Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
@ -1,2 +1,3 @@
|
||||
ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
|
||||
85388ae6525650667302c6b553894430197d9e0d SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
|
||||
de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
|
||||
4b2ed0d355d3ef44e21a72573e17017630b6d33c SOURCES/edk2-8736b8fdca.tar.xz
|
||||
bf431935cb72db4d80c8435a0956abb25ca71185 SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
|
||||
|
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
SOURCES/edk2-bb1bba3d77.tar.xz
|
||||
SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
|
||||
SOURCES/DBXUpdate-20230509.x64.bin
|
||||
SOURCES/edk2-8736b8fdca.tar.xz
|
||||
SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
|
||||
|
@ -0,0 +1,83 @@
|
||||
From 21816395a94558c8e5c97f13adbb5ffb909656b8 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 11 Jun 2014 21:55:22 +0200
|
||||
Subject: [PATCH] ignore build artifacts, generated files, session settings etc
|
||||
(RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- refresh against upstream commit 48760409ccc8 (".gitignore: Ignore python
|
||||
compiled files, extdeps, and vscode", 2019-11-11)
|
||||
|
||||
- add ".AutoGenIdFile.txt" to "Conf/.gitignore", in response to upstream
|
||||
commit 373298ca0d60 ("BaseTools: Fixed issue for IgnoreAutoGen",
|
||||
2019-09-10)
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- Conflict resolution against upstream commit 112f4ada2e6b ("edk2: Add
|
||||
.DS_Store to .gitignore for macOS", 2017-05-04), in the ".gitignore"
|
||||
file.
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 9ece15a -> c9e5618 rebase:
|
||||
|
||||
- Upstream added .gitignore files in the meanwhile, we just need some
|
||||
light customization. In particular the Conf/ReadMe.txt file should not
|
||||
be ignored, it is not generated.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 3b9c914f2d6bff6274d5ed45fcf4c757ce27031b)
|
||||
(cherry picked from commit b66c3c6d11a834dc7cb3ab326f09c6a21c0b81e8)
|
||||
(cherry picked from commit c94381432988f6137de46772cbd4080d9832c9ad)
|
||||
(cherry picked from commit 730cc57005e4908fcee29109672284808b21ec1c)
|
||||
(cherry picked from commit 161184bcb55a670f8f7f8c4147825eb360b73794)
|
||||
(cherry picked from commit 4eec2bb2176f2deda2b2c44a6f2ea167c5a43433)
|
||||
(cherry picked from commit ea548c8d0c9d4cd5b8b5200eda8ff6ac220a6307)
|
||||
(cherry picked from commit 4872f69df8b0460fbbfcd75950d81fdcd213f8c0)
|
||||
---
|
||||
Conf/.gitignore | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Conf/.gitignore b/Conf/.gitignore
|
||||
index 5e4debcc10..8601fc0cee 100644
|
||||
--- a/Conf/.gitignore
|
||||
+++ b/Conf/.gitignore
|
||||
@@ -1 +1,6 @@
|
||||
-*
|
||||
+.AutoGenIdFile.txt
|
||||
+.cache/
|
||||
+BuildEnv.sh
|
||||
+build_rule.txt
|
||||
+target.txt
|
||||
+tools_def.txt
|
121
SOURCES/0002-Remove-submodules.patch
Normal file
121
SOURCES/0002-Remove-submodules.patch
Normal file
@ -0,0 +1,121 @@
|
||||
From ff10592d4710f12d601dcfcdd25f28b6941c5141 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Thu, 24 Mar 2022 03:23:02 -0400
|
||||
Subject: [PATCH] Remove submodules
|
||||
|
||||
Rebase to edk2-stable202311: removing additional submodule:
|
||||
|
||||
- CryptoPkg/Library/MbedTlsLib/mbedtls
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Rebase to edk2-stable202305: removing additional submodules:
|
||||
|
||||
- MdePkg/Library/BaseFdtLib/libfdt
|
||||
- MdePkg/Library/MipiSysTLib/mipisyst
|
||||
- UnitTestFrameworkPkg/Library/GoogleTestLib/googletest
|
||||
- UnitTestFrameworkPkg/Library/SubhookLib/subhook
|
||||
|
||||
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
||||
|
||||
Upstream edk2 tracks several submodules we do not need in RHEL (removal
|
||||
done by individual commits in previous RHEL versions):
|
||||
|
||||
- openssl: We use RHEL specific openssl submodule later (commit 48f993088e)
|
||||
- SoftFloat: required only for 32-bit ARM (commit 273787a5c2)
|
||||
- cmocka: needed for UnitTestFrameworkPkg we do not use (commit a2dca9bcd2)
|
||||
- oniguruma: rhel do not need this dependency (commit 73f4b42b3a)
|
||||
- brotli: removed this dependency (commits fcd212ffce, cf62a90767 and ac5782e6ab)
|
||||
- jansson: we do not depend on JSON parsing or formating (commit c84227659a)
|
||||
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
MdeModulePkg: remove package-private Brotli include path (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- New patch.
|
||||
|
||||
Originating from upstream commit 58802e02c41b
|
||||
("MdeModulePkg/BrotliCustomDecompressLib: Make brotli a submodule",
|
||||
2020-04-16), "MdeModulePkg/MdeModulePkg.dec" contains a package-internal
|
||||
include path into a Brotli submodule.
|
||||
|
||||
The edk2 build system requires such include paths to resolve successfully,
|
||||
regardless of the firmware platform being built. Because
|
||||
BrotliCustomDecompressLib is not consumed by any OvmfPkg or ArmVirtPkg
|
||||
platforms, and we've removed the submodule earlier in this patch set,
|
||||
remove the include path too.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed)
|
||||
---
|
||||
BaseTools/Source/C/GNUmakefile | 1 -
|
||||
CryptoPkg/.gitignore | 1 +
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 ---
|
||||
MdePkg/MdePkg.dec | 5 -----
|
||||
4 files changed, 1 insertion(+), 9 deletions(-)
|
||||
create mode 100644 CryptoPkg/.gitignore
|
||||
|
||||
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
|
||||
index 5275f657ef..39d7199753 100644
|
||||
--- a/BaseTools/Source/C/GNUmakefile
|
||||
+++ b/BaseTools/Source/C/GNUmakefile
|
||||
@@ -51,7 +51,6 @@ all: makerootdir subdirs
|
||||
LIBRARIES = Common
|
||||
VFRAUTOGEN = VfrCompile/VfrLexer.h
|
||||
APPLICATIONS = \
|
||||
- BrotliCompress \
|
||||
VfrCompile \
|
||||
EfiRom \
|
||||
GenFfs \
|
||||
diff --git a/CryptoPkg/.gitignore b/CryptoPkg/.gitignore
|
||||
new file mode 100644
|
||||
index 0000000000..68b83272b7
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/.gitignore
|
||||
@@ -0,0 +1 @@
|
||||
+Library/OpensslLib/openssl*/
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index d2fede4f87..265dfec94f 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -26,9 +26,6 @@
|
||||
Include
|
||||
Test/Mock/Include
|
||||
|
||||
-[Includes.Common.Private]
|
||||
- Library/BrotliCustomDecompressLib/brotli/c/include
|
||||
-
|
||||
[LibraryClasses]
|
||||
## @libraryclass Defines a set of methods to reset whole system.
|
||||
ResetSystemLib|Include/Library/ResetSystemLib.h
|
||||
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||
index ac54338089..29f0a6e178 100644
|
||||
--- a/MdePkg/MdePkg.dec
|
||||
+++ b/MdePkg/MdePkg.dec
|
||||
@@ -29,7 +29,6 @@
|
||||
Include
|
||||
Test/UnitTest/Include
|
||||
Test/Mock/Include
|
||||
- Library/MipiSysTLib/mipisyst/library/include
|
||||
|
||||
[Includes.IA32]
|
||||
Include/Ia32
|
||||
@@ -295,10 +294,6 @@
|
||||
#
|
||||
FdtLib|Include/Library/FdtLib.h
|
||||
|
||||
- ## @libraryclass Provides general mipi sys-T services.
|
||||
- #
|
||||
- MipiSysTLib|Include/Library/MipiSysTLib.h
|
||||
-
|
||||
## @libraryclass Provides API to output Trace Hub debug message.
|
||||
#
|
||||
TraceHubDebugSysTLib|Include/Library/TraceHubDebugSysTLib.h
|
@ -1,8 +1,20 @@
|
||||
From fbfd113142f594c4f257b5a044a6e17ef7f66505 Mon Sep 17 00:00:00 2001
|
||||
From a531e0f3c999670f54926b2579e0721d217a49e0 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 22:40:01 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
|
||||
only)
|
||||
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
|
||||
change (RH only)
|
||||
|
||||
Notes for rebase to edk2-stable202311:
|
||||
|
||||
- Minor context changes due to new PCDs (for USB Networking) being added.
|
||||
|
||||
Notes for rebase to edk2-stable202205:
|
||||
|
||||
- Minor context changes due to fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask
|
||||
|
||||
Notes for rebase to edk2-stable202202:
|
||||
|
||||
- Minor context changes due to 1436aea4d MdeModulePkg: Apply uncrustify changes
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -87,12 +99,12 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
3 files changed, 36 insertions(+)
|
||||
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 9d69fb86ed..08d59dfb3e 100644
|
||||
index 265dfec94f..092a8dee2a 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -2076,6 +2076,10 @@
|
||||
# @Prompt Enable PCIe Resizable BAR Capability support.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024
|
||||
@@ -2158,6 +2158,10 @@
|
||||
# @Prompt The value is use for Usb Network rate limiting supported.
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
|
||||
|
||||
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
|
||||
+ # mode change.
|
||||
@ -102,7 +114,7 @@ index 9d69fb86ed..08d59dfb3e 100644
|
||||
## Specify memory size with page number for PEI code when
|
||||
# Loading Module at Fixed Address feature is enabled.
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
index aae470e956..26156857aa 100644
|
||||
index 7809869e7d..3be801039b 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
|
||||
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
@ -131,7 +143,7 @@ index aae470e956..26156857aa 100644
|
||||
//
|
||||
// Body of the ConOut functions
|
||||
//
|
||||
@@ -506,6 +518,24 @@ TerminalConOutSetMode (
|
||||
@@ -498,6 +510,24 @@ TerminalConOutSetMode (
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
@ -153,11 +165,11 @@ index aae470e956..26156857aa 100644
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
This->Mode->Mode = (INT32) ModeNumber;
|
||||
This->Mode->Mode = (INT32)ModeNumber;
|
||||
|
||||
Status = This->ClearScreen (This);
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
index b2a8aeba85..eff6253465 100644
|
||||
index b2a8aeba85..96810f337c 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
|
||||
@@ -55,6 +55,7 @@
|
||||
@ -176,6 +188,3 @@ index b2a8aeba85..eff6253465 100644
|
||||
|
||||
# [Event]
|
||||
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,7 +1,12 @@
|
||||
From 9ea7b3f689bf7d21b869adb829139be7eb91bb33 Mon Sep 17 00:00:00 2001
|
||||
From c53aae9d945648b7301efede1dc77bf7b7f4ee1c Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 15:59:06 +0200
|
||||
Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
|
||||
only)
|
||||
|
||||
Notes about edk2-stable202205 rebase
|
||||
|
||||
- Necessary minor fixes for upstream changes
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -67,86 +72,141 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f)
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
|
||||
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
|
||||
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
|
||||
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 +
|
||||
OvmfPkg/PlatformPei/Platform.c | 1 +
|
||||
OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
|
||||
6 files changed, 7 insertions(+)
|
||||
OvmfPkg/PlatformPei/Platform.c | 13 +++++++++++++
|
||||
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
|
||||
9 files changed, 21 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 5ee5445116..6ea3621225 100644
|
||||
index 302c90e7c2..ef70f5f08c 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -534,6 +534,7 @@
|
||||
@@ -486,6 +486,7 @@
|
||||
[PcdsDynamicDefault]
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
|
||||
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
|
||||
index c23c7eaf6c..49521ba47c 100644
|
||||
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
|
||||
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
|
||||
@@ -576,6 +576,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
index 182ec3705d..fd6722499a 100644
|
||||
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
||||
@@ -482,6 +482,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
|
||||
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
index ea1fa3e296..79f14b5c05 100644
|
||||
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
||||
@@ -584,7 +584,7 @@
|
||||
# only set when
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
-
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 6a5be97c05..4cacf0ea94 100644
|
||||
index ed3a19feeb..3101a3a4cf 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -594,6 +594,7 @@
|
||||
@@ -604,6 +604,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 71227d1b70..6225f8e095 100644
|
||||
index 16ca139b29..0c174947b7 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -600,6 +600,7 @@
|
||||
@@ -616,6 +616,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 52f7598cf1..b66fc67563 100644
|
||||
index dc1a0942aa..a328726d55 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -600,6 +600,7 @@
|
||||
@@ -634,6 +634,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
|
||||
index df2d9ad015..d0e2c08de9 100644
|
||||
index f5dc41c3a8..f244dcd24d 100644
|
||||
--- a/OvmfPkg/PlatformPei/Platform.c
|
||||
+++ b/OvmfPkg/PlatformPei/Platform.c
|
||||
@@ -752,6 +752,7 @@ InitializePlatform (
|
||||
MemTypeInfoInitialization ();
|
||||
MemMapInitialization ();
|
||||
NoexecDxeInitialization ();
|
||||
@@ -41,6 +41,18 @@
|
||||
|
||||
#include "Platform.h"
|
||||
|
||||
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
|
||||
+ do { \
|
||||
+ BOOLEAN Setting; \
|
||||
+ RETURN_STATUS PcdStatus; \
|
||||
+ \
|
||||
+ if (!RETURN_ERROR (QemuFwCfgParseBool ( \
|
||||
+ "opt/ovmf/" #TokenName, &Setting))) { \
|
||||
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
|
||||
+ ASSERT_RETURN_ERROR (PcdStatus); \
|
||||
+ } \
|
||||
+ } while (0)
|
||||
+
|
||||
EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = {
|
||||
{
|
||||
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
|
||||
@@ -355,6 +367,7 @@ InitializePlatform (
|
||||
MemTypeInfoInitialization (PlatformInfoHob);
|
||||
MemMapInitialization (PlatformInfoHob);
|
||||
NoexecDxeInitialization (PlatformInfoHob);
|
||||
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
|
||||
}
|
||||
|
||||
InstallClearCacheCallback ();
|
||||
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
index 67eb7aa716..7d26b43680 100644
|
||||
index 3934aeed95..d84aefee6d 100644
|
||||
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
@@ -93,6 +93,8 @@
|
||||
@@ -100,6 +100,7 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,7 +1,8 @@
|
||||
From b846a65eeb926a483cff3e35242097eb6d21ceab Mon Sep 17 00:00:00 2001
|
||||
From db9d61b18715590fc8956eb5da9b036afbfd9ab9 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sun, 26 Jul 2015 08:02:50 +0000
|
||||
Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
|
||||
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
|
||||
(RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -90,25 +91,24 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 7 +++-
|
||||
.../TerminalPcdProducerLib.c | 34 +++++++++++++++++++
|
||||
.../TerminalPcdProducerLib.inf | 33 ++++++++++++++++++
|
||||
OvmfPkg/PlatformPei/PlatformPei.inf | 1 -
|
||||
4 files changed, 73 insertions(+), 2 deletions(-)
|
||||
3 files changed, 73 insertions(+), 1 deletion(-)
|
||||
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index 891e065311..e0476ede4f 100644
|
||||
index 30e3cfc8b9..7b88b7441f 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -282,6 +282,8 @@
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
|
||||
@@ -309,6 +309,8 @@
|
||||
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
|
||||
!endif
|
||||
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
+
|
||||
[PcdsDynamicHii]
|
||||
gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
|
||||
|
||||
@@ -384,7 +386,10 @@
|
||||
@@ -418,7 +420,10 @@
|
||||
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
|
||||
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
|
||||
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
|
||||
@ -122,7 +122,7 @@ index 891e065311..e0476ede4f 100644
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||
new file mode 100644
|
||||
index 0000000000..bfd3a6a535
|
||||
index 0000000000..37f71c5e4c
|
||||
--- /dev/null
|
||||
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
|
||||
@@ -0,0 +1,34 @@
|
||||
@ -162,7 +162,7 @@ index 0000000000..bfd3a6a535
|
||||
+}
|
||||
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||
new file mode 100644
|
||||
index 0000000000..a51dbd1670
|
||||
index 0000000000..c840f6f97a
|
||||
--- /dev/null
|
||||
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
|
||||
@@ -0,0 +1,33 @@
|
||||
@ -199,18 +199,3 @@ index 0000000000..a51dbd1670
|
||||
+
|
||||
+[Pcd]
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES
|
||||
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
index 7d26b43680..69eb3edad3 100644
|
||||
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
|
||||
@@ -93,7 +93,6 @@
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
|
||||
- gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 02687f83845b9ae8455655e117f0b7cdaa18ba5c Mon Sep 17 00:00:00 2001
|
||||
From ccc528cc7a9d5b0029a1ca91cb592c999e9f8c5a Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:45 +0100
|
||||
Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -65,10 +65,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 6ea3621225..366fa79f62 100644
|
||||
index ef70f5f08c..28bdc56227 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -486,7 +486,7 @@
|
||||
@@ -428,7 +428,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -78,10 +78,10 @@ index 6ea3621225..366fa79f62 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 4cacf0ea94..2aacf1a5ff 100644
|
||||
index 3101a3a4cf..c4fc79a851 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -534,7 +534,7 @@
|
||||
@@ -537,7 +537,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -91,10 +91,10 @@ index 4cacf0ea94..2aacf1a5ff 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 6225f8e095..2613c83adb 100644
|
||||
index 0c174947b7..1da23b5389 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -538,7 +538,7 @@
|
||||
@@ -544,7 +544,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -104,10 +104,10 @@ index 6225f8e095..2613c83adb 100644
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index b66fc67563..d7d34eeef2 100644
|
||||
index a328726d55..4f886ba644 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -540,7 +540,7 @@
|
||||
@@ -563,7 +563,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
@ -116,6 +116,3 @@ index b66fc67563..d7d34eeef2 100644
|
||||
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
From a5dd9e06c570b2c003a2b6aea681f0d93bfbfdc4 Mon Sep 17 00:00:00 2001
|
||||
From 4bb5f3b3473da371b4db99899c1128ae4ff99f6e Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:46 +0100
|
||||
Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||
Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||
QemuVideoDxe/QemuRamfbDxe (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
@ -82,10 +82,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
4 files changed, 32 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 366fa79f62..a289d8a573 100644
|
||||
index 28bdc56227..cbd48af4dc 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -750,8 +750,14 @@
|
||||
@@ -694,8 +694,14 @@
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
@ -103,10 +103,10 @@ index 366fa79f62..a289d8a573 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 2aacf1a5ff..1a5cfa4c6d 100644
|
||||
index c4fc79a851..75a61c88e6 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -846,9 +846,15 @@
|
||||
@@ -850,9 +850,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -125,10 +125,10 @@ index 2aacf1a5ff..1a5cfa4c6d 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 2613c83adb..11002ffd95 100644
|
||||
index 1da23b5389..e5ca067d4c 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -860,9 +860,15 @@
|
||||
@@ -868,9 +868,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -147,10 +147,10 @@ index 2613c83adb..11002ffd95 100644
|
||||
|
||||
#
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index d7d34eeef2..f176aa4061 100644
|
||||
index 4f886ba644..ad314d86c6 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -858,9 +858,15 @@
|
||||
@@ -936,9 +936,15 @@
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
@ -168,6 +168,3 @@ index d7d34eeef2..f176aa4061 100644
|
||||
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,8 +1,8 @@
|
||||
From ccc2c9c85f43662f942bf5c303f4a1a9f964c36d Mon Sep 17 00:00:00 2001
|
||||
From 72830b010e7b78ef8d74cefcb5c6ad018c653ea6 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 27 Jan 2016 03:05:18 +0100
|
||||
Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
|
||||
only)
|
||||
Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
|
||||
QemuRamfbDxe (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index ec0edf6e7b..e6fad9f066 100644
|
||||
index 7b88b7441f..fe7b7e1d64 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -509,7 +509,10 @@
|
||||
@@ -547,7 +547,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
@ -77,10 +77,10 @@ index ec0edf6e7b..e6fad9f066 100644
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index a8bb83b288..656c9d99a3 100644
|
||||
index b50f8e84a3..4a43892f7d 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -438,7 +438,10 @@
|
||||
@@ -447,7 +447,10 @@
|
||||
#
|
||||
# Video support
|
||||
#
|
||||
@ -92,6 +92,3 @@ index a8bb83b288..656c9d99a3 100644
|
||||
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
OvmfPkg/PlatformDxe/Platform.inf
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,43 +0,0 @@
|
||||
From 0790c9c4f796fdce8ba6618359b78e1d0b331c95 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 4 Jun 2020 13:34:12 +0200
|
||||
Subject: BaseTools: do not build BrotliCompress (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- New patch.
|
||||
|
||||
BrotliCompress is not used for building ArmVirtPkg or OvmfPkg platforms.
|
||||
It depends on one of the upstream Brotli git submodules that we removed
|
||||
earlier in this rebase series. (See patch "remove upstream edk2's Brotli
|
||||
submodules (RH only").
|
||||
|
||||
Do not attempt to build BrotliCompress.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2)
|
||||
---
|
||||
BaseTools/Source/C/GNUmakefile | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
|
||||
index 8c191e0c38..3eae824a1c 100644
|
||||
--- a/BaseTools/Source/C/GNUmakefile
|
||||
+++ b/BaseTools/Source/C/GNUmakefile
|
||||
@@ -48,7 +48,6 @@ all: makerootdir subdirs
|
||||
LIBRARIES = Common
|
||||
VFRAUTOGEN = VfrCompile/VfrLexer.h
|
||||
APPLICATIONS = \
|
||||
- BrotliCompress \
|
||||
VfrCompile \
|
||||
EfiRom \
|
||||
GenFfs \
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,49 +0,0 @@
|
||||
From df9e25b7e6179a7764d44f915de95af5f850a020 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 4 Jun 2020 13:39:08 +0200
|
||||
Subject: MdeModulePkg: remove package-private Brotli include path (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- New patch.
|
||||
|
||||
Originating from upstream commit 58802e02c41b
|
||||
("MdeModulePkg/BrotliCustomDecompressLib: Make brotli a submodule",
|
||||
2020-04-16), "MdeModulePkg/MdeModulePkg.dec" contains a package-internal
|
||||
include path into a Brotli submodule.
|
||||
|
||||
The edk2 build system requires such include paths to resolve successfully,
|
||||
regardless of the firmware platform being built. Because
|
||||
BrotliCustomDecompressLib is not consumed by any OvmfPkg or ArmVirtPkg
|
||||
platforms, and we've removed the submodule earlier in this patch set,
|
||||
remove the include path too.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed)
|
||||
---
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 463e889e9a..9d69fb86ed 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -24,9 +24,6 @@
|
||||
[Includes]
|
||||
Include
|
||||
|
||||
-[Includes.Common.Private]
|
||||
- Library/BrotliCustomDecompressLib/brotli/c/include
|
||||
-
|
||||
[LibraryClasses]
|
||||
## @libraryclass Defines a set of methods to reset whole system.
|
||||
ResetSystemLib|Include/Library/ResetSystemLib.h
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,8 +1,8 @@
|
||||
From b3147a5ce92a149532ef1ec47cdf14082a56654d Mon Sep 17 00:00:00 2001
|
||||
From 2b84cf52f9a6f24f932bce5548202460f20ca9d0 Mon Sep 17 00:00:00 2001
|
||||
From: Philippe Mathieu-Daude <philmd@redhat.com>
|
||||
Date: Thu, 1 Aug 2019 20:43:48 +0200
|
||||
Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
|
||||
builds (RH only)
|
||||
Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64
|
||||
silent builds (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -47,7 +47,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
index 0d49d8bbab..dbf9bcbe16 100644
|
||||
index 5a1044f0dc..83c6d26c74 100644
|
||||
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
|
||||
@@ -13,6 +13,7 @@
|
||||
@ -58,7 +58,7 @@ index 0d49d8bbab..dbf9bcbe16 100644
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/FrameBufferBltLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
@@ -242,6 +243,19 @@ InitializeQemuRamfb (
|
||||
@@ -259,6 +260,19 @@ InitializeQemuRamfb (
|
||||
|
||||
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
|
||||
if (EFI_ERROR (Status)) {
|
||||
@ -77,9 +77,9 @@ index 0d49d8bbab..dbf9bcbe16 100644
|
||||
+#endif
|
||||
return EFI_NOT_FOUND;
|
||||
}
|
||||
if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
|
||||
|
||||
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
index e3890b8c20..6ffee5acb2 100644
|
||||
index e3890b8c20..f79a4bc987 100644
|
||||
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
@@ -29,6 +29,7 @@
|
||||
@ -90,6 +90,3 @@ index e3890b8c20..6ffee5acb2 100644
|
||||
DevicePathLib
|
||||
FrameBufferBltLib
|
||||
MemoryAllocationLib
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,82 +0,0 @@
|
||||
From 1a1bdd69fad22bbf48e3906bb73b33ede6632102 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 20 Feb 2014 22:54:45 +0100
|
||||
Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- trivial context difference due to upstream commit 2fe5f2f52918
|
||||
("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
|
||||
by git-cherry-pick automatically
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Upstream prefers short debug messages (sometimes even limited to 80
|
||||
characters), but any line length under 512 characters is just unsuitable
|
||||
for effective debugging. (For example, config strings in HII routing,
|
||||
logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
|
||||
level, can be several hundred characters long.) 512 is an empirically good
|
||||
value.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
|
||||
(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
|
||||
(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
|
||||
(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
|
||||
(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
|
||||
(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
|
||||
(cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5)
|
||||
(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e)
|
||||
---
|
||||
OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
index dffb20822d..0577c43c3d 100644
|
||||
--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
|
||||
@@ -21,7 +21,7 @@
|
||||
//
|
||||
// Define the maximum debug and assert message length that this library supports
|
||||
//
|
||||
-#define MAX_DEBUG_MESSAGE_LENGTH 0x100
|
||||
+#define MAX_DEBUG_MESSAGE_LENGTH 0x200
|
||||
|
||||
//
|
||||
// VA_LIST can not initialize to NULL for all compiler, so we use this to
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,8 +1,8 @@
|
||||
From a663867a4a99b97d0e1c5fdfed0389312fecd767 Mon Sep 17 00:00:00 2001
|
||||
From 67230df28e3861c4a7a8fb064a45ed85f015209c Mon Sep 17 00:00:00 2001
|
||||
From: Paolo Bonzini <pbonzini@redhat.com>
|
||||
Date: Tue, 21 Nov 2017 00:57:47 +0100
|
||||
Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
|
||||
only)
|
||||
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
|
||||
(RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -63,11 +63,11 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
||||
4 files changed, 16 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index a289d8a573..ccdf9b8ce0 100644
|
||||
index cbd48af4dc..a0319c1f0a 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -744,7 +744,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
@@ -688,7 +688,10 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||
@ -79,11 +79,11 @@ index a289d8a573..ccdf9b8ce0 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 1a5cfa4c6d..a0666930d6 100644
|
||||
index 75a61c88e6..34ad4f2777 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -839,7 +839,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
@@ -843,7 +843,10 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||
@ -95,11 +95,11 @@ index 1a5cfa4c6d..a0666930d6 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 11002ffd95..5efeb42bf3 100644
|
||||
index e5ca067d4c..4278ce5e1d 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -853,7 +853,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
@@ -861,7 +861,10 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||
@ -111,11 +111,11 @@ index 11002ffd95..5efeb42bf3 100644
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index f176aa4061..10fb7d7069 100644
|
||||
index ad314d86c6..e41a1b976e 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -851,7 +851,10 @@
|
||||
OvmfPkg/SataControllerDxe/SataControllerDxe.inf
|
||||
@@ -929,7 +929,10 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
|
||||
@ -126,6 +126,3 @@ index f176aa4061..10fb7d7069 100644
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,168 +0,0 @@
|
||||
From 8ea4ac38206664e1d833085a0b7d4e0736870c2b Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 25 Feb 2014 18:40:35 +0100
|
||||
Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- update commit message as requested in
|
||||
<https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
|
||||
390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
|
||||
InitializeTerminalConsoleTextMode", 2017-01-10).
|
||||
|
||||
When the console output is multiplexed to several devices by
|
||||
ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
|
||||
supported by all console output devices.
|
||||
|
||||
Two notable output devices are provided by:
|
||||
(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
|
||||
(2) MdeModulePkg/Universal/Console/TerminalDxe.
|
||||
|
||||
GraphicsConsoleDxe supports four modes at most -- see
|
||||
InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
|
||||
|
||||
(1a) 80x25 (required by the UEFI spec as mode 0),
|
||||
(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
|
||||
requires the driver to provide it as mode 1),
|
||||
(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
|
||||
spec requires from all plug-in graphics devices),
|
||||
(1d) "full screen" resolution, derived form the underlying GOP's
|
||||
horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
|
||||
(8) and EFI_GLYPH_HEIGHT (19), respectively.
|
||||
|
||||
The automatic "full screen resolution" makes GraphicsConsoleDxe's
|
||||
character console very flexible. However, TerminalDxe (which runs on
|
||||
serial ports) only provides the following fixed resolutions -- see
|
||||
InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
|
||||
|
||||
(2a) 80x25 (required by the UEFI spec as mode 0),
|
||||
(2b) 80x50 (since the character resolution of a serial device cannot be
|
||||
interrogated easily, this is added unconditionally as mode 1),
|
||||
(2c) 100x31 (since the character resolution of a serial device cannot be
|
||||
interrogated easily, this is added unconditionally as mode 2).
|
||||
|
||||
When ConSplitterDxe combines (1) and (2), multiplexing console output to
|
||||
both video output and serial terminal, the list of commonly supported text
|
||||
modes (ie. the "intersection") comprises:
|
||||
|
||||
(3a) 80x25, unconditionally, from (1a) and (2a),
|
||||
(3b) 80x50, if the graphics console provides at least 640x950 pixel
|
||||
resolution, from (1b) and (2b)
|
||||
(3c) 100x31, if the graphics device is a plug-in one (because in that case
|
||||
800x600 is a mandated pixel resolution), from (1c) and (2c).
|
||||
|
||||
Unfortunately, the "full screen resolution" (1d) of the GOP-based text
|
||||
console is not available in general.
|
||||
|
||||
Mitigate this problem by extending "mTerminalConsoleModeData" with a
|
||||
handful of text resolutions that are derived from widespread maximal pixel
|
||||
resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
|
||||
the most frequent (1d) values from the intersection, and eg. the MODE
|
||||
command in the UEFI shell will offer the "best" (ie. full screen)
|
||||
resolution too.
|
||||
|
||||
Upstreaming efforts for this patch have been discontinued; it was clear
|
||||
from the off-list thread that consensus was impossible to reach.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
|
||||
(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
|
||||
(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
|
||||
(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
|
||||
(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
|
||||
(cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18)
|
||||
(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69)
|
||||
---
|
||||
.../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
index a98b690c8b..ded5513c74 100644
|
||||
--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
|
||||
@@ -115,9 +115,44 @@ TERMINAL_DEV mTerminalDevTemplate = {
|
||||
};
|
||||
|
||||
TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
|
||||
- {80, 25},
|
||||
- {80, 50},
|
||||
- {100, 31},
|
||||
+ { 80, 25 }, // from graphics resolution 640 x 480
|
||||
+ { 80, 50 }, // from graphics resolution 640 x 960
|
||||
+ { 100, 25 }, // from graphics resolution 800 x 480
|
||||
+ { 100, 31 }, // from graphics resolution 800 x 600
|
||||
+ { 104, 32 }, // from graphics resolution 832 x 624
|
||||
+ { 120, 33 }, // from graphics resolution 960 x 640
|
||||
+ { 128, 31 }, // from graphics resolution 1024 x 600
|
||||
+ { 128, 40 }, // from graphics resolution 1024 x 768
|
||||
+ { 144, 45 }, // from graphics resolution 1152 x 864
|
||||
+ { 144, 45 }, // from graphics resolution 1152 x 870
|
||||
+ { 160, 37 }, // from graphics resolution 1280 x 720
|
||||
+ { 160, 40 }, // from graphics resolution 1280 x 760
|
||||
+ { 160, 40 }, // from graphics resolution 1280 x 768
|
||||
+ { 160, 42 }, // from graphics resolution 1280 x 800
|
||||
+ { 160, 50 }, // from graphics resolution 1280 x 960
|
||||
+ { 160, 53 }, // from graphics resolution 1280 x 1024
|
||||
+ { 170, 40 }, // from graphics resolution 1360 x 768
|
||||
+ { 170, 40 }, // from graphics resolution 1366 x 768
|
||||
+ { 175, 55 }, // from graphics resolution 1400 x 1050
|
||||
+ { 180, 47 }, // from graphics resolution 1440 x 900
|
||||
+ { 200, 47 }, // from graphics resolution 1600 x 900
|
||||
+ { 200, 63 }, // from graphics resolution 1600 x 1200
|
||||
+ { 210, 55 }, // from graphics resolution 1680 x 1050
|
||||
+ { 240, 56 }, // from graphics resolution 1920 x 1080
|
||||
+ { 240, 63 }, // from graphics resolution 1920 x 1200
|
||||
+ { 240, 75 }, // from graphics resolution 1920 x 1440
|
||||
+ { 250, 105 }, // from graphics resolution 2000 x 2000
|
||||
+ { 256, 80 }, // from graphics resolution 2048 x 1536
|
||||
+ { 256, 107 }, // from graphics resolution 2048 x 2048
|
||||
+ { 320, 75 }, // from graphics resolution 2560 x 1440
|
||||
+ { 320, 84 }, // from graphics resolution 2560 x 1600
|
||||
+ { 320, 107 }, // from graphics resolution 2560 x 2048
|
||||
+ { 350, 110 }, // from graphics resolution 2800 x 2100
|
||||
+ { 400, 126 }, // from graphics resolution 3200 x 2400
|
||||
+ { 480, 113 }, // from graphics resolution 3840 x 2160
|
||||
+ { 512, 113 }, // from graphics resolution 4096 x 2160
|
||||
+ { 960, 227 }, // from graphics resolution 7680 x 4320
|
||||
+ { 1024, 227 }, // from graphics resolution 8192 x 4320
|
||||
//
|
||||
// New modes can be added here.
