OpenSSL dependency was satisfied with RHEL-8 + OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be + shipped in RHEL-8.3.0.z", 2020-10-23). + + Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced + (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k", + 2021-05-25), which is the current head of the rhel-8.5.0 branch. + (See also .) + + At both dist-git bdd048e929dc and dist-git a75722161d20, I built the + respective RHEL-8 OpenSSL *source* RPM, and prepped the respective + source tree, with "rpmbuild -bp". Subsequently I compared the + prepped source trees recursively. + + - The following files disappeared: + + - 29 backup files created by "patch", + + - the assembly generator perl script called + "ecp_nistz256-avx2.pl", which is not used during the build. + + - The following new files appeared: + + - 18 files directly or indirectly under the "test" subdirectory, + which are not used during the build, + + - 5 backup files created by "patch", + + - 2 DCL scripts used when building OpenSSL on OpenVMS. + + This means that the total list of RHEL-8 OpenSSL source files has + not changed in RHEL-8 OpenSSL dist-git since our downstream edk2 + commit 3e3fe5e62079. + + As a result, copy the "RHEL8-specific OpenSSL file list" sections + verbatim from the INF files, at downstream commit e81751a1c303. (I used + the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.) + Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: @@ -45,18 +124,19 @@ Note: "process_files.pl" is not re-run at this time manually, because Signed-off-by: Laszlo Ersek (cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40) +(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995) --- CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index c8ec9454bd..24e790b538 100644 +index b00bb74ce6..71e32f26ea 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf @@ -570,6 +570,17 @@ $(OPENSSL_PATH)/ssl/statem/statem.h - $(OPENSSL_PATH)/ssl/statem/statem_locl.h + $(OPENSSL_PATH)/ssl/statem/statem_local.h # Autogenerated files list ends here +# RHEL8-specific OpenSSL file list starts here + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c @@ -70,10 +150,10 @@ index c8ec9454bd..24e790b538 100644 + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h - rand_pool_noise.h ossl_store.c + rand_pool.c diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index 2f232e3e12..52e70a2d03 100644 +index 3557711bd8..003dcbad7a 100644 --- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf @@ -519,6 +519,17 @@ @@ -92,8 +172,8 @@ index 2f232e3e12..52e70a2d03 100644 + $(OPENSSL_PATH)/crypto/kdf/sskdf.c +# RHEL8-specific OpenSSL file list ends here buildinf.h - rand_pool_noise.h ossl_store.c + rand_pool.c -- -2.18.1 +2.27.0 diff --git a/SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch similarity index 79% rename from SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch rename to SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 63910e8..1533000 100644 --- a/SOURCES/edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/SOURCES/0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,20 +1,17 @@ -From 9adcdf493ebbd11efb74e2905ab5f6c8996e096d Mon Sep 17 00:00:00 2001 +From 29be717a1ae0a2617a7ae95698940286201d1612 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 -Subject: [PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no - "-kernel" in silent aa64 build (RH) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in + silent aa64 build (RH) + +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From, + RH-Acked-by, RH-Author (RHBZ#1846481). -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-2-lersek@redhat.com> -Patchwork-id: 97532 -O-Subject: [RHEL-8.3.0 edk2 PATCH 1/3] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in silent aa64 build (RH) Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé If the "-kernel" QEMU option is not used, then QemuKernelLoaderFsDxe should return EFI_NOT_FOUND, so that the DXE Core can unload it. However, @@ -28,6 +25,7 @@ ExitBootServices(). Signed-off-by: Laszlo Ersek Signed-off-by: Miroslav Rezanina +(cherry picked from commit 9adcdf493ebbd11efb74e2905ab5f6c8996e096d) --- .../QemuKernelLoaderFsDxe.c | 17 +++++++++++++++++ .../QemuKernelLoaderFsDxe.inf | 1 + diff --git a/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch b/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch deleted file mode 100644 index 4947710..0000000 --- a/SOURCES/0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch +++ /dev/null @@ -1,83 +0,0 @@ -From bf88198555ce964377a56176de8e5e9b45e43e25 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Sat, 6 Jun 2020 01:16:09 +0200 -Subject: OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from - LoadImage() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- new patch - -- the patch is being upstreamed; it's not a backport because the rebase - deadline is close - -- upstream references: - - https://bugzilla.tianocore.org/show_bug.cgi?id=2785 - - http://mid.mail-archive.com/20200605235242.32442-1-lersek@redhat.com - - https://edk2.groups.io/g/devel/message/60825 - - https://www.redhat.com/archives/edk2-devel-archive/2020-June/msg00344.html - -[downstream note ends, upstream commit message starts] - -When an image fails Secure Boot validation, LoadImage() returns -EFI_SECURITY_VIOLATION if the platform policy is -DEFER_EXECUTE_ON_SECURITY_VIOLATION. - -If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then -LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain -loaded). - -(Before , this -difference would be masked, as DxeImageVerificationLib would incorrectly -return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as -well.) - -In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon -seeing EFI_ACCESS_DENIED too. - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785 -Signed-off-by: Laszlo Ersek ---- - .../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -index ef753be7ea..931553c0c1 100644 ---- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c -@@ -320,15 +320,21 @@ QemuLoadKernelImage ( - - case EFI_SECURITY_VIOLATION: - // -- // We are running with UEFI secure boot enabled, and the image failed to -- // authenticate. For compatibility reasons, we fall back to the legacy -- // loader in this case. Since the image has been loaded, we need to unload -- // it before proceeding -+ // Since the image has been loaded, we need to unload it before proceeding -+ // to the EFI_ACCESS_DENIED case below. - // - gBS->UnloadImage (KernelImageHandle); - // - // Fall through - // -+ case EFI_ACCESS_DENIED: -+ // -+ // We are running with UEFI secure boot enabled, and the image failed to -+ // authenticate. For compatibility reasons, we fall back to the legacy -+ // loader in this case. -+ // -+ // Fall through -+ // - case EFI_UNSUPPORTED: - // - // The image is not natively supported or cross-type supported. Let's try --- -2.18.1 - diff --git a/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch b/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch deleted file mode 100644 index 21fa333..0000000 --- a/SOURCES/0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 74e5313dfa6719f7990c7e175e035d17c9b3f657 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 5 Jun 2020 23:44:43 +0200 -Subject: Revert "OvmfPkg: use generic QEMU image loader for secure boot - enabled builds" - -Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] -> -RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase: - -- new patch (to be dropped later, hopefully) - -This reverts commit ced77332cab626f35fbdb36630be27303d289d79. - -Upstream commit ced77332cab6 ("OvmfPkg: use generic QEMU image loader for -secure boot enabled builds", 2020-03-05) changes the "Secure Boot threat -model" in a way that is incompatible with at least two use cases. - -Namely, OVMF has always considered kernel images direct-booted via fw_cfg -as trusted, bypassing Secure Boot validation. While that approach is -rooted in a technicality (namely, OVMF doesn't load such images with the -LoadImage() UEFI boot service / through the UEFI stub, but with the -Linux/x86 Boot Protocol), that doesn't mean it's wrong. The direct-booted -kernel from fw_cfg comes from the host side, and Secure Boot in the guest -is a barrier between the guest firmware and the guest operating system -- -it's not a barrier between host and guest. - -Upstream commit ced77332cab6 points out that the above (historical) OVMF -behavior differs from ArmVirtQemu's -- the latter direct-boots kernels -from fw_cfg with the LoadImage() / StartImage() boot services. While that -difference indeed exists between OVMF and ArmVirtQemu, it's not relevant -for RHEL downstream. That's because we never build the ArmVirtQemu -firmware with the Secure Boot feature, so LoadImage() can never reject the -direct-booted kernel due to a signing issue. - -Subjecting a kernel direct-booted via fw_cfg to Secure Boot verification -breaks at least two use cases with OVMF: - -- It breaks the %check stage in the SPEC file. - - In that stage, we use the "ovmf-vars-generator" utility from the - "qemu-ovmf-secureboot" project, for verifying whether the Secure Boot - operational mode is enabled. The guest kernel is supposed to boot, and - to print "Secure boot enabled". - - As guest kernel, we pick whatever host kernel is available in the Brew - build root. The kernel in question may be a publicly released RHEL - kernel, signed with "Red Hat Secure Boot (signing key 1)", or a - development build, signed for example with "Red Hat Secure Boot Signing - 3 (beta)". Either way, none of these keys are accepted by the - certificates that were enrolled by "ovmf-vars-generator" / - "EnrollDefaultKeys.efi" in the %build stage. Therefore, the %check stage - fails. - -- It breaks "virt-install --location NETWORK-URL" Linux guest - installations, if the variable store template used for the new domain - has the Secure Boot operational mode enabled. "virt-install --location" - fetches the kernel from the remote OS tree, and passes it to the guest - firmware via fw_cfg. Therefore the above symptom appears (even for - publicly released OSes). - - Importantly, if the user downloads the installer ISO of the publicly - released Fedora / RHEL OS, and exposes the ISO to the guest for example - as a virtio-scsi CD-ROM, then the installation with "virt-install" - (without "--location") does succeed. That's because that way, "shim" is - booted first, from the UEFI-bootable CD-ROM. "Shim" does pass Secure - Boot verification against the Microsoft certificates, and then it is - "shim" that accepts the "Red Hat Secure Boot (signing key 1)" signature - on the guest kernel. - -Some ways to approach this problem (without reverting upstream commit -ced77332cab6): - -- Equip "ovmf-vars-generator" / "EnrollDefaultKeys.efi" to enroll the - public half of "Red Hat Secure Boot (signing key 1)" in the %build - stage. Use a publicly released RHEL kernel in the %check stage. - - Downsides: - - - The Brew build root does not offer any particular released RHEL - kernel, so either the %check stage would have to download it, or the - SRPM would have to bundle it. However, Brew build environments do not - have unfettered network access (rightly so), so the download wouldn't - work. Furthermore, for bundling with the SRPM, such a kernel image - could be considered too large. - - - Does not solve the "virt-install --location" issue for other vendors' - signed kernels. - -- Invoke "ovmf-vars-generator" / "EnrollDefaultKeys.efi" multiple times - during %build, to create multiple varstore templates. One that would - accept publicly released RHEL kernels, and another to accept development - kernels. Don't try to use a particular guest kernel for verification; - instead, check what kernel Brew offers in the build environment, and use - the varstore template matching *that* kernel. - - Downsides: - - - It may be considered useless to perform %check with a varstore - template that is *not* the one that we ship. - - - Does not solve the "virt-install --location" issue for other vendors' - signed kernels. - -- Sign the RHEL kernels such that the currently enrolled certificates - accept them. - - Downsides: - - - Not feasible at all; it would require Microsoft to sign our kernels. - "Shim" exists exactly to eliminate such signing requirements. - -- Modify "virt-install --location NETWORK-URL" such that it download a - complete (UEFI-bootable) installer ISO image, rather than broken-out - vmlinuz / initrd files. In other words, replace direct (fw_cfg) kernel - boot with a CD-ROM / "shim" boot, internally to "virt-install". - - Downsides: - - - Defeats the goal of "virt-install --location NETWORK-URL", and defeats - the network installation method of (for example) Anaconda. - -For now, revert upstream commit ced77332cab6, in order to return to the -model we had used in RHEL-8.2 and before. The following ticket has been -filed to investigate the problem separately: -. - -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/OvmfPkgIa32.dsc | 4 ---- - OvmfPkg/OvmfPkgIa32X64.dsc | 4 ---- - OvmfPkg/OvmfPkgX64.dsc | 4 ---- - 3 files changed, 12 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index e8868136d8..5b1e757cb9 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -379,11 +379,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d05275a324..5dffc32105 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -383,11 +383,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index cac4cecf18..a2a76fdeea 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -383,11 +383,7 @@ - PciLib|OvmfPkg/Library/DxePciLibI440FxQ35/DxePciLibI440FxQ35.inf - MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf - QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -- QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.inf --!else - QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.inf --!endif - !if $(TPM_ENABLE) == TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf --- -2.18.1 - diff --git a/SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch similarity index 77% rename from SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch rename to SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 7586124..3cc5803 100644 --- a/SOURCES/edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/SOURCES/0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,20 +1,17 @@ -From cbce29f7749477e271f9764fed82de94724af5df Mon Sep 17 00:00:00 2001 +From dc27035d2a8ca09dc5b0113c97a643341f286c08 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 -Subject: [PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent - aa64 build (RH) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit +Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build + (RH) + +Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] -> +RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase: + +- Remove obsolete commit message tags related to downstream patch + management: Message-id, Patchwork-id, O-Subject, Acked-by, From, + RH-Acked-by, RH-Author (RHBZ#1846481). -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-4-lersek@redhat.com> -Patchwork-id: 97534 -O-Subject: [RHEL-8.3.0 edk2 PATCH 3/3] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build (RH) Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé If swtpm / vTPM2 is not being used, Tcg2Dxe should return EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the associated error message, @@ -27,13 +24,14 @@ guest RAM still gets freed after ExitBootServices(). Signed-off-by: Laszlo Ersek Signed-off-by: Miroslav Rezanina +(cherry picked from commit cbce29f7749477e271f9764fed82de94724af5df) --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 +++++++++++++++++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c -index 9a5f987e68..da2153cb25 100644 +index 6d17616c1c..f1a97d4b2d 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -68,7 +66,7 @@ index 9a5f987e68..da2153cb25 100644 } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -index 576cf80d06..851471afb7 100644 +index 7dc7a2683d..3bc8833931 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -55,6 +55,7 @@ diff --git a/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch b/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch deleted file mode 100644 index 7280197..0000000 --- a/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch +++ /dev/null @@ -1,386 +0,0 @@ -From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001 -From: Guomin Jiang -Date: Fri, 10 Jul 2020 09:47:31 +0800 -Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g -RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2) -RH-Bugzilla: 1893806 - ---v-- RHEL8 notes --v-- - -- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream - edk2's OpenSSL submodule reference, has been stripped from this - backport. (Refer to downstream commit c5d729df70f8 ("remove upstream - edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The - corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent - patch in this series. - - This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept - separate for easing the next rebase, even at the cost of introducing a - brief interval in the git history where the downstream exploded tree - does not build. - -- Contextual difference in "OpensslLib.inf" due to downstream commit - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files - in the INFs (RH)", 2020-06-05); automatically resolved by - git-cherry-pick. - ---^-- RHEL8 notes --^-- - -Upgrade openssl to 1.1.1g. the directory have been reorganized, -openssl moved crypto/include/internal to include/crypto folder. -So we change directory to match the re-organization. - -The dso_conf.h and opensslconf.h will generated in UNIX format, -change process_files.pl to covent the EOL automatically. - -Cc: Jian J Wang -Cc: Xiaoyu Lu -Signed-off-by: Guomin Jiang -Reviewed-by: Laszlo Ersek -Tested-by: Laszlo Ersek -Reviewed-by: Jian J Wang -(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac) -Signed-off-by: Laszlo Ersek ---- - CryptoPkg/CryptoPkg.dec | 1 - - .../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +- - .