.edk2.metadata

@@ -1,2 +0,0 @@
-ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
-85388ae6525650667302c6b553894430197d9e0d SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz

.gitignore

@@ -1,2 +1,15 @@
-SOURCES/edk2-bb1bba3d77.tar.xz
-SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
+/openssl-*-hobbled.tar.xz
+/edk2-*.tar.xz
+/qemu-ovmf-secureboot-*.tar.gz
+/edk2-*.tar.gz
+/softfloat-20180726-gitb64af41.tar.xz
+/qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz
+/qemu-ovmf-secureboot-20200228-gitc3e16b3.tar.xz
+/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
+/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
+/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+/openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+/DBXUpdate-20230314.x64.bin
+/DBXUpdate-20230509.x64.bin
+/*.src.rpm
+/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz

0003-Remove-paths-leading-to-submodules.patch

@@ -0,0 +1,65 @@
+From 3ab8a3e323e1bafb82266c0728e60a42d173764f Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Thu, 24 Mar 2022 03:23:02 -0400
+Subject: [PATCH] Remove paths leading to submodules
+
+We removed submodules used upstream. However, edk2 build system requires
+such include paths to resolve successfully, regardless of the firmware
+platform being built.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ BaseTools/Source/C/GNUmakefile | 1 -
+ MdeModulePkg/MdeModulePkg.dec  | 3 ---
+ MdePkg/MdePkg.dec              | 5 -----
+ 3 files changed, 9 deletions(-)
+
+diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
+index 5275f657ef..39d7199753 100644
+--- a/BaseTools/Source/C/GNUmakefile
++++ b/BaseTools/Source/C/GNUmakefile
+@@ -51,7 +51,6 @@ all: makerootdir subdirs
+ LIBRARIES = Common
+ VFRAUTOGEN = VfrCompile/VfrLexer.h
+ APPLICATIONS = \
+-  BrotliCompress \
+   VfrCompile \
+   EfiRom \
+   GenFfs \
+diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
+index a2cd83345f..98b3acb703 100644
+--- a/MdeModulePkg/MdeModulePkg.dec
++++ b/MdeModulePkg/MdeModulePkg.dec
+@@ -26,9 +26,6 @@
+   Include
+   Test/Mock/Include
+ 
+-[Includes.Common.Private]
+-  Library/BrotliCustomDecompressLib/brotli/c/include
+-
+ [LibraryClasses]
+   ##  @libraryclass  Defines a set of methods to reset whole system.
+   ResetSystemLib|Include/Library/ResetSystemLib.h
+diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
+index 0459418906..bb347547f8 100644
+--- a/MdePkg/MdePkg.dec
++++ b/MdePkg/MdePkg.dec
+@@ -29,7 +29,6 @@
+   Include
+   Test/UnitTest/Include
+   Test/Mock/Include
+-  Library/MipiSysTLib/mipisyst/library/include
+ 
+ [Includes.IA32]
+   Include/Ia32
+@@ -295,10 +294,6 @@
+   #
+   FdtLib|Include/Library/FdtLib.h
+ 
+-  ##  @libraryclass  Provides general mipi sys-T services.
+-  #
+-  MipiSysTLib|Include/Library/MipiSysTLib.h
+-
+   ##  @libraryclass  Provides API to output Trace Hub debug message.
+   #
+   TraceHubDebugSysTLib|Include/Library/TraceHubDebugSysTLib.h

0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch

@@ -1,8 +1,20 @@
-From fbfd113142f594c4f257b5a044a6e17ef7f66505 Mon Sep 17 00:00:00 2001
+From 1a8cccb3be265d0c423bbb42511b1d9111b076e0 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Tue, 25 Feb 2014 22:40:01 +0100
-Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
- only)
+Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
+ change (RH only)
+
+Notes for rebase to edk2-stable202311:
+
+- Minor context changes due to new PCDs (for USB Networking) being added.
+
+Notes for rebase to edk2-stable202205:
+
+- Minor context changes due to fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask
+
+Notes for rebase to edk2-stable202202:
+
+- Minor context changes due to 1436aea4d MdeModulePkg: Apply uncrustify changes
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -87,84 +99,84 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  3 files changed, 36 insertions(+)
 
 diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 9d69fb86ed..08d59dfb3e 100644
+index 98b3acb703..71a2967646 100644
 --- a/MdeModulePkg/MdeModulePkg.dec
 +++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -2076,6 +2076,10 @@
-   # @Prompt Enable PCIe Resizable BAR Capability support.
-   gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024
+@@ -2164,6 +2164,10 @@
+   # @Prompt The value is use for Usb Network rate limiting supported.
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
  
-+  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
-+  #  mode change.
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
-+
++  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
++  #  mode change.
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
++
  [PcdsPatchableInModule]
    ## Specify memory size with page number for PEI code when
    #  Loading Module at Fixed Address feature is enabled.
 diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-index aae470e956..26156857aa 100644
+index 7809869e7d..3be801039b 100644
 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
 +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
 @@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
  
  **/
  
-+#include <Library/PrintLib.h>
-+
++#include <Library/PrintLib.h>
++
  #include "Terminal.h"
  
  //
-@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[]  = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
- CHAR16 mCursorForwardString[]      = { ESC, '[', '0', '0', 'C', 0 };
- CHAR16 mCursorBackwardString[]     = { ESC, '[', '0', '0', 'D', 0 };
+@@ -80,6 +82,16 @@ CHAR16  mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
+ CHAR16  mCursorForwardString[]     = { ESC, '[', '0', '0', 'C', 0 };
+ CHAR16  mCursorBackwardString[]    = { ESC, '[', '0', '0', 'D', 0 };
  
-+//
-+// Note that this is an ASCII format string, taking two INT32 arguments:
-+// rows, columns.
-+//
-+// A %d (INT32) format specification can expand to at most 11 characters.
-+//
-+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
-+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
-+
-+
++//
++// Note that this is an ASCII format string, taking two INT32 arguments:
++// rows, columns.
++//
++// A %d (INT32) format specification can expand to at most 11 characters.
++//
++CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
++#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
++
++
  //
  // Body of the ConOut functions
  //
-@@ -506,6 +518,24 @@ TerminalConOutSetMode (
+@@ -498,6 +510,24 @@ TerminalConOutSetMode (
      return EFI_DEVICE_ERROR;
    }
  
-+  if (PcdGetBool (PcdResizeXterm)) {
-+    CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
-+
-+    UnicodeSPrintAsciiFormat (
-+      ResizeSequence,
-+      sizeof ResizeSequence,
-+      mResizeTextAreaFormatString,
-+      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
-+      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
-+      );
-+    TerminalDevice->OutputEscChar = TRUE;
-+    Status                        = This->OutputString (This, ResizeSequence);
-+    TerminalDevice->OutputEscChar = FALSE;
-+    if (EFI_ERROR (Status)) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+  }
-+
-   This->Mode->Mode  = (INT32) ModeNumber;
++  if (PcdGetBool (PcdResizeXterm)) {
++    CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
++
++    UnicodeSPrintAsciiFormat (
++      ResizeSequence,
++      sizeof ResizeSequence,
++      mResizeTextAreaFormatString,
++      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
++      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
++      );
++    TerminalDevice->OutputEscChar = TRUE;
++    Status                        = This->OutputString (This, ResizeSequence);
++    TerminalDevice->OutputEscChar = FALSE;
++    if (EFI_ERROR (Status)) {
++      return EFI_DEVICE_ERROR;
++    }
++  }
++
+   This->Mode->Mode = (INT32)ModeNumber;
  
-   Status            = This->ClearScreen (This);
+   Status = This->ClearScreen (This);
 diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-index b2a8aeba85..eff6253465 100644
+index b2a8aeba85..96810f337c 100644
 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
 +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
 @@ -55,6 +55,7 @@
    DebugLib
    PcdLib
    BaseLib
-+  PrintLib
++  PrintLib
  
  [Guids]
    ## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
@@ -172,10 +184,7 @@ index b2a8aeba85..eff6253465 100644
  [Pcd]
    gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType           ## SOMETIMES_CONSUMES
    gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable    ## CONSUMES
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm             ## CONSUMES
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm             ## CONSUMES
  
  # [Event]
  # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
--- 
-2.27.0
-

0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch

@@ -1,7 +1,12 @@
-From 9ea7b3f689bf7d21b869adb829139be7eb91bb33 Mon Sep 17 00:00:00 2001
+From cf04a1c13e796013f0cb06447127cf5cf35eb0a0 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 14 Oct 2015 15:59:06 +0200
-Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
+Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
+ only)
+
+Notes about edk2-stable202205 rebase
+
+- Necessary minor fixes for upstream changes
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -66,87 +71,142 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 (cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f)
 (cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f)
 ---
- OvmfPkg/AmdSev/AmdSevX64.dsc        | 1 +
- OvmfPkg/OvmfPkgIa32.dsc             | 1 +
- OvmfPkg/OvmfPkgIa32X64.dsc          | 1 +
- OvmfPkg/OvmfPkgX64.dsc              | 1 +
- OvmfPkg/PlatformPei/Platform.c      | 1 +
- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
- 6 files changed, 7 insertions(+)
+ OvmfPkg/AmdSev/AmdSevX64.dsc        |  1 +
+ OvmfPkg/CloudHv/CloudHvX64.dsc      |  1 +
+ OvmfPkg/IntelTdx/IntelTdxX64.dsc    |  1 +
+ OvmfPkg/Microvm/MicrovmX64.dsc      |  2 +-
+ OvmfPkg/OvmfPkgIa32.dsc             |  1 +
+ OvmfPkg/OvmfPkgIa32X64.dsc          |  1 +
+ OvmfPkg/OvmfPkgX64.dsc              |  1 +
+ OvmfPkg/PlatformPei/Platform.c      | 13 +++++++++++++
+ OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
+ 9 files changed, 21 insertions(+), 1 deletion(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 5ee5445116..6ea3621225 100644
+index a31a89344a..d6bfc43fe5 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -534,6 +534,7 @@
+@@ -484,6 +484,7 @@
  [PcdsDynamicDefault]
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
+diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
+index b522fa1059..c5fd84027f 100644
+--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
++++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
+@@ -579,6 +579,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+ !if $(SMM_REQUIRE) == FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+index 82e3e41cfc..6d72b80dc9 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+@@ -477,6 +477,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
+diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
+index 063324cd05..53222d80be 100644
+--- a/OvmfPkg/Microvm/MicrovmX64.dsc
++++ b/OvmfPkg/Microvm/MicrovmX64.dsc
+@@ -582,7 +582,7 @@
+   # only set when
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+-
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 6a5be97c05..4cacf0ea94 100644
+index 28379961a7..4f6dfedc2c 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -594,6 +594,7 @@
+@@ -599,6 +599,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 71227d1b70..6225f8e095 100644
+index 5e9eee628a..923e187942 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -600,6 +600,7 @@
+@@ -611,6 +611,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 52f7598cf1..b66fc67563 100644
+index bf4c7906c4..06b38b1715 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -600,6 +600,7 @@
+@@ -629,6 +629,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index df2d9ad015..d0e2c08de9 100644
+index f5dc41c3a8..f244dcd24d 100644
 --- a/OvmfPkg/PlatformPei/Platform.c
 +++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -752,6 +752,7 @@ InitializePlatform (
-     MemTypeInfoInitialization ();
-     MemMapInitialization ();
-     NoexecDxeInitialization ();
-+    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
+@@ -41,6 +41,18 @@
+ 
+ #include "Platform.h"
+ 
++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                   \
++          do {                                                      \
++            BOOLEAN       Setting;                                  \
++            RETURN_STATUS PcdStatus;                                \
++                                                                    \
++            if (!RETURN_ERROR (QemuFwCfgParseBool (                 \
++                              "opt/ovmf/" #TokenName, &Setting))) { \
++              PcdStatus = PcdSetBoolS (TokenName, Setting);         \
++              ASSERT_RETURN_ERROR (PcdStatus);                      \
++            }                                                       \
++          } while (0)
++
+ EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
+   {
+     EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+@@ -355,6 +367,7 @@ InitializePlatform (
+     MemTypeInfoInitialization (PlatformInfoHob);
+     MemMapInitialization (PlatformInfoHob);
+     NoexecDxeInitialization (PlatformInfoHob);
++    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
    }
  
    InstallClearCacheCallback ();
 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 67eb7aa716..7d26b43680 100644
+index ad52be3065..d7d688284b 100644
 --- a/OvmfPkg/PlatformPei/PlatformPei.inf
 +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -93,6 +93,8 @@
+@@ -100,6 +100,7 @@
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
    gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
--- 
-2.27.0
-

0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch

@@ -1,7 +1,8 @@
-From b846a65eeb926a483cff3e35242097eb6d21ceab Mon Sep 17 00:00:00 2001
+From 65e47dac7f0c2cc4d5fa2513f4a217a060c9da3c Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Sun, 26 Jul 2015 08:02:50 +0000
-Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
+Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
+ (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -90,127 +91,111 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  ArmVirtPkg/ArmVirtQemu.dsc                    |  7 +++-
  .../TerminalPcdProducerLib.c                  | 34 +++++++++++++++++++
  .../TerminalPcdProducerLib.inf                | 33 ++++++++++++++++++
- OvmfPkg/PlatformPei/PlatformPei.inf           |  1 -
- 4 files changed, 73 insertions(+), 2 deletions(-)
+ 3 files changed, 73 insertions(+), 1 deletion(-)
  create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
  create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 
 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 891e065311..e0476ede4f 100644
+index e48c75b5e9..181265057e 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -282,6 +282,8 @@
-   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+@@ -309,6 +309,8 @@
+   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
  !endif
  
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
-+
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
++
  [PcdsDynamicHii]
-   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
+   gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
  
-@@ -384,7 +386,10 @@
+@@ -418,7 +420,10 @@
    MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
    MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
    MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
 -  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-+  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
-+    <LibraryClasses>
-+      NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
-+  }
++  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
++    <LibraryClasses>
++      NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
++  }
    MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
  
    MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
 diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
 new file mode 100644
-index 0000000000..bfd3a6a535
+index 0000000000..37f71c5e4c
 --- /dev/null
 +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
 @@ -0,0 +1,34 @@
-+/** @file
-+*  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
-+*
-+*  Copyright (C) 2015-2020, Red Hat, Inc.
-+*  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
-+*
-+*  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#include <Library/DebugLib.h>
-+#include <Library/PcdLib.h>
-+#include <Library/QemuFwCfgSimpleParserLib.h>
-+
-+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                             \
-+          do {                                                                \
-+            BOOLEAN       Setting;                                            \
-+            RETURN_STATUS PcdStatus;                                          \
-+                                                                              \
-+            if (!RETURN_ERROR (QemuFwCfgParseBool (                           \
-+                    "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
-+              PcdStatus = PcdSetBoolS (TokenName, Setting);                   \
-+              ASSERT_RETURN_ERROR (PcdStatus);                                \
-+            }                                                                 \
-+          } while (0)
-+
-+RETURN_STATUS
-+EFIAPI
-+TerminalPcdProducerLibConstructor (
-+  VOID
-+  )
-+{
-+  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
-+  return RETURN_SUCCESS;
-+}
++/** @file
++*  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
++*
++*  Copyright (C) 2015-2020, Red Hat, Inc.
++*  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
++*
++*  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <Library/DebugLib.h>
++#include <Library/PcdLib.h>
++#include <Library/QemuFwCfgSimpleParserLib.h>
++
++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                             \
++          do {                                                                \
++            BOOLEAN       Setting;                                            \
++            RETURN_STATUS PcdStatus;                                          \
++                                                                              \
++            if (!RETURN_ERROR (QemuFwCfgParseBool (                           \
++                    "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
++              PcdStatus = PcdSetBoolS (TokenName, Setting);                   \
++              ASSERT_RETURN_ERROR (PcdStatus);                                \
++            }                                                                 \
++          } while (0)
++
++RETURN_STATUS
++EFIAPI
++TerminalPcdProducerLibConstructor (
++  VOID
++  )
++{
++  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
++  return RETURN_SUCCESS;
++}
 diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 new file mode 100644
-index 0000000000..a51dbd1670
+index 0000000000..c840f6f97a
 --- /dev/null
 +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 @@ -0,0 +1,33 @@
-+## @file
-+#  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
-+#
-+#  Copyright (C) 2015-2020, Red Hat, Inc.
-+#  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
-+#
-+#  SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+
-+[Defines]
-+  INF_VERSION                    = 0x00010005
-+  BASE_NAME                      = TerminalPcdProducerLib
-+  FILE_GUID                      = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
-+  MODULE_TYPE                    = BASE
-+  VERSION_STRING                 = 1.0
-+  LIBRARY_CLASS                  = NULL
-+  CONSTRUCTOR                    = TerminalPcdProducerLibConstructor
-+
-+[Sources]
-+  TerminalPcdProducerLib.c
-+
-+[Packages]
-+  MdeModulePkg/MdeModulePkg.dec
-+  MdePkg/MdePkg.dec
-+  OvmfPkg/OvmfPkg.dec
-+
-+[LibraryClasses]
-+  DebugLib
-+  PcdLib
-+  QemuFwCfgSimpleParserLib
-+
-+[Pcd]
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES
-diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 7d26b43680..69eb3edad3 100644
---- a/OvmfPkg/PlatformPei/PlatformPei.inf
-+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -93,7 +93,6 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
--  gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
-   gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
-   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
-   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
--- 
-2.27.0
-
++## @file
++#  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
++#
++#  Copyright (C) 2015-2020, Red Hat, Inc.
++#  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
++#
++#  SPDX-License-Identifier: BSD-2-Clause-Patent
++##
++
++[Defines]
++  INF_VERSION                    = 0x00010005
++  BASE_NAME                      = TerminalPcdProducerLib
++  FILE_GUID                      = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
++  MODULE_TYPE                    = BASE
++  VERSION_STRING                 = 1.0
++  LIBRARY_CLASS                  = NULL
++  CONSTRUCTOR                    = TerminalPcdProducerLibConstructor
++
++[Sources]
++  TerminalPcdProducerLib.c
++
++[Packages]
++  MdeModulePkg/MdeModulePkg.dec
++  MdePkg/MdePkg.dec
++  OvmfPkg/OvmfPkg.dec
++
++[LibraryClasses]
++  DebugLib
++  PcdLib
++  QemuFwCfgSimpleParserLib
++
++[Pcd]
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES

0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch

@@ -1,7 +1,7 @@
-From 02687f83845b9ae8455655e117f0b7cdaa18ba5c Mon Sep 17 00:00:00 2001
+From cf51a0c4a259a505f58c1cf626864f41cf3f27ef Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:45 +0100
-Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
+Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -65,23 +65,23 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 6ea3621225..366fa79f62 100644
+index d6bfc43fe5..2b4c551773 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -486,7 +486,7 @@
+@@ -429,7 +429,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
 -  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
  
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 4cacf0ea94..2aacf1a5ff 100644
+index 4f6dfedc2c..ae3b446ff2 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -534,7 +534,7 @@
+@@ -535,7 +535,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -91,10 +91,10 @@ index 4cacf0ea94..2aacf1a5ff 100644
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 6225f8e095..2613c83adb 100644
+index 923e187942..4a547f28c0 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -538,7 +538,7 @@
+@@ -542,7 +542,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -104,10 +104,10 @@ index 6225f8e095..2613c83adb 100644
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index b66fc67563..d7d34eeef2 100644
+index 06b38b1715..68bd1f6dcb 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -540,7 +540,7 @@
+@@ -561,7 +561,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -116,6 +116,3 @@ index b66fc67563..d7d34eeef2 100644
  
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
--- 
-2.27.0
-

0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch

@@ -1,9 +1,13 @@
-From a5dd9e06c570b2c003a2b6aea681f0d93bfbfdc4 Mon Sep 17 00:00:00 2001
+From 3ece2f792aec743c42c415809846ea1ac1f0aedf Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:46 +0100
-Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
+Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
  QemuVideoDxe/QemuRamfbDxe (RH)
 
+edk2-stable202402 rebase:
+
+- context changes due to CSM support removal.
+
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
 
@@ -82,41 +86,40 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 32 insertions(+), 8 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 366fa79f62..a289d8a573 100644
+index 2b4c551773..f81a0ac375 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -750,8 +750,14 @@
+@@ -691,8 +691,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
  
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
 -  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
++  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
  
    #
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 2aacf1a5ff..1a5cfa4c6d 100644
+index ae3b446ff2..7e07fbfd46 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -846,9 +846,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -828,8 +828,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
@@ -125,20 +128,19 @@ index 2aacf1a5ff..1a5cfa4c6d 100644
  
    #
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 2613c83adb..11002ffd95 100644
+index 4a547f28c0..f28c71a7a8 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -860,9 +860,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -842,8 +842,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
@@ -147,20 +149,19 @@ index 2613c83adb..11002ffd95 100644
  
    #
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d7d34eeef2..f176aa4061 100644
+index 68bd1f6dcb..680bdb5f4c 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -858,9 +858,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -910,8 +910,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
@@ -168,6 +169,3 @@ index d7d34eeef2..f176aa4061 100644
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
  
    #
--- 
-2.27.0
-

0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch

@@ -1,8 +1,8 @@
-From ccc2c9c85f43662f942bf5c303f4a1a9f964c36d Mon Sep 17 00:00:00 2001
+From 33b60bfb25647368c761ae9d875c481086e147ce Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 27 Jan 2016 03:05:18 +0100
-Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
- only)
+Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
+ QemuRamfbDxe (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -61,37 +61,34 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  2 files changed, 8 insertions(+), 2 deletions(-)
 
 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index ec0edf6e7b..e6fad9f066 100644
+index 181265057e..216b5a09cc 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -509,7 +509,10 @@
+@@ -547,7 +547,10 @@
    #
    # Video support
    #
 -  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
-+  }
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
++  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
    OvmfPkg/PlatformDxe/Platform.inf
  
 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index a8bb83b288..656c9d99a3 100644
+index 668a65ba64..5f07ed4dcc 100644
 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
 +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -438,7 +438,10 @@
+@@ -447,7 +447,10 @@
    #
    # Video support
    #
 -  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
-+  }
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
++  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
    OvmfPkg/PlatformDxe/Platform.inf
  
--- 
-2.27.0
-

0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch

@@ -1,8 +1,8 @@
-From b3147a5ce92a149532ef1ec47cdf14082a56654d Mon Sep 17 00:00:00 2001
+From d4be04b114213cc9b8ee4ce86a91a1c7e2c3928a Mon Sep 17 00:00:00 2001
 From: Philippe Mathieu-Daude <philmd@redhat.com>
 Date: Thu, 1 Aug 2019 20:43:48 +0200
-Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
- builds (RH only)
+Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64
+ silent builds (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -47,49 +47,46 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  2 files changed, 15 insertions(+)
 
 diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
-index 0d49d8bbab..dbf9bcbe16 100644
+index 5a1044f0dc..83c6d26c74 100644
 --- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
 +++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
 @@ -13,6 +13,7 @@
  #include <Library/BaseLib.h>
  #include <Library/BaseMemoryLib.h>
  #include <Library/DebugLib.h>
-+#include <Library/DebugPrintErrorLevelLib.h>
++#include <Library/DebugPrintErrorLevelLib.h>
  #include <Library/DevicePathLib.h>
  #include <Library/FrameBufferBltLib.h>
  #include <Library/MemoryAllocationLib.h>
-@@ -242,6 +243,19 @@ InitializeQemuRamfb (
+@@ -259,6 +260,19 @@ InitializeQemuRamfb (
  
    Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
    if (EFI_ERROR (Status)) {
-+#if defined (MDE_CPU_AARCH64)
-+    //
-+    // RHBZ#1714446
-+    // If no ramfb device was configured, this platform DXE driver should
-+    // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
-+    // using a silent build, an error message is issued to the guest console.
-+    // Since this confuse users, return success and stay resident. The wasted
-+    // guest RAM still gets freed later after ExitBootServices().
-+    //
-+    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
-+      return EFI_SUCCESS;
-+    }
-+#endif
++#if defined (MDE_CPU_AARCH64)
++    //
++    // RHBZ#1714446
++    // If no ramfb device was configured, this platform DXE driver should
++    // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
++    // using a silent build, an error message is issued to the guest console.
++    // Since this confuse users, return success and stay resident. The wasted
++    // guest RAM still gets freed later after ExitBootServices().
++    //
++    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
++      return EFI_SUCCESS;
++    }
++#endif
      return EFI_NOT_FOUND;
    }
-   if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
+ 
 diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-index e3890b8c20..6ffee5acb2 100644
+index e3890b8c20..f79a4bc987 100644
 --- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 @@ -29,6 +29,7 @@
    BaseLib
    BaseMemoryLib
    DebugLib
-+  DebugPrintErrorLevelLib
++  DebugPrintErrorLevelLib
    DevicePathLib
    FrameBufferBltLib
    MemoryAllocationLib
--- 
-2.27.0
-

0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch

@@ -1,8 +1,8 @@
-From a663867a4a99b97d0e1c5fdfed0389312fecd767 Mon Sep 17 00:00:00 2001
+From e76b481430fc3ef2398cdbe4d21ce002050aa12b Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:47 +0100
-Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
- only)
+Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
+ (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -63,27 +63,27 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 16 insertions(+), 4 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index a289d8a573..ccdf9b8ce0 100644
+index f81a0ac375..bdb786d10d 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -744,7 +744,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -686,7 +686,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
-+  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
++  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
    MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 1a5cfa4c6d..a0666930d6 100644
+index 7e07fbfd46..8a8c7a0b37 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -839,7 +839,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -823,7 +823,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -95,11 +95,11 @@ index 1a5cfa4c6d..a0666930d6 100644
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 11002ffd95..5efeb42bf3 100644
+index f28c71a7a8..4bde14a05a 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -853,7 +853,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -837,7 +837,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -111,11 +111,11 @@ index 11002ffd95..5efeb42bf3 100644
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index f176aa4061..10fb7d7069 100644
+index 680bdb5f4c..a43352ede4 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -851,7 +851,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -905,7 +905,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -126,6 +126,3 @@ index f176aa4061..10fb7d7069 100644
    MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
--- 
-2.27.0
-

0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch

@@ -1,8 +1,8 @@
-From d9416e3015cadb3214d5ca409e57fd2352ae1961 Mon Sep 17 00:00:00 2001
+From 47ad6974185793994d69620d989f6d695f513c9c Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:31:36 +0200
-Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in
- silent aa64 build (RH)
+Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
+ in silent aa64 build (RH)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -32,52 +32,49 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
  2 files changed, 18 insertions(+)
 
 diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
-index 6832d563bc..08ed67f5ff 100644
+index 3c12085f6c..e192809198 100644
 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
 +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
 @@ -19,6 +19,7 @@
  #include <Library/BaseMemoryLib.h>
  #include <Library/BlobVerifierLib.h>
  #include <Library/DebugLib.h>
-+#include <Library/DebugPrintErrorLevelLib.h>
++#include <Library/DebugPrintErrorLevelLib.h>
  #include <Library/DevicePathLib.h>
  #include <Library/MemoryAllocationLib.h>
  #include <Library/QemuFwCfgLib.h>
-@@ -1054,6 +1055,22 @@ QemuKernelLoaderFsDxeEntrypoint (
+@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint (
  
    if (KernelBlob->Data == NULL) {
      Status = EFI_NOT_FOUND;
-+#if defined (MDE_CPU_AARCH64)
-+    //
-+    // RHBZ#1844682
-+    //
-+    // If the "-kernel" QEMU option is not being used, this platform DXE driver
-+    // should return EFI_NOT_FOUND, so that the DXE Core can unload it.
-+    // However, the associated error message, logged by the DXE Core to the
-+    // serial console, is not desired in the silent edk2-aarch64 build, given
-+    // that the absence of "-kernel" is nothing out of the ordinary. Therefore,
-+    // return success and stay resident. The wasted guest RAM still gets freed
-+    // after ExitBootServices().
-+    //
-+    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
-+      Status = EFI_SUCCESS;
-+    }
-+#endif
++#if defined (MDE_CPU_AARCH64)
++    //
++    // RHBZ#1844682
++    //
++    // If the "-kernel" QEMU option is not being used, this platform DXE driver
++    // should return EFI_NOT_FOUND, so that the DXE Core can unload it.
++    // However, the associated error message, logged by the DXE Core to the
++    // serial console, is not desired in the silent edk2-aarch64 build, given
++    // that the absence of "-kernel" is nothing out of the ordinary. Therefore,
++    // return success and stay resident. The wasted guest RAM still gets freed
++    // after ExitBootServices().
++    //
++    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
++      Status = EFI_SUCCESS;
++    }
++#endif
      goto FreeBlobs;
    }
  
 diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
-index 7b35adb8e0..e0331c6e2c 100644
+index 7b35adb8e0..23d9f5fca1 100644
 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
 +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
 @@ -28,6 +28,7 @@
    BaseLib
    BaseMemoryLib
    DebugLib
-+  DebugPrintErrorLevelLib
++  DebugPrintErrorLevelLib
    DevicePathLib
    MemoryAllocationLib
    QemuFwCfgLib
--- 
-2.27.0
-

0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch

@@ -1,8 +1,8 @@
-From fd19e4e33d52e843e6e35adde2c1e266497e8a7b Mon Sep 17 00:00:00 2001
+From 26a8f215a1cee1b876105127ad22c68a7c07c6a8 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:40:09 +0200
-Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build
- (RH)
+Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
+ aa64 build (RH)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -31,52 +31,49 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
  2 files changed, 18 insertions(+)
 
 diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
-index 6d17616c1c..f1a97d4b2d 100644
+index f6ea8b2bbf..1fd5e187fb 100644
 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
 +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
 @@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
  #include <Protocol/ResetNotification.h>
  
