diff --git a/.gitignore b/.gitignore index abc0b04..cf689d6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ -DBXUpdate-20230509.x64.bin -edk2-3e722403cd.tar.xz -openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz +DBXUpdate-20251016.aa64.bin +DBXUpdate-20251016.x64.bin +dtc-1.7.0.tar.xz +edk2-46548b1adac8.tar.xz +openssl-rhel-c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c.tar.xz diff --git a/0003-Remove-paths-leading-to-submodules.patch b/0003-Remove-paths-leading-to-submodules.patch index 1c76597..a2c6794 100644 --- a/0003-Remove-paths-leading-to-submodules.patch +++ b/0003-Remove-paths-leading-to-submodules.patch @@ -1,4 +1,4 @@ -From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001 +From 3ba51256bdef2ee84943c2e2da85422107fdd8dc Mon Sep 17 00:00:00 2001 From: Miroslav Rezanina Date: Thu, 24 Mar 2022 03:23:02 -0400 Subject: [PATCH] Remove paths leading to submodules @@ -15,10 +15,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 9 deletions(-) diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile -index 5275f657ef..39d7199753 100644 +index 0ea314ef96..92d3dedf47 100644 --- a/BaseTools/Source/C/GNUmakefile +++ b/BaseTools/Source/C/GNUmakefile -@@ -51,7 +51,6 @@ all: makerootdir subdirs +@@ -24,7 +24,6 @@ all: makerootdir subdirs LIBRARIES = Common VFRAUTOGEN = VfrCompile/VfrLexer.h APPLICATIONS = \ @@ -27,10 +27,10 @@ index 5275f657ef..39d7199753 100644 EfiRom \ GenFfs \ diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index f7339f0aec..badb93238f 100644 +index 0775aa954a..0d981111ed 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -26,9 +26,6 @@ +@@ -27,9 +27,6 @@ Include Test/Mock/Include @@ -41,10 +41,10 @@ index f7339f0aec..badb93238f 100644 ## @libraryclass Defines a set of methods to reset whole system. ResetSystemLib|Include/Library/ResetSystemLib.h diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec -index bf94549cbf..605b0f1be8 100644 +index 8f02cf1767..3e4d25d2e1 100644 --- a/MdePkg/MdePkg.dec +++ b/MdePkg/MdePkg.dec -@@ -29,7 +29,6 @@ +@@ -30,7 +30,6 @@ Include Test/UnitTest/Include Test/Mock/Include @@ -52,7 +52,7 @@ index bf94549cbf..605b0f1be8 100644 [Includes.IA32] Include/Ia32 -@@ -295,10 +294,6 @@ +@@ -293,10 +292,6 @@ # FdtLib|Include/Library/FdtLib.h diff --git a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 081fccc..cd90248 100644 --- a/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,9 +1,14 @@ -From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001 +From dbdf905bad52ad0126f99438f637bd464313c1b8 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH only) +Notes for rebase to edk2-stable202505: + +- Minor context changes due to be03ceb ArmPkg: ArmFfaLib: Move ArmFfaLib +implementation to MdeModulePkg + Notes for rebase to edk2-stable202311: - Minor context changes due to new PCDs (for USB Networking) being added. @@ -99,25 +104,25 @@ Signed-off-by: Laszlo Ersek 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index badb93238f..3a67acc090 100644 +index 0d981111ed..77d8aa49df 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -2222,6 +2222,10 @@ - # @Prompt The value is use for Usb Network rate limiting supported. - gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028 +@@ -2300,6 +2300,10 @@ + # @Prompt Conduit to use in ArmFfaLib. + gEfiMdeModulePkgTokenSpaceGuid.PcdFfaLibConduitSmc|TRUE|BOOLEAN|0x10000029 -+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal -+ # mode change. -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 -+ ++ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal ++ # mode change. ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 ++ [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -index 7809869e7d..3be801039b 100644 +index 10d6695397..1423e99830 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -9,6 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -126,9 +131,9 @@ index 7809869e7d..3be801039b 100644 #include "Terminal.h" // -@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0 - CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; - CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; +@@ -83,6 +85,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', '0', ';', '0', '0', ' + CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', '0', 'C', 0 }; + CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', '0', 'D', 0 }; +// +// Note that this is an ASCII format string, taking two INT32 arguments: @@ -143,7 +148,7 @@ index 7809869e7d..3be801039b 100644 // // Body of the ConOut functions // -@@ -498,6 +510,24 @@ TerminalConOutSetMode ( +@@ -533,6 +545,24 @@ TerminalConOutSetMode ( return EFI_DEVICE_ERROR; } diff --git a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index 98fddad..7dace6f 100644 --- a/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,4 +1,4 @@ -From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001 +From f9b45a184e1dbb81010ce25b04299d208fe94121 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH @@ -75,18 +75,17 @@ Signed-off-by: Laszlo Ersek OvmfPkg/CloudHv/CloudHvX64.dsc | 1 + OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 + OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/PlatformPei/Platform.c | 13 +++++++++++++ OvmfPkg/PlatformPei/PlatformPei.inf | 1 + - 9 files changed, 21 insertions(+), 1 deletion(-) + 8 files changed, 20 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 8eb6f4f24f..627fded641 100644 +index 8e7e69da00..b18345f4a7 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -484,6 +484,7 @@ +@@ -487,6 +487,7 @@ [PcdsDynamicDefault] gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -95,10 +94,10 @@ index 8eb6f4f24f..627fded641 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc -index 4996885301..51a49c09ad 100644 +index 157aa8e611..f6a80943ab 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc -@@ -581,6 +581,7 @@ +@@ -601,6 +601,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -107,10 +106,10 @@ index 4996885301..51a49c09ad 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 0931ce061a..9f49b60ff0 100644 +index 18fd116311..83772af284 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -@@ -477,6 +477,7 @@ +@@ -479,6 +479,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -119,10 +118,10 @@ index 0931ce061a..9f49b60ff0 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index 69de4dd3f1..fb73f2e089 100644 +index 884d5a9432..b56ca4e42f 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc -@@ -590,7 +590,7 @@ +@@ -588,7 +588,7 @@ # only set when # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -131,23 +130,11 @@ index 69de4dd3f1..fb73f2e089 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0 -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 2ca005d768..dddef5ed0e 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -599,6 +599,7 @@ - # ($(SMM_REQUIRE) == FALSE) - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 - -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE - !if $(SMM_REQUIRE) == FALSE - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index a39070a626..933abb258f 100644 +index 5b2f51e49a..5273113e0f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -611,6 +611,7 @@ +@@ -620,6 +620,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -156,10 +143,10 @@ index a39070a626..933abb258f 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 1b90aa8f57..04157ab14b 100644 +index 9180e88645..fbbe0656b4 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -629,6 +629,7 @@ +@@ -697,6 +697,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -168,12 +155,12 @@ index 1b90aa8f57..04157ab14b 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index df35726ff6..6c786bfc1e 100644 +index a354e0641f..bb791fba71 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c -@@ -41,6 +41,18 @@ - +@@ -43,6 +43,18 @@ #include "Platform.h" + #include "PlatformId.h" +#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ + do { \ @@ -190,7 +177,7 @@ index df35726ff6..6c786bfc1e 100644 EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = { { EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, -@@ -355,6 +367,7 @@ InitializePlatform ( +@@ -365,6 +377,7 @@ InitializePlatform ( MemTypeInfoInitialization (PlatformInfoHob); MemMapInitialization (PlatformInfoHob); NoexecDxeInitialization (PlatformInfoHob); @@ -199,10 +186,10 @@ index df35726ff6..6c786bfc1e 100644 InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index e036018eab..a2f59e8fc8 100644 +index 1f1616c569..a82c9a6490 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -103,6 +103,7 @@ +@@ -108,6 +108,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved diff --git a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 1669840..a0e87c5 100644 --- a/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,4 +1,4 @@ -From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001 +From c3bec28d544bd8a77e8b6fc31208d9348dd749c3 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line @@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 64aa4e96e5..c37c4ba61e 100644 +index 9d85ef653b..24416ca984 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -311,6 +311,8 @@ +@@ -317,6 +317,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0 !endif @@ -108,7 +108,7 @@ index 64aa4e96e5..c37c4ba61e 100644 [PcdsDynamicHii] gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS -@@ -416,7 +418,10 @@ +@@ -452,7 +454,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf diff --git a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 5ad755d..675c65f 100644 --- a/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,4 +1,4 @@ -From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001 +From 48ff6ef136079ee9fab4c20bdb0ec791e8c3af03 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) @@ -59,42 +59,28 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7) --- OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 627fded641..cef43b34b7 100644 +index b18345f4a7..c7342f4f34 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -429,7 +429,7 @@ +@@ -432,7 +432,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error - gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F + gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F - !if $(SOURCE_DEBUG_ENABLE) == TRUE - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index dddef5ed0e..270bd612e5 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -535,7 +535,7 @@ - # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may - # // significantly impact boot performance - # DEBUG_ERROR 0x80000000 // Error -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F - !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 933abb258f..269a4b2b21 100644 +index 5273113e0f..db2abc7cd3 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -542,7 +542,7 @@ +@@ -551,7 +551,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -104,10 +90,10 @@ index 933abb258f..269a4b2b21 100644 !if $(SOURCE_DEBUG_ENABLE) == TRUE gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 04157ab14b..9614cc1c56 100644 +index fbbe0656b4..75768c37c6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -561,7 +561,7 @@ +@@ -629,7 +629,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error diff --git a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch index 4fbcec0..48b7360 100644 --- a/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ b/0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -1,4 +1,4 @@ -From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001 +From a3bb6ef0037323bf330d2f16cd4863ecc0a82b81 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:46 +0100 Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -80,16 +80,15 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7) --- OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- - 4 files changed, 32 insertions(+), 8 deletions(-) + 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cef43b34b7..f53380aca2 100644 +index c7342f4f34..b4fb1554e7 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -691,8 +691,14 @@ +@@ -683,8 +683,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -106,32 +105,11 @@ index cef43b34b7..f53380aca2 100644 OvmfPkg/VirtioGpuDxe/VirtioGpu.inf # -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 270bd612e5..d942c7354a 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -828,8 +828,14 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf - diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 269a4b2b21..d915b847cb 100644 +index db2abc7cd3..935cbab30d 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -842,8 +842,14 @@ +@@ -848,8 +848,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf @@ -149,10 +127,10 @@ index 269a4b2b21..d915b847cb 100644 OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 9614cc1c56..12ee5510bd 100644 +index 75768c37c6..c27cf21deb 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -910,8 +910,14 @@ +@@ -979,8 +979,14 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch index a2e83e7..de47f3a 100644 --- a/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ b/0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -1,4 +1,4 @@ -From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001 +From b7ea0f898387c9d8fe1f04bc2156e0d696d80eeb Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 27 Jan 2016 03:05:18 +0100 Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in @@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index c37c4ba61e..00e656d0c9 100644 +index 24416ca984..6432b03c27 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -546,7 +546,10 @@ +@@ -579,7 +579,10 @@ # # Video support # @@ -77,10 +77,10 @@ index c37c4ba61e..00e656d0c9 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 2cf96accbd..c7918c8cf3 100644 +index ebdb7dc834..354d16ac28 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -450,7 +450,10 @@ +@@ -463,7 +463,10 @@ # # Video support # diff --git a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch index 4ee0977..6c1260b 100644 --- a/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ b/0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -1,4 +1,4 @@ -From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001 +From 3b9d1965958e2b76a09500a16fd5e19f561479ae Mon Sep 17 00:00:00 2001 From: Philippe Mathieu-Daude Date: Thu, 1 Aug 2019 20:43:48 +0200 Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 diff --git a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch index 13abca5..82a572c 100644 --- a/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ b/0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -1,4 +1,4 @@ -From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001 +From 03a7bc5196c937121618c01cb468f89614fac322 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:47 +0100 Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe @@ -57,16 +57,15 @@ Signed-off-by: Paolo Bonzini (cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502) --- OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 4 files changed, 16 insertions(+), 4 deletions(-) + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index f53380aca2..32f47704bc 100644 +index b4fb1554e7..97f595b38a 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -686,7 +686,10 @@ +@@ -678,7 +678,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -78,27 +77,11 @@ index f53380aca2..32f47704bc 100644 MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d942c7354a..49540d54d0 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -823,7 +823,10 @@ - MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d915b847cb..1c4e0514ed 100644 +index 935cbab30d..5bb2a7cef7 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -837,7 +837,10 @@ +@@ -843,7 +843,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf @@ -111,10 +94,10 @@ index d915b847cb..1c4e0514ed 100644 MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 12ee5510bd..e50e63b3f6 100644 +index c27cf21deb..62d6a008c6 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -905,7 +905,10 @@ +@@ -974,7 +974,10 @@ MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf diff --git a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch index 573fcb7..d15f7a6 100644 --- a/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch +++ b/0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch @@ -1,4 +1,4 @@ -From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001 +From 5b0bc2cc3e84b8951e82246b12c3aef80c433b70 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:31:36 +0200 Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" @@ -32,20 +32,20 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -index 3c12085f6c..e192809198 100644 +index 4598233ec1..66fba2d64d 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c -@@ -19,6 +19,7 @@ +@@ -20,6 +20,7 @@ #include #include #include +#include #include + #include #include - #include -@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint ( - - if (KernelBlob->Data == NULL) { +@@ -1304,6 +1305,22 @@ QemuKernelLoaderFsDxeEntrypoint ( + if ((Blob == NULL) && (mKernelNamedBlobCount == 0)) { + DEBUG ((DEBUG_INFO, "%a: no kernel and no named blobs present -> quit\n", __func__)); Status = EFI_NOT_FOUND; +#if defined (MDE_CPU_AARCH64) + // @@ -67,7 +67,7 @@ index 3c12085f6c..e192809198 100644 } diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf -index 7b35adb8e0..23d9f5fca1 100644 +index d24bd17c60..3794223524 100644 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf @@ -28,6 +28,7 @@ @@ -76,5 +76,5 @@ index 7b35adb8e0..23d9f5fca1 100644 DebugLib + DebugPrintErrorLevelLib DevicePathLib + HobLib MemoryAllocationLib - QemuFwCfgLib diff --git a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch index 13fd6eb..fdd9a85 100644 --- a/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +++ b/0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch @@ -1,4 +1,4 @@ -From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001 +From 28b4ba4dcd57eda5ef568ef6f4e08a0cb0007ab6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 24 Jun 2020 11:40:09 +0200 Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent @@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 18 insertions(+) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c -index b55b6c12d2..0be885c391 100644 +index 85a852842d..179c1499d3 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @@ -42,7 +42,7 @@ index b55b6c12d2..0be885c391 100644 #include #include #include -@@ -2743,6 +2744,22 @@ DriverEntry ( +@@ -2753,6 +2754,22 @@ DriverEntry ( CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) { DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); diff --git a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch index 044e031..33b2efd 100644 --- a/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch +++ b/0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch @@ -1,4 +1,4 @@ -From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001 +From 42fd784f17f7ce1c2d2fe1b29cd4ac9aff198f7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:49 +0200 Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only) @@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 - OvmfPkg/AmdSev/AmdSevX64.fdf | 1 - - OvmfPkg/OvmfPkgIa32.dsc | 1 - - OvmfPkg/OvmfPkgIa32.fdf | 1 - OvmfPkg/OvmfPkgIa32X64.dsc | 1 - OvmfPkg/OvmfPkgIa32X64.fdf | 1 - OvmfPkg/OvmfPkgX64.dsc | 1 - OvmfPkg/OvmfPkgX64.fdf | 1 - - 8 files changed, 8 deletions(-) + 6 files changed, 6 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 32f47704bc..6b6e108d11 100644 +index 97f595b38a..06b8bf7275 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -611,7 +611,6 @@ +@@ -612,7 +612,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -41,34 +39,10 @@ index 32f47704bc..6b6e108d11 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 595945181c..c176043482 100644 +index dbb733310e..d49e51da69 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf - - INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf - INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf --INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf - INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf - INF UefiCpuPkg/CpuDxe/CpuDxe.inf - INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 49540d54d0..d368aa11fe 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -746,7 +746,6 @@ - !