|
||||
//
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,8 +1,8 @@
|
||||
From d9416e3015cadb3214d5ca409e57fd2352ae1961 Mon Sep 17 00:00:00 2001
|
||||
From 9bf175beabab17dae1b5883d528ae3d9d834249b Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 24 Jun 2020 11:31:36 +0200
|
||||
Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in
|
||||
silent aa64 build (RH)
|
||||
Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
|
||||
in silent aa64 build (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -32,7 +32,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
2 files changed, 18 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
|
||||
index 6832d563bc..08ed67f5ff 100644
|
||||
index 3c12085f6c..e192809198 100644
|
||||
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
|
||||
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
|
||||
@@ -19,6 +19,7 @@
|
||||
@ -43,7 +43,7 @@ index 6832d563bc..08ed67f5ff 100644
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/QemuFwCfgLib.h>
|
||||
@@ -1054,6 +1055,22 @@ QemuKernelLoaderFsDxeEntrypoint (
|
||||
@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint (
|
||||
|
||||
if (KernelBlob->Data == NULL) {
|
||||
Status = EFI_NOT_FOUND;
|
||||
@ -67,7 +67,7 @@ index 6832d563bc..08ed67f5ff 100644
|
||||
}
|
||||
|
||||
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
|
||||
index 7b35adb8e0..e0331c6e2c 100644
|
||||
index 7b35adb8e0..23d9f5fca1 100644
|
||||
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
|
||||
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
|
||||
@@ -28,6 +28,7 @@
|
||||
@ -78,6 +78,3 @@ index 7b35adb8e0..e0331c6e2c 100644
|
||||
DevicePathLib
|
||||
MemoryAllocationLib
|
||||
QemuFwCfgLib
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,8 +1,8 @@
|
||||
From fd19e4e33d52e843e6e35adde2c1e266497e8a7b Mon Sep 17 00:00:00 2001
|
||||
From d3d9a0ea8cdd6a8438a878a859ca0cd416c42ad6 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 24 Jun 2020 11:40:09 +0200
|
||||
Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build
|
||||
(RH)
|
||||
Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
|
||||
aa64 build (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
@ -31,7 +31,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
2 files changed, 18 insertions(+)
|
||||
|
||||
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
index 6d17616c1c..f1a97d4b2d 100644
|
||||
index f6ea8b2bbf..1fd5e187fb 100644
|
||||
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
|
||||
@@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
@ -42,9 +42,9 @@ index 6d17616c1c..f1a97d4b2d 100644
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/UefiRuntimeServicesTableLib.h>
|
||||
#include <Library/UefiDriverEntryPoint.h>
|
||||
@@ -2642,6 +2643,22 @@ DriverEntry (
|
||||
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
|
||||
CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
|
||||
@@ -2691,6 +2692,22 @@ DriverEntry (
|
||||
CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
|
||||
{
|
||||
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
|
||||
+#if defined (MDE_CPU_AARCH64)
|
||||
+ //
|
||||
@ -66,7 +66,7 @@ index 6d17616c1c..f1a97d4b2d 100644
|
||||
}
|
||||
|
||||
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
index 7dc7a2683d..3bc8833931 100644
|
||||
index 7dc7a2683d..ae90070b36 100644
|
||||
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
|
||||
@@ -55,6 +55,7 @@
|
||||
@ -77,6 +77,3 @@ index 7dc7a2683d..3bc8833931 100644
|
||||
Tpm2CommandLib
|
||||
PrintLib
|
||||
UefiLib
|
||||
--
|
||||
2.27.0
|
||||
|
126
SOURCES/0013-OvmfPkg-Remove-EbcDxe-RHEL-only.patch
Normal file
126
SOURCES/0013-OvmfPkg-Remove-EbcDxe-RHEL-only.patch
Normal file
@ -0,0 +1,126 @@
|
||||
From ce3ac92a202a0b845654c05449107840edf5d2f9 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:28:49 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [2/19] 6777c3dc453e4aecddc20216f783ba2a5acccaa0
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove EFI Byte Code interpreter.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
8 files changed, 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index a0319c1f0a..906c1a4332 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -613,7 +613,6 @@
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
|
||||
}
|
||||
|
||||
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index b2ab0c7773..20d31d0e2d 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -205,7 +205,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
||||
|
||||
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 34ad4f2777..d664b42c67 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -753,7 +753,6 @@
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
|
||||
}
|
||||
|
||||
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
!ifdef $(CSM_ENABLE)
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 383613e54b..236680dec2 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
||||
|
||||
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
!ifdef $(CSM_ENABLE)
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 4278ce5e1d..2e0af7698a 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -771,7 +771,6 @@
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
|
||||
}
|
||||
|
||||
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
!ifdef $(CSM_ENABLE)
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 3cec3d0c87..3ad2fe5eee 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
||||
|
||||
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
|
||||
!ifdef $(CSM_ENABLE)
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index e41a1b976e..55f6760f4c 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -816,7 +816,6 @@
|
||||
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
|
||||
}
|
||||
|
||||
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
|
||||
UefiCpuPkg/CpuDxe/CpuDxe.inf {
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 9c35b6e848..da4541d747 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -239,7 +239,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
|
||||
|
||||
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
|
||||
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
|
||||
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
||||
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
|
||||
|
||||
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
|
@ -0,0 +1,126 @@
|
||||
From 536709a91fe5d9bf5bb41bc0ae56cb3e3fa0cf5a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:28:59 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [4/19] f0a41317291f2e9e3b5bd3125149c3866f23ab08
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
QemuVideoDxe binds virtio-vga, so VirtioGpu is not needed.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
8 files changed, 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 906c1a4332..52b0d1062c 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -704,7 +704,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
}
|
||||
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index 20d31d0e2d..48cc3b00c1 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
|
||||
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
|
||||
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
INF OvmfPkg/PlatformDxe/Platform.inf
|
||||
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index d664b42c67..d39d9e8c27 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -861,7 +861,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
}
|
||||
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 236680dec2..381735165d 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -334,7 +334,6 @@ INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
!endif
|
||||
|
||||
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
INF OvmfPkg/PlatformDxe/Platform.inf
|
||||
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 2e0af7698a..0e3de2ec5e 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -879,7 +879,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
}
|
||||
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 3ad2fe5eee..2ca10f7c5e 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -340,7 +340,6 @@ INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
!endif
|
||||
|
||||
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
INF OvmfPkg/PlatformDxe/Platform.inf
|
||||
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 55f6760f4c..c266686361 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -947,7 +947,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
}
|
||||
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index da4541d747..00b3f9d0d8 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -367,7 +367,6 @@ INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
|
||||
!endif
|
||||
|
||||
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
||||
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
||||
INF OvmfPkg/PlatformDxe/Platform.inf
|
||||
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
|
@ -0,0 +1,100 @@
|
||||
From ff214a87a99084bd91a04711e52ec1bffa911557 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:13 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [9/19] b40d8a6b9c38568a74fb922b12bbae9f0e721f95
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the virtio-fs driver.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
6 files changed, 6 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index d39d9e8c27..12ed090eab 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -836,7 +836,6 @@
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 381735165d..bd69792100 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -296,7 +296,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 0e3de2ec5e..821423cfe2 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -854,7 +854,6 @@
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 2ca10f7c5e..4011682faf 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -297,7 +297,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index c266686361..ea3f8d73bc 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -922,7 +922,6 @@
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 00b3f9d0d8..c53501679a 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
@ -1,172 +0,0 @@
|
||||
From e8e12cb7d3a47e5823cf2cb12c9bfe5901d3b100 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 4 Nov 2014 23:02:53 +0100
|
||||
Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
|
||||
only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- No manual / explicit code change is necessary, because the newly
|
||||
inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
|
||||
build-time macro (feature test flag), with default value FALSE -- from
|
||||
upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
|
||||
Package", 2020-12-14).
|
||||
|
||||
- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
|
||||
enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
|
||||
introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
|
||||
git-cherry-pick.
|
||||
|
||||
- Remove obsolete commit message tags related to downstream patch
|
||||
management: Message-id, Patchwork-id, O-Subject, Acked-by
|
||||
(RHBZ#1846481).
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
|
||||
'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- update the patch against the following upstream commits:
|
||||
- 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
|
||||
- 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
|
||||
tool chain", 2018-11-27)
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Bugzilla: 1147592
|
||||
|
||||
When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
|
||||
binary from the firmware image.
|
||||
|
||||
Peter Jones advised us that firmware vendors for physical systems disable
|
||||
the memory-mapped, firmware image-contained UEFI shell in
|
||||
SecureBoot-enabled builds. The reason being that the memory-mapped shell
|
||||
can always load, it may have direct access to various hardware in the
|
||||
system, and it can run UEFI shell scripts (which cannot be signed at all).
|
||||
|
||||
Intended use of the new build option:
|
||||
|
||||
- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
|
||||
firmware image will contain a shell binary, independently of SecureBoot
|
||||
enablement, which is flexible for interactive development. (Ie. no
|
||||
change for in-tree builds.)
|
||||
|
||||
- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
|
||||
'-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
|
||||
|
||||
- OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
|
||||
|
||||
- OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
|
||||
|
||||
- UefiShell.iso: a bootable ISO image with the shell on it as default
|
||||
boot loader. The shell binary will load when SecureBoot is turned off,
|
||||
and won't load when SecureBoot is turned on (because it is not
|
||||
signed).
|
||||
|
||||
UefiShell.iso is the reason we're not excluding the shell from the DSC
|
||||
files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
|
||||
is specified, the shell binary needs to be built the same, only it
|
||||
will be included in UefiShell.iso.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
|
||||
(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
|
||||
(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
|
||||
(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
|
||||
(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
|
||||
(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
|
||||
(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
|
||||
(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 2 ++
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
|
||||
OvmfPkg/OvmfPkgX64.fdf | 2 ++
|
||||
3 files changed, 6 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 775ea2d710..00ea14adf0 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -290,12 +290,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
+!endif
|
||||
|
||||
INF MdeModulePkg/Logo/LogoDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 9d8695922f..e33a40c44e 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -294,12 +294,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
+!endif
|
||||
|
||||
INF MdeModulePkg/Logo/LogoDxe.inf
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index b6cc3cabdd..85b4b23857 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -310,12 +310,14 @@ INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
+!ifndef $(EXCLUDE_SHELL_FROM_FD)
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
+!endif
|
||||
|
||||
INF MdeModulePkg/Logo/LogoDxe.inf
|
||||
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,93 +0,0 @@
|
||||
From eba5ecf4b2611d593a978ccac804314ab7848754 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:49:43 +0200
|
||||
Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
|
||||
machine firmware) print a reasonably early, simple hello message to the
|
||||
serial port, regardless of debug mask settings. This should inform
|
||||
interactive users, and provide some rough help in localizing boot
|
||||
problems, even with restrictive debug masks.
|
||||
|
||||
If a platform doesn't want this feature, it should stick with the default
|
||||
empty string.
|
||||
|
||||
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||
Downstream only:
|
||||
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||
|
||||
Suggested-by: Drew Jones <drjones@redhat.com>
|
||||
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
|
||||
(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
|
||||
(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
|
||||
(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
|
||||
(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
|
||||
(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
|
||||
(cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc)
|
||||
(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9)
|
||||
---
|
||||
ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
index 3a25ddcdc8..b2b58553c7 100644
|
||||
--- a/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
@@ -121,6 +121,13 @@
|
||||
## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
|
||||
gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
|
||||
|
||||
+ #
|
||||
+ # Early hello message (ASCII string), printed to the serial port.
|
||||
+ # If set to the empty string, nothing is printed.
|
||||
+ # Otherwise, a trailing CRLF should be specified explicitly.
|
||||
+ #
|
||||
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
|
||||
+
|
||||
[PcdsFixedAtBuild.common,PcdsDynamic.common]
|
||||
## PL031 RealTimeClock
|
||||
gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,61 @@
|
||||
From 7478b17347f2119448467a0ce821a5c5f865a2c8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:16 +0200
|
||||
Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [10/19] 808ad4385c24fbf34fb0ba359808e6d364e1d030
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the virtio-fs driver.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 1 -
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
|
||||
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 -
|
||||
3 files changed, 3 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index fe7b7e1d64..f0946821c6 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -465,7 +465,6 @@
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
#
|
||||
# Bds
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index 9b3e37d5c9..a997063751 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -84,7 +84,6 @@ READ_LOCK_STATUS = TRUE
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
#
|
||||
# Status Code Routing
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index 4a43892f7d..8fa801dad6 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -365,7 +365,6 @@
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
|
||||
|
||||
#
|
||||
# Bds
|
@ -1,145 +0,0 @@
|
||||
From 8be1d7253ba8a7d30bb54835ef1fc866aa62e216 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 13:59:20 +0200
|
||||
Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
|
||||
port (RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
|
||||
temporary stack before entering PEI core", 2017-11-09) -- conflict
|
||||
resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
The FixedPcdGetSize() macro expands to an integer constant, therefore an
|
||||
optimizing compiler can eliminate the new code, if the platform DSC
|
||||
doesn't override the empty string (size=1) default of
|
||||
PcdEarlyHelloMessage.
|
||||
|
||||
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||
Downstream only:
|
||||
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||
|
||||
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
|
||||
(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
|
||||
(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
|
||||
(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
|
||||
(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
|
||||
(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
|
||||
(cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453)
|
||||
(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa)
|
||||
---
|
||||
ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++
|
||||
ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++
|
||||
ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 +
|
||||
ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++
|
||||
ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
|
||||
5 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
index 859f1adf20..cf9e65bb7c 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
|
||||
@@ -111,6 +111,11 @@ PrimaryMain (
|
||||
UINTN TemporaryRamBase;
|
||||
UINTN TemporaryRamSize;
|
||||
|
||||
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
|
||||
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
|
||||
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
|
||||
+ }
|
||||
+
|
||||
CreatePpiList (&PpiListSize, &PpiList);
|
||||
|
||||
// Enable the GIC Distributor
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
index 220f9b5680..158cc34c77 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
|
||||
@@ -29,6 +29,11 @@ PrimaryMain (
|
||||
UINTN TemporaryRamBase;
|
||||
UINTN TemporaryRamSize;
|
||||
|
||||
+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
|
||||
+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
|
||||
+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
|
||||
+ }
|
||||
+
|
||||
CreatePpiList (&PpiListSize, &PpiList);
|
||||
|
||||
// Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
index 7b155a8a61..e9e283f9ec 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
|
||||
@@ -15,6 +15,7 @@
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/IoLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
+#include <Library/SerialPortLib.h>
|
||||
|
||||
#include <PiPei.h>
|
||||
#include <Ppi/TemporaryRamSupport.h>
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
index fb01dd1a11..a6681c1032 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
|
||||
@@ -69,6 +69,8 @@
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||
|
||||
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
|
||||
+
|
||||
gArmTokenSpaceGuid.PcdGicDistributorBase
|
||||
gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
|
||||
gArmTokenSpaceGuid.PcdGicSgiIntId
|
||||
diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
index e9eb092d3a..c98dc82f0c 100644
|
||||
--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
|
||||
@@ -67,4 +67,6 @@
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
|
||||
gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
|
||||
|
||||
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
|
||||
+
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,126 @@
|
||||
From 42c144b94db706be6f01d5fb1537a35cc803daa8 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:19 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [11/19] 21614de37221fca27d4eec0f03c5c8bce5911af3
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the UDF driver.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 1 -
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
8 files changed, 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 52b0d1062c..41953c119d 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -681,7 +681,6 @@
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index 48cc3b00c1..2f03c80ffd 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -274,7 +274,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 12ed090eab..07176ad930 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -835,7 +835,6 @@
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index bd69792100..97c808446e 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -295,7 +295,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 821423cfe2..ba7ed38412 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -853,7 +853,6 @@
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 4011682faf..6351ce645b 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -296,7 +296,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index ea3f8d73bc..55f3315241 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -921,7 +921,6 @@
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
|
||||
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index c53501679a..558a944f20 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
|
||||
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
|
||||
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
@ -0,0 +1,61 @@
|
||||
From 34b2ee906d0cce11a8156105777b6ecfaca5feba Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:22 +0200
|
||||
Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [12/19] fcadb6a747b65e4d449d48131c9a2eeed4bd3c9a
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the UDF driver.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 1 -
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
|
||||
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 -
|
||||
3 files changed, 3 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index f0946821c6..68ad5877ee 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -464,7 +464,6 @@
|
||||
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
#
|
||||
# Bds
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index a997063751..dcb1b793d1 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -83,7 +83,6 @@ READ_LOCK_STATUS = TRUE
|
||||
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
- INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
#
|
||||
# Status Code Routing
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index 8fa801dad6..87e54e682a 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -364,7 +364,6 @@
|
||||
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
|
||||
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
|
||||
FatPkg/EnhancedFatDxe/Fat.inf
|
||||
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
|
||||
|
||||
#
|
||||
# Bds
|
@ -1,82 +0,0 @@
|
||||
From 12873d08db00e113ef28eb4552f478cd4ffb3393 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 14 Oct 2015 14:07:17 +0200
|
||||
Subject: ArmVirtPkg: set early hello message (RH only)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- context difference from upstream commit f5cb3767038e
|
||||
("ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2
|
||||
support", 2020-03-04) automatically resolved correctly
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- no change
|
||||
|
||||
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
|
||||
RHEL-8.1/20190308-89910a39dcfd rebase:
|
||||
|
||||
- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
|
||||
don't set PcdCoreCount", 2019-02-13)
|
||||
|
||||
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
|
||||
RHEL-8.0/20180508-ee3198e672e2 rebase:
|
||||
|
||||
- reorder the rebase changelog in the commit message so that it reads like
|
||||
a blog: place more recent entries near the top
|
||||
- no changes to the patch body
|
||||
|
||||
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
|
||||
|
||||
- no changes
|
||||
|
||||
Print a friendly banner on QEMU, regardless of debug mask settings.
|
||||
|
||||
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
|
||||
Downstream only:
|
||||
<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
|
||||
|
||||
Contributed-under: TianoCore Contribution Agreement 1.0
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
|
||||
(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
|
||||
(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
|
||||
(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
|
||||
(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
|
||||
(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
|
||||
(cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b)
|
||||
(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index e0476ede4f..ec0edf6e7b 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -134,6 +134,7 @@
|
||||
gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
|
||||
|
||||
[PcdsFixedAtBuild.common]
|
||||
+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
|
||||
!if $(ARCH) == AARCH64
|
||||
gArmTokenSpaceGuid.PcdVFPEnabled|1
|
||||
!endif
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,109 @@
|
||||
From aac73e5f62e2305e6578c9b22ae557741bf6532a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:25 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [13/19] cf9ef346386ac89fa05b29d429d8d1b27cf0e3b0
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to download files in the shell via TFTP.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
6 files changed, 15 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 07176ad930..0183511722 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -913,10 +913,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 97c808446e..cb95c842fa 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -297,7 +297,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index ba7ed38412..66554b42ed 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -931,10 +931,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 6351ce645b..592f0fed82 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -298,7 +298,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 55f3315241..6d1d2bd39b 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -999,10 +999,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 558a944f20..70556f8ace 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -323,7 +323,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
@ -0,0 +1,54 @@
|
||||
From a3493c0945f733e395ea7444f1639a42f8a717f0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:28 +0200
|
||||
Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to download files in the shell via TFTP.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++----
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
|
||||
2 files changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
index fe6488ee99..5677bad717 100644
|
||||
--- a/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
@@ -385,10 +385,9 @@
|
||||
#
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
|
||||
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
+ #
|
||||
+ # UEFI application (Shell Embedded Boot Loader)
|
||||
+ #
|
||||
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index dcb1b793d1..b1c3fcc66d 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -99,7 +99,6 @@ READ_LOCK_STATUS = TRUE
|
||||
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
||||
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
- INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
@ -0,0 +1,113 @@
|
||||
From 873a03ce289c988d822f1bb420c1e9a0eef5ca56 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:31 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Rebase to edk2-stable202311:
|
||||
|
||||
Minor update, context change due to new variable policy shell command.
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [15/19] 1911cf04f27467ef1175b1976864c1111d93d19e
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to download files in the shell via HTTP(S).
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 4 ----
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
6 files changed, 15 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 0183511722..970ffbad82 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -913,10 +913,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index cb95c842fa..891e0e06ef 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -297,7 +297,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 66554b42ed..3127e3d18d 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -931,10 +931,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 592f0fed82..61a827b365 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -298,7 +298,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 6d1d2bd39b..6f078b5b27 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -999,10 +999,6 @@
|
||||
!endif
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index 70556f8ace..d2e1c2894f 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -323,7 +323,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
@ -0,0 +1,55 @@
|
||||
From 4b212f0b5f5d2dbe595e53bc0b553abb90ee288a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:34 +0200
|
||||
Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Rebase to edk2-stable202311:
|
||||
|
||||
Minor update, context change due to new variable policy shell command.
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to download files in the shell via HTTP(S).
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirt.dsc.inc | 4 ----
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
|
||||
2 files changed, 5 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
index 5677bad717..d4c001e1bd 100644
|
||||
--- a/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
@@ -388,10 +388,6 @@
|
||||
#
|
||||
# UEFI application (Shell Embedded Boot Loader)
|
||||
#
|
||||
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index b1c3fcc66d..8153558686 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -99,7 +99,6 @@ READ_LOCK_STATUS = TRUE
|
||||
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
||||
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
- INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
|
||||
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
|
||||
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
|
@ -0,0 +1,315 @@
|
||||
From 3635ecb975af26d0d4886b862f8cf812b891eb37 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:39 +0200
|
||||
Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Rebase to edk2-stable202311:
|
||||
|
||||
Minor update, context change due to new variable policy shell command.
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [17/19] 491fe1301ea29c7cb56c20272e45614d5fcb6f14
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to register a file in the shell as the
|
||||
initial ramdisk for a UEFI stubbed kernel, to be booted next.
|
||||
|
||||
Note: as further dynamic shell commands might show up upstream,
|
||||
we intentionally preserve the empty !ifdef'ry context to ease
|
||||
future downstream rebases.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ----
|
||||
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32.dsc | 32 ++++++++++++++------------------
|
||||
OvmfPkg/OvmfPkgIa32.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgIa32X64.dsc | 32 ++++++++++++++------------------
|
||||
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
|
||||
OvmfPkg/OvmfPkgX64.dsc | 32 ++++++++++++++------------------
|
||||
OvmfPkg/OvmfPkgX64.fdf | 1 -
|
||||
8 files changed, 42 insertions(+), 62 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
index 41953c119d..7bb6ffb3f0 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
||||
@@ -740,10 +740,6 @@
|
||||
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
!endif
|
||||
OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
|
||||
OvmfPkg/AmdSev/Grub/Grub.inf
|
||||
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
index 2f03c80ffd..0e3d7bea2b 100644
|
||||
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
||||
@@ -276,7 +276,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
|
||||
-INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
|
||||
INF OvmfPkg/AmdSev/Grub/Grub.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
index 970ffbad82..83adecc374 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
||||
@@ -537,7 +537,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
@@ -604,7 +604,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
- gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
@@ -840,25 +840,25 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
@@ -917,10 +917,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
}
|
||||
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
ShellPkg/Application/Shell/Shell.inf {
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
index 891e0e06ef..88c57ff5ff 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
||||
@@ -297,7 +297,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
index 3127e3d18d..b47cdf63e7 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
||||
@@ -544,7 +544,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
@@ -616,7 +616,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
- gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
@@ -858,25 +858,25 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
@@ -935,10 +935,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
}
|
||||
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
ShellPkg/Application/Shell/Shell.inf {
|
||||
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
index 61a827b365..ab5a9bc306 100644
|
||||
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
||||
@@ -298,7 +298,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
||||
index 6f078b5b27..be3824ec1e 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.dsc
|
||||
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
||||
@@ -563,7 +563,7 @@
|
||||
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
|
||||
# // significantly impact boot performance
|
||||
# DEBUG_ERROR 0x80000000 // Error
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
|
||||
|
||||
!if $(SOURCE_DEBUG_ENABLE) == TRUE
|
||||
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
|
||||
@@ -634,7 +634,7 @@
|
||||
# ($(SMM_REQUIRE) == FALSE)
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
|
||||
|
||||
- gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
|
||||
!if $(SMM_REQUIRE) == FALSE
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
|
||||
@@ -926,25 +926,25 @@
|
||||
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
|
||||
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
|
||||
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
|
||||
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
|
||||
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
|
||||
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
|
||||
MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
|
||||
|
||||
!ifndef $(CSM_ENABLE)
|
||||
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
!endif
|
||||
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
- }
|
||||
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
|
||||
+ <PcdsFixedAtBuild>
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
|
||||
+ }
|
||||
|
||||
#
|
||||
# ISA Support
|
||||
@@ -1003,10 +1003,6 @@
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
}
|
||||
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
ShellPkg/Application/Shell/Shell.inf {
|
||||
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
||||
index d2e1c2894f..851399888f 100644
|
||||
--- a/OvmfPkg/OvmfPkgX64.fdf
|
||||
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
||||
@@ -323,7 +323,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
|
||||
INF FatPkg/EnhancedFatDxe/Fat.inf
|
||||
|
||||
!if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
|
||||
-INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
!endif
|
||||
!if $(BUILD_SHELL) == TRUE
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
@ -0,0 +1,66 @@
|
||||
From b91bdc055499a46d825b3c6a2613de5c77e3a66d Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
|
||||
Date: Thu, 1 Jul 2021 20:29:46 +0200
|
||||
Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Rebase to edk2-stable202311:
|
||||
|
||||
Minor update, context change due to new variable policy shell command.
|
||||
|
||||
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
RH-MergeRequest: 3: Disable features for RHEL9
|
||||
RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d
|
||||
RH-Bugzilla: 1967747
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
|
||||
Remove the command to register a file in the shell as the initial
|
||||
ramdisk for a UEFI stubbed kernel, to be booted next.
|
||||
|
||||
Suggested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
ArmVirtPkg/ArmVirt.dsc.inc | 10 +++-------
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
|
||||
2 files changed, 3 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
index d4c001e1bd..fee6e5b17f 100644
|
||||
--- a/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
|
||||
@@ -385,17 +385,13 @@
|
||||
#
|
||||
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
|
||||
|
||||
- #
|
||||
- # UEFI application (Shell Embedded Boot Loader)
|
||||
- #
|
||||
+ #
|
||||
+ # UEFI application (Shell Embedded Boot Loader)
|
||||
+ #
|
||||
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
|
||||
<PcdsFixedAtBuild>
|
||||
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
}
|
||||
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
|
||||
- <PcdsFixedAtBuild>
|
||||
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
||||
- }
|
||||
ShellPkg/Application/Shell/Shell.inf {
|
||||
<LibraryClasses>
|
||||
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index 8153558686..4cd53995d2 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE
|
||||
|
||||
INF ShellPkg/Application/Shell/Shell.inf
|
||||
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
|
||||
- INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
|
||||
|
||||
#
|
||||
# Bds
|
@ -1,179 +0,0 @@
|
||||
From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Sat, 16 Nov 2019 17:11:27 +0100
|
||||
Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
|
||||
(RH)
|
||||
|
||||
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
|
||||
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
|
||||
|
||||
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
|
||||
|
||||
- Recreate the patch based on downstream commits:
|
||||
|
||||
- 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||||
in the INFs (RH)", 2020-06-05),
|
||||
- e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
|
||||
2020-11-23),
|
||||
- 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
|
||||
RHEL-8.4", 2020-11-23).
|
||||
|
||||
(1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
|
||||
consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
|
||||
("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
|
||||
|
||||
Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
|
||||
files, namely
|
||||
|
||||
- CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
|
||||
in the following commits only:
|
||||
|
||||
- be01087e0780 ("CryptoPkg/Library: Remove the redundant build
|
||||
option", 2020-08-12), which did not affect the source file list at
|
||||
all,
|
||||
|
||||
- b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
|
||||
entropy in rand_pool", 2020-09-18), which replaced some of the
|
||||
*edk2-specific* "rand_pool_noise" source files with an RngLib
|
||||
dependency.
|
||||
|
||||
This means that the list of required, actual OpenSSL source files
|
||||
has not changed in upstream edk2 since our downstream edk2 commit
|
||||
e81751a1c303.
|
||||
|
||||
(2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
|
||||
downstream edk2's OpenSSL dependency was satisfied with RHEL-8
|
||||
OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
|
||||
shipped in RHEL-8.3.0.z", 2020-10-23).
|
||||
|
||||
Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
|
||||
(fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
|
||||
2021-05-25), which is the current head of the rhel-8.5.0 branch.
|
||||
(See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
|
||||
|
||||
At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
|
||||
respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
|
||||
source tree, with "rpmbuild -bp". Subsequently I compared the
|
||||
prepped source trees recursively.
|
||||
|
||||
- The following files disappeared:
|
||||
|
||||
- 29 backup files created by "patch",
|
||||
|
||||
- the assembly generator perl script called
|
||||
"ecp_nistz256-avx2.pl", which is not used during the build.
|
||||
|
||||
- The following new files appeared:
|
||||
|
||||
- 18 files directly or indirectly under the "test" subdirectory,
|
||||
which are not used during the build,
|
||||
|
||||
- 5 backup files created by "patch",
|
||||
|
||||
- 2 DCL scripts used when building OpenSSL on OpenVMS.
|
||||
|
||||
This means that the total list of RHEL-8 OpenSSL source files has
|
||||
not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
|
||||
commit 3e3fe5e62079.
|
||||
|
||||
As a result, copy the "RHEL8-specific OpenSSL file list" sections
|
||||
verbatim from the INF files, at downstream commit e81751a1c303. (I used
|
||||
the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
|
||||
|
||||
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
|
||||
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
|
||||
|
||||
- "OpensslLib.inf":
|
||||
|
||||
- Automatic leading context refresh against upstream commit c72ca4666886
|
||||
("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
|
||||
loop", 2020-03-10).
|
||||
|
||||
- Manual trailing context refresh against upstream commit b49a6c8f80d9
|
||||
("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
|
||||
|
||||
- "OpensslLibCrypto.inf":
|
||||
|
||||
- Automatic leading context refresh against upstream commits
|
||||
8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
|
||||
file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
|
||||
process_files.pl to generate .h files", 2019-10-30).
|
||||
|
||||
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
|
||||
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
|
||||
|
||||
- new patch
|
||||
|
||||
The downstream changes in RHEL8's OpenSSL package, for example in
|
||||
"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
|
||||
preexistent code into those new files. In order to avoid undefined
|
||||
references in link editing, we have to list the new files.
|
||||
|
||||
Note: "process_files.pl" is not re-run at this time manually, because
|
||||
|
||||
(a) "process_files.pl" would pollute the file list (and some of the
|
||||
auto-generated header files) with RHEL8-specific FIPS artifacts, which
|
||||
are explicitly unwanted in edk2,
|
||||
|
||||
(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
|
||||
of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
|
||||
and will help with future changes too.
|
||||
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
|
||||
(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
|
||||
---
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++
|
||||
CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
|
||||
2 files changed, 22 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index d84bde056a..19913a4ac6 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -570,6 +570,17 @@
|
||||
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||||
# Autogenerated files list ends here
|
||||
+# RHEL8-specific OpenSSL file list starts here
|
||||
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
buildinf.h
|
||||
ossl_store.c
|
||||
rand_pool.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index cdeed0d073..5057857e8d 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -519,6 +519,17 @@
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
# Autogenerated files list ends here
|
||||
+# RHEL8-specific OpenSSL file list starts here
|
||||
+ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
+ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
|
||||
+ $(OPENSSL_PATH)/crypto/kdf/sskdf.c
|
||||
+# RHEL8-specific OpenSSL file list ends here
|
||||
buildinf.h
|
||||
ossl_store.c
|
||||
rand_pool.c
|
||||
--
|
||||
2.27.0
|
||||
|
@ -1,28 +1,31 @@
|
||||
From c32f4994552ea5835cf00ce06f2f7d88c71249e5 Mon Sep 17 00:00:00 2001
|
||||
From 41089770963055b4bc9662ba4204d8ee7907fbcd Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 28 Feb 2023 15:47:00 +0100
|
||||
Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
|
||||
|
||||
RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-MergeRequest: 29: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
|
||||
RH-Bugzilla: 2150267
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-Commit: [1/1] e7e332ac0e6edf207b1b9692f2e1aed4a1fe7c0c
|
||||
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
|
||||
RH-Bugzilla: 2124143
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2)
|
||||
|
||||
In case the number of CPUs can in increase beyond 255
|
||||
due to CPU hotplug choose x2apic mode.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
|
||||
present_in_specfile: true
|
||||
location_in_specfile: 38
|
||||
---
|
||||
UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
|
||||
index b9a06747ed..177d15ab5b 100644
|
||||
index 9a6ec5db5c..14ecc62f2b 100644
|
||||
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
|
||||
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
|
||||
@@ -495,7 +495,9 @@ CollectProcessorCount (
|
||||
@@ -527,7 +527,9 @@ CollectProcessorCount (
|
||||
//
|
||||
// Enable x2APIC mode if
|
||||
// 1. Number of CPU is greater than 255; or
|
||||
@ -33,7 +36,7 @@ index b9a06747ed..177d15ab5b 100644
|
||||
//
|
||||
X2Apic = FALSE;
|
||||
if (CpuMpData->CpuCount > 255) {
|
||||
@@ -503,6 +505,10 @@ CollectProcessorCount (
|
||||
@@ -535,6 +537,10 @@ CollectProcessorCount (
|
||||
// If there are more than 255 processor found, force to enable X2APIC
|
||||
//
|
||||
X2Apic = TRUE;
|
||||
@ -42,8 +45,5 @@ index b9a06747ed..177d15ab5b 100644
|
||||
+ {
|
||||
+ X2Apic = TRUE;
|
||||
} else {
|
||||
CpuInfoInHob = (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob;
|
||||
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
|
||||
for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
|
||||
--
|
||||
2.37.3
|
||||
|
@ -0,0 +1,121 @@
|
||||
From 5870362631ee204936f495b8e60eb2611bb05c3b Mon Sep 17 00:00:00 2001
|
||||
From: Oliver Steffen <osteffen@redhat.com>
|
||||
Date: Wed, 16 Aug 2023 12:09:40 +0200
|
||||
Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
|
||||
|
||||
RH-Author: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
|
||||
RH-Bugzilla: 2218196
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2)
|
||||
|
||||
Add a callback at the end of the Dxe phase that sets the
|
||||
"FB_NO_REBOOT" variable under the Shim GUID.