  #include <Library/DebugLib.h>
-+#include <Library/DebugPrintErrorLevelLib.h>
++#include <Library/DebugPrintErrorLevelLib.h>
  #include <Library/BaseMemoryLib.h>
  #include <Library/UefiRuntimeServicesTableLib.h>
  #include <Library/UefiDriverEntryPoint.h>
-@@ -2642,6 +2643,22 @@ DriverEntry (
-   if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
-       CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
+@@ -2691,6 +2692,22 @@ DriverEntry (
+       CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
+   {
      DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
-+#if defined (MDE_CPU_AARCH64)
-+    //
-+    // RHBZ#1844682
-+    //
-+    // If swtpm / vTPM2 is not being used, this driver should return
-+    // EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the
-+    // associated error message, logged by the DXE Core to the serial console,
-+    // is not desired in the silent edk2-aarch64 build, given that the absence
-+    // of swtpm / vTPM2 is nothing out of the ordinary. Therefore, return
-+    // success and stay resident. The wasted guest RAM still gets freed after
-+    // ExitBootServices().
-+    //
-+    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
-+      return EFI_SUCCESS;
-+    }
-+#endif
++#if defined (MDE_CPU_AARCH64)
++    //
++    // RHBZ#1844682
++    //
++    // If swtpm / vTPM2 is not being used, this driver should return
++    // EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the
++    // associated error message, logged by the DXE Core to the serial console,
++    // is not desired in the silent edk2-aarch64 build, given that the absence
++    // of swtpm / vTPM2 is nothing out of the ordinary. Therefore, return
++    // success and stay resident. The wasted guest RAM still gets freed after
++    // ExitBootServices().
++    //
++    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
++      return EFI_SUCCESS;
++    }
++#endif
      return EFI_UNSUPPORTED;
    }
  
 diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-index 7dc7a2683d..3bc8833931 100644
+index 7dc7a2683d..ae90070b36 100644
 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
 +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
 @@ -55,6 +55,7 @@
    UefiRuntimeServicesTableLib
    BaseMemoryLib
    DebugLib
-+  DebugPrintErrorLevelLib
++  DebugPrintErrorLevelLib
    Tpm2CommandLib
    PrintLib
    UefiLib
--- 
-2.27.0
-

0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch

@@ -0,0 +1,126 @@
+From 14feac56ff842b1a9940f370ebc624846841faec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:28:49 +0200
+Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [2/19] 6777c3dc453e4aecddc20216f783ba2a5acccaa0
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove EFI Byte Code interpreter.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index bdb786d10d..e565430e6c 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -611,7 +611,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 9dd4095967..78b4e1d528 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -206,7 +206,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 8a8c7a0b37..ee8da63252 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -746,7 +746,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 501b4de469..5e0bc9d2c5 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -216,7 +216,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 4bde14a05a..1c7b55a430 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -760,7 +760,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 74cfb58f06..ed33c906f3 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -217,7 +217,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index a43352ede4..9807c0a6b4 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -805,7 +805,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ 
+   UefiCpuPkg/CpuDxe/CpuDxe.inf {
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index f47ab1727e..feb3228ae2 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -239,7 +239,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ 
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf

0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch

@@ -0,0 +1,126 @@
+From 94f1e0809390547cbfb0ed0e650a773c24b553ed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:28:59 +0200
+Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [4/19] f0a41317291f2e9e3b5bd3125149c3866f23ab08
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+QemuVideoDxe binds virtio-vga, so VirtioGpu is not needed.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index e565430e6c..c000cc8de8 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -701,7 +701,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+   # ISA Support
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 78b4e1d528..d6f785c205 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -300,7 +300,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ 
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index ee8da63252..254d9f13f3 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -838,7 +838,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+   # ISA Support
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 5e0bc9d2c5..dec1258714 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -321,7 +321,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 1c7b55a430..a3a753bd8b 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -852,7 +852,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+   # ISA Support
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index ed33c906f3..00bd49c89d 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -327,7 +327,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 9807c0a6b4..17cc17cbde 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -920,7 +920,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+   # ISA Support
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index feb3228ae2..bee30d8b4f 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -354,7 +354,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf

0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch

@@ -0,0 +1,100 @@
+From 0a61aba4d91c63ca263f628093331f6178728ad1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:13 +0200
+Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [9/19] b40d8a6b9c38568a74fb922b12bbae9f0e721f95
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the virtio-fs driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf    | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
+ OvmfPkg/OvmfPkgX64.dsc     | 1 -
+ OvmfPkg/OvmfPkgX64.fdf     | 1 -
+ 6 files changed, 6 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 254d9f13f3..ca07b40857 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -816,7 +816,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index dec1258714..55d0f1ae5f 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -290,7 +290,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index a3a753bd8b..a5322783e5 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -830,7 +830,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 00bd49c89d..fba268521b 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -291,7 +291,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 17cc17cbde..190431b6fa 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -898,7 +898,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index bee30d8b4f..cea0e87cbf 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -316,7 +316,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf

0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch

@@ -0,0 +1,61 @@
+From 068776b4d85587427fbceebf0e79938eea33f68e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:16 +0200
+Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [10/19] 808ad4385c24fbf34fb0ba359808e6d364e1d030
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the virtio-fs driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           | 1 -
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     | 1 -
+ 3 files changed, 3 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 216b5a09cc..1e6c76795b 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -465,7 +465,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Bds
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index c5d097ffb9..a814653dc4 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -84,7 +84,6 @@ READ_LOCK_STATUS   = TRUE
+   INF FatPkg/EnhancedFatDxe/Fat.inf
+   INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Status Code Routing
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index 5f07ed4dcc..e48bdf8deb 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -365,7 +365,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Bds

0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch

@@ -0,0 +1,126 @@
+From 6264a265fc50961c8d44a4c04b9c9e5ad07cc86c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:19 +0200
+Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [11/19] 21614de37221fca27d4eec0f03c5c8bce5911af3
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the UDF driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index c000cc8de8..75bec7859e 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -679,7 +679,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index d6f785c205..5d0cba1e13 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -274,7 +274,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index ca07b40857..62907e9458 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -815,7 +815,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 55d0f1ae5f..6c324943e4 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -289,7 +289,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index a5322783e5..28cf5ace70 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -829,7 +829,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index fba268521b..a890d4a3e3 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -290,7 +290,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 190431b6fa..ca0c007181 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -897,7 +897,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index cea0e87cbf..48da04eb9c 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -315,7 +315,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf

0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch

@@ -0,0 +1,61 @@
+From 2ddf7702dee6a1a0edab8154b085c36f8d84376f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:22 +0200
+Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [12/19] fcadb6a747b65e4d449d48131c9a2eeed4bd3c9a
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the UDF driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           | 1 -
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     | 1 -
+ 3 files changed, 3 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 1e6c76795b..9216faca8d 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -464,7 +464,6 @@
+   MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Bds
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index a814653dc4..a411a8f68d 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -83,7 +83,6 @@ READ_LOCK_STATUS   = TRUE
+   INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   INF FatPkg/EnhancedFatDxe/Fat.inf
+   INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+-  INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Status Code Routing
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index e48bdf8deb..66ad4b6948 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -364,7 +364,6 @@
+   MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Bds

0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch

@@ -0,0 +1,109 @@
+From 90b02d61d206926d6b2687a4a94f600039ae2e7c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:25 +0200
+Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [13/19] cf9ef346386ac89fa05b29d429d8d1b27cf0e3b0
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via TFTP.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 4 ----
+ OvmfPkg/OvmfPkgIa32.fdf    | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
+ OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
+ OvmfPkg/OvmfPkgX64.dsc     | 4 ----
+ OvmfPkg/OvmfPkgX64.fdf     | 1 -
+ 6 files changed, 15 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 62907e9458..c2fe2e6042 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -881,10 +881,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 6c324943e4..32a42c926b 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -291,7 +291,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 28cf5ace70..5d74007599 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -895,10 +895,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index a890d4a3e3..733f60ce7c 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -292,7 +292,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index ca0c007181..f27932b38d 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -963,10 +963,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 48da04eb9c..f562b5312b 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -317,7 +317,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif

0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch

@@ -0,0 +1,54 @@
+From f7abc9b87c6034ada69ed16fc644c578cea5af19 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:28 +0200
+Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via TFTP.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 7 +++----
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 2bc6a29eb1..33f122f913 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -388,10 +388,9 @@
+   #
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+ 
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
++  #
++  # UEFI application (Shell Embedded Boot Loader)
++  #
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index a411a8f68d..4b00524fde 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -99,7 +99,6 @@ READ_LOCK_STATUS   = TRUE
+   INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+-  INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+   INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch

@@ -0,0 +1,113 @@
+From ab3da1407691781fb148e53d4b02e996a5dbca2f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:31 +0200
+Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [15/19] 1911cf04f27467ef1175b1976864c1111d93d19e
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via HTTP(S).
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 4 ----
+ OvmfPkg/OvmfPkgIa32.fdf    | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc | 4 ----
+ OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
+ OvmfPkg/OvmfPkgX64.dsc     | 4 ----
+ OvmfPkg/OvmfPkgX64.fdf     | 1 -
+ 6 files changed, 15 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index c2fe2e6042..44139c648c 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -881,10 +881,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 32a42c926b..56520eaf99 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -291,7 +291,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 5d74007599..e2f13499cc 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -895,10 +895,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 733f60ce7c..f04620418b 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -292,7 +292,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index f27932b38d..f1dc48c3be 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -963,10 +963,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index f562b5312b..61a3c63166 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -317,7 +317,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE

0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch

@@ -0,0 +1,55 @@
+From 54c22fb545c567b4f99c81170ba8a4fc111e7646 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:34 +0200
+Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via HTTP(S).
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 4 ----
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ 2 files changed, 5 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 33f122f913..2b9315f8b3 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -391,10 +391,6 @@
+   #
+   # UEFI application (Shell Embedded Boot Loader)
+   #
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 4b00524fde..aa3acdeae6 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -99,7 +99,6 @@ READ_LOCK_STATUS   = TRUE
+   INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+-  INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+   INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ 

0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch

@@ -0,0 +1,147 @@
+From 1025e8342c42c49d9b3bbffd6a923b4cb89ec76a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:39 +0200
+Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [17/19] 491fe1301ea29c7cb56c20272e45614d5fcb6f14
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to register a file in the shell as the
+initial ramdisk for a UEFI stubbed kernel, to be booted next.
+
+Note: as further dynamic shell commands might show up upstream,
+we intentionally preserve the empty !ifdef'ry context to ease
+future downstream rebases.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 4 ----
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 4 ----
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 4 ----
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 4 ----
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 20 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 75bec7859e..753957bcc4 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -737,10 +737,6 @@
+   MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+ !endif
+   OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
+   OvmfPkg/AmdSev/Grub/Grub.inf
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 5d0cba1e13..9b65ebac56 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -276,7 +276,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5" && $(BUILD_SHELL) == TRUE
+-INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
+ INF  OvmfPkg/AmdSev/Grub/Grub.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 44139c648c..2825acec3e 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -885,10 +885,6 @@
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+   ShellPkg/Application/Shell/Shell.inf {
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 56520eaf99..de73cabb6e 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -291,7 +291,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+ INF  ShellPkg/Application/Shell/Shell.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index e2f13499cc..f1af88a9b5 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -899,10 +899,6 @@
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+   ShellPkg/Application/Shell/Shell.inf {
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index f04620418b..241019cb28 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -292,7 +292,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+ INF  ShellPkg/Application/Shell/Shell.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index f1dc48c3be..908895354b 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -967,10 +967,6 @@
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+   ShellPkg/Application/Shell/Shell.inf {
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 61a3c63166..c1e7240076 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -317,7 +317,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ 
+ !if $(BUILD_SHELL) == TRUE && $(TOOL_CHAIN_TAG) != "XCODE5"
+-INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ !if $(BUILD_SHELL) == TRUE
+ INF  ShellPkg/Application/Shell/Shell.inf

0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch

@@ -0,0 +1,66 @@
+From 1e792bb790474a68c6e63a6e0faa88f8e2647ae3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:46 +0200
+Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to register a file in the shell as the initial
+ramdisk for a UEFI stubbed kernel, to be booted next.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 10 +++-------
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |  1 -
+ 2 files changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 2b9315f8b3..5d40a3c3c7 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -388,17 +388,13 @@
+   #
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+ 
+-  #
+-  # UEFI application (Shell Embedded Boot Loader)
+-  #
++  #
++  # UEFI application (Shell Embedded Boot Loader)
++  #
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/Application/Shell/Shell.inf {
+     <LibraryClasses>
+       ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index aa3acdeae6..49bd633850 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -100,7 +100,6 @@ READ_LOCK_STATUS   = TRUE
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+-  INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ 
+   #
+   # Bds

0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch

@@ -1,28 +1,31 @@
-From c32f4994552ea5835cf00ce06f2f7d88c71249e5 Mon Sep 17 00:00:00 2001
+From d1572c35f13fd69f48c7c5adeb22eff09d3a1189 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Tue, 28 Feb 2023 15:47:00 +0100
 Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
 
-RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
-RH-MergeRequest: 29: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
-RH-Bugzilla: 2150267
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
-RH-Commit: [1/1] e7e332ac0e6edf207b1b9692f2e1aed4a1fe7c0c
+RH-Author: Gerd Hoffmann <kraxel@redhat.com>
+RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
+RH-Bugzilla: 2124143
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2)
 
 In case the number of CPUs can in increase beyond 255
 due to CPU hotplug choose x2apic mode.
 
 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+
+patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
+present_in_specfile: true
+location_in_specfile: 38
 ---
  UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++-
  1 file changed, 7 insertions(+), 1 deletion(-)
 
 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
-index b9a06747ed..177d15ab5b 100644
+index cdfb570e61..7bc93dfa13 100644
 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
 +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
-@@ -495,7 +495,9 @@ CollectProcessorCount (
+@@ -533,7 +533,9 @@ CollectProcessorCount (
    //
    // Enable x2APIC mode if
    //  1. Number of CPU is greater than 255; or
@@ -33,7 +36,7 @@ index b9a06747ed..177d15ab5b 100644
    //
    X2Apic = FALSE;
    if (CpuMpData->CpuCount > 255) {
-@@ -503,6 +505,10 @@ CollectProcessorCount (
+@@ -541,6 +543,10 @@ CollectProcessorCount (
      // If there are more than 255 processor found, force to enable X2APIC
      //
      X2Apic = TRUE;
@@ -42,8 +45,5 @@ index b9a06747ed..177d15ab5b 100644
 +  {
 +    X2Apic = TRUE;
    } else {
-     CpuInfoInHob = (CPU_INFO_IN_HOB *) (UINTN) CpuMpData->CpuInfoInHob;
+     CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
      for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
--- 
-2.37.3
-

0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch

@@ -0,0 +1,121 @@
+From 89a0a96bcfe49ca87087850d0b070e351850f6e8 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Wed, 16 Aug 2023 12:09:40 +0200
+Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+RH-Bugzilla: 2218196
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2)
+
+Add a callback at the end of the Dxe phase that sets the
+"FB_NO_REBOOT" variable under the Shim GUID.
+This is a workaround for a boot loop in case a confidential
+guest that uses shim is booted with a vtpm device present.
+
+BZ 2218196
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
+present_in_specfile: true
+location_in_specfile: 44
+---
+ OvmfPkg/AmdSevDxe/AmdSevDxe.c   | 42 +++++++++++++++++++++++++++++++++
+ OvmfPkg/AmdSevDxe/AmdSevDxe.inf |  2 ++
+ 2 files changed, 44 insertions(+)
+
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+index db3675ae86..f639c093a2 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+@@ -19,6 +19,7 @@
+ #include <Library/MemoryAllocationLib.h>
+ #include <Library/UefiBootServicesTableLib.h>
+ #include <Guid/ConfidentialComputingSevSnpBlob.h>
++#include <Guid/GlobalVariable.h>
+ #include <Library/PcdLib.h>
+ #include <Pi/PrePiDxeCis.h>
+ #include <Protocol/SevMemoryAcceptance.h>
+@@ -28,6 +29,10 @@
+ // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
+ #define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL
+ 
++static EFI_GUID  ShimLockGuid = {
++  0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 }
++};
++
+ STATIC
+ EFI_STATUS
+ AllocateConfidentialComputingBlob (
+@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol = {
+   AmdSevMemoryAccept
+ };
+ 
++VOID
++EFIAPI
++PopulateVarstore (
++  EFI_EVENT  Event,
++  VOID       *Context
++  )
++{
++  EFI_SYSTEM_TABLE  *SystemTable = (EFI_SYSTEM_TABLE *)Context;
++  EFI_STATUS        Status;
++
++  DEBUG ((DEBUG_INFO, "Populating Varstore\n"));
++  UINT32  data = 1;
++
++  Status = SystemTable->RuntimeServices->SetVariable (
++                                           L"FB_NO_REBOOT",
++                                           &ShimLockGuid,
++                                           EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++                                           sizeof (data),
++                                           &data
++                                           );
++  ASSERT_EFI_ERROR (Status);
++
++  Status = SystemTable->BootServices->CloseEvent (Event);
++  ASSERT_EFI_ERROR (Status);
++}
++
+ EFI_STATUS
+ EFIAPI
+ AmdSevDxeEntryPoint (
+@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint (
+   UINTN                                     NumEntries;
+   UINTN                                     Index;
+   CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;
++  EFI_EVENT                                 PopulateVarstoreEvent;
+ 
+   //
+   // Do nothing when SEV is not enabled
+@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
+                   );
+   }
+ 
++  Status = gBS->CreateEventEx (
++                  EVT_NOTIFY_SIGNAL,
++                  TPL_CALLBACK,
++                  PopulateVarstore,
++                  SystemTable,
++                  &gEfiEndOfDxeEventGroupGuid,
++                  &PopulateVarstoreEvent
++                  );
++  ASSERT_EFI_ERROR (Status);
++
+   return EFI_SUCCESS;
+ }
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+index e7c7d526c9..09cbd2b0ca 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+@@ -54,6 +54,8 @@
+ [Guids]
+   gConfidentialComputingSevSnpBlobGuid
+   gEfiEventBeforeExitBootServicesGuid
++  gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
++
+ 
+ [Pcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId

0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch

@@ -0,0 +1,28 @@
+From 1b7a4cb54f50883fee087fd85b7c9b86b5296fea Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:11:02 +0200
+Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.
+
+Needed by rhel downstream openssl patches.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ CryptoPkg/Library/Include/sys/stat.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+ create mode 100644 CryptoPkg/Library/Include/sys/stat.h
+
+diff --git a/CryptoPkg/Library/Include/sys/stat.h b/CryptoPkg/Library/Include/sys/stat.h
+new file mode 100644
+index 0000000000..22247bb2db
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/stat.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building the third-party cryptographic library.
++
++Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
++SPDX-License-Identifier: BSD-2-Clause-Patent
++
++**/
++
++#include <CrtLibSupport.h>

0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch

@@ -0,0 +1,139 @@
+From e47e4f4efb118cf38f76c7abc8f1cb537e1f79e5 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:27:09 +0200
+Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
+
+Needed by rhel downstream openssl patches, they use unix syscalls
+for file access (instead of fopen + friends like the rest of the
+code base).  No actual file access is needed for edk2, so just
+add stubs to make linking work.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 46 +++++++++++++++++++
+ CryptoPkg/Library/Include/CrtLibSupport.h     | 41 +++++++++++++++++
+ 2 files changed, 87 insertions(+)
+
+diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+index 37cdecc9bd..dfdb635536 100644
+--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+@@ -550,6 +550,52 @@ fread (
+   return 0;
+ }
+ 
++int
++access(
++  const char*,
++  int
++  )
++{
++  return -1;
++}
++
++int
++open (
++  const char *,
++  int
++  )
++{
++  return -1;
++}
++
++ssize_t
++read (
++  int,
++  void*,
++  size_t
++  )
++{
++  return -1;
++}
++
++ssize_t
++write (
++  int,
++  const void*,
++  size_t
++  )
++{
++  return -1;
++}
++
++int
++close (
++  int
++  )
++{
++  return -1;
++}
++
+ uid_t
+ getuid (
+   void
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index f36fe08f0c..7d98496af8 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
++++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ //
+ // Definitions for global constants used by CRT library routines
+ //
++#define EINTR         4
+ #define EINVAL        22              /* Invalid argument */
+ #define EAFNOSUPPORT  47              /* Address family not supported by protocol family */
+ #define INT_MAX       0x7FFFFFFF      /* Maximum (signed) int value */
+@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ #define NS_INADDRSZ   4   /*%< IPv4 T_A */
+ #define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
+ 
++#define O_RDONLY        00000000
++#define O_WRONLY        00000001
++#define O_RDWR          00000002
++
++#define R_OK  4
++#define W_OK  2
++#define X_OK  1
++#define F_OK  0
++
+ //
+ // Basic types mapping
+ //
+@@ -324,6 +334,37 @@ fprintf     (
+   ...
+   );
+ 
++int
++access(
++  const char*,
++  int
++  );
++
++int
++open (
++  const char *,
++  int
++  );
++
++ssize_t
++read (
++  int,
++  void*,
++  size_t
++  );
++
++ssize_t
++write (
++  int,
++  const void*,
++  size_t
++  );
++
++int
++close (
++  int
++  );
++
+ time_t
+ time        (
+   time_t *

0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch

@@ -0,0 +1,194 @@
+From 9388cc72866fc379d94cf3dc029292f4246bfe39 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 30 Jan 2024 14:04:38 +0100
+Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process.
+
+RH-Author: Gerd Hoffmann <None>
+RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
+RH-Jira: RHEL-21704
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2)
+
+Specifically before running lzma uncompress of the main firmware volume.
+This is needed to make sure caching is enabled, otherwise the uncompress
+can be extremely slow.
+
+Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
+
+Background:  Depending on virtual machine configuration kvm may uses EPT
+memory types to apply guest MTRR settings.  In case MTRRs are disabled
+kvm will use the uncachable memory type for all mappings.  The
+vmx_get_mt_mask() function in the linux kernel handles this and can be
+found here:
+
+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
+
+In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally.  In
+case the VM has a mdev device assigned that is not the case though.
+
+Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
+should not be set by default in CR0") kvm also ended up using
+MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED.  After that commit
+kvm evaluates guest mtrr settings, which why setting up MTRRs early is
+important now.
+
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-ID: <20240130130441.772484-2-kraxel@redhat.com>
+
+[ kraxel: Downstream-only for now.  Timely upstream merge is unlikely
+          due to chinese holidays and rhel-9.4 deadlines are close.
+          QE regression testing passed.  So go with upstream posted
+          series v3 ]
+
+patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
+present_in_specfile: true
+location_in_specfile: 49
+---
+ OvmfPkg/IntelTdx/Sec/SecMain.c              | 32 +++++++++++++++++++++
+ OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++----
+ OvmfPkg/Sec/SecMain.c                       | 32 +++++++++++++++++++++
+ 3 files changed, 69 insertions(+), 5 deletions(-)
+
+diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
+index 42a587adfa..0daddac0a0 100644
+--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
++++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
+@@ -27,6 +27,8 @@
+ #include <Library/TdxHelperLib.h>
+ #include <Library/CcProbeLib.h>
+ #include <Library/PeilessStartupLib.h>
++#include <Register/Intel/ArchitecturalMsr.h>
++#include <Register/Intel/Cpuid.h>
+ 
+ #define SEC_IDT_ENTRY_COUNT  34
+ 
+@@ -48,6 +50,31 @@ IA32_IDT_GATE_DESCRIPTOR  mIdtEntryTemplate = {
+   }
+ };
+ 
++//
++// Enable MTRR early, set default type to write back.
++// Needed to make sure caching is enabled,
++// without this lzma decompress can be very slow.
++//
++STATIC
++VOID
++SecMtrrSetup (
++  VOID
++  )
++{
++  CPUID_VERSION_INFO_EDX           Edx;
++  MSR_IA32_MTRR_DEF_TYPE_REGISTER  DefType;
++
++  AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
++  if (!Edx.Bits.MTRR) {
++    return;
++  }
++
++  DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
++  DefType.Bits.Type = 6; /* write back */
++  DefType.Bits.E    = 1; /* enable */
++  AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
++}
++
+ VOID
+ EFIAPI
+ SecCoreStartupWithStack (
+@@ -204,6 +231,11 @@ SecCoreStartupWithStack (
+   InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
+   DisableApicTimerInterrupt ();
+ 
++  //
++  // Initialize MTRR
++  //
++  SecMtrrSetup ();
++
+   PeilessStartup (&SecCoreData);
+ 
+   ASSERT (FALSE);
+diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+index f042517bb6..313f5e1f7f 100644
+--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
++++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+@@ -1082,18 +1082,18 @@ PlatformQemuInitializeRam (
+     MtrrGetAllMtrrs (&MtrrSettings);
+ 
+     //
+-    // MTRRs disabled, fixed MTRRs disabled, default type is uncached
++    // See SecMtrrSetup(), default type should be write back
+     //
+-    ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0);
++    ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0);
+     ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0);
+-    ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0);
++    ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK);
+ 
+     //
+     // flip default type to writeback
+     //
+-    SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06);
++    SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK);
+     ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables);
+-    MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6;
++    MtrrSettings.MtrrDefType |= BIT10;
+     MtrrSetAllMtrrs (&MtrrSettings);
+ 
+     //
+diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
+index 31da5d0ace..3b7dc7205d 100644
+--- a/OvmfPkg/Sec/SecMain.c
++++ b/OvmfPkg/Sec/SecMain.c
+@@ -30,6 +30,8 @@
+ #include <Ppi/MpInitLibDep.h>
+ #include <Library/TdxHelperLib.h>
+ #include <Library/CcProbeLib.h>
++#include <Register/Intel/ArchitecturalMsr.h>
++#include <Register/Intel/Cpuid.h>
+ #include "AmdSev.h"
+ 
+ #define SEC_IDT_ENTRY_COUNT  34
+@@ -744,6 +746,31 @@ FindAndReportEntryPoints (
+   return;
+ }
+ 
++//
++// Enable MTRR early, set default type to write back.
++// Needed to make sure caching is enabled,
++// without this lzma decompress can be very slow.
++//
++STATIC
++VOID
++SecMtrrSetup (
++  VOID
++  )
++{
++  CPUID_VERSION_INFO_EDX           Edx;
++  MSR_IA32_MTRR_DEF_TYPE_REGISTER  DefType;
++
++  AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
++  if (!Edx.Bits.MTRR) {
++    return;
++  }
++
++  DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
++  DefType.Bits.Type = 6; /* write back */
++  DefType.Bits.E    = 1; /* enable */
++  AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
++}
++
+ VOID
+ EFIAPI
+ SecCoreStartupWithStack (
+@@ -942,6 +969,11 @@ SecCoreStartupWithStack (
+   InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
+   DisableApicTimerInterrupt ();
+ 
++  //
++  // Initialize MTRR
++  //
++  SecMtrrSetup ();
++
+   //
+   // Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
+   //

0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch

@@ -0,0 +1,41 @@
+From 625a70fc26d752b0025eae19682b386f44fa089b Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 30 Jan 2024 14:04:39 +0100
+Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types
+
+RH-Author: Gerd Hoffmann <None>
+RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
+RH-Jira: RHEL-21704
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2)
+
+Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-ID: <20240130130441.772484-3-kraxel@redhat.com>
+
+patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
+present_in_specfile: true
+location_in_specfile: 50
+---
+ MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+index 756e7c86ec..08ba949cf7 100644
+--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
++++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+@@ -2103,6 +2103,13 @@ typedef union {
+ #define MSR_IA32_MTRR_PHYSBASE9  0x00000212
+ /// @}
+ 
++#define MSR_IA32_MTRR_CACHE_UNCACHEABLE      0
++#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING  1
++#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH    4
++#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED  5
++#define MSR_IA32_MTRR_CACHE_WRITE_BACK       6
++#define MSR_IA32_MTRR_CACHE_INVALID_TYPE     7
++
+ /**
+   MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to
+   #MSR_IA32_MTRR_PHYSBASE9

0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch

@@ -0,0 +1,70 @@
+From d545c8ac6a7c96cb64661b2f5b6fccb97f9c02f8 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 30 Jan 2024 14:04:40 +0100
+Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from
+ ArchitecturalMsr.h
+
+RH-Author: Gerd Hoffmann <None>
+RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
+RH-Jira: RHEL-21704
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2)
+
+Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-ID: <20240130130441.772484-4-kraxel@redhat.com>
+
+patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
+present_in_specfile: true
+location_in_specfile: 51
+---
+ UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------
+ 1 file changed, 14 insertions(+), 12 deletions(-)
+
+diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h
+index 86cc1aab3b..287d249a99 100644
+--- a/UefiCpuPkg/Include/Library/MtrrLib.h
++++ b/UefiCpuPkg/Include/Library/MtrrLib.h
+@@ -9,6 +9,8 @@
+ #ifndef  _MTRR_LIB_H_
+ #define  _MTRR_LIB_H_
+ 
++#include <Register/Intel/ArchitecturalMsr.h>
++
+ //
+ // According to IA32 SDM, MTRRs number and MSR offset are always consistent
+ // for IA32 processor family
+@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ {
+ // Memory cache types
+ //
+ typedef enum {
+-  CacheUncacheable    = 0,
+-  CacheWriteCombining = 1,
+-  CacheWriteThrough   = 4,
+-  CacheWriteProtected = 5,
+-  CacheWriteBack      = 6,
+-  CacheInvalid        = 7
++  CacheUncacheable    = MSR_IA32_MTRR_CACHE_UNCACHEABLE,
++  CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING,
++  CacheWriteThrough   = MSR_IA32_MTRR_CACHE_WRITE_THROUGH,
++  CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED,
++  CacheWriteBack      = MSR_IA32_MTRR_CACHE_WRITE_BACK,
++  CacheInvalid        = MSR_IA32_MTRR_CACHE_INVALID_TYPE,
+ } MTRR_MEMORY_CACHE_TYPE;
+ 
+-#define  MTRR_CACHE_UNCACHEABLE      0
+-#define  MTRR_CACHE_WRITE_COMBINING  1
+-#define  MTRR_CACHE_WRITE_THROUGH    4
+-#define  MTRR_CACHE_WRITE_PROTECTED  5
+-#define  MTRR_CACHE_WRITE_BACK       6
+-#define  MTRR_CACHE_INVALID_TYPE     7
++#define  MTRR_CACHE_UNCACHEABLE      MSR_IA32_MTRR_CACHE_UNCACHEABLE
++#define  MTRR_CACHE_WRITE_COMBINING  MSR_IA32_MTRR_CACHE_WRITE_COMBINING
++#define  MTRR_CACHE_WRITE_THROUGH    MSR_IA32_MTRR_CACHE_WRITE_THROUGH
++#define  MTRR_CACHE_WRITE_PROTECTED  MSR_IA32_MTRR_CACHE_WRITE_PROTECTED
++#define  MTRR_CACHE_WRITE_BACK       MSR_IA32_MTRR_CACHE_WRITE_BACK
++#define  MTRR_CACHE_INVALID_TYPE     MSR_IA32_MTRR_CACHE_INVALID_TYPE
+ 
+ typedef struct {
+   UINT64                    BaseAddress;

