rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS edk2-20251114-5.el10

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-04-07 06:31:05 -04:00
parent 8823139e7d
commit f7e0af067c
67 changed files with 1972 additions and 2171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -1,3 +1,5 @@
DBXUpdate-20230509.x64.bin
edk2-3e722403cd.tar.xz
openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
DBXUpdate-20251016.aa64.bin
DBXUpdate-20251016.x64.bin
dtc-1.7.0.tar.xz
edk2-46548b1adac8.tar.xz
openssl-rhel-c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c.tar.xz

16
0003-Remove-paths-leading-to-submodules.patch
View File

@ -1,4 +1,4 @@
From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001
From 3ba51256bdef2ee84943c2e2da85422107fdd8dc Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 24 Mar 2022 03:23:02 -0400
Subject: [PATCH] Remove paths leading to submodules
@ -15,10 +15,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 9 deletions(-)
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
index 5275f657ef..39d7199753 100644
index 0ea314ef96..92d3dedf47 100644
--- a/BaseTools/Source/C/GNUmakefile
+++ b/BaseTools/Source/C/GNUmakefile
@@ -51,7 +51,6 @@ all: makerootdir subdirs
@@ -24,7 +24,6 @@ all: makerootdir subdirs
LIBRARIES = Common
VFRAUTOGEN = VfrCompile/VfrLexer.h
APPLICATIONS = \
@ -27,10 +27,10 @@ index 5275f657ef..39d7199753 100644
EfiRom \
GenFfs \
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index f7339f0aec..badb93238f 100644
index 0775aa954a..0d981111ed 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -26,9 +26,6 @@
@@ -27,9 +27,6 @@
Include
Test/Mock/Include
@ -41,10 +41,10 @@ index f7339f0aec..badb93238f 100644
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index bf94549cbf..605b0f1be8 100644
index 8f02cf1767..3e4d25d2e1 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -29,7 +29,6 @@
@@ -30,7 +30,6 @@
Include
Test/UnitTest/Include
Test/Mock/Include
@ -52,7 +52,7 @@ index bf94549cbf..605b0f1be8 100644
[Includes.IA32]
Include/Ia32
@@ -295,10 +294,6 @@
@@ -293,10 +292,6 @@
#
FdtLib|Include/Library/FdtLib.h

35
0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
View File

@ -1,9 +1,14 @@
From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001
From dbdf905bad52ad0126f99438f637bd464313c1b8 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
change (RH only)
Notes for rebase to edk2-stable202505:
- Minor context changes due to be03ceb ArmPkg: ArmFfaLib: Move ArmFfaLib
implementation to MdeModulePkg
Notes for rebase to edk2-stable202311:
- Minor context changes due to new PCDs (for USB Networking) being added.
@ -99,25 +104,25 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index badb93238f..3a67acc090 100644
index 0d981111ed..77d8aa49df 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2222,6 +2222,10 @@
# @Prompt The value is use for Usb Network rate limiting supported.
gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
@@ -2300,6 +2300,10 @@
# @Prompt Conduit to use in ArmFfaLib.
gEfiMdeModulePkgTokenSpaceGuid.PcdFfaLibConduitSmc|TRUE|BOOLEAN|0x10000029
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
+
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
+
[PcdsPatchableInModule]
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
index 7809869e7d..3be801039b 100644
index 10d6695397..1423e99830 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@ -126,9 +131,9 @@ index 7809869e7d..3be801039b 100644
#include "Terminal.h"
//
@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
@@ -83,6 +85,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', '0', ';', '0', '0', '
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', '0', 'D', 0 };
+//
+// Note that this is an ASCII format string, taking two INT32 arguments:
@ -143,7 +148,7 @@ index 7809869e7d..3be801039b 100644
//
// Body of the ConOut functions
//
@@ -498,6 +510,24 @@ TerminalConOutSetMode (
@@ -533,6 +545,24 @@ TerminalConOutSetMode (
return EFI_DEVICE_ERROR;
}

53
0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
View File

@ -1,4 +1,4 @@
From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001
From f9b45a184e1dbb81010ce25b04299d208fe94121 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
@ -75,18 +75,17 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/PlatformPei/Platform.c | 13 +++++++++++++
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
9 files changed, 21 insertions(+), 1 deletion(-)
8 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 8eb6f4f24f..627fded641 100644
index 8e7e69da00..b18345f4a7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -484,6 +484,7 @@
@@ -487,6 +487,7 @@
[PcdsDynamicDefault]
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -95,10 +94,10 @@ index 8eb6f4f24f..627fded641 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 4996885301..51a49c09ad 100644
index 157aa8e611..f6a80943ab 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -581,6 +581,7 @@
@@ -601,6 +601,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -107,10 +106,10 @@ index 4996885301..51a49c09ad 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 0931ce061a..9f49b60ff0 100644
index 18fd116311..83772af284 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -477,6 +477,7 @@
@@ -479,6 +479,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -119,10 +118,10 @@ index 0931ce061a..9f49b60ff0 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 69de4dd3f1..fb73f2e089 100644
index 884d5a9432..b56ca4e42f 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -590,7 +590,7 @@
@@ -588,7 +588,7 @@
# only set when
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -131,23 +130,11 @@ index 69de4dd3f1..fb73f2e089 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 2ca005d768..dddef5ed0e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -599,6 +599,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a39070a626..933abb258f 100644
index 5b2f51e49a..5273113e0f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -611,6 +611,7 @@
@@ -620,6 +620,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -156,10 +143,10 @@ index a39070a626..933abb258f 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 1b90aa8f57..04157ab14b 100644
index 9180e88645..fbbe0656b4 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -629,6 +629,7 @@
@@ -697,6 +697,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
@ -168,12 +155,12 @@ index 1b90aa8f57..04157ab14b 100644
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index df35726ff6..6c786bfc1e 100644
index a354e0641f..bb791fba71 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -41,6 +41,18 @@
@@ -43,6 +43,18 @@
#include "Platform.h"
#include "PlatformId.h"
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
@ -190,7 +177,7 @@ index df35726ff6..6c786bfc1e 100644
EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = {
{
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
@@ -355,6 +367,7 @@ InitializePlatform (
@@ -365,6 +377,7 @@ InitializePlatform (
MemTypeInfoInitialization (PlatformInfoHob);
MemMapInitialization (PlatformInfoHob);
NoexecDxeInitialization (PlatformInfoHob);
@ -199,10 +186,10 @@ index df35726ff6..6c786bfc1e 100644
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index e036018eab..a2f59e8fc8 100644
index 1f1616c569..a82c9a6490 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -103,6 +103,7 @@
@@ -108,6 +108,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved

8
0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
View File

@ -1,4 +1,4 @@
From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001
From c3bec28d544bd8a77e8b6fc31208d9348dd749c3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 64aa4e96e5..c37c4ba61e 100644
index 9d85ef653b..24416ca984 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -311,6 +311,8 @@
@@ -317,6 +317,8 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
!endif
@ -108,7 +108,7 @@ index 64aa4e96e5..c37c4ba61e 100644
[PcdsDynamicHii]
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
@@ -416,7 +418,10 @@
@@ -452,7 +454,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf

30
0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001
From 48ff6ef136079ee9fab4c20bdb0ec791e8c3af03 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
@ -59,42 +59,28 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 627fded641..cef43b34b7 100644
index b18345f4a7..c7342f4f34 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -429,7 +429,7 @@
@@ -432,7 +432,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index dddef5ed0e..270bd612e5 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -535,7 +535,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 933abb258f..269a4b2b21 100644
index 5273113e0f..db2abc7cd3 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -542,7 +542,7 @@
@@ -551,7 +551,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
@ -104,10 +90,10 @@ index 933abb258f..269a4b2b21 100644
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 04157ab14b..9614cc1c56 100644
index fbbe0656b4..75768c37c6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -561,7 +561,7 @@
@@ -629,7 +629,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error

38
0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
View File

@ -1,4 +1,4 @@
From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001
From a3bb6ef0037323bf330d2f16cd4863ecc0a82b81 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -80,16 +80,15 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
4 files changed, 32 insertions(+), 8 deletions(-)
3 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cef43b34b7..f53380aca2 100644
index c7342f4f34..b4fb1554e7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -691,8 +691,14 @@
@@ -683,8 +683,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@ -106,32 +105,11 @@ index cef43b34b7..f53380aca2 100644
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 270bd612e5..d942c7354a 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -828,8 +828,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 269a4b2b21..d915b847cb 100644
index db2abc7cd3..935cbab30d 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -842,8 +842,14 @@
@@ -848,8 +848,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
@ -149,10 +127,10 @@ index 269a4b2b21..d915b847cb 100644
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 9614cc1c56..12ee5510bd 100644
index 75768c37c6..c27cf21deb 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -910,8 +910,14 @@
@@ -979,8 +979,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf

10
0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
View File

@ -1,4 +1,4 @@
From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001
From b7ea0f898387c9d8fe1f04bc2156e0d696d80eeb Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index c37c4ba61e..00e656d0c9 100644
index 24416ca984..6432b03c27 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -546,7 +546,10 @@
@@ -579,7 +579,10 @@
#
# Video support
#
@ -77,10 +77,10 @@ index c37c4ba61e..00e656d0c9 100644
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 2cf96accbd..c7918c8cf3 100644
index ebdb7dc834..354d16ac28 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -450,7 +450,10 @@
@@ -463,7 +463,10 @@
#
# Video support
#

2
0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
View File

@ -1,4 +1,4 @@
From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001
From 3b9d1965958e2b76a09500a16fd5e19f561479ae Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64

33
0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
View File

@ -1,4 +1,4 @@
From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001
From 03a7bc5196c937121618c01cb468f89614fac322 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
@ -57,16 +57,15 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
4 files changed, 16 insertions(+), 4 deletions(-)
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index f53380aca2..32f47704bc 100644
index b4fb1554e7..97f595b38a 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -686,7 +686,10 @@
@@ -678,7 +678,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -78,27 +77,11 @@ index f53380aca2..32f47704bc 100644
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d942c7354a..49540d54d0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -823,7 +823,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d915b847cb..1c4e0514ed 100644
index 935cbab30d..5bb2a7cef7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -837,7 +837,10 @@
@@ -843,7 +843,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
@ -111,10 +94,10 @@ index d915b847cb..1c4e0514ed 100644
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 12ee5510bd..e50e63b3f6 100644
index c27cf21deb..62d6a008c6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -905,7 +905,10 @@
@@ -974,7 +974,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf

18
0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
View File

@ -1,4 +1,4 @@
From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001
From 5b0bc2cc3e84b8951e82246b12c3aef80c433b70 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:31:36 +0200
Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
@ -32,20 +32,20 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 18 insertions(+)
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index 3c12085f6c..e192809198 100644
index 4598233ec1..66fba2d64d 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -19,6 +19,7 @@
@@ -20,6 +20,7 @@
#include <Library/BaseMemoryLib.h>
#include <Library/BlobVerifierLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/HobLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/QemuFwCfgLib.h>
@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint (
if (KernelBlob->Data == NULL) {
@@ -1304,6 +1305,22 @@ QemuKernelLoaderFsDxeEntrypoint (
if ((Blob == NULL) && (mKernelNamedBlobCount == 0)) {
DEBUG ((DEBUG_INFO, "%a: no kernel and no named blobs present -> quit\n", __func__));
Status = EFI_NOT_FOUND;
+#if defined (MDE_CPU_AARCH64)
+ //
@ -67,7 +67,7 @@ index 3c12085f6c..e192809198 100644
}
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
index 7b35adb8e0..23d9f5fca1 100644
index d24bd17c60..3794223524 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
@@ -28,6 +28,7 @@
@ -76,5 +76,5 @@ index 7b35adb8e0..23d9f5fca1 100644
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
HobLib
MemoryAllocationLib
QemuFwCfgLib

6
0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
View File

@ -1,4 +1,4 @@
From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001
From 28b4ba4dcd57eda5ef568ef6f4e08a0cb0007ab6 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:40:09 +0200
Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 18 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index b55b6c12d2..0be885c391 100644
index 85a852842d..179c1499d3 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@ -42,7 +42,7 @@ index b55b6c12d2..0be885c391 100644
#include <Library/BaseMemoryLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -2743,6 +2744,22 @@ DriverEntry (
@@ -2753,6 +2754,22 @@ DriverEntry (
CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
{
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));