|
||||
This is a workaround for a boot loop in case a confidential
|
||||
guest that uses shim is booted with a vtpm device present.
|
||||
|
||||
BZ 2218196
|
||||
|
||||
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
||||
|
||||
patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
|
||||
present_in_specfile: true
|
||||
location_in_specfile: 44
|
||||
---
|
||||
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++
|
||||
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++
|
||||
2 files changed, 44 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
|
||||
index db3675ae86..f639c093a2 100644
|
||||
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
|
||||
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
#include <Guid/ConfidentialComputingSevSnpBlob.h>
|
||||
+#include <Guid/GlobalVariable.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Pi/PrePiDxeCis.h>
|
||||
#include <Protocol/SevMemoryAcceptance.h>
|
||||
@@ -28,6 +29,10 @@
|
||||
// Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
|
||||
#define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL
|
||||
|
||||
+static EFI_GUID ShimLockGuid = {
|
||||
+ 0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 }
|
||||
+};
|
||||
+
|
||||
STATIC
|
||||
EFI_STATUS
|
||||
AllocateConfidentialComputingBlob (
|
||||
@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
|
||||
AmdSevMemoryAccept
|
||||
};
|
||||
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+PopulateVarstore (
|
||||
+ EFI_EVENT Event,
|
||||
+ VOID *Context
|
||||
+ )
|
||||
+{
|
||||
+ EFI_SYSTEM_TABLE *SystemTable = (EFI_SYSTEM_TABLE *)Context;
|
||||
+ EFI_STATUS Status;
|
||||
+
|
||||
+ DEBUG ((DEBUG_INFO, "Populating Varstore\n"));
|
||||
+ UINT32 data = 1;
|
||||
+
|
||||
+ Status = SystemTable->RuntimeServices->SetVariable (
|
||||
+ L"FB_NO_REBOOT",
|
||||
+ &ShimLockGuid,
|
||||
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
|
||||
+ sizeof (data),
|
||||
+ &data
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+
|
||||
+ Status = SystemTable->BootServices->CloseEvent (Event);
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+}
|
||||
+
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
AmdSevDxeEntryPoint (
|
||||
@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint (
|
||||
UINTN NumEntries;
|
||||
UINTN Index;
|
||||
CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION *SnpBootDxeTable;
|
||||
+ EFI_EVENT PopulateVarstoreEvent;
|
||||
|
||||
//
|
||||
// Do nothing when SEV is not enabled
|
||||
@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
|
||||
);
|
||||
}
|
||||
|
||||
+ Status = gBS->CreateEventEx (
|
||||
+ EVT_NOTIFY_SIGNAL,
|
||||
+ TPL_CALLBACK,
|
||||
+ PopulateVarstore,
|
||||
+ SystemTable,
|
||||
+ &gEfiEndOfDxeEventGroupGuid,
|
||||
+ &PopulateVarstoreEvent
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
index e7c7d526c9..09cbd2b0ca 100644
|
||||
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
|
||||
@@ -54,6 +54,8 @@
|
||||
[Guids]
|
||||
gConfidentialComputingSevSnpBlobGuid
|
||||
gEfiEventBeforeExitBootServicesGuid
|
||||
+ gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
|
||||
+
|
||||
|
||||
[Pcd]
|
||||
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId
|
85
SOURCES/0027-recreate-import-.distro-directory.patch
Normal file
85
SOURCES/0027-recreate-import-.distro-directory.patch
Normal file
@ -0,0 +1,85 @@
|
||||
From 771ce5bae1eb03240b04dde05a7a40dcec3c8a10 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Wed, 11 Jun 2014 20:45:26 +0200
|
||||
Subject: [PATCH] recreate / import ".distro/" directory
|
||||
|
||||
This patch now unites the following downstream commits:
|
||||
|
||||
- 18bd1193e7 .distro: simplify WORKSPACE setup
|
||||
- b00f3398c8 fix tpm build options
|
||||
- e032ab1675 spec: Centralize non-firmware %install files at the top
|
||||
- 8501863acc spec: Don't put build output in the top directory
|
||||
- e6ec0363d3 spec: Factor out OVMF_FLAGS and OVMF_SB_FLAGS
|
||||
- 596f34c8b6 spec: Use %make_build macro
|
||||
- 55169e466d spec: Replace RPM_BUILD_ROOT with %{buildroot}
|
||||
- 69c4c60920 spec: Split out build_iso() function
|
||||
- ed67da8c85 spec: Add %{qosb_testing} macro
|
||||
- 44519f5b94 spec: Move %check to between %install and %files
|
||||
- b37b334dc7 spec: Remove extra 'true' at end of %check
|
||||
- dd11149c3a spec: Add %{qemu_package} and %{qemu_binary}
|
||||
- 0f5d4ae0d5 spec: Move -D TPM_ENABLE to common CC_FLAGS
|
||||
- 84b3fd93f9 spec: Replace ifarch+else conditionals with build_XXX variables
|
||||
- e97f79e744 spec: Use %autosetup with our required git config options
|
||||
- 45a347a759 spec: don't conditionalize %package definitions
|
||||
- acfcfaea1e spec: Add BuildRequires: make
|
||||
- d917a93f6f spec: remove Group: and %defattr
|
||||
- f2d3be3ae3 redhat: build UefiShell.iso with xorriso rather than genisoimage
|
||||
- 3fb4a20f30 redhat: narrow the "qemu-kvm" BuildRequires down to "qemu-kvm-core"
|
||||
- bfb89c4ae5 redhat: drop Split tool from the edk2-tools subpackage
|
||||
- ac8be2e0ef redhat: refresh "Makefile.common" for the 8.5 rebase
|
||||
- 2bd2d18864 redhat: filter out jansson submodule removal hunks
|
||||
- f13d7899ed recreate / import "redhat/" directory
|
||||
|
||||
Merged patches (edk2-stable202202):
|
||||
- 1a7b1c3b72 spec: adapt specfile to build option changes, disable tpm1
|
||||
- 96eb388be3 spec: build amdsev variant
|
||||
- ea34352d41 redhat: bump OpenSSL dist-git submodule to a75722161d20 / RHEL-8.5
|
||||
|
||||
Merged patches (edk2-stable202208):
|
||||
- a60bf3fd10 Adding support for CentOS 9 build
|
||||
- d3f25d438c OvmfPkg: Update target machines config
|
||||
- d63f783930 openssl: jump to 8.7.0 branch (2022-07-22)
|
||||
- 39882ce96d qemu-ovmf-secureboot: Do not use submodule
|
||||
- 283ef4a67d ovmf-vars-generator: Use max cpu
|
||||
- b6887ef7e1 Update build target to RHEL 9.2.0
|
||||
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
|
||||
Merged patches (edk2-stable202305):
|
||||
- 5eef16bd65 remove amd-sev feature flag from secure boot builds (rh only)
|
||||
- cc9e1b6eaa build script update
|
||||
- 046c1f08e6 PcdDxeNxMemoryProtectionPolicy update
|
||||
- b9dc1b5365 add aarch64 qcow2 images
|
||||
- f4e2d6bf41 update json files
|
||||
- be03b42128 add libvirt version conflict
|
||||
- dce699b61d add dbx update blob (rh only)
|
||||
- d8b2407343 spec: apply dbx update (rh only)
|
||||
- a8a5ef95b5 dbx update, 2023-05-09, black lotus edition
|
||||
- 310e179053 json descriptors: explicitly set mode = split
|
||||
- additionally
|
||||
- update frh.py, add new upstream submodules
|
||||
- replace egrep with grep -E and fgrep with grep -F in downstream
|
||||
scripts
|
||||
- remove git commit sha from package version string
|
||||
|
||||
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
|
||||
|
||||
Rebase to edk2-stable202311: squash commits:
|
||||
|
||||
- 5b833f0c8d Update TargetRelease to support 9.4.0
|
||||
- 20024b4cbe Use fixed length for short hash for Makefile
|
||||
- 8618f7367e Updated TargetRelease content to support 9.4.0 only.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
sources | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
create mode 100644 sources
|
||||
|
||||
diff --git a/sources b/sources
|
||||
new file mode 100644
|
||||
index 0000000000..ea8c8ad50b
|
||||
--- /dev/null
|
||||
+++ b/sources
|
||||
@@ -0,0 +1 @@
|
||||
+SHA512 (edk2-ba91d0292e.tar.xz) = 3b21cc39671d28bfeb059da3683751cc5277c63a894b2a05bdfbd2bbe53545c34f04c229becf44f1563f89a738f37ae8f2333076d126a7e94d234bc4bb25454c
|
@ -0,0 +1,27 @@
|
||||
From c0347206c55c9d4d69b46725e9edbb21448f7494 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 28 Nov 2023 12:11:55 +0100
|
||||
Subject: [PATCH] distro: apply 'git diff c9s new_c9s' by mirek
|
||||
|
||||
Bring .distro toi latest standards for more automatic support.
|
||||
---
|
||||
CryptoPkg/.gitignore | 1 -
|
||||
sources | 1 -
|
||||
2 files changed, 2 deletions(-)
|
||||
delete mode 100644 CryptoPkg/.gitignore
|
||||
delete mode 100644 sources
|
||||
|
||||
diff --git a/CryptoPkg/.gitignore b/CryptoPkg/.gitignore
|
||||
deleted file mode 100644
|
||||
index 68b83272b7..0000000000
|
||||
--- a/CryptoPkg/.gitignore
|
||||
+++ /dev/null
|
||||
@@ -1 +0,0 @@
|
||||
-Library/OpensslLib/openssl*/
|
||||
diff --git a/sources b/sources
|
||||
deleted file mode 100644
|
||||
index ea8c8ad50b..0000000000
|
||||
--- a/sources
|
||||
+++ /dev/null
|
||||
@@ -1 +0,0 @@
|
||||
-SHA512 (edk2-ba91d0292e.tar.xz) = 3b21cc39671d28bfeb059da3683751cc5277c63a894b2a05bdfbd2bbe53545c34f04c229becf44f1563f89a738f37ae8f2333076d126a7e94d234bc4bb25454c
|
28
SOURCES/0029-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Normal file
28
SOURCES/0029-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Normal file
@ -0,0 +1,28 @@
|
||||
From 192cc2b49dbccc59f5731e2abc120bed3e06cc32 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Mon, 28 Aug 2023 13:11:02 +0200
|
||||
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.
|
||||
|
||||
Needed by rhel downstream openssl patches.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
CryptoPkg/Library/Include/sys/stat.h | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
create mode 100644 CryptoPkg/Library/Include/sys/stat.h
|
||||
|
||||
diff --git a/CryptoPkg/Library/Include/sys/stat.h b/CryptoPkg/Library/Include/sys/stat.h
|
||||
new file mode 100644
|
||||
index 0000000000..22247bb2db
|
||||
--- /dev/null
|
||||
+++ b/CryptoPkg/Library/Include/sys/stat.h
|
||||
@@ -0,0 +1,9 @@
|
||||
+/** @file
|
||||
+ Include file to support building the third-party cryptographic library.
|
||||
+
|
||||
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#include <CrtLibSupport.h>
|
@ -0,0 +1,139 @@
|
||||
From 09ccd0ffae512d7f0a7548cdfbc60e1482153796 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Mon, 28 Aug 2023 13:27:09 +0200
|
||||
Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
|
||||
|
||||
Needed by rhel downstream openssl patches, they use unix syscalls
|
||||
for file access (instead of fopen + friends like the rest of the
|
||||
code base). No actual file access is needed for edk2, so just
|
||||
add stubs to make linking work.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
---
|
||||
.../Library/BaseCryptLib/SysCall/CrtWrapper.c | 46 +++++++++++++++++++
|
||||
CryptoPkg/Library/Include/CrtLibSupport.h | 41 +++++++++++++++++
|
||||
2 files changed, 87 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
index 37cdecc9bd..dfdb635536 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
|
||||
@@ -550,6 +550,52 @@ fread (
|
||||
return 0;
|
||||
}
|
||||
|
||||
+int
|
||||
+access(
|
||||
+ const char*,
|
||||
+ int
|
||||
+ )
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+open (
|
||||
+ const char *,
|
||||
+ int
|
||||
+ )
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+ssize_t
|
||||
+read (
|
||||
+ int,
|
||||
+ void*,
|
||||
+ size_t
|
||||
+ )
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+ssize_t
|
||||
+write (
|
||||
+ int,
|
||||
+ const void*,
|
||||
+ size_t
|
||||
+ )
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+close (
|
||||
+ int
|
||||
+ )
|
||||
+{
|
||||
+ return -1;
|
||||
+}
|
||||
+
|
||||
uid_t
|
||||
getuid (
|
||||
void
|
||||
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
index f36fe08f0c..7d98496af8 100644
|
||||
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
||||
@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
//
|
||||
// Definitions for global constants used by CRT library routines
|
||||
//
|
||||
+#define EINTR 4
|
||||
#define EINVAL 22 /* Invalid argument */
|
||||
#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
|
||||
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
|
||||
@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#define NS_INADDRSZ 4 /*%< IPv4 T_A */
|
||||
#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
|
||||
|
||||
+#define O_RDONLY 00000000
|
||||
+#define O_WRONLY 00000001
|
||||
+#define O_RDWR 00000002
|
||||
+
|
||||
+#define R_OK 4
|
||||
+#define W_OK 2
|
||||
+#define X_OK 1
|
||||
+#define F_OK 0
|
||||
+
|
||||
//
|
||||
// Basic types mapping
|
||||
//
|
||||
@@ -324,6 +334,37 @@ fprintf (
|
||||
...
|
||||
);
|
||||
|
||||
+int
|
||||
+access(
|
||||
+ const char*,
|
||||
+ int
|
||||
+ );
|
||||
+
|
||||
+int
|
||||
+open (
|
||||
+ const char *,
|
||||
+ int
|
||||
+ );
|
||||
+
|
||||
+ssize_t
|
||||
+read (
|
||||
+ int,
|
||||
+ void*,
|
||||
+ size_t
|
||||
+ );
|
||||
+
|
||||
+ssize_t
|
||||
+write (
|
||||
+ int,
|
||||
+ const void*,
|
||||
+ size_t
|
||||
+ );
|
||||
+
|
||||
+int
|
||||
+close (
|
||||
+ int
|
||||
+ );
|
||||
+
|
||||
time_t
|
||||
time (
|
||||
time_t *
|
@ -0,0 +1,169 @@
|
||||
From 0120fb7b5877ab40537fd17e64772f53bc89cd07 Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ardb@kernel.org>
|
||||
Date: Mon, 4 Dec 2023 10:41:08 +0100
|
||||
Subject: [PATCH] ArmVirtQemu: Allow EFI memory attributes protocol to be
|
||||
disabled
|
||||
|
||||
Shim's PE loader uses the EFI memory attributes protocol in a way that
|
||||
results in an immediate crash when invoking the loaded image, unless the
|
||||
base and size of its executable segment are both aligned to 4k.
|
||||
|
||||
If this is not the case, it will strip the memory allocation of its
|
||||
executable permissions, but fail to add them back for the executable
|
||||
region, resulting in non-executable code. Unfortunately, the PE loader
|
||||
does not even bother invoking the protocol in this case (as it notices
|
||||
the misalignment), making it very hard for system firmware to work
|
||||
around this by attempting to infer the intent of the caller.
|
||||
|
||||
So let's introduce a QEMU command line option to indicate that the
|
||||
protocol should not be exposed at all, and a PCD to set the default for
|
||||
this option when it is omitted.
|
||||
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Tested-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Link: https://gitlab.com/qemu-project/qemu/-/issues/1990
|
||||
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
(cherry picked from commit cee7ba349c0c1ce489001a338a4e28555728b573)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtPkg.dec | 6 ++
|
||||
.../PlatformBootManagerLib/PlatformBm.c | 64 +++++++++++++++++++
|
||||
.../PlatformBootManagerLib.inf | 3 +
|
||||
3 files changed, 73 insertions(+)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtPkg.dec b/ArmVirtPkg/ArmVirtPkg.dec
|
||||
index 0f2d787327..313aebda90 100644
|
||||
--- a/ArmVirtPkg/ArmVirtPkg.dec
|
||||
+++ b/ArmVirtPkg/ArmVirtPkg.dec
|
||||
@@ -68,3 +68,9 @@
|
||||
# Cloud Hypervisor has no other way to pass Rsdp address to the guest except use a PCD.
|
||||
#
|
||||
gArmVirtTokenSpaceGuid.PcdCloudHvAcpiRsdpBaseAddress|0x0|UINT64|0x00000005
|
||||
+
|
||||
+ ##
|
||||
+ # Whether the EFI memory attributes protocol should be uninstalled before
|
||||
+ # invoking the OS loader. This may be needed to work around problematic
|
||||
+ # builds of shim that use the protocol incorrectly.
|
||||
+ gArmVirtTokenSpaceGuid.PcdUninstallMemAttrProtocol|FALSE|BOOLEAN|0x00000006
|
||||
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
|
||||
index 85c01351b0..8e93f3cfed 100644
|
||||
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
|
||||
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
|
||||
@@ -16,6 +16,7 @@
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/PlatformBmPrintScLib.h>
|
||||
#include <Library/QemuBootOrderLib.h>
|
||||
+#include <Library/QemuFwCfgSimpleParserLib.h>
|
||||
#include <Library/TpmPlatformHierarchyLib.h>
|
||||
#include <Library/UefiBootManagerLib.h>
|
||||
#include <Protocol/DevicePath.h>
|
||||
@@ -1111,6 +1112,49 @@ PlatformBootManagerBeforeConsole (
|
||||
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
|
||||
}
|
||||
|
||||
+/**
|
||||
+ Uninstall the EFI memory attribute protocol if it exists.
|
||||
+**/
|
||||
+STATIC
|
||||
+VOID
|
||||
+UninstallEfiMemoryAttributesProtocol (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ EFI_STATUS Status;
|
||||
+ EFI_HANDLE Handle;
|
||||
+ UINTN Size;
|
||||
+ VOID *MemoryAttributeProtocol;
|
||||
+
|
||||
+ Size = sizeof (Handle);
|
||||
+ Status = gBS->LocateHandle (
|
||||
+ ByProtocol,
|
||||
+ &gEfiMemoryAttributeProtocolGuid,
|
||||
+ NULL,
|
||||
+ &Size,
|
||||
+ &Handle
|
||||
+ );
|
||||
+
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ ASSERT (Status == EFI_NOT_FOUND);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ Status = gBS->HandleProtocol (
|
||||
+ Handle,
|
||||
+ &gEfiMemoryAttributeProtocolGuid,
|
||||
+ &MemoryAttributeProtocol
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+
|
||||
+ Status = gBS->UninstallProtocolInterface (
|
||||
+ Handle,
|
||||
+ &gEfiMemoryAttributeProtocolGuid,
|
||||
+ MemoryAttributeProtocol
|
||||
+ );
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+}
|
||||
+
|
||||
/**
|
||||
Do the platform specific action after the console is ready
|
||||
Possible things that can be done in PlatformBootManagerAfterConsole:
|
||||
@@ -1129,12 +1173,32 @@ PlatformBootManagerAfterConsole (
|
||||
)
|
||||
{
|
||||
RETURN_STATUS Status;
|
||||
+ BOOLEAN Uninstall;
|
||||
|
||||
//
|
||||
// Show the splash screen.
|
||||
//
|
||||
BootLogoEnableLogo ();
|
||||
|
||||
+ //
|
||||
+ // Work around shim's terminally broken use of the EFI memory attributes
|
||||
+ // protocol, by uninstalling it if requested on the QEMU command line.
|
||||
+ //
|
||||
+ // E.g.,
|
||||
+ // -fw_cfg opt/org.tianocore/UninstallMemAttrProtocol,string=y
|
||||
+ //
|
||||
+ Uninstall = FixedPcdGetBool (PcdUninstallMemAttrProtocol);
|
||||
+ QemuFwCfgParseBool ("opt/org.tianocore/UninstallMemAttrProtocol", &Uninstall);
|
||||
+ DEBUG ((
|
||||
+ DEBUG_WARN,
|
||||
+ "%a: %auninstalling EFI memory protocol\n",
|
||||
+ __func__,
|
||||
+ Uninstall ? "" : "not "
|
||||
+ ));
|
||||
+ if (Uninstall) {
|
||||
+ UninstallEfiMemoryAttributesProtocol ();
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Process QEMU's -kernel command line option. The kernel booted this way
|
||||
// will receive ACPI tables: in PlatformBootManagerBeforeConsole(), we
|
||||
diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
|
||||
index 997eb1a442..70e4ebf94a 100644
|
||||
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
|
||||
+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
|
||||
@@ -46,6 +46,7 @@
|
||||
PcdLib
|
||||
PlatformBmPrintScLib
|
||||
QemuBootOrderLib
|
||||
+ QemuFwCfgSimpleParserLib
|
||||
QemuLoadImageLib
|
||||
ReportStatusCodeLib
|
||||
TpmPlatformHierarchyLib
|
||||
@@ -55,6 +56,7 @@
|
||||
UefiRuntimeServicesTableLib
|
||||
|
||||
[FixedPcd]
|
||||
+ gArmVirtTokenSpaceGuid.PcdUninstallMemAttrProtocol
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultDataBits
|
||||
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultParity
|
||||
@@ -73,5 +75,6 @@
|
||||
[Protocols]
|
||||
gEfiFirmwareVolume2ProtocolGuid
|
||||
gEfiGraphicsOutputProtocolGuid
|
||||
+ gEfiMemoryAttributeProtocolGuid
|
||||
gEfiPciRootBridgeIoProtocolGuid
|
||||
gVirtioDeviceProtocolGuid
|
@ -5,6 +5,7 @@
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
|
||||
"format": "raw"
|
||||
@ -24,7 +25,6 @@
|
||||
],
|
||||
"features": [
|
||||
"acpi-s3",
|
||||
"amd-sev",
|
||||
"enrolled-keys",
|
||||
"requires-smm",
|
||||
"secure-boot",
|
@ -5,6 +5,7 @@
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
|
||||
"format": "raw"
|
||||
@ -24,7 +25,6 @@
|
||||
],
|
||||
"features": [
|
||||
"acpi-s3",
|
||||
"amd-sev",
|
||||
"requires-smm",
|
||||
"secure-boot",
|
||||
"verbose-dynamic"
|
32
SOURCES/50-edk2-aarch64-qcow2.json
Normal file
32
SOURCES/50-edk2-aarch64-qcow2.json
Normal file
@ -0,0 +1,32 @@
|
||||
{
|
||||
"description": "UEFI firmware for ARM64 virtual machines",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
|
||||
"format": "qcow2"
|
||||
},
|
||||
"nvram-template": {
|
||||
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
|
||||
"format": "qcow2"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "aarch64",
|
||||
"machines": [
|
||||
"virt-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
@ -1,12 +1,13 @@
|
||||
{
|
||||
"description": "OVMF with SEV-ES support",
|
||||
"description": "OVMF without SB+SMM, empty varstore",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd",
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
|
||||
"format": "raw"
|
||||
},
|
||||
"nvram-template": {
|
||||
@ -18,12 +19,12 @@
|
||||
{
|
||||
"architecture": "x86_64",
|
||||
"machines": [
|
||||
"pc-q35-rhel8.6.0",
|
||||
"pc-q35-rhel8.5.0"
|
||||
"pc-q35-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
"acpi-s3",
|
||||
"amd-sev",
|
||||
"amd-sev-es",
|
||||
"verbose-dynamic"
|
@ -5,6 +5,7 @@
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
|
||||
"format": "raw"
|
32
SOURCES/52-edk2-aarch64-verbose-qcow2.json
Normal file
32
SOURCES/52-edk2-aarch64-verbose-qcow2.json
Normal file
@ -0,0 +1,32 @@
|
||||
{
|
||||
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
|
||||
"format": "qcow2"
|
||||
},
|
||||
"nvram-template": {
|
||||
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
|
||||
"format": "qcow2"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "aarch64",
|
||||
"machines": [
|
||||
"virt-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
"verbose-static"
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
@ -5,6 +5,7 @@
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "split",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
|
||||
"format": "raw"
|
31
SOURCES/60-edk2-ovmf-x64-amdsev.json
Normal file
31
SOURCES/60-edk2-ovmf-x64-amdsev.json
Normal file
@ -0,0 +1,31 @@
|
||||
{
|
||||
"description": "OVMF with SEV-ES support",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "flash",
|
||||
"mode": "stateless",
|
||||
"executable": {
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
|
||||
"format": "raw"
|
||||
}
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "x86_64",
|
||||
"machines": [
|
||||
"pc-q35-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
"amd-sev",
|
||||
"amd-sev-es",
|
||||
"amd-sev-snp",
|
||||
"verbose-dynamic"
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
27
SOURCES/60-edk2-ovmf-x64-inteltdx.json
Normal file
27
SOURCES/60-edk2-ovmf-x64-inteltdx.json
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
"description": "OVMF with TDX support",
|
||||
"interface-types": [
|
||||
"uefi"
|
||||
],
|
||||
"mapping": {
|
||||
"device": "memory",
|
||||
"filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd"
|
||||
},
|
||||
"targets": [
|
||||
{
|
||||
"architecture": "x86_64",
|
||||
"machines": [
|
||||
"pc-q35-*"
|
||||
]
|
||||
}
|
||||
],
|
||||
"features": [
|
||||
"enrolled-keys",
|
||||
"intel-tdx",
|
||||
"secure-boot",
|
||||
"verbose-dynamic"
|
||||
],
|
||||
"tags": [
|
||||
|
||||
]
|
||||
}
|
@ -1,21 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2017 Patrick Uiterwijk
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
@ -1,22 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
|
||||
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
|
||||
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
|
||||
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
|
||||
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
|
||||
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
|
||||
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
|
||||
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
|
||||
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
|
||||
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
|
||||
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
|
||||
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
|
||||
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
|
||||
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
|
||||
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
|
||||
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
|
||||
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
|
||||
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
|
||||
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
|
||||
R+SqIs/vdWGA40O3SFdzET14m2k=
|
||||
-----END CERTIFICATE-----
|
File diff suppressed because it is too large
Load Diff
@ -1,149 +0,0 @@
|
||||
From 9ef10bbe9a03f22aa5c5ff659012794d37ef9839 Mon Sep 17 00:00:00 2001
|
||||
From: Ard Biesheuvel <ardb@kernel.org>
|
||||
Date: Mon, 24 Oct 2022 18:41:22 +0200
|
||||
Subject: [PATCH 17/18] ArmVirtPkg/ArmVirtQemu: migrate to OVMF's
|
||||
VirtNorFlashDxe
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
|
||||
RH-Jira: RHEL-17587
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [19/20] 2160140b0ea566451ab723e941d2ab91e1ad874e
|
||||
|
||||
Switch to the virt specific NorFlashDxe driver implementation that was
|
||||
added recently.
|
||||
|
||||
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
|
||||
(cherry picked from commit b92298af8218dd074c231947bc95f2be94af663c)
|
||||
---
|
||||
ArmVirtPkg/ArmVirtQemu.dsc | 4 ++--
|
||||
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +-
|
||||
ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ++--
|
||||
ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c | 12 ++++++------
|
||||
.../Library/NorFlashQemuLib/NorFlashQemuLib.inf | 4 ++--
|
||||
5 files changed, 13 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
index e6fad9f066..2b23becf30 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
|
||||
@@ -67,7 +67,7 @@
|
||||
ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
|
||||
|
||||
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
|
||||
- NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
+ VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
|
||||
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
|
||||
BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
|
||||
@@ -400,7 +400,7 @@
|
||||
<LibraryClasses>
|
||||
NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
|
||||
}
|
||||
- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
|
||||
+ OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
|
||||
#
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
index f6a538df72..7c655d384d 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
|
||||
@@ -73,7 +73,7 @@ READ_LOCK_STATUS = TRUE
|
||||
|
||||
INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
|
||||
INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
|
||||
- INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
|
||||
+ INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
|
||||
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
|
||||
#
|
||||
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
index 656c9d99a3..344e2c4ed9 100644
|
||||
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
|
||||
@@ -65,7 +65,7 @@
|
||||
ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
|
||||
|
||||
TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
|
||||
- NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
+ VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
|
||||
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
|
||||
BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
|
||||
@@ -329,7 +329,7 @@
|
||||
<LibraryClasses>
|
||||
NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
|
||||
}
|
||||
- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
|
||||
+ OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
|
||||
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
||||
|
||||
#
|
||||
diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
|
||||
index 271d7f0efb..93a2fed40f 100644
|
||||
--- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
|
||||
+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
|
||||
@@ -8,8 +8,8 @@
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
-#include <Library/NorFlashPlatformLib.h>
|
||||
#include <Library/UefiBootServicesTableLib.h>
|
||||
+#include <Library/VirtNorFlashPlatformLib.h>
|
||||
|
||||
#include <Protocol/FdtClient.h>
|
||||
|
||||
@@ -18,19 +18,19 @@
|
||||
#define MAX_FLASH_BANKS 4
|
||||
|
||||
EFI_STATUS
|
||||
-NorFlashPlatformInitialization (
|
||||
+VirtNorFlashPlatformInitialization (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
-NOR_FLASH_DESCRIPTION mNorFlashDevices[MAX_FLASH_BANKS];
|
||||
+STATIC VIRT_NOR_FLASH_DESCRIPTION mNorFlashDevices[MAX_FLASH_BANKS];
|
||||
|
||||
EFI_STATUS
|
||||
-NorFlashPlatformGetDevices (
|
||||
- OUT NOR_FLASH_DESCRIPTION **NorFlashDescriptions,
|
||||
- OUT UINT32 *Count
|
||||
+VirtNorFlashPlatformGetDevices (
|
||||
+ OUT VIRT_NOR_FLASH_DESCRIPTION **NorFlashDescriptions,
|
||||
+ OUT UINT32 *Count
|
||||
)
|
||||
{
|
||||
FDT_CLIENT_PROTOCOL *FdtClient;
|
||||
diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
index 4c3683bf5d..a6b5865be9 100644
|
||||
--- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
|
||||
@@ -14,17 +14,17 @@
|
||||
FILE_GUID = 339B7829-4C5F-4EFC-B2DD-5050E530DECE
|
||||
MODULE_TYPE = DXE_DRIVER
|
||||
VERSION_STRING = 1.0
|
||||
- LIBRARY_CLASS = NorFlashPlatformLib
|
||||
+ LIBRARY_CLASS = VirtNorFlashPlatformLib
|
||||
|
||||
[Sources.common]
|
||||
NorFlashQemuLib.c
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
- ArmPlatformPkg/ArmPlatformPkg.dec
|
||||
ArmPkg/ArmPkg.dec
|
||||
ArmVirtPkg/ArmVirtPkg.dec
|
||||
EmbeddedPkg/EmbeddedPkg.dec
|
||||
+ OvmfPkg/OvmfPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,56 +0,0 @@
|
||||
From 045496325e278716e724ffdf9685667a8766d4f3 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:34:52 -0400
|
||||
Subject: [PATCH 28/31] CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [28/31] 5ff484fbc68d094fbcdda2772c2869818c67de8d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 94961b8817eec6f8d0434555ac50a7aa51c22201
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri Jun 14 11:45:49 2024 +0200
|
||||
|
||||
CryptoPkg/Test: call ProcessLibraryConstructorList
|
||||
|
||||
Needed to properly initialize BaseRngLib.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
index 88a3f96305..0ba9f35840 100644
|
||||
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
|
||||
@@ -8,6 +8,11 @@
|
||||
**/
|
||||
#include "TestBaseCryptLib.h"
|
||||
|
||||
+VOID
|
||||
+EFIAPI
|
||||
+ProcessLibraryConstructorList (
|
||||
+ VOID
|
||||
+ );
|
||||
|
||||
/**
|
||||
Initialize the unit test framework, suite, and unit tests for the
|
||||
@@ -77,5 +82,6 @@ main (
|
||||
char *argv[]
|
||||
)
|
||||
{
|
||||
+ ProcessLibraryConstructorList ();
|
||||
return UefiTestMain ();
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,174 +0,0 @@
|
||||
From f8691984227809170b702f6fd087add1f95ee8fe Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 5 Mar 2024 16:38:49 -0500
|
||||
Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 66: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
|
||||
RH-Jira: RHEL-21158
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [1/2] 301d3bfe82c39179fb85d510788831aa340212d9
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21158
|
||||
CVE: CVE-2022-36765
|
||||
Upstream: Merged
|
||||
|
||||
commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
|
||||
Author: Gua Guo <gua.guo@intel.com>
|
||||
Date: Thu Jan 11 13:07:50 2024 +0800
|
||||
|
||||
EmbeddedPkg/Hob: Integer Overflow in CreateHob()
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
|
||||
|
||||
Fix integer overflow in various CreateHob instances.
|
||||
Fixes: CVE-2022-36765
|
||||
|
||||
The CreateHob() function aligns the requested size to 8
|
||||
performing the following operation:
|
||||
```
|
||||
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
|
||||
```
|
||||
|
||||
No checks are performed to ensure this value doesn't
|
||||
overflow, and could lead to CreateHob() returning a smaller
|
||||
HOB than requested, which could lead to OOB HOB accesses.
|
||||
|
||||
Reported-by: Marc Beatove <mbeatove@google.com>
|
||||
Cc: Leif Lindholm <quic_llindhol@quicinc.com>
|
||||
Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
|
||||
Cc: Abner Chang <abner.chang@amd.com>
|
||||
Cc: John Mathew <john.mathews@intel.com>
|
||||
Authored-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Gua Guo <gua.guo@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
EmbeddedPkg/Library/PrePiHobLib/Hob.c | 47 +++++++++++++++++++++++++--
|
||||
1 file changed, 45 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
|
||||
index b5cc6c5d8f..f4c99369c6 100644
|
||||
--- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
|
||||
+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
|
||||
@@ -112,6 +112,13 @@ CreateHob (
|
||||
|
||||
HandOffHob = GetHobList ();
|
||||
|
||||
+ //
|
||||
+ // Check Length to avoid data overflow.