0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch

@@ -0,0 +1,49 @@
+From 77a0448486125a840a33e438e430d8e0844dab81 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 30 Jan 2024 14:04:41 +0100
+Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h
+
+RH-Author: Gerd Hoffmann <None>
+RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
+RH-Jira: RHEL-21704
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2)
+
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-ID: <20240130130441.772484-5-kraxel@redhat.com>
+
+patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
+present_in_specfile: true
+location_in_specfile: 52
+---
+ OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +-
+ OvmfPkg/Sec/SecMain.c          | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
+index 0daddac0a0..c00b852f0e 100644
+--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
++++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
+@@ -70,7 +70,7 @@ SecMtrrSetup (
+   }
+ 
+   DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+-  DefType.Bits.Type = 6; /* write back */
++  DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
+   DefType.Bits.E    = 1; /* enable */
+   AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+ }
+diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
+index 3b7dc7205d..aa0fa1b1ec 100644
+--- a/OvmfPkg/Sec/SecMain.c
++++ b/OvmfPkg/Sec/SecMain.c
+@@ -766,7 +766,7 @@ SecMtrrSetup (
+   }
+ 
+   DefType.Uint64    = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+-  DefType.Bits.Type = 6; /* write back */
++  DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
+   DefType.Bits.E    = 1; /* enable */
+   AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+ }

30-edk2-ovmf-x64-sb-enrolled.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
             "format": "raw"
@@ -24,7 +25,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
         "enrolled-keys",
         "requires-smm",
         "secure-boot",

40-edk2-ovmf-x64-sb.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
             "format": "raw"
@@ -24,7 +25,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
         "requires-smm",
         "secure-boot",
         "verbose-dynamic"

50-edk2-aarch64-qcow2.json

@@ -0,0 +1,32 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode": "split",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+
+    ],
+    "tags": [
+
+    ]
+}

50-edk2-ovmf-x64-nosb.json

@@ -1,12 +1,13 @@
 {
-    "description": "OVMF with SEV-ES support",
+    "description": "OVMF without SB+SMM, empty varstore",
     "interface-types": [
         "uefi"
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
-            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd",
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
             "format": "raw"
         },
         "nvram-template": {
@@ -18,12 +19,12 @@
         {
             "architecture": "x86_64",
             "machines": [
-                "pc-q35-rhel8.6.0",
-                "pc-q35-rhel8.5.0"
+                "pc-q35-*"
             ]
         }
     ],
     "features": [
+        "acpi-s3",
         "amd-sev",
         "amd-sev-es",
         "verbose-dynamic"

51-edk2-aarch64-raw.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
             "format": "raw"

52-edk2-aarch64-verbose-qcow2.json

@@ -0,0 +1,32 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode": "split",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}

53-edk2-aarch64-verbose-raw.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
             "format": "raw"

60-edk2-ovmf-x64-amdsev.json

@@ -0,0 +1,31 @@
+{
+    "description": "OVMF with SEV-ES support",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode": "stateless",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "amd-sev",
+        "amd-sev-es",
+        "amd-sev-snp",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

60-edk2-ovmf-x64-inteltdx.json

@@ -0,0 +1,27 @@
+{
+    "description": "OVMF with TDX support",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd"
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "enrolled-keys",
+        "intel-tdx",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch

@@ -1,43 +0,0 @@
-From 0790c9c4f796fdce8ba6618359b78e1d0b331c95 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 4 Jun 2020 13:34:12 +0200
-Subject: BaseTools: do not build BrotliCompress (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- New patch.
-
-BrotliCompress is not used for building ArmVirtPkg or OvmfPkg platforms.
-It depends on one of the upstream Brotli git submodules that we removed
-earlier in this rebase series. (See patch "remove upstream edk2's Brotli
-submodules (RH only").
-
-Do not attempt to build BrotliCompress.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2)
----
- BaseTools/Source/C/GNUmakefile | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
-index 8c191e0c38..3eae824a1c 100644
---- a/BaseTools/Source/C/GNUmakefile
-+++ b/BaseTools/Source/C/GNUmakefile
-@@ -48,7 +48,6 @@ all: makerootdir subdirs
- LIBRARIES = Common
- VFRAUTOGEN = VfrCompile/VfrLexer.h
- APPLICATIONS = \
--  BrotliCompress \
-   VfrCompile \
-   EfiRom \
-   GenFfs \
--- 
-2.27.0
-

SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch

@@ -1,49 +0,0 @@
-From df9e25b7e6179a7764d44f915de95af5f850a020 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 4 Jun 2020 13:39:08 +0200
-Subject: MdeModulePkg: remove package-private Brotli include path (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- New patch.
-
-Originating from upstream commit 58802e02c41b
-("MdeModulePkg/BrotliCustomDecompressLib: Make brotli a submodule",
-2020-04-16), "MdeModulePkg/MdeModulePkg.dec" contains a package-internal
-include path into a Brotli submodule.
-
-The edk2 build system requires such include paths to resolve successfully,
-regardless of the firmware platform being built. Because
-BrotliCustomDecompressLib is not consumed by any OvmfPkg or ArmVirtPkg
-platforms, and we've removed the submodule earlier in this patch set,
-remove the include path too.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed)
----
- MdeModulePkg/MdeModulePkg.dec | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 463e889e9a..9d69fb86ed 100644
---- a/MdeModulePkg/MdeModulePkg.dec
-+++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -24,9 +24,6 @@
- [Includes]
-   Include
- 
--[Includes.Common.Private]
--  Library/BrotliCustomDecompressLib/brotli/c/include
--
- [LibraryClasses]
-   ##  @libraryclass  Defines a set of methods to reset whole system.
-   ResetSystemLib|Include/Library/ResetSystemLib.h
--- 
-2.27.0
-

SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch

@@ -1,82 +0,0 @@
-From 1a1bdd69fad22bbf48e3906bb73b33ede6632102 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 20 Feb 2014 22:54:45 +0100
-Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- trivial context difference due to upstream commit 2fe5f2f52918
-  ("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
-  by git-cherry-pick automatically
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no changes
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Upstream prefers short debug messages (sometimes even limited to 80
-characters), but any line length under 512 characters is just unsuitable
-for effective debugging. (For example, config strings in HII routing,
-logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
-level, can be several hundred characters long.) 512 is an empirically good
-value.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
-(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
-(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
-(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
-(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
-(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
-(cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5)
-(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e)
----
- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-index dffb20822d..0577c43c3d 100644
---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-@@ -21,7 +21,7 @@
- //
- // Define the maximum debug and assert message length that this library supports
- //
--#define MAX_DEBUG_MESSAGE_LENGTH  0x100
-+#define MAX_DEBUG_MESSAGE_LENGTH  0x200
- 
- //
- // VA_LIST can not initialize to NULL for all compiler, so we use this to
--- 
-2.27.0
-

SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch

@@ -1,168 +0,0 @@
-From 8ea4ac38206664e1d833085a0b7d4e0736870c2b Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 25 Feb 2014 18:40:35 +0100
-Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no changes
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no changes
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- update commit message as requested in
-  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
-  390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
-  InitializeTerminalConsoleTextMode", 2017-01-10).
-
-When the console output is multiplexed to several devices by
-ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
-supported by all console output devices.
-
-Two notable output devices are provided by:
-(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
-(2) MdeModulePkg/Universal/Console/TerminalDxe.
-
-GraphicsConsoleDxe supports four modes at most -- see
-InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
-
-(1a) 80x25 (required by the UEFI spec as mode 0),
-(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
-     requires the driver to provide it as mode 1),
-(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
-     spec requires from all plug-in graphics devices),
-(1d) "full screen" resolution, derived form the underlying GOP's
-     horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
-     (8) and EFI_GLYPH_HEIGHT (19), respectively.
-
-The automatic "full screen resolution" makes GraphicsConsoleDxe's
-character console very flexible. However, TerminalDxe (which runs on
-serial ports) only provides the following fixed resolutions -- see
-InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
-
-(2a) 80x25 (required by the UEFI spec as mode 0),
-(2b) 80x50 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 1),
-(2c) 100x31 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 2).
-
-When ConSplitterDxe combines (1) and (2), multiplexing console output to
-both video output and serial terminal, the list of commonly supported text
-modes (ie. the "intersection") comprises:
-
-(3a) 80x25, unconditionally, from (1a) and (2a),
-(3b) 80x50, if the graphics console provides at least 640x950 pixel
-     resolution, from (1b) and (2b)
-(3c) 100x31, if the graphics device is a plug-in one (because in that case
-     800x600 is a mandated pixel resolution), from (1c) and (2c).
-
-Unfortunately, the "full screen resolution" (1d) of the GOP-based text
-console is not available in general.
-
-Mitigate this problem by extending "mTerminalConsoleModeData" with a
-handful of text resolutions that are derived from widespread maximal pixel
-resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
-the most frequent (1d) values from the intersection, and eg. the MODE
-command in the UEFI shell will offer the "best" (ie. full screen)
-resolution too.
-
-Upstreaming efforts for this patch have been discontinued; it was clear
-from the off-list thread that consensus was impossible to reach.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
-(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
-(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
-(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
-(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
-(cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18)
-(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69)
----
- .../Universal/Console/TerminalDxe/Terminal.c  | 41 +++++++++++++++++--
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-index a98b690c8b..ded5513c74 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-@@ -115,9 +115,44 @@ TERMINAL_DEV  mTerminalDevTemplate = {
- };
- 
- TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
--  {80,  25},
--  {80,  50},
--  {100, 31},
-+  {   80,  25 }, // from graphics resolution  640 x  480
-+  {   80,  50 }, // from graphics resolution  640 x  960
-+  {  100,  25 }, // from graphics resolution  800 x  480
-+  {  100,  31 }, // from graphics resolution  800 x  600
-+  {  104,  32 }, // from graphics resolution  832 x  624
-+  {  120,  33 }, // from graphics resolution  960 x  640
-+  {  128,  31 }, // from graphics resolution 1024 x  600
-+  {  128,  40 }, // from graphics resolution 1024 x  768
-+  {  144,  45 }, // from graphics resolution 1152 x  864
-+  {  144,  45 }, // from graphics resolution 1152 x  870
-+  {  160,  37 }, // from graphics resolution 1280 x  720
-+  {  160,  40 }, // from graphics resolution 1280 x  760
-+  {  160,  40 }, // from graphics resolution 1280 x  768
-+  {  160,  42 }, // from graphics resolution 1280 x  800
-+  {  160,  50 }, // from graphics resolution 1280 x  960
-+  {  160,  53 }, // from graphics resolution 1280 x 1024
-+  {  170,  40 }, // from graphics resolution 1360 x  768
-+  {  170,  40 }, // from graphics resolution 1366 x  768
-+  {  175,  55 }, // from graphics resolution 1400 x 1050
-+  {  180,  47 }, // from graphics resolution 1440 x  900
-+  {  200,  47 }, // from graphics resolution 1600 x  900
-+  {  200,  63 }, // from graphics resolution 1600 x 1200
-+  {  210,  55 }, // from graphics resolution 1680 x 1050
-+  {  240,  56 }, // from graphics resolution 1920 x 1080
-+  {  240,  63 }, // from graphics resolution 1920 x 1200
-+  {  240,  75 }, // from graphics resolution 1920 x 1440
-+  {  250, 105 }, // from graphics resolution 2000 x 2000
-+  {  256,  80 }, // from graphics resolution 2048 x 1536
-+  {  256, 107 }, // from graphics resolution 2048 x 2048
-+  {  320,  75 }, // from graphics resolution 2560 x 1440
-+  {  320,  84 }, // from graphics resolution 2560 x 1600
-+  {  320, 107 }, // from graphics resolution 2560 x 2048
-+  {  350, 110 }, // from graphics resolution 2800 x 2100
-+  {  400, 126 }, // from graphics resolution 3200 x 2400
-+  {  480, 113 }, // from graphics resolution 3840 x 2160
-+  {  512, 113 }, // from graphics resolution 4096 x 2160
-+  {  960, 227 }, // from graphics resolution 7680 x 4320
-+  { 1024, 227 }, // from graphics resolution 8192 x 4320
-   //
-   // New modes can be added here.
-   //
--- 
-2.27.0
-

SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch

@@ -1,172 +0,0 @@
-From e8e12cb7d3a47e5823cf2cb12c9bfe5901d3b100 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Nov 2014 23:02:53 +0100
-Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
- only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- No manual / explicit code change is necessary, because the newly
-  inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
-  build-time macro (feature test flag), with default value FALSE -- from
-  upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
-  Package", 2020-12-14).
-
-- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
-  enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
-  introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
-  git-cherry-pick.
-
-- Remove obsolete commit message tags related to downstream patch
-  management: Message-id, Patchwork-id, O-Subject, Acked-by
-  (RHBZ#1846481).
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
-  'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- update the patch against the following upstream commits:
-  - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
-  - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
-                  tool chain", 2018-11-27)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Bugzilla: 1147592
-
-When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
-binary from the firmware image.
-
-Peter Jones advised us that firmware vendors for physical systems disable
-the memory-mapped, firmware image-contained UEFI shell in
-SecureBoot-enabled builds. The reason being that the memory-mapped shell
-can always load, it may have direct access to various hardware in the
-system, and it can run UEFI shell scripts (which cannot be signed at all).
-
-Intended use of the new build option:
-
-- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
-  firmware image will contain a shell binary, independently of SecureBoot
-  enablement, which is flexible for interactive development. (Ie. no
-  change for in-tree builds.)
-
-- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
-  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
-
-  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
-
-  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
-
-  - UefiShell.iso: a bootable ISO image with the shell on it as default
-    boot loader. The shell binary will load when SecureBoot is turned off,
-    and won't load when SecureBoot is turned on (because it is not
-    signed).
-
-    UefiShell.iso is the reason we're not excluding the shell from the DSC
-    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
-    is specified, the shell binary needs to be built the same, only it
-    will be included in UefiShell.iso.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
-(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
-(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
-(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
-(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
-(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
-(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
-(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
----
- OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
- OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
- OvmfPkg/OvmfPkgX64.fdf     | 2 ++
- 3 files changed, 6 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 775ea2d710..00ea14adf0 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -290,12 +290,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index 9d8695922f..e33a40c44e 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -294,12 +294,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index b6cc3cabdd..85b4b23857 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -310,12 +310,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
--- 
-2.27.0
-

SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch

@@ -1,93 +0,0 @@
-From eba5ecf4b2611d593a978ccac804314ab7848754 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:49:43 +0200
-Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
-machine firmware) print a reasonably early, simple hello message to the
-serial port, regardless of debug mask settings. This should inform
-interactive users, and provide some rough help in localizing boot
-problems, even with restrictive debug masks.
-
-If a platform doesn't want this feature, it should stick with the default
-empty string.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Suggested-by: Drew Jones <drjones@redhat.com>
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
-(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
-(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
-(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
-(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
-(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
-(cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc)
-(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9)
----
- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
-index 3a25ddcdc8..b2b58553c7 100644
---- a/ArmPlatformPkg/ArmPlatformPkg.dec
-+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
-@@ -121,6 +121,13 @@
-   ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
-   gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
- 
-+  #
-+  # Early hello message (ASCII string), printed to the serial port.
-+  # If set to the empty string, nothing is printed.
-+  # Otherwise, a trailing CRLF should be specified explicitly.
-+  #
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
-+
- [PcdsFixedAtBuild.common,PcdsDynamic.common]
-   ## PL031 RealTimeClock
-   gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
--- 
-2.27.0
-

SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch

@@ -1,145 +0,0 @@
-From 8be1d7253ba8a7d30bb54835ef1fc866aa62e216 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:59:20 +0200
-Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
- port (RH)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
-  temporary stack before entering PEI core", 2017-11-09) -- conflict
-  resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-The FixedPcdGetSize() macro expands to an integer constant, therefore an
-optimizing compiler can eliminate the new code, if the platform DSC
-doesn't override the empty string (size=1) default of
-PcdEarlyHelloMessage.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
-(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
-(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
-(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
-(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
-(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
-(cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453)
-(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa)
----
- ArmPlatformPkg/PrePeiCore/MainMPCore.c          | 5 +++++
- ArmPlatformPkg/PrePeiCore/MainUniCore.c         | 5 +++++
- ArmPlatformPkg/PrePeiCore/PrePeiCore.h          | 1 +
- ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf  | 2 ++
- ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
- 5 files changed, 15 insertions(+)
-
-diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-index 859f1adf20..cf9e65bb7c 100644
---- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-@@ -111,6 +111,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Enable the GIC Distributor
-diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-index 220f9b5680..158cc34c77 100644
---- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-@@ -29,6 +29,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-index 7b155a8a61..e9e283f9ec 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-@@ -15,6 +15,7 @@
- #include <Library/DebugLib.h>
- #include <Library/IoLib.h>
- #include <Library/PcdLib.h>
-+#include <Library/SerialPortLib.h>
- 
- #include <PiPei.h>
- #include <Ppi/TemporaryRamSupport.h>
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-index fb01dd1a11..a6681c1032 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-@@ -69,6 +69,8 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gArmTokenSpaceGuid.PcdGicDistributorBase
-   gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
-   gArmTokenSpaceGuid.PcdGicSgiIntId
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-index e9eb092d3a..c98dc82f0c 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-@@ -67,4 +67,6 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
--- 
-2.27.0
-

SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch

@@ -1,82 +0,0 @@
-From 12873d08db00e113ef28eb4552f478cd4ffb3393 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 14:07:17 +0200
-Subject: ArmVirtPkg: set early hello message (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- context difference from upstream commit f5cb3767038e
-  ("ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2
-  support", 2020-03-04) automatically resolved correctly
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
-  don't set PcdCoreCount", 2019-02-13)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Print a friendly banner on QEMU, regardless of debug mask settings.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
-(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
-(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
-(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
-(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
-(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
-(cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b)
-(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3)
----
- ArmVirtPkg/ArmVirtQemu.dsc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index e0476ede4f..ec0edf6e7b 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -134,6 +134,7 @@
-   gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
- 
- [PcdsFixedAtBuild.common]
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
- !if $(ARCH) == AARCH64
-   gArmTokenSpaceGuid.PcdVFPEnabled|1
- !endif
--- 
-2.27.0
-

SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

@@ -1,179 +0,0 @@
-From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Sat, 16 Nov 2019 17:11:27 +0100
-Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
- (RH)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
-
-- Recreate the patch based on downstream commits:
-
-  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
-                  in the INFs (RH)", 2020-06-05),
-  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
-                  2020-11-23),
-  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
-                  RHEL-8.4", 2020-11-23).
-
-  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
-      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
-      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
-
-      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
-      files, namely
-
-      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
-      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-
-      in the following commits only:
-
-      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
-        option", 2020-08-12), which did not affect the source file list at
-        all,
-
-      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
-        entropy in rand_pool", 2020-09-18), which replaced some of the
-        *edk2-specific* "rand_pool_noise" source files with an RngLib
-        dependency.
-
-      This means that the list of required, actual OpenSSL source files
-      has not changed in upstream edk2 since our downstream edk2 commit
-      e81751a1c303.
-
-  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
-      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
-      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
-      shipped in RHEL-8.3.0.z", 2020-10-23).
-
-      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
-      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
-      2021-05-25), which is the current head of the rhel-8.5.0 branch.
-      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
-
-      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
-      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
-      source tree, with "rpmbuild -bp". Subsequently I compared the
-      prepped source trees recursively.
-
-      - The following files disappeared:
-
-        - 29 backup files created by "patch",
-
-        - the assembly generator perl script called
-          "ecp_nistz256-avx2.pl", which is not used during the build.
-
-      - The following new files appeared:
-
-        - 18 files directly or indirectly under the "test" subdirectory,
-          which are not used during the build,
-
-        - 5 backup files created by "patch",
-
-        - 2 DCL scripts used when building OpenSSL on OpenVMS.
-
-      This means that the total list of RHEL-8 OpenSSL source files has
-      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
-      commit 3e3fe5e62079.
-
-  As a result, copy the "RHEL8-specific OpenSSL file list" sections
-  verbatim from the INF files, at downstream commit e81751a1c303. (I used
-  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
-  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- "OpensslLib.inf":
-
-  - Automatic leading context refresh against upstream commit c72ca4666886
-    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
-    loop", 2020-03-10).
-
-  - Manual trailing context refresh against upstream commit b49a6c8f80d9
-    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
-
-- "OpensslLibCrypto.inf":
-
-  - Automatic leading context refresh against upstream commits
-    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
-    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
-    process_files.pl to generate .h files", 2019-10-30).
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- new patch
-
-The downstream changes in RHEL8's OpenSSL package, for example in
-"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
-preexistent code into those new files. In order to avoid undefined
-references in link editing, we have to list the new files.
-
-Note: "process_files.pl" is not re-run at this time manually, because
-
-(a) "process_files.pl" would pollute the file list (and some of the
-    auto-generated header files) with RHEL8-specific FIPS artifacts, which
-    are explicitly unwanted in edk2,
-
-(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
-    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
-    and will help with future changes too.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
-(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
----
- CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
- 2 files changed, 22 insertions(+)
-
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-index d84bde056a..19913a4ac6 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-@@ -570,6 +570,17 @@
-   $(OPENSSL_PATH)/ssl/statem/statem.h
-   $(OPENSSL_PATH)/ssl/statem/statem_local.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-index cdeed0d073..5057857e8d 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-@@ -519,6 +519,17 @@
-   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
-   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
--- 
-2.27.0
-

SOURCES/LICENSE.qosb

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2017 Patrick Uiterwijk
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

SOURCES/RedHatSecureBootPkKek1.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
-BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
-9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
-MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
-RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
-+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
-huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
-bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
-3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
-y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
-AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
-HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
-ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
-3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
-1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
-qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
-NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
-R+SqIs/vdWGA40O3SFdzET14m2k=
------END CERTIFICATE-----

SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-migrate-to-OVMF-s-VirtNorFlas.patch

@@ -1,149 +0,0 @@
-From 9ef10bbe9a03f22aa5c5ff659012794d37ef9839 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 18:41:22 +0200
-Subject: [PATCH 17/18] ArmVirtPkg/ArmVirtQemu: migrate to OVMF's
- VirtNorFlashDxe
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [19/20] 2160140b0ea566451ab723e941d2ab91e1ad874e
-
-Switch to the virt specific NorFlashDxe driver implementation that was
-added recently.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit b92298af8218dd074c231947bc95f2be94af663c)
----
- ArmVirtPkg/ArmVirtQemu.dsc                           |  4 ++--
- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc                 |  2 +-
- ArmVirtPkg/ArmVirtQemuKernel.dsc                     |  4 ++--
- ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c | 12 ++++++------
- .../Library/NorFlashQemuLib/NorFlashQemuLib.inf      |  4 ++--
- 5 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index e6fad9f066..2b23becf30 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -67,7 +67,7 @@
-   ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
- 
-   TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
--  NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+  VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
- 
-   CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
-   BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
-@@ -400,7 +400,7 @@
-     <LibraryClasses>
-       NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
-   }
--  ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-index f6a538df72..7c655d384d 100644
---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-@@ -73,7 +73,7 @@ READ_LOCK_STATUS   = TRUE
- 
-   INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
-   INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
--  INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 656c9d99a3..344e2c4ed9 100644
---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
-+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -65,7 +65,7 @@
-   ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
- 
-   TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
--  NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+  VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
- 
-   CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
-   BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
-@@ -329,7 +329,7 @@
-     <LibraryClasses>
-       NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
-   }
--  ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-index 271d7f0efb..93a2fed40f 100644
---- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-@@ -8,8 +8,8 @@
- 
- #include <Library/BaseLib.h>
- #include <Library/DebugLib.h>
--#include <Library/NorFlashPlatformLib.h>
- #include <Library/UefiBootServicesTableLib.h>
-+#include <Library/VirtNorFlashPlatformLib.h>
- 
- #include <Protocol/FdtClient.h>
- 
-@@ -18,19 +18,19 @@
- #define MAX_FLASH_BANKS        4
- 
- EFI_STATUS
--NorFlashPlatformInitialization (
-+VirtNorFlashPlatformInitialization (
-   VOID
-   )
- {
-   return EFI_SUCCESS;
- }
- 
--NOR_FLASH_DESCRIPTION mNorFlashDevices[MAX_FLASH_BANKS];
-+STATIC VIRT_NOR_FLASH_DESCRIPTION  mNorFlashDevices[MAX_FLASH_BANKS];
- 
- EFI_STATUS
--NorFlashPlatformGetDevices (
--  OUT NOR_FLASH_DESCRIPTION   **NorFlashDescriptions,
--  OUT UINT32                  *Count
-+VirtNorFlashPlatformGetDevices (
-+  OUT VIRT_NOR_FLASH_DESCRIPTION  **NorFlashDescriptions,
-+  OUT UINT32                      *Count
-   )
- {
-   FDT_CLIENT_PROTOCOL         *FdtClient;
-diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-index 4c3683bf5d..a6b5865be9 100644
---- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-@@ -14,17 +14,17 @@
-   FILE_GUID                      = 339B7829-4C5F-4EFC-B2DD-5050E530DECE
-   MODULE_TYPE                    = DXE_DRIVER
-   VERSION_STRING                 = 1.0
--  LIBRARY_CLASS                  = NorFlashPlatformLib
-+  LIBRARY_CLASS                  = VirtNorFlashPlatformLib
- 
- [Sources.common]
-   NorFlashQemuLib.c
- 
- [Packages]
-   MdePkg/MdePkg.dec
--  ArmPlatformPkg/ArmPlatformPkg.dec
-   ArmPkg/ArmPkg.dec
-   ArmVirtPkg/ArmVirtPkg.dec
-   EmbeddedPkg/EmbeddedPkg.dec
-+  OvmfPkg/OvmfPkg.dec
- 
- [LibraryClasses]
-   BaseLib
--- 
-2.41.0
-

SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch

@@ -1,174 +0,0 @@
-From f8691984227809170b702f6fd087add1f95ee8fe Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 5 Mar 2024 16:38:49 -0500
-Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 66: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-RH-Jira: RHEL-21158
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [1/2] 301d3bfe82c39179fb85d510788831aa340212d9
-
-JIRA: https://issues.redhat.com/browse/RHEL-21158
-CVE: CVE-2022-36765
-Upstream: Merged
-
-commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
-Author: Gua Guo <gua.guo@intel.com>
-Date:   Thu Jan 11 13:07:50 2024 +0800
-
-    EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
-
-    Fix integer overflow in various CreateHob instances.
-    Fixes: CVE-2022-36765
-
-    The CreateHob() function aligns the requested size to 8
-    performing the following operation:
-    ```
-    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-    ```
-
-    No checks are performed to ensure this value doesn't
-    overflow, and could lead to CreateHob() returning a smaller
-    HOB than requested, which could lead to OOB HOB accesses.
-
-    Reported-by: Marc Beatove <mbeatove@google.com>
-    Cc: Leif Lindholm <quic_llindhol@quicinc.com>
-    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Abner Chang <abner.chang@amd.com>
-    Cc: John Mathew <john.mathews@intel.com>
-    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-    Signed-off-by: Gua Guo <gua.guo@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- EmbeddedPkg/Library/PrePiHobLib/Hob.c | 47 +++++++++++++++++++++++++--
- 1 file changed, 45 insertions(+), 2 deletions(-)
-
-diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-index b5cc6c5d8f..f4c99369c6 100644
---- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-@@ -112,6 +112,13 @@ CreateHob (
- 
-   HandOffHob = GetHobList ();
- 
-+  //
-+  // Check Length to avoid data overflow.
-+  //
-+  if (HobLength > MAX_UINT16 - 0x7) {
-+    return NULL;
-+  }
-+
-   HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
- 
-   FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
-@@ -161,7 +168,10 @@ BuildResourceDescriptorHob (
-   EFI_HOB_RESOURCE_DESCRIPTOR  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
--  ASSERT(Hob != NULL);
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->ResourceType      = ResourceType;
-   Hob->ResourceAttribute = ResourceAttribute;
-@@ -403,6 +413,10 @@ BuildModuleHob (
-           ((ModuleLength & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
-   Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
-@@ -450,7 +464,12 @@ BuildGuidHob (
-   //
-   ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
- 
--  Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16) (sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return NULL;
-+  }
-+
-   CopyGuid (&Hob->Name, Guid);
-   return Hob + 1;
- }
-@@ -516,6 +535,10 @@ BuildFvHob (
-   EFI_HOB_FIRMWARE_VOLUME  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -548,6 +571,10 @@ BuildFv2Hob (
-   EFI_HOB_FIRMWARE_VOLUME2  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -589,6 +616,10 @@ BuildFv3Hob (
-   EFI_HOB_FIRMWARE_VOLUME3  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress          = BaseAddress;
-   Hob->Length               = Length;
-@@ -645,6 +676,10 @@ BuildCpuHob (
-   EFI_HOB_CPU  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->SizeOfMemorySpace = SizeOfMemorySpace;
-   Hob->SizeOfIoSpace     = SizeOfIoSpace;
-@@ -681,6 +716,10 @@ BuildStackHob (
-           ((Length & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid);
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
-@@ -761,6 +800,10 @@ BuildMemoryAllocationHob (
-           ((Length & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch

@@ -1,390 +0,0 @@
-From b8261ac422ba284249cd4f341d78d058e79960f5 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 7 Feb 2024 11:56:37 -0500
-Subject: [PATCH 03/17] MdePkg: Introduce CcMeasurementProtocol for CC Guest
- firmware
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
-RH-Jira: RHEL-21154 RHEL-21156
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [3/13] 6bf304f8e3bc875024c8fb0a4cd5d2c944f69480 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21154
-CVE: CVE-2022-36763
-Upstream: Merged
-
-commit e193584da60550008722498442c62ddb77bf27d5
-Author: Min Xu <min.m.xu@intel.com>
-Date:   Sat Dec 11 21:08:40 2021 +0800
-
-    MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
-
-    CC guest is a Confidential Computing guest. If CC Guest firmware
-    supports measurement and an event is created, CC Guest firmware
-    is designed to report the event log with the same data structure
-    in TCG-Platform-Firmware-Profile specification with
-    EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
-
-    The CC Guest firmware supports measurement. It is designed to
-    produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
-    EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides
-    hash capability.
-
-    Cc: Michael D Kinney <michael.d.kinney@intel.com>
-    Cc: Liming Gao <gaoliming@byosoft.com.cn>
-    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-    Cc: Jian J Wang <jian.j.wang@intel.com>
-    Cc: Ken Lu <ken.lu@intel.com>
-    Cc: Sami Mujawar <sami.mujawar@arm.com>
-    Cc: Gerd Hoffmann <kraxel@redhat.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-    Signed-off-by: Min Xu <min.m.xu@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Include/Protocol/CcMeasurement.h | 302 ++++++++++++++++++++++++
- MdePkg/MdePkg.dec                       |   6 +
- 2 files changed, 308 insertions(+)
- create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h
-
-diff --git a/MdePkg/Include/Protocol/CcMeasurement.h b/MdePkg/Include/Protocol/CcMeasurement.h
-new file mode 100644
-index 0000000000..68029e977f
---- /dev/null
-+++ b/MdePkg/Include/Protocol/CcMeasurement.h
-@@ -0,0 +1,302 @@
-+/** @file
-+  If CC Guest firmware supports measurement and an event is created,
-+  CC Guest firmware is designed to report the event log with the same
-+  data structure in TCG-Platform-Firmware-Profile specification with
-+  EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
-+
-+  The CC Guest firmware supports measurement, the CC Guest Firmware is
-+  designed to produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
-+  EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides hash
-+  capability.
-+
-+Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
-+SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#ifndef CC_MEASUREMENT_PROTOCOL_H_
-+#define CC_MEASUREMENT_PROTOCOL_H_
-+
-+#include <IndustryStandard/UefiTcgPlatform.h>
-+
-+#define EFI_CC_MEASUREMENT_PROTOCOL_GUID  \
-+  { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
-+extern EFI_GUID  gEfiCcMeasurementProtocolGuid;
-+
-+typedef struct _EFI_CC_MEASUREMENT_PROTOCOL EFI_CC_MEASUREMENT_PROTOCOL;
-+
-+typedef struct {
-+  UINT8    Major;
-+  UINT8    Minor;
-+} EFI_CC_VERSION;
-+
-+//
-+// EFI_CC Type/SubType definition
-+//
-+#define EFI_CC_TYPE_NONE  0
-+#define EFI_CC_TYPE_SEV   1
-+#define EFI_CC_TYPE_TDX   2
-+
-+typedef struct {
-+  UINT8    Type;
-+  UINT8    SubType;
-+} EFI_CC_TYPE;
-+
-+typedef UINT32 EFI_CC_EVENT_LOG_BITMAP;
-+typedef UINT32 EFI_CC_EVENT_LOG_FORMAT;
-+typedef UINT32 EFI_CC_EVENT_ALGORITHM_BITMAP;
-+typedef UINT32 EFI_CC_MR_INDEX;
-+
-+//
-+// Intel TDX measure register index
-+//
-+#define TDX_MR_INDEX_MRTD   0
-+#define TDX_MR_INDEX_RTMR0  1
-+#define TDX_MR_INDEX_RTMR1  2
-+#define TDX_MR_INDEX_RTMR2  3
-+#define TDX_MR_INDEX_RTMR3  4
-+
-+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2  0x00000002
-+#define EFI_CC_BOOT_HASH_ALG_SHA384    0x00000004
-+
-+//
-+// This bit is shall be set when an event shall be extended but not logged.
-+//
-+#define EFI_CC_FLAG_EXTEND_ONLY  0x0000000000000001
-+//
-+// This bit shall be set when the intent is to measure a PE/COFF image.
-+//
-+#define EFI_CC_FLAG_PE_COFF_IMAGE  0x0000000000000010
-+
-+#pragma pack (1)
-+
-+#define EFI_CC_EVENT_HEADER_VERSION  1
-+
-+typedef struct {
-+  //
-+  // Size of the event header itself (sizeof(EFI_CC_EVENT_HEADER)).
-+  //
-+  UINT32             HeaderSize;
-+  //
-+  // Header version. For this version of this specification, the value shall be 1.
-+  //
-+  UINT16             HeaderVersion;
-+  //
-+  // Index of the MR (measurement register) that shall be extended.
-+  //
-+  EFI_CC_MR_INDEX    MrIndex;
-+  //
-+  // Type of the event that shall be extended (and optionally logged).
-+  //
-+  UINT32             EventType;
-+} EFI_CC_EVENT_HEADER;
-+
-+typedef struct {
-+  //
-+  // Total size of the event including the Size component, the header and the Event data.
-+  //
-+  UINT32                 Size;
-+  EFI_CC_EVENT_HEADER    Header;
-+  UINT8                  Event[1];
-+} EFI_CC_EVENT;
-+
-+#pragma pack()
-+
-+typedef struct {
-+  //
-+  // Allocated size of the structure
-+  //
-+  UINT8                            Size;
-+  //
-+  // Version of the EFI_CC_BOOT_SERVICE_CAPABILITY structure itself.
-+  // For this version of the protocol, the Major version shall be set to 1
-+  // and the Minor version shall be set to 0.
-+  //
-+  EFI_CC_VERSION                   StructureVersion;
-+  //
-+  // Version of the EFI CC Measurement protocol.
-+  // For this version of the protocol, the Major version shall be set to 1
-+  // and the Minor version shall be set to 0.
-+  //
-+  EFI_CC_VERSION                   ProtocolVersion;
-+  //
-+  // Supported hash algorithms
-+  //
-+  EFI_CC_EVENT_ALGORITHM_BITMAP    HashAlgorithmBitmap;
-+  //
-+  // Bitmap of supported event log formats
-+  //
-+  EFI_CC_EVENT_LOG_BITMAP          SupportedEventLogs;
-+
-+  //
-+  // Indicates the CC type
-+  //
-+  EFI_CC_TYPE                      CcType;
-+} EFI_CC_BOOT_SERVICE_CAPABILITY;
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL GetCapability function call provides protocol
-+  capability information and state information.
-+
-+  @param[in]      This               Indicates the calling context
-+  @param[in, out] ProtocolCapability The caller allocates memory for a EFI_CC_BOOT_SERVICE_CAPABILITY
-+                                     structure and sets the size field to the size of the structure allocated.
-+                                     The callee fills in the fields with the EFI CC BOOT Service capability
-+                                     information and the current CC information.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
-+                                 The ProtocolCapability variable will not be populated.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
-+                                 The ProtocolCapability variable will not be populated.
-+  @retval EFI_BUFFER_TOO_SMALL   The ProtocolCapability variable is too small to hold the full response.
-+                                 It will be partially populated (required Size field will be set).
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_GET_CAPABILITY)(
-+  IN     EFI_CC_MEASUREMENT_PROTOCOL       *This,
-+  IN OUT EFI_CC_BOOT_SERVICE_CAPABILITY    *ProtocolCapability
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL Get Event Log function call allows a caller to
-+  retrieve the address of a given event log and its last entry.
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  EventLogFormat     The type of the event log for which the information is requested.
-+  @param[out] EventLogLocation   A pointer to the memory address of the event log.
-+  @param[out] EventLogLastEntry  If the Event Log contains more than one entry, this is a pointer to the
-+                                 address of the start of the last entry in the event log in memory.
-+  @param[out] EventLogTruncated  If the Event Log is missing at least one entry because an event would
-+                                 have exceeded the area allocated for events, this value is set to TRUE.
-+                                 Otherwise, the value will be FALSE and the Event Log will be complete.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect
-+                                 (e.g. asking for an event log whose format is not supported).
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_GET_EVENT_LOG)(
-+  IN  EFI_CC_MEASUREMENT_PROTOCOL     *This,
-+  IN  EFI_CC_EVENT_LOG_FORMAT         EventLogFormat,
-+  OUT EFI_PHYSICAL_ADDRESS            *EventLogLocation,
-+  OUT EFI_PHYSICAL_ADDRESS            *EventLogLastEntry,
-+  OUT BOOLEAN                         *EventLogTruncated
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL HashLogExtendEvent function call provides
-+  callers with an opportunity to extend and optionally log events without requiring
-+  knowledge of actual CC commands.
-+  The extend operation will occur even if this function cannot create an event
-+  log entry (e.g. due to the event log being full).
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  Flags              Bitmap providing additional information.
-+  @param[in]  DataToHash         Physical address of the start of the data buffer to be hashed.
-+  @param[in]  DataToHashLen      The length in bytes of the buffer referenced by DataToHash.
-+  @param[in]  EfiCcEvent        Pointer to data buffer containing information about the event.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
-+  @retval EFI_VOLUME_FULL        The extend operation occurred, but the event could not be written to one or more event logs.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
-+  @retval EFI_UNSUPPORTED        The PE/COFF image type is not supported.
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_HASH_LOG_EXTEND_EVENT)(
-+  IN EFI_CC_MEASUREMENT_PROTOCOL    *This,
-+  IN UINT64                         Flags,
-+  IN EFI_PHYSICAL_ADDRESS           DataToHash,
-+  IN UINT64                         DataToHashLen,
-+  IN EFI_CC_EVENT                   *EfiCcEvent
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL MapPcrToMrIndex function call provides callers
-+  the info on TPM PCR <-> CC MR mapping information.
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  PcrIndex           TPM PCR index.
-+  @param[out] MrIndex            CC MR index.
-+
-+  @retval EFI_SUCCESS            The MrIndex is returned.
-+  @retval EFI_INVALID_PARAMETER  The MrIndex is NULL.
-+  @retval EFI_UNSUPPORTED        The PcrIndex is invalid.
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_MAP_PCR_TO_MR_INDEX)(
-+  IN  EFI_CC_MEASUREMENT_PROTOCOL    *This,
-+  IN  TCG_PCRINDEX                   PcrIndex,
-+  OUT EFI_CC_MR_INDEX                *MrIndex
-+  );
-+
-+struct _EFI_CC_MEASUREMENT_PROTOCOL {
-+  EFI_CC_GET_CAPABILITY           GetCapability;
-+  EFI_CC_GET_EVENT_LOG            GetEventLog;
-+  EFI_CC_HASH_LOG_EXTEND_EVENT    HashLogExtendEvent;
-+  EFI_CC_MAP_PCR_TO_MR_INDEX      MapPcrToMrIndex;
-+};
-+
-+//
-+// CC event log
-+//
-+
-+#pragma pack(1)
-+
-+//
-+// Crypto Agile Log Entry Format.
-+// It is similar with TCG_PCR_EVENT2 except the field of MrIndex and PCRIndex.
-+//
-+typedef struct {
-+  EFI_CC_MR_INDEX       MrIndex;
-+  UINT32                EventType;
-+  TPML_DIGEST_VALUES    Digests;
-+  UINT32                EventSize;
-+  UINT8                 Event[1];
-+} CC_EVENT;
-+
-+//
-+// EFI CC Event Header
-+// It is similar with TCG_PCR_EVENT2_HDR except the field of MrIndex and PCRIndex
-+//
-+typedef struct {
-+  EFI_CC_MR_INDEX       MrIndex;
-+  UINT32                EventType;
-+  TPML_DIGEST_VALUES    Digests;
-+  UINT32                EventSize;
-+} CC_EVENT_HDR;
-+
-+#pragma pack()
-+
-+//
-+// Log entries after Get Event Log service
-+//
-+
-+#define EFI_CC_FINAL_EVENTS_TABLE_VERSION  1
-+
-+typedef struct {
-+  //
-+  // The version of this structure. It shall be set to 1.
-+  //
-+  UINT64    Version;
-+  //
-+  // Number of events recorded after invocation of GetEventLog API
-+  //
-+  UINT64    NumberOfEvents;
-+  //
-+  // List of events of type CC_EVENT.
-+  //
-+  // CC_EVENT              Event[1];
-+} EFI_CC_FINAL_EVENTS_TABLE;
-+
-+#define EFI_CC_FINAL_EVENTS_TABLE_GUID \
-+  {0xdd4a4648, 0x2de7, 0x4665, {0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46}}
-+
-+extern EFI_GUID  gEfiCcFinalEventsTableGuid;
-+
-+#endif
-diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
-index 8b18415b10..6389a48338 100644
---- a/MdePkg/MdePkg.dec
-+++ b/MdePkg/MdePkg.dec
-@@ -823,6 +823,9 @@
-   #
-   gLinuxEfiInitrdMediaGuid       = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
- 
-+  ## Include/Protocol/CcMeasurement.h
-+  gEfiCcFinalEventsTableGuid     = { 0xdd4a4648, 0x2de7, 0x4665, { 0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46 }}
-+
- [Guids.IA32, Guids.X64]
-   ## Include/Guid/Cper.h
-   gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
-@@ -1011,6 +1014,9 @@
-   ## Include/Protocol/PcdInfo.h
-   gGetPcdInfoProtocolGuid        = { 0x5be40f57, 0xfa68, 0x4610, { 0xbb, 0xbf, 0xe9, 0xc5, 0xfc, 0xda, 0xd3, 0x65 } }
- 
-+  ## Include/Protocol/CcMeasurement.h
-+  gEfiCcMeasurementProtocolGuid  = { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
-+
-   #
-   # Protocols defined in PI1.0.
-   #
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch

@@ -1,169 +0,0 @@
-From aa66757951e9880df4e21e191142400480aa3908 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 8 Feb 2024 10:35:14 -0500
-Subject: [PATCH 15/17] NetworkPkg: : Add Unit tests to CI and create Host Test
- DSC
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [2/4] 6669306e2dbb5aa3e7691d57f4a61685b7cd57b2 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21842
-CVE: CVE-2023-45230
-Upstream: Merged
-
-commit 8014ac2d7bbbc503f5562b51af46bb20ae3d22ff
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:44 2024 +0800
-
-    NetworkPkg: : Add Unit tests to CI and create Host Test DSC
-
-    Adds Host Based testing to the NetworkPkg
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/NetworkPkg.ci.yaml          |  7 +-
- NetworkPkg/Test/NetworkPkgHostTest.dsc | 98 ++++++++++++++++++++++++++
- 2 files changed, 104 insertions(+), 1 deletion(-)
- create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
-
-diff --git a/NetworkPkg/NetworkPkg.ci.yaml b/NetworkPkg/NetworkPkg.ci.yaml
-index 07dc7abd69..076424eb60 100644
---- a/NetworkPkg/NetworkPkg.ci.yaml
-+++ b/NetworkPkg/NetworkPkg.ci.yaml
-@@ -24,6 +24,9 @@
-     "CompilerPlugin": {
-         "DscPath": "NetworkPkg.dsc"
-     },
-+    "HostUnitTestCompilerPlugin": {
-+        "DscPath": "Test/NetworkPkgHostTest.dsc"
-+    },
-     "CharEncodingCheck": {
-         "IgnoreFiles": []
-     },
-@@ -35,7 +38,9 @@
-             "CryptoPkg/CryptoPkg.dec"
-         ],
-         # For host based unit tests
--        "AcceptableDependencies-HOST_APPLICATION":[],
-+        "AcceptableDependencies-HOST_APPLICATION":[
-+            UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+        ],
-         # For UEFI shell based apps
-         "AcceptableDependencies-UEFI_APPLICATION":[
-             "ShellPkg/ShellPkg.dec"
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-new file mode 100644
-index 0000000000..1aeca5c5b3
---- /dev/null
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -0,0 +1,98 @@
-+## @file
-+# NetworkPkgHostTest DSC file used to build host-based unit tests.
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+#
-+##
-+[Defines]
-+  PLATFORM_NAME           = NetworkPkgHostTest
-+  PLATFORM_GUID           = 3b68324e-fc07-4d49-9520-9347ede65879
-+  PLATFORM_VERSION        = 0.1
-+  DSC_SPECIFICATION       = 0x00010005
-+  OUTPUT_DIRECTORY        = Build/NetworkPkg/HostTest
-+  SUPPORTED_ARCHITECTURES = IA32|X64|AARCH64
-+  BUILD_TARGETS           = NOOPT
-+  SKUID_IDENTIFIER        = DEFAULT
-+
-+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+
-+[Components]
-+  #
-+  # Build HOST_APPLICATION that tests NetworkPkg
-+  #
-+
-+# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
-+[LibraryClasses]
-+  NetLib|NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
-+  DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
-+  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
-+  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
-+  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
-+  HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
-+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
-+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
-+  UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
-+  UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
-+  UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-+  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
-+  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
-+  UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
-+  UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
-+  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
-+  PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
-+  PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
-+  DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
-+  DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
-+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
-+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-+!ifdef CONTINUOUS_INTEGRATION
-+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
-+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
-+!else
-+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-+!endif
-+  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
-+  FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
-+  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
-+  SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-+
-+!if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022
-+[LibraryClasses.X64]
-+  # Provide StackCookie support lib so that we can link to /GS exports for VS builds
-+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+!endif
-+
-+[LibraryClasses.common.UEFI_DRIVER]
-+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
-+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
-+  DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
-+[LibraryClasses.common.UEFI_APPLICATION]
-+  DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
-+  ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
-+[LibraryClasses.ARM, LibraryClasses.AARCH64]
-+  #
-+  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-+  # This library provides the instrinsic functions generated by a given compiler.
-+  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-+  #
-+!if $(TOOL_CHAIN_TAG) != VS2017 and $(TOOL_CHAIN_TAG) != VS2015 and $(TOOL_CHAIN_TAG) != VS2019
-+  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-+!endif
-+  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-+[LibraryClasses.ARM]
-+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+[LibraryClasses.RISCV64]
-+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+
-+[PcdsFixedAtBuild]
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType|0x4
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch

@@ -1,170 +0,0 @@
-From ffa1202da2f55c1f540240e8267db9a7ec8d6a60 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 11/15] NetworkPkg: : Adds a SecurityFix.yaml file
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [11/15] 8a46b763887843d00293997bdd7d50ea120104d9
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit 1d0b95f6457d225c5108302a9da74b4ed7aa5a38
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:57 2024 +0800
-
-    NetworkPkg: : Adds a SecurityFix.yaml file
-
-    This creates / adds a security file that tracks the security fixes
-    found in this package and can be used to find the fixes that were
-    applied.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/SecurityFixes.yaml | 123 ++++++++++++++++++++++++++++++++++
- 1 file changed, 123 insertions(+)
- create mode 100644 NetworkPkg/SecurityFixes.yaml
-
-diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-new file mode 100644
-index 0000000000..7e900483fe
---- /dev/null
-+++ b/NetworkPkg/SecurityFixes.yaml
-@@ -0,0 +1,123 @@
-+## @file
-+# Security Fixes for SecurityPkg
-+#
-+# Copyright (c) Microsoft Corporation
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+CVE_2023_45229:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
-+  cve: CVE-2023-45229
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45229
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45230:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests"
-+  cve: CVE-2023-45230
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 02 - edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option"
-+  note:
-+  files_impacted:
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4535
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45230
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45231:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests"
-+  cve: CVE-2023-45231
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 03 - edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45231
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45232:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
-+  cve: CVE-2023-45232
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 04 - edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+    - NetworkPkg/Ip6Dxe/Ip6Option.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45232
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45233:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
-+  cve: CVE-2023-45233
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 05 - edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header "
-+  note: This was fixed along with CVE-2023-45233
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+    - NetworkPkg/Ip6Dxe/Ip6Option.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45233
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45234:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Unit Tests"
-+  cve: CVE-2023-45234
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 06 - edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45234
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45235:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Unit Tests"
-+  cve: CVE-2023-45235
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 07 - edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45235
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch

@@ -1,69 +0,0 @@
-From 649fe647114ca5dee84b0c55106ee58a9703984f Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 15/15] NetworkPkg: Dhcp6Dxe: Packet-Length is not updated
- before appending
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [15/15] bc7ef287311bb3f757bc26f8921875566bcb5917
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 75deaf5c3c0d164c61653258c331151241bb69d8
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:02 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: Packet-Length is not updated before appending
-
-    In order for Dhcp6AppendIaAddrOption (..) to safely append the IA
-    Address option, the Packet-Length field must be updated before appending
-    the option.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-index e172ffc2a2..c23eff8766 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-@@ -948,6 +948,11 @@ Dhcp6AppendIaOption (
-     *PacketCursor += sizeof (T2);
-   }
- 
-+  //
-+  // Update the packet length
-+  //
-+  Packet->Length += BytesNeeded;
-+
-   //
-   // Fill all the addresses belong to the Ia
-   //
-@@ -959,11 +964,6 @@ Dhcp6AppendIaOption (
-     }
-   }
- 
--  //
--  // Update the packet length
--  //
--  Packet->Length += BytesNeeded;
--
-   //
-   // Fill the value of Ia option length
-   //
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch

@@ -1,161 +0,0 @@
-From 4bf844922a963cb20fb1e72ca11a65a673992ca2 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 14/15] NetworkPkg: Dhcp6Dxe: Removes duplicate check and
- replaces with macro
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [14/15] a943400f9267b219bf1fd202534500f82a2a4c56
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit af3fad99d6088881562e50149f414f76a5be0140
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:01 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: Removes duplicate check and replaces with macro
-
-    Removes duplicate check after merge
-
-    >
-    >  //
-    >  // Verify the PacketCursor is within the packet
-    >  //
-    >  if (  (*PacketCursor < Packet->Dhcp6.Option)
-    >     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size -
-    sizeof (EFI_DHCP6_HEADER))))
-    >  {
-    >    return EFI_INVALID_PARAMETER;
-    >  }
-    >
-
-    Converts the check to a macro and replaces all instances of the check
-    with the macro
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 43 +++++++++++++-----------------
- 1 file changed, 18 insertions(+), 25 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-index 484c360a96..e172ffc2a2 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-@@ -10,6 +10,15 @@
- 
- #include "Dhcp6Impl.h"
- 
-+//
-+// Verifies the packet cursor is within the packet
-+// otherwise it is invalid
-+//
-+#define IS_INVALID_PACKET_CURSOR(PacketCursor, Packet) \
-+  (((*PacketCursor) < (Packet)->Dhcp6.Option) || \
-+   ((*PacketCursor) >= (Packet)->Dhcp6.Option + ((Packet)->Size - sizeof(EFI_DHCP6_HEADER))) \
-+  )                                                                            \
-+
- 
- /**
-   Generate client Duid in the format of Duid-llt.
-@@ -662,9 +671,7 @@ Dhcp6AppendOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -681,15 +688,6 @@ Dhcp6AppendOption (
-     return EFI_BUFFER_TOO_SMALL;
-   }
- 
--  //
--  // Verify the PacketCursor is within the packet
--  //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
--    return EFI_INVALID_PARAMETER;
--  }
--
-   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);
-   *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
-   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);
-@@ -768,9 +766,7 @@ Dhcp6AppendIaAddrOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -902,9 +898,7 @@ Dhcp6AppendIaOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -966,14 +960,14 @@ Dhcp6AppendIaOption (
-   }
- 
-   //
--  // Fill the value of Ia option length
-+  // Update the packet length
-   //
--  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
-+  Packet->Length += BytesNeeded;
- 
-   //
--  // Update the packet length
-+  // Fill the value of Ia option length
-   //
--  Packet->Length += BytesNeeded;
-+  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
- 
-   return EFI_SUCCESS;
- }
-@@ -982,6 +976,7 @@ Dhcp6AppendIaOption (
-   Append the appointed Elapsed time option to Buf, and move Buf to the end.
- 
-   @param[in, out] Packet        A pointer to the packet, on success Packet->Length
-+                                will be updated.
-   @param[in, out] PacketCursor  The pointer in the packet, on success PacketCursor
-                                 will be moved to the end of the option.
-   @param[in]      Instance      The pointer to the Dhcp6 instance.
-@@ -1037,9 +1032,7 @@ Dhcp6AppendETOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch

@@ -1,621 +0,0 @@
-From a115d0a66c3e73c60b74ec6d09e3759da89e919b Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 9 Feb 2024 17:57:07 -0500
-Subject: [PATCH 17/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [4/4] 3daf69000f78416ee1f1bad0b6ceb01ed28a84a5 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 1dbb10cc52dc8ef49bb700daa1cefc76b26d52e0
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:46 2024 +0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-
-    Bug Details:
-    PixieFail Bug #1
-    CVE-2023-45229
-    CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    CWE-125 Out-of-bounds Read
-
-    Change Overview:
-
-    Introduce Dhcp6SeekInnerOptionSafe which performs checks before seeking
-    the Inner Option from a DHCP6 Option.
-
-    >
-    > EFI_STATUS
-    > Dhcp6SeekInnerOptionSafe (
-    >  IN  UINT16  IaType,
-    >  IN  UINT8   *Option,
-    >  IN  UINT32  OptionLen,
-    >  OUT UINT8   **IaInnerOpt,
-    >  OUT UINT16  *IaInnerLen
-    >  );
-    >
-
-    Lots of code cleanup to improve code readability.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 138 ++++++++++++++++++---