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +- - .../Include/{internal => crypto}/dso_conf.h | 32 +++++----- - .../Library/Include/openssl/opensslconf.h | 3 - - CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++---------- - .../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++-------- - CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++--- - CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +- - 9 files changed, 90 insertions(+), 87 deletions(-) - rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%) - -diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec -index 4d1a1368a8..5888941bab 100644 ---- a/CryptoPkg/CryptoPkg.dec -+++ b/CryptoPkg/CryptoPkg.dec -@@ -23,7 +23,6 @@ - Private - Library/Include - Library/OpensslLib/openssl/include -- Library/OpensslLib/openssl/crypto/include - - [LibraryClasses] - ## @libraryclass Provides basic library functions for cryptographic primitives. -diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -index eacf4826c4..235331c2a0 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - **/ - - #include "InternalCryptLib.h" --#include "internal/sm3.h" -+#include "crypto/sm3.h" - - /** - Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. -diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -index 229c244b26..c9fdb65b99 100644 ---- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c -@@ -15,13 +15,13 @@ - #include - #include - #include --#include -+#include - #include - #include - #include - #include - #include --#include -+#include - - /** - This function will return the leaf signer certificate in a chain. This is -diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h -similarity index 76% -rename from CryptoPkg/Library/Include/internal/dso_conf.h -rename to CryptoPkg/Library/Include/crypto/dso_conf.h -index 43c891588b..95f4db2b15 100644 ---- a/CryptoPkg/Library/Include/internal/dso_conf.h -+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h -@@ -1,16 +1,16 @@ --/* WARNING: do not edit! */ --/* Generated from crypto/include/internal/dso_conf.h.in */ --/* -- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -- * -- * Licensed under the OpenSSL license (the "License"). You may not use -- * this file except in compliance with the License. You can obtain a copy -- * in the file LICENSE in the source distribution or at -- * https://www.openssl.org/source/license.html -- */ -- --#ifndef HEADER_DSO_CONF_H --# define HEADER_DSO_CONF_H --# define DSO_NONE --# define DSO_EXTENSION ".so" --#endif -+/* WARNING: do not edit! */ -+/* Generated from include/crypto/dso_conf.h.in */ -+/* -+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#ifndef OSSL_CRYPTO_DSO_CONF_H -+# define OSSL_CRYPTO_DSO_CONF_H -+# define DSO_NONE -+# define DSO_EXTENSION ".so" -+#endif -diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h -index 62c2736cb0..3a2544ea5c 100644 ---- a/CryptoPkg/Library/Include/openssl/opensslconf.h -+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h -@@ -247,9 +247,6 @@ extern "C" { - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - # define OPENSSL_NO_DYNAMIC_ENGINE - #endif --#ifndef OPENSSL_NO_AFALGENG --# define OPENSSL_NO_AFALGENG --#endif - - - /* -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index 24e790b538..4c21b11d0a 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -@@ -477,45 +477,45 @@ - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - $(OPENSSL_PATH)/ssl/bio_ssl.c -@@ -562,13 +562,13 @@ - $(OPENSSL_PATH)/ssl/t1_trce.c - $(OPENSSL_PATH)/ssl/tls13_enc.c - $(OPENSSL_PATH)/ssl/tls_srp.c -- $(OPENSSL_PATH)/ssl/packet_locl.h -+ $(OPENSSL_PATH)/ssl/packet_local.h - $(OPENSSL_PATH)/ssl/ssl_cert_table.h -- $(OPENSSL_PATH)/ssl/ssl_locl.h -+ $(OPENSSL_PATH)/ssl/ssl_local.h - $(OPENSSL_PATH)/ssl/record/record.h -- $(OPENSSL_PATH)/ssl/record/record_locl.h -+ $(OPENSSL_PATH)/ssl/record/record_local.h - $(OPENSSL_PATH)/ssl/statem/statem.h -- $(OPENSSL_PATH)/ssl/statem/statem_locl.h -+ $(OPENSSL_PATH)/ssl/statem/statem_local.h - # Autogenerated files list ends here - # RHEL8-specific OpenSSL file list starts here - $(OPENSSL_PATH)/crypto/evp/kdf_lib.c -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index 52e70a2d03..0c3b210d6a 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -@@ -477,45 +477,45 @@ - $(OPENSSL_PATH)/crypto/s390x_arch.h - $(OPENSSL_PATH)/crypto/sparc_arch.h - $(OPENSSL_PATH)/crypto/vms_rms.h -- $(OPENSSL_PATH)/crypto/aes/aes_locl.h -+ $(OPENSSL_PATH)/crypto/aes/aes_local.h - $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h -- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h -+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h - $(OPENSSL_PATH)/crypto/asn1/charmap.h - $(OPENSSL_PATH)/crypto/asn1/standard_methods.h - $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h -- $(OPENSSL_PATH)/crypto/async/async_locl.h -+ $(OPENSSL_PATH)/crypto/async/async_local.h - $(OPENSSL_PATH)/crypto/async/arch/async_null.h - $(OPENSSL_PATH)/crypto/async/arch/async_posix.h - $(OPENSSL_PATH)/crypto/async/arch/async_win.h -- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h -- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h -+ $(OPENSSL_PATH)/crypto/bio/bio_local.h -+ $(OPENSSL_PATH)/crypto/bn/bn_local.h - $(OPENSSL_PATH)/crypto/bn/bn_prime.h - $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h -- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h -+ $(OPENSSL_PATH)/crypto/comp/comp_local.h - $(OPENSSL_PATH)/crypto/conf/conf_def.h -- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h -- $(OPENSSL_PATH)/crypto/dh/dh_locl.h -- $(OPENSSL_PATH)/crypto/dso/dso_locl.h -- $(OPENSSL_PATH)/crypto/evp/evp_locl.h -- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h -- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h -- $(OPENSSL_PATH)/crypto/md5/md5_locl.h -- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h -+ $(OPENSSL_PATH)/crypto/conf/conf_local.h -+ $(OPENSSL_PATH)/crypto/dh/dh_local.h -+ $(OPENSSL_PATH)/crypto/dso/dso_local.h -+ $(OPENSSL_PATH)/crypto/evp/evp_local.h -+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h -+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h -+ $(OPENSSL_PATH)/crypto/md5/md5_local.h -+ $(OPENSSL_PATH)/crypto/modes/modes_local.h - $(OPENSSL_PATH)/crypto/objects/obj_dat.h -- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h -+ $(OPENSSL_PATH)/crypto/objects/obj_local.h - $(OPENSSL_PATH)/crypto/objects/obj_xref.h -- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h -- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h -- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h -- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h -- $(OPENSSL_PATH)/crypto/sha/sha_locl.h -+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h -+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h -+ $(OPENSSL_PATH)/crypto/rand/rand_local.h -+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h -+ $(OPENSSL_PATH)/crypto/sha/sha_local.h - $(OPENSSL_PATH)/crypto/siphash/siphash_local.h -- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h -- $(OPENSSL_PATH)/crypto/store/store_locl.h -- $(OPENSSL_PATH)/crypto/ui/ui_locl.h -- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h -+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h -+ $(OPENSSL_PATH)/crypto/store/store_local.h -+ $(OPENSSL_PATH)/crypto/ui/ui_local.h -+ $(OPENSSL_PATH)/crypto/x509/x509_local.h - $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h -- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h -+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h - $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h - $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h - # Autogenerated files list ends here -diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl -index 65d07a2aed..57ce195394 100755 ---- a/CryptoPkg/Library/OpensslLib/process_files.pl -+++ b/CryptoPkg/Library/OpensslLib/process_files.pl -@@ -111,8 +111,8 @@ BEGIN { - # Generate dso_conf.h per config data - system( - "perl -I. -Mconfigdata util/dofile.pl " . -- "crypto/include/internal/dso_conf.h.in " . -- "> include/internal/dso_conf.h" -+ "include/crypto/dso_conf.h.in " . -+ "> include/crypto/dso_conf.h" - ) == 0 || - die "Failed to generate dso_conf.h!\n"; - -@@ -263,14 +263,21 @@ print "Done!"; - # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration - # - print "\n--> Duplicating opensslconf.h into Include/openssl ... "; --copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", -- $OPENSSL_PATH . "/../../Include/openssl/") || -- die "Cannot copy opensslconf.h!"; -+system( -+ "perl -pe 's/\\n/\\r\\n/' " . -+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " . -+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h" -+ ) == 0 || -+ die "Cannot copy opensslconf.h!"; - print "Done!"; --print "\n--> Duplicating dso_conf.h into Include/internal ... "; --copy($OPENSSL_PATH . "/include/internal/dso_conf.h", -- $OPENSSL_PATH . "/../../Include/internal/") || -- die "Cannot copy dso_conf.h!"; -+ -+print "\n--> Duplicating dso_conf.h into Include/crypto ... "; -+system( -+ "perl -pe 's/\\n/\\r\\n/' " . -+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" . -+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h" -+ ) == 0 || -+ die "Cannot copy dso_conf.h!"; - print "Done!