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc - } - -- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf - UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf - UefiCpuPkg/CpuDxe/CpuDxe.inf - OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0d4abb50a8..ef933def99 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +@@ -149,7 +149,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf @@ -77,10 +51,10 @@ index 0d4abb50a8..ef933def99 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 1c4e0514ed..cf09bdf785 100644 +index 5bb2a7cef7..59c205ead5 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -760,7 +760,6 @@ +@@ -771,7 +771,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -89,10 +63,10 @@ index 1c4e0514ed..cf09bdf785 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 23a825a012..0cd98ada5a 100644 +index 2ab9bcf45c..a6054701a7 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +@@ -187,7 +187,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf @@ -101,10 +75,10 @@ index 23a825a012..0cd98ada5a 100644 INF UefiCpuPkg/CpuDxe/CpuDxe.inf INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e50e63b3f6..098d569381 100644 +index 62d6a008c6..7342d5871e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -805,7 +805,6 @@ +@@ -879,7 +879,6 @@ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc } @@ -113,10 +87,10 @@ index e50e63b3f6..098d569381 100644 UefiCpuPkg/CpuDxe/CpuDxe.inf { diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 4dcd6a033c..b201505214 100644 +index 3eec3145ad..b9f88a32fc 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf +@@ -197,7 +197,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf diff --git a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch index ac2a76d..742cda8 100644 --- a/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch +++ b/0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001 +From 1abeb1fd3164d212d799d9a767eeeb15a5c911e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:28:59 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only) @@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 - OvmfPkg/AmdSev/AmdSevX64.fdf | 1 - - OvmfPkg/OvmfPkgIa32.dsc | 1 - - OvmfPkg/OvmfPkgIa32.fdf | 1 - OvmfPkg/OvmfPkgIa32X64.dsc | 1 - OvmfPkg/OvmfPkgIa32X64.fdf | 1 - OvmfPkg/OvmfPkgX64.dsc | 1 - OvmfPkg/OvmfPkgX64.fdf | 1 - - 8 files changed, 8 deletions(-) + 6 files changed, 6 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 6b6e108d11..5461c1290d 100644 +index 06b8bf7275..6efc896439 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -701,7 +701,6 @@ +@@ -693,7 +693,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -41,10 +39,10 @@ index 6b6e108d11..5461c1290d 100644 # # ISA Support diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c176043482..10538a0465 100644 +index d49e51da69..6177fb65c3 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -228,7 +228,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -52,35 +50,11 @@ index c176043482..10538a0465 100644 INF OvmfPkg/PlatformDxe/Platform.inf INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d368aa11fe..40e78014c4 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -838,7 +838,6 @@ - - gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F - } -- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf - - # -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index ef933def99..68d59968ec 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf - INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf --INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - INF OvmfPkg/PlatformDxe/Platform.inf - INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf - INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index cf09bdf785..6ade9aa0ef 100644 +index 59c205ead5..24a27f34ea 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -852,7 +852,6 @@ +@@ -858,7 +858,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -89,10 +63,10 @@ index cf09bdf785..6ade9aa0ef 100644 # diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 0cd98ada5a..8891d96422 100644 +index a6054701a7..d8a1dcca04 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -285,7 +285,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf @@ -101,10 +75,10 @@ index 0cd98ada5a..8891d96422 100644 INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 098d569381..8563835ae5 100644 +index 7342d5871e..5a8ffe8828 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -920,7 +920,6 @@ +@@ -989,7 +989,6 @@ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F } @@ -113,10 +87,10 @@ index 098d569381..8563835ae5 100644 # diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index b201505214..06ac4423da 100644 +index b9f88a32fc..84a77918ba 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf +@@ -303,7 +303,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf diff --git a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch index 7e2fecc..450c923 100644 --- a/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch +++ b/0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch @@ -1,4 +1,4 @@ -From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001 +From 948e269f5424976af342eaed0725bcd7ee384706 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:13 +0200 Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -18,43 +18,17 @@ Suggested-by: Laszlo Ersek Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Miroslav Rezanina --- - OvmfPkg/OvmfPkgIa32.dsc | 1 - - OvmfPkg/OvmfPkgIa32.fdf | 1 - OvmfPkg/OvmfPkgIa32X64.dsc | 1 - OvmfPkg/OvmfPkgIa32X64.fdf | 1 - OvmfPkg/OvmfPkgX64.dsc | 1 - OvmfPkg/OvmfPkgX64.fdf | 1 - - 6 files changed, 6 deletions(-) + 4 files changed, 4 deletions(-) -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 40e78014c4..afd2a3c5c0 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -816,7 +816,6 @@ - MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf - FatPkg/EnhancedFatDxe/Fat.inf - MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf -- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf - MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf - MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf - MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 68d59968ec..c392b96470 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - - INF FatPkg/EnhancedFatDxe/Fat.inf - INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf --INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf - - INF MdeModulePkg/Logo/LogoDxe.inf - diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 6ade9aa0ef..f5a4c57c8e 100644 +index 24a27f34ea..4c8d78ba80 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -830,7 +830,6 @@ +@@ -836,7 +836,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -63,10 +37,10 @@ index 6ade9aa0ef..f5a4c57c8e 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 8891d96422..6278daeeee 100644 +index d8a1dcca04..bf3411774f 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -253,7 +253,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -75,10 +49,10 @@ index 8891d96422..6278daeeee 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 8563835ae5..08b73a64c9 100644 +index 5a8ffe8828..fee634edd3 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -898,7 +898,6 @@ +@@ -967,7 +967,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -87,10 +61,10 @@ index 8563835ae5..08b73a64c9 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 06ac4423da..fc4b6dd3a4 100644 +index 84a77918ba..f0a3664339 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -269,7 +269,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch index f78d50f..70c4ddb 100644 --- a/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch +++ b/0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch @@ -1,4 +1,4 @@ -From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001 +From 78172198efd225c2b2d0d4de685e497e27ec7816 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:16 +0200 Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 00e656d0c9..d1deccaadc 100644 +index 6432b03c27..a0bf583b54 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -464,7 +464,6 @@ +@@ -507,7 +507,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -36,10 +36,10 @@ index 00e656d0c9..d1deccaadc 100644 # # Bds diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 38906004d7..7205274bed 100644 +index df9fa67ddf..9d67ee607f 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -85,7 +85,6 @@ READ_LOCK_STATUS = TRUE +@@ -90,7 +90,6 @@ READ_LOCK_STATUS = TRUE INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf @@ -48,10 +48,10 @@ index 38906004d7..7205274bed 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index c7918c8cf3..9643fd5427 100644 +index 354d16ac28..f1aa5a78a9 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -368,7 +368,6 @@ +@@ -391,7 +391,6 @@ MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf diff --git a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index c7b6315..cc19f17 100644 --- a/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001 +From 6a292afd406e0f596401865e045d07cbfb007e7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:19 +0200 Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -20,19 +20,17 @@ Signed-off-by: Miroslav Rezanina --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 - OvmfPkg/AmdSev/AmdSevX64.fdf | 1 - - OvmfPkg/OvmfPkgIa32.dsc | 1 - - OvmfPkg/OvmfPkgIa32.fdf | 1 - OvmfPkg/OvmfPkgIa32X64.dsc | 1 - OvmfPkg/OvmfPkgIa32X64.fdf | 1 - OvmfPkg/OvmfPkgX64.dsc | 1 - OvmfPkg/OvmfPkgX64.fdf | 1 - - 8 files changed, 8 deletions(-) + 6 files changed, 6 deletions(-) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index 5461c1290d..cf1ad83e09 100644 +index 6efc896439..717956cfc9 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -679,7 +679,6 @@ +@@ -671,7 +671,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -41,10 +39,10 @@ index 5461c1290d..cf1ad83e09 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index 10538a0465..c56c98dc85 100644 +index 6177fb65c3..069dc40e97 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -208,7 +208,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -52,35 +50,11 @@ index 10538a0465..c56c98dc85 100644 INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf INF OvmfPkg/AmdSev/Grub/Grub.inf -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index afd2a3c5c0..d8ae542686 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -815,7 +815,6 @@ - MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf - MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf - FatPkg/EnhancedFatDxe/Fat.inf -- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf - MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf - MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf - MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index c392b96470..0ffa3be750 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf - INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf - - INF FatPkg/EnhancedFatDxe/Fat.inf --INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf - - INF MdeModulePkg/Logo/LogoDxe.inf - diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index f5a4c57c8e..52ac2c96fc 100644 +index 4c8d78ba80..2be6a1321c 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -829,7 +829,6 @@ +@@ -835,7 +835,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -89,10 +63,10 @@ index f5a4c57c8e..52ac2c96fc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 6278daeeee..c4f3ec0735 100644 +index bf3411774f..c1b9b9b6d7 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -252,7 +252,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf @@ -101,10 +75,10 @@ index 6278daeeee..c4f3ec0735 100644 INF MdeModulePkg/Logo/LogoDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 08b73a64c9..f76d0ef7bc 100644 +index fee634edd3..724a84554c 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -897,7 +897,6 @@ +@@ -966,7 +966,6 @@ MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -113,10 +87,10 @@ index 08b73a64c9..f76d0ef7bc 100644 MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index fc4b6dd3a4..bedd85ef7a 100644 +index f0a3664339..9f24e6cd88 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf +@@ -268,7 +268,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch index 20ab8c5..8d26811 100644 --- a/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch +++ b/0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch @@ -1,4 +1,4 @@ -From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001 +From 9dbf4272b3c0a23974806cb7956d10adf176ac55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:22 +0200 Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only) @@ -24,10 +24,10 @@ Signed-off-by: Miroslav Rezanina 3 files changed, 3 deletions(-) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index d1deccaadc..f91bb09fa3 100644 +index a0bf583b54..a0a36632c2 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -463,7 +463,6 @@ +@@ -506,7 +506,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf @@ -36,10 +36,10 @@ index d1deccaadc..f91bb09fa3 100644 # # Bds diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 7205274bed..24a9dac2fd 100644 +index 9d67ee607f..e476343401 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -84,7 +84,6 @@ READ_LOCK_STATUS = TRUE +@@ -89,7 +89,6 @@ READ_LOCK_STATUS = TRUE INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf @@ -48,10 +48,10 @@ index 7205274bed..24a9dac2fd 100644 # # Status Code Routing diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 9643fd5427..c2825aa4c2 100644 +index f1aa5a78a9..8212cd2a00 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -367,7 +367,6 @@ +@@ -390,7 +390,6 @@ MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf FatPkg/EnhancedFatDxe/Fat.inf diff --git a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch index 98fa968..cfd6581 100644 --- a/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch +++ b/0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001 +From b7953417ba9a4db13049d2428b3ed43f48bbc6d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:25 +0200 Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only) @@ -27,7 +27,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 5 deletions(-) diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -index 4075688e41..3663938054 100644 +index e8f4f42b33..9df0a29c17 100644 --- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc @@ -6,10 +6,6 @@ @@ -42,10 +42,10 @@ index 4075688e41..3663938054 100644 gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -index 38f69747b0..1637083ff1 100644 +index eef89be88e..a0e0d10e76 100644 --- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -@@ -6,7 +6,6 @@ +@@ -10,7 +10,6 @@ !if $(TOOL_CHAIN_TAG) != "XCODE5" !if $(NETWORK_ENABLE) == TRUE diff --git a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch b/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch deleted file mode 100644 index 2c1aafb..0000000 --- a/0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Thu, 1 Jul 2021 20:29:28 +0200 -Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RH-Author: Philippe Mathieu-Daudé -RH-MergeRequest: 3: Disable features for RHEL9 -RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403 -RH-Bugzilla: 1967747 -RH-Acked-by: Laszlo Ersek - -Remove the command to download files in the shell via TFTP. - -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Miroslav Rezanina ---- - ArmVirtPkg/ArmVirt.dsc.inc | 7 +++---- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 - - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 7044790a1e..ee98673e98 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,10 +391,9 @@ - # - MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf - -- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf { -- -- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE -- } -+ # -+ # UEFI application (Shell Embedded Boot Loader) -+ # - ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf { - - gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 24a9dac2fd..1341de0a2f 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - - INF ShellPkg/Application/Shell/Shell.inf -- INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf - INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf - INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf diff --git a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch b/0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch similarity index 93% rename from 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch rename to 0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch index 97ac08a..12e14c2 100644 --- a/0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch +++ b/0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch @@ -1,4 +1,4 @@ -From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001 +From ecc0fc23de0ae74e90d50ae99cdde34a0eec9efe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:31 +0200 Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only) @@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 9 deletions(-) diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -index 3663938054..a568f1ecc5 100644 +index 9df0a29c17..eca62339c9 100644 --- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc @@ -5,12 +5,6 @@ @@ -48,10 +48,10 @@ index 3663938054..a568f1ecc5 100644 gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -index 1637083ff1..c0118a46e2 100644 +index a0e0d10e76..59b5f55ce5 100644 --- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -@@ -5,9 +5,6 @@ +@@ -9,9 +9,6 @@ !if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE !if $(TOOL_CHAIN_TAG) != "XCODE5" diff --git a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch b/0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch similarity index 92% rename from 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch rename to 0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch index 320c3dd..ac6146d 100644 --- a/0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch +++ b/0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch @@ -1,4 +1,4 @@ -From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001 +From 33411781440d81b039a48637c0772ecaec88f7e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 1 Jul 2021 20:29:39 +0200 Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) @@ -36,7 +36,7 @@ Signed-off-by: Miroslav Rezanina 2 files changed, 5 deletions(-) diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -index a568f1ecc5..f7e0f5e90e 100644 +index eca62339c9..2318ae64ab 100644 --- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc +++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc @@ -9,10 +9,6 @@ @@ -51,10 +51,10 @@ index a568f1ecc5..f7e0f5e90e 100644 ShellPkg/Application/Shell/Shell.inf { diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -index c0118a46e2..dced75e388 100644 +index 59b5f55ce5..6838bf4159 100644 --- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc +++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -@@ -6,7 +6,6 @@ +@@ -10,7 +10,6 @@ !