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c   | 205 +++++++++++++++++++++-----------
- 2 files changed, 257 insertions(+), 86 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-index ec0ed5d8f5..e759ab9a62 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-@@ -47,6 +47,20 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
- #define DHCP6_SERVICE_SIGNATURE   SIGNATURE_32 ('D', 'H', '6', 'S')
- #define DHCP6_INSTANCE_SIGNATURE  SIGNATURE_32 ('D', 'H', '6', 'I')
- 
-+#define DHCP6_PACKET_ALL        0
-+#define DHCP6_PACKET_STATEFUL   1
-+#define DHCP6_PACKET_STATELESS  2
-+
-+#define DHCP6_BASE_PACKET_SIZE  1024
-+
-+#define DHCP6_PORT_CLIENT  546
-+#define DHCP6_PORT_SERVER  547
-+
-+#define DHCP_CHECK_MEDIA_WAITING_TIME    EFI_TIMER_PERIOD_SECONDS(20)
-+
-+#define DHCP6_INSTANCE_FROM_THIS(Instance) CR ((Instance), DHCP6_INSTANCE, Dhcp6, DHCP6_INSTANCE_SIGNATURE)
-+#define DHCP6_SERVICE_FROM_THIS(Service)   CR ((Service), DHCP6_SERVICE, ServiceBinding, DHCP6_SERVICE_SIGNATURE)
-+
- //
- // For more information on DHCP options see RFC 8415, Section 21.1
- //
-@@ -61,12 +75,10 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
- //    |                      (option-len octets)                      |
- //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- //
--#define DHCP6_SIZE_OF_OPT_CODE  (sizeof(UINT16))
--#define DHCP6_SIZE_OF_OPT_LEN   (sizeof(UINT16))
-+#define DHCP6_SIZE_OF_OPT_CODE  (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpCode))
-+#define DHCP6_SIZE_OF_OPT_LEN   (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpLen))
- 
--//
- // Combined size of Code and Length
--//
- #define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN  (DHCP6_SIZE_OF_OPT_CODE + \
-                                               DHCP6_SIZE_OF_OPT_LEN)
- 
-@@ -75,34 +87,122 @@ STATIC_ASSERT (
-   "Combined size of Code and Length must be 4 per RFC 8415"
-   );
- 
--//
- // Offset to the length is just past the code
--//
--#define DHCP6_OPT_LEN_OFFSET(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
-+#define DHCP6_OFFSET_OF_OPT_LEN(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
- STATIC_ASSERT (
--  DHCP6_OPT_LEN_OFFSET (0) == 2,
-+  DHCP6_OFFSET_OF_OPT_LEN (0) == 2,
-   "Offset of length is + 2 past start of option"
-   );
- 
--#define DHCP6_OPT_DATA_OFFSET(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
-+#define DHCP6_OFFSET_OF_OPT_DATA(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
- STATIC_ASSERT (
--  DHCP6_OPT_DATA_OFFSET (0) == 4,
-+  DHCP6_OFFSET_OF_OPT_DATA (0) == 4,
-   "Offset to option data should be +4 from start of option"
-   );
-+//
-+// Identity Association options (both NA (Non-Temporary) and TA (Temporary Association))
-+// are defined in RFC 8415 and are a deriviation of a TLV stucture
-+// For more information on IA_NA see Section 21.4
-+// For more information on IA_TA see Section 21.5
-+//
-+//
-+//  The format of IA_NA and IA_TA option:
-+//
-+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |          OPTION_IA_NA         |          option-len           |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        IAID (4 octets)                        |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        T1 (only for IA_NA)                    |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        T2 (only for IA_NA)                    |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                                                               |
-+//    .                  IA_NA-options/IA_TA-options                  .
-+//    .                                                               .
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+#define DHCP6_SIZE_OF_IAID           (sizeof(UINT32))
-+#define DHCP6_SIZE_OF_TIME_INTERVAL  (sizeof(UINT32))
- 
--#define DHCP6_PACKET_ALL        0
--#define DHCP6_PACKET_STATEFUL   1
--#define DHCP6_PACKET_STATELESS  2
-+// Combined size of IAID, T1, and T2
-+#define DHCP6_SIZE_OF_COMBINED_IAID_T1_T2  (DHCP6_SIZE_OF_IAID +  \
-+                                            DHCP6_SIZE_OF_TIME_INTERVAL + \
-+                                            DHCP6_SIZE_OF_TIME_INTERVAL)
-+STATIC_ASSERT (
-+  DHCP6_SIZE_OF_COMBINED_IAID_T1_T2 == 12,
-+  "Combined size of IAID, T1, T2 must be 12 per RFC 8415"
-+  );
- 
--#define DHCP6_BASE_PACKET_SIZE    1024
-+// This is the size of IA_TA without options
-+#define DHCP6_MIN_SIZE_OF_IA_TA  (DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                  DHCP6_SIZE_OF_IAID)
-+STATIC_ASSERT (
-+  DHCP6_MIN_SIZE_OF_IA_TA == 8,
-+  "Minimum combined size of IA_TA per RFC 8415"
-+  );
- 
--#define DHCP6_PORT_CLIENT         546
--#define DHCP6_PORT_SERVER         547
-+// Offset to a IA_TA inner option
-+#define DHCP6_OFFSET_OF_IA_TA_INNER_OPT(a)  (a + DHCP6_MIN_SIZE_OF_IA_TA)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_TA_INNER_OPT (0) == 8,
-+  "Offset of IA_TA Inner option is + 8 past start of option"
-+  );
- 
--#define DHCP_CHECK_MEDIA_WAITING_TIME    EFI_TIMER_PERIOD_SECONDS(20)
-+// This is the size of IA_NA without options (16)
-+#define DHCP6_MIN_SIZE_OF_IA_NA  DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                 DHCP6_SIZE_OF_COMBINED_IAID_T1_T2
-+STATIC_ASSERT (
-+  DHCP6_MIN_SIZE_OF_IA_NA == 16,
-+  "Minimum combined size of IA_TA per RFC 8415"
-+  );
- 
--#define DHCP6_INSTANCE_FROM_THIS(Instance) CR ((Instance), DHCP6_INSTANCE, Dhcp6, DHCP6_INSTANCE_SIGNATURE)
--#define DHCP6_SERVICE_FROM_THIS(Service)   CR ((Service), DHCP6_SERVICE, ServiceBinding, DHCP6_SERVICE_SIGNATURE)
-+#define DHCP6_OFFSET_OF_IA_NA_INNER_OPT(a)  (a + DHCP6_MIN_SIZE_OF_IA_NA)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_INNER_OPT (0) == 16,
-+  "Offset of IA_NA Inner option is + 16 past start of option"
-+  );
-+
-+#define DHCP6_OFFSET_OF_IA_NA_T1(a)  (a + \
-+                                   DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                   DHCP6_SIZE_OF_IAID)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_T1 (0) == 8,
-+  "Offset of IA_NA Inner option is + 8 past start of option"
-+  );
-+
-+#define DHCP6_OFFSET_OF_IA_NA_T2(a)  (a + \
-+                                   DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN +\
-+                                   DHCP6_SIZE_OF_IAID + \
-+                                   DHCP6_SIZE_OF_TIME_INTERVAL)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_T2 (0) == 12,
-+  "Offset of IA_NA Inner option is + 12 past start of option"
-+  );
-+
-+//
-+// For more information see RFC 8415 Section 21.13
-+//
-+// The format of the Status Code Option:
-+//
-+//     0                   1                   2                   3
-+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |       OPTION_STATUS_CODE      |         option-len            |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |          status-code          |                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
-+//    .                                                               .
-+//    .                        status-message                         .
-+//    .                                                               .
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+#define DHCP6_OFFSET_OF_STATUS_CODE(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_STATUS_CODE (0) == 4,
-+  "Offset of status is + 4 past start of option"
-+  );
- 
- extern EFI_IPv6_ADDRESS           mAllDhcpRelayAndServersAddress;
- extern EFI_DHCP6_PROTOCOL         gDhcp6ProtocolTemplate;
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-index 2976684aba..d680febbf1 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-@@ -611,8 +611,8 @@ Dhcp6UpdateIaInfo (
-   // The inner options still start with 2 bytes option-code and 2 bytes option-len.
-   //
-   if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
--    T1 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 8)));
--    T2 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 12)));
-+    T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T1 (Option))));
-+    T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T2 (Option))));
-     //
-     // Refer to RFC3155 Chapter 22.4. If a client receives an IA_NA with T1 greater than T2,
-     // and both T1 and T2 are greater than 0, the client discards the IA_NA option and processes
-@@ -621,13 +621,14 @@ Dhcp6UpdateIaInfo (
-     if (T1 > T2 && T2 > 0) {
-       return EFI_DEVICE_ERROR;
-     }
--    IaInnerOpt = Option + 16;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 12);
-+    IaInnerOpt = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
-+    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_COMBINED_IAID_T1_T2);
-   } else {
-     T1 = 0;
-     T2 = 0;
--    IaInnerOpt = Option + 8;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 4);
-+
-+    IaInnerOpt = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
-+    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_IAID);
-   }
- 
-   //
-@@ -653,7 +654,7 @@ Dhcp6UpdateIaInfo (
-   Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
- 
-   if (Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -675,6 +676,87 @@ Dhcp6UpdateIaInfo (
- 
- 
- 
-+/**
-+  Seeks the Inner Options from a DHCP6 Option
-+
-+  @param[in]  IaType          The type of the IA option.
-+  @param[in]  Option          The pointer to the DHCP6 Option.
-+  @param[in]  OptionLen       The length of the DHCP6 Option.
-+  @param[out] IaInnerOpt      The pointer to the IA inner option.
-+  @param[out] IaInnerLen      The length of the IA inner option.
-+
-+  @retval EFI_SUCCESS         Seek the inner option successfully.
-+  @retval EFI_DEVICE_ERROR    The OptionLen is invalid. On Error,
-+                              the pointers are not modified
-+**/
-+EFI_STATUS
-+Dhcp6SeekInnerOptionSafe (
-+  IN  UINT16  IaType,
-+  IN  UINT8   *Option,
-+  IN  UINT32  OptionLen,
-+  OUT UINT8   **IaInnerOpt,
-+  OUT UINT16  *IaInnerLen
-+  )
-+{
-+  UINT16  IaInnerLenTmp;
-+  UINT8   *IaInnerOptTmp;
-+
-+  if (Option == NULL) {
-+    ASSERT (Option != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaInnerOpt == NULL) {
-+    ASSERT (IaInnerOpt != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaInnerLen == NULL) {
-+    ASSERT (IaInnerLen != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaType == Dhcp6OptIana) {
-+    // Verify we have a fully formed IA_NA
-+    if (OptionLen < DHCP6_MIN_SIZE_OF_IA_NA) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    //
-+    IaInnerOptTmp = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
-+
-+    // Verify the IaInnerLen is valid.
-+    IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN (Option)));
-+    if (IaInnerLenTmp < DHCP6_SIZE_OF_COMBINED_IAID_T1_T2) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerLenTmp -= DHCP6_SIZE_OF_COMBINED_IAID_T1_T2;
-+  } else if (IaType == Dhcp6OptIata) {
-+    // Verify the OptionLen is valid.
-+    if (OptionLen < DHCP6_MIN_SIZE_OF_IA_TA) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerOptTmp = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
-+
-+    // Verify the IaInnerLen is valid.
-+    IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-+    if (IaInnerLenTmp < DHCP6_SIZE_OF_IAID) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerLenTmp -= DHCP6_SIZE_OF_IAID;
-+  } else {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  *IaInnerOpt = IaInnerOptTmp;
-+  *IaInnerLen = IaInnerLenTmp;
-+
-+  return EFI_SUCCESS;
-+}
-+
- /**
-   Seek StatusCode Option in package. A Status Code option may appear in the
-   options field of a DHCP message and/or in the options field of another option.
-@@ -695,9 +777,15 @@ Dhcp6SeekStsOption (
-   OUT    UINT8                    **Option
-   )
- {
--  UINT8                       *IaInnerOpt;
--  UINT16                      IaInnerLen;
--  UINT16                      StsCode;
-+  UINT8   *IaInnerOpt;
-+  UINT16  IaInnerLen;
-+  UINT16  StsCode;
-+  UINT32  OptionLen;
-+
-+  // OptionLen is the length of the Options excluding the DHCP header.
-+  // Length of the EFI_DHCP6_PACKET from the first byte of the Header field to the last
-+  // byte of the Option[] field.
-+  OptionLen = Packet->Length - sizeof (Packet->Dhcp6.Header);
- 
-   //
-   // Seek StatusCode option directly in DHCP message body. That is, search in
-@@ -705,12 +793,12 @@ Dhcp6SeekStsOption (
-   //
-   *Option = Dhcp6SeekOption (
-               Packet->Dhcp6.Option,
--              Packet->Length - 4,
-+              OptionLen,
-               Dhcp6OptStatusCode
-               );
- 
-   if (*Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_STATUS_CODE (*Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -721,7 +809,7 @@ Dhcp6SeekStsOption (
-   //
-   *Option = Dhcp6SeekIaOption (
-               Packet->Dhcp6.Option,
--              Packet->Length - sizeof (EFI_DHCP6_HEADER),
-+              OptionLen,
-               &Instance->Config->IaDescriptor
-               );
-   if (*Option == NULL) {
-@@ -729,52 +817,35 @@ Dhcp6SeekStsOption (
-   }
- 
-   //
--  // The format of the IA_NA option is:
-+  // Calculate the distance from Packet->Dhcp6.Option to the IA option.
-   //
--  //     0                   1                   2                   3
--  //     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |          OPTION_IA_NA         |          option-len           |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                        IAID (4 octets)                        |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                              T1                               |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                              T2                               |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                                                               |
--  //    .                         IA_NA-options                         .
--  //    .                                                               .
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+  // Packet->Size and Packet->Length are both UINT32 type, and Packet->Size is
-+  // the size of the whole packet, including the DHCP header, and Packet->Length
-+  // is the length of the DHCP message body, excluding the DHCP header.
-   //
--  // The format of the IA_TA option is:
-+  // (*Option - Packet->Dhcp6.Option) is the number of bytes from the start of
-+  // DHCP6 option area to the start of the IA option.
-   //
--  //     0                   1                   2                   3
--  //     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |         OPTION_IA_TA          |          option-len           |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                        IAID (4 octets)                        |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                                                               |
--  //    .                         IA_TA-options                         .
--  //    .                                                               .
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+  // Dhcp6SeekInnerOptionSafe() is searching starting from the start of the
-+  // IA option to the end of the DHCP6 option area, thus subtract the space
-+  // up until this option
-   //
-+  OptionLen = OptionLen - (*Option - Packet->Dhcp6.Option);
- 
-   //
--  // sizeof (option-code + option-len + IaId)           = 8
--  // sizeof (option-code + option-len + IaId + T1)      = 12
--  // sizeof (option-code + option-len + IaId + T1 + T2) = 16
-+  // Seek the inner option
-   //
--  // The inner options still start with 2 bytes option-code and 2 bytes option-len.
--  //
--  if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
--    IaInnerOpt = *Option + 16;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 12);
--  } else {
--    IaInnerOpt = *Option + 8;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 4);
-+  if (EFI_ERROR (
-+        Dhcp6SeekInnerOptionSafe (
-+          Instance->Config->IaDescriptor.Type,
-+          *Option,
-+          OptionLen,
-+          &IaInnerOpt,
-+          &IaInnerLen
-+          )
-+        ))
-+  {
-+    return EFI_DEVICE_ERROR;
-   }
- 
-   //
-@@ -798,7 +869,7 @@ Dhcp6SeekStsOption (
-   //
-   *Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
-   if (*Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (*Option)))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -1123,7 +1194,7 @@ Dhcp6SendRequestMsg (
-   //
-   Option = Dhcp6SeekOption (
-              Instance->AdSelect->Dhcp6.Option,
--             Instance->AdSelect->Length - 4,
-+             Instance->AdSelect->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1309,7 +1380,7 @@ Dhcp6SendDeclineMsg (
-   //
-   Option = Dhcp6SeekOption (
-              LastReply->Dhcp6.Option,
--             LastReply->Length - 4,
-+             LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1469,7 +1540,7 @@ Dhcp6SendReleaseMsg (
-   //
-   Option = Dhcp6SeekOption (
-              LastReply->Dhcp6.Option,
--             LastReply->Length - 4,
-+             LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1695,7 +1766,7 @@ Dhcp6SendRenewRebindMsg (
- 
-     Option = Dhcp6SeekOption (
-                LastReply->Dhcp6.Option,
--               LastReply->Length - 4,
-+               LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-                Dhcp6OptServerId
-                );
-     if (Option == NULL) {
-@@ -2235,7 +2306,7 @@ Dhcp6HandleReplyMsg (
-   //
-   Option = Dhcp6SeekOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptRapidCommit
-              );
- 
-@@ -2383,7 +2454,7 @@ Dhcp6HandleReplyMsg (
-     //
-     // Any error status code option is found.
-     //
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (Option)))));
-     switch (StsCode) {
-     case Dhcp6StsUnspecFail:
-       //
-@@ -2514,7 +2585,7 @@ Dhcp6SelectAdvertiseMsg (
-   //
-   Option = Dhcp6SeekOption(
-              AdSelect->Dhcp6.Option,
--             AdSelect->Length - 4,
-+             AdSelect->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerUnicast
-              );
- 
-@@ -2526,7 +2597,7 @@ Dhcp6SelectAdvertiseMsg (
-       return EFI_OUT_OF_RESOURCES;
-     }
- 
--    CopyMem (Instance->Unicast, Option + 4, sizeof(EFI_IPv6_ADDRESS));
-+    CopyMem (Instance->Unicast, DHCP6_OFFSET_OF_OPT_DATA (Option), sizeof (EFI_IPv6_ADDRESS));
-   }
- 
-   //
-@@ -2580,7 +2651,7 @@ Dhcp6HandleAdvertiseMsg (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptRapidCommit
-              );
- 
-@@ -2676,7 +2747,7 @@ Dhcp6HandleAdvertiseMsg (
-       CopyMem (Instance->AdSelect, Packet, Packet->Size);
- 
-       if (Option != NULL) {
--        Instance->AdPref = *(Option + 4);
-+        Instance->AdPref = *(DHCP6_OFFSET_OF_OPT_DATA (Option));
-       }
-     } else {
-       //
-@@ -2747,11 +2818,11 @@ Dhcp6HandleStateful (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
-              Dhcp6OptClientId
-              );
- 
--  if (Option == NULL || CompareMem (Option + 4, ClientId->Duid, ClientId->Length) != 0) {
-+  if ((Option == NULL) || (CompareMem (DHCP6_OFFSET_OF_OPT_DATA (Option), ClientId->Duid, ClientId->Length) != 0)) {
-     goto ON_CONTINUE;
-   }
- 
-@@ -2760,7 +2831,7 @@ Dhcp6HandleStateful (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
-              Dhcp6OptServerId
-              );
- 
-@@ -2865,7 +2936,7 @@ Dhcp6HandleStateless (
-   //
-   Option = Dhcp6SeekOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
- 
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch

@@ -1,257 +0,0 @@
-From 1b58858f28a364a8f8fa897a78db7ced068719dd Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 13/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
- Related Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [13/15] 904fd82592208d0ca42bbb64f437691a5bdfd0b6
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 1c440a5eceedc64e892877eeac0f1a4938f5abbb
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:00 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4673
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-
-    This was not part of the Quarkslab bugs however the same pattern
-    as CVE-2023-45229 exists in Dhcp6UpdateIaInfo.
-
-    This patch replaces the code in question with the safe function
-    created to patch CVE-2023-45229
-
-    >
-    >   if (EFI_ERROR (
-    >        Dhcp6SeekInnerOptionSafe (
-    >          Instance->Config->IaDescriptor.Type,
-    >          Option,
-    >          OptionLen,
-    >          &IaInnerOpt,
-    >          &IaInnerLen
-    >          )
-    >        ))
-    >  {
-    >    return EFI_DEVICE_ERROR;
-    >  }
-    >
-
-    Additionally corrects incorrect usage of macro to read the status
-
-    > - StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN
-     (Option)));
-    > + StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)
-    DHCP6_OFFSET_OF_STATUS_CODE (Option));
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 70 ++++++++++++++++++++++++++---------
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.h | 22 +++++++++++
- 2 files changed, 75 insertions(+), 17 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-index 3b8feb4a20..a9bffae353 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-@@ -528,13 +528,23 @@ Dhcp6UpdateIaInfo (
- {
-   EFI_STATUS  Status;
-   UINT8       *Option;
-+  UINT32      OptionLen;
-   UINT8       *IaInnerOpt;
-   UINT16      IaInnerLen;
-   UINT16      StsCode;
-   UINT32      T1;
-   UINT32      T2;
- 
-+  T1 = 0;
-+  T2 = 0;
-+
-   ASSERT (Instance->Config != NULL);
-+
-+  // OptionLen is the length of the Options excluding the DHCP header.
-+  // Length of the EFI_DHCP6_PACKET from the first byte of the Header field to the last
-+  // byte of the Option[] field.
-+  OptionLen = Packet->Length - sizeof (Packet->Dhcp6.Header);
-+
-   //
-   // If the reply was received in response to a solicit with rapid commit option,
-   // request, renew or rebind message, the client updates the information it has
-@@ -549,13 +559,29 @@ Dhcp6UpdateIaInfo (
-   //
-   Option = Dhcp6SeekIaOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-+             OptionLen,
-              &Instance->Config->IaDescriptor
-              );
-   if (Option == NULL) {
-     return EFI_DEVICE_ERROR;
-   }
- 
-+  //
-+  // Calculate the distance from Packet->Dhcp6.Option to the IA option.
-+  //
-+  // Packet->Size and Packet->Length are both UINT32 type, and Packet->Size is
-+  // the size of the whole packet, including the DHCP header, and Packet->Length
-+  // is the length of the DHCP message body, excluding the DHCP header.
-+  //
-+  // (*Option - Packet->Dhcp6.Option) is the number of bytes from the start of
-+  // DHCP6 option area to the start of the IA option.
-+  //
-+  // Dhcp6SeekInnerOptionSafe() is searching starting from the start of the
-+  // IA option to the end of the DHCP6 option area, thus subtract the space
-+  // up until this option
-+  //
-+  OptionLen = OptionLen - (UINT32)(Option - Packet->Dhcp6.Option);
-+
-   //
-   // The format of the IA_NA option is:
-   //
-@@ -591,32 +617,32 @@ Dhcp6UpdateIaInfo (
-   //
- 
-   //
--  // sizeof (option-code + option-len + IaId)           = 8
--  // sizeof (option-code + option-len + IaId + T1)      = 12
--  // sizeof (option-code + option-len + IaId + T1 + T2) = 16
--  //
--  // The inner options still start with 2 bytes option-code and 2 bytes option-len.
-+  // Seek the inner option
-   //
-+  if (EFI_ERROR (
-+        Dhcp6SeekInnerOptionSafe (
-+          Instance->Config->IaDescriptor.Type,
-+          Option,
-+          OptionLen,
-+          &IaInnerOpt,
-+          &IaInnerLen
-+          )
-+        ))
-+  {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-   if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
-     T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T1 (Option))));
-     T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T2 (Option))));
-     //
-     // Refer to RFC3155 Chapter 22.4. If a client receives an IA_NA with T1 greater than T2,
-     // and both T1 and T2 are greater than 0, the client discards the IA_NA option and processes
--    // the remainder of the message as though the server had not  included the invalid IA_NA option.
-+    // the remainder of the message as though the server had not included the invalid IA_NA option.
-     //
-     if ((T1 > T2) && (T2 > 0)) {
-       return EFI_DEVICE_ERROR;
-     }
--
--    IaInnerOpt = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
--    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_COMBINED_IAID_T1_T2);
--  } else {
--    T1 = 0;
--    T2 = 0;
--
--    IaInnerOpt = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
--    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_IAID);
-   }
- 
-   //
-@@ -642,7 +668,7 @@ Dhcp6UpdateIaInfo (
-   Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
- 
-   if (Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_STATUS_CODE (Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -703,15 +729,21 @@ Dhcp6SeekInnerOptionSafe (
-   }
- 
-   if (IaType == Dhcp6OptIana) {
-+    //
-     // Verify we have a fully formed IA_NA
-+    //
-     if (OptionLen < DHCP6_MIN_SIZE_OF_IA_NA) {
-       return EFI_DEVICE_ERROR;
-     }
- 
-+    //
-+    // Get the IA Inner Option and Length
-     //
-     IaInnerOptTmp = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
- 
-+    //
-     // Verify the IaInnerLen is valid.
-+    //
-     IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN (Option)));
-     if (IaInnerLenTmp < DHCP6_SIZE_OF_COMBINED_IAID_T1_T2) {
-       return EFI_DEVICE_ERROR;
-@@ -719,14 +751,18 @@ Dhcp6SeekInnerOptionSafe (
- 
-     IaInnerLenTmp -= DHCP6_SIZE_OF_COMBINED_IAID_T1_T2;
-   } else if (IaType == Dhcp6OptIata) {
-+    //
-     // Verify the OptionLen is valid.
-+    //
-     if (OptionLen < DHCP6_MIN_SIZE_OF_IA_TA) {
-       return EFI_DEVICE_ERROR;
-     }
- 
-     IaInnerOptTmp = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
- 
-+    //
-     // Verify the IaInnerLen is valid.
-+    //
-     IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-     if (IaInnerLenTmp < DHCP6_SIZE_OF_IAID) {
-       return EFI_DEVICE_ERROR;
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-index 554f0f5e5d..8c0d282bca 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-@@ -218,4 +218,26 @@ Dhcp6OnTimerTick (
-   IN VOID                   *Context
-   );
- 
-+/**
-+  Seeks the Inner Options from a DHCP6 Option
-+
-+  @param[in]  IaType          The type of the IA option.
-+  @param[in]  Option          The pointer to the DHCP6 Option.
-+  @param[in]  OptionLen       The length of the DHCP6 Option.
-+  @param[out] IaInnerOpt      The pointer to the IA inner option.
-+  @param[out] IaInnerLen      The length of the IA inner option.
-+
-+  @retval EFI_SUCCESS         Seek the inner option successfully.
-+  @retval EFI_DEVICE_ERROR    The OptionLen is invalid. On Error,
-+                              the pointers are not modified
-+**/
-+EFI_STATUS
-+Dhcp6SeekInnerOptionSafe (
-+  IN  UINT16  IaType,
-+  IN  UINT8   *Option,
-+  IN  UINT32  OptionLen,
-+  OUT UINT8   **IaInnerOpt,
-+  OUT UINT16  *IaInnerLen
-+  );
-+
- #endif
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch

@@ -1,629 +0,0 @@
-From f5274b449181cb37efce0f08ed5d75a6bf6e54a8 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 8 Feb 2024 10:35:14 -0500
-Subject: [PATCH 16/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [3/4] 43b8569c0586c7dbf66b19c5db335d0ce05829de (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21842
-CVE: CVE-2023-45230
-Upstream: Merged
-
-commit 5f3658197bf29c83b3349b0ab1d99cdb0c3814bc
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:45 2024 +0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535
-
-    Confirms that reported issue...
-
-    "Buffer overflow in the DHCPv6 client via a long Server ID option"
-
-    ..has been corrected by the provided patch.
-
-    Tests the following functions to ensure they appropriately handle
-    untrusted data (either too long or too small) to prevent a buffer
-    overflow:
-
-    Dhcp6AppendOption
-    Dhcp6AppendETOption
-    Dhcp6AppendIaOption
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
- .../GoogleTest/Dhcp6DxeGoogleTest.inf         |  43 ++
- .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 478 ++++++++++++++++++
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- 4 files changed, 542 insertions(+)
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..9aeced2f91
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
-@@ -0,0 +1,20 @@
-+/** @file
-+  Acts as the main entry point for the tests for the Dhcp6Dxe module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-new file mode 100644
-index 0000000000..8e9119a371
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-@@ -0,0 +1,43 @@
-+## @file
-+# Unit test suite for the Dhcp6Dxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+  INF_VERSION         = 0x00010017
-+  BASE_NAME           = Dhcp6DxeGoogleTest
-+  FILE_GUID           = 1D2A4C65-38C8-4C2F-BB60-B5FA49625AA9
-+  VERSION_STRING      = 1.0
-+  MODULE_TYPE         = HOST_APPLICATION
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
-+#
-+[Sources]
-+  Dhcp6DxeGoogleTest.cpp
-+  Dhcp6IoGoogleTest.cpp
-+  ../Dhcp6Io.c
-+  ../Dhcp6Utility.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-new file mode 100644
-index 0000000000..7ee40e4af4
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-@@ -0,0 +1,478 @@
-+/** @file
-+  Tests for Dhcp6Io.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include <Library/BaseMemoryLib.h>
-+  #include "../Dhcp6Impl.h"
-+  #include "../Dhcp6Utility.h"
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Defines
-+////////////////////////////////////////////////////////////////////////
-+
-+#define DHCP6_PACKET_MAX_LEN  1500
-+
-+////////////////////////////////////////////////////////////////////////
-+////////////////////////////////////////////////////////////////////////
-+// Symbol Definitions
-+// These functions are not directly under test - but required to compile
-+////////////////////////////////////////////////////////////////////////
-+
-+// This definition is used by this test but is also required to compile
-+// by Dhcp6Io.c
-+EFI_IPv6_ADDRESS  mAllDhcpRelayAndServersAddress = {
-+  { 0xFF, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2 }
-+};
-+
-+EFI_STATUS
-+EFIAPI
-+UdpIoSendDatagram (
-+  IN  UDP_IO           *UdpIo,
-+  IN  NET_BUF          *Packet,
-+  IN  UDP_END_POINT    *EndPoint OPTIONAL,
-+  IN  EFI_IP_ADDRESS   *Gateway  OPTIONAL,
-+  IN  UDP_IO_CALLBACK  CallBack,
-+  IN  VOID             *Context
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+EFIAPI
-+UdpIoRecvDatagram (
-+  IN  UDP_IO           *UdpIo,
-+  IN  UDP_IO_CALLBACK  CallBack,
-+  IN  VOID             *Context,
-+  IN  UINT32           HeadLen
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendOptionTest Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet       = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size = DHCP6_PACKET_MAX_LEN;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is too small by a duid that is too large
-+TEST_F (Dhcp6AppendOptionTest, InvalidDataExpectBufferTooSmall) {
-+  UINT8           *Cursor;
-+  EFI_DHCP6_DUID  *UntrustedDuid;
-+  EFI_STATUS      Status;
-+
-+  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
-+  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
-+
-+  UntrustedDuid->Length = NTOHS (0xFFFF);
-+
-+  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendOption (
-+             Dhcp6AppendOptionTest::Packet,
-+             &Cursor,
-+             HTONS (Dhcp6OptServerId),
-+             UntrustedDuid->Length,
-+             UntrustedDuid->Duid
-+             );
-+
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is large enough
-+TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
-+  UINT8           *Cursor;
-+  EFI_DHCP6_DUID  *UntrustedDuid;
-+  EFI_STATUS      Status;
-+  UINTN           OriginalLength;
-+
-+  UINT8  Duid[6] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
-+  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
-+
-+  UntrustedDuid->Length = NTOHS (sizeof (Duid));
-+  CopyMem (UntrustedDuid->Duid, Duid, sizeof (Duid));