|
||||
+ //
|
||||
+ if (HobLength > MAX_UINT16 - 0x7) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
|
||||
|
||||
FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
|
||||
@@ -161,7 +168,10 @@ BuildResourceDescriptorHob (
|
||||
EFI_HOB_RESOURCE_DESCRIPTOR *Hob;
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
|
||||
- ASSERT(Hob != NULL);
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
Hob->ResourceType = ResourceType;
|
||||
Hob->ResourceAttribute = ResourceAttribute;
|
||||
@@ -403,6 +413,10 @@ BuildModuleHob (
|
||||
((ModuleLength & (EFI_PAGE_SIZE - 1)) == 0));
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
|
||||
Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
|
||||
@@ -450,7 +464,12 @@ BuildGuidHob (
|
||||
//
|
||||
ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
|
||||
|
||||
- Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16) (sizeof (EFI_HOB_GUID_TYPE) + DataLength));
|
||||
+ Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
CopyGuid (&Hob->Name, Guid);
|
||||
return Hob + 1;
|
||||
}
|
||||
@@ -516,6 +535,10 @@ BuildFvHob (
|
||||
EFI_HOB_FIRMWARE_VOLUME *Hob;
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
Hob->BaseAddress = BaseAddress;
|
||||
Hob->Length = Length;
|
||||
@@ -548,6 +571,10 @@ BuildFv2Hob (
|
||||
EFI_HOB_FIRMWARE_VOLUME2 *Hob;
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
Hob->BaseAddress = BaseAddress;
|
||||
Hob->Length = Length;
|
||||
@@ -589,6 +616,10 @@ BuildFv3Hob (
|
||||
EFI_HOB_FIRMWARE_VOLUME3 *Hob;
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
Hob->BaseAddress = BaseAddress;
|
||||
Hob->Length = Length;
|
||||
@@ -645,6 +676,10 @@ BuildCpuHob (
|
||||
EFI_HOB_CPU *Hob;
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
Hob->SizeOfMemorySpace = SizeOfMemorySpace;
|
||||
Hob->SizeOfIoSpace = SizeOfIoSpace;
|
||||
@@ -681,6 +716,10 @@ BuildStackHob (
|
||||
((Length & (EFI_PAGE_SIZE - 1)) == 0));
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid);
|
||||
Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
|
||||
@@ -761,6 +800,10 @@ BuildMemoryAllocationHob (
|
||||
((Length & (EFI_PAGE_SIZE - 1)) == 0));
|
||||
|
||||
Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
|
||||
+ ASSERT (Hob != NULL);
|
||||
+ if (Hob == NULL) {
|
||||
+ return;
|
||||
+ }
|
||||
|
||||
ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
|
||||
Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
|
||||
--
|
||||
2.39.3
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,66 +0,0 @@
|
||||
From 2e4b2b8fce40cf93f35e052102f37fee07b2e64a Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Mon, 10 Jun 2024 18:13:29 -0400
|
||||
Subject: [PATCH 02/31] MdeModulePkg: Potential UINT32 overflow in S3
|
||||
ResumeCount
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [2/31] a3592c3437041cbd33a6c11feb3d0999e122c8c0
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-40099
|
||||
CVE: CVE-2024-1298
|
||||
Upstream: Merged
|
||||
|
||||
commit 284dbac43da752ee34825c8b3f6f9e8281cb5a19
|
||||
Author: Shanmugavel Pakkirisamy <shanmugavelx.pakkirisamy@intel.com>
|
||||
Date: Mon May 6 17:53:09 2024 +0800
|
||||
|
||||
MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
|
||||
|
||||
Attacker able to modify physical memory and ResumeCount.
|
||||
System will crash/DoS when ResumeCount reaches its MAX_UINT32.
|
||||
|
||||
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||
Cc: Dandan Bi <dandan.bi@intel.com>
|
||||
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../FirmwarePerformancePei.c | 12 ++++++++----
|
||||
1 file changed, 8 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
index 6881466201..54b3bc3c54 100644
|
||||
--- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
|
||||
@@ -110,11 +110,15 @@ FpdtStatusCodeListenerPei (
|
||||
//
|
||||
S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
AcpiS3ResumeRecord->ResumeCount++;
|
||||
- AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
+ if (AcpiS3ResumeRecord->ResumeCount > 0) {
|
||||
+ AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
|
||||
+ DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
|
||||
+ } else {
|
||||
+ DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
|
||||
+ }
|
||||
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = %d\n", AcpiS3ResumeRecord->ResumeCount));
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = %ld\n", AcpiS3ResumeRecord->FullResume));
|
||||
- DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
|
||||
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
|
||||
+ DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume = 0x%x\n", AcpiS3ResumeRecord->FullResume));
|
||||
|
||||
//
|
||||
// Update S3 Suspend Performance Record.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,90 +0,0 @@
|
||||
From 5ba444af245d59e3208260478aa710d4f143f259 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:06:25 -0400
|
||||
Subject: [PATCH 20/31] MdeModulePkg/Rng: Add GUID to describe unsafe Rng
|
||||
algorithms
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [20/31] d0e553560d60122f2fe5f33923b5b943c138a18d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 414c0f20896f3dec412135fa4260f8aad8bef246
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:07 2023 +0200
|
||||
|
||||
MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||
|
||||
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
a GetRngGuid() function is added in a following patch.
|
||||
|
||||
Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
|
||||
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++
|
||||
MdeModulePkg/MdeModulePkg.dec | 3 +++
|
||||
2 files changed, 26 insertions(+)
|
||||
create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
|
||||
diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
new file mode 100644
|
||||
index 0000000000..e2ac2ba3e5
|
||||
--- /dev/null
|
||||
+++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h
|
||||
@@ -0,0 +1,23 @@
|
||||
+/** @file
|
||||
+ Rng Algorithm
|
||||
+
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#ifndef RNG_ALGORITHM_GUID_H_
|
||||
+#define RNG_ALGORITHM_GUID_H_
|
||||
+
|
||||
+///
|
||||
+/// The implementation of a Random Number Generator might be unsafe, when using
|
||||
+/// a dummy implementation for instance. Allow identifying such implementation
|
||||
+/// with this GUID.
|
||||
+///
|
||||
+#define EDKII_RNG_ALGORITHM_UNSAFE \
|
||||
+ { \
|
||||
+ 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
|
||||
+ }
|
||||
+
|
||||
+extern EFI_GUID gEdkiiRngAlgorithmUnSafe;
|
||||
+
|
||||
+#endif // #ifndef RNG_ALGORITHM_GUID_H_
|
||||
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
|
||||
index 08d59dfb3e..3513a9678a 100644
|
||||
--- a/MdeModulePkg/MdeModulePkg.dec
|
||||
+++ b/MdeModulePkg/MdeModulePkg.dec
|
||||
@@ -401,6 +401,9 @@
|
||||
## Include/Guid/MigratedFvInfo.h
|
||||
gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }
|
||||
|
||||
+ ## Include/Guid/RngAlgorithm.h
|
||||
+ gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
|
||||
+
|
||||
#
|
||||
# GUID defined in UniversalPayload
|
||||
#
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,89 +0,0 @@
|
||||
From 3800b9ee5d6d4c05c7e27f949c3b32c422c78f2d Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:02:31 -0400
|
||||
Subject: [PATCH 16/31] MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [16/31] 6e199344d083e90f60cbe01dfb3c2a3719e3177d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit e93468442b7da7bc80e00014e854c0c8a0a7184b
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:03 2023 +0200
|
||||
|
||||
MdePkg: Add deprecated warning to BaseRngLibTimer
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
|
||||
|
||||
To keep the MdePkg self-contained and avoid dependencies on GUIDs
|
||||
defined in other packages, the BaseRngLibTimer was moved to the
|
||||
MdePkg.
|
||||
Add a constructor to warn and request to use the MdeModulePkg
|
||||
implementation.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 +
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 22 +++++++++++++++++++
|
||||
2 files changed, 23 insertions(+)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
index f857290e82..96c90db63f 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
@@ -23,6 +23,7 @@
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = RngLib
|
||||
+ CONSTRUCTOR = BaseRngLibTimerConstructor
|
||||
|
||||
[Sources]
|
||||
RngLibTimer.c
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 54d29d96f3..6b8392162b 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -13,6 +13,28 @@
|
||||
|
||||
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||
|
||||
+/**
|
||||
+ This implementation is to be replaced by its MdeModulePkg copy.
|
||||
+ The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||
+ be defined in the MdePkg.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS.
|
||||
+**/
|
||||
+RETURN_STATUS
|
||||
+EFIAPI
|
||||
+BaseRngLibTimerConstructor (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ DEBUG ((
|
||||
+ DEBUG_WARN,
|
||||
+ "Warning: This BaseRngTimerLib implementation will be deprecated. "
|
||||
+ "Please use the MdeModulePkg implementation equivalent.\n"
|
||||
+ ));
|
||||
+
|
||||
+ return RETURN_SUCCESS;
|
||||
+}
|
||||
+
|
||||
/**
|
||||
Using the TimerLib GetPerformanceCounterProperties() we delay
|
||||
for enough time for the PerformanceCounter to increment.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,94 +0,0 @@
|
||||
From 1198bceefa4834c09e1edc1c558aeffe4930d1f5 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 11 Jun 2024 21:32:26 -0400
|
||||
Subject: [PATCH 03/31] MdePkg: Apply uncrustify changes
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [3/31] 422d94b837bf0e65164968272a358c2656f59838
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
This is a subset of the whitespace changes in the corresponding upstream
|
||||
commit. It is needed for the next commits in this series to apply with
|
||||
less fewer conflicts.
|
||||
|
||||
commit 2f88bd3a1296c522317f1c21377876de63de5be7
|
||||
Author: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||
Date: Sun Dec 5 14:54:05 2021 -0800
|
||||
|
||||
MdePkg: Apply uncrustify changes
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
|
||||
|
||||
Apply uncrustify changes to .c/.h files in the MdePkg package
|
||||
|
||||
Cc: Andrew Fish <afish@apple.com>
|
||||
Cc: Leif Lindholm <leif@nuviainc.com>
|
||||
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Protocol/Rng.h | 24 ++++++++++++------------
|
||||
1 file changed, 12 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||
index a0a05d1661..baf425587b 100644
|
||||
--- a/MdePkg/Include/Protocol/Rng.h
|
||||
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||
@@ -93,7 +93,7 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
-(EFIAPI *EFI_RNG_GET_INFO) (
|
||||
+(EFIAPI *EFI_RNG_GET_INFO)(
|
||||
IN EFI_RNG_PROTOCOL *This,
|
||||
IN OUT UINTN *RNGAlgorithmListSize,
|
||||
OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
|
||||
@@ -123,9 +123,9 @@ EFI_STATUS
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
-(EFIAPI *EFI_RNG_GET_RNG) (
|
||||
+(EFIAPI *EFI_RNG_GET_RNG)(
|
||||
IN EFI_RNG_PROTOCOL *This,
|
||||
- IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL
|
||||
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
|
||||
IN UINTN RNGValueLength,
|
||||
OUT UINT8 *RNGValue
|
||||
);
|
||||
@@ -135,16 +135,16 @@ EFI_STATUS
|
||||
/// applications, or entropy for seeding other random number generators.
|
||||
///
|
||||
struct _EFI_RNG_PROTOCOL {
|
||||
- EFI_RNG_GET_INFO GetInfo;
|
||||
- EFI_RNG_GET_RNG GetRNG;
|
||||
+ EFI_RNG_GET_INFO GetInfo;
|
||||
+ EFI_RNG_GET_RNG GetRNG;
|
||||
};
|
||||
|
||||
-extern EFI_GUID gEfiRngProtocolGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
-extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
+extern EFI_GUID gEfiRngProtocolGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
+extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
|
||||
#endif
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 08fc72d06946ef3adebf110c097ed869ab0ed416 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 30 Jan 2024 14:04:39 +0100
|
||||
Subject: [PATCH 7/9] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache
|
||||
types
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
|
||||
RH-Jira: RHEL-21704
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2)
|
||||
|
||||
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-ID: <20240130130441.772484-3-kraxel@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
|
||||
index 756e7c86ec..08ba949cf7 100644
|
||||
--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
|
||||
+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
|
||||
@@ -2103,6 +2103,13 @@ typedef union {
|
||||
#define MSR_IA32_MTRR_PHYSBASE9 0x00000212
|
||||
/// @}
|
||||
|
||||
+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0
|
||||
+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1
|
||||
+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4
|
||||
+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5
|
||||
+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6
|
||||
+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7
|
||||
+
|
||||
/**
|
||||
MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to
|
||||
#MSR_IA32_MTRR_PHYSBASE9
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,213 +0,0 @@
|
||||
From 1d4b6d489cb919faa3ad67a3ae53fe26c4cd0a75 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:32:29 -0400
|
||||
Subject: [PATCH 25/31] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
|
||||
CPUID
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [25/31] 11804d6f86a644ae2c3dcad89c633ad63b794d3f
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
|
||||
Author: Pedro Falcato <pedro.falcato@gmail.com>
|
||||
Date: Tue Nov 22 22:31:03 2022 +0000
|
||||
|
||||
MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
|
||||
|
||||
RDRAND has notoriously been broken many times over its lifespan.
|
||||
Add a smoketest to RDRAND, in order to better sniff out potential
|
||||
security concerns.
|
||||
|
||||
Also add a proper CPUID test in order to support older CPUs which may
|
||||
not have it; it was previously being tested but then promptly ignored.
|
||||
|
||||
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
|
||||
:x86_init_rdrand() per commit 049f9ae9..
|
||||
|
||||
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
|
||||
code to MIT and the public domain.
|
||||
|
||||
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
|
||||
<..>
|
||||
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
|
||||
> also place it into public domain. Do with it what you will now.
|
||||
>
|
||||
> Jason
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
|
||||
|
||||
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
|
||||
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@gmail.com>
|
||||
---
|
||||
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
|
||||
1 file changed, 91 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
index aee8ea04e8..7132ab0efd 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
@@ -3,6 +3,7 @@
|
||||
to provide high-quality random numbers.
|
||||
|
||||
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -25,6 +26,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
STATIC BOOLEAN mRdRandSupported;
|
||||
|
||||
+//
|
||||
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
|
||||
+//
|
||||
+#define RDRAND_RETRIES 10
|
||||
+
|
||||
+#define RDRAND_TEST_SAMPLES 8
|
||||
+
|
||||
+#define RDRAND_MIN_CHANGE 5
|
||||
+
|
||||
+//
|
||||
+// Add a define for native-word RDRAND, just for the test.
|
||||
+//
|
||||
+#ifdef MDE_CPU_X64
|
||||
+#define ASM_RDRAND AsmRdRand64
|
||||
+#else
|
||||
+#define ASM_RDRAND AsmRdRand32
|
||||
+#endif
|
||||
+
|
||||
+/**
|
||||
+ Tests RDRAND for broken implementations.
|
||||
+
|
||||
+ @retval TRUE RDRAND is reliable (and hopefully safe).
|
||||
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
|
||||
+
|
||||
+**/
|
||||
+STATIC
|
||||
+BOOLEAN
|
||||
+TestRdRand (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ //
|
||||
+ // Test for notoriously broken rdrand implementations that always return the same
|
||||
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
|
||||
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
|
||||
+ //
|
||||
+
|
||||
+ //
|
||||
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
|
||||
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
|
||||
+ //
|
||||
+ UINTN Prev;
|
||||
+ UINT8 Idx;
|
||||
+ UINT8 TestIteration;
|
||||
+ UINT32 Changed;
|
||||
+
|
||||
+ Changed = 0;
|
||||
+
|
||||
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
|
||||
+ UINTN Sample;
|
||||
+ //
|
||||
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
|
||||
+ // Any failure to get a random number will assume RDRAND does not work.
|
||||
+ //
|
||||
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
|
||||
+ if (ASM_RDRAND (&Sample)) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (Idx == RDRAND_RETRIES) {
|
||||
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ if (TestIteration != 0) {
|
||||
+ Changed += Sample != Prev;
|
||||
+ }
|
||||
+
|
||||
+ Prev = Sample;
|
||||
+ }
|
||||
+
|
||||
+ if (Changed < RDRAND_MIN_CHANGE) {
|
||||
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
+ return TRUE;
|
||||
+}
|
||||
+
|
||||
+#undef ASM_RDRAND
|
||||
+
|
||||
/**
|
||||
The constructor function checks whether or not RDRAND instruction is supported
|
||||
by the host hardware.
|
||||
@@ -49,10 +132,13 @@ BaseRngLibConstructor (
|
||||
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
|
||||
//
|
||||
AsmCpuid (1, 0, 0, &RegEcx, 0);
|
||||
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||
|
||||
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
|
||||
|
||||
+ if (mRdRandSupported) {
|
||||
+ mRdRandSupported = TestRdRand ();
|
||||
+ }
|
||||
+
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
@@ -71,6 +157,7 @@ ArchGetRandomNumber16 (
|
||||
OUT UINT16 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand16 (Rand);
|
||||
}
|
||||
|
||||
@@ -89,6 +176,7 @@ ArchGetRandomNumber32 (
|
||||
OUT UINT32 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand32 (Rand);
|
||||
}
|
||||
|
||||
@@ -107,6 +195,7 @@ ArchGetRandomNumber64 (
|
||||
OUT UINT64 *Rand
|
||||
)
|
||||
{
|
||||
+ ASSERT (mRdRandSupported);
|
||||
return AsmRdRand64 (Rand);
|
||||
}
|
||||
|
||||
@@ -123,13 +212,7 @@ ArchIsRngSupported (
|
||||
VOID
|
||||
)
|
||||
{
|
||||
- /*
|
||||
- Existing software depends on this always returning TRUE, so for
|
||||
- now hard-code it.
|
||||
-
|
||||
- return mRdRandSupported;
|
||||
- */
|
||||
- return TRUE;
|
||||
+ return mRdRandSupported;
|
||||
}
|
||||
|
||||
/**
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,66 +0,0 @@
|
||||
From 3351bd0ba07cc490c344d2dc54b86833993ca5a2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 15:58:58 -0400
|
||||
Subject: [PATCH 18/31] MdePkg/DxeRngLib: Request raw algorithm instead of
|
||||
default
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [18/31] fa2da700127ae713aa578638c2390673fc49522d
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit bd1f0eecc1dfe51ba20161bef8860d12392006bd
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:05 2023 +0200
|
||||
|
||||
MdePkg/DxeRngLib: Request raw algorithm instead of default
|
||||
|
||||
The DxeRngLib tries to generate a random number using the 3 NIST
|
||||
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
|
||||
If none of the call is successful, the fallback option is the default
|
||||
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
|
||||
be an unsafe implementation.
|
||||
|
||||
Try requesting the Raw algorithm before requesting the default one.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Library/DxeRngLib/DxeRngLib.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
index 9c3d67b5a6..4b2fc1cde5 100644
|
||||
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
@@ -64,9 +64,16 @@ GenerateRandomNumberViaNist800Algorithm (
|
||||
if (!EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
+
|
||||
+ Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
|
||||
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
|
||||
+ if (!EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
// If all the other methods have failed, use the default method from the RngProtocol
|
||||
Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
|
||||
- DEBUG((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __FUNCTION__, Status));
|
||||
+ DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
|
||||
if (!EFI_ERROR (Status)) {
|
||||
return Status;
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,390 +0,0 @@
|
||||
From b8261ac422ba284249cd4f341d78d058e79960f5 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 7 Feb 2024 11:56:37 -0500
|
||||
Subject: [PATCH 03/17] MdePkg: Introduce CcMeasurementProtocol for CC Guest
|
||||
firmware
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
|
||||
RH-Jira: RHEL-21154 RHEL-21156
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [3/13] 6bf304f8e3bc875024c8fb0a4cd5d2c944f69480 (jmaloy/jons_fork)
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21154
|
||||
CVE: CVE-2022-36763
|
||||
Upstream: Merged
|
||||
|
||||
commit e193584da60550008722498442c62ddb77bf27d5
|
||||
Author: Min Xu <min.m.xu@intel.com>
|
||||
Date: Sat Dec 11 21:08:40 2021 +0800
|
||||
|
||||
MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
|
||||
|
||||
CC guest is a Confidential Computing guest. If CC Guest firmware
|
||||
supports measurement and an event is created, CC Guest firmware
|
||||
is designed to report the event log with the same data structure
|
||||
in TCG-Platform-Firmware-Profile specification with
|
||||
EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
|
||||
|
||||
The CC Guest firmware supports measurement. It is designed to
|
||||
produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
|
||||
EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides
|
||||
hash capability.
|
||||
|
||||
Cc: Michael D Kinney <michael.d.kinney@intel.com>
|
||||
Cc: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
|
||||
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Ken Lu <ken.lu@intel.com>
|
||||
Cc: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
|
||||
Signed-off-by: Min Xu <min.m.xu@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Protocol/CcMeasurement.h | 302 ++++++++++++++++++++++++
|
||||
MdePkg/MdePkg.dec | 6 +
|
||||
2 files changed, 308 insertions(+)
|
||||
create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/CcMeasurement.h b/MdePkg/Include/Protocol/CcMeasurement.h
|
||||
new file mode 100644
|
||||
index 0000000000..68029e977f
|
||||
--- /dev/null
|
||||
+++ b/MdePkg/Include/Protocol/CcMeasurement.h
|
||||
@@ -0,0 +1,302 @@
|
||||
+/** @file
|
||||
+ If CC Guest firmware supports measurement and an event is created,
|
||||
+ CC Guest firmware is designed to report the event log with the same
|
||||
+ data structure in TCG-Platform-Firmware-Profile specification with
|
||||
+ EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
|
||||
+
|
||||
+ The CC Guest firmware supports measurement, the CC Guest Firmware is
|
||||
+ designed to produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
|
||||
+ EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides hash
|
||||
+ capability.
|
||||
+
|
||||
+Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
|
||||
+SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+
|
||||
+**/
|
||||
+
|
||||
+#ifndef CC_MEASUREMENT_PROTOCOL_H_
|
||||
+#define CC_MEASUREMENT_PROTOCOL_H_
|
||||
+
|
||||
+#include <IndustryStandard/UefiTcgPlatform.h>
|
||||
+
|
||||
+#define EFI_CC_MEASUREMENT_PROTOCOL_GUID \
|
||||
+ { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
|
||||
+extern EFI_GUID gEfiCcMeasurementProtocolGuid;
|
||||
+
|
||||
+typedef struct _EFI_CC_MEASUREMENT_PROTOCOL EFI_CC_MEASUREMENT_PROTOCOL;
|
||||
+
|
||||
+typedef struct {
|
||||
+ UINT8 Major;
|
||||
+ UINT8 Minor;
|
||||
+} EFI_CC_VERSION;
|
||||
+
|
||||
+//
|
||||
+// EFI_CC Type/SubType definition
|
||||
+//
|
||||
+#define EFI_CC_TYPE_NONE 0
|
||||
+#define EFI_CC_TYPE_SEV 1
|
||||
+#define EFI_CC_TYPE_TDX 2
|
||||
+
|
||||
+typedef struct {
|
||||
+ UINT8 Type;
|
||||
+ UINT8 SubType;
|
||||
+} EFI_CC_TYPE;
|
||||
+
|
||||
+typedef UINT32 EFI_CC_EVENT_LOG_BITMAP;
|
||||
+typedef UINT32 EFI_CC_EVENT_LOG_FORMAT;
|
||||
+typedef UINT32 EFI_CC_EVENT_ALGORITHM_BITMAP;
|
||||
+typedef UINT32 EFI_CC_MR_INDEX;
|
||||
+
|
||||
+//
|
||||
+// Intel TDX measure register index
|
||||
+//
|
||||
+#define TDX_MR_INDEX_MRTD 0
|
||||
+#define TDX_MR_INDEX_RTMR0 1
|
||||
+#define TDX_MR_INDEX_RTMR1 2
|
||||
+#define TDX_MR_INDEX_RTMR2 3
|
||||
+#define TDX_MR_INDEX_RTMR3 4
|
||||
+
|
||||
+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
|
||||
+#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004
|
||||
+
|
||||
+//
|
||||
+// This bit is shall be set when an event shall be extended but not logged.
|
||||
+//
|
||||
+#define EFI_CC_FLAG_EXTEND_ONLY 0x0000000000000001
|
||||
+//
|
||||
+// This bit shall be set when the intent is to measure a PE/COFF image.
|
||||
+//
|
||||
+#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010
|
||||
+
|
||||
+#pragma pack (1)
|
||||
+
|
||||
+#define EFI_CC_EVENT_HEADER_VERSION 1
|
||||
+
|
||||
+typedef struct {
|
||||
+ //
|
||||
+ // Size of the event header itself (sizeof(EFI_CC_EVENT_HEADER)).
|
||||
+ //
|
||||
+ UINT32 HeaderSize;
|
||||
+ //
|
||||
+ // Header version. For this version of this specification, the value shall be 1.
|
||||
+ //
|
||||
+ UINT16 HeaderVersion;
|
||||
+ //
|
||||
+ // Index of the MR (measurement register) that shall be extended.
|
||||
+ //
|
||||
+ EFI_CC_MR_INDEX MrIndex;
|
||||
+ //
|
||||
+ // Type of the event that shall be extended (and optionally logged).
|
||||
+ //
|
||||
+ UINT32 EventType;
|
||||
+} EFI_CC_EVENT_HEADER;
|
||||
+
|
||||
+typedef struct {
|
||||
+ //
|
||||
+ // Total size of the event including the Size component, the header and the Event data.
|
||||
+ //
|
||||
+ UINT32 Size;
|
||||
+ EFI_CC_EVENT_HEADER Header;
|
||||
+ UINT8 Event[1];
|
||||
+} EFI_CC_EVENT;
|
||||
+
|
||||
+#pragma pack()
|
||||
+
|
||||
+typedef struct {
|
||||
+ //
|
||||
+ // Allocated size of the structure
|
||||
+ //
|
||||
+ UINT8 Size;
|
||||
+ //
|
||||
+ // Version of the EFI_CC_BOOT_SERVICE_CAPABILITY structure itself.
|
||||
+ // For this version of the protocol, the Major version shall be set to 1
|
||||
+ // and the Minor version shall be set to 0.
|
||||
+ //
|
||||
+ EFI_CC_VERSION StructureVersion;
|
||||
+ //
|
||||
+ // Version of the EFI CC Measurement protocol.
|
||||
+ // For this version of the protocol, the Major version shall be set to 1
|
||||
+ // and the Minor version shall be set to 0.
|
||||
+ //
|
||||
+ EFI_CC_VERSION ProtocolVersion;
|
||||
+ //
|
||||
+ // Supported hash algorithms
|
||||
+ //
|
||||
+ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
|
||||
+ //
|
||||
+ // Bitmap of supported event log formats
|
||||
+ //
|
||||
+ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs;
|
||||
+
|
||||
+ //
|
||||
+ // Indicates the CC type
|
||||
+ //
|
||||
+ EFI_CC_TYPE CcType;
|
||||
+} EFI_CC_BOOT_SERVICE_CAPABILITY;
|
||||
+
|
||||
+/**
|
||||
+ The EFI_CC_MEASUREMENT_PROTOCOL GetCapability function call provides protocol
|
||||
+ capability information and state information.
|
||||
+
|
||||
+ @param[in] This Indicates the calling context
|
||||
+ @param[in, out] ProtocolCapability The caller allocates memory for a EFI_CC_BOOT_SERVICE_CAPABILITY
|
||||
+ structure and sets the size field to the size of the structure allocated.
|
||||
+ The callee fills in the fields with the EFI CC BOOT Service capability
|
||||
+ information and the current CC information.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Operation completed successfully.
|
||||
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
|
||||
+ The ProtocolCapability variable will not be populated.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
+ The ProtocolCapability variable will not be populated.
|
||||
+ @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
|
||||
+ It will be partially populated (required Size field will be set).
|
||||
+**/
|
||||
+typedef
|
||||
+EFI_STATUS
|
||||
+(EFIAPI *EFI_CC_GET_CAPABILITY)(
|
||||
+ IN EFI_CC_MEASUREMENT_PROTOCOL *This,
|
||||
+ IN OUT EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability
|
||||
+ );
|
||||
+
|
||||
+/**
|
||||
+ The EFI_CC_MEASUREMENT_PROTOCOL Get Event Log function call allows a caller to
|
||||
+ retrieve the address of a given event log and its last entry.
|
||||
+
|
||||
+ @param[in] This Indicates the calling context
|
||||
+ @param[in] EventLogFormat The type of the event log for which the information is requested.
|
||||
+ @param[out] EventLogLocation A pointer to the memory address of the event log.
|
||||
+ @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
|
||||
+ address of the start of the last entry in the event log in memory.
|
||||
+ @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
|
||||
+ have exceeded the area allocated for events, this value is set to TRUE.
|
||||
+ Otherwise, the value will be FALSE and the Event Log will be complete.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Operation completed successfully.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
|
||||
+ (e.g. asking for an event log whose format is not supported).
|
||||
+**/
|
||||
+typedef
|
||||
+EFI_STATUS
|
||||
+(EFIAPI *EFI_CC_GET_EVENT_LOG)(
|
||||
+ IN EFI_CC_MEASUREMENT_PROTOCOL *This,
|
||||
+ IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
|
||||
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
|
||||
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
|
||||
+ OUT BOOLEAN *EventLogTruncated
|
||||
+ );
|
||||
+
|
||||
+/**
|
||||
+ The EFI_CC_MEASUREMENT_PROTOCOL HashLogExtendEvent function call provides
|
||||
+ callers with an opportunity to extend and optionally log events without requiring
|
||||
+ knowledge of actual CC commands.
|
||||
+ The extend operation will occur even if this function cannot create an event
|
||||
+ log entry (e.g. due to the event log being full).
|
||||
+
|
||||
+ @param[in] This Indicates the calling context
|
||||
+ @param[in] Flags Bitmap providing additional information.
|
||||
+ @param[in] DataToHash Physical address of the start of the data buffer to be hashed.
|
||||
+ @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
|
||||
+ @param[in] EfiCcEvent Pointer to data buffer containing information about the event.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Operation completed successfully.
|
||||
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
|
||||
+ @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
+ @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
|
||||
+**/
|
||||
+typedef
|
||||
+EFI_STATUS
|
||||
+(EFIAPI *EFI_CC_HASH_LOG_EXTEND_EVENT)(
|
||||
+ IN EFI_CC_MEASUREMENT_PROTOCOL *This,
|
||||
+ IN UINT64 Flags,
|
||||
+ IN EFI_PHYSICAL_ADDRESS DataToHash,
|
||||
+ IN UINT64 DataToHashLen,
|
||||
+ IN EFI_CC_EVENT *EfiCcEvent
|
||||
+ );
|
||||
+
|
||||
+/**
|
||||
+ The EFI_CC_MEASUREMENT_PROTOCOL MapPcrToMrIndex function call provides callers
|
||||
+ the info on TPM PCR <-> CC MR mapping information.
|
||||
+
|
||||
+ @param[in] This Indicates the calling context
|
||||
+ @param[in] PcrIndex TPM PCR index.
|
||||
+ @param[out] MrIndex CC MR index.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The MrIndex is returned.
|
||||
+ @retval EFI_INVALID_PARAMETER The MrIndex is NULL.
|
||||
+ @retval EFI_UNSUPPORTED The PcrIndex is invalid.
|
||||
+**/
|
||||
+typedef
|
||||
+EFI_STATUS
|
||||
+(EFIAPI *EFI_CC_MAP_PCR_TO_MR_INDEX)(
|
||||
+ IN EFI_CC_MEASUREMENT_PROTOCOL *This,
|
||||
+ IN TCG_PCRINDEX PcrIndex,
|
||||
+ OUT EFI_CC_MR_INDEX *MrIndex
|
||||
+ );
|
||||
+
|
||||
+struct _EFI_CC_MEASUREMENT_PROTOCOL {
|
||||
+ EFI_CC_GET_CAPABILITY GetCapability;
|
||||
+ EFI_CC_GET_EVENT_LOG GetEventLog;
|
||||
+ EFI_CC_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
|
||||
+ EFI_CC_MAP_PCR_TO_MR_INDEX MapPcrToMrIndex;
|
||||
+};
|
||||
+
|
||||
+//
|
||||
+// CC event log
|
||||
+//
|
||||
+
|
||||
+#pragma pack(1)
|
||||
+
|
||||
+//
|
||||
+// Crypto Agile Log Entry Format.
|
||||
+// It is similar with TCG_PCR_EVENT2 except the field of MrIndex and PCRIndex.
|
||||
+//
|
||||
+typedef struct {
|
||||
+ EFI_CC_MR_INDEX MrIndex;
|
||||
+ UINT32 EventType;
|
||||
+ TPML_DIGEST_VALUES Digests;
|
||||
+ UINT32 EventSize;
|
||||
+ UINT8 Event[1];
|
||||
+} CC_EVENT;
|
||||
+
|
||||
+//
|
||||
+// EFI CC Event Header
|
||||
+// It is similar with TCG_PCR_EVENT2_HDR except the field of MrIndex and PCRIndex
|
||||
+//
|
||||
+typedef struct {
|
||||
+ EFI_CC_MR_INDEX MrIndex;
|
||||
+ UINT32 EventType;
|
||||
+ TPML_DIGEST_VALUES Digests;
|
||||
+ UINT32 EventSize;
|
||||
+} CC_EVENT_HDR;
|
||||
+
|
||||
+#pragma pack()
|
||||
+
|
||||
+//
|
||||
+// Log entries after Get Event Log service
|
||||
+//
|
||||
+
|
||||
+#define EFI_CC_FINAL_EVENTS_TABLE_VERSION 1
|
||||
+
|
||||
+typedef struct {
|
||||
+ //
|
||||
+ // The version of this structure. It shall be set to 1.
|
||||
+ //
|
||||
+ UINT64 Version;
|
||||
+ //
|
||||
+ // Number of events recorded after invocation of GetEventLog API
|
||||
+ //
|
||||
+ UINT64 NumberOfEvents;
|
||||
+ //
|
||||
+ // List of events of type CC_EVENT.
|
||||
+ //
|
||||
+ // CC_EVENT Event[1];
|
||||
+} EFI_CC_FINAL_EVENTS_TABLE;
|
||||
+
|
||||
+#define EFI_CC_FINAL_EVENTS_TABLE_GUID \
|
||||
+ {0xdd4a4648, 0x2de7, 0x4665, {0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46}}
|
||||
+
|
||||
+extern EFI_GUID gEfiCcFinalEventsTableGuid;
|
||||
+
|
||||
+#endif
|
||||
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||
index 8b18415b10..6389a48338 100644
|
||||
--- a/MdePkg/MdePkg.dec
|
||||
+++ b/MdePkg/MdePkg.dec
|
||||
@@ -823,6 +823,9 @@
|
||||
#
|
||||
gLinuxEfiInitrdMediaGuid = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
|
||||
|
||||
+ ## Include/Protocol/CcMeasurement.h
|
||||
+ gEfiCcFinalEventsTableGuid = { 0xdd4a4648, 0x2de7, 0x4665, { 0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46 }}
|
||||
+
|
||||
[Guids.IA32, Guids.X64]
|
||||
## Include/Guid/Cper.h
|
||||
gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
|
||||
@@ -1011,6 +1014,9 @@
|
||||
## Include/Protocol/PcdInfo.h
|
||||
gGetPcdInfoProtocolGuid = { 0x5be40f57, 0xfa68, 0x4610, { 0xbb, 0xbf, 0xe9, 0xc5, 0xfc, 0xda, 0xd3, 0x65 } }
|
||||
|
||||
+ ## Include/Protocol/CcMeasurement.h
|
||||
+ gEfiCcMeasurementProtocolGuid = { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
|
||||
+
|
||||
#
|
||||
# Protocols defined in PI1.0.
|
||||
#
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,91 +0,0 @@
|
||||
From 2a01056c29542a10941cb32929032b80df091a17 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:04:48 -0400
|
||||
Subject: [PATCH 19/31] MdePkg/Rng: Add GUID to describe Arm Rndr Rng
|
||||
algorithms
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [19/31] 58b0f069c74b00eb6476427dd84a50a86aceb598
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:06 2023 +0200
|
||||
|
||||
MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
|
||||
|
||||
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
|
||||
|
||||
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
a GetRngGuid() function is added in a following patch.
|
||||
|
||||
Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
|
||||
to describe a Rng algorithm accessed through Arm's RNDR instruction.
|
||||
[1] states that the implementation of this algorithm should be
|
||||
compliant to NIST SP900-80. The compliance is not guaranteed.
|
||||
|
||||
[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
|
||||
sK12.1 'Properties of the generated random number'
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Include/Protocol/Rng.h | 10 ++++++++++
|
||||
MdePkg/MdePkg.dec | 1 +
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
|
||||
index baf425587b..38bde53240 100644
|
||||
--- a/MdePkg/Include/Protocol/Rng.h
|
||||
+++ b/MdePkg/Include/Protocol/Rng.h
|
||||
@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
|
||||
{ \
|
||||
0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
|
||||
}
|
||||
+///
|
||||
+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
|
||||
+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
|
||||
+/// inclusive of different geographies.
|
||||
+///
|
||||
+#define EFI_RNG_ALGORITHM_ARM_RNDR \
|
||||
+ { \
|
||||
+ 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
|
||||
+ }
|
||||
|
||||
/**
|
||||
Returns information about the random number generation implementation.
|
||||
@@ -146,5 +155,6 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
|
||||
extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
|
||||
extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
|
||||
extern EFI_GUID gEfiRngAlgorithmRaw;
|
||||
+extern EFI_GUID gEfiRngAlgorithmArmRndr;
|
||||
|
||||
#endif
|
||||
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
|
||||
index 8f05e822ac..36501e8bb9 100644
|
||||
--- a/MdePkg/MdePkg.dec
|
||||
+++ b/MdePkg/MdePkg.dec
|
||||
@@ -594,6 +594,7 @@
|
||||
gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
|
||||
gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
|
||||
gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
|
||||
+ gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
|
||||
|
||||
## Include/Protocol/AdapterInformation.h
|
||||
gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,409 +0,0 @@
|
||||
From b466e2545e25ebb2004ae9b9f95c6c2f60d1f168 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 16:08:28 -0400
|
||||
Subject: [PATCH 21/31] MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [21/31] 54783ad88ba101c620240aa463c5d758fa416c31
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
|
||||
Author: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Date: Fri Aug 11 16:33:08 2023 +0200
|
||||
|
||||
MdePkg/Rng: Add GetRngGuid() to RngLib
|
||||
|
||||
The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple
|
||||
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
|
||||
To allow the RngDxe to detect when such implementation is used,
|
||||
add a GetRngGuid() function to the RngLib.
|
||||
|
||||
Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
|
||||
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
|
||||
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
|
||||
Acked-by: Ard Biesheuvel <ardb@kernel.org>
|
||||
Tested-by: Kun Qin <kun.qin@microsoft.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 +++++++++++++
|
||||
MdePkg/Include/Library/RngLib.h | 19 ++++++++-
|
||||
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++++++
|
||||
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 +++++
|
||||
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 ++++++++++++
|
||||
.../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++++
|
||||
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 23 ++++++++++
|
||||
MdePkg/Library/DxeRngLib/DxeRngLib.c | 28 +++++++++++++
|
||||
9 files changed, 201 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
index f729001060..8461260cc8 100644
|
||||
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
|
||||
@@ -29,6 +29,10 @@
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
+ MdeModulePkg/MdeModulePkg.dec
|
||||
+
|
||||
+[Guids]
|
||||
+ gEdkiiRngAlgorithmUnSafe
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 980854d67b..28ff46c71f 100644
|
||||
--- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -2,14 +2,18 @@
|
||||
BaseRng Library that uses the TimerLib to provide reasonably random numbers.
|
||||
Do not use this on a production system.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||
Copyright (c) Microsoft Corporation.