\n"; - - print "\nProcessing Files Done!\n"; -diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c -index 9f3983f7c3..9e0179b034 100644 ---- a/CryptoPkg/Library/OpensslLib/rand_pool.c -+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c -@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - **/ - --#include "internal/rand_int.h" -+#include "crypto/rand.h" - #include - - #include --- -2.27.0 - diff --git a/SOURCES/edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch b/SOURCES/edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch deleted file mode 100644 index 680d262..0000000 --- a/SOURCES/edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch +++ /dev/null @@ -1,101 +0,0 @@ -From dea2c718df8b58f5147c7674797bf65df649c53e Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 19 Nov 2020 12:50:34 +0100 -Subject: [PATCH] MdeModulePkg/LzmaCustomDecompressLib: catch 4GB+ uncompressed - buffer sizes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: prevent integer overflow / heap corruption in LZMA decompression [rhel-8.4.0.z] -RH-Commit: [1/1] a8ec492d7ebb6ae3c51513f501f72d5418b71f17 -RH-Bugzilla: 1952953 -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé - -The LzmaUefiDecompressGetInfo() function -[MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c] currently -silently truncates the UINT64 "DecodedSize" property of the compressed -blob to the UINT32 "DestinationSize" output parameter. - -If "DecodedSize" is 0x1_0000_0100, for example, then the subsequent memory -allocation (for decompression) will likely succeed (allocating 0x100 bytes -only), but then the LzmaUefiDecompress() function (which re-fetches the -uncompressed buffer size from the same LZMA header into a "SizeT" -variable) will overwrite the buffer. - -Catch (DecodedSize > MAX_UINT32) in LzmaUefiDecompressGetInfo() at once. -This should not be a practical limitation. (The issue cannot be fixed for -32-bit systems without spec modifications anyway, given that the -"OutputSize" output parameter of -EFI_GUIDED_SECTION_EXTRACTION_PROTOCOL.ExtractSection() has type UINTN, -not UINT64.) - -Cc: Dandan Bi -Cc: Hao A Wu -Cc: Jian J Wang -Cc: Liming Gao -Cc: Philippe Mathieu-Daud -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1816 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -Reviewed-by: Philippe Mathieu-Daud -Message-Id: <20201119115034.12897-2-lersek@redhat.com> -(cherry picked from commit e7bd0dd26db7e56aa8ca70132d6ea916ee6f3db0) ---- - .../Library/LzmaCustomDecompressLib/LzmaDecompress.c | 7 +++++++ - .../LzmaCustomDecompressLib/LzmaDecompressLibInternal.h | 5 +++++ - 2 files changed, 12 insertions(+) - -diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -index c58912eb6a..8f7c242dca 100644 ---- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompress.c -@@ -127,6 +127,10 @@ GetDecodedSizeOfBuf( - in DestinationSize and the size of the scratch - buffer was returned in ScratchSize. - -+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the -+ uncompressed buffer size (in bytes) does not fit -+ in a UINT32. Output parameters have not been -+ modified. - **/ - RETURN_STATUS - EFIAPI -@@ -142,6 +146,9 @@ LzmaUefiDecompressGetInfo ( - ASSERT(SourceSize >= LZMA_HEADER_SIZE); - - DecodedSize = GetDecodedSizeOfBuf((UINT8*)Source); -+ if (DecodedSize > MAX_UINT32) { -+ return RETURN_UNSUPPORTED; -+ } - - *DestinationSize = (UINT32)DecodedSize; - *ScratchSize = SCRATCH_BUFFER_REQUEST_SIZE; -diff --git a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -index 26f110ba2a..fbafd5f100 100644 ---- a/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -+++ b/MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaDecompressLibInternal.h -@@ -9,6 +9,7 @@ - #ifndef __LZMADECOMPRESSLIB_INTERNAL_H__ - #define __LZMADECOMPRESSLIB_INTERNAL_H__ - -+#include - #include - #include - #include -@@ -45,6 +46,10 @@ - in DestinationSize and the size of the scratch - buffer was returned in ScratchSize. - -+ @retval RETURN_UNSUPPORTED DestinationSize cannot be output because the -+ uncompressed buffer size (in bytes) does not fit -+ in a UINT32. Output parameters have not been -+ modified. - **/ - RETURN_STATUS - EFIAPI --- -2.27.0 - diff --git a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch new file mode 100644 index 0000000..321d5c4 --- /dev/null +++ b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch @@ -0,0 +1,73 @@ +From 9596c779a27b4ae2261aadd91b8dac8ed7546f38 Mon Sep 17 00:00:00 2001 +From: Neal Gompa +Date: Mon, 5 Jul 2021 05:36:03 -0400 +Subject: [PATCH] MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI + spec +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +RH-MergeRequest: 6: MdeModulePkg/PartitionDxe: Ignore PMBR BootIndicator per UEFI spec [rhel-8.5.0, post-rebase] +RH-Commit: [1/1] 1fef74489947c81e26e5afb7c933c80beb641751 +RH-Bugzilla: 1988762 +RH-Acked-by: Miroslav Rezanina + +Per UEFI Spec 2.8 (UEFI_Spec_2_8_final.pdf, page 114) +5.2.3 Protective MBR +Table 20. Protective MBR Partition Record protecting the entire disk + +The description for BootIndicator states the following: + +> Set to 0x00 to indicate a non-bootable partition. If set to any +> value other than 0x00 the behavior of this flag on non-UEFI +> systems is undefined. Must be ignored by UEFI implementations. + +Unfortunately, we have been incorrectly assuming that the +BootIndicator value must be 0x00, which leads to problems +when the 'pmbr_boot' flag is set on a disk containing a GPT +(such as with GNU parted). When the flag is set, the value +changes to 0x01, causing this check to fail and the system +is rendered unbootable despite it being valid from the +perspective of the UEFI spec. + +To resolve this, we drop the check for the BootIndicator +so that we stop caring about the value set there, which +restores the capability to boot such disks. + +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3474 + +Cc: Chris Murphy +Cc: David Duncan +Cc: Lazlo Ersek +Cc: Hao A Wu +Cc: Ray Ni +Cc: Zhichao Gao + +Signed-off-by: Neal Gompa +Message-Id: <20210705093603.575707-1-ngompa@fedoraproject.org> +Reviewed-by: Laszlo Ersek +Reviewed-by: Hao A Wu +(cherry picked from commit b3db0cb1f8d163f22b769c205c6347376a315dcd) +Signed-off-by: Philippe Mathieu-Daude +--- + MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +index aefb2d6ecb..efaff5e080 100644 +--- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c ++++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c +@@ -264,8 +264,7 @@ PartitionInstallGptChildHandles ( + // Verify that the Protective MBR is valid + // + for (Index = 0; Index < MAX_MBR_PARTITIONS; Index++) { +- if (ProtectiveMbr->Partition[Index].BootIndicator == 0x00 && +- ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && ++ if (ProtectiveMbr->Partition[Index].OSIndicator == PMBR_GPT_PARTITION && + UNPACK_UINT32 (ProtectiveMbr->Partition[Index].StartingLBA) == 1 + ) { + break; +-- +2.27.0 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch index cdcda71..6828cd7 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch @@ -1,6 +1,6 @@ -From 95ce1cb291324bdef3c790e367ba6ac8752c5f23 Mon Sep 17 00:00:00 2001 +From 1e6a8c43241febbec56ffc2141c55d8de34e13e6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 10:26:01 +0200 +Date: Tue, 8 Jun 2021 14:12:55 +0200 Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [6/10] b302b99312b327b9bf04ea408c638fa0e366d643 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [6/10] 2f697819ce0731f99f95f29a3b30c777b754db37 +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé IScsiBinToHex() is called for encoding: @@ -32,7 +32,8 @@ Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Maciej Rabeda -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-7-lersek@redhat.com> +(cherry picked from commit d90fff40cb2502b627370a77f5608c8a178c3f78) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch index d6c8f97..dad94ad 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch @@ -1,6 +1,6 @@ -From 79c8488d768ea02939474374a18c536425c36de3 Mon Sep 17 00:00:00 2001 +From 5171f67062e606a4e606780ff5a5787bde7198eb Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 12:10:12 +0200 +Date: Tue, 8 Jun 2021 14:12:59 +0200 Subject: [PATCH 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return values MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [10/10] 171f8f1c114e0028d83bcb1ca46844a99a825b29 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [10/10] 1c65763fef57cfd9b1bd55779ec6eba4e086e100 +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé IScsiDxe (that is, the initiator) receives two hex-encoded strings from @@ -42,7 +42,8 @@ Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Maciej Rabeda -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-11-lersek@redhat.com> +(cherry picked from commit