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf diff --git a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch b/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch deleted file mode 100644 index 833cb16..0000000 --- a/0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Thu, 1 Jul 2021 20:29:34 +0200 -Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Rebase to edk2-stable202311: - -Minor update, context change due to new variable policy shell command. - -RH-Author: Philippe Mathieu-Daudé -RH-MergeRequest: 3: Disable features for RHEL9 -RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3 -RH-Bugzilla: 1967747 -RH-Acked-by: Laszlo Ersek - -Remove the command to download files in the shell via HTTP(S). - -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Miroslav Rezanina ---- - ArmVirtPkg/ArmVirt.dsc.inc | 4 ---- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 - - 2 files changed, 5 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index ee98673e98..996b4ddfc4 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -394,10 +394,6 @@ - # - # UEFI application (Shell Embedded Boot Loader) - # -- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf { -- -- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE -- } - ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf { - - gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 1341de0a2f..b49bf7ad4e 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - - INF ShellPkg/Application/Shell/Shell.inf -- INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf - INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf - INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf - diff --git a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch b/0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch similarity index 87% rename from 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch rename to 0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch index a750874..922e968 100644 --- a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +++ b/0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch @@ -1,4 +1,4 @@ -From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001 +From 8f2163ec41344d311f9d985a7325b7fa4c4b122d Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 16 Aug 2023 12:09:40 +0200 Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) @@ -22,12 +22,12 @@ patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch present_in_specfile: true location_in_specfile: 44 --- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++ + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 43 +++++++++++++++++++++++++++++++++ OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++ - 2 files changed, 44 insertions(+) + 2 files changed, 45 insertions(+) diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index d497a343d3..0eb88e50ff 100644 +index d497a343d3..ca345e95da 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c +++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c @@ -19,6 +19,7 @@ @@ -90,10 +90,11 @@ index d497a343d3..0eb88e50ff 100644 // // Do nothing when SEV is not enabled -@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint ( - ); +@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint ( + return EFI_UNSUPPORTED; } ++ // Shim fallback reboot workaround + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, @@ -104,8 +105,9 @@ index d497a343d3..0eb88e50ff 100644 + ); + ASSERT_EFI_ERROR (Status); + - return EFI_SUCCESS; - } + // + // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent + // memory space. The NonExistent memory space will be used for mapping the diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf index e7c7d526c9..09cbd2b0ca 100644 --- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf diff --git a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch b/0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch similarity index 85% rename from 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch rename to 0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch index 3ce2d6c..c480db4 100644 --- a/0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch +++ b/0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch @@ -1,7 +1,7 @@ -From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001 +From c5d8df4e356938b081d0a42b5f127337b0d211cb Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:11:02 +0200 -Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file. +Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file (RH only) Needed by rhel downstream openssl patches. diff --git a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch b/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch deleted file mode 100644 index 11e5379..0000000 --- a/0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Thu, 1 Jul 2021 20:29:46 +0200 -Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Rebase to edk2-stable202311: - -Minor update, context change due to new variable policy shell command. - -RH-Author: Philippe Mathieu-Daudé -RH-MergeRequest: 3: Disable features for RHEL9 -RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d -RH-Bugzilla: 1967747 -RH-Acked-by: Laszlo Ersek - -Remove the command to register a file in the shell as the initial -ramdisk for a UEFI stubbed kernel, to be booted next. - -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Miroslav Rezanina ---- - ArmVirtPkg/ArmVirt.dsc.inc | 10 +++------- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 - - 2 files changed, 3 insertions(+), 8 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 996b4ddfc4..2561e10ff5 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -391,17 +391,13 @@ - # - MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf - -- # -- # UEFI application (Shell Embedded Boot Loader) -- # -+ # -+ # UEFI application (Shell Embedded Boot Loader) -+ # - ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf { - - gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE - } -- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf { -- -- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE -- } - ShellPkg/Application/Shell/Shell.inf { - - ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index b49bf7ad4e..753afd799b 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -101,7 +101,6 @@ READ_LOCK_STATUS = TRUE - - INF ShellPkg/Application/Shell/Shell.inf - INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf -- INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf - - # - # Bds diff --git a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch b/0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch similarity index 83% rename from 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch rename to 0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch index 287a7df..4e44ada 100644 --- a/0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +++ b/0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch @@ -1,7 +1,8 @@ -From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001 +From 555619114921a2e44fae3fb4e741b291e6b9de1b Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Mon, 28 Aug 2023 13:27:09 +0200 Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls + (RH only) Needed by rhel downstream openssl patches, they use unix syscalls for file access (instead of fopen + friends like the rest of the @@ -15,10 +16,10 @@ Signed-off-by: Gerd Hoffmann 2 files changed, 87 insertions(+) diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -index 37cdecc9bd..dfdb635536 100644 +index 8a8fdfefc7..11d01106d4 100644 --- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c -@@ -550,6 +550,52 @@ fread ( +@@ -611,6 +611,52 @@ fread ( return 0; } @@ -72,10 +73,10 @@ index 37cdecc9bd..dfdb635536 100644 getuid ( void diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h -index f36fe08f0c..7d98496af8 100644 +index 4da2ef61f7..5cf2de58a9 100644 --- a/CryptoPkg/Library/Include/CrtLibSupport.h +++ b/CryptoPkg/Library/Include/CrtLibSupport.h -@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -62,6 +62,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // // Definitions for global constants used by CRT library routines // @@ -83,7 +84,7 @@ index f36fe08f0c..7d98496af8 100644 #define EINVAL 22 /* Invalid argument */ #define EAFNOSUPPORT 47 /* Address family not supported by protocol family */ #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ -@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent +@@ -90,6 +91,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define NS_INADDRSZ 4 /*%< IPv4 T_A */ #define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ @@ -99,7 +100,7 @@ index f36fe08f0c..7d98496af8 100644 // // Basic types mapping // -@@ -324,6 +334,37 @@ fprintf ( +@@ -316,6 +326,37 @@ fprintf ( ... ); diff --git a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch b/0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch similarity index 82% rename from edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch rename to 0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch index c751e0f..f54ddb9 100644 --- a/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +++ b/0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch @@ -1,7 +1,7 @@ -From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001 +From a7adaad69c0af3dde7184ccb2c725ca84986d1c7 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Wed, 14 Aug 2024 09:53:49 +0200 -Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging +Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging RH-Author: Oliver Steffen RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging @@ -16,15 +16,19 @@ Reword it and also add a message confirming eventual success to deescalate the importance somewhat. Signed-off-by: Oliver Steffen + +patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +present_in_specfile: true +location_in_specfile: 41 --- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 4dfbe91a55..905a944975 100644 +index 3495b42db8..f8e59595da 100644 --- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c +++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -946,12 +946,13 @@ PseudoRandom ( +@@ -952,12 +952,13 @@ PseudoRandom ( // // Secure Algorithm was supported on this platform // @@ -39,6 +43,3 @@ index 4dfbe91a55..905a944975 100644 // // Try the next secure algorithm --- -2.39.3 - diff --git a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch b/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch deleted file mode 100644 index 1de9bc0..0000000 --- a/0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 28 Feb 2023 15:47:00 +0100 -Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug -RH-Bugzilla: 2124143 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2) - -In case the number of CPUs can in increase beyond 255 -due to CPU hotplug choose x2apic mode. - -Signed-off-by: Gerd Hoffmann - -patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -present_in_specfile: true -location_in_specfile: 38 ---- - UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c -index d724456502..c478878bb0 100644 ---- a/UefiCpuPkg/Library/MpInitLib/MpLib.c -+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c -@@ -534,7 +534,9 @@ CollectProcessorCount ( - // - // Enable x2APIC mode if - // 1. Number of CPU is greater than 255; or -- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater. -+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and -+ // more than 255 logical processors are possible later, with hotplug; or -+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater. - // - X2Apic = FALSE; - if (CpuMpData->CpuCount > 255) { -@@ -542,6 +544,10 @@ CollectProcessorCount ( - // If there are more than 255 processor found, force to enable X2APIC - // - X2Apic = TRUE; -+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) && -+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255)) -+ { -+ X2Apic = TRUE; - } else { - CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob; - for (Index = 0; Index < CpuMpData->CpuCount; Index++) { diff --git a/0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch b/0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch new file mode 100644 index 0000000..40d28b0 --- /dev/null +++ b/0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch @@ -0,0 +1,350 @@ +From a6f05c646722bb85de8b2f21af47e0f88e103010 Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Mon, 4 Nov 2024 12:40:12 +0100 +Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only) + +RH-Author: Oliver Steffen +RH-MergeRequest: 82: Add a Fallback RNG (RH only) +RH-Jira: RHEL-66234 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [1/2] bb62ac9e3f1cd5eae1bb94e047fb6ebada57cd24 (osteffen/edk2) + +Since the pixiefail CVE fix, the network stack requires a random number +generator. +In case there is no hardware random number generator available, +have the Platform Boot Manager install a pseudo RNG to ensure +the network can be used. + +Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 48 +--- + .../PlatformBootManagerLib/BdsPlatform.c | 6 + + .../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++ + .../PlatformBootManagerLib/FallbackRng.h | 20 ++ + .../PlatformBootManagerLib.inf | 5 + + 4 files changed, 253 insertions(+) + create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c + create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index b696f1b338..2982b4f288 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -17,6 +17,7 @@ + + #include + #include ++#include "FallbackRng.h" + + // + // Global data +@@ -350,6 +351,9 @@ PlatformBootManagerBeforeConsole ( + ConnectVirtioPciRng, + NULL + ); ++ ++ FallbackRngCheckAndInstall (); ++ + } + + EFI_STATUS +@@ -1619,6 +1623,8 @@ PlatformBootManagerAfterConsole ( + + DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n")); + ++ FallbackRngPrintWarning (); ++ + if (PcdGetBool (PcdOvmfFlashVariablesEnable)) { + DEBUG (( + DEBUG_INFO, +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c +new file mode 100644 +index 0000000000..bba60e29d5 +--- /dev/null ++++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c +@@ -0,0 +1,222 @@ ++/** @file ++ Copyright (C) 2024, Red Hat, Inc. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "FallbackRng.h" ++ ++typedef struct { ++ EFI_RNG_PROTOCOL Rng; ++ EFI_HANDLE Handle; ++} FALLBACK_RNG_DEV; ++ ++/** ++ Returns information about the random number generation implementation. ++ ++ @param[in] This A pointer to the EFI_RNG_PROTOCOL ++ instance. ++ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of ++ RNGAlgorithmList. ++ On output with a return code of ++ EFI_SUCCESS, the size in bytes of the ++ data returned in RNGAlgorithmList. On ++ output with a return code of ++ EFI_BUFFER_TOO_SMALL, the size of ++ RNGAlgorithmList required to obtain the ++ list. ++ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled ++ by the driver with one EFI_RNG_ALGORITHM ++ element for each supported RNG algorithm. ++ The list must not change across multiple ++ calls to the same driver. The first ++ algorithm in the list is the default ++ algorithm for the driver. ++ ++ @retval EFI_SUCCESS The RNG algorithm list was returned ++ successfully. ++ @retval EFI_UNSUPPORTED The services is not supported by this ++ driver. ++ @retval EFI_DEVICE_ERROR The list of algorithms could not be ++ retrieved due to a hardware or firmware ++ error. ++ @retval EFI_INVALID_PARAMETER One or more of the parameters are ++ incorrect. ++ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small ++ to hold the result. ++ ++**/ ++STATIC ++EFI_STATUS ++EFIAPI ++FallbackRngGetInfo ( ++ IN EFI_RNG_PROTOCOL *This, ++ IN OUT UINTN *RNGAlgorithmListSize, ++ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList ++ ) ++{ ++ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) { ++ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM); ++ return EFI_BUFFER_TOO_SMALL; ++ } ++ ++ if (RNGAlgorithmList == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM); ++ CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw); ++ ++ return EFI_SUCCESS; ++} ++ ++/** ++ Produces and returns an RNG value using either the default or specified RNG ++ algorithm. ++ ++ @param[in] This A pointer to the EFI_RNG_PROTOCOL ++ instance. ++ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that ++ identifies the RNG algorithm to use. May ++ be NULL in which case the function will ++ use its default RNG algorithm. ++ @param[in] RNGValueLength The length in bytes of the memory buffer ++ pointed to by RNGValue. The driver shall ++ return exactly this numbers of bytes. ++ @param[out] RNGValue A caller-allocated memory buffer filled ++ by the driver with the resulting RNG ++ value. ++ ++ @retval EFI_SUCCESS The RNG value was returned successfully. ++ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm ++ is not supported by this driver. ++ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due ++ to a hardware or firmware error. ++ @retval EFI_NOT_READY There is not enough random data available ++ to satisfy the length requested by ++ RNGValueLength. ++ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is ++ zero. ++ ++**/ ++STATIC ++EFI_STATUS ++EFIAPI ++FallbackRngGetRNG ( ++ IN EFI_RNG_PROTOCOL *This, ++ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL, ++ IN UINTN RNGValueLength, ++ OUT UINT8 *RNGValue ++ ) ++{ ++ UINT64 RandomData; ++ EFI_STATUS Status; ++ UINTN i; ++ ++ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ // ++ // We only support the raw algorithm, so reject requests for anything else ++ // ++ if ((RNGAlgorithm != NULL) && ++ !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) ++ { ++ return EFI_UNSUPPORTED; ++ } ++ ++ for (i = 0; i < RNGValueLength; ++i) { ++ if (i % 4 == 0) { ++ Status = GetRandomNumber64 (&RandomData); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ } ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++static FALLBACK_RNG_DEV Dev = { ++ .Rng.GetInfo = FallbackRngGetInfo, ++ .Rng.GetRNG = FallbackRngGetRNG, ++ .Handle = NULL, ++}; ++ ++EFI_STATUS ++FallbackRngCheckAndInstall ( ++ ) ++{ ++ EFI_STATUS Status; ++ EFI_HANDLE *HandleBuffer = NULL; ++ UINTN HandleCount = 0; ++ ++ if (Dev.Handle != NULL) { ++ DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n")); ++ return EFI_ALREADY_STARTED; ++ } ++ ++ Status = gBS->LocateHandleBuffer ( ++ ByProtocol, ++ &gEfiRngProtocolGuid, ++ NULL, ++ &HandleCount, ++ &HandleBuffer ++ ); ++ ++ gBS->FreePool (HandleBuffer); ++ ++ if (Status == EFI_NOT_FOUND) { ++ HandleCount = 0; ++ } else if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status)); ++ return Status; ++ } ++ ++ DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount)); ++ ++ if (HandleCount == 0) { ++ // Install RNG ++ Status = gBS->InstallProtocolInterface ( ++ &Dev.Handle, ++ &gEfiRngProtocolGuid, ++ EFI_NATIVE_INTERFACE, ++ &Dev.Rng ++ ); ++ if (EFI_ERROR (Status)) { ++ DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status)); ++ return Status; ++ } ++ ++ gDS->Dispatch (); ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++VOID ++FallbackRngPrintWarning ( ++ ) ++{ ++ if (Dev.Handle != NULL) { ++ Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"); ++ DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n")); ++ gBS->Stall (2000000); ++ } ++} +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h +new file mode 100644 +index 0000000000..77332bc51c +--- /dev/null ++++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h +@@ -0,0 +1,20 @@ ++/** @file ++ Copyright (C) 2024, Red Hat, Inc. ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#ifndef _FALLBACK_RNG_H_ ++#define _FALLBACK_RNG_H_ ++ ++#include ++#include ++ ++EFI_STATUS ++FallbackRngCheckAndInstall ( ++ ); ++ ++VOID ++FallbackRngPrintWarning ( ++ ); ++ ++#endif +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +index 9675eb081f..0d4a7c83d6 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf ++++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +@@ -25,6 +25,8 @@ + PlatformData.c + QemuKernel.c + BdsPlatform.h ++ FallbackRng.c ++ FallbackRng.h + + [Packages] + MdePkg/MdePkg.dec +@@ -58,6 +60,7 @@ + XenPlatformLib + QemuFwCfgSimpleParserLib + PlatformBootManagerCommonLib ++ RngLib + + [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent +@@ -82,6 +85,7 @@ + gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODUCED + gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED + gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED ++ gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED + + [Guids] + gEfiEndOfDxeEventGroupGuid +@@ -90,3 +94,4 @@ + gUefiShellFileGuid + gGrubFileGuid + gUiAppFileGuid ++ gEfiRngAlgorithmRaw diff --git a/0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch b/0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch new file mode 100644 index 0000000..c3f5704 --- /dev/null +++ b/0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch @@ -0,0 +1,102 @@ +From f3548d62625d5ad2728078e4188e9f40965dbfe2 Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Thu, 7 Nov 2024 11:36:22 +0100 +Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only) + +RH-Author: Oliver Steffen +RH-MergeRequest: 82: Add a Fallback RNG (RH only) +RH-Jira: RHEL-66234 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [2/2] ae2c04680e6420e096c667a22c52ec6f6fb46935 (osteffen/edk2) + +Since the pixiefail CVE fix, the network stack requires a random number +generator. +In case there is no hardware random number generator available, +have the Platform Boot Manager install a pseudo RNG to ensure +the network can be used. + +This patch adds the fallback rng which was introduced in a +previous commit also to the ArmVirtPkg PlatformBootManagerLib. + +Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +present_in_specfile: true +location_in_specfile: 49 +--- + OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++ + .../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++ + 2 files changed, 11 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c +index 2c24c65489..273e6f6a7e 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c ++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include "FallbackRng.h" + + #include "PlatformBm.h" + +@@ -819,6 +820,7 @@ PlatformBootManagerBeforeConsole ( + // + FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput); + ++ + // + // Add the hardcoded short-form USB keyboard device path to ConIn. + // +@@ -916,6 +918,8 @@ PlatformBootManagerBeforeConsole ( + // + FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial); + FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial); ++ ++ FallbackRngCheckAndInstall (); + } + + /** +@@ -982,6 +986,8 @@ PlatformBootManagerAfterConsole ( + BOOLEAN Uninstall; + BOOLEAN ShellEnabled; + ++ FallbackRngPrintWarning (); ++ + // + // Show the splash screen. + // +diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf +index 9e89556b14..8ccd306780 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf ++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf +@@ -27,6 +27,8 @@ + PlatformBm.c + PlatformBm.h + QemuKernel.c ++ ../PlatformBootManagerLib/FallbackRng.h ++ ../PlatformBootManagerLib/FallbackRng.c + + [Packages] + MdeModulePkg/MdeModulePkg.dec +@@ -54,6 +56,7 @@ + UefiLib + UefiRuntimeServicesTableLib + PlatformBootManagerCommonLib ++ RngLib + + [FixedPcd] + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate +@@ -72,6 +75,7 @@ + gRootBridgesConnectedEventGroupGuid + gUefiShellFileGuid + gUiAppFileGuid ++ gEfiRngAlgorithmRaw + + [Protocols] + gEfiFirmwareVolume2ProtocolGuid +@@ -79,3 +83,4 @@ + gEfiMemoryAttributeProtocolGuid + gEfiPciRootBridgeIoProtocolGuid + gVirtioDeviceProtocolGuid ++ gEfiRngProtocolGuid diff --git a/0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch b/0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch new file mode 100644 index 0000000..8df837b --- /dev/null +++ b/0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch @@ -0,0 +1,123 @@ +From d66a5ff583903e27bd3851e41c3ee17f697f60af Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 16 Jan 2025 17:20:38 +0100 +Subject: [PATCH] OvmfPkg/X64: add opt/org.tianocore/UninstallMemAttrProtocol + support (RH only) + +Add support for opt/org.tianocore/UninstallMemAttrProtocol, to allow +turning off EFI_MEMORY_ATTRIBUTE_PROTOCOL, simliar to ArmVirtPkg. + +Signed-off-by: Gerd Hoffmann +--- + .../PlatformBootManagerLib/BdsPlatform.c | 63 +++++++++++++++++++ + .../PlatformBootManagerLib.inf | 2 + + 2 files changed, 65 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index 2982b4f288..b1722a28dd 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -1600,6 +1600,49 @@ SaveS3BootScript ( + ASSERT_EFI_ERROR (Status); + } + ++/** ++ Uninstall the EFI memory attribute protocol if it exists. ++**/ ++STATIC ++VOID ++UninstallEfiMemoryAttributesProtocol ( ++ VOID ++ ) ++{ ++ EFI_STATUS Status; ++ EFI_HANDLE Handle; ++ UINTN Size; ++ VOID *MemoryAttributeProtocol; ++ ++ Size = sizeof (Handle); ++ Status = gBS->LocateHandle ( ++ ByProtocol, ++ &gEfiMemoryAttributeProtocolGuid, ++ NULL, ++ &Size, ++ &Handle ++ ); ++ ++ if (EFI_ERROR (Status)) { ++ ASSERT (Status == EFI_NOT_FOUND); ++ return; ++ } ++ ++ Status = gBS->HandleProtocol ( ++ Handle, ++ &gEfiMemoryAttributeProtocolGuid, ++ &MemoryAttributeProtocol ++ ); ++ ASSERT_EFI_ERROR (Status); ++ ++ Status = gBS->UninstallProtocolInterface ( ++ Handle, ++ &gEfiMemoryAttributeProtocolGuid, ++ MemoryAttributeProtocol ++ ); ++ ASSERT_EFI_ERROR (Status); ++} ++ + /** + Do the platform specific action after the console is ready + +@@ -1620,6 +1663,7 @@ PlatformBootManagerAfterConsole ( + ) + { + EFI_BOOT_MODE BootMode; ++ BOOLEAN Uninstall; + + DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n")); + +@@ -1666,6 +1710,25 @@ PlatformBootManagerAfterConsole ( + // + StoreQemuBootOrder (); + ++ // ++ // Work around shim's terminally broken use of the EFI memory attributes ++ // protocol, by uninstalling it if requested on the QEMU command line. ++ // ++ // E.g., ++ // -fw_cfg opt/org.tianocore/UninstallMemAttrProtocol,string=y ++ // ++ Uninstall = FixedPcdGetBool (PcdUninstallMemAttrProtocol); ++ QemuFwCfgParseBool ("opt/org.tianocore/UninstallMemAttrProtocol", &Uninstall); ++ DEBUG (( ++ DEBUG_WARN, ++ "%a: %auninstalling EFI memory protocol\n", ++ __func__, ++ Uninstall ? "" : "not " ++ )); ++ if (Uninstall) { ++ UninstallEfiMemoryAttributesProtocol (); ++ } ++ + // + // Process QEMU's -kernel command line option + // +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +index 0d4a7c83d6..e9a0062b5d 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf ++++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf +@@ -67,6 +67,7 @@ + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId + gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware ++ gUefiOvmfPkgTokenSpaceGuid.PcdUninstallMemAttrProtocol + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable + gEfiMdePkgTokenSpaceGuid.PcdPlatformBootTimeOut + gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate ## CONSUMES +@@ -86,6 +87,7 @@ + gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED + gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED + gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED ++ gEfiMemoryAttributeProtocolGuid + + [Guids] + gEfiEndOfDxeEventGroupGuid diff --git a/0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch b/0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch new file mode 100644 index 0000000..2257b8c --- /dev/null +++ b/0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch @@ -0,0 +1,49 @@ +From 1d520eb1e36b63d4f9ecebf935dc7bae43ccf3f1 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 3 Dec 2025 10:40:11 +0100 +Subject: [PATCH] OvmfPkg/MemDebugLogLib: use AcquireSpinLockOrFail + +Drop log lines if we can't get the spin lock. Not nice, but better than +risking a deadlock. + +Some background: Most of edk2 runs single-threaded on the BSP, so if +something holds the lock it is rather unlikely that waiting is going to +help. Specifically I think a deadlock can happen if (a) a timer +interrupt arrives while the lock is held, and (b) some higher-TPL timer +handler tries to print something to the debug log. + +Signed-off-by: Gerd Hoffmann +--- + OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c +index 8c9ce61cb6..b737cb0f70 100644 +--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c ++++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogCommon.c +@@ -29,12 +29,12 @@ MemDebugLogLockInit ( + } + + STATIC +-VOID ++BOOLEAN + MemDebugLogLockAcquire ( + IN volatile UINT64 *MemDebugLogLock + ) + { +- AcquireSpinLock ((SPIN_LOCK *)MemDebugLogLock); ++ return AcquireSpinLockOrFail ((SPIN_LOCK *)MemDebugLogLock); + } + + STATIC +@@ -90,7 +90,9 @@ MemDebugLogWriteBuffer ( + return EFI_INVALID_PARAMETER; + } + +- MemDebugLogLockAcquire (MemDebugLogLock); ++ if (!MemDebugLogLockAcquire (MemDebugLogLock)) { ++ return EFI_NOT_READY; ++ } + + BufStart = (CHAR8 *)(UINTN)(MemDebugLogBufAddr + MemDebugLogHdr->HeaderSize); + BufEnd = (CHAR8 *)(UINTN)(MemDebugLogBufAddr + MemDebugLogHdr->HeaderSize + MemDebugLogHdr->DebugLogSize) - 1; diff --git a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch b/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch deleted file mode 100644 index 5c97db0..0000000 --- a/0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:38 +0100 -Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process. - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2) - -Specifically before running lzma uncompress of the main firmware volume. -This is needed to make sure caching is enabled, otherwise the uncompress -can be extremely slow. - -Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes. - -Background: Depending on virtual machine configuration kvm may uses EPT -memory types to apply guest MTRR settings. In case MTRRs are disabled -kvm will use the uncachable memory type for all mappings. The -vmx_get_mt_mask() function in the linux kernel handles this and can be -found here: - -https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580 - -In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In -case the VM has a mdev device assigned that is not the case though. - -Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable -should not be set by default in CR0") kvm also ended up using -MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit -kvm evaluates guest mtrr settings, which why setting up MTRRs early is -important now. - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-2-kraxel@redhat.com> - -[ kraxel: Downstream-only for now. Timely upstream merge is unlikely - due to chinese holidays and rhel-9.4 deadlines are close. - QE regression testing passed. So go with upstream posted - series v3 ] - -patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -present_in_specfile: true -location_in_specfile: 49 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++ - OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++---- - OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++ - 3 files changed, 69 insertions(+), 5 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 4e750755bf..7094d86159 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -26,6 +26,8 @@ - #include - #include - #include -+#include -+#include - - #define SEC_IDT_ENTRY_COUNT 34 - -@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = { - } - }; - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -203,6 +230,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - PeilessStartup (&SecCoreData); - - ASSERT (FALSE); -diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -index e64c0ee324..b6ba63ef95 100644 ---- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c -+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam ( - MtrrGetAllMtrrs (&MtrrSettings); - - // -- // MTRRs disabled, fixed MTRRs disabled, default type is uncached -+ // See SecMtrrSetup(), default type should be write back - // -- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0); - ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0); -- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0); -+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK); - - // - // flip default type to writeback - // -- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06); -+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK); - ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables); -- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6; -+ MtrrSettings.MtrrDefType |= BIT10; - MtrrSetAllMtrrs (&MtrrSettings); - - // -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 60dfa61842..725b57e2fa 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include "AmdSev.h" - - #define SEC_IDT_ENTRY_COUNT 34 -@@ -743,6 +745,31 @@ FindAndReportEntryPoints ( - return; - } - -+// -+// Enable MTRR early, set default type to write back. -+// Needed to make sure caching is enabled, -+// without this lzma decompress can be very slow. -+// -+STATIC -+VOID -+SecMtrrSetup ( -+ VOID -+ ) -+{ -+ CPUID_VERSION_INFO_EDX Edx; -+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType; -+ -+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32); -+ if (!Edx.Bits.MTRR) { -+ return; -+ } -+ -+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -+ DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.E = 1; /* enable */ -+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); -+} -+ - VOID - EFIAPI - SecCoreStartupWithStack ( -@@ -942,6 +969,11 @@ SecCoreStartupWithStack ( - InitializeApicTimer (0, MAX_UINT32, TRUE, 5); - DisableApicTimerInterrupt (); - -+ // -+ // Initialize MTRR -+ // -+ SecMtrrSetup (); -+ - // - // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready. - // diff --git a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch b/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch deleted file mode 100644 index 897e776..0000000 --- a/0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:39 +0100 -Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-3-kraxel@redhat.com> - -patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -present_in_specfile: true -location_in_specfile: 50 ---- - MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -index 756e7c86ec..08ba949cf7 100644 ---- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h -@@ -2103,6 +2103,13 @@ typedef union { - #define MSR_IA32_MTRR_PHYSBASE9 0x00000212 - /// @} - -+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0 -+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1 -+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4 -+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5 -+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6 -+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7 -+ - /** - MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to - #MSR_IA32_MTRR_PHYSBASE9 diff --git a/0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch b/0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch new file mode 100644 index 0000000..46e5414 --- /dev/null +++ b/0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch @@ -0,0 +1,91 @@ +From aa5554fe6e935519f9ca531289aa541c3ef679d8 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Fri, 5 Dec 2025 13:59:18 +0100 +Subject: [PATCH] OvmfPkg/PlatformInitLib: reserve igvm parameter area + +Signed-off-by: Gerd Hoffmann +--- + OvmfPkg/Include/Library/PlatformInitLib.h | 6 +++++ + OvmfPkg/Library/PlatformInitLib/Igvm.c | 27 +++++++++++++++++++ + OvmfPkg/Library/PlatformInitLib/MemDetect.c | 2 ++ + .../PlatformInitLib/PlatformInitLib.inf | 1 + + 4 files changed, 36 insertions(+) + +diff --git a/OvmfPkg/Include/Library/PlatformInitLib.h b/OvmfPkg/Include/Library/PlatformInitLib.h +index 469c49b628..884e381928 100644 +--- a/OvmfPkg/Include/Library/PlatformInitLib.h ++++ b/OvmfPkg/Include/Library/PlatformInitLib.h +@@ -321,4 +321,10 @@ PlatformIgvmVpCount ( + VOID + ); + ++VOID ++EFIAPI ++PlatformIgvmParamReserve ( ++ VOID ++ ); ++ + #endif // PLATFORM_INIT_LIB_H_ +diff --git a/OvmfPkg/Library/PlatformInitLib/Igvm.c b/OvmfPkg/Library/PlatformInitLib/Igvm.c +index 1b0d9a9b85..dd5a94ef38 100644 +--- a/OvmfPkg/Library/PlatformInitLib/Igvm.c ++++ b/OvmfPkg/Library/PlatformInitLib/Igvm.c +@@ -75,6 +75,33 @@ PlatformIgvmMemoryMapFind ( + return Map; + } + ++VOID ++EFIAPI ++PlatformIgvmParamReserve ( ++ VOID ++ ) ++{ ++ UINT64 Base; ++ UINT64 Size; ++ ++ Base = FixedPcdGet64 (PcdOvmfIgvmParamBase); ++ Size = FixedPcdGet64 (PcdOvmfIgvmParamSize); ++ ++ if (Base && Size) { ++ // ++ // Reserve igvm parameter area as runtime data, to make sure the OS isn't ++ // going to use it, otherwise we can get corrupted IGVM parameters after ++ // guest reboot. ++ // ++ DEBUG ((DEBUG_INFO, "%a: 0x%x +0x%x\n", __func__, Base, Size)); ++ BuildMemoryAllocationHob ( ++ Base, ++ Size, ++ EfiRuntimeServicesData ++ ); ++ } ++} ++ + BOOLEAN + EFIAPI + PlatformIgvmMemoryMapCheck ( +diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c +index 81fa60ade5..937e2b77a5 100644 +--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c ++++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c +@@ -1240,6 +1240,8 @@ PlatformQemuInitializeRam ( + + DEBUG ((DEBUG_INFO, "%a called\n", __func__)); + ++ PlatformIgvmParamReserve (); ++ + // + // Determine total memory size available + // +diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +index a02959c2cd..9df218c65c 100644 +--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf ++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf +@@ -113,6 +113,7 @@ + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfEarlyMemDebugLogSize + + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmParamBase ++ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmParamSize + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmHobBase + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfIgvmHobSize + diff --git a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch b/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch deleted file mode 100644 index c92f2b1..0000000 --- a/0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:40 +0100 -Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from - ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2) - -Reviewed-by: Michael D Kinney -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-4-kraxel@redhat.com> - -patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -present_in_specfile: true -location_in_specfile: 51 ---- - UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------ - 1 file changed, 14 insertions(+), 12 deletions(-) - -diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h -index 86cc1aab3b..287d249a99 100644 ---- a/UefiCpuPkg/Include/Library/MtrrLib.h -+++ b/UefiCpuPkg/Include/Library/MtrrLib.h -@@ -9,6 +9,8 @@ - #ifndef _MTRR_LIB_H_ - #define _MTRR_LIB_H_ - -+#include -+ - // - // According to IA32 SDM, MTRRs number and MSR offset are always consistent - // for IA32 processor family -@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ { - // Memory cache types - // - typedef enum { -- CacheUncacheable = 0, -- CacheWriteCombining = 1, -- CacheWriteThrough = 4, -- CacheWriteProtected = 5, -- CacheWriteBack = 6, -- CacheInvalid = 7 -+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE, -+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING, -+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH, -+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED, -+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK, -+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE, - } MTRR_MEMORY_CACHE_TYPE; - --#define MTRR_CACHE_UNCACHEABLE 0 --#define MTRR_CACHE_WRITE_COMBINING 1 --#define MTRR_CACHE_WRITE_THROUGH 4 --#define MTRR_CACHE_WRITE_PROTECTED 5 --#define MTRR_CACHE_WRITE_BACK 6 --#define MTRR_CACHE_INVALID_TYPE 7 -+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE -+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING -+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH -+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED -+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK -+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE - - typedef struct { - UINT64 BaseAddress; diff --git a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch b/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch deleted file mode 100644 index af197ec..0000000 --- a/0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 30 Jan 2024 14:04:41 +0100 -Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process. -RH-Jira: RHEL-21704 -RH-Acked-by: Laszlo Ersek -RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2) - -Reviewed-by: Laszlo Ersek -Signed-off-by: Gerd Hoffmann -Message-ID: <20240130130441.772484-5-kraxel@redhat.com> - -patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -present_in_specfile: true -location_in_specfile: 52 ---- - OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +- - OvmfPkg/Sec/SecMain.