54
0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001
From 42fd784f17f7ce1c2d2fe1b29cd4ac9aff198f7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:49 +0200
Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
6 files changed, 6 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 32f47704bc..6b6e108d11 100644
index 97f595b38a..06b8bf7275 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -611,7 +611,6 @@
@@ -612,7 +612,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -41,34 +39,10 @@ index 32f47704bc..6b6e108d11 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 595945181c..c176043482 100644
index dbb733310e..d49e51da69 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 49540d54d0..d368aa11fe 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -746,7 +746,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0d4abb50a8..ef933def99 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -149,7 +149,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
@ -77,10 +51,10 @@ index 0d4abb50a8..ef933def99 100644
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1c4e0514ed..cf09bdf785 100644
index 5bb2a7cef7..59c205ead5 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -760,7 +760,6 @@
@@ -771,7 +771,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -89,10 +63,10 @@ index 1c4e0514ed..cf09bdf785 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 23a825a012..0cd98ada5a 100644
index 2ab9bcf45c..a6054701a7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -187,7 +187,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
@ -101,10 +75,10 @@ index 23a825a012..0cd98ada5a 100644
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e50e63b3f6..098d569381 100644
index 62d6a008c6..7342d5871e 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -805,7 +805,6 @@
@@ -879,7 +879,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
@ -113,10 +87,10 @@ index e50e63b3f6..098d569381 100644
UefiCpuPkg/CpuDxe/CpuDxe.inf {
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 4dcd6a033c..b201505214 100644
index 3eec3145ad..b9f88a32fc 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
@@ -197,7 +197,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf

54
0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001
From 1abeb1fd3164d212d799d9a767eeeb15a5c911e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:59 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
6 files changed, 6 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 6b6e108d11..5461c1290d 100644
index 06b8bf7275..6efc896439 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -701,7 +701,6 @@
@@ -693,7 +693,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -41,10 +39,10 @@ index 6b6e108d11..5461c1290d 100644
#
# ISA Support
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c176043482..10538a0465 100644
index d49e51da69..6177fb65c3 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -228,7 +228,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@ -52,35 +50,11 @@ index c176043482..10538a0465 100644
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d368aa11fe..40e78014c4 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -838,7 +838,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index ef933def99..68d59968ec 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cf09bdf785..6ade9aa0ef 100644
index 59c205ead5..24a27f34ea 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -852,7 +852,6 @@
@@ -858,7 +858,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -89,10 +63,10 @@ index cf09bdf785..6ade9aa0ef 100644
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0cd98ada5a..8891d96422 100644
index a6054701a7..d8a1dcca04 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -285,7 +285,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@ -101,10 +75,10 @@ index 0cd98ada5a..8891d96422 100644
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 098d569381..8563835ae5 100644
index 7342d5871e..5a8ffe8828 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -920,7 +920,6 @@
@@ -989,7 +989,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
@ -113,10 +87,10 @@ index 098d569381..8563835ae5 100644
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b201505214..06ac4423da 100644
index b9f88a32fc..84a77918ba 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
@@ -303,7 +303,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf

46
0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001
From 948e269f5424976af342eaed0725bcd7ee384706 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:13 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
@ -18,43 +18,17 @@ Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
6 files changed, 6 deletions(-)
4 files changed, 4 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 40e78014c4..afd2a3c5c0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -816,7 +816,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 68d59968ec..c392b96470 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6ade9aa0ef..f5a4c57c8e 100644
index 24a27f34ea..4c8d78ba80 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -830,7 +830,6 @@
@@ -836,7 +836,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -63,10 +37,10 @@ index 6ade9aa0ef..f5a4c57c8e 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 8891d96422..6278daeeee 100644
index d8a1dcca04..bf3411774f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -253,7 +253,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -75,10 +49,10 @@ index 8891d96422..6278daeeee 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8563835ae5..08b73a64c9 100644
index 5a8ffe8828..fee634edd3 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -898,7 +898,6 @@
@@ -967,7 +967,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -87,10 +61,10 @@ index 8563835ae5..08b73a64c9 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 06ac4423da..fc4b6dd3a4 100644
index 84a77918ba..f0a3664339 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
@@ -269,7 +269,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

14
0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch
View File

@ -1,4 +1,4 @@
From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001
From 78172198efd225c2b2d0d4de685e497e27ec7816 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:16 +0200
Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 00e656d0c9..d1deccaadc 100644
index 6432b03c27..a0bf583b54 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -464,7 +464,6 @@
@@ -507,7 +507,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -36,10 +36,10 @@ index 00e656d0c9..d1deccaadc 100644
#
# Bds
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 38906004d7..7205274bed 100644
index df9fa67ddf..9d67ee607f 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -85,7 +85,6 @@ READ_LOCK_STATUS = TRUE
@@ -90,7 +90,6 @@ READ_LOCK_STATUS = TRUE
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
@ -48,10 +48,10 @@ index 38906004d7..7205274bed 100644
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index c7918c8cf3..9643fd5427 100644
index 354d16ac28..f1aa5a78a9 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -368,7 +368,6 @@
@@ -391,7 +391,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf

54
0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001
From 6a292afd406e0f596401865e045d07cbfb007e7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:19 +0200
Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
6 files changed, 6 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 5461c1290d..cf1ad83e09 100644
index 6efc896439..717956cfc9 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -679,7 +679,6 @@
@@ -671,7 +671,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -41,10 +39,10 @@ index 5461c1290d..cf1ad83e09 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 10538a0465..c56c98dc85 100644
index 6177fb65c3..069dc40e97 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -208,7 +208,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
@ -52,35 +50,11 @@ index 10538a0465..c56c98dc85 100644
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
INF OvmfPkg/AmdSev/Grub/Grub.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index afd2a3c5c0..d8ae542686 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -815,7 +815,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index c392b96470..0ffa3be750 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f5a4c57c8e..52ac2c96fc 100644
index 4c8d78ba80..2be6a1321c 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -829,7 +829,6 @@
@@ -835,7 +835,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -89,10 +63,10 @@ index f5a4c57c8e..52ac2c96fc 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6278daeeee..c4f3ec0735 100644
index bf3411774f..c1b9b9b6d7 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -252,7 +252,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
@ -101,10 +75,10 @@ index 6278daeeee..c4f3ec0735 100644
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 08b73a64c9..f76d0ef7bc 100644
index fee634edd3..724a84554c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -897,7 +897,6 @@
@@ -966,7 +966,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -113,10 +87,10 @@ index 08b73a64c9..f76d0ef7bc 100644
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index fc4b6dd3a4..bedd85ef7a 100644
index f0a3664339..9f24e6cd88 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
@@ -268,7 +268,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf

14
0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001
From 9dbf4272b3c0a23974806cb7956d10adf176ac55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:22 +0200
Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1deccaadc..f91bb09fa3 100644
index a0bf583b54..a0a36632c2 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -463,7 +463,6 @@
@@ -506,7 +506,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
@ -36,10 +36,10 @@ index d1deccaadc..f91bb09fa3 100644
#
# Bds
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 7205274bed..24a9dac2fd 100644
index 9d67ee607f..e476343401 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -84,7 +84,6 @@ READ_LOCK_STATUS = TRUE
@@ -89,7 +89,6 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
@ -48,10 +48,10 @@ index 7205274bed..24a9dac2fd 100644
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 9643fd5427..c2825aa4c2 100644
index f1aa5a78a9..8212cd2a00 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -367,7 +367,6 @@
@@ -390,7 +390,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf

8
0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001
From b7953417ba9a4db13049d2428b3ed43f48bbc6d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:25 +0200
Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)
@ -27,7 +27,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 5 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index 4075688e41..3663938054 100644
index e8f4f42b33..9df0a29c17 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -6,10 +6,6 @@
@ -42,10 +42,10 @@ index 4075688e41..3663938054 100644
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index 38f69747b0..1637083ff1 100644
index eef89be88e..a0e0d10e76 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -6,7 +6,6 @@
@@ -10,7 +10,6 @@
!if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE

54
0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch
View File

@ -1,54 +0,0 @@
From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:28 +0200
Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via TFTP.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++----
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 7044790a1e..ee98673e98 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,10 +391,9 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
+ #
+ # UEFI application (Shell Embedded Boot Loader)
+ #
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 24a9dac2fd..1341de0a2f 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
INF ShellPkg/Application/Shell/Shell.inf
- INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

8
0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch → 0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
View File

@ -1,4 +1,4 @@
From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001
From ecc0fc23de0ae74e90d50ae99cdde34a0eec9efe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:31 +0200
Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)
@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 9 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index 3663938054..a568f1ecc5 100644
index 9df0a29c17..eca62339c9 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -5,12 +5,6 @@
@ -48,10 +48,10 @@ index 3663938054..a568f1ecc5 100644
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index 1637083ff1..c0118a46e2 100644
index a0e0d10e76..59b5f55ce5 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -5,9 +5,6 @@
@@ -9,9 +9,6 @@
!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
!if $(TOOL_CHAIN_TAG) != "XCODE5"

8
0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch → 0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
View File

@ -1,4 +1,4 @@
From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001
From 33411781440d81b039a48637c0772ecaec88f7e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:39 +0200
Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
@ -36,7 +36,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
2 files changed, 5 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index a568f1ecc5..f7e0f5e90e 100644
index eca62339c9..2318ae64ab 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -9,10 +9,6 @@
@ -51,10 +51,10 @@ index a568f1ecc5..f7e0f5e90e 100644
ShellPkg/Application/Shell/Shell.inf {
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index c0118a46e2..dced75e388 100644
index 59b5f55ce5..6838bf4159 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -6,7 +6,6 @@
@@ -10,7 +10,6 @@
!if $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf

55
0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch
View File

@ -1,55 +0,0 @@
From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:34 +0200
Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via HTTP(S).
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 4 ----
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index ee98673e98..996b4ddfc4 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -394,10 +394,6 @@
#
# UEFI application (Shell Embedded Boot Loader)
#
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 1341de0a2f..b49bf7ad4e 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
INF ShellPkg/Application/Shell/Shell.inf
- INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

18
0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch → 0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
View File

@ -1,4 +1,4 @@
From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001
From 8f2163ec41344d311f9d985a7325b7fa4c4b122d Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 16 Aug 2023 12:09:40 +0200
Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
@ -22,12 +22,12 @@ patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
present_in_specfile: true
location_in_specfile: 44
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 43 +++++++++++++++++++++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++
2 files changed, 44 insertions(+)
2 files changed, 45 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index d497a343d3..0eb88e50ff 100644
index d497a343d3..ca345e95da 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -19,6 +19,7 @@
@ -90,10 +90,11 @@ index d497a343d3..0eb88e50ff 100644
//
// Do nothing when SEV is not enabled
@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
);
@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint (
return EFI_UNSUPPORTED;
}
+ // Shim fallback reboot workaround
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
@ -104,8 +105,9 @@ index d497a343d3..0eb88e50ff 100644
+ );
+ ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}
//
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
// memory space. The NonExistent memory space will be used for mapping the
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index e7c7d526c9..09cbd2b0ca 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf

4
0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch → 0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch
View File

@ -1,7 +1,7 @@
From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001
From c5d8df4e356938b081d0a42b5f127337b0d211cb Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:11:02 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file (RH only)
Needed by rhel downstream openssl patches.