-+
-+  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendOption (
-+             Dhcp6AppendOptionTest::Packet,
-+             &Cursor,
-+             HTONS (Dhcp6OptServerId),
-+             UntrustedDuid->Length,
-+             UntrustedDuid->Duid
-+             );
-+
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendOptionTest::Packet->Dhcp6.Option + sizeof (Duid) + 4);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendOptionTest::Packet->Length, OriginalLength + sizeof (Duid) + 4);
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendETOption Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendETOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet         = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size   = DHCP6_PACKET_MAX_LEN;
-+    Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is too small by a duid that is too large
-+TEST_F (Dhcp6AppendETOptionTest, InvalidDataExpectBufferTooSmall) {
-+  UINT8           *Cursor;
-+  EFI_STATUS      Status;
-+  DHCP6_INSTANCE  Instance;
-+  UINT16          ElapsedTimeVal;
-+  UINT16          *ElapsedTime;
-+
-+  Cursor      = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
-+  ElapsedTime = &ElapsedTimeVal;
-+
-+  Packet->Length = Packet->Size - 2;
-+
-+  Status = Dhcp6AppendETOption (
-+             Dhcp6AppendETOptionTest::Packet,
-+             &Cursor,
-+             &Instance, // Instance is not used in this function
-+             &ElapsedTime
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is large enough
-+TEST_F (Dhcp6AppendETOptionTest, ValidDataExpectSuccess) {
-+  UINT8           *Cursor;
-+  EFI_STATUS      Status;
-+  DHCP6_INSTANCE  Instance;
-+  UINT16          ElapsedTimeVal;
-+  UINT16          *ElapsedTime;
-+  UINTN           ExpectedSize;
-+  UINTN           OriginalLength;
-+
-+  Cursor         = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
-+  ElapsedTime    = &ElapsedTimeVal;
-+  ExpectedSize   = 6;
-+  OriginalLength = Packet->Length;
-+
-+  Status = Dhcp6AppendETOption (
-+             Dhcp6AppendETOptionTest::Packet,
-+             &Cursor,
-+             &Instance, // Instance is not used in this function
-+             &ElapsedTime
-+             );
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendETOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendETOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendIaOption Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendIaOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+  EFI_DHCP6_IA *Ia;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet       = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size = DHCP6_PACKET_MAX_LEN;
-+
-+    Ia = (EFI_DHCP6_IA *)AllocateZeroPool (sizeof (EFI_DHCP6_IA) + sizeof (EFI_DHCP6_IA_ADDRESS) * 2);
-+    ASSERT_NE (Ia, (EFI_DHCP6_IA *)NULL);
-+
-+    CopyMem (Ia->IaAddress, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
-+    CopyMem (Ia->IaAddress + 1, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
-+
-+    Ia->IaAddressCount = 2;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+
-+    if (Ia != NULL) {
-+      FreePool (Ia);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that doesn't have enough space
-+// for the option header
-+TEST_F (Dhcp6AppendIaOptionTest, IaNaInvalidDataExpectBufferTooSmall) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+
-+  Packet->Length = Packet->Size - 2;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIana;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0x12345678,
-+             0x11111111,
-+             Dhcp6OptIana
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that doesn't have enough space
-+// for the option header
-+TEST_F (Dhcp6AppendIaOptionTest, IaTaInvalidDataExpectBufferTooSmall) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+
-+  // Use up nearly all the space in the packet
-+  Packet->Length = Packet->Size - 2;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIata;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0,
-+             0,
-+             Dhcp6OptIata
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+TEST_F (Dhcp6AppendIaOptionTest, IaNaValidDataExpectSuccess) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+  UINTN       ExpectedSize;
-+  UINTN       OriginalLength;
-+
-+  //
-+  // 2 bytes for the option header type
-+  //
-+  ExpectedSize = 2;
-+  //
-+  // 2 bytes for the option header length
-+  //
-+  ExpectedSize += 2;
-+  //
-+  // 4 bytes for the IAID
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + 4 bytes for the T1
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + 4 bytes for the T2
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+  //   + 2 bytes for the option header type
-+  //   + 2 bytes for the option header length
-+  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
-+  //
-+  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIana;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0x12345678,
-+             0x12345678,
-+             Dhcp6OptIana
-+             );
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+}
-+
-+TEST_F (Dhcp6AppendIaOptionTest, IaTaValidDataExpectSuccess) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+  UINTN       ExpectedSize;
-+  UINTN       OriginalLength;
-+
-+  //
-+  // 2 bytes for the option header type
-+  //
-+  ExpectedSize = 2;
-+  //
-+  // 2 bytes for the option header length
-+  //
-+  ExpectedSize += 2;
-+  //
-+  // 4 bytes for the IAID
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+  //   + 2 bytes for the option header type
-+  //   + 2 bytes for the option header length
-+  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
-+  //
-+  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIata;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0,
-+             0,
-+             Dhcp6OptIata
-+             );
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+}
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index 1aeca5c5b3..20bc90b172 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -24,6 +24,7 @@
-   #
-   # Build HOST_APPLICATION that tests NetworkPkg
-   #
-+  NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch

@@ -1,78 +0,0 @@
-From e3f153773bd2ca13ee4869187f1711840fc8afc9 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 15 Feb 2024 11:51:09 -0500
-Subject: [PATCH 02/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [2/15] 61eaf6aac61b774c3a8ace54af8abd607651d2db
-
-JIRA: https://issues.redhat.com/browse/RHEL-21844
-CVE: CVE-2022-45231
-Upstream: Merged
-
-commit bbfee34f4188ac00371abe1389ae9c9fb989a0cd
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:48 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-
-    Bug Overview:
-    PixieFail Bug #3
-    CVE-2023-45231
-    CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    CWE-125 Out-of-bounds Read
-
-    Out-of-bounds read when handling a ND Redirect message with truncated
-    options
-
-    Change Overview:
-
-    Adds a check to prevent truncated options from being parsed
-    +  //
-    +  // Cannot process truncated options.
-    +  // Cannot process options with a length of 0 as there is no Type
-    field.
-    +  //
-    +  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
-    +    return FALSE;
-    +  }
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
-index 199eea124d..8718d5d875 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.c
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
-@@ -137,6 +137,14 @@ Ip6IsNDOptionValid (
-     return FALSE;
-   }
- 
-+  //
-+  // Cannot process truncated options.
-+  // Cannot process options with a length of 0 as there is no Type field.
-+  //
-+  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
-+    return FALSE;
-+  }
-+
-   Offset = 0;
- 
-   //
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch

@@ -1,277 +0,0 @@
-From e8200dda7752d21794b2268efe9e957958ffef29 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 14 Feb 2024 12:24:44 -0500
-Subject: [PATCH 03/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit
- Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [3/15] ca554677a3397423073d3bb4774f856b2329ae9c
-
-JIRA: https://issues.redhat.com/browse/RHEL-21844
-CVE: CVE-2022-45231
-Upstream: Merged
-
-commit 6f77463d72807ec7f4ed6518c3dac29a1040df9f
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:49 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-
-    Validates that the patch for...
-
-    Out-of-bounds read when handling a ND Redirect message with truncated
-    options
-
-    .. has been fixed
-
-    Tests the following function to ensure that an out of bounds read does
-    not occur
-    Ip6OptionValidation
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp    |  20 +++
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  42 ++++++
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 129 ++++++++++++++++++
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- 4 files changed, 192 insertions(+)
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..6ebfd5fdfb
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
-@@ -0,0 +1,20 @@
-+/** @file
-+  Acts as the main entry point for the tests for the Ip6Dxe module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-new file mode 100644
-index 0000000000..6e4de0745f
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-@@ -0,0 +1,42 @@
-+## @file
-+# Unit test suite for the Ip6Dxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+  INF_VERSION         = 0x00010017
-+  BASE_NAME           = Ip6DxeUnitTest
-+  FILE_GUID           = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
-+  VERSION_STRING      = 1.0
-+  MODULE_TYPE         = HOST_APPLICATION
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
-+#
-+[Sources]
-+  Ip6DxeGoogleTest.cpp
-+  Ip6OptionGoogleTest.cpp
-+  ../Ip6Option.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-new file mode 100644
-index 0000000000..f2cd90e1a9
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-@@ -0,0 +1,129 @@
-+/** @file
-+  Tests for Ip6Option.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include "../Ip6Impl.h"
-+  #include "../Ip6Option.h"
-+}
-+
-+/////////////////////////////////////////////////////////////////////////
-+// Defines
-+///////////////////////////////////////////////////////////////////////
-+
-+#define IP6_PREFIX_INFO_OPTION_DATA_LEN    32
-+#define OPTION_HEADER_IP6_PREFIX_DATA_LEN  (sizeof (IP6_OPTION_HEADER) + IP6_PREFIX_INFO_OPTION_DATA_LEN)
-+
-+////////////////////////////////////////////////////////////////////////
-+// Symbol Definitions
-+// These functions are not directly under test - but required to compile
-+////////////////////////////////////////////////////////////////////////
-+UINT32  mIp6Id;
-+
-+EFI_STATUS
-+Ip6SendIcmpError (
-+  IN IP6_SERVICE       *IpSb,
-+  IN NET_BUF           *Packet,
-+  IN EFI_IPv6_ADDRESS  *SourceAddress       OPTIONAL,
-+  IN EFI_IPv6_ADDRESS  *DestinationAddress,
-+  IN UINT8             Type,
-+  IN UINT8             Code,
-+  IN UINT32            *Pointer             OPTIONAL
-+  )
-+{
-+  // ..
-+  return EFI_SUCCESS;
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Ip6OptionValidation Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+// Define a fixture for your tests if needed
-+class Ip6OptionValidationTest : public ::testing::Test {
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description:
-+// Null option should return false
-+TEST_F (Ip6OptionValidationTest, NullOptionShouldReturnFalse) {
-+  UINT8   *option   = nullptr;
-+  UINT16  optionLen = 10; // Provide a suitable length
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Truncated option should return false
-+TEST_F (Ip6OptionValidationTest, TruncatedOptionShouldReturnFalse) {
-+  UINT8   option[]  = { 0x01 }; // Provide a truncated option
-+  UINT16  optionLen = 1;
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with zero length should return false
-+TEST_F (Ip6OptionValidationTest, OptionWithZeroLengthShouldReturnFalse) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 0;
-+  UINT8  option[sizeof (IP6_OPTION_HEADER)];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+  UINT16  optionLen = sizeof (IP6_OPTION_HEADER);
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with valid length should return true
-+TEST_F (Ip6OptionValidationTest, ValidPrefixInfoOptionShouldReturnTrue) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 4; // Length 4 * 8 = 32
-+  UINT8  option[OPTION_HEADER_IP6_PREFIX_DATA_LEN];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+
-+  EXPECT_TRUE (Ip6IsNDOptionValid (option, IP6_PREFIX_INFO_OPTION_DATA_LEN));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with invalid length should return false
-+TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 3; // Length 3 * 8 = 24 (Invalid)
-+  UINT8  option[sizeof (IP6_OPTION_HEADER)];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+  UINT16  optionLen = sizeof (IP6_OPTION_HEADER);
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index 20bc90b172..ab7c2857b6 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -25,6 +25,7 @@
-   # Build HOST_APPLICATION that tests NetworkPkg
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-+  NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch

@@ -1,377 +0,0 @@
-From 23b31a16bbb789f4c251b1d2f23334210a9fb545 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 15 Feb 2024 11:51:09 -0500
-Subject: [PATCH 04/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [4/15] 48c273e43a6275c7eae3223c4ffa433f4d6531a4
-
-JIRA: https://issues.redhat.com/browse/RHEL-21846
-CVE: CVE-2022-45232
-Upstream: Merged
-
-JIRA: https://issues.redhat.com/browse/RHEL-21848
-CVE: CVE-2022-45233
-Upstream: Merged
-
-commit 4df0229ef992d4f2721a8508787ebf9dc81fbd6e
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:50 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-
-    Bug Details:
-    PixieFail Bug #4
-    CVE-2023-45232
-    CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
-
-    Infinite loop when parsing unknown options in the Destination Options
-    header
-
-    PixieFail Bug #5
-    CVE-2023-45233
-    CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
-
-    Infinite loop when parsing a PadN option in the Destination Options
-    header
-
-    Change Overview:
-
-    Most importantly this change corrects the following incorrect math
-    and cleans up the code.
-
-    >   // It is a PadN option
-    >   //
-    > - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2);
-    > + OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
-    > + Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-
-    > case Ip6OptionSkip:
-    > - Offset = (UINT8)(Offset + *(Option + Offset + 1));
-    >   OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
-    >   Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-
-    Additionally, this change also corrects incorrect math where the calling
-    function was calculating the HDR EXT optionLen as a uint8 instead of a
-    uint16
-
-    > - OptionLen = (UINT8)((*Option + 1) * 8 - 2);
-    > + OptionLen = IP6_HDR_EXT_LEN (*Option) -
-    IP6_COMBINED_SIZE_OF_NEXT_HDR_AND_LEN;
-
-    Additionally this check adds additional logic to santize the incoming
-    data
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Ip6Dxe/Ip6Nd.h     | 35 ++++++++++++++++
- NetworkPkg/Ip6Dxe/Ip6Option.c | 76 ++++++++++++++++++++++++++++++-----
- NetworkPkg/Ip6Dxe/Ip6Option.h | 71 ++++++++++++++++++++++++++++++++
- 3 files changed, 171 insertions(+), 11 deletions(-)
-
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
-index 860934a167..bf64e9114e 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
-+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
-@@ -56,13 +56,48 @@ VOID
-   VOID  *Context
-   );
- 
-+//
-+// Per RFC8200 Section 4.2
-+//
-+//   Two of the currently-defined extension headers -- the Hop-by-Hop
-+//   Options header and the Destination Options header -- carry a variable
-+//   number of type-length-value (TLV) encoded "options", of the following
-+//   format:
-+//
-+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
-+//      |  Option Type  |  Opt Data Len |  Option Data
-+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
-+//
-+//      Option Type          8-bit identifier of the type of option.
-+//
-+//      Opt Data Len         8-bit unsigned integer.  Length of the Option
-+//                           Data field of this option, in octets.
-+//
-+//      Option Data          Variable-length field.  Option-Type-specific
-+//                           data.
-+//
- typedef struct _IP6_OPTION_HEADER {
-+  ///
-+  /// identifier of the type of option.
-+  ///
-   UINT8    Type;
-+  ///
-+  /// Length of the Option Data field of this option, in octets.
-+  ///
-   UINT8    Length;
-+  ///
-+  /// Option-Type-specific data.
-+  ///
- } IP6_OPTION_HEADER;
- 
- STATIC_ASSERT (sizeof (IP6_OPTION_HEADER) == 2, "IP6_OPTION_HEADER is expected to be exactly 2 bytes long.");
- 
-+#define IP6_NEXT_OPTION_OFFSET(offset, length)  (offset + sizeof(IP6_OPTION_HEADER) + length)
-+STATIC_ASSERT (
-+  IP6_NEXT_OPTION_OFFSET (0, 0) == 2,
-+  "The next option is minimally the combined size of the option tag and length"
-+  );
-+
- typedef struct _IP6_ETHE_ADDR_OPTION {
-   UINT8    Type;
-   UINT8    Length;
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
-index 8718d5d875..fd97ce116f 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.c
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
-@@ -17,7 +17,8 @@
-   @param[in]  IpSb              The IP6 service data.
-   @param[in]  Packet            The to be validated packet.
-   @param[in]  Option            The first byte of the option.
--  @param[in]  OptionLen         The length of the whole option.
-+  @param[in]  OptionLen         The length of all options, expressed in byte length of octets.
-+                                Maximum length is 2046 bytes or ((n + 1) * 8) - 2 where n is 255.
-   @param[in]  Pointer           Identifies the octet offset within
-                                 the invoking packet where the error was detected.
- 
-@@ -31,12 +32,33 @@ Ip6IsOptionValid (
-   IN IP6_SERVICE  *IpSb,
-   IN NET_BUF      *Packet,
-   IN UINT8        *Option,
--  IN UINT8        OptionLen,
-+  IN UINT16       OptionLen,
-   IN UINT32       Pointer
-   )
- {
--  UINT8  Offset;
--  UINT8  OptionType;
-+  UINT16  Offset;
-+  UINT8   OptionType;
-+  UINT8   OptDataLen;
-+
-+  if (Option == NULL) {
-+    ASSERT (Option != NULL);
-+    return FALSE;
-+  }
-+
-+  if ((OptionLen <= 0) || (OptionLen > IP6_MAX_EXT_DATA_LENGTH)) {
-+    ASSERT (OptionLen > 0 && OptionLen <= IP6_MAX_EXT_DATA_LENGTH);
-+    return FALSE;
-+  }
-+
-+  if (Packet == NULL) {
-+    ASSERT (Packet != NULL);
-+    return FALSE;
-+  }
-+
-+  if (IpSb == NULL) {
-+    ASSERT (IpSb != NULL);
-+    return FALSE;
-+  }
- 
-   Offset = 0;
- 
-@@ -54,7 +76,8 @@ Ip6IsOptionValid (
-         //
-         // It is a PadN option
-         //
--        Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2);
-+        OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length;
-+        Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-         break;
-       case Ip6OptionRouterAlert:
-         //
-@@ -69,7 +92,8 @@ Ip6IsOptionValid (
-         //
-         switch (OptionType & Ip6OptionMask) {
-           case Ip6OptionSkip:
--            Offset = (UINT8)(Offset + *(Option + Offset + 1));
-+            OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length;
-+            Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-             break;
-           case Ip6OptionDiscard:
-             return FALSE;
-@@ -308,7 +332,7 @@ Ip6IsExtsValid (
-   UINT32               Pointer;
-   UINT32               Offset;
-   UINT8                *Option;
--  UINT8                OptionLen;
-+  UINT16               OptionLen;
-   BOOLEAN              Flag;
-   UINT8                CountD;
-   UINT8                CountA;
-@@ -385,6 +409,36 @@ Ip6IsExtsValid (
-       // Fall through
-       //
-       case IP6_DESTINATION:
-+        //
-+        // See https://www.rfc-editor.org/rfc/rfc2460#section-4.2 page 23
-+        //
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+        // |  Next Header  |  Hdr Ext Len  |                               |
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
-+        // |                                                               |
-+        // .                                                               .
-+        // .                            Options                            .
-+        // .                                                               .
-+        // |                                                               |
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+        //
-+        //
-+        //   Next Header    8-bit selector.  Identifies the type of header
-+        //                  immediately following the Destination Options
-+        //                  header.  Uses the same values as the IPv4
-+        //                  Protocol field [RFC-1700 et seq.].
-+        //
-+        //   Hdr Ext Len    8-bit unsigned integer.  Length of the
-+        //                  Destination Options header in 8-octet units, not
-+        //                  including the first 8 octets.
-+        //
-+        //   Options        Variable-length field, of length such that the
-+        //                  complete Destination Options header is an
-+        //                  integer multiple of 8 octets long.  Contains one
-+        //                  or  more TLV-encoded options, as described in
-+        //                  section 4.2.
-+        //
-+
-         if (*NextHeader == IP6_DESTINATION) {
-           CountD++;
-         }
-@@ -398,7 +452,7 @@ Ip6IsExtsValid (
- 
-         Offset++;
-         Option    = ExtHdrs + Offset;
--        OptionLen = (UINT8)((*Option + 1) * 8 - 2);
-+        OptionLen = IP6_HDR_EXT_LEN (*Option) - sizeof (IP6_EXT_HDR);
-         Option++;
-         Offset++;
- 
-@@ -430,7 +484,7 @@ Ip6IsExtsValid (
-           //
-           // Ignore the routing header and proceed to process the next header.
-           //
--          Offset = Offset + (RoutingHead->HeaderLen + 1) * 8;
-+          Offset = Offset + IP6_HDR_EXT_LEN (RoutingHead->HeaderLen);
- 
-           if (UnFragmentLen != NULL) {
-             *UnFragmentLen = Offset;
-@@ -441,7 +495,7 @@ Ip6IsExtsValid (
-           // to the packet's source address, pointing to the unrecognized routing
-           // type.
-           //
--          Pointer = Offset + 2 + sizeof (EFI_IP6_HEADER);
-+          Pointer = Offset + sizeof (IP6_EXT_HDR) + sizeof (EFI_IP6_HEADER);
-           if ((IpSb != NULL) && (Packet != NULL) &&
-               !IP6_IS_MULTICAST (&Packet->Ip.Ip6->DestinationAddress))
-           {
-@@ -527,7 +581,7 @@ Ip6IsExtsValid (
-         //
-         // RFC2402, Payload length is specified in 32-bit words, minus "2".
-         //
--        OptionLen = (UINT8)((*Option + 2) * 4);
-+        OptionLen = ((UINT16)(*Option + 2) * 4);
-         Offset    = Offset + OptionLen;
-         break;
- 
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.h b/NetworkPkg/Ip6Dxe/Ip6Option.h
-index bd8e223c8a..fb07c28f5a 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.h
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.h
-@@ -12,6 +12,77 @@
- 
- #define IP6_FRAGMENT_OFFSET_MASK  (~0x3)
- 
-+//
-+// For more information see RFC 8200, Section 4.3, 4.4, and 4.6
-+//
-+//  This example format is from section 4.6
-+//  This does not apply to fragment headers
-+//
-+//     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |  Next Header  |  Hdr Ext Len  |                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
-+//    |                                                               |
-+//    .                                                               .
-+//    .                  Header-Specific Data                         .
-+//    .                                                               .
-+//    |                                                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+//      Next Header           8-bit selector.  Identifies the type of
-+//                            header immediately following the extension
-+//                            header.  Uses the same values as the IPv4
-+//                            Protocol field [IANA-PN].
-+//
-+//      Hdr Ext Len           8-bit unsigned integer.  Length of the
-+//                            Destination Options header in 8-octet units,
-+//                            not including the first 8 octets.
-+
-+//
-+// These defines apply to the following:
-+//   1. Hop by Hop
-+//   2. Routing
-+//   3. Destination
-+//
-+typedef struct _IP6_EXT_HDR {
-+  ///
-+  /// The Next Header field identifies the type of header immediately
-+  ///
-+  UINT8    NextHeader;
-+  ///
-+  /// The Hdr Ext Len field specifies the length of the Hop-by-Hop Options
-+  ///
-+  UINT8    HdrExtLen;
-+  ///
-+  /// Header-Specific Data
-+  ///
-+} IP6_EXT_HDR;
-+
-+STATIC_ASSERT (
-+  sizeof (IP6_EXT_HDR) == 2,
-+  "The combined size of Next Header and Len is two 8 bit fields"
-+  );
-+
-+//
-+// IPv6 extension headers contain an 8-bit length field which describes the size of
-+// the header. However, the length field only includes the size of the extension
-+// header options, not the size of the first 8 bytes of the header. Therefore, in
-+// order to calculate the full size of the extension header, we add 1 (to account
-+// for the first 8 bytes omitted by the length field reporting) and then multiply
-+// by 8 (since the size is represented in 8-byte units).
-+//
-+// a is the length field of the extension header (UINT8)
-+// The result may be up to 2046 octets (UINT16)
-+//
-+#define IP6_HDR_EXT_LEN(a)  (((UINT16)((UINT8)(a)) + 1) * 8)
-+
-+// This is the maxmimum length permissible by a extension header
-+// Length is UINT8 of 8 octets not including the first 8 octets
-+#define IP6_MAX_EXT_DATA_LENGTH  (IP6_HDR_EXT_LEN (MAX_UINT8) - sizeof(IP6_EXT_HDR))
-+STATIC_ASSERT (
-+  IP6_MAX_EXT_DATA_LENGTH == 2046,
-+  "Maximum data length is ((MAX_UINT8 + 1) * 8) - 2"
-+  );
-+
- typedef struct _IP6_FRAGMENT_HEADER {
-   UINT8     NextHeader;
-   UINT8     Reserved;
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch

@@ -1,430 +0,0 @@
-From 2bd8bc051f6394f2ab3c22649c54ecbed5d636cd Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 14 Feb 2024 20:25:29 -0500
-Subject: [PATCH 05/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit
- Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [5/15] 624365d403df25927ab0514b0e25faea7376def8
-
-JIRA: https://issues.redhat.com/browse/RHEL-21846
-CVE: CVE-2022-45232
-Upstream: Merged
-
-commit c9c87f08dd6ace36fa843424522c3558a8374cac
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:51 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-
-    Unit tests to confirm that..
-    Infinite loop when parsing unknown options in the Destination Options
-    header
-
-    and
-
-    Infinite loop when parsing a PadN option in the Destination Options
-    header
-
-    ... have been patched
-
-    This patch tests the following functions:
-    Ip6IsOptionValid
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  10 +-
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 278 ++++++++++++++++++
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +++
- 3 files changed, 324 insertions(+), 4 deletions(-)
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-index 6e4de0745f..ba29dbabad 100644
---- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-@@ -1,13 +1,13 @@
- ## @file
--# Unit test suite for the Ip6Dxe using Google Test
-+# Unit test suite for the Ip6DxeGoogleTest using Google Test
- #
- # Copyright (c) Microsoft Corporation.<BR>
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- ##
- [Defines]
-   INF_VERSION         = 0x00010017
--  BASE_NAME           = Ip6DxeUnitTest
--  FILE_GUID           = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
-+  BASE_NAME           = Ip6DxeGoogleTest
-+  FILE_GUID           = AE39981C-B7FE-41A8-A9C2-F41910477CA3
-   VERSION_STRING      = 1.0
-   MODULE_TYPE         = HOST_APPLICATION
- #
-@@ -16,9 +16,11 @@
- #  VALID_ARCHITECTURES           = IA32 X64 AARCH64
- #
- [Sources]
-+  ../Ip6Option.c
-+  Ip6OptionGoogleTest.h
-   Ip6DxeGoogleTest.cpp
-   Ip6OptionGoogleTest.cpp
--  ../Ip6Option.c
-+  Ip6OptionGoogleTest.h
- 
- [Packages]
-   MdePkg/MdePkg.dec
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-index f2cd90e1a9..29f8a4a96e 100644
---- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-@@ -12,6 +12,7 @@ extern "C" {
-   #include <Library/DebugLib.h>
-   #include "../Ip6Impl.h"
-   #include "../Ip6Option.h"
-+  #include "Ip6OptionGoogleTest.h"
- }
- 
- /////////////////////////////////////////////////////////////////////////
-@@ -127,3 +128,280 @@ TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse)
- 
-   EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
- }
-+
-+////////////////////////////////////////////////////////////////////////
-+// Ip6IsOptionValid Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+// Define a fixture for your tests if needed
-+class Ip6IsOptionValidTest : public ::testing::Test {
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description
-+// Verify that a NULL option is Invalid
-+TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  IP6_SERVICE  *IpSb = NULL;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  EXPECT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 0 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength0) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 0;    // This will cause an infinite loop if the function is not working correctly
-+
-+  // This should be a valid option even though the length is 0
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 1 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength1) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 1;    // This will cause an infinite loop if the function is not working correctly
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 2 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyIpSkipUnknownOption) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 2;    // Valid length for an unknown option
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that Ip6OptionPad1 is valid with a length of 0
-+TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPad1) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPad1;
-+  optionHeader.Length = 0;
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that Ip6OptionPadN doesn't overflow with various lengths
-+TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPadN) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPadN;
-+  optionHeader.Length = 0xFF;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFE;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFD;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFC;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify an unknown option doesn't cause an infinite loop with various lengths
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLengthAttemptOverflow) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 0xFF;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFE;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFD;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFC;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that the function supports multiple options
-+TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) {
-+  UINT16   HdrLen;
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  UINT8              ExtHdr[1024] = { 0 };
-+  UINT8              *Cursor      = ExtHdr;
-+  IP6_OPTION_HEADER  *Option      = (IP6_OPTION_HEADER *)ExtHdr;
-+
-+  // Let's start chaining options
-+
-+  Option->Type   = 23;   // Unknown Option
-+  Option->Length = 0xFC;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC;
-+
-+  Option       = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type = Ip6OptionPad1;
-+
-+  Cursor += sizeof (1);
-+
-+  // Type and length aren't processed, instead it just moves the pointer forward by 4 bytes
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionRouterAlert;
