128 changed files with 627 additions and 22 deletions
--- a/.edk2.metadata
+++ b/.edk2.metadata
@ -1,2 +0,0 @@
-ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
-85388ae6525650667302c6b553894430197d9e0d SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,6 @@
+SOURCES/RedHatSecureBootPkKek1.pem
 SOURCES/edk2-bb1bba3d77.tar.xz
-SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
+SOURCES/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+/edk2-bb1bba3d77.tar.xz
+/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
--- a/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch
+++ b/SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch
--- a/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch
+++ b/SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch
--- a/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
+++ b/SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
--- a/SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
+++ b/SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
--- a/SOURCES/0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
+++ b/SOURCES/0012-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
--- a/SOURCES/0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
+++ b/SOURCES/0013-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
--- a/SOURCES/0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
+++ b/SOURCES/0014-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
--- a/SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
+++ b/SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
--- a/SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
+++ b/SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
--- a/SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
+++ b/SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
--- a/SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch
+++ b/SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch
--- a/SOURCES/0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
+++ b/SOURCES/0019-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
--- a/SOURCES/0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
+++ b/SOURCES/0020-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
--- a/SOURCES/0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
+++ b/SOURCES/0021-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
--- a/SOURCES/0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
+++ b/SOURCES/0022-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
--- a/SOURCES/0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+++ b/SOURCES/0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
--- a/SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
+++ b/SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
--- a/SOURCES/0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
+++ b/SOURCES/0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
--- a/SOURCES/0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
+++ b/SOURCES/0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
--- a/SOURCES/LICENSE.qosb
+++ b/SOURCES/LICENSE.qosb
--- a/SOURCES/RedHatSecureBootPkKek1.pem
+++ b/SOURCES/RedHatSecureBootPkKek1.pem
--- a/SOURCES/edk2-Apply-uncrustify-changes-to-.c-.h-files-in-the-Netwo.patch
+++ b/SOURCES/edk2-Apply-uncrustify-changes-to-.c-.h-files-in-the-Netwo.patch
--- a/edk2-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch
+++ b/edk2-ArmVirtPkg-Add-Hash2DxeCrypto-to-ArmVirtPkg.patch
@ -0,0 +1,79 @@
+From 2013730b133b5ea78691ede3937b98144673fe1d Mon Sep 17 00:00:00 2001
+From: Flickdm <douglas.flick@microsoft.com>
+Date: Mon, 20 May 2024 11:06:38 -0700
+Subject: [PATCH] ArmVirtPkg: Add Hash2DxeCrypto to ArmVirtPkg
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 112: ArmVirtPkg: Add Hash2DxeCrypto to ArmVirtPkg
+RH-Jira: RHEL-71687
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] c84a2c074eebd93a07079683b5e5cf03d6fcd50f
+
+This patch adds Hash2DxeCrypto to ArmVirtPkg. The Hash2DxeCrypto is
+used to provide the hashing protocol services.
+
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Leif Lindholm <quic_llindhol@quicinc.com>
+Cc: Sami Mujawar <sami.mujawar@arm.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+
+Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
+(cherry picked from commit e10d83234c7e3caaf940df79f4b302fca3729fb0)
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           | 5 +++++
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 5 +++++
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     | 5 +++++
+ 3 files changed, 15 insertions(+)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 2b23becf30..5d4b639bf2 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -526,6 +526,11 @@
+   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # TPM2 support
+   #
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 7c655d384d..b4dc286843 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -180,6 +180,11 @@ READ_LOCK_STATUS   = TRUE
+   INF MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+   INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+  #
+  # Hash2 Protocol producer
+  #
+  INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # TPM2 support
+   #
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index 344e2c4ed9..dd9230e5b7 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -455,6 +455,11 @@
+   MdeModulePkg/Bus/Usb/UsbKbDxe/UsbKbDxe.inf
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+  #
+  # Hash2 Protocol Support
+  #
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
+
+   #
+   # ACPI Support
+   #
+-- 
+2.47.1
+
--- a/SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-migrate-to-OVMF-s-VirtNorFlas.patch
+++ b/SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-migrate-to-OVMF-s-VirtNorFlas.patch
--- a/SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
+++ b/SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
--- a/SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
+++ b/SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
--- a/SOURCES/edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch
+++ b/SOURCES/edk2-MdeModulePkg-Change-use-of-EFI_D_-to-DEBUG_.patch
--- a/SOURCES/edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch
+++ b/SOURCES/edk2-MdeModulePkg-Duplicate-BaseRngLibTimerLib-to-MdeModu.patch