66
0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch
View File

@ -1,66 +0,0 @@
From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:46 +0200
Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to register a file in the shell as the initial
ramdisk for a UEFI stubbed kernel, to be booted next.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 10 +++-------
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 996b4ddfc4..2561e10ff5 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,17 +391,13 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
- #
- # UEFI application (Shell Embedded Boot Loader)
- #
+ #
+ # UEFI application (Shell Embedded Boot Loader)
+ #
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index b49bf7ad4e..753afd799b 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -101,7 +101,6 @@ READ_LOCK_STATUS = TRUE
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
- INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
#
# Bds

15
0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch → 0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
View File

@ -1,7 +1,8 @@
From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001
From 555619114921a2e44fae3fb4e741b291e6b9de1b Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:27:09 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
(RH only)
Needed by rhel downstream openssl patches, they use unix syscalls
for file access (instead of fopen + friends like the rest of the
@ -15,10 +16,10 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2 files changed, 87 insertions(+)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 37cdecc9bd..dfdb635536 100644
index 8a8fdfefc7..11d01106d4 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -550,6 +550,52 @@ fread (
@@ -611,6 +611,52 @@ fread (
return 0;
}
@ -72,10 +73,10 @@ index 37cdecc9bd..dfdb635536 100644
getuid (
void
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index f36fe08f0c..7d98496af8 100644
index 4da2ef61f7..5cf2de58a9 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -62,6 +62,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Definitions for global constants used by CRT library routines
//
@ -83,7 +84,7 @@ index f36fe08f0c..7d98496af8 100644
#define EINVAL 22 /* Invalid argument */
#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -90,6 +91,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define NS_INADDRSZ 4 /*%< IPv4 T_A */
#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
@ -99,7 +100,7 @@ index f36fe08f0c..7d98496af8 100644
//
// Basic types mapping
//
@@ -324,6 +334,37 @@ fprintf (
@@ -316,6 +326,37 @@ fprintf (
...
);

15
edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch → 0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
View File

@ -1,7 +1,7 @@
From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001
From a7adaad69c0af3dde7184ccb2c725ca84986d1c7 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 14 Aug 2024 09:53:49 +0200
Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
@ -16,15 +16,19 @@ Reword it and also add a message confirming eventual success to
deescalate the importance somewhat.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
present_in_specfile: true
location_in_specfile: 41
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..905a944975 100644
index 3495b42db8..f8e59595da 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -946,12 +946,13 @@ PseudoRandom (
@@ -952,12 +952,13 @@ PseudoRandom (
//
// Secure Algorithm was supported on this platform
//
@ -39,6 +43,3 @@ index 4dfbe91a55..905a944975 100644
//
// Try the next secure algorithm
--
2.39.3

49
0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
View File

@ -1,49 +0,0 @@
From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 28 Feb 2023 15:47:00 +0100
Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Bugzilla: 2124143
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2)
In case the number of CPUs can in increase beyond 255
due to CPU hotplug choose x2apic mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
present_in_specfile: true
location_in_specfile: 38
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index d724456502..c478878bb0 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -534,7 +534,9 @@ CollectProcessorCount (
//
// Enable x2APIC mode if
// 1. Number of CPU is greater than 255; or
- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater.
+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and
+ // more than 255 logical processors are possible later, with hotplug; or
+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater.
//
X2Apic = FALSE;
if (CpuMpData->CpuCount > 255) {
@@ -542,6 +544,10 @@ CollectProcessorCount (
// If there are more than 255 processor found, force to enable X2APIC
//
X2Apic = TRUE;
+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) &&
+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255))
+ {
+ X2Apic = TRUE;
} else {
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
for (Index = 0; Index < CpuMpData->CpuCount; Index++) {

350
0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch Normal file
View File

@ -0,0 +1,350 @@
From a6f05c646722bb85de8b2f21af47e0f88e103010 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 12:40:12 +0100
Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 82: Add a Fallback RNG (RH only)
RH-Jira: RHEL-66234
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/2] bb62ac9e3f1cd5eae1bb94e047fb6ebada57cd24 (osteffen/edk2)
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
present_in_specfile: true
location_in_specfile: 48
---
.../PlatformBootManagerLib/BdsPlatform.c | 6 +
.../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++
.../PlatformBootManagerLib/FallbackRng.h | 20 ++
.../PlatformBootManagerLib.inf | 5 +
4 files changed, 253 insertions(+)
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index b696f1b338..2982b4f288 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -17,6 +17,7 @@
#include <Library/QemuFwCfgSimpleParserLib.h>
#include <Library/PlatformBootManagerCommonLib.h>
+#include "FallbackRng.h"
//
// Global data
@@ -350,6 +351,9 @@ PlatformBootManagerBeforeConsole (
ConnectVirtioPciRng,
NULL
);
+
+ FallbackRngCheckAndInstall ();
+
}
EFI_STATUS
@@ -1619,6 +1623,8 @@ PlatformBootManagerAfterConsole (
DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ FallbackRngPrintWarning ();
+
if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
DEBUG ((
DEBUG_INFO,
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
new file mode 100644
index 0000000000..bba60e29d5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
@@ -0,0 +1,222 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Protocol/Rng.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include "FallbackRng.h"
+
+typedef struct {
+ EFI_RNG_PROTOCOL Rng;
+ EFI_HANDLE Handle;
+} FALLBACK_RNG_DEV;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
+ RNGAlgorithmList.
+ On output with a return code of
+ EFI_SUCCESS, the size in bytes of the
+ data returned in RNGAlgorithmList. On
+ output with a return code of
+ EFI_BUFFER_TOO_SMALL, the size of
+ RNGAlgorithmList required to obtain the
+ list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled
+ by the driver with one EFI_RNG_ALGORITHM
+ element for each supported RNG algorithm.
+ The list must not change across multiple
+ calls to the same driver. The first
+ algorithm in the list is the default
+ algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned
+ successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this
+ driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be
+ retrieved due to a hardware or firmware
+ error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are
+ incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small
+ to hold the result.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+{
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (RNGAlgorithmList == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG
+ algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that
+ identifies the RNG algorithm to use. May
+ be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer
+ pointed to by RNGValue. The driver shall
+ return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled
+ by the driver with the resulting RNG
+ value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm
+ is not supported by this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due
+ to a hardware or firmware error.
+ @retval EFI_NOT_READY There is not enough random data available
+ to satisfy the length requested by
+ RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is
+ zero.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ UINT64 RandomData;
+ EFI_STATUS Status;
+ UINTN i;
+
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // We only support the raw algorithm, so reject requests for anything else
+ //
+ if ((RNGAlgorithm != NULL) &&
+ !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
+ {
+ return EFI_UNSUPPORTED;
+ }
+
+ for (i = 0; i < RNGValueLength; ++i) {
+ if (i % 4 == 0) {
+ Status = GetRandomNumber64 (&RandomData);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+static FALLBACK_RNG_DEV Dev = {
+ .Rng.GetInfo = FallbackRngGetInfo,
+ .Rng.GetRNG = FallbackRngGetRNG,
+ .Handle = NULL,
+};
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINTN HandleCount = 0;
+
+ if (Dev.Handle != NULL) {
+ DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
+ return EFI_ALREADY_STARTED;
+ }
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiRngProtocolGuid,
+ NULL,
+ &HandleCount,
+ &HandleBuffer
+ );
+
+ gBS->FreePool (HandleBuffer);
+
+ if (Status == EFI_NOT_FOUND) {
+ HandleCount = 0;
+ } else if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
+
+ if (HandleCount == 0) {
+ // Install RNG
+ Status = gBS->InstallProtocolInterface (
+ &Dev.Handle,
+ &gEfiRngProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Dev.Rng
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
+ return Status;
+ }
+
+ gDS->Dispatch ();
+ }
+
+ return EFI_SUCCESS;
+}
+
+VOID
+FallbackRngPrintWarning (
+ )
+{
+ if (Dev.Handle != NULL) {
+ Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
+ DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
+ gBS->Stall (2000000);
+ }
+}
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
new file mode 100644
index 0000000000..77332bc51c
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
@@ -0,0 +1,20 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _FALLBACK_RNG_H_
+#define _FALLBACK_RNG_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ );
+
+VOID
+FallbackRngPrintWarning (
+ );
+
+#endif
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 9675eb081f..0d4a7c83d6 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -25,6 +25,8 @@
PlatformData.c
QemuKernel.c
BdsPlatform.h
+ FallbackRng.c
+ FallbackRng.h
[Packages]
MdePkg/MdePkg.dec
@@ -58,6 +60,7 @@
XenPlatformLib
QemuFwCfgSimpleParserLib
PlatformBootManagerCommonLib
+ RngLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
@@ -82,6 +85,7 @@
gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED
+ gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
[Guids]
gEfiEndOfDxeEventGroupGuid
@@ -90,3 +94,4 @@
gUefiShellFileGuid
gGrubFileGuid
gUiAppFileGuid
+ gEfiRngAlgorithmRaw

102
0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch Normal file
View File

@ -0,0 +1,102 @@
From f3548d62625d5ad2728078e4188e9f40965dbfe2 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 82: Add a Fallback RNG (RH only)
RH-Jira: RHEL-66234
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/2] ae2c04680e6420e096c667a22c52ec6f6fb46935 (osteffen/edk2)
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
This patch adds the fallback rng which was introduced in a
previous commit also to the ArmVirtPkg PlatformBootManagerLib.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
present_in_specfile: true
location_in_specfile: 49
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
index 2c24c65489..273e6f6a7e 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
@@ -30,6 +30,7 @@
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Guid/SerialPortLibVendor.h>
#include <Library/PlatformBootManagerCommonLib.h>
+#include "FallbackRng.h"
#include "PlatformBm.h"
@@ -819,6 +820,7 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+
//
// Add the hardcoded short-form USB keyboard device path to ConIn.
//
@@ -916,6 +918,8 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
+
+ FallbackRngCheckAndInstall ();
}
/**
@@ -982,6 +986,8 @@ PlatformBootManagerAfterConsole (
BOOLEAN Uninstall;
BOOLEAN ShellEnabled;
+ FallbackRngPrintWarning ();
+
//
// Show the splash screen.
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
index 9e89556b14..8ccd306780 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
@@ -27,6 +27,8 @@
PlatformBm.c
PlatformBm.h
QemuKernel.c
+ ../PlatformBootManagerLib/FallbackRng.h
+ ../PlatformBootManagerLib/FallbackRng.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -54,6 +56,7 @@
UefiLib
UefiRuntimeServicesTableLib
PlatformBootManagerCommonLib
+ RngLib
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
@@ -72,6 +75,7 @@
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
gUiAppFileGuid
+ gEfiRngAlgorithmRaw
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
@@ -79,3 +83,4 @@
gEfiMemoryAttributeProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid

123
0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch Normal file
View File

@ -0,0 +1,123 @@
From d66a5ff583903e27bd3851e41c3ee17f697f60af Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 16 Jan 2025 17:20:38 +0100
Subject: [PATCH] OvmfPkg/X64: add opt/org.tianocore/UninstallMemAttrProtocol
support (RH only)
Add support for opt/org.tianocore/UninstallMemAttrProtocol, to allow
turning off EFI_MEMORY_ATTRIBUTE_PROTOCOL, simliar to ArmVirtPkg.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../PlatformBootManagerLib/BdsPlatform.c | 63 +++++++++++++++++++
.../PlatformBootManagerLib.inf | 2 +
2 files changed, 65 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 2982b4f288..b1722a28dd 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -1600,6 +1600,49 @@ SaveS3BootScript (
ASSERT_EFI_ERROR (Status);
}
+/**
+ Uninstall the EFI memory attribute protocol if it exists.
+**/
+STATIC
+VOID
+UninstallEfiMemoryAttributesProtocol (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE Handle;
+ UINTN Size;
+ VOID *MemoryAttributeProtocol;
+
+ Size = sizeof (Handle);
+ Status = gBS->LocateHandle (
+ ByProtocol,
+ &gEfiMemoryAttributeProtocolGuid,
+ NULL,
+ &Size,
+ &Handle
+ );
+
+ if (EFI_ERROR (Status)) {
+ ASSERT (Status == EFI_NOT_FOUND);
+ return;
+ }
+
+ Status = gBS->HandleProtocol (
+ Handle,
+ &gEfiMemoryAttributeProtocolGuid,
+ &MemoryAttributeProtocol
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ Status = gBS->UninstallProtocolInterface (
+ Handle,
+ &gEfiMemoryAttributeProtocolGuid,
+ MemoryAttributeProtocol
+ );
+ ASSERT_EFI_ERROR (Status);
+}
+
/**
Do the platform specific action after the console is ready
@@ -1620,6 +1663,7 @@ PlatformBootManagerAfterConsole (
)
{
EFI_BOOT_MODE BootMode;
+ BOOLEAN Uninstall;
DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
@@ -1666,6 +1710,25 @@ PlatformBootManagerAfterConsole (
//
StoreQemuBootOrder ();
+ //
+ // Work around shim's terminally broken use of the EFI memory attributes
+ // protocol, by uninstalling it if requested on the QEMU command line.
+ //
+ // E.g.,
+ // -fw_cfg opt/org.tianocore/UninstallMemAttrProtocol,string=y
+ //
+ Uninstall = FixedPcdGetBool (PcdUninstallMemAttrProtocol);
+ QemuFwCfgParseBool ("opt/org.tianocore/UninstallMemAttrProtocol", &Uninstall);
+ DEBUG ((
+ DEBUG_WARN,
+ "%a: %auninstalling EFI memory protocol\n",
+ __func__,
+ Uninstall ? "" : "not "
+ ));
+ if (Uninstall) {
+ UninstallEfiMemoryAttributesProtocol ();
+ }
+
//
// Process QEMU's -kernel command line option
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index 0d4a7c83d6..e9a0062b5d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -67,6 +67,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware
+ gUefiOvmfPkgTokenSpaceGuid.PcdUninstallMemAttrProtocol
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable
gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES
@@ -86,6 +87,7 @@
gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED
gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
+ gEfiMemoryAttributeProtocolGuid
[Guids]
gEfiEndOfDxeEventGroupGuid

49
0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch Normal file
View File