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
|
||||
#include <Base.h>
|
||||
+#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/TimerLib.h>
|
||||
+#include <Guid/RngAlgorithm.h>
|
||||
|
||||
#define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
|
||||
|
||||
@@ -190,3 +194,27 @@ GetRandomNumber128 (
|
||||
// Read second 64 bits
|
||||
return GetRandomNumber64 (++Rand);
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid));
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLib.h
|
||||
index 05e513022e..801aa6d5bd 100644
|
||||
--- a/MdePkg/Include/Library/RngLib.h
|
||||
+++ b/MdePkg/Include/Library/RngLib.h
|
||||
@@ -1,6 +1,7 @@
|
||||
/** @file
|
||||
Provides random number generator services.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -77,4 +78,20 @@ GetRandomNumber128 (
|
||||
OUT UINT64 *Rand
|
||||
);
|
||||
|
||||
-#endif // __RNG_LIB_H__
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ );
|
||||
+
|
||||
+#endif // __RNG_LIB_H__
|
||||
diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
index c9f8c813ed..7641314a54 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
|
||||
@@ -2,6 +2,7 @@
|
||||
Random number generator service that uses the RNDR instruction
|
||||
to provide pseudorandom numbers.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -11,6 +12,7 @@
|
||||
|
||||
#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
|
||||
@@ -137,3 +139,43 @@ ArchIsRngSupported (
|
||||
{
|
||||
return mRndrSupported;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ GUID *RngLibGuid;
|
||||
+
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ if (!mRndrSupported) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // If the platform advertises the algorithm behind RNDR instruction,
|
||||
+ // use it. Otherwise use gEfiRngAlgorithmArmRndr.
|
||||
+ //
|
||||
+ RngLibGuid = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
|
||||
+ if (!IsZeroGuid (RngLibGuid)) {
|
||||
+ CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid));
|
||||
+ } else {
|
||||
+ CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid));
|
||||
+ }
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
index 1fcceb9414..49503b139b 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
||||
@@ -4,6 +4,7 @@
|
||||
# BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
|
||||
# provide random numbers.
|
||||
#
|
||||
+# Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
# Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
#
|
||||
@@ -43,9 +44,18 @@
|
||||
AArch64/ArmReadIdIsar0.asm | MSFT
|
||||
AArch64/ArmRng.asm | MSFT
|
||||
|
||||
+[Guids.AARCH64]
|
||||
+ gEfiRngAlgorithmArmRndr
|
||||
+
|
||||
+[Guids.Ia32, Guids.X64]
|
||||
+ gEfiRngAlgorithmSp80090Ctr256Guid
|
||||
+
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
|
||||
+[Pcd.AARCH64]
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
|
||||
+
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
DebugLib
|
||||
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
index 09fb875ac3..aee8ea04e8 100644
|
||||
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
|
||||
@@ -2,6 +2,7 @@
|
||||
Random number generator services that uses RdRand instruction access
|
||||
to provide high-quality random numbers.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
@@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
#include <Uefi.h>
|
||||
#include <Library/BaseLib.h>
|
||||
+#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
|
||||
#include "BaseRngLibInternals.h"
|
||||
@@ -129,3 +131,27 @@ ArchIsRngSupported (
|
||||
*/
|
||||
return TRUE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ if (RngGuid == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid));
|
||||
+ return EFI_SUCCESS;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
index cad30599ea..34a18e6a4d 100644
|
||||
--- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
+++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
|
||||
@@ -1,13 +1,16 @@
|
||||
/** @file
|
||||
Null version of Random number generator services.
|
||||
|
||||
+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
|
||||
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
+#include <Uefi.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/RngLib.h>
|
||||
+#include <Protocol/Rng.h>
|
||||
|
||||
/**
|
||||
Generates a 16-bit random number.
|
||||
@@ -92,3 +95,22 @@ GetRandomNumber128 (
|
||||
ASSERT (FALSE);
|
||||
return FALSE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
index 6b8392162b..7337500fec 100644
|
||||
--- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
|
||||
@@ -209,3 +209,26 @@ GetRandomNumber128 (
|
||||
// Read second 64 bits
|
||||
return GetRandomNumber64 (++Rand);
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+RETURN_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ /* This implementation is to be replaced by its MdeModulePkg copy.
|
||||
+ * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
|
||||
+ * be defined in the MdePkg.
|
||||
+ */
|
||||
+ return RETURN_UNSUPPORTED;
|
||||
+}
|
||||
diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
index 4b2fc1cde5..20248b4107 100644
|
||||
--- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
|
||||
@@ -1,6 +1,7 @@
|
||||
/** @file
|
||||
Provides an implementation of the library class RngLib that uses the Rng protocol.
|
||||
|
||||
+ Copyright (c) 2023, Arm Limited. All rights reserved.
|
||||
Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
@@ -204,3 +205,30 @@ GetRandomNumber128 (
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
+
|
||||
+/**
|
||||
+ Get a GUID identifying the RNG algorithm implementation.
|
||||
+
|
||||
+ @param [out] RngGuid If success, contains the GUID identifying
|
||||
+ the RNG algorithm implementation.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Success.
|
||||
+ @retval EFI_UNSUPPORTED Not supported.
|
||||
+ @retval EFI_INVALID_PARAMETER Invalid parameter.
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+EFIAPI
|
||||
+GetRngGuid (
|
||||
+ GUID *RngGuid
|
||||
+ )
|
||||
+{
|
||||
+ /* It is not possible to know beforehand which Rng algorithm will
|
||||
+ * be used by this library.
|
||||
+ * This API is mainly used by RngDxe. RngDxe relies on the RngLib.
|
||||
+ * The RngLib|DxeRngLib.inf implementation locates and uses an installed
|
||||
+ * EFI_RNG_PROTOCOL.
|
||||
+ * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf.
|
||||
+ * and it is ok not to support this API.
|
||||
+ */
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,63 +0,0 @@
|
||||
From 634ee7a8cef2eac9f41cff4b42859d9d54b204bf Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 20 Jun 2024 10:35:27 -0400
|
||||
Subject: [PATCH 29/31] MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [29/31] 60851c6253df6f0114dc2c5598e0dde139d56c4c
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21856
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45237
|
||||
|
||||
commit 5e776299a2604b336a947e68593012ab2cc16eb4
|
||||
Author: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Fri Jun 14 11:45:53 2024 +0200
|
||||
|
||||
MdePkg/X86UnitTestHost: set rdrand cpuid bit
|
||||
|
||||
Set the rdrand feature bit when faking cpuid for host test cases.
|
||||
Needed to make the CryptoPkg test cases work.
|
||||
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
index d0e428457e..abc092a990 100644
|
||||
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
|
||||
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
|
||||
OUT UINT32 *Edx OPTIONAL
|
||||
)
|
||||
{
|
||||
+ UINT32 RetEcx;
|
||||
+
|
||||
+ RetEcx = 0;
|
||||
+ switch (Index) {
|
||||
+ case 1:
|
||||
+ RetEcx |= BIT30; /* RdRand */
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
if (Eax != NULL) {
|
||||
*Eax = 0;
|
||||
}
|
||||
@@ -73,7 +82,7 @@ UnitTestHostBaseLibAsmCpuid (
|
||||
*Ebx = 0;
|
||||
}
|
||||
if (Ecx != NULL) {
|
||||
- *Ecx = 0;
|
||||
+ *Ecx = RetEcx;
|
||||
}
|
||||
if (Edx != NULL) {
|
||||
*Edx = 0;
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,16 +1,17 @@
|
||||
From aa66757951e9880df4e21e191142400480aa3908 Mon Sep 17 00:00:00 2001
|
||||
From 0d85ac65b3e469e879f687150d0a25e6dbd6cac1 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 8 Feb 2024 10:35:14 -0500
|
||||
Subject: [PATCH 15/17] NetworkPkg: : Add Unit tests to CI and create Host Test
|
||||
Subject: [PATCH 02/18] NetworkPkg: : Add Unit tests to CI and create Host Test
|
||||
DSC
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
|
||||
RH-Jira: RHEL-21840 RHEL-21842
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [2/4] 6669306e2dbb5aa3e7691d57f4a61685b7cd57b2 (jmaloy/jons_fork)
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [2/18] 331bea0d7e46de0e35e595ad08c94eec99c80cd8
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21842
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21843
|
||||
CVE: CVE-2023-45230
|
||||
Upstream: Merged
|
||||
|
||||
@ -165,5 +166,5 @@ index 0000000000..1aeca5c5b3
|
||||
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2
|
||||
+ gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType|0x4
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
@ -1,16 +1,16 @@
|
||||
From ffa1202da2f55c1f540240e8267db9a7ec8d6a60 Mon Sep 17 00:00:00 2001
|
||||
From 3c1cf95b979cea6b0dee6e107756558a7a71d4ac Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 11/15] NetworkPkg: : Adds a SecurityFix.yaml file
|
||||
Subject: [PATCH 14/18] NetworkPkg: : Adds a SecurityFix.yaml file
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [11/15] 8a46b763887843d00293997bdd7d50ea120104d9
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [14/18] dddbcbe14e38dc1bb03acf4622d6285090c4bb02
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21852
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21853
|
||||
CVE: CVE-2022-45235
|
||||
Upstream: Merged
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,17 +1,17 @@
|
||||
From 649fe647114ca5dee84b0c55106ee58a9703984f Mon Sep 17 00:00:00 2001
|
||||
From 3ab0e3be00cc74b39db482e33bfe923f70768ae4 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 15/15] NetworkPkg: Dhcp6Dxe: Packet-Length is not updated
|
||||
Subject: [PATCH 17/18] NetworkPkg: Dhcp6Dxe: Packet-Length is not updated
|
||||
before appending
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [15/15] bc7ef287311bb3f757bc26f8921875566bcb5917
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [17/18] c13c96534ecea4c43ca98cecf0789b07680958ca
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21840
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
@ -37,10 +37,10 @@ Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
1 file changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
index e172ffc2a2..c23eff8766 100644
|
||||
index e4e0725622..f38e3ee3fe 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
@@ -948,6 +948,11 @@ Dhcp6AppendIaOption (
|
||||
@@ -924,6 +924,11 @@ Dhcp6AppendIaOption (
|
||||
*PacketCursor += sizeof (T2);
|
||||
}
|
||||
|
||||
@ -52,7 +52,7 @@ index e172ffc2a2..c23eff8766 100644
|
||||
//
|
||||
// Fill all the addresses belong to the Ia
|
||||
//
|
||||
@@ -959,11 +964,6 @@ Dhcp6AppendIaOption (
|
||||
@@ -935,11 +940,6 @@ Dhcp6AppendIaOption (
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 4bf844922a963cb20fb1e72ca11a65a673992ca2 Mon Sep 17 00:00:00 2001
|
||||
From bb9d1831fd53d43889112a2e30a52b2c4504fdae Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 14/15] NetworkPkg: Dhcp6Dxe: Removes duplicate check and
|
||||
Subject: [PATCH 16/18] NetworkPkg: Dhcp6Dxe: Removes duplicate check and
|
||||
replaces with macro
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [14/15] a943400f9267b219bf1fd202534500f82a2a4c56
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [16/18] 61914482aa965883b1ec3f29cf6143b67e88742a
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21840
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
@ -46,14 +46,14 @@ Date: Tue Feb 13 10:46:01 2024 -0800
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 43 +++++++++++++-----------------
|
||||
1 file changed, 18 insertions(+), 25 deletions(-)
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 44 +++++++++++++-----------------
|
||||
1 file changed, 19 insertions(+), 25 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
index 484c360a96..e172ffc2a2 100644
|
||||
index 705c665c51..e4e0725622 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
@@ -10,6 +10,15 @@
|
||||
@@ -10,6 +10,16 @@
|
||||
|
||||
#include "Dhcp6Impl.h"
|
||||
|
||||
@ -66,10 +66,11 @@ index 484c360a96..e172ffc2a2 100644
|
||||
+ ((*PacketCursor) >= (Packet)->Dhcp6.Option + ((Packet)->Size - sizeof(EFI_DHCP6_HEADER))) \
|
||||
+ ) \
|
||||
+
|
||||
|
||||
+
|
||||
/**
|
||||
Generate client Duid in the format of Duid-llt.
|
||||
@@ -662,9 +671,7 @@ Dhcp6AppendOption (
|
||||
|
||||
@@ -638,9 +648,7 @@ Dhcp6AppendOption (
|
||||
//
|
||||
// Verify the PacketCursor is within the packet
|
||||
//
|
||||
@ -80,7 +81,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
@@ -681,15 +688,6 @@ Dhcp6AppendOption (
|
||||
@@ -657,15 +665,6 @@ Dhcp6AppendOption (
|
||||
return EFI_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
@ -96,7 +97,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);
|
||||
*PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
|
||||
WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);
|
||||
@@ -768,9 +766,7 @@ Dhcp6AppendIaAddrOption (
|
||||
@@ -744,9 +743,7 @@ Dhcp6AppendIaAddrOption (
|
||||
//
|
||||
// Verify the PacketCursor is within the packet
|
||||
//
|
||||
@ -107,7 +108,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
@@ -902,9 +898,7 @@ Dhcp6AppendIaOption (
|
||||
@@ -877,9 +874,7 @@ Dhcp6AppendIaOption (
|
||||
//
|
||||
// Verify the PacketCursor is within the packet
|
||||
//
|
||||
@ -118,7 +119,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
return EFI_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
@@ -966,14 +960,14 @@ Dhcp6AppendIaOption (
|
||||
@@ -941,14 +936,14 @@ Dhcp6AppendIaOption (
|
||||
}
|
||||
|
||||
//
|
||||
@ -137,7 +138,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
@@ -982,6 +976,7 @@ Dhcp6AppendIaOption (
|
||||
@@ -957,6 +952,7 @@ Dhcp6AppendIaOption (
|
||||
Append the appointed Elapsed time option to Buf, and move Buf to the end.
|
||||
|
||||
@param[in, out] Packet A pointer to the packet, on success Packet->Length
|
||||
@ -145,7 +146,7 @@ index 484c360a96..e172ffc2a2 100644
|
||||
@param[in, out] PacketCursor The pointer in the packet, on success PacketCursor
|
||||
will be moved to the end of the option.
|
||||
@param[in] Instance The pointer to the Dhcp6 instance.
|
||||
@@ -1037,9 +1032,7 @@ Dhcp6AppendETOption (
|
||||
@@ -1012,9 +1008,7 @@ Dhcp6AppendETOption (
|
||||
//
|
||||
// Verify the PacketCursor is within the packet
|
||||
//
|
||||
|
@ -1,16 +1,17 @@
|
||||
From a115d0a66c3e73c60b74ec6d09e3759da89e919b Mon Sep 17 00:00:00 2001
|
||||
From c1700b34913109cd9600f58f1fa6b82b08ce3795 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 9 Feb 2024 17:57:07 -0500
|
||||
Subject: [PATCH 17/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
|
||||
Subject: [PATCH 04/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
|
||||
Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
|
||||
RH-Jira: RHEL-21840 RHEL-21842
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [4/4] 3daf69000f78416ee1f1bad0b6ceb01ed28a84a5 (jmaloy/jons_fork)
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [4/18] 23b6841dbb01249055b8040d85995c366bd94252
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21840
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
@ -54,15 +55,15 @@ Date: Fri Jan 26 05:54:46 2024 +0800
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 138 ++++++++++++++++++---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 205 +++++++++++++++++++++-----------
|
||||
2 files changed, 257 insertions(+), 86 deletions(-)
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 138 +++++++++++++++++++---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 203 +++++++++++++++++++++-----------
|
||||
2 files changed, 256 insertions(+), 85 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
index ec0ed5d8f5..e759ab9a62 100644
|
||||
index f2422c2f28..220e7c68f1 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
@@ -47,6 +47,20 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
@@ -45,6 +45,20 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
#define DHCP6_SERVICE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'S')
|
||||
#define DHCP6_INSTANCE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'I')
|
||||
|
||||
@ -83,7 +84,7 @@ index ec0ed5d8f5..e759ab9a62 100644
|
||||
//
|
||||
// For more information on DHCP options see RFC 8415, Section 21.1
|
||||
//
|
||||
@@ -61,12 +75,10 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
@@ -59,12 +73,10 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
// | (option-len octets) |
|
||||
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
//
|
||||
@ -98,7 +99,7 @@ index ec0ed5d8f5..e759ab9a62 100644
|
||||
#define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN (DHCP6_SIZE_OF_OPT_CODE + \
|
||||
DHCP6_SIZE_OF_OPT_LEN)
|
||||
|
||||
@@ -75,34 +87,122 @@ STATIC_ASSERT (
|
||||
@@ -73,34 +85,122 @@ STATIC_ASSERT (
|
||||
"Combined size of Code and Length must be 4 per RFC 8415"
|
||||
);
|
||||
|
||||
@ -237,51 +238,53 @@ index ec0ed5d8f5..e759ab9a62 100644
|
||||
extern EFI_IPv6_ADDRESS mAllDhcpRelayAndServersAddress;
|
||||
extern EFI_DHCP6_PROTOCOL gDhcp6ProtocolTemplate;
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
index 2976684aba..d680febbf1 100644
|
||||
index bf5aa7a769..89d16484a5 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
@@ -611,8 +611,8 @@ Dhcp6UpdateIaInfo (
|
||||
@@ -598,8 +598,8 @@ Dhcp6UpdateIaInfo (
|
||||
// The inner options still start with 2 bytes option-code and 2 bytes option-len.
|
||||
//
|
||||
if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
|
||||
- T1 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 8)));
|
||||
- T2 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 12)));
|
||||
- T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(Option + 8)));
|
||||
- T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(Option + 12)));
|
||||
+ T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T1 (Option))));
|
||||
+ T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T2 (Option))));
|
||||
//
|
||||
// Refer to RFC3155 Chapter 22.4. If a client receives an IA_NA with T1 greater than T2,
|
||||
// and both T1 and T2 are greater than 0, the client discards the IA_NA option and processes
|
||||
@@ -621,13 +621,14 @@ Dhcp6UpdateIaInfo (
|
||||
if (T1 > T2 && T2 > 0) {
|
||||
@@ -609,13 +609,14 @@ Dhcp6UpdateIaInfo (
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
- IaInnerOpt = Option + 16;
|
||||
- IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 12);
|
||||
- IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(Option + 2))) - 12);
|
||||
+ IaInnerOpt = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
|
||||
+ IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_COMBINED_IAID_T1_T2);
|
||||
} else {
|
||||
T1 = 0;
|
||||
T2 = 0;
|
||||
- T1 = 0;
|
||||
- T2 = 0;
|
||||
- IaInnerOpt = Option + 8;
|
||||
- IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 4);
|
||||
- IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(Option + 2))) - 4);
|
||||
+ T1 = 0;
|
||||
+ T2 = 0;
|
||||
+
|
||||
+ IaInnerOpt = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
|
||||
+ IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_IAID);
|
||||
}
|
||||
|
||||
//
|
||||
@@ -653,7 +654,7 @@ Dhcp6UpdateIaInfo (
|
||||
@@ -641,7 +642,7 @@ Dhcp6UpdateIaInfo (
|
||||
Option = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
|
||||
|
||||
if (Option != NULL) {
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(Option + 4)));
|
||||
+ StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
|
||||
if (StsCode != Dhcp6StsSuccess) {
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
@@ -675,6 +676,87 @@ Dhcp6UpdateIaInfo (
|
||||
|
||||
|
||||
@@ -661,6 +662,87 @@ Dhcp6UpdateIaInfo (
|
||||
return Status;
|
||||
}
|
||||
|
||||
+/**
|
||||
+ Seeks the Inner Options from a DHCP6 Option
|
||||
@ -367,16 +370,10 @@ index 2976684aba..d680febbf1 100644
|
||||
/**
|
||||
Seek StatusCode Option in package. A Status Code option may appear in the
|
||||
options field of a DHCP message and/or in the options field of another option.
|
||||
@@ -695,9 +777,15 @@ Dhcp6SeekStsOption (
|
||||
OUT UINT8 **Option
|
||||
)
|
||||
{
|
||||
- UINT8 *IaInnerOpt;
|
||||
- UINT16 IaInnerLen;
|
||||
- UINT16 StsCode;
|
||||
+ UINT8 *IaInnerOpt;
|
||||
+ UINT16 IaInnerLen;
|
||||
+ UINT16 StsCode;
|
||||
@@ -684,6 +766,12 @@ Dhcp6SeekStsOption (
|
||||
UINT8 *IaInnerOpt;
|
||||
UINT16 IaInnerLen;
|
||||
UINT16 StsCode;
|
||||
+ UINT32 OptionLen;
|
||||
+
|
||||
+ // OptionLen is the length of the Options excluding the DHCP header.
|
||||
@ -386,7 +383,7 @@ index 2976684aba..d680febbf1 100644
|
||||
|
||||
//
|
||||
// Seek StatusCode option directly in DHCP message body. That is, search in
|
||||
@@ -705,12 +793,12 @@ Dhcp6SeekStsOption (
|
||||
@@ -691,12 +779,12 @@ Dhcp6SeekStsOption (
|
||||
//
|
||||
*Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
@ -396,12 +393,12 @@ index 2976684aba..d680febbf1 100644
|
||||
);
|
||||
|
||||
if (*Option != NULL) {
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(*Option + 4)));
|
||||
+ StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_STATUS_CODE (*Option))));
|
||||
if (StsCode != Dhcp6StsSuccess) {
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
@@ -721,7 +809,7 @@ Dhcp6SeekStsOption (
|
||||
@@ -707,7 +795,7 @@ Dhcp6SeekStsOption (
|
||||
//
|
||||
*Option = Dhcp6SeekIaOption (
|
||||
Packet->Dhcp6.Option,
|
||||
@ -410,7 +407,7 @@ index 2976684aba..d680febbf1 100644
|
||||
&Instance->Config->IaDescriptor
|
||||
);
|
||||
if (*Option == NULL) {
|
||||
@@ -729,52 +817,35 @@ Dhcp6SeekStsOption (
|
||||
@@ -715,52 +803,35 @@ Dhcp6SeekStsOption (
|
||||
}
|
||||
|
||||
//
|
||||
@ -461,16 +458,16 @@ index 2976684aba..d680febbf1 100644
|
||||
- // sizeof (option-code + option-len + IaId) = 8
|
||||
- // sizeof (option-code + option-len + IaId + T1) = 12
|
||||
- // sizeof (option-code + option-len + IaId + T1 + T2) = 16
|
||||
- //
|
||||
- // The inner options still start with 2 bytes option-code and 2 bytes option-len.
|
||||
+ // Seek the inner option
|
||||
//
|
||||
- // The inner options still start with 2 bytes option-code and 2 bytes option-len.
|
||||
- //
|
||||
- if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
|
||||
- IaInnerOpt = *Option + 16;
|
||||
- IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 12);
|
||||
- IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(*Option + 2))) - 12);
|
||||
- } else {
|
||||
- IaInnerOpt = *Option + 8;
|
||||
- IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 4);
|
||||
- IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(*Option + 2))) - 4);
|
||||
+ if (EFI_ERROR (
|
||||
+ Dhcp6SeekInnerOptionSafe (
|
||||
+ Instance->Config->IaDescriptor.Type,
|
||||
@ -485,16 +482,16 @@ index 2976684aba..d680febbf1 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -798,7 +869,7 @@ Dhcp6SeekStsOption (
|
||||
@@ -784,7 +855,7 @@ Dhcp6SeekStsOption (
|
||||
//
|
||||
*Option = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
|
||||
if (*Option != NULL) {
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(*Option + 4)));
|
||||
+ StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (*Option)))));
|
||||
if (StsCode != Dhcp6StsSuccess) {
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
@@ -1123,7 +1194,7 @@ Dhcp6SendRequestMsg (
|
||||
@@ -1105,7 +1176,7 @@ Dhcp6SendRequestMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption (
|
||||
Instance->AdSelect->Dhcp6.Option,
|
||||
@ -503,7 +500,7 @@ index 2976684aba..d680febbf1 100644
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
if (Option == NULL) {
|
||||
@@ -1309,7 +1380,7 @@ Dhcp6SendDeclineMsg (
|
||||
@@ -1289,7 +1360,7 @@ Dhcp6SendDeclineMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption (
|
||||
LastReply->Dhcp6.Option,
|
||||
@ -512,7 +509,7 @@ index 2976684aba..d680febbf1 100644
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
if (Option == NULL) {
|
||||
@@ -1469,7 +1540,7 @@ Dhcp6SendReleaseMsg (
|
||||
@@ -1448,7 +1519,7 @@ Dhcp6SendReleaseMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption (
|
||||
LastReply->Dhcp6.Option,
|
||||
@ -521,7 +518,7 @@ index 2976684aba..d680febbf1 100644
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
if (Option == NULL) {
|
||||
@@ -1695,7 +1766,7 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1673,7 +1744,7 @@ Dhcp6SendRenewRebindMsg (
|
||||
|
||||
Option = Dhcp6SeekOption (
|
||||
LastReply->Dhcp6.Option,
|
||||
@ -530,7 +527,7 @@ index 2976684aba..d680febbf1 100644
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
if (Option == NULL) {
|
||||
@@ -2235,7 +2306,7 @@ Dhcp6HandleReplyMsg (
|
||||
@@ -2208,7 +2279,7 @@ Dhcp6HandleReplyMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
@ -539,43 +536,43 @@ index 2976684aba..d680febbf1 100644
|
||||
Dhcp6OptRapidCommit
|
||||
);
|
||||
|
||||
@@ -2383,7 +2454,7 @@ Dhcp6HandleReplyMsg (
|
||||
@@ -2354,7 +2425,7 @@ Dhcp6HandleReplyMsg (
|
||||
//
|
||||
// Any error status code option is found.
|
||||
//
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
|
||||
- StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(Option + 4)));
|
||||
+ StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (Option)))));
|
||||
switch (StsCode) {
|
||||
case Dhcp6StsUnspecFail:
|
||||
//
|
||||
@@ -2514,7 +2585,7 @@ Dhcp6SelectAdvertiseMsg (
|
||||
@@ -2487,7 +2558,7 @@ Dhcp6SelectAdvertiseMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption(
|
||||
Option = Dhcp6SeekOption (
|
||||
AdSelect->Dhcp6.Option,
|
||||
- AdSelect->Length - 4,
|
||||
+ AdSelect->Length - sizeof (EFI_DHCP6_HEADER),
|
||||
Dhcp6OptServerUnicast
|
||||
);
|
||||
|
||||
@@ -2526,7 +2597,7 @@ Dhcp6SelectAdvertiseMsg (
|
||||
@@ -2498,7 +2569,7 @@ Dhcp6SelectAdvertiseMsg (
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
- CopyMem (Instance->Unicast, Option + 4, sizeof(EFI_IPv6_ADDRESS));
|
||||
- CopyMem (Instance->Unicast, Option + 4, sizeof (EFI_IPv6_ADDRESS));
|
||||
+ CopyMem (Instance->Unicast, DHCP6_OFFSET_OF_OPT_DATA (Option), sizeof (EFI_IPv6_ADDRESS));
|
||||
}
|
||||
|
||||
//
|
||||
@@ -2580,7 +2651,7 @@ Dhcp6HandleAdvertiseMsg (
|
||||
@@ -2551,7 +2622,7 @@ Dhcp6HandleAdvertiseMsg (
|
||||
//
|
||||
Option = Dhcp6SeekOption(
|
||||
Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
- Packet->Length - 4,
|
||||
+ Packet->Length - sizeof (EFI_DHCP6_HEADER),
|
||||
Dhcp6OptRapidCommit
|
||||
);
|
||||
|
||||
@@ -2676,7 +2747,7 @@ Dhcp6HandleAdvertiseMsg (
|
||||
@@ -2645,7 +2716,7 @@ Dhcp6HandleAdvertiseMsg (
|
||||
CopyMem (Instance->AdSelect, Packet, Packet->Size);
|
||||
|
||||
if (Option != NULL) {
|
||||
@ -584,30 +581,30 @@ index 2976684aba..d680febbf1 100644
|
||||
}
|
||||
} else {
|
||||
//
|
||||
@@ -2747,11 +2818,11 @@ Dhcp6HandleStateful (
|
||||
@@ -2714,11 +2785,11 @@ Dhcp6HandleStateful (
|
||||
//
|
||||
Option = Dhcp6SeekOption(
|
||||
Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
- Packet->Length - 4,
|
||||
+ Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
|
||||
Dhcp6OptClientId
|
||||
);
|
||||
|
||||
- if (Option == NULL || CompareMem (Option + 4, ClientId->Duid, ClientId->Length) != 0) {
|
||||
- if ((Option == NULL) || (CompareMem (Option + 4, ClientId->Duid, ClientId->Length) != 0)) {
|
||||
+ if ((Option == NULL) || (CompareMem (DHCP6_OFFSET_OF_OPT_DATA (Option), ClientId->Duid, ClientId->Length) != 0)) {
|
||||
goto ON_CONTINUE;
|
||||
}
|
||||
|
||||
@@ -2760,7 +2831,7 @@ Dhcp6HandleStateful (
|
||||
@@ -2727,7 +2798,7 @@ Dhcp6HandleStateful (
|
||||
//
|
||||
Option = Dhcp6SeekOption(
|
||||
Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
- Packet->Length - 4,
|
||||
+ Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
|
||||
@@ -2865,7 +2936,7 @@ Dhcp6HandleStateless (
|
||||
@@ -2832,7 +2903,7 @@ Dhcp6HandleStateless (
|
||||
//
|
||||
Option = Dhcp6SeekOption (
|
||||
Packet->Dhcp6.Option,
|
||||
@ -617,5 +614,5 @@ index 2976684aba..d680febbf1 100644
|
||||
);
|
||||
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 1b58858f28a364a8f8fa897a78db7ced068719dd Mon Sep 17 00:00:00 2001
|
||||
From dcfd5b6e28536e5b28fb4c47ec57f8d106b6b181 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 13/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
|
||||
Subject: [PATCH 15/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
|
||||
Related Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [13/15] 904fd82592208d0ca42bbb64f437691a5bdfd0b6
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [15/18] e2fe2033c2f90145249d9416a539d5b2fc52596a
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21840
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
@ -222,10 +222,10 @@ index 3b8feb4a20..a9bffae353 100644
|
||||
if (IaInnerLenTmp < DHCP6_SIZE_OF_IAID) {
|
||||
return EFI_DEVICE_ERROR;
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
|
||||
index 554f0f5e5d..8c0d282bca 100644
|
||||
index 051a652f2b..ab0e1ac27f 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
|
||||
@@ -218,4 +218,26 @@ Dhcp6OnTimerTick (
|
||||
@@ -217,4 +217,26 @@ Dhcp6OnTimerTick (
|
||||
IN VOID *Context
|
||||
);
|
||||
|
||||
|
@ -0,0 +1,565 @@
|
||||
From 76930459d2e3f82e10968ec8904e45c8bac77fd8 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 9 Feb 2024 17:57:07 -0500
|
||||
Subject: [PATCH 05/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
|
||||
Unit Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [5/18] 7421b6f8d8e6bc3d8ea4aaf90f65608136b968b2
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
commit 07362769ab7a7d74dbea1c7a7a3662c7b5d1f097
|
||||
Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
|
||||
Date: Fri Jan 26 05:54:47 2024 +0800
|
||||
|
||||
NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
|
||||
|
||||
These tests confirm that the report bug...