--- a/SOURCES/edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
+++ b/SOURCES/edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch
--- a/SOURCES/edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch
+++ b/SOURCES/edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch
--- a/SOURCES/edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch
+++ b/SOURCES/edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch
--- a/SOURCES/edk2-MdePkg-Apply-uncrustify-changes.patch
+++ b/SOURCES/edk2-MdePkg-Apply-uncrustify-changes.patch
--- a/SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
+++ b/SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
--- a/SOURCES/edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch
+++ b/SOURCES/edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch
--- a/SOURCES/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
+++ b/SOURCES/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
--- a/SOURCES/edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch
+++ b/SOURCES/edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch
--- a/SOURCES/edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch
+++ b/SOURCES/edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch
--- a/SOURCES/edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch
+++ b/SOURCES/edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch
--- a/SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
+++ b/SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
--- a/SOURCES/edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
+++ b/SOURCES/edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
--- a/SOURCES/edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
+++ b/SOURCES/edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch
--- a/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes-p2.patch
+++ b/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes-p2.patch
--- a/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch
+++ b/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes.p2.patch
--- a/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes.patch
+++ b/SOURCES/edk2-NetworkPkg-Apply-uncrustify-changes.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
--- a/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
+++ b/SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
--- a/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
+++ b/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
--- a/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
+++ b/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch
--- a/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
+++ b/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch
--- a/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
+++ b/SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch
--- a/SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
+++ b/SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
--- a/SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
+++ b/SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
--- a/SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
+++ b/SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
--- a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
+++ b/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
--- a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch
+++ b/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch
--- a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch
+++ b/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch
--- a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch
+++ b/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch
--- a/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
+++ b/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
--- a/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
+++ b/edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
@ -0,0 +1,348 @@
+From 8d1a7ee22fc04d2106f08461415ee8bc9c68eee6 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 12:40:12 +0100
+Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 104: OvmfPkg: Add a Fallback RNG (RH only)
+RH-Jira: RHEL-66236
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/2] b222642bafac64922f5fc30abf56347fe4a849ed
+
+Since the pixiefail CVE fix, the network stack requires a random number
+generator.
+In case there is no hardware random number generator available,
+have the Platform Boot Manager install a pseudo RNG to ensure
+the network can be used.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ .../PlatformBootManagerLib/BdsPlatform.c      |   6 +
+ .../PlatformBootManagerLib/FallbackRng.c      | 222 ++++++++++++++++++
+ .../PlatformBootManagerLib/FallbackRng.h      |  20 ++
+ .../PlatformBootManagerLib.inf                |   5 +
+ 4 files changed, 253 insertions(+)
+ create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+ create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 186401296a..70d648c7e3 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -14,6 +14,7 @@
+ #include <Library/Tcg2PhysicalPresenceLib.h>
+ #include <Library/XenPlatformLib.h>
+ 
+#include "FallbackRng.h"
+ 
+ //
+ // Global data
+@@ -446,6 +447,9 @@ PlatformBootManagerBeforeConsole (
+   //
+   VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, ConnectVirtioPciRng,
+     NULL);
+
+  FallbackRngCheckAndInstall ();
+
+ }
+ 
+ 
+@@ -1528,6 +1532,8 @@ PlatformBootManagerAfterConsole (
+ 
+   DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ 
+  FallbackRngPrintWarning ();
+
+   if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
+     DEBUG ((DEBUG_INFO, "PlatformBdsPolicyBehavior: not restoring NvVars "
+       "from disk since flash variables appear to be supported.\n"));
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+new file mode 100644
+index 0000000000..bba60e29d5
+--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+@@ -0,0 +1,222 @@
+/** @file
+  Copyright (C) 2024, Red Hat, Inc.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Protocol/Rng.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include "FallbackRng.h"
+
+typedef struct {
+  EFI_RNG_PROTOCOL    Rng;
+  EFI_HANDLE          Handle;
+} FALLBACK_RNG_DEV;
+
+/**
+  Returns information about the random number generation implementation.