@ -0,0 +1,49 @@
From 1d520eb1e36b63d4f9ecebf935dc7bae43ccf3f1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 3 Dec 2025 10:40:11 +0100
Subject: [PATCH] OvmfPkg/MemDebugLogLib: use AcquireSpinLockOrFail
Drop log lines if we can't get the spin lock. Not nice, but better than
risking a deadlock.
Some background: Most of edk2 runs single-threaded on the BSP, so if
something holds the lock it is rather unlikely that waiting is going to
help. Specifically I think a deadlock can happen if (a) a timer
interrupt arrives while the lock is held, and (b) some higher-TPL timer
handler tries to print something to the debug log.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c
index 8c9ce61cb6..b737cb0f70 100644
--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c
+++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c
@@ -29,12 +29,12 @@ MemDebugLogLockInit (
}
STATIC
-VOID
+BOOLEAN
MemDebugLogLockAcquire (
IN volatile UINT64 *MemDebugLogLock
)
{
- AcquireSpinLock ((SPIN_LOCK *)MemDebugLogLock);
+ return AcquireSpinLockOrFail ((SPIN_LOCK *)MemDebugLogLock);
}
STATIC
@@ -90,7 +90,9 @@ MemDebugLogWriteBuffer (
return EFI_INVALID_PARAMETER;
}
- MemDebugLogLockAcquire (MemDebugLogLock);
+ if (!MemDebugLogLockAcquire (MemDebugLogLock)) {
+ return EFI_NOT_READY;
+ }
BufStart = (CHAR8 *)(UINTN)(MemDebugLogBufAddr + MemDebugLogHdr->HeaderSize);
BufEnd = (CHAR8 *)(UINTN)(MemDebugLogBufAddr + MemDebugLogHdr->HeaderSize + MemDebugLogHdr->DebugLogSize) - 1;

194
0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
View File

@ -1,194 +0,0 @@
From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:38 +0100
Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2)
Specifically before running lzma uncompress of the main firmware volume.
This is needed to make sure caching is enabled, otherwise the uncompress
can be extremely slow.
Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
Background: Depending on virtual machine configuration kvm may uses EPT
memory types to apply guest MTRR settings. In case MTRRs are disabled
kvm will use the uncachable memory type for all mappings. The
vmx_get_mt_mask() function in the linux kernel handles this and can be
found here:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In
case the VM has a mdev device assigned that is not the case though.
Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
should not be set by default in CR0") kvm also ended up using
MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit
kvm evaluates guest mtrr settings, which why setting up MTRRs early is
important now.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-2-kraxel@redhat.com>
[ kraxel: Downstream-only for now. Timely upstream merge is unlikely
due to chinese holidays and rhel-9.4 deadlines are close.
QE regression testing passed. So go with upstream posted
series v3 ]
patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
present_in_specfile: true
location_in_specfile: 49
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++----
OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++
3 files changed, 69 insertions(+), 5 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 4e750755bf..7094d86159 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -26,6 +26,8 @@
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
#include <Library/PeilessStartupLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#define SEC_IDT_ENTRY_COUNT 34
@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = {
}
};
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -203,6 +230,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
PeilessStartup (&SecCoreData);
ASSERT (FALSE);
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index e64c0ee324..b6ba63ef95 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam (
MtrrGetAllMtrrs (&MtrrSettings);
//
- // MTRRs disabled, fixed MTRRs disabled, default type is uncached
+ // See SecMtrrSetup(), default type should be write back
//
- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0);
ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0);
- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK);
//
// flip default type to writeback
//
- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06);
+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK);
ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables);
- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6;
+ MtrrSettings.MtrrDefType |= BIT10;
MtrrSetAllMtrrs (&MtrrSettings);
//
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 60dfa61842..725b57e2fa 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -29,6 +29,8 @@
#include <Ppi/MpInitLibDep.h>
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#include "AmdSev.h"
#define SEC_IDT_ENTRY_COUNT 34
@@ -743,6 +745,31 @@ FindAndReportEntryPoints (
return;
}
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -942,6 +969,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
//
// Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
//

41
0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
View File

@ -1,41 +0,0 @@
From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:39 +0100
Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-3-kraxel@redhat.com>
patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
present_in_specfile: true
location_in_specfile: 50
---
MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
index 756e7c86ec..08ba949cf7 100644
--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
@@ -2103,6 +2103,13 @@ typedef union {
#define MSR_IA32_MTRR_PHYSBASE9 0x00000212
/// @}
+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0
+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1
+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4
+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5
+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6
+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7
+
/**
MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to
#MSR_IA32_MTRR_PHYSBASE9

91
0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch Normal file
View File

@ -0,0 +1,91 @@
From aa5554fe6e935519f9ca531289aa541c3ef679d8 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 5 Dec 2025 13:59:18 +0100
Subject: [PATCH] OvmfPkg/PlatformInitLib: reserve igvm parameter area
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Include/Library/PlatformInitLib.h | 6 +++++
OvmfPkg/Library/PlatformInitLib/Igvm.c | 27 +++++++++++++++++++
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 2 ++
.../PlatformInitLib/PlatformInitLib.inf | 1 +
4 files changed, 36 insertions(+)
diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Library/PlatformInitLib.h
index 469c49b628..884e381928 100644
--- a/OvmfPkg/Include/Library/PlatformInitLib.h
+++ b/OvmfPkg/Include/Library/PlatformInitLib.h
@@ -321,4 +321,10 @@ PlatformIgvmVpCount (
VOID
);
+VOID
+EFIAPI
+PlatformIgvmParamReserve (
+ VOID
+ );
+
#endif // PLATFORM_INIT_LIB_H_
diff --git a/OvmfPkg/Library/PlatformInitLib/Igvm.c b/OvmfPkg/Library/PlatformInitLib/Igvm.c
index 1b0d9a9b85..dd5a94ef38 100644
--- a/OvmfPkg/Library/PlatformInitLib/Igvm.c
+++ b/OvmfPkg/Library/PlatformInitLib/Igvm.c
@@ -75,6 +75,33 @@ PlatformIgvmMemoryMapFind (
return Map;
}
+VOID
+EFIAPI
+PlatformIgvmParamReserve (
+ VOID
+ )
+{
+ UINT64 Base;
+ UINT64 Size;
+
+ Base = FixedPcdGet64 (PcdOvmfIgvmParamBase);
+ Size = FixedPcdGet64 (PcdOvmfIgvmParamSize);
+
+ if (Base && Size) {
+ //
+ // Reserve igvm parameter area as runtime data, to make sure the OS isn't
+ // going to use it, otherwise we can get corrupted IGVM parameters after
+ // guest reboot.
+ //
+ DEBUG ((DEBUG_INFO, "%a: 0x%x +0x%x\n", __func__, Base, Size));
+ BuildMemoryAllocationHob (
+ Base,
+ Size,
+ EfiRuntimeServicesData
+ );
+ }
+}
+
BOOLEAN
EFIAPI
PlatformIgvmMemoryMapCheck (
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index 81fa60ade5..937e2b77a5 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -1240,6 +1240,8 @@ PlatformQemuInitializeRam (
DEBUG ((DEBUG_INFO, "%a called\n", __func__));
+ PlatformIgvmParamReserve ();
+
//
// Determine total memory size available
//
diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
index a02959c2cd..9df218c65c 100644
--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
@@ -113,6 +113,7 @@
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfEarlyMemDebugLogSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmParamBase
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmParamSize
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmHobBase
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmHobSize

70
0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
View File

@ -1,70 +0,0 @@
From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:40 +0100
Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from
ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-4-kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
present_in_specfile: true
location_in_specfile: 51
---
UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h
index 86cc1aab3b..287d249a99 100644
--- a/UefiCpuPkg/Include/Library/MtrrLib.h
+++ b/UefiCpuPkg/Include/Library/MtrrLib.h
@@ -9,6 +9,8 @@
#ifndef _MTRR_LIB_H_
#define _MTRR_LIB_H_
+#include <Register/Intel/ArchitecturalMsr.h>
+
//
// According to IA32 SDM, MTRRs number and MSR offset are always consistent
// for IA32 processor family
@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ {
// Memory cache types
//
typedef enum {
- CacheUncacheable = 0,
- CacheWriteCombining = 1,
- CacheWriteThrough = 4,
- CacheWriteProtected = 5,
- CacheWriteBack = 6,
- CacheInvalid = 7
+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE,
+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING,
+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH,
+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED,
+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK,
+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE,
} MTRR_MEMORY_CACHE_TYPE;
-#define MTRR_CACHE_UNCACHEABLE 0
-#define MTRR_CACHE_WRITE_COMBINING 1
-#define MTRR_CACHE_WRITE_THROUGH 4
-#define MTRR_CACHE_WRITE_PROTECTED 5
-#define MTRR_CACHE_WRITE_BACK 6
-#define MTRR_CACHE_INVALID_TYPE 7
+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE
+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING
+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH
+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED
+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK
+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE
typedef struct {
UINT64 BaseAddress;

49
0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
View File

@ -1,49 +0,0 @@
From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:41 +0100
Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2)
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-5-kraxel@redhat.com>
patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
present_in_specfile: true
location_in_specfile: 52
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +-
OvmfPkg/Sec/SecMain.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 7094d86159..1a19f26178 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -69,7 +69,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 725b57e2fa..26963b924d 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -765,7 +765,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}

54
0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
View File

@ -1,54 +0,0 @@
From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001
From: Sam <Sam_Tsai@wiwynn.com>
Date: Wed, 29 May 2024 07:46:03 +0800
Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64
Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3)
---
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 40bba4080c..c6e7c0df54 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
//
// Destroy the instance of the hashing protocol for this controller.
//
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}

127
0035-OvmfPkg-add-morlock-support.patch
View File

@ -1,127 +0,0 @@
From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 8 May 2024 13:14:26 +0200
Subject: [PATCH] OvmfPkg: add morlock support
Add dsc + fdf include files to add the MorLock drivers to the build.
Add the include files to OVMF build configurations.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca)
---
OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++
OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
8 files changed, 26 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
new file mode 100644
index 0000000000..a8c5fb24b8
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
new file mode 100644
index 0000000000..20b7d6619a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d8ae542686..65a866ae0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -887,6 +887,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0ffa3be750..10eb6fe72b 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 52ac2c96fc..679e25501b 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -901,6 +901,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index c4f3ec0735..ff06bbfc6f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f76d0ef7bc..d294fd4625 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -969,6 +969,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index bedd85ef7a..f3b787201f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################

192
0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
View File

@ -1,192 +0,0 @@
From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001
From: Pedro Falcato <pedro.falcato@gmail.com>
Date: Tue, 22 Nov 2022 22:31:03 +0000
Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
Also add a proper CPUID test in order to support older CPUs which may
not have it; it was previously being tested but then promptly ignored.
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
:x86_init_rdrand() per commit 049f9ae9..
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain.
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
> also place it into public domain. Do with it what you will now.
>
> Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a)
---
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
1 file changed, 91 insertions(+), 8 deletions(-)
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
index 9bd68352f9..06d2a6f12d 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -3,6 +3,7 @@
to provide high-quality random numbers.
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
STATIC BOOLEAN mRdRandSupported;
+//
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
+//
+#define RDRAND_RETRIES 10
+
+#define RDRAND_TEST_SAMPLES 8
+
+#define RDRAND_MIN_CHANGE 5
+
+//
+// Add a define for native-word RDRAND, just for the test.
+//
+#ifdef MDE_CPU_X64
+#define ASM_RDRAND AsmRdRand64
+#else
+#define ASM_RDRAND AsmRdRand32
+#endif
+
+/**
+ Tests RDRAND for broken implementations.
+
+ @retval TRUE RDRAND is reliable (and hopefully safe).
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
+
+**/
+STATIC
+BOOLEAN
+TestRdRand (
+ VOID
+ )
+{
+ //
+ // Test for notoriously broken rdrand implementations that always return the same
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
+ //
+
+ //
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
+ //
+ UINTN Prev;
+ UINT8 Idx;
+ UINT8 TestIteration;
+ UINT32 Changed;
+
+ Changed = 0;
+
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
+ UINTN Sample;
+ //
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
+ // Any failure to get a random number will assume RDRAND does not work.
+ //
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
+ if (ASM_RDRAND (&Sample)) {
+ break;
+ }
+ }
+
+ if (Idx == RDRAND_RETRIES) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
+ return FALSE;
+ }
+
+ if (TestIteration != 0) {
+ Changed += Sample != Prev;
+ }
+
+ Prev = Sample;
+ }
+
+ if (Changed < RDRAND_MIN_CHANGE) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+#undef ASM_RDRAND
+
/**
The constructor function checks whether or not RDRAND instruction is supported
by the host hardware.
@@ -48,10 +131,13 @@ BaseRngLibConstructor (
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
//
AsmCpuid (1, 0, 0, &RegEcx, 0);
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+ if (mRdRandSupported) {
+ mRdRandSupported = TestRdRand ();
+ }
+
return EFI_SUCCESS;
}
@@ -70,6 +156,7 @@ ArchGetRandomNumber16 (
OUT UINT16 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand16 (Rand);
}
@@ -88,6 +175,7 @@ ArchGetRandomNumber32 (
OUT UINT32 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand32 (Rand);
}
@@ -106,6 +194,7 @@ ArchGetRandomNumber64 (
OUT UINT64 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand64 (Rand);
}
@@ -122,13 +211,7 @@ ArchIsRngSupported (
VOID
)
{
- /*
- Existing software depends on this always returning TRUE, so for
- now hard-code it.
-
- return mRdRandSupported;
- */
- return TRUE;
+ return mRdRandSupported;
}
/**