b8649cf2a3e673a4a8cb6c255e394b354b771550) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch index 56916f7..2f199b3 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch @@ -1,6 +1,6 @@ -From dd65b4f245e318e0d76a213c92b159819c6dae79 Mon Sep 17 00:00:00 2001 +From fca7e61fa3ba21cbf6e89d75b23fea03af5d517e Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Mon, 26 Apr 2021 20:17:23 +0200 +Date: Tue, 8 Jun 2021 14:12:52 +0200 Subject: [PATCH 03/10] NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [3/10] 93e6e1fa7f093898350a40ec60201f64a8849f3c -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [3/10] cc7118399f64979f2d81fe9fc381ed22c3815f9e +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé The "ISCSI_CHAP_AUTH_DATA.OutChallenge" field is declared as a UINT8 array @@ -35,13 +35,14 @@ No change in peer-visible behavior. Cc: Jiaxin Wu Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé +Cc: Philippe Mathieu-Daud Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Philippe Mathieu-Daud Reviewed-by: Maciej Rabeda -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-4-lersek@redhat.com> +(cherry picked from commit 95616b866187b00355042953efa5c198df07250f) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 3 +-- NetworkPkg/IScsiDxe/IScsiCHAP.h | 9 ++++++--- diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch index 038ecb3..5be4e12 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch @@ -1,6 +1,6 @@ -From fc21f1820452cf17a777f141b8ae9112a9ca3b84 Mon Sep 17 00:00:00 2001 +From 176366aba5680537ee8249e9b3b182677d95feb8 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 09:49:16 +0200 +Date: Tue, 8 Jun 2021 14:12:53 +0200 Subject: [PATCH 04/10] NetworkPkg/IScsiDxe: clean up library class dependencies MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [4/10] 981f8efd1155dbe653c846b013c90780c32f3f59 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [4/10] 77ab82d2308848613325317c267bf5954d2c7a7c +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé Sort the library class dependencies in the #include directives and in the @@ -20,13 +20,14 @@ not listed in the INF file, and IScsiDxe doesn't call either DpcLib API Cc: Jiaxin Wu Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé +Cc: Philippe Mathieu-Daud Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Philippe Mathieu-Daud Reviewed-by: Maciej Rabeda -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-5-lersek@redhat.com> +(cherry picked from commit e8f28b09e63dfdbb4169969a43c65f86c44b035a) --- NetworkPkg/IScsiDxe/IScsiDxe.inf | 6 +++--- NetworkPkg/IScsiDxe/IScsiImpl.h | 17 ++++++++--------- diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch index 272a450..b85ccb8 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch @@ -1,6 +1,6 @@ -From 47668ca7bca333ef223b5897fb044b6760f215f5 Mon Sep 17 00:00:00 2001 +From f423b7078d291b84952464aca6930a9d772319b0 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 11:02:51 +0200 +Date: Tue, 8 Jun 2021 14:12:58 +0200 Subject: [PATCH 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [9/10] 9230129f3b079e61a53d39b81072c7884c991e49 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [9/10] acf102203198d575a12e5257c12b8e43ccdfc589 +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé The IScsiHexToBin() function documents the EFI_BUFFER_TOO_SMALL return @@ -35,7 +35,8 @@ Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daudé -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-10-lersek@redhat.com> +(cherry picked from commit 54e90edaed0d7c15230902ac4d74f4304bad2ebd) --- NetworkPkg/IScsiDxe/IScsiMisc.c | 20 +++++++++++++++++--- NetworkPkg/IScsiDxe/IScsiMisc.h | 3 +++ diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch index a732ab4..15f671d 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch @@ -1,15 +1,15 @@ -From fd7e1858bc0e538e9af42b9f0514553da9533553 Mon Sep 17 00:00:00 2001 +From 2f0e51dcfea6d9101c4694636a948eb4b6e6d4d4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 11:02:51 +0200 +Date: Tue, 8 Jun 2021 14:12:57 +0200 Subject: [PATCH 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [8/10] f77fc01700564c5e15027bd902a846102d488bf6 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [8/10] febb96c07dbd0e4a191e855742cb47fc6e39dfba +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé The IScsiHexToBin() function has the following parser issues: @@ -44,7 +44,8 @@ Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daudé -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-9-lersek@redhat.com> +(cherry picked from commit 47b76780b487dbfde4efb6843b16064c4a97e94d) --- NetworkPkg/IScsiDxe/IScsiMisc.c | 12 ++++++++++-- NetworkPkg/IScsiDxe/IScsiMisc.h | 1 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch index 91507c4..72f9e44 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch @@ -1,6 +1,6 @@ -From ae16157ee5c96e36e5d1ec558f875e6b89188770 Mon Sep 17 00:00:00 2001 +From 4171bd515a2dcfec59513d3a83adce7ed2903d50 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 10:10:42 +0200 +Date: Tue, 8 Jun 2021 14:12:54 +0200 Subject: [PATCH 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex() MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [5/10] 96bbb794ca2355c2d9e83d79d385582daf8e4aa4 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [5/10] f52aaaa03b15280eb4a821eeb378d8051ea5ec2a +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé Considering IScsiBinToHex(): @@ -59,7 +59,8 @@ Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda Reviewed-by: Philippe Mathieu-Daudé -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-6-lersek@redhat.com> +(cherry picked from commit cf01b2dc8fc3ff9cf49fb891af5703dc03e3193e) --- NetworkPkg/IScsiDxe/IScsiDxe.inf | 1 + NetworkPkg/IScsiDxe/IScsiImpl.h | 1 + diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch index a4bf106..23b2601 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch @@ -1,6 +1,6 @@ -From cd26bdad5567460515fbfc91a4caabc8d740e8ed Mon Sep 17 00:00:00 2001 +From 172b2928c24c0ab955127afcdc9e3a52b3913ba5 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Tue, 27 Apr 2021 10:37:26 +0200 +Date: Tue, 8 Jun 2021 14:12:56 +0200 Subject: [PATCH 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [7/10] 6c86ac71821db916b67df2a5ce188706f9b8d515 -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [7/10] 4f867fa4ad8f7305961b83224107c1452a7d44ed +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé We'll need further return values for IScsiHexToBin() in a subsequent @@ -21,13 +21,14 @@ No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé +Cc: Philippe Mathieu-Daud Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daudé -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Reviewed-by: Philippe Mathieu-Daud +Message-Id: <20210608121259.32451-8-lersek@redhat.com> +(cherry picked from commit dc469f137110fe79704b8b92c552972c739bb915) --- NetworkPkg/IScsiDxe/IScsiMisc.c | 16 ++++++++-------- NetworkPkg/IScsiDxe/IScsiMisc.h | 16 ++++++++-------- diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch index afc316e..96256cb 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch @@ -1,6 +1,6 @@ -From 557a962ce519757cacb236fbbc819f9300d9d287 Mon Sep 17 00:00:00 2001 +From 0dac937f2845a1bc4943a0cfed3392d35afba733 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Mon, 26 Apr 2021 20:07:25 +0200 +Date: Tue, 8 Jun 2021 14:12:51 +0200 Subject: [PATCH 02/10] NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [2/10] ce3d2f2f2e16c44a621ffbed70ff245a1ec473bd -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [2/10] 8b57211651e13185a636daa5369993054bd7334b +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé The ISCSI_CHAP_AUTH_MAX_LEN macro is defined with value 1024. @@ -27,13 +27,14 @@ No changes in functionality. Cc: Jiaxin Wu Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé +Cc: Philippe Mathieu-Daud Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Philippe Mathieu-Daud Reviewed-by: Maciej Rabeda -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Message-Id: <20210608121259.32451-3-lersek@redhat.com> +(cherry picked from commit 29cab43bb7912a12efa5a78dac15394aee866e4c) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 2 +- NetworkPkg/IScsiDxe/IScsiCHAP.h | 2 +- diff --git a/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch b/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch index 6e30b61..768e9e7 100644 --- a/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +++ b/SOURCES/edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch @@ -1,6 +1,6 @@ -From f47859b9e9caf237d0691be7915cc026f4f015a4 Mon Sep 17 00:00:00 2001 +From 28e260828557340709ef14e8132e96b54128c5a3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek -Date: Mon, 26 Apr 2021 19:05:20 +0200 +Date: Tue, 8 Jun 2021 14:12:50 +0200 Subject: [PATCH 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters MIME-Version: 1.0 @@ -8,9 +8,9 @@ Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek -RH-MergeRequest: 3: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.4.0.z] -RH-Commit: [1/10] 190e229a59ca2e2e48593b00942749336e04f81e -RH-Bugzilla: 1956676 +RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] +RH-Commit: [1/10] 7ae9c45fbc0ffd807a95fad802619cd838257cc8 +RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé Working with overlong lines is difficult for me; rewrap the CHAP-related @@ -18,13 +18,14 @@ source files in IScsiDxe to 80 characters width. No functional changes. Cc: Jiaxin Wu Cc: Maciej Rabeda -Cc: Philippe Mathieu-Daudé +Cc: Philippe Mathieu-Daud Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Maciej Rabeda -Reviewed-by: Philippe Mathieu-Daudé -Upstream: https://bugzilla.tianocore.org/show_bug.cgi?id=3356, c#17...c#22 +Reviewed-by: Philippe Mathieu-Daud +Message-Id: <20210608121259.32451-2-lersek@redhat.com> +(cherry picked from commit 83761337ec91fbd459c55d7d956fcc25df3bfa50) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++-------- NetworkPkg/IScsiDxe/IScsiCHAP.h | 3 +- diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch deleted file mode 100644 index 761077b..0000000 --- a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 27 Aug 2020 00:21:29 +0200 -Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after - SMI broadcast -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2) -RH-Bugzilla: 1849177 - -The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick -succession -- it means a series of "device_add" QEMU monitor commands, -back-to-back. - -If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then: - -- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the - SMI pending for the new CPU -- at that time, the new CPU doesn't even - exist yet, - -- OVMF will find the new CPU however (in the CPU hotplug register block), - in QemuCpuhpCollectApicIds(). - -As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in -SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI), -the new CPU instead boots straight into the post-RSM (normal mode) "pen", -skipping its initial SMI handler. - -The CPU halts nicely in the pen, but its SMBASE is never relocated, and -the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck -in the following loop: - - // - // Wait until the hot-added CPU is just about to execute RSM. - // - while (Context->AboutToLeaveSmm == 0) { - CpuPause (); - } - -because the new CPU's initial SMI handler never sets the flag to nonzero. - -Fix this by sending a directed SMI to the new CPU just before sending it -the INIT-SIPI-SIPI. The various scenarios are documented in the code -- -the cases affected by the patch are documented under point (2). - -Note that this is not considered a security patch, as for a malicious -guest OS, the issue is not exploitable -- the symptom is a hang on the -BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes -behavior for a benign guest OS. - -Cc: Ard Biesheuvel -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6 -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 -Signed-off-by: Laszlo Ersek -Message-Id: <20200826222129.25798-3-lersek@redhat.com> -Reviewed-by: Ard Biesheuvel -(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------ - 1 file changed, 29 insertions(+), 6 deletions(-) - -diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c -index 170571221d..d8f45c4313 100644 ---- a/OvmfPkg/CpuHotplugSmm/Smbase.c -+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c -@@ -220,14 +220,37 @@ SmbaseRelocate ( - // - // Boot the hot-added CPU. - // -- // If the OS is benign, and so the hot-added CPU is still in RESET state, -- // then the broadcast SMI is still pending for it; it will now launch -- // directly into SMM. -+ // There are 2*2 cases to consider: - // -- // If the OS is malicious, the hot-added CPU has been booted already, and so -- // it is already spinning on the APIC ID gate. In that case, the -- // INIT-SIPI-SIPI below will be ignored. -+ // (1) The CPU was hot-added before the SMI was broadcast. - // -+ // (1.1) The OS is benign. -+ // -+ // The hot-added CPU is in RESET state, with the broadcast SMI pending -+ // for it. The directed SMI below will be ignored (it's idempotent), -+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM. -+ // -+ // (1.2) The OS is malicious. -+ // -+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added -+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and -+ // the INIT-SIPI-SIPI below will be ignored. -+ // -+ // (2) The CPU was hot-added after the SMI was broadcast. -+ // -+ // (2.1) The OS is benign. -+ // -+ // The hot-added CPU is in RESET state, with no SMI pending for it. The -+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI -+ // will launch the CPU into SMM. -+ // -+ // (2.2) The OS is malicious. -+ // -+ // The hot-added CPU is executing OS code. The directed SMI will pull -+ // the hot-added CPU into SMM, where it will start spinning on the APIC -+ // ID gate. The INIT-SIPI-SIPI will be ignored. -+ // -+ SendSmiIpi (ApicId); - SendInitSipiSipi (ApicId, PenAddress); - - // --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch deleted file mode 100644 index c35df49..0000000 --- a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 27 Aug 2020 00:21:28 +0200 -Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before - SMI broadcast -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2) -RH-Bugzilla: 1849177 - -The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick -succession -- it means a series of "device_add" QEMU monitor commands, -back-to-back. - -If a "device_add" occurs *just before* ACPI raises the broadcast SMI, -then: - -- OVMF processes the hot-added CPU well. - -- However, QEMU's post-SMI ACPI loop -- which clears the pending events - for the hot-added CPUs that were collected before raising the SMI -- is - unaware of the stray CPU. Thus, the pending event is not cleared for it. - -As a result of the stuck event, at the next hot-plug, OVMF tries to re-add -(relocate for the 2nd time) the already-known CPU. At that time, the AP is -already in the normal edk2 SMM busy-wait however, so it doesn't respond to -the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM -gets stuck in SMM. - -(Because of the above symptom, this is not considered a security patch; it -doesn't seem exploitable by a malicious guest OS.) - -In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already -known. The post-SMI ACPI loop will clear the pending event for it this -time. - -Cc: Ard Biesheuvel -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21 -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 -Signed-off-by: Laszlo Ersek -Message-Id: <20200826222129.25798-2-lersek@redhat.com> -Reviewed-by: Ard Biesheuvel -(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -index 20e6bec04f..cfe698ed2b 100644 ---- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -@@ -193,9 +193,28 @@ CpuHotplugMmi ( - NewSlot = 0; - while (PluggedIdx < PluggedCount) { - APIC_ID NewApicId; -+ UINT32 CheckSlot; - UINTN NewProcessorNumberByProtocol; - - NewApicId = mPluggedApicIds[PluggedIdx]; -+ -+ // -+ // Check if the supposedly hot-added CPU is already known to us. -+ // -+ for (CheckSlot = 0; -+ CheckSlot < mCpuHotPlugData->ArrayLength; -+ CheckSlot++) { -+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) { -+ break; -+ } -+ } -+ if (CheckSlot < mCpuHotPlugData->ArrayLength) { -+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged " -+ "before; ignoring it\n", __FUNCTION__, NewApicId)); -+ PluggedIdx++; -+ continue; -+ } -+ - // - // Find the first empty slot in CPU_HOT_PLUG_DATA. - // --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch b/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch deleted file mode 100644 index 5183b4a..0000000 --- a/SOURCES/edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 135d3d4b4ff12927f7b0c44e067fd42ceae83bb7 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Jun 2020 11:37:50 +0200 -Subject: [PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO - level -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -Message-id: <20200615080105.11859-3-lersek@redhat.com> -Patchwork-id: 97533 -O-Subject: [RHEL-8.3.0 edk2 PATCH 2/3] OvmfPkg/GenericQemuLoadImageLib: log "Not Found" at INFO level -Bugzilla: 1844682 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Miroslav Rezanina -RH-Acked-by: Philippe Mathieu-Daudé - -gBS->LoadImage() returning EFI_NOT_FOUND is an expected condition; it -means that QEMU wasn't started with "-kernel". Log this status code as -INFO rather than ERROR. - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Cc: Philippe Mathieu-Daudé -Signed-off-by: Laszlo Ersek -Message-Id: <20200609105414.12474-1-lersek@redhat.com> -Acked-by: Ard Biesheuvel -(cherry picked from commit 14c7ed8b51f60097ad771277da69f74b22a7a759) ---- - .../Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -index 14c8417d43..114db7e844 100644 ---- a/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -+++ b/OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoadImageLib.c -@@ -106,7 +106,8 @@ QemuLoadKernelImage ( - goto UnloadImage; - - default: -- DEBUG ((DEBUG_ERROR, "%a: LoadImage(): %r\n", __FUNCTION__, Status)); -+ DEBUG ((Status == EFI_NOT_FOUND ? DEBUG_INFO : DEBUG_ERROR, -+ "%a: LoadImage(): %r\n", __FUNCTION__, Status)); - return Status; - } - --- -2.27.0 - diff --git a/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch b/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch deleted file mode 100644 index 73d05b4..0000000 --- a/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch +++ /dev/null @@ -1,140 +0,0 @@ -From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 14 Jul 2020 20:43:05 +0200 -Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate - ICH9_LPC_SMI_F_CPU_HOTPLUG -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek (lersek) -RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature -RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2) -RH-Bugzilla: 1849177 - -The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags -cause QEMU to behave as follows: - - BROADCAST CPU_HOTPLUG use case / behavior - --------- ----------- ------------------------------------------------ - clear clear OVMF built without SMM_REQUIRE; or very old OVMF - (from before commit a316d7ac91d3 / 2017-02-07). - QEMU permits CPU hotplug operations, and does - not cause the OS to inject an SMI upon hotplug. - Firmware is not expected to be aware of hotplug - events. - - clear set Invalid feature set; QEMU rejects the feature - negotiation. - - set clear OVMF after a316d7ac91d3 / 2017-02-07, built with - SMM_REQUIRE, but no support for CPU hotplug. - QEMU gracefully refuses hotplug operations. - - set set OVMF after a316d7ac91d3 / 2017-02-07, built with - SMM_REQUIRE, and supporting CPU hotplug. QEMU - permits CPU hotplug operations, and causes the - OS to inject an SMI upon hotplug. Firmware is - expected to deal with hotplug events. - -Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as -OvmfPkg/CpuHotplugSmm can't deal with SEV yet. - -Cc: Ard Biesheuvel -Cc: Boris Ostrovsky -Cc: Igor Mammedov -Cc: Jordan Justen -Cc: Liran Alon -Cc: Philippe Mathieu-Daudé -Signed-off-by: Laszlo Ersek -Message-Id: <20200714184305.9814-1-lersek@redhat.com> -Acked-by: Ard Biesheuvel -Reviewed-by: Philippe Mathieu-Daudé -(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++-- - OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 + - 2 files changed, 25 insertions(+), 2 deletions(-) - -diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -index 6210b7515e..c9d8755432 100644 ---- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c -@@ -9,6 +9,7 @@ - - #include - #include -+#include - #include - #include - #include -@@ -21,6 +22,12 @@ - // "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. - // - #define ICH9_LPC_SMI_F_BROADCAST BIT0 -+// -+// The following bit value stands for "enable CPU hotplug, and inject an SMI -+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the -+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. -+// -+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1 - - // - // Provides a scratch buffer (allocated in EfiReservedMemoryType type memory) -@@ -67,6 +74,7 @@ NegotiateSmiFeatures ( - UINTN SupportedFeaturesSize; - UINTN RequestedFeaturesSize; - UINTN FeaturesOkSize; -+ UINT64 RequestedFeaturesMask; - - // - // Look up the fw_cfg files used for feature negotiation. The selector keys -@@ -104,9 +112,16 @@ NegotiateSmiFeatures ( - QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures); - - // -- // We want broadcast SMI and nothing else. -+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else. - // -- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST; -+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST; -+ if (!MemEncryptSevIsEnabled ()) { -+ // -+ // For now, we only support hotplug with SEV disabled. -+ // -+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG; -+ } -+ mSmiFeatures &= RequestedFeaturesMask; - QemuFwCfgSelectItem (mRequestedFeaturesItem); - QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures); - -@@ -144,6 +159,13 @@ NegotiateSmiFeatures ( - DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__)); - } - -+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) { -+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__)); -+ } else { -+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n", -+ __FUNCTION__)); -+ } -+ - // - // Negotiation successful (although we may not have gotten the optimal - // feature set). -diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -index 3abed141e6..b8fdea8deb 100644 ---- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf -@@ -46,6 +46,7 @@ - BaseLib - DebugLib - IoLib -+ MemEncryptSevLib - MemoryAllocationLib - PcdLib - PciLib --- -2.27.0 - diff --git a/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch b/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch deleted file mode 100644 index a1700de..0000000 --- a/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 70c9d989107c6ac964bb437c5a4ea6ffe3214e45 Mon Sep 17 00:00:00 2001 -From: Miroslav Rezanina -Date: Mon, 10 Aug 2020 07:52:28 +0200 -Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before - re-fetch -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Laszlo Ersek -Message-id: <20200731141037.1941-2-lersek@redhat.com> -Patchwork-id: 98121 -O-Subject: [RHEL-8.3.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before re-fetch -Bugzilla: 1861718 -RH-Acked-by: Vitaly Kuznetsov -RH-Acked-by: Eduardo Habkost - -Most busy waits (spinlocks) in "UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c" -already call CpuPause() in their loop bodies; see SmmWaitForApArrival(), -APHandler(), and SmiRendezvous(). However, the "main wait" within -APHandler(): - -> // -> // Wait for something to happen -> // -> WaitForSemaphore (mSmmMpSyncData->CpuData[CpuIndex].Run); - -doesn't do so, as WaitForSemaphore() keeps trying to acquire the semaphore -without pausing. - -The performance impact is especially notable in QEMU/KVM + OVMF -virtualization with CPU overcommit (that is, when the guest has -significantly more VCPUs than the host has physical CPUs). The guest BSP -is working heavily in: - - BSPHandler() [MpService.c] - PerformRemainingTasks() [PiSmmCpuDxeSmm.c] - SetUefiMemMapAttributes() [SmmCpuMemoryManagement.c] - -while the many guest APs are spinning in the "Wait for something to -happen" semaphore acquisition, in APHandler(). The guest APs are -generating useless memory traffic and saturating host CPUs, hindering the -guest BSP's progress in SetUefiMemMapAttributes(). - -Rework the loop in WaitForSemaphore(): call CpuPause() in every iteration -after the first check fails. Due to Pause Loop Exiting (known as Pause -Filter on AMD), the host scheduler can favor the guest BSP over the guest -APs. - -Running a 16 GB RAM + 512 VCPU guest on a 448 PCPU host, this patch -reduces OVMF boot time (counted until reaching grub) from 20-30 minutes to -less than 4 minutes. - -The patch should benefit physical machines as well -- according to the -Intel SDM, PAUSE "Improves the performance of spin-wait loops". Adding -PAUSE to the generic WaitForSemaphore() function is considered a general -improvement. - -Cc: Eric Dong -Cc: Philippe Mathieu-Daudé -Cc: Rahul Kumar -Cc: Ray Ni -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1861718 -Signed-off-by: Laszlo Ersek -Message-Id: <20200729185217.10084-1-lersek@redhat.com> -Reviewed-by: Eric Dong -(cherry picked from commit 9001b750df64b25b14ec45a2efa1361a7b96c00a) -Signed-off-by: Miroslav Rezanina ---- - UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 18 +++++++++++------- - 1 file changed, 11 insertions(+), 7 deletions(-) - -diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -index 57e788c..4bcd217 100644 ---- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c -@@ -40,14 +40,18 @@ WaitForSemaphore ( - { - UINT32 Value; - -- do { -+ for (;;) { - Value = *Sem; -- } while (Value == 0 || -- InterlockedCompareExchange32 ( -- (UINT32*)Sem, -- Value, -- Value - 1 -- ) != Value); -+ if (Value != 0 && -+ InterlockedCompareExchange32 ( -+ (UINT32*)Sem, -+ Value, -+ Value - 1 -+ ) == Value) { -+ break; -+ } -+ CpuPause (); -+ } - return Value - 1; - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-ovmf-cc.json b/SOURCES/edk2-ovmf-cc.json new file mode 100644 index 0000000..2e52745 --- /dev/null +++ b/SOURCES/edk2-ovmf-cc.json @@ -0,0 +1,33 @@ +{ + "description": "OVMF with SEV-ES support", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-rhel8.5.0" + ] + } + ], + "features": [ + "amd-sev", + "amd-sev-es", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 138f368..7daf5b5 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -1,25 +1,25 @@ ExclusiveArch: x86_64 aarch64 -%define GITDATE 20200602 -%define GITCOMMIT ca407c7246bf +%define GITDATE 20210527 +%define GITCOMMIT e1999b264f1f %define TOOLCHAIN GCC5 -%define OPENSSL_VER 1.1.1g +%define OPENSSL_VER 1.1.1k Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 4%{?dist}.2 +Release: 3%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT URL: http://www.tianocore.org # The source tarball is created using following commands: -# COMMIT=%{GITCOMMIT} +# COMMIT=e1999b264f1f # git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \ # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz +Source2: openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb Source5: RedHatSecureBootPkKek1.pem @@ -28,12 +28,12 @@ Source10: edk2-aarch64-verbose.json Source11: edk2-aarch64.json Source12: edk2-ovmf-sb.json Source13: edk2-ovmf.json +Source14: edk2-ovmf-cc.json -Patch0007: 0007-BaseTools-do-not-build-BrotliCompress-RH-only.patch -Patch0008: 0008-MdeModulePkg-remove-package-private-Brotli-include-p.patch -Patch0009: 0009-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch -Patch0010: 0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch -Patch0011: 0011-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch +Patch0009: 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch +Patch0010: 0010-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +Patch0011: 0011-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch Patch0012: 0012-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch Patch0013: 0013-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch0014: 0014-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -48,46 +48,30 @@ Patch0022: 0022-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch Patch0023: 0023-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch Patch0024: 0024-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch Patch0025: 0025-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch -Patch0026: 0026-OvmfPkg-X86QemuLoadImageLib-handle-EFI_ACCESS_DENIED.patch -Patch0027: 0027-Revert-OvmfPkg-use-generic-QEMU-image-loader-for-sec.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch28: edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch -# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors -Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch -# For bz#1861718 - Very slow boot when overcommitting CPU -Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch -# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU -Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch -# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later) -Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch -# For bz#1952953 - edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8] [rhel-8.4.0.z] -Patch36: edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch37: edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch38: edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch39: edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch40: edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch41: edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch42: edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch43: edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch44: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch45: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch -# For bz#1956676 - EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z] -Patch46: edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +Patch0026: 0026-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +Patch0027: 0027-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch28: edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch29: edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch30: edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch31: edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch32: edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch33: edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch34: edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch35: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch36: edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch +# For bz#1956408 - edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0] +Patch37: edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch +# For bz#1988762 - edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec +Patch38: edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch # python3-devel and libuuid-devel are required for building tools. @@ -109,8 +93,8 @@ BuildRequires: mtools BuildRequires: genisoimage # For generating the variable store template with the default certificates -# enrolled, we need qemu-kvm. -BuildRequires: qemu-kvm >= 2.12.0-89 +# enrolled, we need the qemu-kvm executable. +BuildRequires: qemu-kvm-core >= 2.12.0-89 # For verifying SB enablement in the above variable store template, we need a # guest kernel that prints "Secure boot enabled". @@ -219,7 +203,7 @@ echo "Applied $COUNT patches" rm -f $PATCHLIST cp -a -- %{SOURCE1} %{SOURCE3} . -cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . +cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # Format the Red Hat-issued certificate that is to be enrolled as both Platform @@ -342,12 +326,8 @@ mkdir -p \ $RPM_BUILD_ROOT%{_datadir}/OVMF \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf -# We don't ship the SB-less, SMM-less binary. -%if 0 install -m 0644 Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ - $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.fd -ln -s ../%{name}/ovmf/OVMF_CODE.fd $RPM_BUILD_ROOT%{_datadir}/OVMF/ -%endif + $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd @@ -372,6 +352,8 @@ install -m 0644 edk2-ovmf-sb.json \ $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json install -m 0644 edk2-ovmf.json \ $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf.json +install -m 0644 edk2-ovmf-cc.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json %else mkdir -p \ @@ -456,10 +438,7 @@ install BaseTools/Scripts/GccBase.lds \ %doc ovmf-whitepaper-c770f8c.txt %dir %{_datadir}/OVMF/ %dir %{_datadir}/%{name}/ovmf/ -%if 0 -%{_datadir}/%{name}/ovmf/OVMF_CODE.fd -%{_datadir}/OVMF/OVMF_CODE.fd -%endif +%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd %{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.fd %{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd @@ -471,6 +450,7 @@ install BaseTools/Scripts/GccBase.lds \ %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi %{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json +%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json %{_datadir}/qemu/firmware/50-edk2-ovmf.json %else @@ -501,7 +481,6 @@ install BaseTools/Scripts/GccBase.lds \ %{_bindir}/GenSec %{_bindir}/LzmaCompress %{_bindir}/LzmaF86Compress -%{_bindir}/Split %{_bindir}/TianoCompress %{_bindir}/VfrCompile %{_bindir}/VolInfo @@ -537,24 +516,37 @@ true %endif %changelog -* Mon May 24 2021 Miroslav Rezanina - 20200602gitca407c7246bf-4.el8_4.2 -- edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch [bz#1956676] -- edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch [bz#1956676] -- Resolves: bz#1956676 - (EMBARGOED edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.4.0.z]) +* Fri Aug 06 2021 Miroslav Rezanina - 20210527gite1999b264f1f-3 +- edk2-MdeModulePkg-PartitionDxe-Ignore-PMBR-BootIndicator-.patch [bz#1988762] +- Resolves: bz#1988762 + (edk2 does not ignore PMBR protective record BootIndicator as required by UEFI spec) -* Thu May 13 2021 Miroslav Rezanina - 20200602gitca407c7246bf-4.el8_4.1 -- edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1952953] -- Resolves: bz#1952953 - (edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8] [rhel-8.4.0.z]) +* Fri Jul 02 2021 Miroslav Rezanina - 20210527gite1999b264f1f-2 +- edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-simplify-ISCSI_CHAP_AUTH_DATA.In.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-clean-up-ISCSI_CHAP_AUTH_DATA.Ou.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-clean-up-library-class-dependenc.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-potential-integer-overflow-i.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-assert-that-IScsiBinToHex-always.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-reformat-IScsiHexToBin-leading-c.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-hex-parsing.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-fix-IScsiHexToBin-buffer-overflo.patch [bz#1956408] +- edk2-NetworkPkg-IScsiDxe-check-IScsiHexToBin-return-value.patch [bz#1956408] +- Resolves: bz#1956408 + (edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe [rhel-8.5.0]) + +* Wed Jun 23 2021 Miroslav Rezanina - 20210527gite1999b264f1f-1 +- Rebase to edk2-stable202105 [bz#1938238] +- Resolves: bz#1938238 + ((edk2-rebase-rhel-8.5) - rebase edk2 to edk2-stable202105 for RHEL-8.5) + +* Wed May 12 2021 Miroslav Rezanina - 20200602gitca407c7246bf-5.el8 +- edk2-MdeModulePkg-LzmaCustomDecompressLib-catch-4GB-uncom.patch [bz#1892318] +- edk2-redhat-add-OVMF-binary-that-will-support-SEV-ES.patch [bz#1956837] +- Resolves: bz#1892318 + (edk2: possible heap corruption with LzmaUefiDecompressGetInfo [rhel-8]) +- Resolves: bz#1956837 + (Additional build of edk2 without SMM (dual build / sub-package) for SEV-ES) * Mon Nov 23 2020 Miroslav Rezanina - 20200602gitca407c7246bf-4.el8 - edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177]