+
+  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL
+                                      instance.
+  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
+                                      RNGAlgorithmList.
+                                      On output with a return code of
+                                      EFI_SUCCESS, the size in bytes of the
+                                      data returned in RNGAlgorithmList. On
+                                      output with a return code of
+                                      EFI_BUFFER_TOO_SMALL, the size of
+                                      RNGAlgorithmList required to obtain the
+                                      list.
+  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
+                                      by the driver with one EFI_RNG_ALGORITHM
+                                      element for each supported RNG algorithm.
+                                      The list must not change across multiple
+                                      calls to the same driver. The first
+                                      algorithm in the list is the default
+                                      algorithm for the driver.
+
+  @retval EFI_SUCCESS                 The RNG algorithm list was returned
+                                      successfully.
+  @retval EFI_UNSUPPORTED             The services is not supported by this
+                                      driver.
+  @retval EFI_DEVICE_ERROR            The list of algorithms could not be
+                                      retrieved due to a hardware or firmware
+                                      error.
+  @retval EFI_INVALID_PARAMETER       One or more of the parameters are
+                                      incorrect.
+  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small
+                                      to hold the result.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetInfo (
+  IN      EFI_RNG_PROTOCOL   *This,
+  IN OUT  UINTN              *RNGAlgorithmListSize,
+  OUT     EFI_RNG_ALGORITHM  *RNGAlgorithmList
+  )
+{
+  if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
+    *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+    return EFI_BUFFER_TOO_SMALL;
+  }
+
+  if (RNGAlgorithmList == NULL) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+  CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Produces and returns an RNG value using either the default or specified RNG
+  algorithm.
+
+  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL
+                                      instance.
+  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that
+                                      identifies the RNG algorithm to use. May
+                                      be NULL in which case the function will
+                                      use its default RNG algorithm.
+  @param[in]  RNGValueLength          The length in bytes of the memory buffer
+                                      pointed to by RNGValue. The driver shall
+                                      return exactly this numbers of bytes.
+  @param[out] RNGValue                A caller-allocated memory buffer filled
+                                      by the driver with the resulting RNG
+                                      value.
+
+  @retval EFI_SUCCESS                 The RNG value was returned successfully.
+  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm
+                                      is not supported by this driver.
+  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
+                                      to a hardware or firmware error.
+  @retval EFI_NOT_READY               There is not enough random data available
+                                      to satisfy the length requested by
+                                      RNGValueLength.
+  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is
+                                      zero.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetRNG (
+  IN EFI_RNG_PROTOCOL   *This,
+  IN EFI_RNG_ALGORITHM  *RNGAlgorithm  OPTIONAL,
+  IN UINTN              RNGValueLength,
+  OUT UINT8             *RNGValue
+  )
+{
+  UINT64      RandomData;
+  EFI_STATUS  Status;
+  UINTN       i;
+
+  if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // We only support the raw algorithm, so reject requests for anything else
+  //
+  if ((RNGAlgorithm != NULL) &&
+      !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
+  {
+    return EFI_UNSUPPORTED;
+  }
+
+  for (i = 0; i < RNGValueLength; ++i) {
+    if (i % 4 == 0) {
+      Status = GetRandomNumber64 (&RandomData);
+      if (EFI_ERROR (Status)) {
+        return Status;
+      }