43
0037-SecurityPkg-RngDxe-add-rng-test.patch
View File

@ -1,43 +0,0 @@
From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200
Subject: [PATCH] SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d)
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 5723ed6957..8b0742bab6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
#include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID
)
{
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest;
+
+ if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ }
+
return EFI_SUCCESS;
}

301
0038-OvmfPkg-wire-up-RngDxe.patch
View File

@ -1,301 +0,0 @@
From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 24 May 2024 12:51:17 +0200
Subject: [PATCH] OvmfPkg: wire up RngDxe
Add OvmfRng include snippets with the random number generator
configuration for OVMF. Include RngDxe, build with BaseRngLib,
so the rdrand instruction is used (if available).
Also move VirtioRng to the include snippets.
Use the new include snippets for OVMF builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +-
OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.fdf | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.fdf | 2 +-
14 files changed, 27 insertions(+), 12 deletions(-)
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cf1ad83e09..4edc2a9069 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -649,7 +649,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -740,6 +739,7 @@
OvmfPkg/AmdSev/Grub/Grub.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c56c98dc85..480837b0fa 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
new file mode 100644
index 0000000000..68839a0caa
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+ <LibraryClasses>
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ }
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
new file mode 100644
index 0000000000..99cb4a32b1
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
@@ -0,0 +1,6 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 9f49b60ff0..4b7e1596fc 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -636,7 +636,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -719,6 +718,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index ce5d542048..88d0f75ae2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE
#
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index fb73f2e089..9206f01816 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -760,7 +760,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
@@ -846,6 +845,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index 055e659a35..c8268d7e8c 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 65a866ae0c..b64c215585 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -784,7 +784,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -888,6 +887,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 10eb6fe72b..c31276e4a3 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 679e25501b..ececac3757 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -798,7 +798,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -902,6 +901,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ff06bbfc6f..a7b4aeac08 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d294fd4625..0ab4d3df06 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -866,7 +866,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -970,6 +969,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f3b787201f..ae08ac4fe9 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################

37
0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
View File

@ -1,37 +0,0 @@
From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:49 +0200
Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList
Needed to properly initialize BaseRngLib.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201)
---
.../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
index d0c1c7a4f7..48d463b8ad 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
@@ -8,6 +8,12 @@
**/
#include "TestBaseCryptLib.h"
+VOID
+EFIAPI
+ProcessLibraryConstructorList (
+ VOID
+ );
+
/**
Initialize the unit test framework, suite, and unit tests for the
sample unit tests and run the unit tests.
@@ -76,5 +82,6 @@ main (
char *argv[]
)
{
+ ProcessLibraryConstructorList ();
return UefiTestMain ();
}

43
0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
View File

@ -1,43 +0,0 @@
From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:53 +0200
Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4)
---
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
index 8ba4f54a38..7f7276f7f4 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
OUT UINT32 *Edx OPTIONAL
)
{
+ UINT32 RetEcx;
+
+ RetEcx = 0;
+ switch (Index) {
+ case 1:
+ RetEcx |= BIT30; /* RdRand */
+ break;
+ }
+
if (Eax != NULL) {
*Eax = 0;
}
@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid (
}
if (Ecx != NULL) {
- *Ecx = 0;
+ *Ecx = RetEcx;
}
if (Edx != NULL) {

33
50-edk2-riscv-qcow2.json Normal file
View File

@ -0,0 +1,33 @@
{
"description": "UEFI firmware for RISC-V virtual machines",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode" : "split",
"executable": {
"filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2",
"format": "qcow2"
},
"nvram-template": {
"filename": "/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
"format": "qcow2"
}
},
"targets": [
{
"architecture": "riscv64",
"machines": [
"virt",
"virt-*"
]
}
],
"features": [
],
"tags": [
]
}

8
60-edk2-ovmf-x64-amdsev.json
View File

@ -4,12 +4,8 @@
"uefi"
],
"mapping": {
"device": "flash",
"mode": "stateless",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
"format": "raw"
}
"device": "memory",
"filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd"
},
"targets": [
{

29
90-edk2-aarch64-qemuvars-sb-enrolled.json Normal file
View File

@ -0,0 +1,29 @@
{
"description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "memory",
"filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
"uefi-vars": {
"template": "/usr/share/edk2/aarch64/vars.secboot.json"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"enrolled-keys",
"secure-boot",
"host-uefi-vars"
],
"tags": [
]
}

31
90-edk2-ovmf-qemuvars-x64-sb-enrolled.json Normal file
View File

@ -0,0 +1,31 @@
{
"description": "OVMF for qemu uefi-vars, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "memory",
"filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
"uefi-vars": {
"template": "/usr/share/edk2/ovmf/vars.secboot.json"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"enrolled-keys",
"secure-boot",
"host-uefi-vars",
"verbose-dynamic"
],
"tags": [
]
}

28
91-edk2-aarch64-qemuvars-sb.json Normal file
View File

@ -0,0 +1,28 @@
{
"description": "UEFI firmware for ARM64 virtual machines, SB disabled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "memory",
"filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd",
"uefi-vars": {
"template": "/usr/share/edk2/aarch64/vars.blank.json"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"secure-boot",
"host-uefi-vars"
],
"tags": [
]
}

30
91-edk2-ovmf-qemuvars-x64-sb.json Normal file
View File

@ -0,0 +1,30 @@
{
"description": "OVMF for qemu uefi-vars, SB disabled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "memory",
"filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd",
"uefi-vars": {
"template": "/usr/share/edk2/ovmf/vars.blank.json"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"secure-boot",
"host-uefi-vars",
"verbose-dynamic"
],
"tags": [
]
}

63
edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
View File

@ -1,63 +0,0 @@
From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 26 Aug 2024 19:25:52 +0200
Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Jira: RHEL-56082
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2)
The shim fallback reboot workaround (introduced for SEV-ES) does
not always work for SEV-SNP, due to a conditional early return.
Let's just register the workaround earlier in this function to
fix that.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 0eb88e50ff..ca345e95da 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint (
return EFI_UNSUPPORTED;
}
+ // Shim fallback reboot workaround
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ PopulateVarstore,
+ SystemTable,
+ &gEfiEndOfDxeEventGroupGuid,
+ &PopulateVarstoreEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
// memory space. The NonExistent memory space will be used for mapping the
@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint (
);
}
- Status = gBS->CreateEventEx (
- EVT_NOTIFY_SIGNAL,
- TPL_CALLBACK,
- PopulateVarstore,
- SystemTable,
- &gEfiEndOfDxeEventGroupGuid,
- &PopulateVarstoreEvent
- );
- ASSERT_EFI_ERROR (Status);
-
return EFI_SUCCESS;
}
--
2.39.3

64
edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch Normal file
View File

@ -0,0 +1,64 @@
From cb6a558564347b71cca36111c377b126b314604e Mon Sep 17 00:00:00 2001
From: Vishnu Pajjuri <vishnu@os.amperecomputing.com>
Date: Tue, 30 Dec 2025 00:36:16 -0800
Subject: [PATCH] ArmPkg, UefiCpuPkg: Fix boot failure on FEAT_LPA-only systems
without LPA2
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 103: ArmPkg, UefiCpuPkg: Fix boot failure on FEAT_LPA-only systems without LPA2
RH-Jira: RHEL-138335
RH-Acked-by: Luigi Leonardi <None>
RH-Commit: [1/1] a7fcedd6490eedbc45f6a81fdaa95e80274e7034 (kraxel.rh/centos-src-edk2)
Commit 9077163 added support for 52-bit PA/VA (LPA2) in EDK2. The previous
change treated the presence of FEAT_LPA as sufficient to enable 52-bit
VA for 4K page granularity. Some platforms advertise FEAT_LPA but do not
implement full LPA2 support for 4K PAGE_SIZE; enabling 52-bit VA on
those platforms produced an invalid MMU configuration and caused boot
failures.
This patch tightens the detection logic so 52-bit PA/VA (LPA2) is enabled
only when the platform explicitly advertises LPA2 support. When LPA2 is
not present we fall back to the previous 48-bit address limit for 4K
pages, preserving correct behavior on non-LPA2 systems.
Fixes: 9077163 ("UefiCpuPkg/ArmMmuLib: Add support for LPA2")
Co-authored-by: Ganapatrao Kulkarni <gankulkarni@os.amperecomputing.com>
Signed-off-by: Vishnu Pajjuri <vishnu@os.amperecomputing.com>
(cherry picked from commit 1a4c4fb5a76fb15a5a50706685dc4ba36f1c2260)
---
UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
index d111e8c7cd3..2353adf5073 100644
--- a/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
+++ b/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c
@@ -94,6 +94,7 @@ ArmMemoryAttributeToPageAttribute (
// T0SZ can be below MIN_T0SZ when LPA2 is in use, meaning the page table starts at level -1
#define MIN_T0SZ 16
#define BITS_PER_LEVEL 9
+#define MAX_VA_BITS_48 48
#define MAX_VA_BITS 52
STATIC
@@ -658,8 +659,13 @@ ArmConfigureMmu (
// into account the architectural limitations that result from UEFI's
// use of 4 KB pages.
//
- MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS);
- MaxAddress = LShiftU64 (1ULL, MaxAddressBits) - 1;
+ if (ArmHas52BitTgran4 ()) {
+ MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS);
+ } else {
+ MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS_48);
+ }
+
+ MaxAddress = LShiftU64 (1ULL, MaxAddressBits) - 1;
T0SZ = 64 - MaxAddressBits;
RootTableEntryCount = GetRootTableEntryCount (T0SZ);
--
2.47.3

47
edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch Normal file
View File

@ -0,0 +1,47 @@
From 89ca998de1a2202f227986f7bbb878d18e1fed47 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 20 Jan 2026 17:16:03 +0100
Subject: [PATCH 4/5] ArmVirtPkg: use MemDebugLogPeiCoreLib for PEIMs
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging
RH-Jira: RHEL-139470
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [4/5] 4b152715d6ad2614c68bc6a77aaad793bf04b2c4 (luigileonardi/edk2)
Switch PEIMs from MemDebugLogPeiLib to MemDebugLogPeiCoreLib, except for
the MemDebugLog PEIM which needs the MemDebugLogPages() function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index a0a36632c21..a1c6ed48413 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -114,7 +114,7 @@
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgMmioPeiLib.inf
!if $(DEBUG_TO_MEM)
- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
!else
MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf
!endif
@@ -369,7 +369,10 @@
ArmPkg/Drivers/CpuPei/CpuPei.inf
!if $(DEBUG_TO_MEM)
- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf
+ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf {
+ <LibraryClasses>
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ }
!endif
!if $(TPM2_ENABLE) == TRUE
--
2.47.3

43
edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch
View File

@ -1,43 +0,0 @@
From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Mar 2024 15:32:58 +0100
Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing
variables
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables
RH-Jira: RHEL-45261
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2)
Emit a DEBUG_WARN message if there is not enough flash space left to
write/update a variable. This condition is currently not logged
appropriately in all cases, given that full variable store can easily
render the system unbootable.
This new message helps identifying this condition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index d394d237a5..1c7659031d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2364,6 +2364,8 @@ Done:
);
ASSERT_EFI_ERROR (Status);
}
+ } else if (Status == EFI_OUT_OF_RESOURCES) {
+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n"));
}
return Status;
--
2.39.3

49
edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
View File

@ -1,49 +0,0 @@
From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 19 Jun 2024 09:07:56 +0200
Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2)
There is a list of allowed rng algorithms, if /one/ of them is not
supported this is not a problem, only /all/ of them failing is an
error condition.
Downgrade the message for a single unsupported algorithm from ERROR to
VERBOSE. Add an error message in case we finish the loop without
finding a supported algorithm.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6862b9d538d96363635677198899e1669e591259)
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 01c13c08d2..4dfbe91a55 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -951,7 +951,7 @@ PseudoRandom (
//
// Secure Algorithm was not supported on this platform
//
- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
//
// Try the next secure algorithm
@@ -971,6 +971,7 @@ PseudoRandom (
// If we get here, we failed to generate random data using any secure algorithm
// Platform owner should ensure that at least one secure algorithm is supported
//
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n"));
ASSERT_EFI_ERROR (Status);
return Status;
}
--
2.39.3