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c -index 7094d86159..1a19f26178 100644 ---- a/OvmfPkg/IntelTdx/Sec/SecMain.c -+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c -@@ -69,7 +69,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } -diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c -index 725b57e2fa..26963b924d 100644 ---- a/OvmfPkg/Sec/SecMain.c -+++ b/OvmfPkg/Sec/SecMain.c -@@ -765,7 +765,7 @@ SecMtrrSetup ( - } - - DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE); -- DefType.Bits.Type = 6; /* write back */ -+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK; - DefType.Bits.E = 1; /* enable */ - AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64); - } diff --git a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch b/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch deleted file mode 100644 index b79e47f..0000000 --- a/0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001 -From: Sam -Date: Wed, 29 May 2024 07:46:03 +0800 -Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in - iPXE environment -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH" -REF: 1904a64 - -Issue Description: -An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle); - -Root Cause Analysis: -The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle. - -Implemented Solution: -To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly: - -NetworkPkg\TcpDxe\TcpDriver.c -Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle); - -This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error. - -Verification: -Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment. - -Cc: Doug Flick [MSFT] - -Signed-off-by: Sam Tsai [Wiwynn] -Reviewed-by: Saloni Kasbekar -(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3) ---- - NetworkPkg/TcpDxe/TcpDriver.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c -index 40bba4080c..c6e7c0df54 100644 ---- a/NetworkPkg/TcpDxe/TcpDriver.c -+++ b/NetworkPkg/TcpDxe/TcpDriver.c -@@ -509,7 +509,7 @@ TcpDestroyService ( - // - // Destroy the instance of the hashing protocol for this controller. - // -- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle); -+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle); - if (EFI_ERROR (Status)) { - return EFI_UNSUPPORTED; - } diff --git a/0035-OvmfPkg-add-morlock-support.patch b/0035-OvmfPkg-add-morlock-support.patch deleted file mode 100644 index ed673ae..0000000 --- a/0035-OvmfPkg-add-morlock-support.patch +++ /dev/null @@ -1,127 +0,0 @@ -From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 8 May 2024 13:14:26 +0200 -Subject: [PATCH] OvmfPkg: add morlock support - -Add dsc + fdf include files to add the MorLock drivers to the build. -Add the include files to OVMF build configurations. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca) ---- - OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++ - OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++ - OvmfPkg/OvmfPkgIa32.dsc | 1 + - OvmfPkg/OvmfPkgIa32.fdf | 1 + - OvmfPkg/OvmfPkgIa32X64.dsc | 1 + - OvmfPkg/OvmfPkgIa32X64.fdf | 1 + - OvmfPkg/OvmfPkgX64.dsc | 1 + - OvmfPkg/OvmfPkgX64.fdf | 1 + - 8 files changed, 26 insertions(+) - create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc - -diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -new file mode 100644 -index 0000000000..a8c5fb24b8 ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -new file mode 100644 -index 0000000000..20b7d6619a ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc -@@ -0,0 +1,10 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+# -+# MorLock support -+## -+ -+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf -+!if $(SMM_REQUIRE) == TRUE -+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf -+!endif -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index d8ae542686..65a866ae0c 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -887,6 +887,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0ffa3be750..10eb6fe72b 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 52ac2c96fc..679e25501b 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -901,6 +901,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index c4f3ec0735..ff06bbfc6f 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index f76d0ef7bc..d294fd4625 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -969,6 +969,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index bedd85ef7a..f3b787201f 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc - - ################################################################################ - diff --git a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch b/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch deleted file mode 100644 index 710d5d7..0000000 --- a/0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch +++ /dev/null @@ -1,192 +0,0 @@ -From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001 -From: Pedro Falcato -Date: Tue, 22 Nov 2022 22:31:03 +0000 -Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID - -RDRAND has notoriously been broken many times over its lifespan. -Add a smoketest to RDRAND, in order to better sniff out potential -security concerns. - -Also add a proper CPUID test in order to support older CPUs which may -not have it; it was previously being tested but then promptly ignored. - -Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c -:x86_init_rdrand() per commit 049f9ae9.. - -Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection -code to MIT and the public domain. - ->On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld wrote: - <..> -> I (re)wrote that function in Linux. I hereby relicense it as MIT, and -> also place it into public domain. Do with it what you will now. -> -> Jason - -BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163 - -Signed-off-by: Pedro Falcato -Cc: Michael D Kinney -Cc: Liming Gao -Cc: Zhiguang Liu -Cc: Jason A. Donenfeld -(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a) ---- - MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++-- - 1 file changed, 91 insertions(+), 8 deletions(-) - -diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -index 9bd68352f9..06d2a6f12d 100644 ---- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c -+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c -@@ -3,6 +3,7 @@ - to provide high-quality random numbers. - - Copyright (c) 2023, Arm Limited. All rights reserved.
-+Copyright (c) 2022, Pedro Falcato. All rights reserved.
- Copyright (c) 2021, NUVIA Inc. All rights reserved.
- Copyright (c) 2015, Intel Corporation. All rights reserved.
- -@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent - - STATIC BOOLEAN mRdRandSupported; - -+// -+// Intel SDM says 10 tries is good enough for reliable RDRAND usage. -+// -+#define RDRAND_RETRIES 10 -+ -+#define RDRAND_TEST_SAMPLES 8 -+ -+#define RDRAND_MIN_CHANGE 5 -+ -+// -+// Add a define for native-word RDRAND, just for the test. -+// -+#ifdef MDE_CPU_X64 -+#define ASM_RDRAND AsmRdRand64 -+#else -+#define ASM_RDRAND AsmRdRand32 -+#endif -+ -+/** -+ Tests RDRAND for broken implementations. -+ -+ @retval TRUE RDRAND is reliable (and hopefully safe). -+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID. -+ -+**/ -+STATIC -+BOOLEAN -+TestRdRand ( -+ VOID -+ ) -+{ -+ // -+ // Test for notoriously broken rdrand implementations that always return the same -+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s). -+ // Note that this should be expanded to extensively test for other sorts of possible errata. -+ // -+ -+ // -+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects -+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage. -+ // -+ UINTN Prev; -+ UINT8 Idx; -+ UINT8 TestIteration; -+ UINT32 Changed; -+ -+ Changed = 0; -+ -+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) { -+ UINTN Sample; -+ // -+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c -+ // Any failure to get a random number will assume RDRAND does not work. -+ // -+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) { -+ if (ASM_RDRAND (&Sample)) { -+ break; -+ } -+ } -+ -+ if (Idx == RDRAND_RETRIES) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n")); -+ return FALSE; -+ } -+ -+ if (TestIteration != 0) { -+ Changed += Sample != Prev; -+ } -+ -+ Prev = Sample; -+ } -+ -+ if (Changed < RDRAND_MIN_CHANGE) { -+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n")); -+ return FALSE; -+ } -+ -+ return TRUE; -+} -+ -+#undef ASM_RDRAND -+ - /** - The constructor function checks whether or not RDRAND instruction is supported - by the host hardware. -@@ -48,10 +131,13 @@ BaseRngLibConstructor ( - // CPUID. A value of 1 indicates that processor support RDRAND instruction. - // - AsmCpuid (1, 0, 0, &RegEcx, 0); -- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - - mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK); - -+ if (mRdRandSupported) { -+ mRdRandSupported = TestRdRand (); -+ } -+ - return EFI_SUCCESS; - } - -@@ -70,6 +156,7 @@ ArchGetRandomNumber16 ( - OUT UINT16 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand16 (Rand); - } - -@@ -88,6 +175,7 @@ ArchGetRandomNumber32 ( - OUT UINT32 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand32 (Rand); - } - -@@ -106,6 +194,7 @@ ArchGetRandomNumber64 ( - OUT UINT64 *Rand - ) - { -+ ASSERT (mRdRandSupported); - return AsmRdRand64 (Rand); - } - -@@ -122,13 +211,7 @@ ArchIsRngSupported ( - VOID - ) - { -- /* -- Existing software depends on this always returning TRUE, so for -- now hard-code it. -- -- return mRdRandSupported; -- */ -- return TRUE; -+ return mRdRandSupported; - } - - /** diff --git a/0037-SecurityPkg-RngDxe-add-rng-test.patch b/0037-SecurityPkg-RngDxe-add-rng-test.patch deleted file mode 100644 index abe2ab4..0000000 --- a/0037-SecurityPkg-RngDxe-add-rng-test.patch +++ /dev/null @@ -1,43 +0,0 @@ -From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 31 May 2024 09:49:13 +0200 -Subject: [PATCH] SecurityPkg/RngDxe: add rng test - -Check whenever RngLib actually returns random numbers, only return -a non-zero number of Algorithms if that is the case. - -This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL -only in case it can actually deliver random numbers. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d) ---- - SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -index 5723ed6957..8b0742bab6 100644 ---- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c -@@ -23,6 +23,7 @@ - - #include - #include -+#include - - #include "RngDxeInternals.h" - -@@ -43,7 +44,12 @@ GetAvailableAlgorithms ( - VOID - ) - { -- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ UINT64 RngTest; -+ -+ if (GetRandomNumber64 (&RngTest)) { -+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT; -+ } -+ - return EFI_SUCCESS; - } - diff --git a/0038-OvmfPkg-wire-up-RngDxe.patch b/0038-OvmfPkg-wire-up-RngDxe.patch deleted file mode 100644 index e3a18f2..0000000 --- a/0038-OvmfPkg-wire-up-RngDxe.patch +++ /dev/null @@ -1,301 +0,0 @@ -From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 24 May 2024 12:51:17 +0200 -Subject: [PATCH] OvmfPkg: wire up RngDxe - -Add OvmfRng include snippets with the random number generator -configuration for OVMF. Include RngDxe, build with BaseRngLib, -so the rdrand instruction is used (if available). - -Also move VirtioRng to the include snippets. - -Use the new include snippets for OVMF builds. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b) ---- - OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- - OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +- - OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++ - OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++ - OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- - OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +- - OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- - OvmfPkg/Microvm/MicrovmX64.fdf | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 14 files changed, 27 insertions(+), 12 deletions(-) - create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - -diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc -index cf1ad83e09..4edc2a9069 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.dsc -+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc -@@ -649,7 +649,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -740,6 +739,7 @@ - OvmfPkg/AmdSev/Grub/Grub.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - OvmfPkg/PlatformDxe/Platform.inf - OvmfPkg/AmdSevDxe/AmdSevDxe.inf { -diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf -index c56c98dc85..480837b0fa 100644 ---- a/OvmfPkg/AmdSev/AmdSevX64.fdf -+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf -@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -new file mode 100644 -index 0000000000..68839a0caa ---- /dev/null -+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc -@@ -0,0 +1,9 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { -+ -+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf -+ } -+ OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -new file mode 100644 -index 0000000000..99cb4a32b1 ---- /dev/null -+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc -@@ -0,0 +1,6 @@ -+## -+# SPDX-License-Identifier: BSD-2-Clause-Patent -+## -+ -+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf -+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -index 9f49b60ff0..4b7e1596fc 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc -@@ -636,7 +636,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -719,6 +718,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -index ce5d542048..88d0f75ae2 100644 ---- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf -+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf -@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE - # - INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf - !endif -@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - INF OvmfPkg/PlatformDxe/Platform.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc -index fb73f2e089..9206f01816 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.dsc -+++ b/OvmfPkg/Microvm/MicrovmX64.dsc -@@ -760,7 +760,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf - MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf -@@ -846,6 +845,7 @@ - MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf -index 055e659a35..c8268d7e8c 100644 ---- a/OvmfPkg/Microvm/MicrovmX64.fdf -+++ b/OvmfPkg/Microvm/MicrovmX64.fdf -@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - - !if $(SECURE_BOOT_ENABLE) == TRUE -@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf - INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 65a866ae0c..b64c215585 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -784,7 +784,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -888,6 +887,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 10eb6fe72b..c31276e4a3 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE - INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 679e25501b..ececac3757 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -798,7 +798,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -902,6 +901,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index ff06bbfc6f..a7b4aeac08 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d294fd4625..0ab4d3df06 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -866,7 +866,6 @@ - OvmfPkg/Virtio10Dxe/Virtio10.inf - OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - OvmfPkg/VirtioScsiDxe/VirtioScsi.inf -- OvmfPkg/VirtioRngDxe/VirtioRng.inf - OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -970,6 +969,7 @@ - - !include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc - !include OvmfPkg/Include/Dsc/MorLock.dsc.inc -+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index f3b787201f..ae08ac4fe9 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf - INF OvmfPkg/Virtio10Dxe/Virtio10.inf - INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf - INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf --INF OvmfPkg/VirtioRngDxe/VirtioRng.inf - INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf - !if $(PVSCSI_ENABLE) == TRUE - INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf -@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf - - !include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc - !include OvmfPkg/Include/Fdf/MorLock.fdf.inc -+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc - - ################################################################################ - diff --git a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch b/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch deleted file mode 100644 index fc469c4..0000000 --- a/0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch +++ /dev/null @@ -1,37 +0,0 @@ -From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:49 +0200 -Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList - -Needed to properly initialize BaseRngLib. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201) ---- - .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -index d0c1c7a4f7..48d463b8ad 100644 ---- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c -@@ -8,6 +8,12 @@ - **/ - #include "TestBaseCryptLib.h" - -+VOID -+EFIAPI -+ProcessLibraryConstructorList ( -+ VOID -+ ); -+ - /** - Initialize the unit test framework, suite, and unit tests for the - sample unit tests and run the unit tests. -@@ -76,5 +82,6 @@ main ( - char *argv[] - ) - { -+ ProcessLibraryConstructorList (); - return UefiTestMain (); - } diff --git a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch b/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch deleted file mode 100644 index ca30f84..0000000 --- a/0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Fri, 14 Jun 2024 11:45:53 +0200 -Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit - -Set the rdrand feature bit when faking cpuid for host test cases. -Needed to make the CryptoPkg test cases work. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4) ---- - MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c -index 8ba4f54a38..7f7276f7f4 100644 ---- a/MdePkg/Library/BaseLib/X86UnitTestHost.c -+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c -@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid ( - OUT UINT32 *Edx OPTIONAL - ) - { -+ UINT32 RetEcx; -+ -+ RetEcx = 0; -+ switch (Index) { -+ case 1: -+ RetEcx |= BIT30; /* RdRand */ -+ break; -+ } -+ - if (Eax != NULL) { - *Eax = 0; - } -@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid ( - } - - if (Ecx != NULL) { -- *Ecx = 0; -+ *Ecx = RetEcx; - } - - if (Edx != NULL) { diff --git a/50-edk2-riscv-qcow2.json b/50-edk2-riscv-qcow2.json new file mode 100644 index 0000000..eb1930d --- /dev/null +++ b/50-edk2-riscv-qcow2.json @@ -0,0 +1,33 @@ +{ + "description": "UEFI firmware for RISC-V virtual machines", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "mode" : "split", + "executable": { + "filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2", + "format": "qcow2" + }, + "nvram-template": { + "filename": "/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2", + "format": "qcow2" + } + }, + "targets": [ + { + "architecture": "riscv64", + "machines": [ + "virt", + "virt-*" + ] + } + ], + "features": [ + + ], + "tags": [ + + ] +} diff --git a/60-edk2-ovmf-x64-amdsev.json b/60-edk2-ovmf-x64-amdsev.json index 9a561bc..591bd6a 100644 --- a/60-edk2-ovmf-x64-amdsev.json +++ b/60-edk2-ovmf-x64-amdsev.json @@ -4,12 +4,8 @@ "uefi" ], "mapping": { - "device": "flash", - "mode": "stateless", - "executable": { - "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd", - "format": "raw" - } + "device": "memory", + "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd" }, "targets": [ { diff --git a/90-edk2-aarch64-qemuvars-sb-enrolled.json b/90-edk2-aarch64-qemuvars-sb-enrolled.json new file mode 100644 index 0000000..9142d8f --- /dev/null +++ b/90-edk2-aarch64-qemuvars-sb-enrolled.json @@ -0,0 +1,29 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "memory", + "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd", + "uefi-vars": { + "template": "/usr/share/edk2/aarch64/vars.secboot.json" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "enrolled-keys", + "secure-boot", + "host-uefi-vars" + ], + "tags": [ + + ] +} diff --git a/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json b/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json new file mode 100644 index 0000000..5b1b483 --- /dev/null +++ b/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json @@ -0,0 +1,31 @@ +{ + "description": "OVMF for qemu uefi-vars, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "memory", + "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd", + "uefi-vars": { + "template": "/usr/share/edk2/ovmf/vars.secboot.json" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "enrolled-keys", + "secure-boot", + "host-uefi-vars", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/91-edk2-aarch64-qemuvars-sb.json b/91-edk2-aarch64-qemuvars-sb.json new file mode 100644 index 0000000..95c2598 --- /dev/null +++ b/91-edk2-aarch64-qemuvars-sb.json @@ -0,0 +1,28 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines, SB disabled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "memory", + "filename": "/usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd", + "uefi-vars": { + "template": "/usr/share/edk2/aarch64/vars.blank.json" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "secure-boot", + "host-uefi-vars" + ], + "tags": [ + + ] +} diff --git a/91-edk2-ovmf-qemuvars-x64-sb.json b/91-edk2-ovmf-qemuvars-x64-sb.json new file mode 100644 index 0000000..b3fb98c --- /dev/null +++ b/91-edk2-ovmf-qemuvars-x64-sb.json @@ -0,0 +1,30 @@ +{ + "description": "OVMF for qemu uefi-vars, SB disabled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "memory", + "filename": "/usr/share/edk2/ovmf/OVMF.qemuvars.fd", + "uefi-vars": { + "template": "/usr/share/edk2/ovmf/vars.blank.json" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "secure-boot", + "host-uefi-vars", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch b/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch deleted file mode 100644 index 302c577..0000000 --- a/edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch +++ /dev/null @@ -1,63 +0,0 @@ -From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 26 Aug 2024 19:25:52 +0200 -Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP - -RH-Author: Oliver Steffen -RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP -RH-Jira: RHEL-56082 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2) - -The shim fallback reboot workaround (introduced for SEV-ES) does -not always work for SEV-SNP, due to a conditional early return. - -Let's just register the workaround earlier in this function to -fix that. - -Signed-off-by: Oliver Steffen ---- - OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -index 0eb88e50ff..ca345e95da 100644 ---- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c -+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c -@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint ( - return EFI_UNSUPPORTED; - } - -+ // Shim fallback reboot workaround -+ Status = gBS->CreateEventEx ( -+ EVT_NOTIFY_SIGNAL, -+ TPL_CALLBACK, -+ PopulateVarstore, -+ SystemTable, -+ &gEfiEndOfDxeEventGroupGuid, -+ &PopulateVarstoreEvent -+ ); -+ ASSERT_EFI_ERROR (Status); -+ - // - // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent - // memory space. The NonExistent memory space will be used for mapping the -@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint ( - ); - } - -- Status = gBS->CreateEventEx ( -- EVT_NOTIFY_SIGNAL, -- TPL_CALLBACK, -- PopulateVarstore, -- SystemTable, -- &gEfiEndOfDxeEventGroupGuid, -- &PopulateVarstoreEvent -- ); -- ASSERT_EFI_ERROR (Status); -- - return EFI_SUCCESS; - } --- -2.39.3 - diff --git a/edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch b/edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch new file mode 100644 index 0000000..486a38a --- /dev/null +++ b/edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch @@ -0,0 +1,64 @@ +From cb6a558564347b71cca36111c377b126b314604e Mon Sep 17 00:00:00 2001 +From: Vishnu Pajjuri +Date: Tue, 30 Dec 2025 00:36:16 -0800 +Subject: [PATCH] ArmPkg, UefiCpuPkg: Fix boot failure on FEAT_LPA-only systems + without LPA2 + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 103: ArmPkg, UefiCpuPkg: Fix boot failure on FEAT_LPA-only systems without LPA2 +RH-Jira: RHEL-138335 +RH-Acked-by: Luigi Leonardi +RH-Commit: [1/1] a7fcedd6490eedbc45f6a81fdaa95e80274e7034 (kraxel.rh/centos-src-edk2) + +Commit 9077163 added support for 52-bit PA/VA (LPA2) in EDK2. The previous +change treated the presence of FEAT_LPA as sufficient to enable 52-bit +VA for 4K page granularity. Some platforms advertise FEAT_LPA but do not +implement full LPA2 support for 4K PAGE_SIZE; enabling 52-bit VA on +those platforms produced an invalid MMU configuration and caused boot +failures. + +This patch tightens the detection logic so 52-bit PA/VA (LPA2) is enabled +only when the platform explicitly advertises LPA2 support. When LPA2 is +not present we fall back to the previous 48-bit address limit for 4K +pages, preserving correct behavior on non-LPA2 systems. + +Fixes: 9077163 ("UefiCpuPkg/ArmMmuLib: Add support for LPA2") + +Co-authored-by: Ganapatrao Kulkarni +Signed-off-by: Vishnu Pajjuri +(cherry picked from commit 1a4c4fb5a76fb15a5a50706685dc4ba36f1c2260) +--- + UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +index d111e8c7cd3..2353adf5073 100644 +--- a/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c ++++ b/UefiCpuPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +@@ -94,6 +94,7 @@ ArmMemoryAttributeToPageAttribute ( + // T0SZ can be below MIN_T0SZ when LPA2 is in use, meaning the page table starts at level -1 + #define MIN_T0SZ 16 + #define BITS_PER_LEVEL 9 ++#define MAX_VA_BITS_48 48 + #define MAX_VA_BITS 52 + + STATIC +@@ -658,8 +659,13 @@ ArmConfigureMmu ( + // into account the architectural limitations that result from UEFI's + // use of 4 KB pages. + // +- MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS); +- MaxAddress = LShiftU64 (1ULL, MaxAddressBits) - 1; ++ if (ArmHas52BitTgran4 ()) { ++ MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS); ++ } else { ++ MaxAddressBits = MIN (ArmGetPhysicalAddressBits (), MAX_VA_BITS_48); ++ } ++ ++ MaxAddress = LShiftU64 (1ULL, MaxAddressBits) - 1; + + T0SZ = 64 - MaxAddressBits; + RootTableEntryCount = GetRootTableEntryCount (T0SZ); +-- +2.47.3 + diff --git a/edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch b/edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch new file mode 100644 index 0000000..4d701f9 --- /dev/null +++ b/edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch @@ -0,0 +1,47 @@ +From 89ca998de1a2202f227986f7bbb878d18e1fed47 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 20 Jan 2026 17:16:03 +0100 +Subject: [PATCH 4/5] ArmVirtPkg: use MemDebugLogPeiCoreLib for PEIMs + +RH-Author: Luigi Leonardi +RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging +RH-Jira: RHEL-139470 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [4/5] 4b152715d6ad2614c68bc6a77aaad793bf04b2c4 (luigileonardi/edk2) + +Switch PEIMs from MemDebugLogPeiLib to MemDebugLogPeiCoreLib, except for +the MemDebugLog PEIM which needs the MemDebugLogPages() function. + +Signed-off-by: Gerd Hoffmann +--- + ArmVirtPkg/ArmVirtQemu.dsc | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index a0a36632c21..a1c6ed48413 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -114,7 +114,7 @@ + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgMmioPeiLib.inf + !if $(DEBUG_TO_MEM) +- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf + !else + MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf + !endif +@@ -369,7 +369,10 @@ + ArmPkg/Drivers/CpuPei/CpuPei.inf + + !if $(DEBUG_TO_MEM) +- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf ++ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf { ++ ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ } + !endif + + !if $(TPM2_ENABLE) == TRUE +-- +2.47.3 + diff --git a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch b/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch deleted file mode 100644 index 635a256..0000000 --- a/edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch +++ /dev/null @@ -1,43 +0,0 @@ -From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001 -From: Oliver Steffen -Date: Mon, 4 Mar 2024 15:32:58 +0100 -Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing - variables - -RH-Author: Oliver Steffen -RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables -RH-Jira: RHEL-45261 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2) - -Emit a DEBUG_WARN message if there is not enough flash space left to -write/update a variable. This condition is currently not logged -appropriately in all cases, given that full variable store can easily -render the system unbootable. -This new message helps identifying this condition. - -Signed-off-by: Oliver Steffen -Reviewed-by: Laszlo Ersek -Reviewed-by: Gerd Hoffmann -(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88) -Signed-off-by: Oliver Steffen ---- - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -index d394d237a5..1c7659031d 100644 ---- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -@@ -2364,6 +2364,8 @@ Done: - ); - ASSERT_EFI_ERROR (Status); - } -+ } else if (Status == EFI_OUT_OF_RESOURCES) { -+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n")); - } - - return Status; --- -2.39.3 - diff --git a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch b/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch deleted file mode 100644 index 9623683..0000000 --- a/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch +++ /dev/null @@ -1,49 +0,0 @@ -From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Wed, 19 Jun 2024 09:07:56 +0200 -Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging - -RH-Author: Oliver Steffen -RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging -RH-Jira: RHEL-45829 -RH-Acked-by: Miroslav Rezanina -RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2) - -There is a list of allowed rng algorithms, if /one/ of them is not -supported this is not a problem, only /all/ of them failing is an -error condition. - -Downgrade the message for a single unsupported algorithm from ERROR to -VERBOSE. Add an error message in case we finish the loop without -finding a supported algorithm. - -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 6862b9d538d96363635677198899e1669e591259) ---- - NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -index 01c13c08d2..4dfbe91a55 100644 ---- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c -@@ -951,7 +951,7 @@ PseudoRandom ( - // - // Secure Algorithm was not supported on this platform - // -- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); -+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status)); - - // - // Try the next secure algorithm -@@ -971,6 +971,7 @@ PseudoRandom ( - // If we get here, we failed to generate random data using any secure algorithm - // Platform owner should ensure that at least one secure algorithm is supported - // -+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n")); - ASSERT_EFI_ERROR (Status); - return Status; - } --- -2.39.3 - diff --git a/edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch b/edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch new file mode 100644 index 0000000..fb395d5 --- /dev/null +++ b/edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch @@ -0,0 +1,121 @@ +From 61c1174521d20fe34630a73f85b28b4028b9feee Mon Sep 17 00:00:00 2001 +From: Luigi Leonardi +Date: Tue, 13 Jan 2026 05:28:10 -0500 +Subject: [PATCH 1/5] OvmfPkg/AmdSev: add memory debug log support + +RH-Author: Luigi Leonardi +RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging +RH-Jira: RHEL-139470 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [1/5] 5925e432750361be369cf42d0f1f5d29cdb91d74 (luigileonardi/edk2) + +Enable memory-based debug logging support when `DEBUG_TO_MEM` build flag +is set. + +Signed-off-by: Luigi Leonardi +--- + OvmfPkg/AmdSev/AmdSevX64.dsc | 23 +++++++++++++++++++++++ + OvmfPkg/AmdSev/AmdSevX64.fdf | 3 +++ + 2 files changed, 26 insertions(+) + +diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc +index 717956cfc9c..34715237b4b 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.dsc ++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc +@@ -209,7 +209,11 @@ + TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + TdxMailboxLib|OvmfPkg/Library/TdxMailboxLib/TdxMailboxLibNull.inf + TdxHelperLib|OvmfPkg/IntelTdx/TdxHelperLib/TdxHelperLibNull.inf ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogDxeLib.inf ++!else + MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf ++!endif + + [LibraryClasses.common.SEC] + TimerLib|OvmfPkg/Library/AcpiTimerLib/BaseRomAcpiTimerLib.inf +@@ -218,6 +222,9 @@ + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + !else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf ++!endif ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogSecLib.inf + !endif + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf + ExtractGuidedSectionLib|MdePkg/Library/BaseExtractGuidedSectionLib/BaseExtractGuidedSectionLib.inf +@@ -246,6 +253,9 @@ + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + !else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf ++!endif ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf + !endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf +@@ -263,6 +273,9 @@ + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + !else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf ++!endif ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf + !endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf +@@ -310,6 +323,9 @@ + DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf + !else + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformDebugLibIoPort.inf ++!endif ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogRtLib.inf + !endif + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +@@ -567,6 +583,9 @@ + # PEI Phase modules + # + MdeModulePkg/Core/Pei/PeiMain.inf ++!if $(DEBUG_TO_MEM) ++ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf ++!endif + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf +@@ -603,6 +622,7 @@ + MdeModulePkg/Universal/PCD/Dxe/Pcd.inf { + + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf + } + + MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf +@@ -665,6 +685,9 @@ + + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogLibNull.inf ++!endif + } + MdeModulePkg/Universal/Disk/DiskIoDxe/DiskIoDxe.inf + MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf +diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf +index 069dc40e97e..accbece8d08 100644 +--- a/OvmfPkg/AmdSev/AmdSevX64.fdf ++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf +@@ -96,6 +96,9 @@ APRIORI PEI { + # + # PEI Phase modules + # ++!if $(DEBUG_TO_MEM) ++INF OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf ++!endif + INF MdeModulePkg/Core/Pei/PeiMain.inf + INF MdeModulePkg/Universal/PCD/Pei/Pcd.inf + INF MdeModulePkg/Universal/ReportStatusCodeRouter/Pei/ReportStatusCodeRouterPei.inf +-- +2.47.3 + diff --git a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch b/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch deleted file mode 100644 index 68fea42..0000000 --- a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Thu, 29 Aug 2024 09:20:29 +0200 -Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit - -RH-Author: Gerd Hoffmann -RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit -RH-Jira: RHEL-56154 -RH-Acked-by: Oliver Steffen -RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2) - -Let APs wait until the BSP has completed the register updates to remove -the CPU. This makes sure all APs stay in SMM mode until the CPU -hot-unplug operation is complete, which in turn makes sure the ACPI lock -is released only after the CPU hot-unplug operation is complete. - -Some background: The CPU hotplug SMI is triggered from an ACPI function -which is protected by an ACPI lock. The ACPI function is in the ACPI -tables generated by qemu. - -Signed-off-by: Gerd Hoffmann - -upstream: submitted (https://github.com/tianocore/edk2/pull/6138) ---- - OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -index d504163026..5af78211d3 100644 ---- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c -@@ -355,6 +355,11 @@ EjectCpu ( - // - QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum]; - if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) { -+ /* wait until BSP is done */ -+ while (mCpuHotEjectData->Handler != NULL) { -+ CpuPause (); -+ } -+ - return; - } - --- -2.39.3 - diff --git a/edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch b/edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch new file mode 100644 index 0000000..4163cbd --- /dev/null +++ b/edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch @@ -0,0 +1,41 @@ +From e752ef369036e2dc799c8eb58b1e6697d1442fe8 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 20 Jan 2026 17:17:16 +0100 +Subject: [PATCH 3/5] OvmfPkg/MemDebugLogPeiCoreLib: enable for PEIMs + +RH-Author: Luigi Leonardi +RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging +RH-Jira: RHEL-139470 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [3/5] 97050d5ba36b91340970c2af9d4b75d4b08bd16a (luigileonardi/edk2) + +Allow PEIMs use the MemDebugLogPeiCoreLib lib. + +The difference between MemDebugLogPeiCoreLib and MemDebugLogPeiLib is +that the latter does additionally provide the MemDebugLogPages() +function, and pulls in QemuFwCfg* libraries as dependency. + +Most PEIMs do not need MemDebugLogPages() though, only the ones which +handle the setup of the memory logging buffer do. + +Signed-off-by: Gerd Hoffmann +--- + OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf +index 56908caa5a7..12aa0441792 