|
||||
|
||||
"Out-of-bounds read when processing IA_NA/IA_TA options in a
|
||||
DHCPv6 Advertise message"
|
||||
|
||||
..has been patched.
|
||||
|
||||
The following functions are tested to confirm an out of bounds read is
|
||||
patched and that the correct statuses are returned:
|
||||
|
||||
Dhcp6SeekInnerOptionSafe
|
||||
Dhcp6SeekStsOption
|
||||
|
||||
TCBZ4534
|
||||
CVE-2023-45229
|
||||
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
CWE-125 Out-of-bounds Read
|
||||
|
||||
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
|
||||
|
||||
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 2 +-
|
||||
.../GoogleTest/Dhcp6DxeGoogleTest.inf | 1 +
|
||||
.../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 365 +++++++++++++++++-
|
||||
.../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h | 58 +++
|
||||
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
|
||||
5 files changed, 424 insertions(+), 3 deletions(-)
|
||||
create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
index 89d16484a5..3b8feb4a20 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
@@ -816,7 +816,7 @@ Dhcp6SeekStsOption (
|
||||
// IA option to the end of the DHCP6 option area, thus subtract the space
|
||||
// up until this option
|
||||
//
|
||||
- OptionLen = OptionLen - (*Option - Packet->Dhcp6.Option);
|
||||
+ OptionLen = OptionLen - (UINT32)(*Option - Packet->Dhcp6.Option);
|
||||
|
||||
//
|
||||
// Seek the inner option
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
index 8e9119a371..12532ed30c 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
@@ -18,6 +18,7 @@
|
||||
[Sources]
|
||||
Dhcp6DxeGoogleTest.cpp
|
||||
Dhcp6IoGoogleTest.cpp
|
||||
+ Dhcp6IoGoogleTest.h
|
||||
../Dhcp6Io.c
|
||||
../Dhcp6Utility.c
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
|
||||
index 7ee40e4af4..7db253a7b8 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
|
||||
@@ -13,6 +13,7 @@ extern "C" {
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include "../Dhcp6Impl.h"
|
||||
#include "../Dhcp6Utility.h"
|
||||
+ #include "Dhcp6IoGoogleTest.h"
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////
|
||||
@@ -21,7 +22,35 @@ extern "C" {
|
||||
|
||||
#define DHCP6_PACKET_MAX_LEN 1500
|
||||
|
||||
+// This definition is used by this test but is also required to compile
|
||||
+// by Dhcp6Io.c
|
||||
+#define DHCPV6_OPTION_IA_NA 3
|
||||
+#define DHCPV6_OPTION_IA_TA 4
|
||||
+
|
||||
+#define SEARCH_PATTERN 0xDEADC0DE
|
||||
+#define SEARCH_PATTERN_LEN sizeof(SEARCH_PATTERN)
|
||||
+
|
||||
////////////////////////////////////////////////////////////////////////
|
||||
+// Test structures for IA_NA and IA_TA options
|
||||
+////////////////////////////////////////////////////////////////////////
|
||||
+typedef struct {
|
||||
+ UINT16 Code;
|
||||
+ UINT16 Len;
|
||||
+ UINT32 IAID;
|
||||
+} DHCPv6_OPTION;
|
||||
+
|
||||
+typedef struct {
|
||||
+ DHCPv6_OPTION Header;
|
||||
+ UINT32 T1;
|
||||
+ UINT32 T2;
|
||||
+ UINT8 InnerOptions[0];
|
||||
+} DHCPv6_OPTION_IA_NA;
|
||||
+
|
||||
+typedef struct {
|
||||
+ DHCPv6_OPTION Header;
|
||||
+ UINT8 InnerOptions[0];
|
||||
+} DHCPv6_OPTION_IA_TA;
|
||||
+
|
||||
////////////////////////////////////////////////////////////////////////
|
||||
// Symbol Definitions
|
||||
// These functions are not directly under test - but required to compile
|
||||
@@ -210,7 +239,7 @@ TEST_F (Dhcp6AppendETOptionTest, InvalidDataExpectBufferTooSmall) {
|
||||
Status = Dhcp6AppendETOption (
|
||||
Dhcp6AppendETOptionTest::Packet,
|
||||
&Cursor,
|
||||
- &Instance, // Instance is not used in this function
|
||||
+ &Instance, // Instance is not used in this function
|
||||
&ElapsedTime
|
||||
);
|
||||
|
||||
@@ -240,7 +269,7 @@ TEST_F (Dhcp6AppendETOptionTest, ValidDataExpectSuccess) {
|
||||
Status = Dhcp6AppendETOption (
|
||||
Dhcp6AppendETOptionTest::Packet,
|
||||
&Cursor,
|
||||
- &Instance, // Instance is not used in this function
|
||||
+ &Instance, // Instance is not used in this function
|
||||
&ElapsedTime
|
||||
);
|
||||
|
||||
@@ -476,3 +505,335 @@ TEST_F (Dhcp6AppendIaOptionTest, IaTaValidDataExpectSuccess) {
|
||||
// verify that the status is EFI_SUCCESS
|
||||
ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
}
|
||||
+
|
||||
+////////////////////////////////////////////////////////////////////////
|
||||
+// Dhcp6SeekInnerOptionSafe Tests
|
||||
+////////////////////////////////////////////////////////////////////////
|
||||
+
|
||||
+// Define a fixture for your tests if needed
|
||||
+class Dhcp6SeekInnerOptionSafeTest : public ::testing::Test {
|
||||
+protected:
|
||||
+ // Add any setup code if needed
|
||||
+ virtual void
|
||||
+ SetUp (
|
||||
+ )
|
||||
+ {
|
||||
+ // Initialize any resources or variables
|
||||
+ }
|
||||
+
|
||||
+ // Add any cleanup code if needed
|
||||
+ virtual void
|
||||
+ TearDown (
|
||||
+ )
|
||||
+ {
|
||||
+ // Clean up any resources or variables
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekInnerOptionSafe returns EFI_SUCCESS when the IANA option is found.
|
||||
+TEST_F (Dhcp6SeekInnerOptionSafeTest, IANAValidOptionExpectSuccess) {
|
||||
+ EFI_STATUS Result;
|
||||
+ UINT8 Option[sizeof (DHCPv6_OPTION_IA_NA) + SEARCH_PATTERN_LEN] = { 0 };
|
||||
+ UINT32 OptionLength = sizeof (Option);
|
||||
+ DHCPv6_OPTION_IA_NA *OptionPtr = (DHCPv6_OPTION_IA_NA *)Option;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+
|
||||
+ UINTN SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT8 *InnerOptionPtr = NULL;
|
||||
+ UINT16 InnerOptionLength = 0;
|
||||
+
|
||||
+ OptionPtr->Header.Code = Dhcp6OptIana;
|
||||
+ OptionPtr->Header.Len = HTONS (4 + 12); // Valid length has to be more than 12
|
||||
+ OptionPtr->Header.IAID = 0x12345678;
|
||||
+ OptionPtr->T1 = 0x11111111;
|
||||
+ OptionPtr->T2 = 0x22222222;
|
||||
+ CopyMem (OptionPtr->InnerOptions, &SearchPattern, SearchPatternLength);
|
||||
+
|
||||
+ Result = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIana,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Result, EFI_SUCCESS);
|
||||
+ ASSERT_EQ (InnerOptionLength, 4);
|
||||
+ ASSERT_EQ (CompareMem (InnerOptionPtr, &SearchPattern, SearchPatternLength), 0);
|
||||
+}
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekInnerOptionSafe returns EFI_DEIVCE_ERROR when the IANA option size is invalid.
|
||||
+TEST_F (Dhcp6SeekInnerOptionSafeTest, IANAInvalidSizeExpectFail) {
|
||||
+ // Lets add an inner option of bytes we expect to find
|
||||
+ EFI_STATUS Status;
|
||||
+ UINT8 Option[sizeof (DHCPv6_OPTION_IA_NA) + SEARCH_PATTERN_LEN] = { 0 };
|
||||
+ UINT32 OptionLength = sizeof (Option);
|
||||
+ DHCPv6_OPTION_IA_NA *OptionPtr = (DHCPv6_OPTION_IA_NA *)Option;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+
|
||||
+ UINTN SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT8 *InnerOptionPtr = NULL;
|
||||
+ UINT16 InnerOptionLength = 0;
|
||||
+
|
||||
+ OptionPtr->Header.Code = Dhcp6OptIana;
|
||||
+ OptionPtr->Header.Len = HTONS (4); // Set the length to lower than expected (12)
|
||||
+ OptionPtr->Header.IAID = 0x12345678;
|
||||
+ OptionPtr->T1 = 0x11111111;
|
||||
+ OptionPtr->T2 = 0x22222222;
|
||||
+ CopyMem (OptionPtr->InnerOptions, &SearchPattern, SearchPatternLength);
|
||||
+
|
||||
+ // Set the InnerOptionLength to be less than the size of the option
|
||||
+ Status = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIana,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_DEVICE_ERROR);
|
||||
+
|
||||
+ // Now set the OptionLength to be less than the size of the option
|
||||
+ OptionLength = sizeof (DHCPv6_OPTION_IA_NA) - 1;
|
||||
+ Status = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIana,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_DEVICE_ERROR);
|
||||
+}
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekInnerOptionSafe returns EFI_SUCCESS when the IATA option is found
|
||||
+TEST_F (Dhcp6SeekInnerOptionSafeTest, IATAValidOptionExpectSuccess) {
|
||||
+ // Lets add an inner option of bytes we expect to find
|
||||
+ EFI_STATUS Status;
|
||||
+ UINT8 Option[sizeof (DHCPv6_OPTION_IA_TA) + SEARCH_PATTERN_LEN] = { 0 };
|
||||
+ UINT32 OptionLength = sizeof (Option);
|
||||
+ DHCPv6_OPTION_IA_TA *OptionPtr = (DHCPv6_OPTION_IA_TA *)Option;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+
|
||||
+ UINTN SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT8 *InnerOptionPtr = NULL;
|
||||
+ UINT16 InnerOptionLength = 0;
|
||||
+
|
||||
+ OptionPtr->Header.Code = Dhcp6OptIata;
|
||||
+ OptionPtr->Header.Len = HTONS (4 + 4); // Valid length has to be more than 4
|
||||
+ OptionPtr->Header.IAID = 0x12345678;
|
||||
+ CopyMem (OptionPtr->InnerOptions, &SearchPattern, SearchPatternLength);
|
||||
+
|
||||
+ Status = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIata,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+ ASSERT_EQ (InnerOptionLength, 4);
|
||||
+ ASSERT_EQ (CompareMem (InnerOptionPtr, &SearchPattern, SearchPatternLength), 0);
|
||||
+}
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekInnerOptionSafe returns EFI_SUCCESS when the IATA option size is invalid.
|
||||
+TEST_F (Dhcp6SeekInnerOptionSafeTest, IATAInvalidSizeExpectFail) {
|
||||
+ // Lets add an inner option of bytes we expect to find
|
||||
+ EFI_STATUS Status;
|
||||
+ UINT8 Option[sizeof (DHCPv6_OPTION_IA_TA) + SEARCH_PATTERN_LEN] = { 0 };
|
||||
+ UINT32 OptionLength = sizeof (Option);
|
||||
+ DHCPv6_OPTION_IA_TA *OptionPtr = (DHCPv6_OPTION_IA_TA *)Option;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+
|
||||
+ UINTN SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT8 *InnerOptionPtr = NULL;
|
||||
+ UINT16 InnerOptionLength = 0;
|
||||
+
|
||||
+ OptionPtr->Header.Code = Dhcp6OptIata;
|
||||
+ OptionPtr->Header.Len = HTONS (2); // Set the length to lower than expected (4)
|
||||
+ OptionPtr->Header.IAID = 0x12345678;
|
||||
+ CopyMem (OptionPtr->InnerOptions, &SearchPattern, SearchPatternLength);
|
||||
+
|
||||
+ Status = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIata,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_DEVICE_ERROR);
|
||||
+
|
||||
+ // Now lets try modifying the OptionLength to be less than the size of the option
|
||||
+ OptionLength = sizeof (DHCPv6_OPTION_IA_TA) - 1;
|
||||
+ Status = Dhcp6SeekInnerOptionSafe (
|
||||
+ Dhcp6OptIata,
|
||||
+ Option,
|
||||
+ OptionLength,
|
||||
+ &InnerOptionPtr,
|
||||
+ &InnerOptionLength
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_DEVICE_ERROR);
|
||||
+}
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that any other Option Type fails
|
||||
+TEST_F (Dhcp6SeekInnerOptionSafeTest, InvalidOption) {
|
||||
+ // Lets add an inner option of bytes we expect to find
|
||||
+ EFI_STATUS Result;
|
||||
+ UINT8 Option[sizeof (DHCPv6_OPTION_IA_TA) + SEARCH_PATTERN_LEN] = { 0 };
|
||||
+ UINT32 OptionLength = sizeof (Option);
|
||||
+ DHCPv6_OPTION_IA_TA *OptionPtr = (DHCPv6_OPTION_IA_TA *)Option;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+
|
||||
+ UINTN SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT8 *InnerOptionPtr = NULL;
|
||||
+ UINT16 InnerOptionLength = 0;
|
||||
+
|
||||
+ OptionPtr->Header.Code = 0xC0DE;
|
||||
+ OptionPtr->Header.Len = HTONS (2); // Set the length to lower than expected (4)
|
||||
+ OptionPtr->Header.IAID = 0x12345678;
|
||||
+ CopyMem (OptionPtr->InnerOptions, &SearchPattern, SearchPatternLength);
|
||||
+
|
||||
+ Result = Dhcp6SeekInnerOptionSafe (0xC0DE, Option, OptionLength, &InnerOptionPtr, &InnerOptionLength);
|
||||
+ ASSERT_EQ (Result, EFI_DEVICE_ERROR);
|
||||
+}
|
||||
+
|
||||
+////////////////////////////////////////////////////////////////////////
|
||||
+// Dhcp6SeekStsOption Tests
|
||||
+////////////////////////////////////////////////////////////////////////
|
||||
+
|
||||
+#define PACKET_SIZE (1500)
|
||||
+
|
||||
+class Dhcp6SeekStsOptionTest : public ::testing::Test {
|
||||
+public:
|
||||
+ DHCP6_INSTANCE Instance = { 0 };
|
||||
+ EFI_DHCP6_PACKET *Packet = NULL;
|
||||
+ EFI_DHCP6_CONFIG_DATA Config = { 0 };
|
||||
+
|
||||
+protected:
|
||||
+ // Add any setup code if needed
|
||||
+ virtual void
|
||||
+ SetUp (
|
||||
+ )
|
||||
+ {
|
||||
+ // Allocate a packet
|
||||
+ Packet = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
|
||||
+ ASSERT_NE (Packet, nullptr);
|
||||
+
|
||||
+ // Initialize the packet
|
||||
+ Packet->Size = PACKET_SIZE;
|
||||
+
|
||||
+ Instance.Config = &Config;
|
||||
+ }
|
||||
+
|
||||
+ // Add any cleanup code if needed
|
||||
+ virtual void
|
||||
+ TearDown (
|
||||
+ )
|
||||
+ {
|
||||
+ // Clean up any resources or variables
|
||||
+ FreePool (Packet);
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekStsOption returns EFI_DEVICE_ERROR when the option is invalid
|
||||
+// This verifies that the calling function is working as expected
|
||||
+TEST_F (Dhcp6SeekStsOptionTest, SeekIATAOptionExpectFail) {
|
||||
+ EFI_STATUS Status;
|
||||
+ UINT8 *Option = NULL;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+ UINT16 SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ UINT16 *Len = NULL;
|
||||
+ EFI_DHCP6_IA Ia = { 0 };
|
||||
+
|
||||
+ Ia.Descriptor.Type = DHCPV6_OPTION_IA_TA;
|
||||
+ Ia.IaAddressCount = 1;
|
||||
+ Ia.IaAddress[0].PreferredLifetime = 0xDEADBEEF;
|
||||
+ Ia.IaAddress[0].ValidLifetime = 0xDEADAAAA;
|
||||
+ Ia.IaAddress[0].IpAddress = mAllDhcpRelayAndServersAddress;
|
||||
+
|
||||
+ Packet->Length = sizeof (EFI_DHCP6_HEADER);
|
||||
+
|
||||
+ Option = Dhcp6SeekStsOptionTest::Packet->Dhcp6.Option;
|
||||
+
|
||||
+ // Let's append the option to the packet
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Dhcp6SeekStsOptionTest::Packet,
|
||||
+ &Option,
|
||||
+ Dhcp6OptStatusCode,
|
||||
+ SearchPatternLength,
|
||||
+ (UINT8 *)&SearchPattern
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+
|
||||
+ // Inner option length - this will be overwritten later
|
||||
+ Len = (UINT16 *)(Option + 2);
|
||||
+
|
||||
+ // Fill in the inner IA option
|
||||
+ Status = Dhcp6AppendIaOption (
|
||||
+ Dhcp6SeekStsOptionTest::Packet,
|
||||
+ &Option,
|
||||
+ &Ia,
|
||||
+ 0x12345678,
|
||||
+ 0x11111111,
|
||||
+ 0x22222222
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+
|
||||
+ // overwrite the len of inner Ia option
|
||||
+ *Len = HTONS (3);
|
||||
+
|
||||
+ Dhcp6SeekStsOptionTest::Instance.Config->IaDescriptor.Type = DHCPV6_OPTION_IA_TA;
|
||||
+
|
||||
+ Option = NULL;
|
||||
+ Status = Dhcp6SeekStsOption (&(Dhcp6SeekStsOptionTest::Instance), Dhcp6SeekStsOptionTest::Packet, &Option);
|
||||
+
|
||||
+ ASSERT_EQ (Status, EFI_DEVICE_ERROR);
|
||||
+}
|
||||
+
|
||||
+// Test Description:
|
||||
+// This test verifies that Dhcp6SeekInnerOptionSafe returns EFI_SUCCESS when the IATA option size is invalid.
|
||||
+TEST_F (Dhcp6SeekStsOptionTest, SeekIANAOptionExpectSuccess) {
|
||||
+ EFI_STATUS Status = EFI_NOT_FOUND;
|
||||
+ UINT8 *Option = NULL;
|
||||
+ UINT32 SearchPattern = SEARCH_PATTERN;
|
||||
+ UINT16 SearchPatternLength = SEARCH_PATTERN_LEN;
|
||||
+ EFI_DHCP6_IA Ia = { 0 };
|
||||
+
|
||||
+ Ia.Descriptor.Type = DHCPV6_OPTION_IA_NA;
|
||||
+ Ia.IaAddressCount = 1;
|
||||
+ Ia.IaAddress[0].PreferredLifetime = 0x11111111;
|
||||
+ Ia.IaAddress[0].ValidLifetime = 0x22222222;
|
||||
+ Ia.IaAddress[0].IpAddress = mAllDhcpRelayAndServersAddress;
|
||||
+ Packet->Length = sizeof (EFI_DHCP6_HEADER);
|
||||
+
|
||||
+ Option = Dhcp6SeekStsOptionTest::Packet->Dhcp6.Option;
|
||||
+
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Dhcp6SeekStsOptionTest::Packet,
|
||||
+ &Option,
|
||||
+ Dhcp6OptStatusCode,
|
||||
+ SearchPatternLength,
|
||||
+ (UINT8 *)&SearchPattern
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+
|
||||
+ Status = Dhcp6AppendIaOption (
|
||||
+ Dhcp6SeekStsOptionTest::Packet,
|
||||
+ &Option,
|
||||
+ &Ia,
|
||||
+ 0x12345678,
|
||||
+ 0x11111111,
|
||||
+ 0x22222222
|
||||
+ );
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+
|
||||
+ Dhcp6SeekStsOptionTest::Instance.Config->IaDescriptor.Type = DHCPV6_OPTION_IA_NA;
|
||||
+
|
||||
+ Option = NULL;
|
||||
+ Status = Dhcp6SeekStsOption (&(Dhcp6SeekStsOptionTest::Instance), Dhcp6SeekStsOptionTest::Packet, &Option);
|
||||
+
|
||||
+ ASSERT_EQ (Status, EFI_SUCCESS);
|
||||
+}
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
|
||||
new file mode 100644
|
||||
index 0000000000..aed3b89082
|
||||
--- /dev/null
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
|
||||
@@ -0,0 +1,58 @@
|
||||
+/** @file
|
||||
+ Acts as header for private functions under test in Dhcp6Io.c
|
||||
+
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
+ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
+**/
|
||||
+
|
||||
+#ifndef DHCP6_IO_GOOGLE_TEST_H_
|
||||
+#define DHCP6_IO_GOOGLE_TEST_H_
|
||||
+
|
||||
+////////////////////////////////////////////////////////////////////////////////
|
||||
+// These are the functions that are being unit tested
|
||||
+////////////////////////////////////////////////////////////////////////////////
|
||||
+
|
||||
+#include <Uefi.h>
|
||||
+
|
||||
+/**
|
||||
+ Seeks the Inner Options from a DHCP6 Option
|
||||
+
|
||||
+ @param[in] IaType The type of the IA option.
|
||||
+ @param[in] Option The pointer to the DHCP6 Option.
|
||||
+ @param[in] OptionLen The length of the DHCP6 Option.
|
||||
+ @param[out] IaInnerOpt The pointer to the IA inner option.
|
||||
+ @param[out] IaInnerLen The length of the IA inner option.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Seek the inner option successfully.
|
||||
+ @retval EFI_DEVICE_ERROR The OptionLen is invalid.
|
||||
+*/
|
||||
+EFI_STATUS
|
||||
+Dhcp6SeekInnerOptionSafe (
|
||||
+ UINT16 IaType,
|
||||
+ UINT8 *Option,
|
||||
+ UINT32 OptionLen,
|
||||
+ UINT8 **IaInnerOpt,
|
||||
+ UINT16 *IaInnerLen
|
||||
+ );
|
||||
+
|
||||
+/**
|
||||
+ Seek StatusCode Option in package. A Status Code option may appear in the
|
||||
+ options field of a DHCP message and/or in the options field of another option.
|
||||
+ See details in section 22.13, RFC3315.
|
||||
+
|
||||
+ @param[in] Instance The pointer to the Dhcp6 instance.
|
||||
+ @param[in] Packet The pointer to reply messages.
|
||||
+ @param[out] Option The pointer to status code option.
|
||||
+
|
||||
+ @retval EFI_SUCCESS Seek status code option successfully.
|
||||
+ @retval EFI_DEVICE_ERROR An unexpected error.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+Dhcp6SeekStsOption (
|
||||
+ IN DHCP6_INSTANCE *Instance,
|
||||
+ IN EFI_DHCP6_PACKET *Packet,
|
||||
+ OUT UINT8 **Option
|
||||
+ );
|
||||
+
|
||||
+#endif // DHCP6_IO_GOOGLE_TEST_H
|
||||
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
index 20bc90b172..24dee654df 100644
|
||||
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
@@ -16,6 +16,7 @@
|
||||
SKUID_IDENTIFIER = DEFAULT
|
||||
|
||||
!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
|
||||
+
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,19 +1,19 @@
|
||||
From 1ef9758121ee50437322d84ce394279e38a7055f Mon Sep 17 00:00:00 2001
|
||||
From ad79184c7d5d9f95af057b31036167627e92deba Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 8 Feb 2024 10:35:14 -0500
|
||||
Subject: [PATCH 14/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
|
||||
Subject: [PATCH 01/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
|
||||
Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
|
||||
RH-Jira: RHEL-21840 RHEL-21842
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [1/4] 26695f0c8bd1032ba04179cb9281f753fcff2c92 (jmaloy/jons_fork)
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [1/18] 0c3dc6f4652f517fcfbe21a5faab4d1eea934f58
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21842
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21843
|
||||
CVE: CVE-2023-45230
|
||||
Upstream: Merged
|
||||
Conflicts: Only whitespace issues caused by the 'uncrustify' tool.
|
||||
|
||||
commit f31453e8d6542461d92d835e0b79fec8b039174d
|
||||
Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
|
||||
@ -73,23 +73,20 @@ Date: Fri Jan 26 05:54:43 2024 +0800
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 49 +++-
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 43 +++
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 409 +++++++++++++++++++----------
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 382 +++++++++++++++++++++------
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 +++++++++++++++++++++-----
|
||||
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 82 +++---
|
||||
4 files changed, 676 insertions(+), 246 deletions(-)
|
||||
4 files changed, 668 insertions(+), 239 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
index f88b00ad04..ec0ed5d8f5 100644
|
||||
index 0eb9c669b5..f2422c2f28 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
|
||||
@@ -47,9 +47,52 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
@@ -45,6 +45,49 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
|
||||
#define DHCP6_SERVICE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'S')
|
||||
#define DHCP6_INSTANCE_SIGNATURE SIGNATURE_32 ('D', 'H', '6', 'I')
|
||||
|
||||
-#define DHCP6_PACKET_ALL 0
|
||||
-#define DHCP6_PACKET_STATEFUL 1
|
||||
-#define DHCP6_PACKET_STATELESS 2
|
||||
+//
|
||||
+// For more information on DHCP options see RFC 8415, Section 21.1
|
||||
+//
|
||||
@ -133,14 +130,11 @@ index f88b00ad04..ec0ed5d8f5 100644
|
||||
+ "Offset to option data should be +4 from start of option"
|
||||
+ );
|
||||
+
|
||||
+#define DHCP6_PACKET_ALL 0
|
||||
+#define DHCP6_PACKET_STATEFUL 1
|
||||
+#define DHCP6_PACKET_STATELESS 2
|
||||
|
||||
#define DHCP6_BASE_PACKET_SIZE 1024
|
||||
|
||||
#define DHCP6_PACKET_ALL 0
|
||||
#define DHCP6_PACKET_STATEFUL 1
|
||||
#define DHCP6_PACKET_STATELESS 2
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
index c20876d5a5..2976684aba 100644
|
||||
index dcd01e6268..bf5aa7a769 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
|
||||
@@ -3,9 +3,9 @@
|
||||
@ -154,7 +148,7 @@ index c20876d5a5..2976684aba 100644
|
||||
**/
|
||||
|
||||
#include "Dhcp6Impl.h"
|
||||
@@ -946,7 +946,8 @@ Dhcp6SendSolicitMsg (
|
||||
@@ -930,7 +930,8 @@ Dhcp6SendSolicitMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
|
||||
if (Packet == NULL) {
|
||||
@ -164,7 +158,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
|
||||
@@ -960,26 +961,38 @@ Dhcp6SendSolicitMsg (
|
||||
@@ -944,54 +945,64 @@ Dhcp6SendSolicitMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -209,11 +203,10 @@ index c20876d5a5..2976684aba 100644
|
||||
|
||||
//
|
||||
// Append user-defined when configurate Dhcp6 service.
|
||||
@@ -987,28 +1000,26 @@ Dhcp6SendSolicitMsg (
|
||||
//
|
||||
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
|
||||
|
||||
UserOpt = Instance->Config->OptionList[Index];
|
||||
- Cursor = Dhcp6AppendOption(
|
||||
- Cursor = Dhcp6AppendOption (
|
||||
- Cursor,
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Packet,
|
||||
@ -230,7 +223,7 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@ -245,7 +238,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1022,10 +1033,8 @@ Dhcp6SendSolicitMsg (
|
||||
@@ -1005,10 +1016,8 @@ Dhcp6SendSolicitMsg (
|
||||
Instance->StartTime = 0;
|
||||
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -257,7 +250,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1037,6 +1046,14 @@ Dhcp6SendSolicitMsg (
|
||||
@@ -1020,6 +1029,14 @@ Dhcp6SendSolicitMsg (
|
||||
Elapsed,
|
||||
Instance->Config->SolicitRetransmission
|
||||
);
|
||||
@ -272,7 +265,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1128,7 +1145,8 @@ Dhcp6SendRequestMsg (
|
||||
@@ -1110,7 +1127,8 @@ Dhcp6SendRequestMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
|
||||
if (Packet == NULL) {
|
||||
@ -282,7 +275,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
|
||||
@@ -1142,33 +1160,49 @@ Dhcp6SendRequestMsg (
|
||||
@@ -1124,51 +1142,67 @@ Dhcp6SendRequestMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -340,11 +333,10 @@ index c20876d5a5..2976684aba 100644
|
||||
|
||||
//
|
||||
// Append user-defined when configurate Dhcp6 service.
|
||||
@@ -1176,18 +1210,18 @@ Dhcp6SendRequestMsg (
|
||||
//
|
||||
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
|
||||
|
||||
UserOpt = Instance->Config->OptionList[Index];
|
||||
- Cursor = Dhcp6AppendOption(
|
||||
- Cursor = Dhcp6AppendOption (
|
||||
- Cursor,
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Packet,
|
||||
@ -361,11 +353,11 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@@ -1196,8 +1230,7 @@ Dhcp6SendRequestMsg (
|
||||
@@ -1177,8 +1211,7 @@ Dhcp6SendRequestMsg (
|
||||
Status = Dhcp6CallbackUser (Instance, Dhcp6SendRequest, &Packet);
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
@ -375,7 +367,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1213,14 +1246,21 @@ Dhcp6SendRequestMsg (
|
||||
@@ -1194,14 +1227,21 @@ Dhcp6SendRequestMsg (
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
|
||||
if (EFI_ERROR (Status)) {
|
||||
@ -398,8 +390,8 @@ index c20876d5a5..2976684aba 100644
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
|
||||
@@ -1286,7 +1326,8 @@ Dhcp6SendDeclineMsg (
|
||||
/**
|
||||
@@ -1266,7 +1306,8 @@ Dhcp6SendDeclineMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
|
||||
if (Packet == NULL) {
|
||||
@ -409,7 +401,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE;
|
||||
@@ -1300,42 +1341,58 @@ Dhcp6SendDeclineMsg (
|
||||
@@ -1280,42 +1321,58 @@ Dhcp6SendDeclineMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -467,7 +459,7 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@ -482,7 +474,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1349,16 +1406,22 @@ Dhcp6SendDeclineMsg (
|
||||
@@ -1329,16 +1386,22 @@ Dhcp6SendDeclineMsg (
|
||||
Instance->StartTime = 0;
|
||||
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -507,8 +499,8 @@ index c20876d5a5..2976684aba 100644
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
|
||||
@@ -1420,7 +1483,8 @@ Dhcp6SendReleaseMsg (
|
||||
/**
|
||||
@@ -1399,7 +1462,8 @@ Dhcp6SendReleaseMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE);
|
||||
if (Packet == NULL) {
|
||||
@ -518,7 +510,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE;
|
||||
@@ -1434,45 +1498,61 @@ Dhcp6SendReleaseMsg (
|
||||
@@ -1413,45 +1477,61 @@ Dhcp6SendReleaseMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -579,7 +571,7 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@ -594,7 +586,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1482,16 +1562,22 @@ Dhcp6SendReleaseMsg (
|
||||
@@ -1461,16 +1541,22 @@ Dhcp6SendReleaseMsg (
|
||||
Instance->IaCb.Ia->State = Dhcp6Releasing;
|
||||
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -619,8 +611,8 @@ index c20876d5a5..2976684aba 100644
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
|
||||
@@ -1551,7 +1637,8 @@ Dhcp6SendRenewRebindMsg (
|
||||
/**
|
||||
@@ -1529,7 +1615,8 @@ Dhcp6SendRenewRebindMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
|
||||
if (Packet == NULL) {
|
||||
@ -630,7 +622,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
|
||||
@@ -1565,26 +1652,38 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1543,26 +1630,38 @@ Dhcp6SendRenewRebindMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -675,7 +667,7 @@ index c20876d5a5..2976684aba 100644
|
||||
|
||||
if (!RebindRequest) {
|
||||
//
|
||||
@@ -1600,18 +1699,22 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1578,18 +1677,22 @@ Dhcp6SendRenewRebindMsg (
|
||||
Dhcp6OptServerId
|
||||
);
|
||||
if (Option == NULL) {
|
||||
@ -685,7 +677,7 @@ index c20876d5a5..2976684aba 100644
|
||||
+ goto ON_ERROR;
|
||||
}
|
||||
|
||||
ServerId = (EFI_DHCP6_DUID *) (Option + 2);
|
||||
ServerId = (EFI_DHCP6_DUID *)(Option + 2);
|
||||
|
||||
- Cursor = Dhcp6AppendOption (
|
||||
- Cursor,
|
||||
@ -702,11 +694,11 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1620,18 +1723,18 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1597,18 +1700,18 @@ Dhcp6SendRenewRebindMsg (
|
||||
//
|
||||
for (Index = 0; Index < Instance->Config->OptionCount; Index++) {
|
||||
|
||||
UserOpt = Instance->Config->OptionList[Index];
|
||||
- Cursor = Dhcp6AppendOption(
|
||||
- Cursor = Dhcp6AppendOption (
|
||||
- Cursor,
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Packet,
|
||||
@ -723,11 +715,11 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@@ -1641,10 +1744,8 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1618,10 +1721,8 @@ Dhcp6SendRenewRebindMsg (
|
||||
Event = (RebindRequest) ? Dhcp6EnterRebinding : Dhcp6EnterRenewing;
|
||||
|
||||
Status = Dhcp6CallbackUser (Instance, Event, &Packet);
|
||||
@ -739,7 +731,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -1661,16 +1762,22 @@ Dhcp6SendRenewRebindMsg (
|
||||
@@ -1638,16 +1739,22 @@ Dhcp6SendRenewRebindMsg (
|
||||
Instance->StartTime = 0;
|
||||
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -765,7 +757,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1834,7 +1941,8 @@ Dhcp6SendInfoRequestMsg (
|
||||
@@ -1811,7 +1918,8 @@ Dhcp6SendInfoRequestMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
|
||||
if (Packet == NULL) {
|
||||
@ -775,7 +767,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
|
||||
@@ -1851,26 +1959,38 @@ Dhcp6SendInfoRequestMsg (
|
||||
@@ -1828,44 +1936,56 @@ Dhcp6SendInfoRequestMsg (
|
||||
|
||||
if (SendClientId) {
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -820,11 +812,10 @@ index c20876d5a5..2976684aba 100644
|
||||
|
||||
//
|
||||
// Append user-defined when configurate Dhcp6 service.
