* Mon Jan 15 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-2

- edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963]
- edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963]
- Resolves: RHEL-20963
  ([rhel9] guest fails to boot due to ASSERT error)

edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch

@@ -0,0 +1,52 @@
+From 390efa52b8c2b61bcc6f24cc9f3b805798150b6e Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 Jan 2024 12:29:00 +0100
+Subject: [PATCH 1/3] OvmfPkg/RiscVVirt: use gEfiAuthenticatedVariableGuid
+ unconditionally
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ArmVirt and OVMF are doing the same.
+
+See commit d92eaabefbe0 ("OvmfPkg: simplify VARIABLE_STORE_HEADER
+generation") for details.
+
+Suggested-by: László Érsek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20240109112902.30002-2-kraxel@redhat.com>
+(cherry picked from commit 3b1ddbddeee64cee5aba4f0170fbf5e4781d4879)
+---
+ OvmfPkg/RiscVVirt/VarStore.fdf.inc | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+diff --git a/OvmfPkg/RiscVVirt/VarStore.fdf.inc b/OvmfPkg/RiscVVirt/VarStore.fdf.inc
+index aba32315cc..6679c246b3 100644
+--- a/OvmfPkg/RiscVVirt/VarStore.fdf.inc
++++ b/OvmfPkg/RiscVVirt/VarStore.fdf.inc
+@@ -36,19 +36,12 @@ DATA = {
+   # Blockmap[1]: End
+   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+   ## This is the VARIABLE_STORE_HEADER
+-!if $(SECURE_BOOT_ENABLE) == TRUE
++  # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
+   # Signature: gEfiAuthenticatedVariableGuid =
+   #   { 0xaaf32c78, 0x947b, 0x439a,
+   #     { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
+   0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
+   0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
+-!else
+-  # Signature: gEfiVariableGuid =
+-  #   { 0xddcf3616, 0x3275, 0x4164,
+-  #     { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
+-  0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
+-  0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
+-!endif
+   # Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
+   #         0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3FFB8
+   # This can speed up the Variable Dispatch a bit.
+-- 
+2.39.3
+

edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch

@@ -0,0 +1,210 @@
+From d557e973e4a400325f68014e463201a5b48c1547 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 Jan 2024 12:29:02 +0100
+Subject: [PATCH 3/3] OvmfPkg/VirtNorFlashDxe: sanity-check variables
+
+Extend the ValidateFvHeader function, additionally to the header checks
+walk over the list of variables and sanity check them.
+
+In case we find inconsistencies indicating variable store corruption
+return EFI_NOT_FOUND so the variable store will be re-initialized.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-Id: <20240109112902.30002-4-kraxel@redhat.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+[lersek@redhat.com: fix StartId initialization/assignment coding style]
+(cherry picked from commit 4a443f73fd67ca8caaf0a3e1a01f8231b330d2e0)
+---
+ OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf |   1 +
+ OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c   | 149 +++++++++++++++++++-
+ 2 files changed, 145 insertions(+), 5 deletions(-)
+
+diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
+index 2a3d4a218e..f549400280 100644
+--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
+@@ -34,6 +34,7 @@
+   DxeServicesTableLib
+   HobLib
+   IoLib
++  SafeIntLib
+   UefiBootServicesTableLib
+   UefiDriverEntryPoint
+   UefiLib
+diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
+index 9a614ae4b2..8fcd999ac6 100644
+--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
+@@ -12,6 +12,7 @@
+ #include <Library/BaseMemoryLib.h>
+ #include <Library/MemoryAllocationLib.h>
+ #include <Library/PcdLib.h>
++#include <Library/SafeIntLib.h>
+ #include <Library/UefiLib.h>
+ 
+ #include <Guid/NvVarStoreFormatted.h>
+@@ -185,11 +186,12 @@ ValidateFvHeader (
+   IN  NOR_FLASH_INSTANCE  *Instance
+   )
+ {
+-  UINT16                      Checksum;
+-  EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
+-  VARIABLE_STORE_HEADER       *VariableStoreHeader;
+-  UINTN                       VariableStoreLength;
+-  UINTN                       FvLength;
++  UINT16                            Checksum;
++  CONST EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
++  CONST VARIABLE_STORE_HEADER       *VariableStoreHeader;
++  UINTN                             VarOffset;
++  UINTN                             VariableStoreLength;
++  UINTN                             FvLength;
+ 
+   FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)Instance->RegionBaseAddress;
+ 
+@@ -258,6 +260,143 @@ ValidateFvHeader (
+     return EFI_NOT_FOUND;
+   }
+ 
++  //
++  // check variables
++  //
++  DEBUG ((DEBUG_INFO, "%a: checking variables\n", __func__));
++  VarOffset = sizeof (*VariableStoreHeader);
++  for ( ; ;) {
++    UINTN                                VarHeaderEnd;
++    UINTN                                VarNameEnd;
++    UINTN                                VarEnd;
++    UINTN                                VarPadding;
++    CONST AUTHENTICATED_VARIABLE_HEADER  *VarHeader;
++    CONST CHAR16                         *VarName;
++    CONST CHAR8                          *VarState;
++    RETURN_STATUS                        Status;
++
++    Status = SafeUintnAdd (VarOffset, sizeof (*VarHeader), &VarHeaderEnd);
++    if (RETURN_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
++      return EFI_NOT_FOUND;
++    }
++
++    if (VarHeaderEnd >= VariableStoreHeader->Size) {
++      if (VarOffset <= VariableStoreHeader->Size - sizeof (UINT16)) {
++        CONST UINT16  *StartId;
++
++        StartId = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
++        if (*StartId == 0x55aa) {
++          DEBUG ((DEBUG_ERROR, "%a: startid at invalid location\n", __func__));
++          return EFI_NOT_FOUND;
++        }
++      }
++
++      DEBUG ((DEBUG_INFO, "%a: end of var list (no space left)\n", __func__));
++      break;
++    }
++
++    VarHeader = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
++    if (VarHeader->StartId != 0x55aa) {
++      DEBUG ((DEBUG_INFO, "%a: end of var list (no startid)\n", __func__));
++      break;
++    }
++
++    VarName = NULL;
++    switch (VarHeader->State) {
++      // usage: State = VAR_HEADER_VALID_ONLY
++      case VAR_HEADER_VALID_ONLY:
++        VarState = "header-ok";
++        VarName  = L"<unknown>";
++        break;
++
++      // usage: State = VAR_ADDED
++      case VAR_ADDED:
++        VarState = "ok";
++        break;
++
++      // usage: State &= VAR_IN_DELETED_TRANSITION
++      case VAR_ADDED &VAR_IN_DELETED_TRANSITION:
++        VarState = "del-in-transition";
++        break;
++
++      // usage: State &= VAR_DELETED
++      case VAR_ADDED &VAR_DELETED:
++      case VAR_ADDED &VAR_DELETED &VAR_IN_DELETED_TRANSITION:
++        VarState = "deleted";
++        break;
++
++      default:
++        DEBUG ((
++          DEBUG_ERROR,
++          "%a: invalid variable state: 0x%x\n",
++          __func__,
++          VarHeader->State
++          ));
++        return EFI_NOT_FOUND;
++    }
++
++    Status = SafeUintnAdd (VarHeaderEnd, VarHeader->NameSize, &VarNameEnd);
++    if (RETURN_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
++      return EFI_NOT_FOUND;
++    }
++
++    Status = SafeUintnAdd (VarNameEnd, VarHeader->DataSize, &VarEnd);
++    if (RETURN_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
++      return EFI_NOT_FOUND;
++    }
++
++    if (VarEnd > VariableStoreHeader->Size) {
++      DEBUG ((
++        DEBUG_ERROR,
++        "%a: invalid variable size: 0x%Lx + 0x%Lx + 0x%x + 0x%x > 0x%x\n",
++        __func__,
++        (UINT64)VarOffset,
++        (UINT64)(sizeof (*VarHeader)),
++        VarHeader->NameSize,
++        VarHeader->DataSize,
++        VariableStoreHeader->Size
++        ));
++      return EFI_NOT_FOUND;
++    }
++
++    if (((VarHeader->NameSize & 1) != 0) ||
++        (VarHeader->NameSize < 4))
++    {
++      DEBUG ((DEBUG_ERROR, "%a: invalid name size\n", __func__));
++      return EFI_NOT_FOUND;
++    }
++
++    if (VarName == NULL) {
++      VarName = (VOID *)((UINTN)VariableStoreHeader + VarHeaderEnd);
++      if (VarName[VarHeader->NameSize / 2 - 1] != L'\0') {
++        DEBUG ((DEBUG_ERROR, "%a: name is not null terminated\n", __func__));
++        return EFI_NOT_FOUND;
++      }
++    }
++
++    DEBUG ((
++      DEBUG_VERBOSE,
++      "%a: +0x%04Lx: name=0x%x data=0x%x guid=%g '%s' (%a)\n",
++      __func__,
++      (UINT64)VarOffset,
++      VarHeader->NameSize,
++      VarHeader->DataSize,
++      &VarHeader->VendorGuid,
++      VarName,
++      VarState
++      ));
++
++    VarPadding = (4 - (VarEnd & 3)) & 3;
++    Status     = SafeUintnAdd (VarEnd, VarPadding, &VarOffset);
++    if (RETURN_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
++      return EFI_NOT_FOUND;
++    }
++  }
++
+   return EFI_SUCCESS;
+ }
+ 
+-- 
+2.39.3
+

edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch

@@ -0,0 +1,42 @@
+From 77047a56601aaa955a12030343bdee973b9d393d Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 Jan 2024 12:29:01 +0100
+Subject: [PATCH 2/3] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Only accept gEfiAuthenticatedVariableGuid when checking the variable
+store header in ValidateFvHeader().
+
+The edk2 code base has been switched to use the authenticated varstore
+format unconditionally (even in case secure boot is not used or
+supported) a few years ago.
+
+Suggested-by: László Érsek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20240109112902.30002-3-kraxel@redhat.com>
+(cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e)
+---
+ OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
+index 5ee98e9b59..9a614ae4b2 100644
+--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
++++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
+@@ -239,9 +239,7 @@ ValidateFvHeader (
+   VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)FwVolHeader + FwVolHeader->HeaderLength);
+ 
+   // Check the Variable Store Guid
+-  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) &&
+-      !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid))
+-  {
++  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) {
+     DEBUG ((
+       DEBUG_INFO,
+       "%a: Variable Store Guid non-compatible\n",
+-- 
+2.39.3
+

edk2.spec

@@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    1%{?dist}
+Release:    2%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@@ -81,6 +81,9 @@ Patch28: 0028-distro-apply-git-diff-c9s-new_c9s-by-mirek.patch
 Patch29: 0029-CryptoPkg-CrtLib-add-stat.h-include-file.patch
 Patch30: 0030-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
 Patch31: 0031-ArmVirtQemu-Allow-EFI-memory-attributes-protocol-to-.patch
+Patch32: edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch
+Patch33: edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch
+Patch34: edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -414,6 +417,13 @@ install -m 0644 \
 
 
 %changelog
+* Mon Jan 15 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-2
+- edk2-OvmfPkg-RiscVVirt-use-gEfiAuthenticatedVariableGuid-.patch [RHEL-20963]
+- edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch [RHEL-20963]
+- edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch [RHEL-20963]
+- Resolves: RHEL-20963
+  ([rhel9] guest fails to boot due to ASSERT error)
+
 * Fri Dec 15 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-1
 - Rebase to edk2-stable202311 [RHEL-12323]
 - Switch to OpenSSL 3.0 [RHEL-49]