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+static FALLBACK_RNG_DEV  Dev = {
+  .Rng.GetInfo = FallbackRngGetInfo,
+  .Rng.GetRNG  = FallbackRngGetRNG,
+  .Handle      = NULL,
+};
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+  )
+{
+  EFI_STATUS  Status;
+  EFI_HANDLE  *HandleBuffer = NULL;
+  UINTN       HandleCount   = 0;
+
+  if (Dev.Handle != NULL) {
+    DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
+    return EFI_ALREADY_STARTED;
+  }
+
+  Status = gBS->LocateHandleBuffer (
+                  ByProtocol,
+                  &gEfiRngProtocolGuid,
+                  NULL,
+                  &HandleCount,
+                  &HandleBuffer
+                  );
+
+  gBS->FreePool (HandleBuffer);
+
+  if (Status == EFI_NOT_FOUND) {
+    HandleCount = 0;
+  } else if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
+    return Status;
+  }
+
+  DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
+
+  if (HandleCount == 0) {
+    // Install RNG
+    Status = gBS->InstallProtocolInterface (
+                    &Dev.Handle,
+                    &gEfiRngProtocolGuid,
+                    EFI_NATIVE_INTERFACE,
+                    &Dev.Rng
+                    );
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
+      return Status;
+    }
+
+    gDS->Dispatch ();
+  }
+
+  return EFI_SUCCESS;
+}
+
+VOID
+FallbackRngPrintWarning (
+  )
+{
+  if (Dev.Handle != NULL) {
+    Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
+    DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
+    gBS->Stall (2000000);
+  }
+}
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+new file mode 100644
+index 0000000000..77332bc51c
+--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+@@ -0,0 +1,20 @@
+/** @file
+  Copyright (C) 2024, Red Hat, Inc.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _FALLBACK_RNG_H_
+#define _FALLBACK_RNG_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+  );
+
+VOID
+FallbackRngPrintWarning (
+  );
+
+#endif
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+index c249a3cf1e..154b0b6c88 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+@@ -25,6 +25,8 @@
+   PlatformData.c
+   QemuKernel.c
+   BdsPlatform.h
+  FallbackRng.c
+  FallbackRng.h
+ 
+ [Packages]
+   MdePkg/MdePkg.dec
+@@ -56,6 +58,7 @@
+   PlatformBmPrintScLib
+   Tcg2PhysicalPresenceLib
+   XenPlatformLib
+  RngLib
+ 
+ [Pcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
+@@ -78,9 +81,11 @@
+   gEfiDxeSmmReadyToLockProtocolGuid             # PROTOCOL SOMETIMES_PRODUCED
+   gEfiLoadedImageProtocolGuid                   # PROTOCOL SOMETIMES_PRODUCED
+   gEfiFirmwareVolume2ProtocolGuid               # PROTOCOL SOMETIMES_CONSUMED
+  gEfiRngProtocolGuid                           # PROTOCOL SOMETIMES_PRODUCED
+ 
+ [Guids]
+   gEfiEndOfDxeEventGroupGuid
+   gEfiGlobalVariableGuid
+   gRootBridgesConnectedEventGroupGuid
+   gUefiShellFileGuid
+  gEfiRngAlgorithmRaw
+-- 
+2.45.2
+
--- a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
+++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
--- a/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
+++ b/edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
@ -0,0 +1,92 @@
+From c465cf5cf3fbd09caf82d2c34fc6f127f5648b48 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Thu, 7 Nov 2024 11:36:22 +0100
+Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 104: OvmfPkg: Add a Fallback RNG (RH only)
+RH-Jira: RHEL-66236
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [2/2] d7748d697e522ab5ef70702da53241db71e602fe
+
+Since the pixiefail CVE fix, the network stack requires a random number
+generator.
+In case there is no hardware random number generator available,
+have the Platform Boot Manager install a pseudo RNG to ensure
+the network can be used.
+
+This patch adds the fallback rng which was introduced in a
+previous commit also to the ArmVirtPkg PlatformBootManagerLib.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c       | 5 +++++
+ .../PlatformBootManagerLib/PlatformBootManagerLib.inf        | 5 +++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+index 1848042f86..c4cfbfc7f6 100644
+--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
+@@ -29,6 +29,7 @@
+ #include <Guid/GlobalVariable.h>
+ #include <Guid/RootBridgesConnectedEventGroup.h>
+ #include <Guid/SerialPortLibVendor.h>
+#include "FallbackRng.h"
+ 
+ #include "PlatformBm.h"
+ 
+@@ -793,6 +794,8 @@ PlatformBootManagerBeforeConsole (
+   // instances on Virtio PCI RNG devices.
+   //
+   FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciRng, Connect);
+
+  FallbackRngCheckAndInstall ();
+ }
+ 
+ /**
+@@ -814,6 +817,8 @@ PlatformBootManagerAfterConsole (
+ {
+   RETURN_STATUS Status;
+ 
+  FallbackRngPrintWarning ();
+
+   //
+   // Show the splash screen.