|
||||
@@ -1878,18 +1998,18 @@ Dhcp6SendInfoRequestMsg (
|
||||
//
|
||||
for (Index = 0; Index < OptionCount; Index++) {
|
||||
|
||||
UserOpt = OptionList[Index];
|
||||
- Cursor = Dhcp6AppendOption(
|
||||
- Cursor = Dhcp6AppendOption (
|
||||
- Cursor,
|
||||
+ Status = Dhcp6AppendOption (
|
||||
+ Packet,
|
||||
@ -841,11 +832,11 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@@ -1901,16 +2021,22 @@ Dhcp6SendInfoRequestMsg (
|
||||
@@ -1877,16 +1997,22 @@ Dhcp6SendInfoRequestMsg (
|
||||
// Send info-request packet with no state.
|
||||
//
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -870,8 +861,8 @@ index c20876d5a5..2976684aba 100644
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
|
||||
@@ -1962,7 +2088,8 @@ Dhcp6SendConfirmMsg (
|
||||
/**
|
||||
@@ -1937,7 +2063,8 @@ Dhcp6SendConfirmMsg (
|
||||
//
|
||||
Packet = AllocateZeroPool (DHCP6_BASE_PACKET_SIZE + UserLen);
|
||||
if (Packet == NULL) {
|
||||
@ -881,7 +872,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
Packet->Size = DHCP6_BASE_PACKET_SIZE + UserLen;
|
||||
@@ -1976,54 +2103,64 @@ Dhcp6SendConfirmMsg (
|
||||
@@ -1951,54 +2078,64 @@ Dhcp6SendConfirmMsg (
|
||||
Cursor = Packet->Dhcp6.Option;
|
||||
|
||||
Length = HTONS (ClientId->Length);
|
||||
@ -946,7 +937,7 @@ index c20876d5a5..2976684aba 100644
|
||||
- //
|
||||
- // Determine the size/length of packet.
|
||||
- //
|
||||
- Packet->Length += (UINT32) (Cursor - Packet->Dhcp6.Option);
|
||||
- Packet->Length += (UINT32)(Cursor - Packet->Dhcp6.Option);
|
||||
ASSERT (Packet->Size > Packet->Length + 8);
|
||||
|
||||
//
|
||||
@ -961,7 +952,7 @@ index c20876d5a5..2976684aba 100644
|
||||
}
|
||||
|
||||
//
|
||||
@@ -2037,16 +2174,22 @@ Dhcp6SendConfirmMsg (
|
||||
@@ -2012,16 +2149,22 @@ Dhcp6SendConfirmMsg (
|
||||
Instance->StartTime = 0;
|
||||
|
||||
Status = Dhcp6TransmitPacket (Instance, Packet, Elapsed);
|
||||
@ -986,13 +977,13 @@ index c20876d5a5..2976684aba 100644
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
index d249a1cca7..484c360a96 100644
|
||||
index e6368b5b1c..705c665c51 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
|
||||
@@ -601,24 +601,33 @@ Dhcp6OnTransmitted (
|
||||
|
||||
@@ -577,24 +577,33 @@ Dhcp6OnTransmitted (
|
||||
}
|
||||
|
||||
/**
|
||||
- Append the option to Buf, and move Buf to the end.
|
||||
@ -1036,7 +1027,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// The format of Dhcp6 option:
|
||||
//
|
||||
@@ -631,35 +640,94 @@ Dhcp6AppendOption (
|
||||
@@ -607,35 +616,95 @@ Dhcp6AppendOption (
|
||||
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
//
|
||||
|
||||
@ -1098,9 +1089,9 @@ index d249a1cca7..484c360a96 100644
|
||||
+ CopyMem (*PacketCursor, Data, NTOHS (OptLen));
|
||||
+ *PacketCursor += NTOHS (OptLen);
|
||||
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, OptType);
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, OptType);
|
||||
- Buf += 2;
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, OptLen);
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, OptLen);
|
||||
- Buf += 2;
|
||||
- CopyMem (Buf, Data, NTOHS (OptLen));
|
||||
- Buf += NTOHS (OptLen);
|
||||
@ -1132,21 +1123,19 @@ index d249a1cca7..484c360a96 100644
|
||||
+EFI_STATUS
|
||||
Dhcp6AppendIaAddrOption (
|
||||
- IN OUT UINT8 *Buf,
|
||||
- IN EFI_DHCP6_IA_ADDRESS *IaAddr,
|
||||
- IN UINT32 MessageType
|
||||
-)
|
||||
+ IN OUT EFI_DHCP6_PACKET *Packet,
|
||||
+ IN OUT UINT8 **PacketCursor,
|
||||
+ IN EFI_DHCP6_IA_ADDRESS *IaAddr,
|
||||
+ IN UINT32 MessageType
|
||||
+ )
|
||||
IN EFI_DHCP6_IA_ADDRESS *IaAddr,
|
||||
IN UINT32 MessageType
|
||||
)
|
||||
{
|
||||
+ UINT32 BytesNeeded;
|
||||
+ UINT32 Length;
|
||||
|
||||
+
|
||||
// The format of the IA Address option is:
|
||||
//
|
||||
@@ -682,17 +750,60 @@ Dhcp6AppendIaAddrOption (
|
||||
// 0 1 2 3
|
||||
@@ -657,17 +726,60 @@ Dhcp6AppendIaAddrOption (
|
||||
// . .
|
||||
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
|
||||
@ -1196,52 +1185,51 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the value of Ia Address option type
|
||||
//
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Dhcp6OptIaAddr));
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (Dhcp6OptIaAddr));
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptIaAddr));
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
|
||||
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (sizeof (EFI_DHCP6_IA_ADDRESS)));
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
|
||||
|
||||
- CopyMem (Buf, &IaAddr->IpAddress, sizeof(EFI_IPv6_ADDRESS));
|
||||
- Buf += sizeof(EFI_IPv6_ADDRESS);
|
||||
- CopyMem (Buf, &IaAddr->IpAddress, sizeof (EFI_IPv6_ADDRESS));
|
||||
- Buf += sizeof (EFI_IPv6_ADDRESS);
|
||||
+ CopyMem (*PacketCursor, &IaAddr->IpAddress, sizeof (EFI_IPv6_ADDRESS));
|
||||
+ *PacketCursor += sizeof (EFI_IPv6_ADDRESS);
|
||||
|
||||
//
|
||||
// Fill the value of preferred-lifetime and valid-lifetime.
|
||||
@@ -700,43 +811,59 @@ Dhcp6AppendIaAddrOption (
|
||||
@@ -675,44 +787,58 @@ Dhcp6AppendIaAddrOption (
|
||||
// should set to 0 when initiate a Confirm message.
|
||||
//
|
||||
if (MessageType != Dhcp6MsgConfirm) {
|
||||
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (IaAddr->PreferredLifetime));
|
||||
- WriteUnaligned32 ((UINT32 *)Buf, HTONL (IaAddr->PreferredLifetime));
|
||||
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->PreferredLifetime));
|
||||
}
|
||||
|
||||
- Buf += 4;
|
||||
+
|
||||
+ *PacketCursor += sizeof (IaAddr->PreferredLifetime);
|
||||
|
||||
if (MessageType != Dhcp6MsgConfirm) {
|
||||
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (IaAddr->ValidLifetime));
|
||||
- WriteUnaligned32 ((UINT32 *)Buf, HTONL (IaAddr->ValidLifetime));
|
||||
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (IaAddr->ValidLifetime));
|
||||
}
|
||||
- Buf += 4;
|
||||
|
||||
- return Buf;
|
||||
- Buf += 4;
|
||||
+ *PacketCursor += sizeof (IaAddr->ValidLifetime);
|
||||
+
|
||||
+ //
|
||||
+ // Update the packet length
|
||||
+ //
|
||||
+ Packet->Length += BytesNeeded;
|
||||
+
|
||||
|
||||
- return Buf;
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
Append the appointed Ia option to Buf, and move Buf to the end.
|
||||
|
||||
@ -1289,7 +1277,7 @@ index d249a1cca7..484c360a96 100644
|
||||
|
||||
//
|
||||
// The format of IA_NA and IA_TA option:
|
||||
@@ -757,68 +884,126 @@ Dhcp6AppendIaOption (
|
||||
@@ -733,32 +859,74 @@ Dhcp6AppendIaOption (
|
||||
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
//
|
||||
|
||||
@ -1338,7 +1326,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the value of Ia option type
|
||||
//
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Ia->Descriptor.Type));
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (Ia->Descriptor.Type));
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Ia->Descriptor.Type));
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
|
||||
@ -1346,7 +1334,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the len of Ia option later, keep the pointer first
|
||||
//
|
||||
- Len = (UINT16 *) Buf;
|
||||
- Len = (UINT16 *)Buf;
|
||||
- Buf += 2;
|
||||
+ Len = (UINT16 *)*PacketCursor;
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
|
||||
@ -1354,7 +1342,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the value of iaid
|
||||
//
|
||||
- WriteUnaligned32 ((UINT32 *) Buf, HTONL (Ia->Descriptor.IaId));
|
||||
- WriteUnaligned32 ((UINT32 *)Buf, HTONL (Ia->Descriptor.IaId));
|
||||
- Buf += 4;
|
||||
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL (Ia->Descriptor.IaId));
|
||||
+ *PacketCursor += sizeof (Ia->Descriptor.IaId);
|
||||
@ -1363,9 +1351,9 @@ index d249a1cca7..484c360a96 100644
|
||||
// Fill the value of t1 and t2 if iana, keep it 0xffffffff if no specified.
|
||||
//
|
||||
if (Ia->Descriptor.Type == Dhcp6OptIana) {
|
||||
- WriteUnaligned32 ((UINT32 *) Buf, HTONL ((T1 != 0) ? T1 : 0xffffffff));
|
||||
- WriteUnaligned32 ((UINT32 *)Buf, HTONL ((T1 != 0) ? T1 : 0xffffffff));
|
||||
- Buf += 4;
|
||||
- WriteUnaligned32 ((UINT32 *) Buf, HTONL ((T2 != 0) ? T2 : 0xffffffff));
|
||||
- WriteUnaligned32 ((UINT32 *)Buf, HTONL ((T2 != 0) ? T2 : 0xffffffff));
|
||||
- Buf += 4;
|
||||
+ WriteUnaligned32 ((UINT32 *)*PacketCursor, HTONL ((T1 != 0) ? T1 : 0xffffffff));
|
||||
+ *PacketCursor += sizeof (T1);
|
||||
@ -1374,12 +1362,11 @@ index d249a1cca7..484c360a96 100644
|
||||
}
|
||||
|
||||
//
|
||||
// Fill all the addresses belong to the Ia
|
||||
@@ -766,35 +934,51 @@ Dhcp6AppendIaOption (
|
||||
//
|
||||
for (Index = 0; Index < Ia->IaAddressCount; Index++) {
|
||||
- AddrOpt = (UINT8 *) Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
|
||||
- Buf = Dhcp6AppendIaAddrOption (Buf, (EFI_DHCP6_IA_ADDRESS *) AddrOpt, MessageType);
|
||||
+ AddrOpt = (UINT8 *)Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
|
||||
AddrOpt = (UINT8 *)Ia->IaAddress + Index * sizeof (EFI_DHCP6_IA_ADDRESS);
|
||||
- Buf = Dhcp6AppendIaAddrOption (Buf, (EFI_DHCP6_IA_ADDRESS *)AddrOpt, MessageType);
|
||||
+ Status = Dhcp6AppendIaAddrOption (Packet, PacketCursor, (EFI_DHCP6_IA_ADDRESS *)AddrOpt, MessageType);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
@ -1389,15 +1376,15 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the value of Ia option length
|
||||
//
|
||||
- *Len = HTONS ((UINT16) (Buf - (UINT8 *) Len - 2));
|
||||
- *Len = HTONS ((UINT16)(Buf - (UINT8 *)Len - 2));
|
||||
+ *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
|
||||
+
|
||||
|
||||
- return Buf;
|
||||
+ //
|
||||
+ // Update the packet length
|
||||
+ //
|
||||
+ Packet->Length += BytesNeeded;
|
||||
|
||||
- return Buf;
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
@ -1437,7 +1424,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// The format of elapsed time option:
|
||||
//
|
||||
@@ -830,27 +1015,70 @@ Dhcp6AppendETOption (
|
||||
@@ -806,27 +990,70 @@ Dhcp6AppendETOption (
|
||||
// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
//
|
||||
|
||||
@ -1485,7 +1472,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the value of elapsed-time option type.
|
||||
//
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS (Dhcp6OptElapsedTime));
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (Dhcp6OptElapsedTime));
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (Dhcp6OptElapsedTime));
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
|
||||
@ -1493,7 +1480,7 @@ index d249a1cca7..484c360a96 100644
|
||||
//
|
||||
// Fill the len of elapsed-time option, which is fixed.
|
||||
//
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS(2));
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (2));
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (2));
|
||||
+ *PacketCursor += DHCP6_SIZE_OF_OPT_LEN;
|
||||
@ -1502,8 +1489,8 @@ index d249a1cca7..484c360a96 100644
|
||||
// Fill in elapsed time value with 0 value for now. The actual value is
|
||||
// filled in later just before the packet is transmitted.
|
||||
//
|
||||
- WriteUnaligned16 ((UINT16 *) Buf, HTONS(0));
|
||||
- *Elapsed = (UINT16 *) Buf;
|
||||
- WriteUnaligned16 ((UINT16 *)Buf, HTONS (0));
|
||||
- *Elapsed = (UINT16 *)Buf;
|
||||
- Buf += 2;
|
||||
+ WriteUnaligned16 ((UINT16 *)*PacketCursor, HTONS (0));
|
||||
+ *Elapsed = (UINT16 *)*PacketCursor;
|
||||
@ -1517,10 +1504,10 @@ index d249a1cca7..484c360a96 100644
|
||||
|
||||
/**
|
||||
diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
|
||||
index 2f18eb3609..af68f77e8b 100644
|
||||
index 046454ff4a..06947f6c1f 100644
|
||||
--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
|
||||
+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h
|
||||
@@ -161,69 +161,85 @@ Dhcp6OnTransmitted (
|
||||
@@ -160,69 +160,85 @@ Dhcp6OnTransmitted (
|
||||
);
|
||||
|
||||
/**
|
||||
@ -1640,5 +1627,5 @@ index 2f18eb3609..af68f77e8b 100644
|
||||
VOID
|
||||
SetElapsedTime (
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
@ -1,16 +1,17 @@
|
||||
From f5274b449181cb37efce0f08ed5d75a6bf6e54a8 Mon Sep 17 00:00:00 2001
|
||||
From c4b0517aaa38857640b4b08b55803ae8a833c1e7 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 8 Feb 2024 10:35:14 -0500
|
||||
Subject: [PATCH 16/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
|
||||
Subject: [PATCH 03/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
|
||||
Unit Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
|
||||
RH-Jira: RHEL-21840 RHEL-21842
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [3/4] 43b8569c0586c7dbf66b19c5db335d0ce05829de (jmaloy/jons_fork)
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [3/18] 0fe85bcd3683b2424bcd91ad1495d1b79eb07405
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21842
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21843
|
||||
CVE: CVE-2023-45230
|
||||
Upstream: Merged
|
||||
|
||||
@ -625,5 +626,5 @@ index 1aeca5c5b3..20bc90b172 100644
|
||||
# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
|
||||
[LibraryClasses]
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
@ -1,16 +1,16 @@
|
||||
From e3f153773bd2ca13ee4869187f1711840fc8afc9 Mon Sep 17 00:00:00 2001
|
||||
From d51f47c8654f44a787d70b675830ebc7a4ea74f6 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 15 Feb 2024 11:51:09 -0500
|
||||
Subject: [PATCH 02/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
|
||||
Subject: [PATCH 06/18] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [2/15] 61eaf6aac61b774c3a8ace54af8abd607651d2db
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [6/18] 58ad218f1216ac1ea34ca01ef8cc21e207e2eaf2
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21844
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21845
|
||||
CVE: CVE-2022-45231
|
||||
Upstream: Merged
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From e8200dda7752d21794b2268efe9e957958ffef29 Mon Sep 17 00:00:00 2001
|
||||
From a5757e84bd77ad98580c50ba81da2d1daf0f147a Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 14 Feb 2024 12:24:44 -0500
|
||||
Subject: [PATCH 03/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit
|
||||
Subject: [PATCH 07/18] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit
|
||||
Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [3/15] ca554677a3397423073d3bb4774f856b2329ae9c
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [7/18] 57d08b408b30ea98de1e5dfd74f8892b66c0867c
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21844
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21845
|
||||
CVE: CVE-2022-45231
|
||||
Upstream: Merged
|
||||
|
||||
@ -261,10 +261,10 @@ index 0000000000..f2cd90e1a9
|
||||
+ EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
|
||||
+}
|
||||
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
index 20bc90b172..ab7c2857b6 100644
|
||||
index 24dee654df..7fa7b0f9d5 100644
|
||||
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
@@ -25,6 +25,7 @@
|
||||
@@ -26,6 +26,7 @@
|
||||
# Build HOST_APPLICATION that tests NetworkPkg
|
||||
#
|
||||
NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
|
@ -1,20 +1,20 @@
|
||||
From 23b31a16bbb789f4c251b1d2f23334210a9fb545 Mon Sep 17 00:00:00 2001
|
||||
From ff4f1d8227c6c4c89060e24df37defec6d7a07e2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 15 Feb 2024 11:51:09 -0500
|
||||
Subject: [PATCH 04/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
|
||||
Subject: [PATCH 08/18] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [4/15] 48c273e43a6275c7eae3223c4ffa433f4d6531a4
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [8/18] c7bf831954da5b678450f1ba8e34371645959c81
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21846
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21847
|
||||
CVE: CVE-2022-45232
|
||||
Upstream: Merged
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21848
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21849
|
||||
CVE: CVE-2022-45233
|
||||
Upstream: Merged
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 2bd8bc051f6394f2ab3c22649c54ecbed5d636cd Mon Sep 17 00:00:00 2001
|
||||
From dab03ad5334af1c93797119f2eeda6ce757461f8 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Wed, 14 Feb 2024 20:25:29 -0500
|
||||
Subject: [PATCH 05/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit
|
||||
Subject: [PATCH 09/18] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit
|
||||
Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [5/15] 624365d403df25927ab0514b0e25faea7376def8
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [9/18] f68829a7f34f5a09a02d28cc5cfd109f90c442da
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21846
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21847
|
||||
CVE: CVE-2022-45232
|
||||
Upstream: Merged
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,74 +0,0 @@
|
||||
From 6eceae607639b46ea46ba26a288270bd1c97dc0f Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Thu, 13 Jun 2024 18:35:46 -0400
|
||||
Subject: [PATCH 31/31] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow
|
||||
in iPXE environment
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [31/31] 2088a79fef3d6dfec032f2f560ccf87ae42d786f
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21854
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45236
|
||||
|
||||
commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
|
||||
Author: Sam <Sam_Tsai@wiwynn.com>
|
||||
Date: Wed May 29 07:46:03 2024 +0800
|
||||
|
||||
NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
|
||||
|
||||
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
|
||||
REF: 1904a64
|
||||
|
||||
Issue Description:
|
||||
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
|
||||
|
||||
NetworkPkg\TcpDxe\TcpDriver.c
|
||||
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
|
||||
Root Cause Analysis:
|
||||
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
|
||||
|
||||
Implemented Solution:
|
||||
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
|
||||
|
||||
NetworkPkg\TcpDxe\TcpDriver.c
|
||||
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
|
||||
|
||||
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
|
||||
|
||||
Verification:
|
||||
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
|
||||
|
||||
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||
|
||||
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
|
||||
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
index 34ae838ae0..1aec292501 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
@@ -509,7 +509,7 @@ TcpDestroyService (
|
||||
//
|
||||
// Destroy the instance of the hashing protocol for this controller.
|
||||
//
|
||||
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
|
||||
if (EFI_ERROR (Status)) {
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,808 +0,0 @@
|
||||
From 1e7f4034ddc0896e16c981d4220a1178813b4e86 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Tue, 11 Jun 2024 15:20:29 -0400
|
||||
Subject: [PATCH 30/31] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
|
||||
RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Commit: [30/31] 9ae15a2abf1d9bd0a0df1ff73a88446b9eb33602
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21854
|
||||
Upstream: Merged
|
||||
CVE: CVE-2023-45236
|
||||
Conflicts: Didn't add new file NetworkPkg/SecurityFixes.yaml
|
||||
|
||||
commit 1904a64bcc18199738e5be183d28887ac5d837d7
|
||||
Author: Doug Flick <dougflick@microsoft.com>
|
||||
Date: Wed May 8 22:56:29 2024 -0700
|
||||
|
||||
NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
|
||||
|
||||
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
|
||||
REF: https://www.rfc-editor.org/rfc/rfc1948.txt
|
||||
REF: https://www.rfc-editor.org/rfc/rfc6528.txt
|
||||
REF: https://www.rfc-editor.org/rfc/rfc9293.txt
|
||||
|
||||
Bug Overview:
|
||||
PixieFail Bug #8
|
||||
CVE-2023-45236
|
||||
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
|
||||
|
||||
Updates TCP ISN generation to use a cryptographic hash of the
|
||||
connection's identifying parameters and a secret key.
|
||||
This prevents an attacker from guessing the ISN used for some other
|
||||
connection.
|
||||
|
||||
This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
|
||||
|
||||
RFC: 9293 Section 3.4.1. Initial Sequence Number Selection
|
||||
|
||||
A TCP implementation MUST use the above type of "clock" for clock-
|
||||
driven selection of initial sequence numbers (MUST-8), and SHOULD
|
||||
generate its initial sequence numbers with the expression:
|
||||
|
||||
ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
|
||||
where M is the 4 microsecond timer, and F() is a pseudorandom
|
||||
function (PRF) of the connection's identifying parameters ("localip,
|
||||
localport, remoteip, remoteport") and a secret key ("secretkey")
|
||||
(SHLD-1). F() MUST NOT be computable from the outside (MUST-9), or
|
||||
an attacker could still guess at sequence numbers from the ISN used
|
||||
for some other connection. The PRF could be implemented as a
|
||||
cryptographic hash of the concatenation of the TCP connection
|
||||
parameters and some secret data. For discussion of the selection of
|
||||
a specific hash algorithm and management of the secret key data,
|
||||
please see Section 3 of [42].
|
||||
|
||||
For each connection there is a send sequence number and a receive
|
||||
sequence number. The initial send sequence number (ISS) is chosen by
|
||||
the data sending TCP peer, and the initial receive sequence number
|
||||
(IRS) is learned during the connection-establishing procedure.
|
||||
|
||||
For a connection to be established or initialized, the two TCP peers
|
||||
must synchronize on each other's initial sequence numbers. This is
|
||||
done in an exchange of connection-establishing segments carrying a
|
||||
control bit called "SYN" (for synchronize) and the initial sequence
|
||||
numbers. As a shorthand, segments carrying the SYN bit are also
|
||||
called "SYNs". Hence, the solution requires a suitable mechanism for
|
||||
picking an initial sequence number and a slightly involved handshake
|
||||
to exchange the ISNs.
|
||||
|
||||
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
|
||||
|
||||
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/TcpDxe/TcpDriver.c | 92 ++++++++++++-
|
||||
NetworkPkg/TcpDxe/TcpDxe.inf | 8 +-
|
||||
NetworkPkg/TcpDxe/TcpFunc.h | 23 ++--
|
||||
NetworkPkg/TcpDxe/TcpInput.c | 13 +-
|
||||
NetworkPkg/TcpDxe/TcpMain.h | 59 ++++++--
|
||||
NetworkPkg/TcpDxe/TcpMisc.c | 244 ++++++++++++++++++++++++++++++++--
|
||||
NetworkPkg/TcpDxe/TcpTimer.c | 3 +-
|
||||
7 files changed, 394 insertions(+), 48 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
index 430911c2f4..34ae838ae0 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
|
||||
@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL gTcpServiceBinding = {
|
||||
TcpServiceBindingDestroyChild
|
||||
};
|
||||
|
||||
+//
|
||||
+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
|
||||
+// if the platform does not provide one.
|
||||
+//
|
||||
+EFI_HANDLE mHash2ServiceHandle = NULL;
|
||||
+
|
||||
/**
|
||||
Create and start the heartbeat timer for the TCP driver.
|
||||
|
||||
@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
|
||||
EFI_STATUS Status;
|
||||
UINT32 Random;
|
||||
|
||||
+ //
|
||||
+ // Initialize the Secret used for hashing TCP sequence numbers
|
||||
+ //
|
||||
+ // Normally this should be regenerated periodically, but since
|
||||
+ // this is only used for UEFI networking and not a general purpose
|
||||
+ // operating system, it is not necessary to regenerate it.
|
||||
+ //
|
||||
+ Status = PseudoRandomU32 (&mTcpGlobalSecret);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Get a random number used to generate a random port number
|
||||
+ // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
|
||||
+ //
|
||||
Status = PseudoRandomU32 (&Random);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
|
||||
@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
|
||||
}
|
||||
|
||||
//
|
||||
- // Initialize ISS and random port.
|
||||
+ // Initialize the random port.
|
||||
//
|
||||
- mTcpGlobalIss = Random % mTcpGlobalIss;
|
||||
mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
|
||||
mTcp6RandomPort = mTcp4RandomPort;
|
||||
|
||||
@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
|
||||
@param[in] IpVersion IP_VERSION_4 or IP_VERSION_6.
|
||||
|
||||
@retval EFI_OUT_OF_RESOURCES Failed to allocate some resources.
|
||||
+ @retval EFI_UNSUPPORTED Service Binding Protocols are unavailable.
|
||||
+ @retval EFI_ALREADY_STARTED The TCP driver is already started on the controller.
|
||||
@retval EFI_SUCCESS A new IP6 service binding private was created.
|
||||
|
||||
**/
|
||||
@@ -234,11 +258,13 @@ TcpCreateService (
|
||||
IN UINT8 IpVersion
|
||||
)
|
||||
{
|
||||
- EFI_STATUS Status;
|
||||
- EFI_GUID *IpServiceBindingGuid;
|
||||
- EFI_GUID *TcpServiceBindingGuid;
|
||||
- TCP_SERVICE_DATA *TcpServiceData;
|
||||
- IP_IO_OPEN_DATA OpenData;
|
||||
+ EFI_STATUS Status;
|
||||
+ EFI_GUID *IpServiceBindingGuid;
|
||||
+ EFI_GUID *TcpServiceBindingGuid;
|
||||
+ TCP_SERVICE_DATA *TcpServiceData;
|
||||
+ IP_IO_OPEN_DATA OpenData;
|
||||
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||
|
||||
if (IpVersion == IP_VERSION_4) {
|
||||
IpServiceBindingGuid = &gEfiIp4ServiceBindingProtocolGuid;
|
||||
@@ -272,6 +298,33 @@ TcpCreateService (
|
||||
return EFI_UNSUPPORTED;
|
||||
}
|
||||
|
||||
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ //
|
||||
+ // If we can't find the Hashing protocol, then we need to create one.
|
||||
+ //
|
||||
+
|
||||
+ //
|
||||
+ // Platform is expected to publish the hash service binding protocol to support TCP.
|
||||
+ //
|
||||
+ Status = gBS->LocateProtocol (
|
||||
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||
+ NULL,
|
||||
+ (VOID **)&Hash2ServiceBinding
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Create an instance of the hash protocol for this controller.
|
||||
+ //
|
||||
+ Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Create the TCP service data.
|
||||
//
|
||||
@@ -423,6 +476,7 @@ TcpDestroyService (
|
||||
EFI_STATUS Status;
|
||||
LIST_ENTRY *List;
|
||||
TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT Context;
|
||||
+ EFI_SERVICE_BINDING_PROTOCOL *Hash2ServiceBinding;
|
||||
|
||||
ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
|
||||
|
||||
@@ -439,6 +493,30 @@ TcpDestroyService (
|
||||
return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
+ //
|
||||
+ // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
|
||||
+ //
|
||||
+ if (mHash2ServiceHandle != NULL) {
|
||||
+ Status = gBS->LocateProtocol (
|
||||
+ &gEfiHash2ServiceBindingProtocolGuid,
|
||||
+ NULL,
|
||||
+ (VOID **)&Hash2ServiceBinding
|
||||
+ );
|
||||
+ if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Destroy the instance of the hashing protocol for this controller.
|
||||
+ //
|
||||
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return EFI_UNSUPPORTED;
|
||||
+ }
|
||||
+
|
||||
+ mHash2ServiceHandle = NULL;
|
||||
+ }
|
||||
+
|
||||
Status = gBS->OpenProtocol (
|
||||
NicHandle,
|
||||
ServiceBindingGuid,
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
index cf5423f4c5..76de4cf9ec 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
|
||||
@@ -6,6 +6,7 @@
|
||||
# stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
|
||||
#
|
||||
# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
+# Copyright (c) Microsoft Corporation
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
@@ -68,7 +69,6 @@
|
||||
NetLib
|
||||
IpIoLib
|
||||
|
||||
-
|
||||
[Protocols]
|
||||
## SOMETIMES_CONSUMES
|
||||
## SOMETIMES_PRODUCES
|
||||
@@ -81,6 +81,12 @@
|
||||
gEfiIp6ServiceBindingProtocolGuid ## TO_START
|
||||
gEfiTcp6ProtocolGuid ## BY_START
|
||||
gEfiTcp6ServiceBindingProtocolGuid ## BY_START
|
||||
+ gEfiHash2ProtocolGuid ## BY_START
|
||||
+ gEfiHash2ServiceBindingProtocolGuid ## BY_START
|
||||
+
|
||||
+[Guids]
|
||||
+ gEfiHashAlgorithmMD5Guid ## CONSUMES
|
||||
+ gEfiHashAlgorithmSha256Guid ## CONSUMES
|
||||
|
||||
[Depex]
|
||||
gEfiHash2ServiceBindingProtocolGuid
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
index 05cd3c75dc..e578b8bb29 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
+++ b/NetworkPkg/TcpDxe/TcpFunc.h
|
||||
@@ -2,7 +2,7 @@
|
||||
Declaration of external functions shared in TCP driver.
|
||||
|
||||
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
|
||||
-
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -36,8 +36,11 @@ VOID
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpInitTcbLocal (
|
||||
IN OUT TCP_CB *Tcb
|
||||
);
|
||||
@@ -128,17 +131,6 @@ TcpCloneTcb (
|
||||
IN TCP_CB *Tcb
|
||||
);
|
||||
|
||||
-/**
|
||||
- Compute an ISS to be used by a new connection.
|
||||
-
|
||||
- @return The result ISS.
|
||||
-
|
||||
-**/
|
||||
-TCP_SEQNO
|
||||
-TcpGetIss (
|
||||
- VOID
|
||||
- );
|
||||
-
|
||||
/**
|
||||
Get the local mss.
|
||||
|
||||
@@ -202,8 +194,11 @@ TcpFormatNetbuf (
|
||||
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||
connection.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpOnAppConnect (
|
||||
IN OUT TCP_CB *Tcb
|
||||
);
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
|
||||
index 5e6c8c54ca..c0656ccd7d 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpInput.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpInput.c
|
||||
@@ -759,6 +759,7 @@ TcpInput (
|
||||
TCP_SEQNO Urg;
|
||||
UINT16 Checksum;
|
||||
INT32 Usable;
|
||||
+ EFI_STATUS Status;
|
||||
|
||||
ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
|
||||
|
||||
@@ -908,7 +909,17 @@ TcpInput (
|
||||
Tcb->LocalEnd.Port = Head->DstPort;
|
||||
Tcb->RemoteEnd.Port = Head->SrcPort;
|
||||
|
||||
- TcpInitTcbLocal (Tcb);
|
||||
+ Status = TcpInitTcbLocal (Tcb);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG (
|
||||
+ (DEBUG_ERROR,
|
||||
+ "TcpInput: discard a segment because failed to init local end for TCB %p\n",
|
||||
+ Tcb)
|
||||
+ );
|
||||
+
|
||||
+ goto DISCARD;
|
||||
+ }
|
||||
+
|
||||
TcpInitTcbPeer (Tcb, Seg, &Option);
|
||||
|
||||
TcpSetState (Tcb, TCP_SYN_RCVD);
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
|
||||
index 0709298bbf..3fa572d3d4 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpMain.h
|
||||
+++ b/NetworkPkg/TcpDxe/TcpMain.h
|
||||
@@ -3,6 +3,7 @@
|
||||
It is the common head file for all Tcp*.c in TCP driver.
|
||||
|
||||
Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -12,6 +13,7 @@
|
||||
|
||||
#include <Protocol/ServiceBinding.h>
|
||||
#include <Protocol/DriverBinding.h>
|
||||
+#include <Protocol/Hash2.h>
|
||||
#include <Library/IpIoLib.h>
|
||||
#include <Library/DevicePathLib.h>
|
||||
#include <Library/PrintLib.h>
|
||||
@@ -30,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE *gTcpControllerNameTable;
|
||||
|
||||
extern LIST_ENTRY mTcpRunQue;
|
||||
extern LIST_ENTRY mTcpListenQue;
|
||||
-extern TCP_SEQNO mTcpGlobalIss;
|
||||
+extern TCP_SEQNO mTcpGlobalSecret;
|
||||
extern UINT32 mTcpTick;
|
||||
|
||||
///
|
||||
@@ -44,15 +46,6 @@ extern UINT32 mTcpTick;
|
||||
|
||||
#define TCP_EXPIRE_TIME 65535
|
||||
|
||||
-///
|
||||
-/// The implementation selects the initial send sequence number and the unit to
|
||||
-/// be added when it is increased.
|
||||
-///
|
||||
-#define TCP_BASE_ISS 0x4d7e980b
|
||||
-#define TCP_ISS_INCREMENT_1 2048
|
||||
-#define TCP_ISS_INCREMENT_2 100
|
||||
-
|
||||
-
|
||||
typedef union {
|
||||
EFI_TCP4_CONFIG_DATA Tcp4CfgData;
|
||||
EFI_TCP6_CONFIG_DATA Tcp6CfgData;
|
||||
@@ -774,4 +767,50 @@ Tcp6Poll (
|
||||
IN EFI_TCP6_PROTOCOL *This
|
||||
);
|
||||
|
||||
+/**
|
||||
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||
+ and remote IP addresses and ports.
|
||||
+
|
||||
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||
+ Where the ISN is computed as follows:
|
||||
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||
+
|
||||
+ Otherwise:
|
||||
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
+
|
||||
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||
+ ISN used for some other connection. The PRF could be implemented as a
|
||||
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||
+ management of the secret key data."
|
||||
+
|
||||
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||
+ Sequence Number (ISN).