-+  Option->Length = 4;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 4;
-+
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionPadN;
-+  Option->Length = 0xFC;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC;
-+
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionRouterAlert;
-+  Option->Length = 4;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 4;
-+
-+  // Total 524
-+
-+  HdrLen = (UINT16)(Cursor - ExtHdr);
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0));
-+}
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-new file mode 100644
-index 0000000000..0509b6ae30
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-@@ -0,0 +1,40 @@
-+/** @file
-+  Exposes the functions needed to test the Ip6Option module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#ifndef IP6_OPTION_HEADER_GOOGLE_TEST_H_
-+#define IP6_OPTION_HEADER_GOOGLE_TEST_H_
-+
-+#include <Uefi.h>
-+#include "../Ip6Impl.h"
-+
-+/**
-+  Validate the IP6 option format for both the packets we received
-+  and that we will transmit. It will compute the ICMPv6 error message fields
-+  if the option is malformatted.
-+
-+  @param[in]  IpSb              The IP6 service data.
-+  @param[in]  Packet            The to be validated packet.
-+  @param[in]  Option            The first byte of the option.
-+  @param[in]  OptionLen         The length of the whole option.
-+  @param[in]  Pointer           Identifies the octet offset within
-+                                the invoking packet where the error was detected.
-+
-+
-+  @retval TRUE     The option is properly formatted.
-+  @retval FALSE    The option is malformatted.
-+
-+**/
-+BOOLEAN
-+Ip6IsOptionValid (
-+  IN IP6_SERVICE  *IpSb,
-+  IN NET_BUF      *Packet,
-+  IN UINT8        *Option,
-+  IN UINT16       OptionLen,
-+  IN UINT32       Pointer
-+  );
-+
-+#endif // __IP6_OPTION_HEADER_GOOGLE_TEST_H__
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch

@@ -1,168 +0,0 @@
-From 38baf93892ec464490b6fe611c23b014f574344b Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 07/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [7/15] c1baa0b2facbf0b63a90a0bfd55264af9f893098
-
-JIRA: https://issues.redhat.com/browse/RHEL-21850
-CVE: CVE-2022-45234
-Upstream: Merged
-
-commit 1b53515d53d303166b2bbd31e2cc7f16fd0aecd7
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:52 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-
-    Bug Details:
-    PixieFail Bug #6
-    CVE-2023-45234
-    CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
-    CWE-119 Improper Restriction of Operations within the Bounds of
-     a Memory Buffer
-
-    Buffer overflow when processing DNS Servers option in a DHCPv6
-    Advertise message
-
-    Change Overview:
-
-    Introduces a function to cache the Dns Server and perform sanitizing
-    on the incoming DnsServerLen to ensure that the length is valid
-
-    > + EFI_STATUS
-    > + PxeBcCacheDnsServerAddresses (
-    > +  IN PXEBC_PRIVATE_DATA        *Private,
-    > +  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-    > +  )
-
-    Additional code cleanup
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 71 +++++++++++++++++++++++++---
- 1 file changed, 65 insertions(+), 6 deletions(-)
-
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-index 425e0cf806..2b2d372889 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-@@ -3,6 +3,7 @@
- 
-   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-+  Copyright (c) Microsoft Corporation
- 
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
-@@ -1312,6 +1313,65 @@ PxeBcSelectDhcp6Offer (
-   }
- }
- 
-+/**
-+  Cache the DHCPv6 DNS Server addresses
-+
-+  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
-+  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
-+
-+  @retval    EFI_SUCCESS           Cache the DHCPv6 DNS Server address successfully.
-+  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval    EFI_DEVICE_ERROR      The DNS Server Address Length provided by a untrusted
-+                                   option is not a multiple of 16 bytes (sizeof (EFI_IPv6_ADDRESS)).
-+**/
-+EFI_STATUS
-+PxeBcCacheDnsServerAddresses (
-+  IN PXEBC_PRIVATE_DATA        *Private,
-+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-+  )
-+{
-+  UINT16  DnsServerLen;
-+
-+  DnsServerLen = NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen);
-+  //
-+  // Make sure that the number is nonzero
-+  //
-+  if (DnsServerLen == 0) {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  //
-+  // Make sure the DnsServerlen is a multiple of EFI_IPv6_ADDRESS (16)
-+  //
-+  if (DnsServerLen % sizeof (EFI_IPv6_ADDRESS) != 0) {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  //
-+  // This code is currently written to only support a single DNS Server instead
-+  // of multiple such as is spec defined (RFC3646, Section 3). The proper behavior
-+  // would be to allocate the full space requested, CopyMem all of the data,
-+  // and then add a DnsServerCount field to Private and update additional code
-+  // that depends on this.
-+  //
-+  // To support multiple DNS servers the `AllocationSize` would need to be changed to DnsServerLen
-+  //
-+  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
-+  //
-+  Private->DnsServer = AllocateZeroPool (sizeof (EFI_IPv6_ADDRESS));
-+  if (Private->DnsServer == NULL) {
-+    return EFI_OUT_OF_RESOURCES;
-+  }
-+
-+  //
-+  // Intentionally only copy over the first server address.
-+  // To support multiple DNS servers, the `Length` would need to be changed to DnsServerLen
-+  //
-+  CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
-+
-+  return EFI_SUCCESS;
-+}
-+
- /**
-   Handle the DHCPv6 offer packet.
- 
-@@ -1335,6 +1395,7 @@ PxeBcHandleDhcp6Offer (
-   UINT32                    SelectIndex;
-   UINT32                    Index;
- 
-+  ASSERT (Private != NULL);
-   ASSERT (Private->SelectIndex > 0);
-   SelectIndex = (UINT32)(Private->SelectIndex - 1);
-   ASSERT (SelectIndex < PXEBC_OFFER_MAX_NUM);
-@@ -1342,15 +1403,13 @@ PxeBcHandleDhcp6Offer (
-   Status = EFI_SUCCESS;
- 
-   //
--  // First try to cache DNS server address if DHCP6 offer provides.
-+  // First try to cache DNS server addresses if DHCP6 offer provides.
-   //
-   if (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] != NULL) {
--    Private->DnsServer = AllocateZeroPool (NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen));
--    if (Private->DnsServer == NULL) {
--      return EFI_OUT_OF_RESOURCES;
-+    Status = PxeBcCacheDnsServerAddresses (Private, Cache6);
-+    if (EFI_ERROR (Status)) {
-+      return Status;
-     }
--
--    CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
-   }
- 
-   if (Cache6->OfferType == PxeOfferTypeDhcpBinl) {
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch

@@ -1,511 +0,0 @@
-From fd1bc6ff10a45123b0ec7f9ae3354ad3713bc532 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 08/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [8/15] f88ebc7fa79ce4fe615dd79c42fedee0a0da7a0b
-
-JIRA: https://issues.redhat.com/browse/RHEL-21850
-CVE: CVE-2022-45234
-Upstream: Merged
-
-commit 458c582685fc0e8057d2511c5a0394078d988c17
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:53 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-
-    Unit tests to that the bug..
-
-    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise
-    message
-
-    ..has been patched
-
-    This contains tests for the following functions:
-    PxeBcHandleDhcp6Offer
-    PxeBcCacheDnsServerAddresses
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 300 ++++++++++++++++++
- .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  50 +++
- .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 ++
- .../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +++
- 5 files changed, 418 insertions(+)
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index ab7c2857b6..c8a991e5c1 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -26,6 +26,7 @@
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-new file mode 100644
-index 0000000000..8260eeee50
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-@@ -0,0 +1,300 @@
-+/** @file
-+  Host based unit test for PxeBcDhcp6.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include "../PxeBcImpl.h"
-+  #include "../PxeBcDhcp6.h"
-+  #include "PxeBcDhcp6GoogleTest.h"
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// Definitions
-+///////////////////////////////////////////////////////////////////////////////
-+
-+#define PACKET_SIZE  (1500)
-+
-+typedef struct {
-+  UINT16    OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)
-+  UINT16    OptionLen;    // The length of the option (e.g., 16 bytes)
-+  UINT8     ServerId[16]; // The 16-byte DHCPv6 Server Identifier
-+} DHCP6_OPTION_SERVER_ID;
-+
-+///////////////////////////////////////////////////////////////////////////////
-+/// Symbol Definitions
-+///////////////////////////////////////////////////////////////////////////////
-+
-+EFI_STATUS
-+MockUdpWrite (
-+  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
-+  IN UINT16                          OpFlags,
-+  IN EFI_IP_ADDRESS                  *DestIp,
-+  IN EFI_PXE_BASE_CODE_UDP_PORT      *DestPort,
-+  IN EFI_IP_ADDRESS                  *GatewayIp   OPTIONAL,
-+  IN EFI_IP_ADDRESS                  *SrcIp       OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
-+  IN UINTN                           *HeaderSize  OPTIONAL,
-+  IN VOID                            *HeaderPtr   OPTIONAL,
-+  IN UINTN                           *BufferSize,
-+  IN VOID                            *BufferPtr
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+MockUdpRead (
-+  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
-+  IN UINT16                          OpFlags,
-+  IN OUT EFI_IP_ADDRESS              *DestIp      OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *DestPort    OPTIONAL,
-+  IN OUT EFI_IP_ADDRESS              *SrcIp       OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
-+  IN UINTN                           *HeaderSize  OPTIONAL,
-+  IN VOID                            *HeaderPtr   OPTIONAL,
-+  IN OUT UINTN                       *BufferSize,
-+  IN VOID                            *BufferPtr
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+MockConfigure (
-+  IN EFI_UDP6_PROTOCOL     *This,
-+  IN EFI_UDP6_CONFIG_DATA  *UdpConfigData OPTIONAL
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+// Needed by PxeBcSupport
-+EFI_STATUS
-+EFIAPI
-+QueueDpc (
-+  IN EFI_TPL            DpcTpl,
-+  IN EFI_DPC_PROCEDURE  DpcProcedure,
-+  IN VOID               *DpcContext    OPTIONAL
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcHandleDhcp6OfferTest Tests
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcHandleDhcp6OfferTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+  EFI_PXE_BASE_CODE_MODE Mode = { 0 };
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_MODE
-+    Private.PxeBc.Mode = &Mode;
-+
-+    // for this test it doesn't really matter what the Dhcpv6 ack is set to
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Note:
-+// Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
-+// properly setup Private structure. Attempting to properly test this function
-+// without a signficant refactor is a fools errand. Instead, we will test
-+// that we can prevent an overflow in the function.
-+TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+
-+  Private.SelectIndex = 1; // SelectIndex is 1-based
-+  Cache6              = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
-+
-+  ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), EFI_DEVICE_ERROR);
-+}
-+
-+class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+  }
-+};
-+
-+// Test Description
-+// Test that we cache the DNS server address from the DHCPv6 offer packet
-+TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
-+  UINT8                     SearchPattern[16] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF };
-+  EFI_DHCP6_PACKET_OPTION   *Option;
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Option = (EFI_DHCP6_PACKET_OPTION *)AllocateZeroPool (sizeof (EFI_DHCP6_PACKET_OPTION) + sizeof (SearchPattern));
-+  ASSERT_NE (Option, nullptr);
-+
-+  Option->OpCode = DHCP6_OPT_SERVER_ID;
-+  Option->OpLen  = NTOHS (sizeof (SearchPattern));
-+  CopyMem (Option->Data, SearchPattern, sizeof (SearchPattern));
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = Option;
-+
-+  Private.DnsServer = nullptr;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
-+  ASSERT_NE (Private.DnsServer, nullptr);
-+  ASSERT_EQ (CompareMem (Private.DnsServer, SearchPattern, sizeof (SearchPattern)), 0);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+
-+  if (Option) {
-+    FreePool (Option);
-+  }
-+}
-+// Test Description
-+// Test that we can prevent an overflow in the function
-+TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
-+  ASSERT_EQ (Private.DnsServer, nullptr);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-+
-+// Test Description
-+// Test that we can prevent an underflow in the function
-+TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptUnderflowTest) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (2);
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
-+  ASSERT_EQ (Private.DnsServer, nullptr);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-+
-+// Test Description
-+// Test that we can handle recursive dns (multiple dns entries)
-+TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+
-+  EFI_IPv6_ADDRESS  addresses[2] = {
-+    // 2001:db8:85a3::8a2e:370:7334
-+    { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x00, 0x00, 0x00, 0x00, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34 },
-+    // fe80::d478:91c3:ecd7:4ff9
-+    { 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd4, 0x78, 0x91, 0xc3, 0xec, 0xd7, 0x4f, 0xf9 }
-+  };
-+
-+  CopyMem (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, &addresses, sizeof (addresses));
-+
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen = NTOHS (sizeof (addresses));
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
-+
-+  ASSERT_NE (Private.DnsServer, nullptr);
-+
-+  //
-+  // This is expected to fail until DnsServer supports multiple DNS servers
-+  //
-+  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
-+  //
-+  // Disabling:
-+  // ASSERT_EQ (CompareMem(Private.DnsServer, &addresses, sizeof(addresses)), 0);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-new file mode 100644
-index 0000000000..b17c314791
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-@@ -0,0 +1,50 @@
-+/** @file
-+  This file exposes the internal interfaces which may be unit tested
-+  for the PxeBcDhcp6Dxe driver.
-+
-+  Copyright (c) Microsoft Corporation.<BR>
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#ifndef PXE_BC_DHCP6_GOOGLE_TEST_H_
-+#define PXE_BC_DHCP6_GOOGLE_TEST_H_
-+
-+//
-+// Minimal includes needed to compile
-+//
-+#include <Uefi.h>
-+#include "../PxeBcImpl.h"
-+
-+/**
-+  Handle the DHCPv6 offer packet.
-+
-+  @param[in]  Private             The pointer to PXEBC_PRIVATE_DATA.
-+
-+  @retval     EFI_SUCCESS           Handled the DHCPv6 offer packet successfully.
-+  @retval     EFI_NO_RESPONSE       No response to the following request packet.
-+  @retval     EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval     EFI_BUFFER_TOO_SMALL  Can't cache the offer pacet.
-+
-+**/
-+EFI_STATUS
-+PxeBcHandleDhcp6Offer (
-+  IN PXEBC_PRIVATE_DATA  *Private
-+  );
-+
-+/**
-+  Cache the DHCPv6 Server address
-+
-+  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
-+  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
-+
-+  @retval    EFI_SUCCESS           Cache the DHCPv6 Server address successfully.
-+  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval    EFI_DEVICE_ERROR      Failed to cache the DHCPv6 Server address.
-+**/
-+EFI_STATUS
-+PxeBcCacheDnsServerAddresses (
-+  IN PXEBC_PRIVATE_DATA        *Private,
-+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-+  );
-+
-+#endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..cc4fdf525b
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
-@@ -0,0 +1,19 @@
-+/** @file
-+  Acts as the main entry point for the tests for the UefiPxeBcDxe module.
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-new file mode 100644
-index 0000000000..301dcdf611
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-@@ -0,0 +1,48 @@
-+## @file
-+# Unit test suite for the UefiPxeBcDxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+INF_VERSION    = 0x00010005
-+BASE_NAME      = UefiPxeBcDxeGoogleTest
-+FILE_GUID      = 77D45C64-EC1E-4174-887B-886E89FD1EDF
-+MODULE_TYPE    = HOST_APPLICATION
-+VERSION_STRING = 1.0
-+
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64
-+#
-+
-+[Sources]
-+  UefiPxeBcDxeGoogleTest.cpp
-+  PxeBcDhcp6GoogleTest.cpp
-+  PxeBcDhcp6GoogleTest.h
-+  ../PxeBcDhcp6.c
-+  ../PxeBcSupport.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+  gEfiDns6ServiceBindingProtocolGuid
-+  gEfiDns6ProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch

@@ -1,257 +0,0 @@
-From 0016db53099ba979617f376fe1104fefada4fa29 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 09/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [9/15] c48c060b87761537ee526e1f8a9e5993eb1a0381
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit fac297724e6cc343430cd0104e55cd7a96d1151e
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:55 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-
-    Bug Details:
-    PixieFail Bug #7
-    CVE-2023-45235
-    CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
-    CWE-119 Improper Restriction of Operations within the Bounds of
-     a Memory Buffer
-
-    Buffer overflow when handling Server ID option from a DHCPv6 proxy
-    Advertise message
-
-    Change Overview:
-
-    Performs two checks
-
-    1. Checks that the length of the duid is accurate
-    > + //
-    > + // Check that the minimum and maximum requirements are met
-    > + //
-    > + if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) ||
-    (OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
-    > +  Status = EFI_INVALID_PARAMETER;
-    > +  goto ON_ERROR;
-    > + }
-
-    2. Ensures that the amount of data written to the buffer is tracked and
-    never exceeds that
-    > + //
-    > + // Check that the option length is valid.
-    > + //
-    > + if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN)
-     > DiscoverLenNeeded) {
-    > +     Status = EFI_OUT_OF_RESOURCES;
-    > +     goto ON_ERROR;
-    > + }
-
-    Additional code clean up and fix for memory leak in case Option was NULL
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 77 ++++++++++++++++++++++------
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 ++++++
- 2 files changed, 78 insertions(+), 16 deletions(-)
-
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-index 2b2d372889..7fd1281c11 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-@@ -887,6 +887,7 @@ PxeBcRequestBootService (
-   EFI_STATUS                       Status;
-   EFI_DHCP6_PACKET                 *IndexOffer;
-   UINT8                            *Option;
-+  UINTN                            DiscoverLenNeeded;
- 
-   PxeBc      = &Private->PxeBc;
-   Request    = Private->Dhcp6Request;
-@@ -899,7 +900,8 @@ PxeBcRequestBootService (
-     return EFI_DEVICE_ERROR;
-   }
- 
--  Discover = AllocateZeroPool (sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
-+  DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
-+  Discover          = AllocateZeroPool (DiscoverLenNeeded);
-   if (Discover == NULL) {
-     return EFI_OUT_OF_RESOURCES;
-   }
-@@ -924,16 +926,34 @@ PxeBcRequestBootService (
-                DHCP6_OPT_SERVER_ID
-                );
-     if (Option == NULL) {
--      return EFI_NOT_FOUND;
-+      Status = EFI_NOT_FOUND;
-+      goto ON_ERROR;
-     }
- 
-     //
-     // Add Server ID Option.
-     //
-     OpLen = NTOHS (((EFI_DHCP6_PACKET_OPTION *)Option)->OpLen);
--    CopyMem (DiscoverOpt, Option, OpLen + 4);
--    DiscoverOpt += (OpLen + 4);
--    DiscoverLen += (OpLen + 4);
-+
-+    //
-+    // Check that the minimum and maximum requirements are met
-+    //
-+    if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) || (OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
-+      Status = EFI_INVALID_PARAMETER;
-+      goto ON_ERROR;
-+    }
-+
-+    //
-+    // Check that the option length is valid.
-+    //
-+    if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN) > DiscoverLenNeeded) {
-+      Status = EFI_OUT_OF_RESOURCES;
-+      goto ON_ERROR;
-+    }
-+
-+    CopyMem (DiscoverOpt, Option, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   while (RequestLen < Request->Length) {
-@@ -944,16 +964,24 @@ PxeBcRequestBootService (
-         (OpCode != DHCP6_OPT_SERVER_ID)
-         )
-     {
-+      //
-+      // Check that the option length is valid.
-+      //
-+      if (DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN > DiscoverLenNeeded) {
-+        Status = EFI_OUT_OF_RESOURCES;
-+        goto ON_ERROR;
-+      }
-+
-       //
-       // Copy all the options except IA option and Server ID
-       //
--      CopyMem (DiscoverOpt, RequestOpt, OpLen + 4);
--      DiscoverOpt += (OpLen + 4);
--      DiscoverLen += (OpLen + 4);
-+      CopyMem (DiscoverOpt, RequestOpt, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-     }
- 
--    RequestOpt += (OpLen + 4);
--    RequestLen += (OpLen + 4);
-+    RequestOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    RequestLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   //
-@@ -2154,6 +2182,7 @@ PxeBcDhcp6Discover (
-   UINT16                           OpLen;
-   UINT32                           Xid;
-   EFI_STATUS                       Status;
-+  UINTN                            DiscoverLenNeeded;
- 
-   PxeBc    = &Private->PxeBc;
-   Mode     = PxeBc->Mode;
-@@ -2169,7 +2198,8 @@ PxeBcDhcp6Discover (
-     return EFI_DEVICE_ERROR;
-   }
- 
--  Discover = AllocateZeroPool (sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
-+  DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
-+  Discover          = AllocateZeroPool (DiscoverLenNeeded);
-   if (Discover == NULL) {
-     return EFI_OUT_OF_RESOURCES;
-   }
-@@ -2185,22 +2215,37 @@ PxeBcDhcp6Discover (
-   DiscoverLen             = sizeof (EFI_DHCP6_HEADER);
-   RequestLen              = DiscoverLen;
- 
-+  //
-+  // The request packet is generated by the UEFI network stack. In the DHCP4 DORA and DHCP6 SARR sequence,
-+  // the first (discover in DHCP4 and solicit in DHCP6) and third (request in both DHCP4 and DHCP6) are
-+  // generated by the DHCP client (the UEFI network stack in this case). By the time this function executes,
-+  // the DHCP sequence already has been executed once (see UEFI Specification Figures 24.2 and 24.3), with
-+  // Private->Dhcp6Request being a cached copy of the DHCP6 request packet that UEFI network stack previously
-+  // generated and sent.
-+  //
-+  // Therefore while this code looks like it could overflow, in practice it's not possible.
-+  //
-   while (RequestLen < Request->Length) {
-     OpCode = NTOHS (((EFI_DHCP6_PACKET_OPTION *)RequestOpt)->OpCode);
-     OpLen  = NTOHS (((EFI_DHCP6_PACKET_OPTION *)RequestOpt)->OpLen);
-     if ((OpCode != EFI_DHCP6_IA_TYPE_NA) &&
-         (OpCode != EFI_DHCP6_IA_TYPE_TA))
-     {
-+      if (DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN > DiscoverLenNeeded) {
-+        Status = EFI_OUT_OF_RESOURCES;
-+        goto ON_ERROR;
-+      }
-+
-       //
-       // Copy all the options except IA option.
-       //
--      CopyMem (DiscoverOpt, RequestOpt, OpLen + 4);
--      DiscoverOpt += (OpLen + 4);
--      DiscoverLen += (OpLen + 4);
-+      CopyMem (DiscoverOpt, RequestOpt, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-     }
- 
--    RequestOpt += (OpLen + 4);
--    RequestLen += (OpLen + 4);
-+    RequestOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    RequestLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   Status = PxeBc->UdpWrite (
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-index ae4be775e8..47eb8cc0c0 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-@@ -35,6 +35,23 @@
- #define PXEBC_ADDR_START_DELIMITER        '['
- #define PXEBC_ADDR_END_DELIMITER          ']'
- 
-+//
-+// A DUID consists of a 2-octet type code represented in network byte
-+// order, followed by a variable number of octets that make up the
-+// actual identifier.  The length of the DUID (not including the type
-+// code) is at least 1 octet and at most 128 octets.
-+//
-+#define PXEBC_MIN_SIZE_OF_DUID  (sizeof(UINT16) + 1)
-+#define PXEBC_MAX_SIZE_OF_DUID  (sizeof(UINT16) + 128)
-+
-+//
-+// This define represents the combineds code and length field from
-+// https://datatracker.ietf.org/doc/html/rfc3315#section-22.1
-+//
-+#define PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN  \
-+      (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpCode) + \
-+      sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpLen))
-+
- #define GET_NEXT_DHCP6_OPTION(Opt) \
-   (EFI_DHCP6_PACKET_OPTION *) ((UINT8 *) (Opt) + \
-   sizeof (EFI_DHCP6_PACKET_OPTION) + (NTOHS ((Opt)->OpLen)) - 1)
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch

@@ -1,409 +0,0 @@
-From 80b34c0f56228353c174f9ff739d0755c62d76cf Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 10/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [10/15] 5dbf3f771506ff9a0c28827c568d04e825572658
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit ff2986358f75d8f58ef08a66fe673539c9c48f41
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:56 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-
-    Unit tests to confirm that the bug..
-
-    Buffer overflow when handling Server ID option from a DHCPv6 proxy
-    Advertise message
-
-    ..has been patched.
-
-    This patch contains unit tests for the following functions:
-    PxeBcRequestBootService
-    PxeBcDhcp6Discover
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   5 +-
- .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 278 +++++++++++++++++-
- .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  18 ++
- 3 files changed, 298 insertions(+), 3 deletions(-)
-
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index c8a991e5c1..1010a80a15 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -26,7 +26,10 @@
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
--  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
-+    <LibraryClasses>
-+      UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
-+  }
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-index 8260eeee50..bd423ebadf 100644
---- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-@@ -4,7 +4,9 @@
-   Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- **/
--#include <gtest/gtest.h>
-+#include <Library/GoogleTestLib.h>
-+#include <GoogleTest/Library/MockUefiLib.h>
-+#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
- 
- extern "C" {
-   #include <Uefi.h>
-@@ -19,7 +21,8 @@ extern "C" {
- // Definitions
- ///////////////////////////////////////////////////////////////////////////////
- 
--#define PACKET_SIZE  (1500)
-+#define PACKET_SIZE            (1500)
-+#define REQUEST_OPTION_LENGTH  (120)
- 
- typedef struct {
-   UINT16    OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)
-@@ -76,6 +79,26 @@ MockConfigure (
- }
- 
- // Needed by PxeBcSupport
-+EFI_STATUS
-+PxeBcDns6 (
-+  IN PXEBC_PRIVATE_DATA  *Private,
-+  IN     CHAR16          *HostName,
-+  OUT EFI_IPv6_ADDRESS   *IpAddress
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+UINT32
-+PxeBcBuildDhcp6Options (
-+  IN  PXEBC_PRIVATE_DATA       *Private,
-+  OUT EFI_DHCP6_PACKET_OPTION  **OptList,
-+  IN  UINT8                    *Buffer
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
- EFI_STATUS
- EFIAPI
- QueueDpc (
-@@ -159,6 +182,10 @@ TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
-   ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), EFI_DEVICE_ERROR);
- }
- 
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcCacheDnsServerAddresses Tests
-+///////////////////////////////////////////////////////////////////////////////
-+
- class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
- public:
-   PXEBC_PRIVATE_DATA Private = { 0 };
-@@ -298,3 +325,250 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
-     FreePool (Private.DnsServer);
-   }
- }
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcRequestBootServiceTest Test Cases
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcRequestBootServiceTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+TEST_F (PxeBcRequestBootServiceTest, ServerDiscoverBasicUsageTest) {
-+  PxeBcRequestBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType = PxeOfferTypeProxyBinl;
-+
-+  DHCP6_OPTION_SERVER_ID  Server = { 0 };
-+
-+  Server.OptionCode =  HTONS (DHCP6_OPT_SERVER_ID);
-+  Server.OptionLen  = HTONS (16); // valid length
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dhcp6.Packet.Offer;
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &Server, sizeof (Server));
-+  Cursor += sizeof (Server);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_SUCCESS);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, AttemptDiscoverOverFlowExpectFailure) {
-+  PxeBcRequestBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType = PxeOfferTypeProxyBinl;
-+
-+  DHCP6_OPTION_SERVER_ID  Server = { 0 };
-+
-+  Server.OptionCode =  HTONS (DHCP6_OPT_SERVER_ID);
-+  Server.OptionLen  = HTONS (1500); // This length would overflow without a check
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dhcp6.Packet.Offer;
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &Server, sizeof (Server));
-+  Cursor += sizeof (Server);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  // This is going to be stopped by the duid overflow check
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_INVALID_PARAMETER);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, RequestBasicUsageTest) {
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = 0; // valid length
-+
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_SUCCESS);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) {
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = 1500; // this length would overflow without a check
-+
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_OUT_OF_RESOURCES);
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcDhcp6Discover Test
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcDhcp6DiscoverTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+
-+protected:
-+  MockUefiRuntimeServicesTableLib RtServicesMock;
-+
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description
-+// This will cause an overflow by an untrusted packet during the option parsing
-+TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
-+  EFI_IPv6_ADDRESS         DestIp     = { 0 };
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = HTONS (0xFFFF); // overflow
-+
-+  UINT8  *Cursor = (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
-+
-+  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-+    .WillOnce (::testing::Return (0));
-+
-+  ASSERT_EQ (
-+    PxeBcDhcp6Discover (
-+      &(PxeBcDhcp6DiscoverTest::Private),
-+      0,
-+      NULL,
-+      FALSE,
-+      (EFI_IP_ADDRESS *)&DestIp
-+      ),
-+    EFI_OUT_OF_RESOURCES
-+    );
-+}
-+
-+// Test Description
-+// This will test that we can handle a packet with a valid option length
-+TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
-+  EFI_IPv6_ADDRESS         DestIp     = { 0 };
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = HTONS (0x30);
-+
-+  UINT8  *Cursor = (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
-+
-+  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-+    .WillOnce (::testing::Return (0));
-+
-+  ASSERT_EQ (
-+    PxeBcDhcp6Discover (
-+      &(PxeBcDhcp6DiscoverTest::Private),
-+      0,
-+      NULL,
-+      FALSE,
-+      (EFI_IP_ADDRESS *)&DestIp
-+      ),
-+    EFI_SUCCESS
-+    );
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-index b17c314791..0d825e4425 100644
---- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-@@ -47,4 +47,22 @@ PxeBcCacheDnsServerAddresses (
-   IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-   );
- 
-+/**