+   //
+diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+index 997eb1a442..d4ea9bef60 100644
+--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+@@ -27,6 +27,8 @@
+   PlatformBm.c
+   PlatformBm.h
+   QemuKernel.c
+  ../../../OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+  ../../../OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+ 
+ [Packages]
+   ArmVirtPkg/ArmVirtPkg.dec
+@@ -53,6 +55,7 @@
+   UefiBootServicesTableLib
+   UefiLib
+   UefiRuntimeServicesTableLib
+  RngLib
+ 
+ [FixedPcd]
+   gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
+@@ -69,9 +72,11 @@
+   gEfiGlobalVariableGuid
+   gRootBridgesConnectedEventGroupGuid
+   gUefiShellFileGuid
+  gEfiRngAlgorithmRaw
+ 
+ [Protocols]
+   gEfiFirmwareVolume2ProtocolGuid
+   gEfiGraphicsOutputProtocolGuid
+   gEfiPciRootBridgeIoProtocolGuid
+   gVirtioDeviceProtocolGuid
+  gEfiRngProtocolGuid
+-- 
+2.45.2
+
--- a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
+++ b/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
@ -0,0 +1,45 @@
+From a56ec52966412cd44dd2427ba569d1e7b89a6c6d Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 19:00:11 +0100
+Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 106: OvmfPkg: Rerun dispatcher after initializing virtio-rng
+RH-Jira: RHEL-66188
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] a62e445ae8e45d656aaa2ea5f1875541e658f1d8
+
+Since the pixiefail CVE fix the network stack requires a hardware
+random number generator. This can currently be a modern CPU supporting
+the RDRAND instruction or a virtio-rng device.
+The latter is initialized during the BDS phase.
+To ensure all depending (network) modules are also started, we need to
+run the dispatcher once more after the device was initialized.
+Without this, network boot is not available under certain hardware
+configurations.
+
+Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
+
+Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
+Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 70d648c7e3..eb97d67b62 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -558,6 +558,8 @@ ConnectVirtioPciRng (
+     if (EFI_ERROR (Status)) {
+       goto Error;
+     }
+
+    gDS->Dispatch ();
+   }
+   return EFI_SUCCESS;
+ 
+-- 
+2.45.2
+
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-array-mode-switch-afte.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-array-mode-switch-afte.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-switching-between-mode.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-switching-between-mode.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-clone-ArmPlatformPkg-s-NOR-f.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-clone-ArmPlatformPkg-s-NOR-f.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-drop-block-I-O-protocol-impl.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-drop-block-I-O-protocol-impl.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-CheckBlockLocked-feat.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-CheckBlockLocked-feat.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-disk-I-O-protocol-imp.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-disk-I-O-protocol-imp.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variable2.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variable2.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariable2.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariable2.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch
--- a/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-use-EFI_MEMORY_WC-and-drop-A.patch
+++ b/SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-use-EFI_MEMORY_WC-and-drop-A.patch
--- a/SOURCES/edk2-OvmfPkg-clone-NorFlashPlatformLib-into-VirtNorFlashP.patch
+++ b/SOURCES/edk2-OvmfPkg-clone-NorFlashPlatformLib-into-VirtNorFlashP.patch
--- a/SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch
+++ b/SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch
--- a/SOURCES/edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
+++ b/SOURCES/edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch
--- a/SOURCES/edk2-SecurityPkg-Change-OPTIONAL-keyword-usage-style.patch
+++ b/SOURCES/edk2-SecurityPkg-Change-OPTIONAL-keyword-usage-style.patch
--- a/SOURCES/edk2-SecurityPkg-Change-use-of-EFI_D_-to-DEBUG_.patch
+++ b/SOURCES/edk2-SecurityPkg-Change-use-of-EFI_D_-to-DEBUG_.patch
--- a/SOURCES/edk2-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SEC-PATCH-4118-2.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SEC-PATCH-4118-2.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-411.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-418.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SECURITY-PATCH-418.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SEC-PATCH-4117-2.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SEC-PATCH-4117-2.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4117.patch
--- a/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
+++ b/SOURCES/edk2-SecurityPkg-DxeTpmMeasureBootLib-SECURITY-PATCH-4118.patch
--- a/SOURCES/edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch
+++ b/SOURCES/edk2-SecurityPkg-RngDxe-Add-AArch64-RawAlgorithm-support-.patch
--- a/SOURCES/edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch
+++ b/SOURCES/edk2-SecurityPkg-RngDxe-Add-Arm-support-of-RngDxe.patch
--- a/Show More
+++ b/Show More