121
edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch Normal file
View File

@ -0,0 +1,121 @@
From 61c1174521d20fe34630a73f85b28b4028b9feee Mon Sep 17 00:00:00 2001
From: Luigi Leonardi <leonardi@redhat.com>
Date: Tue, 13 Jan 2026 05:28:10 -0500
Subject: [PATCH 1/5] OvmfPkg/AmdSev: add memory debug log support
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging
RH-Jira: RHEL-139470
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/5] 5925e432750361be369cf42d0f1f5d29cdb91d74 (luigileonardi/edk2)
Enable memory-based debug logging support when `DEBUG_TO_MEM` build flag
is set.
Signed-off-by: Luigi Leonardi <leonardi@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 23 +++++++++++++++++++++++
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +++
2 files changed, 26 insertions(+)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 717956cfc9c..34715237b4b 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -209,7 +209,11 @@
TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf
TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogDxeLib.inf
+!else
MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf
+!endif
[LibraryClasses.common.SEC]
TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf
@@ -218,6 +222,9 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+!endif
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogSecLib.inf
!endif
ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf
ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf
@@ -246,6 +253,9 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+!endif
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
@@ -263,6 +273,9 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
+!endif
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf
@@ -310,6 +323,9 @@
DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
!else
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf
+!endif
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogRtLib.inf
!endif
UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf
@@ -567,6 +583,9 @@
# PEI Phase modules
#
MdeModulePkg/Core/Pei/PeiMain.inf
+!if $(DEBUG_TO_MEM)
+ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf
+!endif
MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
@@ -603,6 +622,7 @@
MdeModulePkg/Universal/PCD/Dxe/Pcd.inf {
<LibraryClasses>
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf
}
MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
@@ -665,6 +685,9 @@
<LibraryClasses>
DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf
+!endif
}
MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 069dc40e97e..accbece8d08 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -96,6 +96,9 @@ APRIORI PEI {
#
# PEI Phase modules
#
+!if $(DEBUG_TO_MEM)
+INF OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf
+!endif
INF MdeModulePkg/Core/Pei/PeiMain.inf
INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf
INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf
--
2.47.3

46
edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
View File

@ -1,46 +0,0 @@
From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56154
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

41
edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch Normal file
View File

@ -0,0 +1,41 @@
From e752ef369036e2dc799c8eb58b1e6697d1442fe8 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 20 Jan 2026 17:17:16 +0100
Subject: [PATCH 3/5] OvmfPkg/MemDebugLogPeiCoreLib: enable for PEIMs
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging
RH-Jira: RHEL-139470
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [3/5] 97050d5ba36b91340970c2af9d4b75d4b08bd16a (luigileonardi/edk2)
Allow PEIMs use the MemDebugLogPeiCoreLib lib.
The difference between MemDebugLogPeiCoreLib and MemDebugLogPeiLib is
that the latter does additionally provide the MemDebugLogPages()
function, and pulls in QemuFwCfg* libraries as dependency.
Most PEIMs do not need MemDebugLogPages() though, only the ones which
handle the setup of the memory logging buffer do.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
index 56908caa5a7..12aa0441792 100644
--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
+++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
@@ -14,7 +14,7 @@
FILE_GUID = EEAF8A01-167A-4222-A647-80EB16AEEC69
MODULE_TYPE = BASE
VERSION_STRING = 1.0
- LIBRARY_CLASS = MemDebugLogLib|PEI_CORE
+ LIBRARY_CLASS = MemDebugLogLib|PEI_CORE PEIM
[Sources]
--
2.47.3

89
edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch Normal file
View File

@ -0,0 +1,89 @@
From 7e80f0fe3c74a518c1d43706391e42afb1d3ba40 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 20 Jan 2026 17:18:07 +0100
Subject: [PATCH 2/5] OvmfPkg/MemDebugLogPeiLib: drop duplicate
MemDebugLogWrite function
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging
RH-Jira: RHEL-139470
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/5] 59f8cad8121f3b659928a0342b46b39ab2da1dd5 (luigileonardi/edk2)
The MemDebugLogWrite() function is identical in MemDebugLogPei.c and
MemDebugLogPeiCore.c So drop it from MemDebugLogPei.c and simply add
MemDebugLogPeiCore.c to MemDebugLogPeiLib.inf instead.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Library/MemDebugLogLib/MemDebugLogPei.c | 41 -------------------
.../MemDebugLogLib/MemDebugLogPeiLib.inf | 1 +
2 files changed, 1 insertion(+), 41 deletions(-)
diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c
index 05e32daf1ca..d1beb74487d 100644
--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c
+++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c
@@ -12,47 +12,6 @@
#include <Library/QemuFwCfgSimpleParserLib.h>
#include <Library/MemDebugLogLib.h>
-EFI_STATUS
-EFIAPI
-MemDebugLogWrite (
- IN CHAR8 *Buffer,
- IN UINTN Length
- )
-{
- EFI_PHYSICAL_ADDRESS MemDebugLogBufAddr;
- EFI_STATUS Status;
-
- //
- // Obtain the Memory Debug Log buffer addr from HOB
- // NOTE: This is expected to fail until the HOB is created.
- //
- Status = MemDebugLogAddrFromHOB (&MemDebugLogBufAddr);
-
- if (EFI_ERROR (Status)) {
- MemDebugLogBufAddr = 0;
- }
-
- if (MemDebugLogBufAddr != 0) {
- Status = MemDebugLogWriteBuffer (MemDebugLogBufAddr, Buffer, Length);
- } else {
- //
- // HOB has not yet been created, so
- // write to the early debug log buffer.
- //
- if (FixedPcdGet32 (PcdOvmfEarlyMemDebugLogBase) != 0x0) {
- Status = MemDebugLogWriteBuffer (
- (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfEarlyMemDebugLogBase),
- Buffer,
- Length
- );
- } else {
- Status = EFI_NOT_FOUND;
- }
- }
-
- return Status;
-}
-
UINT32
EFIAPI
MemDebugLogPages (
diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
index b6b407c8919..6a954d1d8c0 100644
--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
@@ -19,6 +19,7 @@
[Sources]
MemDebugLogPei.c
+ MemDebugLogPeiCore.c
MemDebugLogCommon.c
[Packages]
--
2.47.3

95
edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch Normal file
View File