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||
+ retrieved.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||
+
|
||||
+**/
|
||||
+EFI_STATUS
|
||||
+TcpGetIsn (
|
||||
+ IN UINT8 *LocalIp,
|
||||
+ IN UINTN LocalIpSize,
|
||||
+ IN UINT16 LocalPort,
|
||||
+ IN UINT8 *RemoteIp,
|
||||
+ IN UINTN RemoteIpSize,
|
||||
+ IN UINT16 RemotePort,
|
||||
+ OUT TCP_SEQNO *Isn
|
||||
+ );
|
||||
+
|
||||
#endif
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
index 3fa9d90d9f..42dc9fa941 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpMisc.c
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
(C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
|
||||
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -19,7 +20,34 @@ LIST_ENTRY mTcpListenQue = {
|
||||
&mTcpListenQue
|
||||
};
|
||||
|
||||
-TCP_SEQNO mTcpGlobalIss = TCP_BASE_ISS;
|
||||
+//
|
||||
+// The Session secret
|
||||
+// This must be initialized to a random value at boot time
|
||||
+//
|
||||
+TCP_SEQNO mTcpGlobalSecret;
|
||||
+
|
||||
+//
|
||||
+// Union to hold either an IPv4 or IPv6 address
|
||||
+// This is used to simplify the ISN hash computation
|
||||
+//
|
||||
+typedef union {
|
||||
+ UINT8 IPv4[4];
|
||||
+ UINT8 IPv6[16];
|
||||
+} NETWORK_ADDRESS;
|
||||
+
|
||||
+//
|
||||
+// The ISN is computed by hashing this structure
|
||||
+// It is initialized with the local and remote IP addresses and ports
|
||||
+// and the secret
|
||||
+//
|
||||
+//
|
||||
+typedef struct {
|
||||
+ UINT16 LocalPort;
|
||||
+ UINT16 RemotePort;
|
||||
+ NETWORK_ADDRESS LocalAddress;
|
||||
+ NETWORK_ADDRESS RemoteAddress;
|
||||
+ TCP_SEQNO Secret;
|
||||
+} ISN_HASH_CTX;
|
||||
|
||||
CHAR16 *mTcpStateName[] = {
|
||||
L"TCP_CLOSED",
|
||||
@@ -40,12 +68,18 @@ CHAR16 *mTcpStateName[] = {
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB of this TCP instance.
|
||||
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpInitTcbLocal (
|
||||
IN OUT TCP_CB *Tcb
|
||||
)
|
||||
{
|
||||
+ TCP_SEQNO Isn;
|
||||
+ EFI_STATUS Status;
|
||||
+
|
||||
//
|
||||
// Compute the checksum of the fixed parts of pseudo header
|
||||
//
|
||||
@@ -56,6 +90,16 @@ TcpInitTcbLocal (
|
||||
0x06,
|
||||
0
|
||||
);
|
||||
+
|
||||
+ Status = TcpGetIsn (
|
||||
+ Tcb->LocalEnd.Ip.v4.Addr,
|
||||
+ sizeof (IPv4_ADDRESS),
|
||||
+ Tcb->LocalEnd.Port,
|
||||
+ Tcb->RemoteEnd.Ip.v4.Addr,
|
||||
+ sizeof (IPv4_ADDRESS),
|
||||
+ Tcb->RemoteEnd.Port,
|
||||
+ &Isn
|
||||
+ );
|
||||
} else {
|
||||
Tcb->HeadSum = NetIp6PseudoHeadChecksum (
|
||||
&Tcb->LocalEnd.Ip.v6,
|
||||
@@ -63,9 +107,25 @@ TcpInitTcbLocal (
|
||||
0x06,
|
||||
0
|
||||
);
|
||||
+
|
||||
+ Status = TcpGetIsn (
|
||||
+ Tcb->LocalEnd.Ip.v6.Addr,
|
||||
+ sizeof (IPv6_ADDRESS),
|
||||
+ Tcb->LocalEnd.Port,
|
||||
+ Tcb->RemoteEnd.Ip.v6.Addr,
|
||||
+ sizeof (IPv6_ADDRESS),
|
||||
+ Tcb->RemoteEnd.Port,
|
||||
+ &Isn
|
||||
+ );
|
||||
+ }
|
||||
+
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
|
||||
+ ASSERT (FALSE);
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
- Tcb->Iss = TcpGetIss ();
|
||||
+ Tcb->Iss = Isn;
|
||||
Tcb->SndUna = Tcb->Iss;
|
||||
Tcb->SndNxt = Tcb->Iss;
|
||||
|
||||
@@ -81,6 +141,8 @@ TcpInitTcbLocal (
|
||||
Tcb->RetxmitSeqMax = 0;
|
||||
|
||||
Tcb->ProbeTimerOn = FALSE;
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -505,18 +567,162 @@ TcpCloneTcb (
|
||||
}
|
||||
|
||||
/**
|
||||
- Compute an ISS to be used by a new connection.
|
||||
-
|
||||
- @return The resulting ISS.
|
||||
+ Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
|
||||
+ and remote IP addresses and ports.
|
||||
+
|
||||
+ This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
|
||||
+ Where the ISN is computed as follows:
|
||||
+ ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
|
||||
+
|
||||
+ Otherwise:
|
||||
+ ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
|
||||
+
|
||||
+ "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
|
||||
+ connection's identifying parameters ("localip, localport, remoteip, remoteport")
|
||||
+ and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
|
||||
+ outside (MUST-9), or an attacker could still guess at sequence numbers from the
|
||||
+ ISN used for some other connection. The PRF could be implemented as a
|
||||
+ cryptographic hash of the concatenation of the TCP connection parameters and some
|
||||
+ secret data. For discussion of the selection of a specific hash algorithm and
|
||||
+ management of the secret key data."
|
||||
+
|
||||
+ @param[in] LocalIp A pointer to the local IP address of the TCP connection.
|
||||
+ @param[in] LocalIpSize The size, in bytes, of the LocalIp buffer.
|
||||
+ @param[in] LocalPort The local port number of the TCP connection.
|
||||
+ @param[in] RemoteIp A pointer to the remote IP address of the TCP connection.
|
||||
+ @param[in] RemoteIpSize The size, in bytes, of the RemoteIp buffer.
|
||||
+ @param[in] RemotePort The remote port number of the TCP connection.
|
||||
+ @param[out] Isn A pointer to the variable that will receive the Initial
|
||||
+ Sequence Number (ISN).
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully, and the ISN was
|
||||
+ retrieved.
|
||||
+ @retval EFI_INVALID_PARAMETER One or more of the input parameters are invalid.
|
||||
+ @retval EFI_UNSUPPORTED The operation is not supported.
|
||||
|
||||
**/
|
||||
-TCP_SEQNO
|
||||
-TcpGetIss (
|
||||
- VOID
|
||||
+EFI_STATUS
|
||||
+TcpGetIsn (
|
||||
+ IN UINT8 *LocalIp,
|
||||
+ IN UINTN LocalIpSize,
|
||||
+ IN UINT16 LocalPort,
|
||||
+ IN UINT8 *RemoteIp,
|
||||
+ IN UINTN RemoteIpSize,
|
||||
+ IN UINT16 RemotePort,
|
||||
+ OUT TCP_SEQNO *Isn
|
||||
)
|
||||
{
|
||||
- mTcpGlobalIss += TCP_ISS_INCREMENT_1;
|
||||
- return mTcpGlobalIss;
|
||||
+ EFI_STATUS Status;
|
||||
+ EFI_HASH2_PROTOCOL *Hash2Protocol;
|
||||
+ EFI_HASH2_OUTPUT HashResult;
|
||||
+ ISN_HASH_CTX IsnHashCtx;
|
||||
+ EFI_TIME TimeStamp;
|
||||
+
|
||||
+ //
|
||||
+ // Check that the ISN pointer is valid
|
||||
+ //
|
||||
+ if (Isn == NULL) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // The local ip may be a v4 or v6 address and may not be NULL
|
||||
+ //
|
||||
+ if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // the local ip may be a v4 or v6 address
|
||||
+ //
|
||||
+ if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
|
||||
+ return EFI_INVALID_PARAMETER;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Locate the Hash Protocol
|
||||
+ //
|
||||
+ Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
|
||||
+
|
||||
+ //
|
||||
+ // TcpCreateService(..) is expected to be called prior to this function
|
||||
+ //
|
||||
+ ASSERT_EFI_ERROR (Status);
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Initialize the hash algorithm
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ IsnHashCtx.LocalPort = LocalPort;
|
||||
+ IsnHashCtx.RemotePort = RemotePort;
|
||||
+ IsnHashCtx.Secret = mTcpGlobalSecret;
|
||||
+
|
||||
+ //
|
||||
+ // Check the IP address family and copy accordingly
|
||||
+ //
|
||||
+ if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
|
||||
+ } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
|
||||
+ } else {
|
||||
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Repeat the process for the remote IP address
|
||||
+ //
|
||||
+ if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
|
||||
+ } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
|
||||
+ CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
|
||||
+ } else {
|
||||
+ return EFI_INVALID_PARAMETER; // Unsupported address size
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Compute the hash
|
||||
+ // Update the hash with the data
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // Finalize the hash and retrieve the result
|
||||
+ //
|
||||
+ Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ Status = gRT->GetTime (&TimeStamp, NULL);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
+ //
|
||||
+ // copy the first 4 bytes of the hash result into the ISN
|
||||
+ //
|
||||
+ CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
|
||||
+
|
||||
+ //
|
||||
+ // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
|
||||
+ //
|
||||
+ *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
|
||||
+
|
||||
+ return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -719,17 +925,29 @@ TcpFormatNetbuf (
|
||||
|
||||
@param[in, out] Tcb Pointer to the TCP_CB that wants to initiate a
|
||||
connection.
|
||||
+
|
||||
+ @retval EFI_SUCCESS The operation completed successfully
|
||||
+ @retval others The underlying functions failed and could not complete the operation
|
||||
+
|
||||
**/
|
||||
-VOID
|
||||
+EFI_STATUS
|
||||
TcpOnAppConnect (
|
||||
IN OUT TCP_CB *Tcb
|
||||
)
|
||||
{
|
||||
- TcpInitTcbLocal (Tcb);
|
||||
+ EFI_STATUS Status;
|
||||
+
|
||||
+ Status = TcpInitTcbLocal (Tcb);
|
||||
+ if (EFI_ERROR (Status)) {
|
||||
+ return Status;
|
||||
+ }
|
||||
+
|
||||
TcpSetState (Tcb, TCP_SYN_SENT);
|
||||
|
||||
TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
|
||||
TcpToSendData (Tcb, 1);
|
||||
+
|
||||
+ return EFI_SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
index 106d9470db..535d09d342 100644
|
||||
--- a/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
+++ b/NetworkPkg/TcpDxe/TcpTimer.c
|
||||
@@ -2,7 +2,7 @@
|
||||
TCP timer related functions.
|
||||
|
||||
Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
|
||||
-
|
||||
+ Copyright (c) Microsoft Corporation
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
@@ -497,7 +497,6 @@ TcpTickingDpc (
|
||||
INT16 Index;
|
||||
|
||||
mTcpTick++;
|
||||
- mTcpGlobalIss += TCP_ISS_INCREMENT_2;
|
||||
|
||||
//
|
||||
// Don't use LIST_FOR_EACH, which isn't delete safe.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 38baf93892ec464490b6fe611c23b014f574344b Mon Sep 17 00:00:00 2001
|
||||
From 1afdf854f67fbaeea47f15efa0c34c0f1fe6a504 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 07/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
|
||||
Subject: [PATCH 10/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
|
||||
Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [7/15] c1baa0b2facbf0b63a90a0bfd55264af9f893098
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [10/18] c7527c63ebe3afb55a2ef78103c1a57de26c36b7
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21850
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21851
|
||||
CVE: CVE-2022-45234
|
||||
Upstream: Merged
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From fd1bc6ff10a45123b0ec7f9ae3354ad3713bc532 Mon Sep 17 00:00:00 2001
|
||||
From d60257df151a6c58aefe74c2d2baee59344318d2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 08/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
|
||||
Subject: [PATCH 11/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
|
||||
Unit Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [8/15] f88ebc7fa79ce4fe615dd79c42fedee0a0da7a0b
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [11/18] b917383d597172d4bf75548d9b281d08bf34e299
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21850
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21851
|
||||
CVE: CVE-2022-45234
|
||||
Upstream: Merged
|
||||
|
||||
@ -54,10 +54,10 @@ Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
|
||||
|
||||
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
index ab7c2857b6..c8a991e5c1 100644
|
||||
index 7fa7b0f9d5..a0273c4310 100644
|
||||
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
@@ -26,6 +26,7 @@
|
||||
@@ -27,6 +27,7 @@
|
||||
#
|
||||
NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 0016db53099ba979617f376fe1104fefada4fa29 Mon Sep 17 00:00:00 2001
|
||||
From b57bd437db8cff7b7a206e3cd694b7821014ba53 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 09/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
|
||||
Subject: [PATCH 12/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
|
||||
Patch
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [9/15] c48c060b87761537ee526e1f8a9e5993eb1a0381
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [12/18] 310a770792d1a81dbf54ee372f926541309492e8
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21852
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21853
|
||||
CVE: CVE-2022-45235
|
||||
Upstream: Merged
|
||||
|
||||
@ -225,10 +225,10 @@ index 2b2d372889..7fd1281c11 100644
|
||||
|
||||
Status = PxeBc->UdpWrite (
|
||||
diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
|
||||
index ae4be775e8..47eb8cc0c0 100644
|
||||
index c86f6d391b..6357d27fae 100644
|
||||
--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
|
||||
+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
|
||||
@@ -35,6 +35,23 @@
|
||||
@@ -34,6 +34,23 @@
|
||||
#define PXEBC_ADDR_START_DELIMITER '['
|
||||
#define PXEBC_ADDR_END_DELIMITER ']'
|
||||
|
||||
|
@ -1,17 +1,17 @@
|
||||
From 80b34c0f56228353c174f9ff739d0755c62d76cf Mon Sep 17 00:00:00 2001
|
||||
From 59b9d468ebf6be2a5c53d7979c12040f9b41c2c2 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 10/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
|
||||
Subject: [PATCH 13/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
|
||||
Unit Tests
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
|
||||
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
|
||||
RH-Commit: [10/15] 5dbf3f771506ff9a0c28827c568d04e825572658
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [13/18] 074410155526b2ee2a74cf161ea46385932da059
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21852
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21853
|
||||
CVE: CVE-2022-45235
|
||||
Upstream: Merged
|
||||
|
||||
@ -48,10 +48,10 @@ Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
3 files changed, 298 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
index c8a991e5c1..1010a80a15 100644
|
||||
index a0273c4310..fa301a7a52 100644
|
||||
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
|
||||
@@ -26,7 +26,10 @@
|
||||
@@ -27,7 +27,10 @@
|
||||
#
|
||||
NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
|
||||
NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
|
||||
|
51
SOURCES/edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch
Normal file
51
SOURCES/edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From ababd8837103d4e504cc5d044a13fb9516543795 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Maloy <jmaloy@redhat.com>
|
||||
Date: Fri, 16 Feb 2024 10:48:05 -0500
|
||||
Subject: [PATCH 18/18] NetworkPkg: : Updating SecurityFixes.yaml
|
||||
|
||||
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
||||
RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
|
||||
RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
|
||||
RH-Acked-by: Gerd Hoffmann <None>
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [18/18] e77d4ea79359b99e7d1073251d67909c2bfdb879
|
||||
|
||||
JIRA: https://issues.redhat.com/browse/RHEL-21841
|
||||
CVE: CVE-2023-45229
|
||||
Upstream: Merged
|
||||
|
||||
commit 5fd3078a2e08f607dc86a16c1b184b6e30a34a49
|
||||
Author: Doug Flick <dougflick@microsoft.com>
|
||||
Date: Tue Feb 13 10:46:03 2024 -0800
|
||||
|
||||
NetworkPkg: : Updating SecurityFixes.yaml
|
||||
|
||||
This captures the related security change for Dhcp6Dxe that is related
|
||||
to CVE-2023-45229
|
||||
|
||||
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
|
||||
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
||||
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
|
||||
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
|
||||
|
||||
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
||||
---
|
||||
NetworkPkg/SecurityFixes.yaml | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
|
||||
index 7e900483fe..fa42025e0d 100644
|
||||
--- a/NetworkPkg/SecurityFixes.yaml
|
||||
+++ b/NetworkPkg/SecurityFixes.yaml
|
||||
@@ -8,6 +8,7 @@ CVE_2023_45229:
|
||||
commit_titles:
|
||||
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
|
||||
- "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
|
||||
+ - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch"
|
||||
cve: CVE-2023-45229
|
||||
date_reported: 2023-08-28 13:56 UTC
|
||||
description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,50 +0,0 @@
|
||||
From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001
|
||||
From: Dov Murik <dovmurik@linux.ibm.com>
|
||||
Date: Tue, 4 Jan 2022 15:16:40 +0800
|
||||
Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
|
||||
reserved
|
||||
|
||||
RH-Author: Pawel Polawski <None>
|
||||
RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
|
||||
RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2)
|
||||
RH-Bugzilla: 2041754
|
||||
RH-Acked-by: Oliver Steffen <None>
|
||||
|
||||
Mark the SEV launch secret MEMFD area as reserved, which will allow the
|
||||
guest OS to use it during the lifetime of the OS, without creating
|
||||
copies of the sensitive content.
|
||||
|
||||
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Cc: Brijesh Singh <brijesh.singh@amd.com>
|
||||
Cc: Erdem Aktas <erdemaktas@google.com>
|
||||
Cc: James Bottomley <jejb@linux.ibm.com>
|
||||
Cc: Jiewen Yao <jiewen.yao@intel.com>
|
||||
Cc: Min Xu <min.m.xu@intel.com>
|
||||
Cc: Tom Lendacky <thomas.lendacky@amd.com>
|
||||
Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
|
||||
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
|
||||
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
|
||||
Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
|
||||
---
|
||||
OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
|
||||
index db94c26b54..6bf1a55dea 100644
|
||||
--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
|
||||
+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
|
||||
@@ -19,7 +19,7 @@ InitializeSecretPei (
|
||||
BuildMemoryAllocationHob (
|
||||
PcdGet32 (PcdSevLaunchSecretBase),
|
||||
ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
|
||||
- EfiBootServicesData
|
||||
+ EfiReservedMemoryType
|
||||
);
|
||||
|
||||
return EFI_SUCCESS;
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,52 @@
|
||||
From 390efa52b8c2b61bcc6f24cc9f3b805798150b6e Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 9 Jan 2024 12:29:00 +0100
|
||||
Subject: [PATCH 1/3] OvmfPkg/RiscVVirt: use gEfiAuthenticatedVariableGuid
|
||||
unconditionally
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
ArmVirt and OVMF are doing the same.
|
||||
|
||||
See commit d92eaabefbe0 ("OvmfPkg: simplify VARIABLE_STORE_HEADER
|
||||
generation") for details.
|
||||
|
||||
Suggested-by: László Érsek <lersek@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20240109112902.30002-2-kraxel@redhat.com>
|
||||
(cherry picked from commit 3b1ddbddeee64cee5aba4f0170fbf5e4781d4879)
|
||||
---
|
||||
OvmfPkg/RiscVVirt/VarStore.fdf.inc | 9 +--------
|
||||
1 file changed, 1 insertion(+), 8 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/RiscVVirt/VarStore.fdf.inc b/OvmfPkg/RiscVVirt/VarStore.fdf.inc
|
||||
index aba32315cc..6679c246b3 100644
|
||||
--- a/OvmfPkg/RiscVVirt/VarStore.fdf.inc
|
||||
+++ b/OvmfPkg/RiscVVirt/VarStore.fdf.inc
|
||||
@@ -36,19 +36,12 @@ DATA = {
|
||||
# Blockmap[1]: End
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
## This is the VARIABLE_STORE_HEADER
|
||||
-!if $(SECURE_BOOT_ENABLE) == TRUE
|
||||
+ # It is compatible with SECURE_BOOT_ENABLE == FALSE as well.
|
||||
# Signature: gEfiAuthenticatedVariableGuid =
|
||||
# { 0xaaf32c78, 0x947b, 0x439a,
|
||||
# { 0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92 }}
|
||||
0x78, 0x2c, 0xf3, 0xaa, 0x7b, 0x94, 0x9a, 0x43,
|
||||
0xa1, 0x80, 0x2e, 0x14, 0x4e, 0xc3, 0x77, 0x92,
|
||||
-!else
|
||||
- # Signature: gEfiVariableGuid =
|
||||
- # { 0xddcf3616, 0x3275, 0x4164,
|
||||
- # { 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d }}
|
||||
- 0x16, 0x36, 0xcf, 0xdd, 0x75, 0x32, 0x64, 0x41,
|
||||
- 0x98, 0xb6, 0xfe, 0x85, 0x70, 0x7f, 0xfe, 0x7d,
|
||||
-!endif
|
||||
# Size: 0x40000 (gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize) -
|
||||
# 0x48 (size of EFI_FIRMWARE_VOLUME_HEADER) = 0x3FFB8
|
||||
# This can speed up the Variable Dispatch a bit.
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,193 @@
|
||||
From 7b1298045185749369115719317dc92f58af92d7 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 30 Jan 2024 14:04:38 +0100
|
||||
Subject: [PATCH 6/9] OvmfPkg/Sec: Setup MTRR early in the boot process.
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
|
||||
RH-Jira: RHEL-21704
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2)
|
||||
|
||||
Specifically before running lzma uncompress of the main firmware volume.
|
||||
This is needed to make sure caching is enabled, otherwise the uncompress
|
||||
can be extremely slow.
|
||||
|
||||
Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
|
||||
|
||||
Background: Depending on virtual machine configuration kvm may uses EPT
|
||||
memory types to apply guest MTRR settings. In case MTRRs are disabled
|
||||
kvm will use the uncachable memory type for all mappings. The
|
||||
vmx_get_mt_mask() function in the linux kernel handles this and can be
|
||||
found here:
|
||||
|
||||
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
|
||||
|
||||
In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In
|
||||
case the VM has a mdev device assigned that is not the case though.
|
||||
|
||||
Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
|
||||
should not be set by default in CR0") kvm also ended up using
|
||||
MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit
|
||||
kvm evaluates guest mtrr settings, which why setting up MTRRs early is
|
||||
important now.
|
||||
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-ID: <20240130130441.772484-2-kraxel@redhat.com>
|
||||
|
||||
[ kraxel: Downstream-only for now. Timely upstream merge is unlikely
|
||||
due to chinese holidays and rhel-9.4 deadlines are close.
|
||||
QE regression testing passed. So go with upstream posted
|
||||
series v3 ]
|
||||
---
|
||||
OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++
|
||||
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++----
|
||||
OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++
|
||||
3 files changed, 69 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
index 42a587adfa..0daddac0a0 100644
|
||||
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
@@ -27,6 +27,8 @@
|
||||
#include <Library/TdxHelperLib.h>
|
||||
#include <Library/CcProbeLib.h>
|
||||
#include <Library/PeilessStartupLib.h>
|
||||
+#include <Register/Intel/ArchitecturalMsr.h>
|
||||
+#include <Register/Intel/Cpuid.h>
|
||||
|
||||
#define SEC_IDT_ENTRY_COUNT 34
|
||||
|
||||
@@ -48,6 +50,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = {
|
||||
}
|
||||
};
|
||||
|
||||
+//
|
||||
+// Enable MTRR early, set default type to write back.
|
||||
+// Needed to make sure caching is enabled,
|
||||
+// without this lzma decompress can be very slow.
|
||||
+//
|
||||
+STATIC
|
||||
+VOID
|
||||
+SecMtrrSetup (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ CPUID_VERSION_INFO_EDX Edx;
|
||||
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
|
||||
+
|
||||
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
|
||||
+ if (!Edx.Bits.MTRR) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
|
||||
+ DefType.Bits.Type = 6; /* write back */
|
||||
+ DefType.Bits.E = 1; /* enable */
|
||||
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
|
||||
+}
|
||||
+
|
||||
VOID
|
||||
EFIAPI
|
||||
SecCoreStartupWithStack (
|
||||
@@ -204,6 +231,11 @@ SecCoreStartupWithStack (
|
||||
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
|
||||
DisableApicTimerInterrupt ();
|
||||
|
||||
+ //
|
||||
+ // Initialize MTRR
|
||||
+ //
|
||||
+ SecMtrrSetup ();
|
||||
+
|
||||
PeilessStartup (&SecCoreData);
|
||||
|
||||
ASSERT (FALSE);
|
||||
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
index 662e7e85bb..f8d7f5bf1c 100644
|
||||
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
|
||||
@@ -1035,18 +1035,18 @@ PlatformQemuInitializeRam (
|
||||
MtrrGetAllMtrrs (&MtrrSettings);
|
||||
|
||||
//
|
||||
- // MTRRs disabled, fixed MTRRs disabled, default type is uncached
|
||||
+ // See SecMtrrSetup(), default type should be write back
|
||||
//
|
||||
- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0);
|
||||
+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0);
|
||||
ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0);
|
||||
- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0);
|
||||
+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK);
|
||||
|
||||
//
|
||||
// flip default type to writeback
|
||||
//
|
||||
- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06);
|
||||
+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK);
|
||||
ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables);
|
||||
- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6;
|
||||
+ MtrrSettings.MtrrDefType |= BIT10;
|
||||
MtrrSetAllMtrrs (&MtrrSettings);
|
||||
|
||||
//
|
||||
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
|
||||
index 31da5d0ace..3b7dc7205d 100644
|
||||
--- a/OvmfPkg/Sec/SecMain.c
|
||||
+++ b/OvmfPkg/Sec/SecMain.c
|
||||
@@ -30,6 +30,8 @@
|
||||
#include <Ppi/MpInitLibDep.h>
|
||||
#include <Library/TdxHelperLib.h>
|
||||
#include <Library/CcProbeLib.h>
|
||||
+#include <Register/Intel/ArchitecturalMsr.h>
|
||||
+#include <Register/Intel/Cpuid.h>
|
||||
#include "AmdSev.h"
|
||||
|
||||
#define SEC_IDT_ENTRY_COUNT 34
|
||||
@@ -744,6 +746,31 @@ FindAndReportEntryPoints (
|
||||
return;
|
||||
}
|
||||
|
||||
+//
|
||||
+// Enable MTRR early, set default type to write back.
|
||||
+// Needed to make sure caching is enabled,
|
||||
+// without this lzma decompress can be very slow.
|
||||
+//
|
||||
+STATIC
|
||||
+VOID
|
||||
+SecMtrrSetup (
|
||||
+ VOID
|
||||
+ )
|
||||
+{
|
||||
+ CPUID_VERSION_INFO_EDX Edx;
|
||||
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
|
||||
+
|
||||
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
|
||||
+ if (!Edx.Bits.MTRR) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
|
||||
+ DefType.Bits.Type = 6; /* write back */
|
||||
+ DefType.Bits.E = 1; /* enable */
|
||||
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
|
||||
+}
|
||||
+
|
||||
VOID
|
||||
EFIAPI
|
||||
SecCoreStartupWithStack (
|
||||
@@ -942,6 +969,11 @@ SecCoreStartupWithStack (
|
||||
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
|
||||
DisableApicTimerInterrupt ();
|
||||
|
||||
+ //
|
||||
+ // Initialize MTRR
|
||||
+ //
|
||||
+ SecMtrrSetup ();
|
||||
+
|
||||
//
|
||||
// Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
|
||||
//
|
||||
--
|
||||
2.39.3
|
||||
|
@ -0,0 +1,49 @@
|
||||
From 0e2a3df10d784fd38ceee2f6a733032d1333281f Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 30 Jan 2024 14:04:41 +0100
|
||||
Subject: [PATCH 9/9] OvmfPkg/Sec: use cache type #defines from
|
||||
ArchitecturalMsr.h
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
|
||||
RH-Jira: RHEL-21704
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2)
|
||||
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Message-ID: <20240130130441.772484-5-kraxel@redhat.com>
|
||||
---
|
||||
OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +-
|
||||
OvmfPkg/Sec/SecMain.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
index 0daddac0a0..c00b852f0e 100644
|
||||
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
|
||||
@@ -70,7 +70,7 @@ SecMtrrSetup (
|
||||
}
|
||||
|
||||
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
|
||||
- DefType.Bits.Type = 6; /* write back */
|
||||
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
|
||||
DefType.Bits.E = 1; /* enable */
|
||||
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
|
||||
}
|
||||
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
|
||||
index 3b7dc7205d..aa0fa1b1ec 100644
|
||||
--- a/OvmfPkg/Sec/SecMain.c
|
||||
+++ b/OvmfPkg/Sec/SecMain.c
|
||||
@@ -766,7 +766,7 @@ SecMtrrSetup (
|
||||
}
|
||||
|
||||
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
|
||||
- DefType.Bits.Type = 6; /* write back */
|
||||
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
|
||||
DefType.Bits.E = 1; /* enable */
|
||||
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
|
||||
}
|
||||
--
|
||||
2.39.3
|
||||
|
@ -1,14 +1,15 @@
|
||||
From f2aeff31924f6d070d7f8b87550dc6d9820531ad Mon Sep 17 00:00:00 2001
|
||||
From cfcef96bb3c63342d4fb87cf0cda8e9dcaef9b2b Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 16 Jan 2024 18:11:04 +0100
|
||||
Subject: [PATCH 15/18] OvmfPkg/VirtNorFlashDxe: ValidateFvHeader: unwritten
|
||||
Subject: [PATCH 5/6] OvmfPkg/VirtNorFlashDxe: ValidateFvHeader: unwritten
|
||||
state is EOL too
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
|
||||
RH-Jira: RHEL-17587
|
||||
RH-MergeRequest: 52: OvmfPkg/VirtNorFlashDxe: backport more fixes.
|
||||
RH-Jira: RHEL-20963
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [17/20] 37220c700ea816c815e0612031e10b7d466b71a2
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [5/6] 24a9f2d03eeaf61ea8f0ea5a40f0921994b08688 (kraxel.rh/centos-src-edk2)
|
||||
|
||||
It is possible to find variable entries with State being 0xff, i.e. not
|
||||
updated since flash block erase. This indicates the variable driver
|
||||
@ -27,7 +28,7 @@ Message-Id: <20240116171105.37831-6-kraxel@redhat.com>
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
|
||||
index acc4a413ee..f8e71f88c1 100644
|
||||
index 8fcd999ac6..c8b5e0be13 100644
|
||||
--- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
|
||||
+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
|
||||
@@ -302,6 +302,11 @@ ValidateFvHeader (
|
||||
@ -43,5 +44,5 @@ index acc4a413ee..f8e71f88c1 100644
|
||||
switch (VarHeader->State) {
|
||||
// usage: State = VAR_HEADER_VALID_ONLY
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
@ -1,14 +1,15 @@
|
||||
From 00d9e2d6cb03afeef5a1110d6f1fae1389a06f7a Mon Sep 17 00:00:00 2001
|
||||
From a82176278e664c3955197d1e076188471d88a422 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Tue, 16 Jan 2024 18:11:02 +0100
|
||||
Subject: [PATCH 13/18] OvmfPkg/VirtNorFlashDxe: add a loop for
|
||||
Subject: [PATCH 3/6] OvmfPkg/VirtNorFlashDxe: add a loop for
|
||||
NorFlashWriteBuffer calls.
|
||||
|
||||
RH-Author: Gerd Hoffmann <None>
|
||||
RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
|
||||
RH-Jira: RHEL-17587
|
||||
RH-MergeRequest: 52: OvmfPkg/VirtNorFlashDxe: backport more fixes.
|
||||
RH-Jira: RHEL-20963
|
||||
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
||||
RH-Commit: [15/20] 72004a196ea61d627ab528573db657dd7db16de2
|
||||
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
RH-Commit: [3/6] 993426855451252f1126348e107e386b07314bfd (kraxel.rh/centos-src-edk2)
|
||||
|
||||
Replace the two NorFlashWriteBuffer() calls with a loop containing a
|
||||
single NorFlashWriteBuffer() call.
|
||||
@ -69,5 +70,5 @@ index 88a4d2c23f..3d1343b381 100644
|
||||
|
||||
Exit:
|
||||
--
|
||||
2.41.0
|
||||
2.39.3
|
||||
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user