100644 +--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf ++++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf +@@ -14,7 +14,7 @@ + FILE_GUID = EEAF8A01-167A-4222-A647-80EB16AEEC69 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 +- LIBRARY_CLASS = MemDebugLogLib|PEI_CORE ++ LIBRARY_CLASS = MemDebugLogLib|PEI_CORE PEIM + + + [Sources] +-- +2.47.3 + diff --git a/edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch b/edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch new file mode 100644 index 0000000..9fa537f --- /dev/null +++ b/edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch @@ -0,0 +1,89 @@ +From 7e80f0fe3c74a518c1d43706391e42afb1d3ba40 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Tue, 20 Jan 2026 17:18:07 +0100 +Subject: [PATCH 2/5] OvmfPkg/MemDebugLogPeiLib: drop duplicate + MemDebugLogWrite function + +RH-Author: Luigi Leonardi +RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging +RH-Jira: RHEL-139470 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [2/5] 59f8cad8121f3b659928a0342b46b39ab2da1dd5 (luigileonardi/edk2) + +The MemDebugLogWrite() function is identical in MemDebugLogPei.c and +MemDebugLogPeiCore.c So drop it from MemDebugLogPei.c and simply add +MemDebugLogPeiCore.c to MemDebugLogPeiLib.inf instead. + +Signed-off-by: Gerd Hoffmann +--- + .../Library/MemDebugLogLib/MemDebugLogPei.c | 41 ------------------- + .../MemDebugLogLib/MemDebugLogPeiLib.inf | 1 + + 2 files changed, 1 insertion(+), 41 deletions(-) + +diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c +index 05e32daf1ca..d1beb74487d 100644 +--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c ++++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPei.c +@@ -12,47 +12,6 @@ + #include + #include + +-EFI_STATUS +-EFIAPI +-MemDebugLogWrite ( +- IN CHAR8 *Buffer, +- IN UINTN Length +- ) +-{ +- EFI_PHYSICAL_ADDRESS MemDebugLogBufAddr; +- EFI_STATUS Status; +- +- // +- // Obtain the Memory Debug Log buffer addr from HOB +- // NOTE: This is expected to fail until the HOB is created. +- // +- Status = MemDebugLogAddrFromHOB (&MemDebugLogBufAddr); +- +- if (EFI_ERROR (Status)) { +- MemDebugLogBufAddr = 0; +- } +- +- if (MemDebugLogBufAddr != 0) { +- Status = MemDebugLogWriteBuffer (MemDebugLogBufAddr, Buffer, Length); +- } else { +- // +- // HOB has not yet been created, so +- // write to the early debug log buffer. +- // +- if (FixedPcdGet32 (PcdOvmfEarlyMemDebugLogBase) != 0x0) { +- Status = MemDebugLogWriteBuffer ( +- (EFI_PHYSICAL_ADDRESS)(UINTN)FixedPcdGet32 (PcdOvmfEarlyMemDebugLogBase), +- Buffer, +- Length +- ); +- } else { +- Status = EFI_NOT_FOUND; +- } +- } +- +- return Status; +-} +- + UINT32 + EFIAPI + MemDebugLogPages ( +diff --git a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf +index b6b407c8919..6a954d1d8c0 100644 +--- a/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++++ b/OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf +@@ -19,6 +19,7 @@ + + [Sources] + MemDebugLogPei.c ++ MemDebugLogPeiCore.c + MemDebugLogCommon.c + + [Packages] +-- +2.47.3 + diff --git a/edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch b/edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch new file mode 100644 index 0000000..a89ba43 --- /dev/null +++ b/edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch @@ -0,0 +1,95 @@ +From e97e4a3f15ff7c0a5bc7bb1de5e664ccb0329ae6 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 10 Dec 2025 11:16:08 +0100 +Subject: [PATCH 1/3] OvmfPkg/X86QemuLoadImageLib: flip default for + EnableLegacyLoader to false + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 105: OvmfPkg/X86QemuLoadImageLib: flip default for EnableLegacyLoader to false +RH-Jira: RHEL-134956 +RH-Acked-by: Luigi Leonardi +RH-Acked-by: Oliver Steffen +RH-Commit: [1/1] b6375a5344271fc087ce09fb3c6a42daaa0d7c9b (kraxel.rh/centos-src-edk2) + +What happened since commit 1549bf11cc94 ("OvmfPkg/X86QemuLoadImageLib: +make legacy loader configurable.") ? + +First, qemu 10.0 has been released, which brings support for the -shim +command line option so direct kernel boot with secure boot works. + +Second, support has been added to libvirt (version v11.2.0 and newer). + +Third, we got a bunch of linux distro releases. Latest debian, ubuntu +and fedora releases all have new enough edk2+qemu+libvirt packages to +support direct kernel boot with shim.efi loading and proper secure boot +verification. + +Lastly, the edk2 security advisory GHSA-6pp6-cm5h-86g5 and CVE-2025-2296 +have been published. + +Time for the next step in tightening the screws: Flip the default for +the EnableLegacyLoader config option from true to false. Also update +the documentation accordingly. + +The documentation for the config option is here: +https://github.com/tianocore/edk2/blob/master/OvmfPkg/RUNTIME_CONFIG.md#user-content-security-optorgtianocoreenablelegacyloader + +Upcoming final step, in a year or two: remove the legacy loader from the +code base (drop X86QemuLoadImageLib, migrade all users to use +GenericQemuLoadImageLib instead). + +Signed-off-by: Gerd Hoffmann +(cherry picked from commit d2cbaefc082294eadaa30a3d5f0fa8ba264a574a) + +Resolves: RHEL-134956 +--- + .../X86QemuLoadImageLib/X86QemuLoadImageLib.c | 2 +- + OvmfPkg/RUNTIME_CONFIG.md | 15 +++++++++------ + 2 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c +index b16bdeb47f8..f98f8ab885b 100644 +--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c ++++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c +@@ -449,7 +449,7 @@ QemuLoadKernelImage ( + &Enabled + ); + if (EFI_ERROR (RetStatus)) { +- Enabled = TRUE; ++ Enabled = FALSE; + } + + if (!Enabled) { +diff --git a/OvmfPkg/RUNTIME_CONFIG.md b/OvmfPkg/RUNTIME_CONFIG.md +index b75a5dacadf..57d0dd96111 100644 +--- a/OvmfPkg/RUNTIME_CONFIG.md ++++ b/OvmfPkg/RUNTIME_CONFIG.md +@@ -153,16 +153,19 @@ without EFI stub. If you are using kernels that old secure boot + support is the least of your problems though ... + + The linux kernel is typically signed by the distro secure boot keys +-and is verified by the distro `shim.efi` binary. qemu release 10.0 +-(ETA ~ March 2025) will get support for passing the shim binary ++and is verified by the distro `shim.efi` binary. qemu version 10.0 ++(released in April 2025) got support for passing the shim binary + (additionally to kernel + initrd) to the firmware, so the usual secure + boot verification can work with direct kernel load too. + +-For now the legacy loader is enabled by default. Once the new qemu +-release is available in most linux distros the defaut will be flipped +-to disabled. ++In edk2-stable202502 and newer the EnableLegacyLoader config option is ++available and enabled by default. + +-Usage (qemu 10.0+): ++In edk2-stable202602 and newer the EnableLegacyLoader config option is ++disabled by default. ++ ++Here is the qemu command line for direct kernel boot with secure boot ++verification: + + ``` + qemu-system-x86_64 \ +-- +2.47.3 + diff --git a/edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch b/edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch new file mode 100644 index 0000000..b1bdb60 --- /dev/null +++ b/edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch @@ -0,0 +1,102 @@ +From ab6410ba7d54964884687e020fd015ed5ef3d18f Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Wed, 21 Jan 2026 12:35:59 +0100 +Subject: [PATCH 5/5] OvmfPkg: use MemDebugLogPeiCoreLib for PEIMs + +RH-Author: Luigi Leonardi +RH-MergeRequest: 104: ArmVirtPkg, AmdSev: fix memory debug logging +RH-Jira: RHEL-139470 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [5/5] 66932a14dcf1a61fc92319e50fe9e87c03f89378 (luigileonardi/edk2) + +Switch PEIMs from MemDebugLogPeiLib to MemDebugLogPeiCoreLib, except for +the MemDebugLog and PlatformPei PEIMs which need the MemDebugLogPages() +function. + +Signed-off-by: Gerd Hoffmann +--- + OvmfPkg/OvmfPkgIa32X64.dsc | 14 +++++++++++--- + OvmfPkg/OvmfPkgX64.dsc | 14 +++++++++++--- + 2 files changed, 22 insertions(+), 6 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 2be6a1321c8..e49132deb08 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -312,7 +312,7 @@ + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf + !endif + !if $(DEBUG_TO_MEM) +- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf + !endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf +@@ -708,7 +708,10 @@ + # + MdeModulePkg/Core/Pei/PeiMain.inf + !if $(DEBUG_TO_MEM) +- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf ++ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf { ++ ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ } + !endif + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + +@@ -724,7 +727,12 @@ + } + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + +- OvmfPkg/PlatformPei/PlatformPei.inf ++ OvmfPkg/PlatformPei/PlatformPei.inf { ++ ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++!endif ++ } + + UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { + +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 724a84554c8..5c016b336b5 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -344,7 +344,7 @@ + DebugLib|OvmfPkg/Library/PlatformDebugLibIoPort/PlatformRomDebugLibIoPort.inf + !endif + !if $(DEBUG_TO_MEM) +- MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiCoreLib.inf + !endif + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + ResourcePublicationLib|MdePkg/Library/PeiResourcePublicationLib/PeiResourcePublicationLib.inf +@@ -788,7 +788,10 @@ + # + MdeModulePkg/Core/Pei/PeiMain.inf + !if $(DEBUG_TO_MEM) +- OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf ++ OvmfPkg/MemDebugLogPei/MemDebugLogPei.inf { ++ ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++ } + !endif + MdeModulePkg/Universal/PCD/Pei/Pcd.inf { + +@@ -804,7 +807,12 @@ + } + MdeModulePkg/Core/DxeIplPeim/DxeIpl.inf + +- OvmfPkg/PlatformPei/PlatformPei.inf ++ OvmfPkg/PlatformPei/PlatformPei.inf { ++ ++!if $(DEBUG_TO_MEM) ++ MemDebugLogLib|OvmfPkg/Library/MemDebugLogLib/MemDebugLogPeiLib.inf ++!endif ++ } + + UefiCpuPkg/Universal/Acpi/S3Resume2Pei/S3Resume2Pei.inf { + +-- +2.47.3 + diff --git a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch b/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch deleted file mode 100644 index e41d301..0000000 --- a/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann -Date: Tue, 27 Aug 2024 12:06:15 +0200 -Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if - not needed. - -RH-Author: Oliver Steffen -RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed. -RH-Jira: RHEL-50185 -RH-Acked-by: Gerd Hoffmann -RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2) - -Add the new global mMsrIa32MiscEnableSupported variable to track -whenever support for the IA32_MISC_ENABLE MSR is present or not. - -Add new local PatchingNeeded variable to CheckFeatureSupported() -to track if patching the SMM setup code is needed or not. - -Issue PatchInstructionX86() calls only if needed, i.e. if one of -the *Supported variables has been updated. - -Result is that on a typical SMP machine where all processors are -identical the PatchInstructionX86() calls are issued only once, -when checking the first processor. Specifically this avoids -PatchInstructionX86() being called in OVMF on CPU hotplug. That -is important because instruction patching at runtime does not not -work and leads to page faults. - -This fixes CPU hotplug on OVMF not working with AMD cpus. - -Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase") -Signed-off-by: Gerd Hoffmann -(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4) -Signed-off-by: Oliver Steffen ---- - UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++----- - 1 file changed, 40 insertions(+), 9 deletions(-) - -diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -index 8142d3ceac..8e299fd29a 100644 ---- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c -@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE; - // - BOOLEAN mBtsSupported = TRUE; - -+// -+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor -+// -+BOOLEAN mMsrIa32MiscEnableSupported = TRUE; -+ - // - // The flag indicates if SMM profile starts to record data. - // -@@ -904,18 +909,23 @@ CheckFeatureSupported ( - UINT32 RegEcx; - UINT32 RegEdx; - MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr; -+ BOOLEAN PatchingNeeded = FALSE; - - if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) { - AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL); - if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) { - AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL); - if ((RegEcx & CPUID_CET_SS) == 0) { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } else { -- mCetSupported = FALSE; -- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ if (mCetSupported) { -+ mCetSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -925,8 +935,10 @@ CheckFeatureSupported ( - // - // Extended CPUID functions are not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx); -@@ -934,15 +946,20 @@ CheckFeatureSupported ( - // - // Execute Disable Bit feature is not supported on this processor. - // -- mXdSupported = FALSE; -- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ if (mXdSupported) { -+ mXdSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - - if (StandardSignatureIsAuthenticAMD ()) { - // - // AMD processors do not support MSR_IA32_MISC_ENABLE - // -- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ if (mMsrIa32MiscEnableSupported) { -+ mMsrIa32MiscEnableSupported = FALSE; -+ PatchingNeeded = TRUE; -+ } - } - } - -@@ -966,6 +983,20 @@ CheckFeatureSupported ( - } - } - } -+ -+ if (PatchingNeeded) { -+ if (!mCetSupported) { -+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1); -+ } -+ -+ if (!mXdSupported) { -+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1); -+ } -+ -+ if (!mMsrIa32MiscEnableSupported) { -+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1); -+ } -+ } - } - - /** --- -2.39.3 - diff --git a/edk2-build.py b/edk2-build.py index cee7541..c4bfbae 100755 --- a/edk2-build.py +++ b/edk2-build.py @@ -51,7 +51,7 @@ def get_toolchain(cfg, build): return cfg[build]['tool'] if cfg.has_option('global', 'tool'): return cfg['global']['tool'] - return 'GCC5' + return 'GCC' def get_hostarch(): mach = os.uname().machine @@ -147,7 +147,7 @@ def build_run(cmdline, name, section, silent = False, nologs = False): print(f'### exit code: {result.returncode}') else: secs = int(time.time() - start) - print(f'### OK ({int(secs/60)}:{secs%60:02d})') + print(f'### OK ({int(secs)}sec)') else: print(cmdline, flush = True) result = subprocess.run(cmdline, check = False) @@ -248,7 +248,7 @@ def build_one(cfg, build, jobs = None, silent = False, nologs = False): def build_basetools(silent = False, nologs = False): build_message('building: BaseTools', silent = silent) - basedir = os.environ['EDK_TOOLS_PATH'] + basedir = os.environ['EDK_TOOLS_PATH'] + '/Source/C' cmdline = [ 'make', '-C', basedir ] build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs) diff --git a/edk2-build.rhel-9 b/edk2-build.rhel-10 similarity index 53% rename from edk2-build.rhel-9 rename to edk2-build.rhel-10 index 9088bf8..43279f6 100644 --- a/edk2-build.rhel-9 +++ b/edk2-build.rhel-10 @@ -12,35 +12,50 @@ CAVIUM_ERRATUM_27456 = TRUE [opts.ovmf.4m] FD_SIZE_4MB = TRUE +DEBUG_TO_MEM = TRUE [opts.ovmf.sb.smm] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = TRUE -# old downstream -EXCLUDE_SHELL_FROM_FD = TRUE -# new upstream +BUILD_SHELL = FALSE + +[opts.ovmf.qemu.vars] +QEMU_PV_VARS = TRUE +SECURE_BOOT_ENABLE = TRUE BUILD_SHELL = FALSE [opts.ovmf.sb.stateless] SECURE_BOOT_ENABLE = TRUE SMM_REQUIRE = FALSE +BUILD_SHELL = FALSE [opts.armvirt.verbose] DEBUG_PRINT_ERROR_LEVEL = 0x8040004F +DEBUG_TO_MEM = TRUE [opts.armvirt.silent] DEBUG_PRINT_ERROR_LEVEL = 0x80000000 -[pcds.nx.strict] -PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 -PcdUninstallMemAttrProtocol = FALSE +[pcds.la57] +PcdUse5LevelPageTable = TRUE -[pcds.nx.broken.shim.grub] -# grub.efi uses EfiLoaderData for code -PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1 -# shim.efi has broken MemAttr code -PcdUninstallMemAttrProtocol = TRUE +[pcds.nx.strict] +PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5 +PcdImageProtectionPolicy = 0x03 +PcdSetNxForStack = TRUE +PcdNullPointerDetectionPropertyMask = 0x03 +PcdUninstallMemAttrProtocol = TRUE + +[pcds.nx.compat.aa64] +# workaround for bugs in shim.efi and grub.efi +PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1 +PcdUninstallMemAttrProtocol = TRUE + +[pcds.nx.compat.x64] +# workaround for bugs in shim.efi and grub.efi +PcdDxeNxMemoryProtectionPolicy = 0 +PcdUninstallMemAttrProtocol = TRUE ##################################################################### @@ -52,8 +67,10 @@ conf = OvmfPkg/OvmfPkgX64.dsc arch = X64 opts = ovmf.common ovmf.4m +pcds = nx.compat.x64 + la57 plat = OvmfX64 -dest = RHEL-9/ovmf +dest = RHEL-10/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd cpy2 = FV/OVMF_VARS.fd cpy3 = X64/Shell.efi @@ -65,11 +82,26 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.smm +pcds = nx.compat.x64 + la57 plat = OvmfX64 -dest = RHEL-9/ovmf +dest = RHEL-10/ovmf cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd cpy2 = X64/EnrollDefaultKeys.efi +[build.ovmf.qemu.vars] +desc = ovmf build (64-bit, 4MB, qemu vars, secure boot) +conf = OvmfPkg/OvmfPkgX64.dsc +arch = X64 +opts = ovmf.common + ovmf.4m + ovmf.qemu.vars +pcds = nx.strict + la57 +plat = OvmfX64 +dest = RHEL-10/ovmf +cpy1 = FV/OVMF.fd OVMF.qemuvars.fd + ##################################################################### # stateless ovmf builds (firmware in rom or r/o flash) @@ -80,8 +112,9 @@ conf = OvmfPkg/AmdSev/AmdSevX64.dsc arch = X64 opts = ovmf.common ovmf.4m +pcds = nx.compat.x64 plat = AmdSev -dest = RHEL-9/ovmf +dest = RHEL-10/ovmf cpy1 = FV/OVMF.fd OVMF.amdsev.fd [build.ovmf.inteltdx] @@ -91,8 +124,10 @@ arch = X64 opts = ovmf.common ovmf.4m ovmf.sb.stateless +pcds = nx.compat.x64 + la57 plat = IntelTdx -dest = RHEL-9/ovmf +dest = RHEL-10/ovmf cpy1 = FV/OVMF.fd OVMF.inteltdx.fd @@ -105,9 +140,9 @@ conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.verbose -pcds = nx.broken.shim.grub -plat = ArmVirtQemu-AARCH64 -dest = RHEL-9/aarch64 +pcds = nx.compat.aa64 +plat = ArmVirtQemu-AArch64 +dest = RHEL-10/aarch64 cpy1 = FV/QEMU_EFI.fd cpy2 = FV/QEMU_VARS.fd cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw @@ -121,9 +156,39 @@ conf = ArmVirtPkg/ArmVirtQemu.dsc arch = AARCH64 opts = ovmf.common armvirt.silent -pcds = nx.broken.shim.grub -plat = ArmVirtQemu-AARCH64 -dest = RHEL-9/aarch64 +pcds = nx.compat.aa64 +plat = ArmVirtQemu-AArch64 +dest = RHEL-10/aarch64 cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw pad2 = QEMU_EFI-silent-pflash.raw 64m + +[build.armvirt.aa64.qemu.vars] +desc = ArmVirt build for qemu, 64-bit (arm v8), qemu vars, secure boot +conf = ArmVirtPkg/ArmVirtQemu.dsc +arch = AARCH64 +opts = ovmf.common + ovmf.qemu.vars + armvirt.silent +pcds = nx.strict +plat = ArmVirtQemu-AArch64 +dest = RHEL-10/aarch64 +cpy1 = FV/QEMU_EFI.fd QEMU_EFI.qemuvars.fd +cpy2 = FV/QEMU_EFI.fd QEMU_EFI-qemuvars-pflash.raw +pad2 = QEMU_EFI-qemuvars-pflash.raw 64m + + +##################################################################### +# riscv build + +[build.riscv.qemu] +conf = OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc +arch = RISCV64 +plat = RiscVVirtQemu +dest = RHEL-10/riscv +cpy1 = FV/RISCV_VIRT_CODE.fd +cpy2 = FV/RISCV_VIRT_CODE.fd RISCV_VIRT_CODE.raw +cpy3 = FV/RISCV_VIRT_VARS.fd +cpy4 = FV/RISCV_VIRT_VARS.fd RISCV_VIRT_VARS.raw +pad1 = RISCV_VIRT_CODE.raw 32m +pad2 = RISCV_VIRT_VARS.raw 32m diff --git a/edk2.spec b/edk2.spec index 3eb9391..855038c 100644 --- a/edk2.spec +++ b/edk2.spec @@ -1,27 +1,31 @@ -ExclusiveArch: x86_64 aarch64 +ExclusiveArch: x86_64 aarch64 riscv64 -# edk2-stable202405 -%define GITDATE 20240524 -%define GITCOMMIT 3e722403cd +# edk2-stable202511 +%define GITDATE 20251114 +%define GITCOMMIT 46548b1adac8 %define TOOLCHAIN GCC -%define OPENSSL_VER 3.0.7 -%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1 +%define OPENSSL_VER 3.5.5 +%define OPENSSL_HASH c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c -%define DBXDATE 20230509 +%define DBXDATE 20251016 %define build_ovmf 0 %define build_aarch64 0 +%define build_riscv64 0 %ifarch x86_64 %define build_ovmf 1 %endif %ifarch aarch64 %define build_aarch64 1 %endif +%ifarch riscv64 + %define build_riscv64 1 +%endif Name: edk2 Version: %{GITDATE} -Release: 8%{?dist} +Release: 5%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -33,6 +37,7 @@ URL: http://www.tianocore.org Source0: edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz +Source3: dtc-1.7.0.tar.xz # json description files Source10: 50-edk2-aarch64-qcow2.json @@ -40,17 +45,25 @@ Source11: 51-edk2-aarch64-raw.json Source12: 52-edk2-aarch64-verbose-qcow2.json Source13: 53-edk2-aarch64-verbose-raw.json +Source20: 90-edk2-ovmf-qemuvars-x64-sb-enrolled.json +Source21: 91-edk2-ovmf-qemuvars-x64-sb.json +Source22: 90-edk2-aarch64-qemuvars-sb-enrolled.json +Source23: 91-edk2-aarch64-qemuvars-sb.json + Source40: 30-edk2-ovmf-x64-sb-enrolled.json Source41: 40-edk2-ovmf-x64-sb.json Source43: 50-edk2-ovmf-x64-nosb.json Source44: 60-edk2-ovmf-x64-amdsev.json Source45: 60-edk2-ovmf-x64-inteltdx.json +Source50: 50-edk2-riscv-qcow2.json + # https://gitlab.com/kraxel/edk2-build-config Source80: edk2-build.py -Source82: edk2-build.rhel-9 +Source82: edk2-build.rhel-10 Source90: DBXUpdate-%{DBXDATE}.x64.bin +Source91: DBXUpdate-%{DBXDATE}.aa64.bin Patch1: 0003-Remove-paths-leading-to-submodules.patch Patch2: 0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch Patch3: 0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -69,38 +82,31 @@ Patch15: 0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch Patch16: 0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch Patch17: 0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch Patch18: 0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch -Patch19: 0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch -Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch -Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch -Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch -Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch -Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch -Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch -Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch -Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch -Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch -Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch -Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch -Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch -Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch -Patch33: 0035-OvmfPkg-add-morlock-support.patch -Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch -Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch -Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch -Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch -Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch -# For RHEL-45261 - [RHEL10] edk2 disconnects abnormally before loading the kernel -Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch -# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data -Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch -# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data -Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch -# For RHEL-56082 - [EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10] -Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch -# For RHEL-50185 - [RHEL10] Hit soft lockup when hotplug vcpu -Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch -# For RHEL-56154 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10] -Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch +Patch19: 0021-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch +Patch20: 0022-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch +Patch21: 0023-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +Patch22: 0024-CryptoPkg-CrtLib-add-stat.h-include-file-RH-only.patch +Patch23: 0025-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch +Patch24: 0026-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch +Patch25: 0027-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch +Patch26: 0028-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +Patch27: 0029-OvmfPkg-X64-add-opt-org.tianocore-UninstallMemAttrPr.patch +Patch28: 0030-OvmfPkg-MemDebugLogLib-use-AcquireSpinLockOrFail.patch +Patch29: 0031-OvmfPkg-PlatformInitLib-reserve-igvm-parameter-area.patch +# For RHEL-138335 - [AmpereoneX] ArmConfigureMmu: The MaxAddress 0xFFFFFFFFFFFFF is not supported by this MMU configuration +Patch30: edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch +# For RHEL-139470 - Enable memory debug logging support in firmware image configs +Patch31: edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch +# For RHEL-139470 - Enable memory debug logging support in firmware image configs +Patch32: edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch +# For RHEL-139470 - Enable memory debug logging support in firmware image configs +Patch33: edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch +# For RHEL-139470 - Enable memory debug logging support in firmware image configs +Patch34: edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch +# For RHEL-139470 - Enable memory debug logging support in firmware image configs +Patch35: edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch +# For RHEL-134956 - CVE-2025-2296 edk2: EDK2: Improper Input Validation allows arbitrary command execution [rhel-10.2] +Patch36: edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -112,6 +118,9 @@ BuildRequires: binutils gcc git gcc-c++ make BuildRequires: perl perl(JSON) BuildRequires: qemu-img +# secure boot enrollment +BuildRequires: python3dist(virt-firmware) >= 25.4 + %if %{build_ovmf} # Only OVMF includes 80x86 assembly files (*.nasm*). BuildRequires: nasm @@ -122,9 +131,6 @@ BuildRequires: dosfstools BuildRequires: mtools BuildRequires: xorriso -# secure boot enrollment -BuildRequires: python3dist(virt-firmware) >= 23.4 - # endif build_ovmf %endif @@ -171,6 +177,19 @@ platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This package contains a 64-bit build. +%package riscv64 +Summary: UEFI firmware for riscv64 virtual machines +BuildArch: noarch + +# No Secure Boot for riscv64 yet, but we include OpenSSL for the IPv6 stack. +Provides: bundled(openssl) = %{OPENSSL_VER} +License: BSD-2-Clause-Patent and Apache-2.0 + +%description riscv64 +EFI Development Kit II platform that enables UEFI support for QEMU/KVM +RISC-V Virtual Machines. This package contains a 64-bit build. + + %package tools Summary: EFI Development Kit II Tools License: BSD-2-Clause-Patent @@ -206,12 +225,15 @@ git config am.keepcr true cp -a -- %{SOURCE1} . cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . +cp -a -- %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} . cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} . +cp -a -- %{SOURCE50} . cp -a -- %{SOURCE80} %{SOURCE82} . -cp -a -- %{SOURCE90} . +cp -a -- %{SOURCE90} %{SOURCE91} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x +tar -xf %{SOURCE3} --strip-components=1 --directory MdePkg/Library/BaseFdtLib/libfdt -# Done by %setup, but we do not use it for the auxiliary tarballs +# Done by setup macro, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . %build @@ -264,26 +286,44 @@ mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/library mkdir -p SecurityPkg/DeviceSecurity/SpdmLib/libspdm/include %if %{build_ovmf} -./edk2-build.py --config edk2-build.rhel-9 -m ovmf --release-date "$RELEASE_DATE" -build_iso RHEL-9/ovmf -cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf -virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \ - --output RHEL-9/ovmf/OVMF_VARS.secboot.fd \ +./edk2-build.py --config edk2-build.rhel-10 -m ovmf --release-date "$RELEASE_DATE" +build_iso RHEL-10/ovmf +cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-10/ovmf +virt-fw-vars --input RHEL-10/ovmf/OVMF_VARS.fd \ + --output RHEL-10/ovmf/OVMF_VARS.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot -virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \ - --output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \ +virt-fw-vars --input RHEL-10/ovmf/OVMF.inteltdx.fd \ + --output RHEL-10/ovmf/OVMF.inteltdx.secboot.fd \ --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ --enroll-redhat --secure-boot \ --set-fallback-no-reboot +virt-fw-vars --output-json RHEL-10/ovmf/vars.blank.json +virt-fw-vars --output-json RHEL-10/ovmf/vars.secboot.json \ + --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \ + --enroll-redhat --secure-boot %endif %if %{build_aarch64} -./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE" +./edk2-build.py --config edk2-build.rhel-10 -m armvirt --release-date "$RELEASE_DATE" +cp DBXUpdate-%{DBXDATE}.aa64.bin RHEL-10/aarch64 for raw in */aarch64/*.raw; do qcow2="${raw%.raw}.qcow2" qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" done +virt-fw-vars --output-json RHEL-10/aarch64/vars.blank.json +virt-fw-vars --output-json RHEL-10/aarch64/vars.secboot.json \ + --set-dbx DBXUpdate-%{DBXDATE}.aa64.bin \ + --enroll-redhat --secure-boot +%endif + +%if %{build_riscv64} +./edk2-build.py --config edk2-build.rhel-10 -m riscv --release-date "$RELEASE_DATE" +for raw in */riscv/*.raw; do + qcow2="${raw%.raw}.qcow2" + qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2" + rm -f "$raw" +done %endif %install @@ -308,7 +348,7 @@ install BaseTools/Scripts/GccBase.lds \ %{buildroot}%{_datadir}/%{name}/Scripts mkdir -p %{buildroot}%{_datadir}/%{name} -cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name} +cp -av RHEL-10/* %{buildroot}%{_datadir}/%{name} %if %{build_ovmf} mkdir -p %{buildroot}%{_datadir}/OVMF @@ -321,7 +361,9 @@ ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd install -m 0644 \ 30-edk2-ovmf-x64-sb-enrolled.json \ + 90-edk2-ovmf-qemuvars-x64-sb-enrolled.json \ 40-edk2-ovmf-x64-sb.json \ + 91-edk2-ovmf-qemuvars-x64-sb.json \ 50-edk2-ovmf-x64-nosb.json \ 60-edk2-ovmf-x64-amdsev.json \ 60-edk2-ovmf-x64-inteltdx.json \ @@ -345,11 +387,19 @@ install -m 0644 \ 51-edk2-aarch64-raw.json \ 52-edk2-aarch64-verbose-qcow2.json \ 53-edk2-aarch64-verbose-raw.json \ + 90-edk2-aarch64-qemuvars-sb-enrolled.json \ + 91-edk2-aarch64-qemuvars-sb.json \ %{buildroot}%{_datadir}/qemu/firmware # endif build_aarch64 %endif +%if %{build_riscv64} +install -m 0644 \ + 50-edk2-riscv-qcow2.json \ + %{buildroot}%{_datadir}/qemu/firmware +%endif + %check %global common_files \ @@ -373,6 +423,7 @@ install -m 0644 \ %{_datadir}/%{name}/ovmf/OVMF.amdsev.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd %{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd +%{_datadir}/%{name}/ovmf/OVMF.qemuvars.fd %{_datadir}/%{name}/ovmf/DBXUpdate*.bin %{_datadir}/%{name}/ovmf/UefiShell.iso %{_datadir}/OVMF/OVMF_CODE.secboot.fd @@ -381,8 +432,11 @@ install -m 0644 \ %{_datadir}/OVMF/UefiShell.iso %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi +%{_datadir}/%{name}/ovmf/vars.*.json %{_datadir}/qemu/firmware/30-edk2-ovmf-x64-sb-enrolled.json +%{_datadir}/qemu/firmware/90-edk2-ovmf-qemuvars-x64-sb-enrolled.json %{_datadir}/qemu/firmware/40-edk2-ovmf-x64-sb.json +%{_datadir}/qemu/firmware/91-edk2-ovmf-qemuvars-x64-sb.json %{_datadir}/qemu/firmware/50-edk2-ovmf-x64-nosb.json %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json %{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json @@ -396,20 +450,34 @@ install -m 0644 \ %dir %{_datadir}/%{name}/aarch64/ %{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.* %{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.* +%{_datadir}/%{name}/aarch64/QEMU_EFI-qemuvars-pflash.* %{_datadir}/%{name}/aarch64/vars-template-pflash.* +%{_datadir}/%{name}/aarch64/DBXUpdate*.bin %{_datadir}/AAVMF/AAVMF_CODE.verbose.fd %{_datadir}/AAVMF/AAVMF_CODE.fd %{_datadir}/AAVMF/AAVMF_VARS.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd +%{_datadir}/%{name}/aarch64/QEMU_EFI.qemuvars.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd +%{_datadir}/%{name}/aarch64/vars.*.json %{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json %{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json %{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json %{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json +%{_datadir}/qemu/firmware/90-edk2-aarch64-qemuvars-sb-enrolled.json +%{_datadir}/qemu/firmware/91-edk2-aarch64-qemuvars-sb.json # endif build_aarch64 %endif +%if %{build_riscv64} +%files riscv64 +%common_files +%{_datadir}/%{name}/riscv/*.fd +%{_datadir}/%{name}/riscv/*.qcow2 +%{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json +%endif + %files tools %license License.txt %license License-History.txt @@ -435,6 +503,129 @@ install -m 0644 \ %changelog +* Mon Mar 09 2026 Miroslav Rezanina - 20251114-5 +- edk2-add-uefi-vars-firmware-json-files.patch [RHEL-150696] +- Resolves: RHEL-150696 + (edk2: Add JSON descriptors for uefi-vars builds) + +* Thu Feb 12 2026 Miroslav Rezanina - 20251114-4 +- edk2-OvmfPkg-X86QemuLoadImageLib-flip-default-for-EnableL.patch [RHEL-134956] +- edk2-update-openssl-rhel-submodule.patch [RHEL-147785] +- edk2-update-openssl-rhel-tarball.patch [RHEL-147785] +- Resolves: RHEL-134956 + (CVE-2025-2296 edk2: EDK2: Improper Input Validation allows arbitrary command execution [rhel-10.2]) +- Resolves: RHEL-147785 + ([edk2] pick up openssl updates) + +* Mon Feb 09 2026 Miroslav Rezanina - 20251114-3 +- edk2-OvmfPkg-AmdSev-add-memory-debug-log-support.patch [RHEL-139470] +- edk2-OvmfPkg-MemDebugLogPeiLib-drop-duplicate-MemDebugLog.patch [RHEL-139470] +- edk2-OvmfPkg-MemDebugLogPeiCoreLib-enable-for-PEIMs.patch [RHEL-139470] +- edk2-ArmVirtPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch [RHEL-139470] +- edk2-OvmfPkg-use-MemDebugLogPeiCoreLib-for-PEIMs.patch [RHEL-139470] +- Resolves: RHEL-139470 + (Enable memory debug logging support in firmware image configs) + +* Thu Jan 08 2026 Miroslav Rezanina - 20251114-2 +- edk2-ArmPkg-UefiCpuPkg-Fix-boot-failure-on-FEAT_LPA-only-.patch [RHEL-138335] +- Resolves: RHEL-138335 + ([AmpereoneX] ArmConfigureMmu: The MaxAddress 0xFFFFFFFFFFFFF is not supported by this MMU configuration) + +* Wed Dec 10 2025 Miroslav Rezanina - 20251114-1 +- Rebase to edk2-stable202511 [RHEL-118386] +- Resolves: RHEL-118386 + ([edk2,rhel-10] rebase to edk2-stable202511) + +* Wed Nov 12 2025 Miroslav Rezanina - 20250822-4 +- edk2-make-dbxupdate.sh-get-version-tag-add-to-commit-mess.patch [RHEL-126085] +- edk2-update-dbx-to-20251016-v1.6.1.patch [RHEL-126085] +- Resolves: RHEL-126085 + ([edk2,rhel-10] dbx update to 20251016 / v1.6.1) + +* Mon Nov 03 2025 Miroslav Rezanina - 20250822-3 +- edk2-Bumped-OpenSSL-to-3.5.1-6.patch [RHEL-115880] +- Resolves: RHEL-115880 + (CVE-2025-9230 edk2: Out-of-bounds read & write in RFC 3211 KEK Unwrap [rhel-10.2]) + +* Mon Oct 13 2025 Miroslav Rezanina - 20250822-2 +- edk2-add-DBXUpdate-20250610.aa64.bin.patch [RHEL-109548] +- Resolves: RHEL-109548 + ([aarch64][edk2] missing DBXUpdate-${date}.aa64.bin) + +* Tue Oct 07 2025 Miroslav Rezanina - 20250822-1 +- Rebase to edk2-stable202508 [RHEL-111718] +- Resolves: RHEL-111718 + ([edk2,rhel-10] rebase to edk2-stable202508) + +* Mon Jun 30 2025 Miroslav Rezanina - 20250523-2 +- edk2-add-qemu-vars-builds-to-build-config-and-file-lists.patch [RHEL-2908] +- edk2-add-dbx-update-script.patch [RHEL-96866] +- edk2-update-dbx-to-20250610.patch [RHEL-96866] +- Resolves: RHEL-2908 + ([aarch64][EDK2] UEFI writable variable service in QEMU) +- Resolves: RHEL-96866 + ([edk2,rhel-10] dbx update 20250610) + +* Tue Jun 10 2025 Miroslav Rezanina - 20250523-1 +- Rebase to edk2-stable202505 [RHEL-82556] +- Resolves: RHEL-82556 + ([edk2,rhel-10] rebase to edk2-stable202505) + +* Fri May 02 2025 Miroslav Rezanina - 20250221-3 +- edk2-.distro-make-sure-virt-firmware-is-new-enough.patch [RHEL-85759] +- Resolves: RHEL-85759 + (RFE: Add riscv64 build and sub-package) + +* Mon Apr 07 2025 Miroslav Rezanina - 20250221-2 +- edk2-.distro-drop-setup-macro-in-specfile-comment.patch [RHEL-85759] +- edk2-.distro-switch-to-rhel-10-build-config.patch [RHEL-85759] +- edk2-.distro-add-riscv64-sub-rpm.patch [RHEL-85759] +- Resolves: RHEL-85759 + (RFE: Add riscv64 build and sub-package) + +* Wed Mar 26 2025 Miroslav Rezanina - 20250221-1 +- Rebase to edk2-stable202502 [RHEL-75592] +- Resolves: RHEL-75592 + (rebase to edk2-stable202502) +- Resulves: RHEL-82646 + (fix typo in fwcfg file name) +- Resolves: RHEL-82837 + (The newer revocation file and Server 2025 required to update it) + +* Mon Jan 20 2025 Miroslav Rezanina - 20241117-2 +- edk2-Fix-amd-sev-firmware-file-for-amd-snp.patch [RHEL-72446] +- Resolves: RHEL-72446 + ( QEMU should creating new json file that will correctly describe firmware for amd-sev-snp [rhel-10]) + +* Mon Dec 09 2024 Miroslav Rezanina - 20241117-1 +- Rebase to edk2-stable202411 +- Resolves: RHEL-58062 + ([edk2,rhel-10] rebase to edk2-stable202411) + +* Tue Nov 26 2024 Miroslav Rezanina - 20240524-12 +- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642] +- Resolves: RHEL-64642 + ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10]) + +* Mon Nov 11 2024 Miroslav Rezanina - 20240524-11 +- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234] +- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234] +- Resolves: RHEL-66234 + ([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10]) + +* Tue Oct 29 2024 Troy Dawson - 20240524-10 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Tue Oct 08 2024 Miroslav Rezanina - 20240524-9 +- edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch [RHEL-56249] +- edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch [RHEL-56249] +- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60829] +- Resolves: RHEL-56249 + (507x510 display resolution should not crash the firmware [edk2,rhel-10]) +- Resolves: RHEL-60829 + (CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0]) + * Fri Sep 27 2024 Miroslav Rezanina - 20240524-8 - edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55302] - Resolves: RHEL-55302 diff --git a/sources b/sources index 3d96e18..6cb81a4 100644 --- a/sources +++ b/sources @@ -1,3 +1,5 @@ -SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 -SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d -SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9 +SHA512 (DBXUpdate-20251016.aa64.bin) = 2af6d22d139ff58cb2d0dc0883257b6131f1bd9cc04b4c062c21f1d0560508f8f4ea062e6946fd37c8ab47259772884e29c32a93844d5d6beadcf9e778e4ee51 +SHA512 (DBXUpdate-20251016.x64.bin) = 0452d2c302f702eeb2d549fd5ac4b3c3623172de9559a881bc92875590f3c5b65e301b880f5f76786e22b1af145b2aa6e58c74fef00a279950f3d6641aef484e +SHA512 (dtc-1.7.0.tar.xz) = d3ba6902a9a2f2cdbaff55f12fca3cfe4a1ec5779074a38e3d8b88097c7abc981835957e8ce72971e10c131e05fde0b1b961768e888ff96d89e42c75edb53afb +SHA512 (edk2-46548b1adac8.tar.xz) = 56b340943585df5efacc31af564f865664ade5eb5ff443040518263dd36784045a383970e11d3925c8c33927829e00b82efbfd77447e2fb96ad50e16064e0827 +SHA512 (openssl-rhel-c6600b817708cb4f3c6b044f28e10e9b1a1b3e2c.tar.xz) = be9bb76ba1b8c3f16f4d6d15d4b4a8c57b9361dab56996b9a19bb6360996144c556c0e07827c8734b37f071e842dc0abe39d2321f09f42c47f610808f15aa0a5