@ -0,0 +1,95 @@
From e97e4a3f15ff7c0a5bc7bb1de5e664ccb0329ae6 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 10 Dec 2025 11:16:08 +0100
Subject: [PATCH 1/3] OvmfPkg/X86QemuLoadImageLib: flip default for
EnableLegacyLoader to false
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 105: OvmfPkg/X86QemuLoadImageLib: flip default for EnableLegacyLoader to false
RH-Jira: RHEL-134956
RH-Acked-by: Luigi Leonardi <None>
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] b6375a5344271fc087ce09fb3c6a42daaa0d7c9b (kraxel.rh/centos-src-edk2)
What happened since commit 1549bf11cc94 ("OvmfPkg/X86QemuLoadImageLib:
make legacy loader configurable.") ?
First, qemu 10.0 has been released, which brings support for the -shim
command line option so direct kernel boot with secure boot works.
Second, support has been added to libvirt (version v11.2.0 and newer).
Third, we got a bunch of linux distro releases. Latest debian, ubuntu
and fedora releases all have new enough edk2+qemu+libvirt packages to
support direct kernel boot with shim.efi loading and proper secure boot
verification.
Lastly, the edk2 security advisory GHSA-6pp6-cm5h-86g5 and CVE-2025-2296
have been published.
Time for the next step in tightening the screws: Flip the default for
the EnableLegacyLoader config option from true to false. Also update
the documentation accordingly.
The documentation for the config option is here:
https://github.com/tianocore/edk2/blob/master/OvmfPkg/RUNTIME_CONFIG.md#user-content-security-optorgtianocoreenablelegacyloader
Upcoming final step, in a year or two: remove the legacy loader from the
code base (drop X86QemuLoadImageLib, migrade all users to use
GenericQemuLoadImageLib instead).
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit d2cbaefc082294eadaa30a3d5f0fa8ba264a574a)
Resolves: RHEL-134956
---
.../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 2 +-
OvmfPkg/RUNTIME_CONFIG.md | 15 +++++++++------
2 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
index b16bdeb47f8..f98f8ab885b 100644
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@@ -449,7 +449,7 @@ QemuLoadKernelImage (
&Enabled
);
if (EFI_ERROR (RetStatus)) {
- Enabled = TRUE;
+ Enabled = FALSE;
}
if (!Enabled) {
diff --git a/OvmfPkg/RUNTIME_CONFIG.md b/OvmfPkg/RUNTIME_CONFIG.md
index b75a5dacadf..57d0dd96111 100644
--- a/OvmfPkg/RUNTIME_CONFIG.md
+++ b/OvmfPkg/RUNTIME_CONFIG.md
@@ -153,16 +153,19 @@ without EFI stub. If you are using kernels that old secure boot
support is the least of your problems though ...
The linux kernel is typically signed by the distro secure boot keys
-and is verified by the distro `shim.efi` binary. qemu release 10.0
-(ETA ~ March 2025) will get support for passing the shim binary
+and is verified by the distro `shim.efi` binary. qemu version 10.0
+(released in April 2025) got support for passing the shim binary
(additionally to kernel + initrd) to the firmware, so the usual secure
boot verification can work with direct kernel load too.
-For now the legacy loader is enabled by default. Once the new qemu
-release is available in most linux distros the defaut will be flipped
-to disabled.
+In edk2-stable202502 and newer the EnableLegacyLoader config option is
+available and enabled by default.
-Usage (qemu 10.0+):
+In edk2-stable202602 and newer the EnableLegacyLoader config option is
+disabled by default.
+
+Here is the qemu command line for direct kernel boot with secure boot
+verification:
```
qemu-system-x86_64 \
--
2.47.3

102
edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch Normal file
View File

@ -0,0 +1,102 @@
From ab6410ba7d54964884687e020fd015ed5ef3d18f Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 21 Jan 2026 12:35:59 +0100
Subject: [PATCH 5/5] OvmfPkg: use MemDebugLogPeiCoreLib for PEIMs
RH-Author: Luigi Leonardi <None>
RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging
RH-Jira: RHEL-139470
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [5/5] 66932a14dcf1a61fc92319e50fe9e87c03f89378 (luigileonardi/edk2)
Switch PEIMs from MemDebugLogPeiLib to MemDebugLogPeiCoreLib, except for
the MemDebugLog and PlatformPei PEIMs which need the MemDebugLogPages()
function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
OvmfPkg/OvmfPkgIa32X64.dsc | 14 +++++++++++---
OvmfPkg/OvmfPkgX64.dsc | 14 +++++++++++---
2 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 2be6a1321c8..e49132deb08 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -312,7 +312,7 @@
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif
!if $(DEBUG_TO_MEM)
- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf
@@ -708,7 +708,10 @@
#
MdeModulePkg/Core/Pei/PeiMain.inf
!if $(DEBUG_TO_MEM)
- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf
+ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf {
+ <LibraryClasses>
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ }
!endif
MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
<LibraryClasses>
@@ -724,7 +727,12 @@
}
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
- OvmfPkg/PlatformPei/PlatformPei.inf
+ OvmfPkg/PlatformPei/PlatformPei.inf {
+ <LibraryClasses>
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+!endif
+ }
UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf {
<LibraryClasses>
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 724a84554c8..5c016b336b5 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -344,7 +344,7 @@
DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf
!endif
!if $(DEBUG_TO_MEM)
- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf
!endif
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf
@@ -788,7 +788,10 @@
#
MdeModulePkg/Core/Pei/PeiMain.inf
!if $(DEBUG_TO_MEM)
- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf
+ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf {
+ <LibraryClasses>
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+ }
!endif
MdeModulePkg/Universal/PCD/Pei/Pcd.inf {
<LibraryClasses>
@@ -804,7 +807,12 @@
}
MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf
- OvmfPkg/PlatformPei/PlatformPei.inf
+ OvmfPkg/PlatformPei/PlatformPei.inf {
+ <LibraryClasses>
+!if $(DEBUG_TO_MEM)
+ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf
+!endif
+ }
UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf {
<LibraryClasses>
--
2.47.3

143
edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
View File

@ -1,143 +0,0 @@
From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 27 Aug 2024 12:06:15 +0200
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if
not needed.
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed.
RH-Jira: RHEL-50185
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2)
Add the new global mMsrIa32MiscEnableSupported variable to track
whenever support for the IA32_MISC_ENABLE MSR is present or not.
Add new local PatchingNeeded variable to CheckFeatureSupported()
to track if patching the SMM setup code is needed or not.
Issue PatchInstructionX86() calls only if needed, i.e. if one of
the *Supported variables has been updated.
Result is that on a typical SMP machine where all processors are
identical the PatchInstructionX86() calls are issued only once,
when checking the first processor. Specifically this avoids
PatchInstructionX86() being called in OVMF on CPU hotplug. That
is important because instruction patching at runtime does not not
work and leads to page faults.
This fixes CPU hotplug on OVMF not working with AMD cpus.
Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++-----
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 8142d3ceac..8e299fd29a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE;
//
BOOLEAN mBtsSupported = TRUE;
+//
+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor
+//
+BOOLEAN mMsrIa32MiscEnableSupported = TRUE;
+
//
// The flag indicates if SMM profile starts to record data.
//
@@ -904,18 +909,23 @@ CheckFeatureSupported (
UINT32 RegEcx;
UINT32 RegEdx;
MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr;
+ BOOLEAN PatchingNeeded = FALSE;
if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {
AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL);
if ((RegEcx & CPUID_CET_SS) == 0) {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
} else {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -925,8 +935,10 @@ CheckFeatureSupported (
//
// Extended CPUID functions are not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
@@ -934,15 +946,20 @@ CheckFeatureSupported (
//
// Execute Disable Bit feature is not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
if (StandardSignatureIsAuthenticAMD ()) {
//
// AMD processors do not support MSR_IA32_MISC_ENABLE
//
- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ if (mMsrIa32MiscEnableSupported) {
+ mMsrIa32MiscEnableSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -966,6 +983,20 @@ CheckFeatureSupported (
}
}
}
+
+ if (PatchingNeeded) {
+ if (!mCetSupported) {
+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ }
+
+ if (!mXdSupported) {
+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ }
+
+ if (!mMsrIa32MiscEnableSupported) {
+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ }
+ }
}
/**
--
2.39.3

6
edk2-build.py
View File

@ -51,7 +51,7 @@ def get_toolchain(cfg, build):
return cfg[build]['tool']
if cfg.has_option('global', 'tool'):
return cfg['global']['tool']
return 'GCC5'
return 'GCC'
def get_hostarch():
mach = os.uname().machine
@ -147,7 +147,7 @@ def build_run(cmdline, name, section, silent = False, nologs = False):
print(f'### exit code: {result.returncode}')
else:
secs = int(time.time() - start)
print(f'### OK ({int(secs/60)}:{secs%60:02d})')
print(f'### OK ({int(secs)}sec)')
else:
print(cmdline, flush = True)
result = subprocess.run(cmdline, check = False)
@ -248,7 +248,7 @@ def build_one(cfg, build, jobs = None, silent = False, nologs = False):
def build_basetools(silent = False, nologs = False):
build_message('building: BaseTools', silent = silent)
basedir = os.environ['EDK_TOOLS_PATH']
basedir = os.environ['EDK_TOOLS_PATH'] + '/Source/C'
cmdline = [ 'make', '-C', basedir ]
build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs)

107
edk2-build.rhel-9 → edk2-build.rhel-10
View File

@ -12,35 +12,50 @@ CAVIUM_ERRATUM_27456 = TRUE
[opts.ovmf.4m]
FD_SIZE_4MB = TRUE
DEBUG_TO_MEM = TRUE
[opts.ovmf.sb.smm]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = TRUE
# old downstream
EXCLUDE_SHELL_FROM_FD = TRUE
# new upstream
BUILD_SHELL = FALSE
[opts.ovmf.qemu.vars]
QEMU_PV_VARS = TRUE
SECURE_BOOT_ENABLE = TRUE
BUILD_SHELL = FALSE
[opts.ovmf.sb.stateless]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = FALSE
BUILD_SHELL = FALSE
[opts.armvirt.verbose]
DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
DEBUG_TO_MEM = TRUE
[opts.armvirt.silent]
DEBUG_PRINT_ERROR_LEVEL = 0x80000000
[pcds.nx.strict]
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5
PcdUninstallMemAttrProtocol = FALSE
[pcds.la57]
PcdUse5LevelPageTable = TRUE
[pcds.nx.broken.shim.grub]
# grub.efi uses EfiLoaderData for code
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1
# shim.efi has broken MemAttr code
PcdUninstallMemAttrProtocol = TRUE
[pcds.nx.strict]
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5
PcdImageProtectionPolicy = 0x03
PcdSetNxForStack = TRUE
PcdNullPointerDetectionPropertyMask = 0x03
PcdUninstallMemAttrProtocol = TRUE
[pcds.nx.compat.aa64]
# workaround for bugs in shim.efi and grub.efi
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1
PcdUninstallMemAttrProtocol = TRUE
[pcds.nx.compat.x64]
# workaround for bugs in shim.efi and grub.efi
PcdDxeNxMemoryProtectionPolicy = 0
PcdUninstallMemAttrProtocol = TRUE
#####################################################################
@ -52,8 +67,10 @@ conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
pcds = nx.compat.x64
la57
plat = OvmfX64
dest = RHEL-9/ovmf
dest = RHEL-10/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd
cpy2 = FV/OVMF_VARS.fd
cpy3 = X64/Shell.efi
@ -65,11 +82,26 @@ arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.smm
pcds = nx.compat.x64
la57
plat = OvmfX64
dest = RHEL-9/ovmf
dest = RHEL-10/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
cpy2 = X64/EnrollDefaultKeys.efi
[build.ovmf.qemu.vars]
desc = ovmf build (64-bit, 4MB, qemu vars, secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.qemu.vars
pcds = nx.strict
la57
plat = OvmfX64
dest = RHEL-10/ovmf
cpy1 = FV/OVMF.fd OVMF.qemuvars.fd
#####################################################################
# stateless ovmf builds (firmware in rom or r/o flash)
@ -80,8 +112,9 @@ conf = OvmfPkg/AmdSev/AmdSevX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
pcds = nx.compat.x64
plat = AmdSev
dest = RHEL-9/ovmf
dest = RHEL-10/ovmf
cpy1 = FV/OVMF.fd OVMF.amdsev.fd
[build.ovmf.inteltdx]
@ -91,8 +124,10 @@ arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.stateless
pcds = nx.compat.x64
la57
plat = IntelTdx
dest = RHEL-9/ovmf
dest = RHEL-10/ovmf
cpy1 = FV/OVMF.fd OVMF.inteltdx.fd
@ -105,9 +140,9 @@ conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.verbose
pcds = nx.broken.shim.grub
plat = ArmVirtQemu-AARCH64
dest = RHEL-9/aarch64
pcds = nx.compat.aa64
plat = ArmVirtQemu-AArch64
dest = RHEL-10/aarch64
cpy1 = FV/QEMU_EFI.fd
cpy2 = FV/QEMU_VARS.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw
@ -121,9 +156,39 @@ conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.silent
pcds = nx.broken.shim.grub
plat = ArmVirtQemu-AARCH64
dest = RHEL-9/aarch64
pcds = nx.compat.aa64
plat = ArmVirtQemu-AArch64
dest = RHEL-10/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw
pad2 = QEMU_EFI-silent-pflash.raw 64m
[build.armvirt.aa64.qemu.vars]
desc = ArmVirt build for qemu, 64-bit (arm v8), qemu vars, secure boot
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
ovmf.qemu.vars
armvirt.silent
pcds = nx.strict
plat = ArmVirtQemu-AArch64
dest = RHEL-10/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.qemuvars.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-qemuvars-pflash.raw
pad2 = QEMU_EFI-qemuvars-pflash.raw 64m
#####################################################################
# riscv build
[build.riscv.qemu]
conf = OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
arch = RISCV64
plat = RiscVVirtQemu
dest = RHEL-10/riscv
cpy1 = FV/RISCV_VIRT_CODE.fd
cpy2 = FV/RISCV_VIRT_CODE.fd RISCV_VIRT_CODE.raw
cpy3 = FV/RISCV_VIRT_VARS.fd
cpy4 = FV/RISCV_VIRT_VARS.fd RISCV_VIRT_VARS.raw
pad1 = RISCV_VIRT_CODE.raw 32m
pad2 = RISCV_VIRT_VARS.raw 32m

301
edk2.spec
View File

@ -1,27 +1,31 @@
ExclusiveArch: x86_64 aarch64
ExclusiveArch: x86_64 aarch64 riscv64
# edk2-stable202405
%define GITDATE 20240524
%define GITCOMMIT 3e722403cd
# edk2-stable202511
%define GITDATE 20251114
%define GITCOMMIT 46548b1adac8
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define OPENSSL_VER 3.5.5
%define OPENSSL_HASH c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c
%define DBXDATE 20230509
%define DBXDATE 20251016
%define build_ovmf 0
%define build_aarch64 0
%define build_riscv64 0
%ifarch x86_64
%define build_ovmf 1
%endif
%ifarch aarch64
%define build_aarch64 1
%endif
%ifarch riscv64
%define build_riscv64 1
%endif
Name: edk2
Version: %{GITDATE}
Release: 8%{?dist}
Release: 5%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -33,6 +37,7 @@ URL: http://www.tianocore.org
Source0: edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz
Source3: dtc-1.7.0.tar.xz
# json description files
Source10: 50-edk2-aarch64-qcow2.json
@ -40,17 +45,25 @@ Source11: 51-edk2-aarch64-raw.json
Source12: 52-edk2-aarch64-verbose-qcow2.json
Source13: 53-edk2-aarch64-verbose-raw.json
Source20: 90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
Source21: 91-edk2-ovmf-qemuvars-x64-sb.json
Source22: 90-edk2-aarch64-qemuvars-sb-enrolled.json
Source23: 91-edk2-aarch64-qemuvars-sb.json
Source40: 30-edk2-ovmf-x64-sb-enrolled.json
Source41: 40-edk2-ovmf-x64-sb.json
Source43: 50-edk2-ovmf-x64-nosb.json
Source44: 60-edk2-ovmf-x64-amdsev.json
Source45: 60-edk2-ovmf-x64-inteltdx.json
Source50: 50-edk2-riscv-qcow2.json
# https://gitlab.com/kraxel/edk2-build-config
Source80: edk2-build.py
Source82: edk2-build.rhel-9
Source82: edk2-build.rhel-10
Source90: DBXUpdate-%{DBXDATE}.x64.bin
Source91: DBXUpdate-%{DBXDATE}.aa64.bin
Patch1: 0003-Remove-paths-leading-to-submodules.patch
Patch2: 0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch3: 0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@ -69,38 +82,31 @@ Patch15: 0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch
Patch16: 0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
Patch17: 0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
Patch18: 0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch
Patch19: 0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch
Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch
Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch
Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
Patch33: 0035-OvmfPkg-add-morlock-support.patch
Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch
Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch
Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
# For RHEL-45261 - [RHEL10] edk2 disconnects abnormally before loading the kernel
Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
# For RHEL-56082 - [EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10]
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-50185 - [RHEL10] Hit soft lockup when hotplug vcpu
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56154 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
Patch19: 0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
Patch20: 0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
Patch21: 0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
Patch22: 0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch
Patch23: 0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
Patch24: 0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
Patch25: 0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
Patch26: 0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
Patch27: 0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch
Patch28: 0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch
Patch29: 0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch
# For RHEL-138335 - [AmpereoneX] ArmConfigureMmu: The MaxAddress 0xFFFFFFFFFFFFF is not supported by this MMU configuration
Patch30: edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch
# For RHEL-139470 - Enable memory debug logging support in firmware image configs
Patch31: edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch
# For RHEL-139470 - Enable memory debug logging support in firmware image configs
Patch32: edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch
# For RHEL-139470 - Enable memory debug logging support in firmware image configs
Patch33: edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch
# For RHEL-139470 - Enable memory debug logging support in firmware image configs
Patch34: edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch
# For RHEL-139470 - Enable memory debug logging support in firmware image configs
Patch35: edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch
# For RHEL-134956 - CVE-2025-2296 edk2: EDK2: Improper Input Validation allows arbitrary command execution [rhel-10.2]
Patch36: edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -112,6 +118,9 @@ BuildRequires: binutils gcc git gcc-c++ make
BuildRequires: perl perl(JSON)
BuildRequires: qemu-img
# secure boot enrollment
BuildRequires: python3dist(virt-firmware) >= 25.4
%if %{build_ovmf}
# Only OVMF includes 80x86 assembly files (*.nasm*).
BuildRequires: nasm
@ -122,9 +131,6 @@ BuildRequires: dosfstools
BuildRequires: mtools
BuildRequires: xorriso
# secure boot enrollment
BuildRequires: python3dist(virt-firmware) >= 23.4
# endif build_ovmf
%endif
@ -171,6 +177,19 @@ platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This
package contains a 64-bit build.
%package riscv64
Summary: UEFI firmware for riscv64 virtual machines
BuildArch: noarch
# No Secure Boot for riscv64 yet, but we include OpenSSL for the IPv6 stack.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD-2-Clause-Patent and Apache-2.0
%description riscv64
EFI Development Kit II platform that enables UEFI support for QEMU/KVM
RISC-V Virtual Machines. This package contains a 64-bit build.
%package tools
Summary: EFI Development Kit II Tools
License: BSD-2-Clause-Patent
@ -206,12 +225,15 @@ git config am.keepcr true
cp -a -- %{SOURCE1} .
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
cp -a -- %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} .
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
cp -a -- %{SOURCE50} .
cp -a -- %{SOURCE80} %{SOURCE82} .
cp -a -- %{SOURCE90} .
cp -a -- %{SOURCE90} %{SOURCE91} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
tar -xf %{SOURCE3} --strip-components=1 --directory MdePkg/Library/BaseFdtLib/libfdt
# Done by %setup, but we do not use it for the auxiliary tarballs
# Done by setup macro, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
%build
@ -264,26 +286,44 @@ mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/library
mkdir -p SecurityPkg/DeviceSecurity/SpdmLib/libspdm/include
%if %{build_ovmf}
./edk2-build.py --config edk2-build.rhel-9 -m ovmf --release-date "$RELEASE_DATE"
build_iso RHEL-9/ovmf
cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
./edk2-build.py --config edk2-build.rhel-10 -m ovmf --release-date "$RELEASE_DATE"
build_iso RHEL-10/ovmf
cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-10/ovmf
virt-fw-vars --input RHEL-10/ovmf/OVMF_VARS.fd \
--output RHEL-10/ovmf/OVMF_VARS.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \
--output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \
virt-fw-vars --input RHEL-10/ovmf/OVMF.inteltdx.fd \
--output RHEL-10/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot \
--set-fallback-no-reboot
virt-fw-vars --output-json RHEL-10/ovmf/vars.blank.json
virt-fw-vars --output-json RHEL-10/ovmf/vars.secboot.json \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
%endif
%if %{build_aarch64}
./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
./edk2-build.py --config edk2-build.rhel-10 -m armvirt --release-date "$RELEASE_DATE"
cp DBXUpdate-%{DBXDATE}.aa64.bin RHEL-10/aarch64
for raw in */aarch64/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
done
virt-fw-vars --output-json RHEL-10/aarch64/vars.blank.json
virt-fw-vars --output-json RHEL-10/aarch64/vars.secboot.json \
--set-dbx DBXUpdate-%{DBXDATE}.aa64.bin \
--enroll-redhat --secure-boot
%endif
%if %{build_riscv64}
./edk2-build.py --config edk2-build.rhel-10 -m riscv --release-date "$RELEASE_DATE"
for raw in */riscv/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
rm -f "$raw"
done
%endif
%install
@ -308,7 +348,7 @@ install BaseTools/Scripts/GccBase.lds \
%{buildroot}%{_datadir}/%{name}/Scripts
mkdir -p %{buildroot}%{_datadir}/%{name}
cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name}
cp -av RHEL-10/* %{buildroot}%{_datadir}/%{name}
%if %{build_ovmf}
mkdir -p %{buildroot}%{_datadir}/OVMF
@ -321,7 +361,9 @@ ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
install -m 0644 \
30-edk2-ovmf-x64-sb-enrolled.json \
90-edk2-ovmf-qemuvars-x64-sb-enrolled.json \
40-edk2-ovmf-x64-sb.json \
91-edk2-ovmf-qemuvars-x64-sb.json \
50-edk2-ovmf-x64-nosb.json \
60-edk2-ovmf-x64-amdsev.json \
60-edk2-ovmf-x64-inteltdx.json \
@ -345,11 +387,19 @@ install -m 0644 \
51-edk2-aarch64-raw.json \
52-edk2-aarch64-verbose-qcow2.json \
53-edk2-aarch64-verbose-raw.json \
90-edk2-aarch64-qemuvars-sb-enrolled.json \
91-edk2-aarch64-qemuvars-sb.json \
%{buildroot}%{_datadir}/qemu/firmware
# endif build_aarch64
%endif
%if %{build_riscv64}
install -m 0644 \
50-edk2-riscv-qcow2.json \
%{buildroot}%{_datadir}/qemu/firmware
%endif
%check
%global common_files \
@ -373,6 +423,7 @@ install -m 0644 \
%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF.qemuvars.fd
%{_datadir}/%{name}/ovmf/DBXUpdate*.bin
%{_datadir}/%{name}/ovmf/UefiShell.iso
%{_datadir}/OVMF/OVMF_CODE.secboot.fd
@ -381,8 +432,11 @@ install -m 0644 \
%{_datadir}/OVMF/UefiShell.iso
%{_datadir}/%{name}/ovmf/Shell.efi
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
%{_datadir}/%{name}/ovmf/vars.*.json
%{_datadir}/qemu/firmware/30-edk2-ovmf-x64-sb-enrolled.json
%{_datadir}/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json
%{_datadir}/qemu/firmware/40-edk2-ovmf-x64-sb.json
%{_datadir}/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json
%{_datadir}/qemu/firmware/50-edk2-ovmf-x64-nosb.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
@ -396,20 +450,34 @@ install -m 0644 \
%dir %{_datadir}/%{name}/aarch64/
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-qemuvars-pflash.*
%{_datadir}/%{name}/aarch64/vars-template-pflash.*
%{_datadir}/%{name}/aarch64/DBXUpdate*.bin
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.qemuvars.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
%{_datadir}/%{name}/aarch64/vars.*.json
%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json
%{_datadir}/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json
%{_datadir}/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json
# endif build_aarch64
%endif
%if %{build_riscv64}
%files riscv64
%common_files
%{_datadir}/%{name}/riscv/*.fd
%{_datadir}/%{name}/riscv/*.qcow2
%{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json
%endif
%files tools
%license License.txt
%license License-History.txt
@ -435,6 +503,129 @@ install -m 0644 \
%changelog
* Mon Mar 09 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20251114-5
- edk2-add-uefi-vars-firmware-json-files.patch [RHEL-150696]
- Resolves: RHEL-150696
(edk2: Add JSON descriptors for uefi-vars builds)
* Thu Feb 12 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20251114-4
- edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch [RHEL-134956]
- edk2-update-openssl-rhel-submodule.patch [RHEL-147785]
- edk2-update-openssl-rhel-tarball.patch [RHEL-147785]
- Resolves: RHEL-134956
(CVE-2025-2296 edk2: EDK2: Improper Input Validation allows arbitrary command execution [rhel-10.2])
- Resolves: RHEL-147785
([edk2] pick up openssl updates)
* Mon Feb 09 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20251114-3
- edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch [RHEL-139470]
- edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch [RHEL-139470]
- edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch [RHEL-139470]
- edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch [RHEL-139470]
- edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch [RHEL-139470]
- Resolves: RHEL-139470
(Enable memory debug logging support in firmware image configs)
* Thu Jan 08 2026 Miroslav Rezanina <mrezanin@redhat.com> - 20251114-2
- edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch [RHEL-138335]
- Resolves: RHEL-138335
([AmpereoneX] ArmConfigureMmu: The MaxAddress 0xFFFFFFFFFFFFF is not supported by this MMU configuration)
* Wed Dec 10 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20251114-1
- Rebase to edk2-stable202511 [RHEL-118386]
- Resolves: RHEL-118386
([edk2,rhel-10] rebase to edk2-stable202511)
* Wed Nov 12 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250822-4
- edk2-make-dbxupdate.sh-get-version-tag-add-to-commit-mess.patch [RHEL-126085]
- edk2-update-dbx-to-20251016-v1.6.1.patch [RHEL-126085]
- Resolves: RHEL-126085
([edk2,rhel-10] dbx update to 20251016 / v1.6.1)
* Mon Nov 03 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250822-3
- edk2-Bumped-OpenSSL-to-3.5.1-6.patch [RHEL-115880]
- Resolves: RHEL-115880
(CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-10.2])
* Mon Oct 13 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250822-2
- edk2-add-DBXUpdate-20250610.aa64.bin.patch [RHEL-109548]
- Resolves: RHEL-109548
([aarch64][edk2] missing DBXUpdate-${date}.aa64.bin)
* Tue Oct 07 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250822-1
- Rebase to edk2-stable202508 [RHEL-111718]
- Resolves: RHEL-111718
([edk2,rhel-10] rebase to edk2-stable202508)
* Mon Jun 30 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250523-2
- edk2-add-qemu-vars-builds-to-build-config-and-file-lists.patch [RHEL-2908]
- edk2-add-dbx-update-script.patch [RHEL-96866]
- edk2-update-dbx-to-20250610.patch [RHEL-96866]
- Resolves: RHEL-2908
([aarch64][EDK2] UEFI writable variable service in QEMU)
- Resolves: RHEL-96866
([edk2,rhel-10] dbx update 20250610)
* Tue Jun 10 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250523-1
- Rebase to edk2-stable202505 [RHEL-82556]
- Resolves: RHEL-82556
([edk2,rhel-10] rebase to edk2-stable202505)
* Fri May 02 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250221-3
- edk2-.distro-make-sure-virt-firmware-is-new-enough.patch [RHEL-85759]
- Resolves: RHEL-85759
(RFE: Add riscv64 build and sub-package)
* Mon Apr 07 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250221-2
- edk2-.distro-drop-setup-macro-in-specfile-comment.patch [RHEL-85759]
- edk2-.distro-switch-to-rhel-10-build-config.patch [RHEL-85759]
- edk2-.distro-add-riscv64-sub-rpm.patch [RHEL-85759]
- Resolves: RHEL-85759
(RFE: Add riscv64 build and sub-package)
* Wed Mar 26 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20250221-1
- Rebase to edk2-stable202502 [RHEL-75592]
- Resolves: RHEL-75592
(rebase to edk2-stable202502)
- Resulves: RHEL-82646
(fix typo in fwcfg file name)
- Resolves: RHEL-82837
(The newer revocation file and Server 2025 required to update it)
* Mon Jan 20 2025 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-2
- edk2-Fix-amd-sev-firmware-file-for-amd-snp.patch [RHEL-72446]
- Resolves: RHEL-72446
( QEMU should creating new json file that will correctly describe firmware for amd-sev-snp [rhel-10])
* Mon Dec 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20241117-1
- Rebase to edk2-stable202411
- Resolves: RHEL-58062
([edk2,rhel-10] rebase to edk2-stable202411)
* Tue Nov 26 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-12
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642]
- Resolves: RHEL-64642
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10])
* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-11
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234]
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234]
- Resolves: RHEL-66234
([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10])
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 20240524-10
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Oct 08 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9
- edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch [RHEL-56249]
- edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch [RHEL-56249]
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60829]
- Resolves: RHEL-56249
(507x510 display resolution should not crash the firmware [edk2,rhel-10])
- Resolves: RHEL-60829
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0])
* Fri Sep 27 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-8
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55302]
- Resolves: RHEL-55302

8
sources
View File

@ -1,3 +1,5 @@
SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624
SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d
SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9
SHA512 (DBXUpdate-20251016.aa64.bin) = 2af6d22d139ff58cb2d0dc0883257b6131f1bd9cc04b4c062c21f1d0560508f8f4ea062e6946fd37c8ab47259772884e29c32a93844d5d6beadcf9e778e4ee51
SHA512 (DBXUpdate-20251016.x64.bin) = 0452d2c302f702eeb2d549fd5ac4b3c3623172de9559a881bc92875590f3c5b65e301b880f5f76786e22b1af145b2aa6e58c74fef00a279950f3d6641aef484e
SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb
SHA512 (edk2-46548b1adac8.tar.xz) = 56b340943585df5efacc31af564f865664ade5eb5ff443040518263dd36784045a383970e11d3925c8c33927829e00b82efbfd77447e2fb96ad50e16064e0827
SHA512 (openssl-rhel-c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c.tar.xz) = be9bb76ba1b8c3f16f4d6d15d4b4a8c57b9361dab56996b9a19bb6360996144c556c0e07827c8734b37f071e842dc0abe39d2321f09f42c47f610808f15aa0a5