-+  Build and send out the request packet for the bootfile, and parse the reply.
-+
-+  @param[in]  Private               The pointer to PxeBc private data.
-+  @param[in]  Index                 PxeBc option boot item type.
-+
-+  @retval     EFI_SUCCESS           Successfully discovered the boot file.
-+  @retval     EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval     EFI_NOT_FOUND         Can't get the PXE reply packet.
-+  @retval     Others                Failed to discover the boot file.
-+
-+**/
-+EFI_STATUS
-+PxeBcRequestBootService (
-+  IN  PXEBC_PRIVATE_DATA  *Private,
-+  IN  UINT32              Index
-+  );
-+
- #endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
--- 
-2.39.3
-

SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch

@@ -1,50 +0,0 @@
-From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001
-From: Dov Murik <dovmurik@linux.ibm.com>
-Date: Tue, 4 Jan 2022 15:16:40 +0800
-Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
- reserved
-
-RH-Author: Pawel Polawski <None>
-RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
-RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2)
-RH-Bugzilla: 2041754
-RH-Acked-by: Oliver Steffen <None>
-
-Mark the SEV launch secret MEMFD area as reserved, which will allow the
-guest OS to use it during the lifetime of the OS, without creating
-copies of the sensitive content.
-
-Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
-Cc: Jordan Justen <jordan.l.justen@intel.com>
-Cc: Gerd Hoffmann <kraxel@redhat.com>
-Cc: Brijesh Singh <brijesh.singh@amd.com>
-Cc: Erdem Aktas <erdemaktas@google.com>
-Cc: James Bottomley <jejb@linux.ibm.com>
-Cc: Jiewen Yao <jiewen.yao@intel.com>
-Cc: Min Xu <min.m.xu@intel.com>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
-Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
-Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
----
- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-index db94c26b54..6bf1a55dea 100644
---- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-@@ -19,7 +19,7 @@ InitializeSecretPei (
-   BuildMemoryAllocationHob (
-     PcdGet32 (PcdSevLaunchSecretBase),
-     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
--    EfiBootServicesData
-+    EfiReservedMemoryType
-     );
- 
-   return EFI_SUCCESS;
--- 
-2.27.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch

@@ -1,47 +0,0 @@
-From f2aeff31924f6d070d7f8b87550dc6d9820531ad Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:04 +0100
-Subject: [PATCH 15/18] OvmfPkg/VirtNorFlashDxe: ValidateFvHeader: unwritten
- state is EOL too
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [17/20] 37220c700ea816c815e0612031e10b7d466b71a2
-
-It is possible to find variable entries with State being 0xff, i.e. not
-updated since flash block erase.   This indicates the variable driver
-could not complete the header write while appending a new entry, and
-therefore State was not set to VAR_HEADER_VALID_ONLY.
-
-This can only happen at the end of the variable list, so treat this as
-additional "end of variable list" condition.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-6-kraxel@redhat.com>
-(cherry picked from commit 735d0a5e2e25c1577bf9bea7826da937ca38169d)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-index acc4a413ee..f8e71f88c1 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-@@ -302,6 +302,11 @@ ValidateFvHeader (
-       break;
-     }
- 
-+    if (VarHeader->State == 0xff) {
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (unwritten state)\n", __func__));
-+      break;
-+    }
-+
-     VarName = NULL;
-     switch (VarHeader->State) {
-       // usage: State = VAR_HEADER_VALID_ONLY
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch

@@ -1,73 +0,0 @@
-From 00d9e2d6cb03afeef5a1110d6f1fae1389a06f7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:02 +0100
-Subject: [PATCH 13/18] OvmfPkg/VirtNorFlashDxe: add a loop for
- NorFlashWriteBuffer calls.
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [15/20] 72004a196ea61d627ab528573db657dd7db16de2
-
-Replace the two NorFlashWriteBuffer() calls with a loop containing a
-single NorFlashWriteBuffer() call.
-
-With the changes in place the code is able to handle updates larger
-than two P30_MAX_BUFFER_SIZE_IN_BYTES blocks, even though the patch
-does not actually change the size limit.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-4-kraxel@redhat.com>
-(cherry picked from commit 28ffd726894f11a587a6ac7f71a4c4af341e24d2)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 21 ++++++++-------------
- 1 file changed, 8 insertions(+), 13 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 88a4d2c23f..3d1343b381 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -521,6 +521,7 @@ NorFlashWriteSingleBlock (
-   UINTN       BlockAddress;
-   UINT8       *OrigData;
-   UINTN       Start, End;
-+  UINT32      Index, Count;
- 
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer));
- 
-@@ -621,23 +622,17 @@ NorFlashWriteSingleBlock (
-       goto Exit;
-     }
- 
--    Status = NorFlashWriteBuffer (
--               Instance,
--               BlockAddress + Start,
--               P30_MAX_BUFFER_SIZE_IN_BYTES,
--               Instance->ShadowBuffer
--               );
--    if (EFI_ERROR (Status)) {
--      goto Exit;
--    }
--
--    if ((End - Start) > P30_MAX_BUFFER_SIZE_IN_BYTES) {
-+    Count = (End - Start) / P30_MAX_BUFFER_SIZE_IN_BYTES;
-+    for (Index = 0; Index < Count; Index++) {
-       Status = NorFlashWriteBuffer (
-                  Instance,
--                 BlockAddress + Start + P30_MAX_BUFFER_SIZE_IN_BYTES,
-+                 BlockAddress + Start + Index * P30_MAX_BUFFER_SIZE_IN_BYTES,
-                  P30_MAX_BUFFER_SIZE_IN_BYTES,
--                 Instance->ShadowBuffer + P30_MAX_BUFFER_SIZE_IN_BYTES
-+                 Instance->ShadowBuffer + Index * P30_MAX_BUFFER_SIZE_IN_BYTES
-                  );
-+      if (EFI_ERROR (Status)) {
-+        goto Exit;
-+      }
-     }
- 
- Exit:
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-casts-to-UINTN-and-UINT3.patch

@@ -1,55 +0,0 @@
-From e8150ee7fdf1421d2e2801c901e0196496ef599e Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:00 +0100
-Subject: [PATCH 11/18] OvmfPkg/VirtNorFlashDxe: add casts to UINTN and UINT32
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [13/20] fa695acadb9d693242b5221d2bc1958b929718e7
-
-This is needed to avoid bit operations being applied to signed integers.
-
-Suggested-by: László Érsek <lersek@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-2-kraxel@redhat.com>
-(cherry picked from commit 0395045ae307c43a41f72ca9a8bf4eb8f16b2fe0)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 2 +-
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 1afd60ce66..7f4743b003 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -581,7 +581,7 @@ NorFlashWriteSingleBlock (
-     // contents, while checking whether the old version had any bits cleared
-     // that we want to set. In that case, we will need to erase the block first.
-     for (CurOffset = 0; CurOffset < *NumBytes; CurOffset++) {
--      if (~OrigData[CurOffset] & Buffer[CurOffset]) {
-+      if (~(UINT32)OrigData[CurOffset] & (UINT32)Buffer[CurOffset]) {
-         goto DoErase;
-       }
- 
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-index b7f5d208b2..455eafacc2 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-@@ -61,7 +61,7 @@
- #define P30_MAX_BUFFER_SIZE_IN_BYTES  ((UINTN)128)
- #define P30_MAX_BUFFER_SIZE_IN_WORDS  (P30_MAX_BUFFER_SIZE_IN_BYTES/((UINTN)4))
- #define MAX_BUFFERED_PROG_ITERATIONS  10000000
--#define BOUNDARY_OF_32_WORDS          0x7F
-+#define BOUNDARY_OF_32_WORDS          ((UINTN)0x7F)
- 
- // CFI Addresses
- #define P30_CFI_ADDR_QUERY_UNIQUE_QRY  0x10
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-allow-larger-writes-without-.patch

@@ -1,65 +0,0 @@
-From 0193a89b0db837da31301bc1edb8382927842978 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:03 +0100
-Subject: [PATCH 14/18] OvmfPkg/VirtNorFlashDxe: allow larger writes without
- block erase
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [16/20] 27ac63b90eb5e6fdc00cbc5a9105c3178ee559cd
-
-Raise the limit for writes without block erase from two to four
-P30_MAX_BUFFER_SIZE_IN_BYTES blocks.  With this in place almost all efi
-variable updates are handled without block erase.  With the old limit
-some variable updates (with device paths) took the block erase code
-path.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-5-kraxel@redhat.com>
-(cherry picked from commit b25733c97442513890ae6bb8e10fd340f13844a7)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 3d1343b381..3d1d20daa1 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -550,13 +550,15 @@ NorFlashWriteSingleBlock (
-     return EFI_BAD_BUFFER_SIZE;
-   }
- 
--  // Pick P30_MAX_BUFFER_SIZE_IN_BYTES (== 128 bytes) as a good start for word
--  // operations as opposed to erasing the block and writing the data regardless
--  // if an erase is really needed.  It looks like most individual NV variable
--  // writes are smaller than 128 bytes.
--  // To avoid pathological cases were a 2 byte write is disregarded because it
--  // occurs right at a 128 byte buffered write alignment boundary, permit up to
--  // twice the max buffer size, and perform two writes if needed.
-+  // Pick 4 * P30_MAX_BUFFER_SIZE_IN_BYTES (== 512 bytes) as a good
-+  // start for word operations as opposed to erasing the block and
-+  // writing the data regardless if an erase is really needed.
-+  //
-+  // Many NV variable updates are small enough for a a single
-+  // P30_MAX_BUFFER_SIZE_IN_BYTES block write.  In case the update is
-+  // larger than a single block, or the update crosses a
-+  // P30_MAX_BUFFER_SIZE_IN_BYTES boundary (as shown in the diagram
-+  // below), or both, we might have to write two or more blocks.
-   //
-   //    0               128              256
-   //    [----------------|----------------]
-@@ -578,7 +580,7 @@ NorFlashWriteSingleBlock (
-   Start = Offset & ~BOUNDARY_OF_32_WORDS;
-   End   = ALIGN_VALUE (Offset + *NumBytes, P30_MAX_BUFFER_SIZE_IN_BYTES);
- 
--  if ((End - Start) <= (2 * P30_MAX_BUFFER_SIZE_IN_BYTES)) {
-+  if ((End - Start) <= (4 * P30_MAX_BUFFER_SIZE_IN_BYTES)) {
-     // Check to see if we need to erase before programming the data into NOR.
-     // If the destination bits are only changing from 1s to 0s we can just write.
-     // After a block is erased all bits in the block is set to 1.
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-array-mode-switch-afte.patch

@@ -1,89 +0,0 @@
-From 20ba071dabad6b0f5663083a017799b7a6e684c5 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 17:34:09 +0200
-Subject: [PATCH 05/18] OvmfPkg/VirtNorFlashDxe: avoid array mode switch after
- each word write
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [7/20] 274f2ed71a6d5d3f6497129ee3c62f494cc2f067
-
-NorFlashWriteSingleWord() switches into programming mode and back into
-array mode for every single word that it writes. Under KVM, this
-involves tearing down the read-only memslot, and setting it up again,
-which is costly and unnecessary.
-
-Instead, move the array mode switch into the callers, and only make the
-switch when the writing is done.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit ca01e6216a8d1a26c69018e216d1dc3f88a819a4)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c    | 12 +++---------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c |  3 +++
- 2 files changed, 6 insertions(+), 9 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index f41d9d372f..0a5c5d48c7 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -205,9 +205,6 @@ NorFlashWriteSingleWord (
-     SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_CLEAR_STATUS_REGISTER);
-   }
- 
--  // Put device back into Read Array mode
--  SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
--
-   return Status;
- }
- 
-@@ -286,8 +283,7 @@ NorFlashWriteBuffer (
- 
-   // The buffer was not available for writing
-   if (WaitForBuffer == 0) {
--    Status = EFI_DEVICE_ERROR;
--    goto EXIT;
-+    return EFI_DEVICE_ERROR;
-   }
- 
-   // From now on we work in 32-bit words
-@@ -337,10 +333,6 @@ NorFlashWriteBuffer (
-     SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_CLEAR_STATUS_REGISTER);
-   }
- 
--EXIT:
--  // Put device back into Read Array mode
--  SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
--
-   return Status;
- }
- 
-@@ -739,6 +731,8 @@ NorFlashWriteSingleBlock (
-       }
- 
-       TempStatus = NorFlashWriteSingleWord (Instance, WordAddr, WordToWrite);
-+      // Put device back into Read Array mode
-+      SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
-       if (EFI_ERROR (TempStatus)) {
-         return EFI_DEVICE_ERROR;
-       }
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-index 2ceda22635..f9a41f6aab 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-@@ -280,6 +280,9 @@ NorFlashWriteFullBlock (
-   }
- 
- EXIT:
-+  // Put device back into Read Array mode
-+  SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
-+
-   if (!EfiAtRuntime ()) {
-     // Interruptions can resume.
-     gBS->RestoreTPL (OriginalTPL);
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-avoid-switching-between-mode.patch

@@ -1,303 +0,0 @@
-From 67e26db39c0ec90c164634251da761f649546529 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 17:58:07 +0200
-Subject: [PATCH 06/18] OvmfPkg/VirtNorFlashDxe: avoid switching between modes
- in a tight loop
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [8/20] 4923b0fb1586d7955be466b90dce5f790da704ff
-
-Currently, when dealing with small updates that can be written out
-directly (i.e., if they only involve clearing bits and not setting bits,
-as the latter requires a block level erase), we iterate over the data
-one word at a time, read the old value, compare it, write the new value,
-and repeat, unless we encountered a value that we cannot write (0->1
-transition), in which case we fall back to a block level operation.
-
-This is inefficient for two reasons:
-- reading and writing a word at a time involves switching between array
-and programming mode for every word of data, which is
-disproportionately costly when running under KVM;
-- we end up writing some data twice, as we may not notice that a block
-erase is needed until after some data has been written to flash.
-
-So replace this sequence with a single read of up to twice the buffered
-write maximum size, followed by one or two buffered writes if the data
-can be written directly. Otherwise, fall back to the existing block
-level sequence, but without writing out part of the data twice.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 25589c4a76e7e3668fd6f794dd1827e958b6719c)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 214 +++++++++----------------
- 1 file changed, 76 insertions(+), 138 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 0a5c5d48c7..0343131a54 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -576,23 +576,20 @@ NorFlashWriteSingleBlock (
-   IN        UINT8               *Buffer
-   )
- {
--  EFI_STATUS  TempStatus;
--  UINT32      Tmp;
--  UINT32      TmpBuf;
--  UINT32      WordToWrite;
--  UINT32      Mask;
--  BOOLEAN     DoErase;
--  UINTN       BytesToWrite;
-+  EFI_STATUS  Status;
-   UINTN       CurOffset;
--  UINTN       WordAddr;
-   UINTN       BlockSize;
-   UINTN       BlockAddress;
--  UINTN       PrevBlockAddress;
--
--  PrevBlockAddress = 0;
-+  UINT8       *OrigData;
- 
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer));
- 
-+  // Check we did get some memory. Buffer is BlockSize.
-+  if (Instance->ShadowBuffer == NULL) {
-+    DEBUG ((DEBUG_ERROR, "FvbWrite: ERROR - Buffer not ready\n"));
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-   // Cache the block size to avoid de-referencing pointers all the time
-   BlockSize = Instance->BlockSize;
- 
-@@ -612,148 +609,89 @@ NorFlashWriteSingleBlock (
-     return EFI_BAD_BUFFER_SIZE;
-   }
- 
--  // Pick 128bytes as a good start for word operations as opposed to erasing the
--  // block and writing the data regardless if an erase is really needed.
--  // It looks like most individual NV variable writes are smaller than 128bytes.
--  if (*NumBytes <= 128) {
-+  // Pick P30_MAX_BUFFER_SIZE_IN_BYTES (== 128 bytes) as a good start for word
-+  // operations as opposed to erasing the block and writing the data regardless
-+  // if an erase is really needed.  It looks like most individual NV variable
-+  // writes are smaller than 128 bytes.
-+  // To avoid pathological cases were a 2 byte write is disregarded because it
-+  // occurs right at a 128 byte buffered write alignment boundary, permit up to
-+  // twice the max buffer size, and perform two writes if needed.
-+  if ((*NumBytes + (Offset & BOUNDARY_OF_32_WORDS)) <= (2 * P30_MAX_BUFFER_SIZE_IN_BYTES)) {
-     // Check to see if we need to erase before programming the data into NOR.
-     // If the destination bits are only changing from 1s to 0s we can just write.
-     // After a block is erased all bits in the block is set to 1.
-     // If any byte requires us to erase we just give up and rewrite all of it.
--    DoErase      = FALSE;
--    BytesToWrite = *NumBytes;
--    CurOffset    = Offset;
--
--    while (BytesToWrite > 0) {
--      // Read full word from NOR, splice as required. A word is the smallest
--      // unit we can write.
--      TempStatus = NorFlashRead (Instance, Lba, CurOffset & ~(0x3), sizeof (Tmp), &Tmp);
--      if (EFI_ERROR (TempStatus)) {
--        return EFI_DEVICE_ERROR;
--      }
- 
--      // Physical address of word in NOR to write.
--      WordAddr = (CurOffset & ~(0x3)) + GET_NOR_BLOCK_ADDRESS (
--                                          Instance->RegionBaseAddress,
--                                          Lba,
--                                          BlockSize
--                                          );
--      // The word of data that is to be written.
--      TmpBuf = *((UINT32 *)(Buffer + (*NumBytes - BytesToWrite)));
--
--      // First do word aligned chunks.
--      if ((CurOffset & 0x3) == 0) {
--        if (BytesToWrite >= 4) {
--          // Is the destination still in 'erased' state?
--          if (~Tmp != 0) {
--            // Check to see if we are only changing bits to zero.
--            if ((Tmp ^ TmpBuf) & TmpBuf) {
--              DoErase = TRUE;
--              break;
--            }
--          }
--
--          // Write this word to NOR
--          WordToWrite   = TmpBuf;
--          CurOffset    += sizeof (TmpBuf);
--          BytesToWrite -= sizeof (TmpBuf);
--        } else {
--          // BytesToWrite < 4. Do small writes and left-overs
--          Mask = ~((~0) << (BytesToWrite * 8));
--          // Mask out the bytes we want.
--          TmpBuf &= Mask;
--          // Is the destination still in 'erased' state?
--          if ((Tmp & Mask) != Mask) {
--            // Check to see if we are only changing bits to zero.
--            if ((Tmp ^ TmpBuf) & TmpBuf) {
--              DoErase = TRUE;
--              break;
--            }
--          }
--
--          // Merge old and new data. Write merged word to NOR
--          WordToWrite  = (Tmp & ~Mask) | TmpBuf;
--          CurOffset   += BytesToWrite;
--          BytesToWrite = 0;
--        }
--      } else {
--        // Do multiple words, but starting unaligned.
--        if (BytesToWrite > (4 - (CurOffset & 0x3))) {
--          Mask = ((~0) << ((CurOffset & 0x3) * 8));
--          // Mask out the bytes we want.
--          TmpBuf &= Mask;
--          // Is the destination still in 'erased' state?
--          if ((Tmp & Mask) != Mask) {
--            // Check to see if we are only changing bits to zero.
--            if ((Tmp ^ TmpBuf) & TmpBuf) {
--              DoErase = TRUE;
--              break;
--            }
--          }
--
--          // Merge old and new data. Write merged word to NOR
--          WordToWrite   = (Tmp & ~Mask) | TmpBuf;
--          BytesToWrite -= (4 - (CurOffset & 0x3));
--          CurOffset    += (4 - (CurOffset & 0x3));
--        } else {
--          // Unaligned and fits in one word.
--          Mask = (~((~0) << (BytesToWrite * 8))) << ((CurOffset & 0x3) * 8);
--          // Mask out the bytes we want.
--          TmpBuf = (TmpBuf << ((CurOffset & 0x3) * 8)) & Mask;
--          // Is the destination still in 'erased' state?
--          if ((Tmp & Mask) != Mask) {
--            // Check to see if we are only changing bits to zero.
--            if ((Tmp ^ TmpBuf) & TmpBuf) {
--              DoErase = TRUE;
--              break;
--            }
--          }
--
--          // Merge old and new data. Write merged word to NOR
--          WordToWrite  = (Tmp & ~Mask) | TmpBuf;
--          CurOffset   += BytesToWrite;
--          BytesToWrite = 0;
--        }
-+    // Read the old version of the data into the shadow buffer
-+    Status = NorFlashRead (
-+               Instance,
-+               Lba,
-+               Offset & ~BOUNDARY_OF_32_WORDS,
-+               (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
-+               Instance->ShadowBuffer
-+               );
-+    if (EFI_ERROR (Status)) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    // Make OrigData point to the start of the old version of the data inside
-+    // the word aligned buffer
-+    OrigData = Instance->ShadowBuffer + (Offset & BOUNDARY_OF_32_WORDS);
-+
-+    // Update the buffer containing the old version of the data with the new
-+    // contents, while checking whether the old version had any bits cleared
-+    // that we want to set. In that case, we will need to erase the block first.
-+    for (CurOffset = 0; CurOffset < *NumBytes; CurOffset++) {
-+      if (~OrigData[CurOffset] & Buffer[CurOffset]) {
-+        goto DoErase;
-       }
- 
--      //
--      // Write the word to NOR.
--      //
-+      OrigData[CurOffset] = Buffer[CurOffset];
-+    }
- 
--      BlockAddress = GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba, BlockSize);
--      if (BlockAddress != PrevBlockAddress) {
--        TempStatus = NorFlashUnlockSingleBlockIfNecessary (Instance, BlockAddress);
--        if (EFI_ERROR (TempStatus)) {
--          return EFI_DEVICE_ERROR;
--        }
-+    //
-+    // Write the updated buffer to NOR.
-+    //
-+    BlockAddress = GET_NOR_BLOCK_ADDRESS (Instance->RegionBaseAddress, Lba, BlockSize);
- 
--        PrevBlockAddress = BlockAddress;
--      }
-+    // Unlock the block if we have to
-+    Status = NorFlashUnlockSingleBlockIfNecessary (Instance, BlockAddress);
-+    if (EFI_ERROR (Status)) {
-+      goto Exit;
-+    }
- 
--      TempStatus = NorFlashWriteSingleWord (Instance, WordAddr, WordToWrite);
--      // Put device back into Read Array mode
--      SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
--      if (EFI_ERROR (TempStatus)) {
--        return EFI_DEVICE_ERROR;
--      }
-+    Status = NorFlashWriteBuffer (
-+               Instance,
-+               BlockAddress + (Offset & ~BOUNDARY_OF_32_WORDS),
-+               P30_MAX_BUFFER_SIZE_IN_BYTES,
-+               Instance->ShadowBuffer
-+               );
-+    if (EFI_ERROR (Status)) {
-+      goto Exit;
-     }
- 
--    // Exit if we got here and could write all the data. Otherwise do the
--    // Erase-Write cycle.
--    if (!DoErase) {
--      return EFI_SUCCESS;
-+    if ((*NumBytes + (Offset & BOUNDARY_OF_32_WORDS)) > P30_MAX_BUFFER_SIZE_IN_BYTES) {
-+      BlockAddress += P30_MAX_BUFFER_SIZE_IN_BYTES;
-+
-+      Status = NorFlashWriteBuffer (
-+                 Instance,
-+                 BlockAddress + (Offset & ~BOUNDARY_OF_32_WORDS),
-+                 P30_MAX_BUFFER_SIZE_IN_BYTES,
-+                 Instance->ShadowBuffer + P30_MAX_BUFFER_SIZE_IN_BYTES
-+                 );
-     }
--  }
- 
--  // Check we did get some memory. Buffer is BlockSize.
--  if (Instance->ShadowBuffer == NULL) {
--    DEBUG ((DEBUG_ERROR, "FvbWrite: ERROR - Buffer not ready\n"));
--    return EFI_DEVICE_ERROR;
-+Exit:
-+    // Put device back into Read Array mode
-+    SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
-+
-+    return Status;
-   }
- 
-+DoErase:
-   // Read NOR Flash data into shadow buffer
--  TempStatus = NorFlashReadBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
--  if (EFI_ERROR (TempStatus)) {
-+  Status = NorFlashReadBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
-+  if (EFI_ERROR (Status)) {
-     // Return one of the pre-approved error statuses
-     return EFI_DEVICE_ERROR;
-   }
-@@ -762,8 +700,8 @@ NorFlashWriteSingleBlock (
-   CopyMem ((VOID *)((UINTN)Instance->ShadowBuffer + Offset), Buffer, *NumBytes);
- 
-   // Write the modified buffer back to the NorFlash
--  TempStatus = NorFlashWriteBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
--  if (EFI_ERROR (TempStatus)) {
-+  Status = NorFlashWriteBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
-+  if (EFI_ERROR (Status)) {
-     // Return one of the pre-approved error statuses
-     return EFI_DEVICE_ERROR;
-   }
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-clarify-block-write-logic-fi.patch

@@ -1,110 +0,0 @@
-From f136d4895b1477a56b916a76448ba76e67b08163 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:01 +0100
-Subject: [PATCH 12/18] OvmfPkg/VirtNorFlashDxe: clarify block write logic &
- fix shadowbuffer reads
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [14/20] 38009625e5f189166f7a93e236576140a7ccb393
-
-Introduce 'Start' and 'End' variables to make it easier to follow the
-logic and code flow.  Also add a ascii art diagram (based on a
-suggestion by Laszlo).
-
-This also fixes the 'Size' calculation for the NorFlashRead() call.
-Without this patch the code will read only one instead of two
-P30_MAX_BUFFER_SIZE_IN_BYTES blocks in case '*NumBytes' is smaller than
-P30_MAX_BUFFER_SIZE_IN_BYTES but 'Offset + *NumBytes' is not, i.e. the
-update range crosses a P30_MAX_BUFFER_SIZE_IN_BYTES boundary.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-3-kraxel@redhat.com>
-(cherry picked from commit 35d8ea8097794b522149688b5cfaf8364bc44d54)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 36 ++++++++++++++++++++------
- 1 file changed, 28 insertions(+), 8 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 7f4743b003..88a4d2c23f 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -520,6 +520,7 @@ NorFlashWriteSingleBlock (
-   UINTN       BlockSize;
-   UINTN       BlockAddress;
-   UINT8       *OrigData;
-+  UINTN       Start, End;
- 
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer));
- 
-@@ -555,7 +556,28 @@ NorFlashWriteSingleBlock (
-   // To avoid pathological cases were a 2 byte write is disregarded because it
-   // occurs right at a 128 byte buffered write alignment boundary, permit up to
-   // twice the max buffer size, and perform two writes if needed.
--  if ((*NumBytes + (Offset & BOUNDARY_OF_32_WORDS)) <= (2 * P30_MAX_BUFFER_SIZE_IN_BYTES)) {
-+  //
-+  //    0               128              256
-+  //    [----------------|----------------]
-+  //    ^         ^             ^         ^
-+  //    |         |             |         |
-+  //    |         |             |        End, the next "word" boundary beyond
-+  //    |         |             |        the (logical) update
-+  //    |         |             |
-+  //    |         |     (Offset & BOUNDARY_OF_32_WORDS) + NumBytes;
-+  //    |         |     i.e., the relative offset inside (or just past)
-+  //    |         |     the *double-word* such that it is the
-+  //    |         |     *exclusive* end of the (logical) update.
-+  //    |         |
-+  //    |         Offset & BOUNDARY_OF_32_WORDS; i.e., Offset within the "word";
-+  //    |         this is where the (logical) update is supposed to start
-+  //    |
-+  //    Start = Offset & ~BOUNDARY_OF_32_WORDS; i.e., Offset truncated to "word" boundary
-+
-+  Start = Offset & ~BOUNDARY_OF_32_WORDS;
-+  End   = ALIGN_VALUE (Offset + *NumBytes, P30_MAX_BUFFER_SIZE_IN_BYTES);
-+
-+  if ((End - Start) <= (2 * P30_MAX_BUFFER_SIZE_IN_BYTES)) {
-     // Check to see if we need to erase before programming the data into NOR.
-     // If the destination bits are only changing from 1s to 0s we can just write.
-     // After a block is erased all bits in the block is set to 1.
-@@ -565,8 +587,8 @@ NorFlashWriteSingleBlock (
-     Status = NorFlashRead (
-                Instance,
-                Lba,
--               Offset & ~BOUNDARY_OF_32_WORDS,
--               (*NumBytes | BOUNDARY_OF_32_WORDS) + 1,
-+               Start,
-+               End - Start,
-                Instance->ShadowBuffer
-                );
-     if (EFI_ERROR (Status)) {
-@@ -601,7 +623,7 @@ NorFlashWriteSingleBlock (
- 
-     Status = NorFlashWriteBuffer (
-                Instance,
--               BlockAddress + (Offset & ~BOUNDARY_OF_32_WORDS),
-+               BlockAddress + Start,
-                P30_MAX_BUFFER_SIZE_IN_BYTES,
-                Instance->ShadowBuffer
-                );
-@@ -609,12 +631,10 @@ NorFlashWriteSingleBlock (
-       goto Exit;
-     }
- 
--    if ((*NumBytes + (Offset & BOUNDARY_OF_32_WORDS)) > P30_MAX_BUFFER_SIZE_IN_BYTES) {
--      BlockAddress += P30_MAX_BUFFER_SIZE_IN_BYTES;
--
-+    if ((End - Start) > P30_MAX_BUFFER_SIZE_IN_BYTES) {
-       Status = NorFlashWriteBuffer (
-                  Instance,
--                 BlockAddress + (Offset & ~BOUNDARY_OF_32_WORDS),
-+                 BlockAddress + Start + P30_MAX_BUFFER_SIZE_IN_BYTES,
-                  P30_MAX_BUFFER_SIZE_IN_BYTES,
-                  Instance->ShadowBuffer + P30_MAX_BUFFER_SIZE_IN_BYTES
-                  );
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-drop-block-I-O-protocol-impl.patch

@@ -1,504 +0,0 @@
-From 8cf16599ade30de07c9b51f90d2208046f74fee6 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 17:12:08 +0200
-Subject: [PATCH 04/18] OvmfPkg/VirtNorFlashDxe: drop block I/O protocol
- implementation
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [6/20] 6843078997a30c2818e0d53a90fb7f6accb89aaf
-
-We never boot from NOR flash, and generally rely on the firmware volume
-PI protocols to expose the contents. So drop the block I/O protocol
-implementation from VirtNorFlashDxe.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 83f11f957240ead9b135a778316330762b0a3acb)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c      | 49 ++++++------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h      | 54 ++------------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c   | 40 +++------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf |  1 -
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c   | 55 ++++++++-------------
- 5 files changed, 45 insertions(+), 154 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 1094d48f7d..f41d9d372f 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -366,10 +366,6 @@ NorFlashWriteBlocks (
-     return EFI_INVALID_PARAMETER;
-   }
- 
--  if (Instance->Media.ReadOnly == TRUE) {
--    return EFI_WRITE_PROTECTED;
--  }
--
-   // We must have some bytes to read
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteBlocks: BufferSizeInBytes=0x%x\n", BufferSizeInBytes));
-   if (BufferSizeInBytes == 0) {
-@@ -377,22 +373,22 @@ NorFlashWriteBlocks (
-   }
- 
-   // The size of the buffer must be a multiple of the block size
--  DEBUG ((DEBUG_BLKIO, "NorFlashWriteBlocks: BlockSize in bytes =0x%x\n", Instance->Media.BlockSize));
--  if ((BufferSizeInBytes % Instance->Media.BlockSize) != 0) {
-+  DEBUG ((DEBUG_BLKIO, "NorFlashWriteBlocks: BlockSize in bytes =0x%x\n", Instance->BlockSize));
-+  if ((BufferSizeInBytes % Instance->BlockSize) != 0) {
-     return EFI_BAD_BUFFER_SIZE;
-   }
- 
-   // All blocks must be within the device
--  NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->Media.BlockSize;
-+  NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->BlockSize;
- 
--  DEBUG ((DEBUG_BLKIO, "NorFlashWriteBlocks: NumBlocks=%d, LastBlock=%ld, Lba=%ld.\n", NumBlocks, Instance->Media.LastBlock, Lba));
-+  DEBUG ((DEBUG_BLKIO, "NorFlashWriteBlocks: NumBlocks=%d, LastBlock=%ld, Lba=%ld.\n", NumBlocks, Instance->LastBlock, Lba));
- 
--  if ((Lba + NumBlocks) > (Instance->Media.LastBlock + 1)) {
-+  if ((Lba + NumBlocks) > (Instance->LastBlock + 1)) {
-     DEBUG ((DEBUG_ERROR, "NorFlashWriteBlocks: ERROR - Write will exceed last block.\n"));
-     return EFI_INVALID_PARAMETER;
-   }
- 
--  BlockSizeInWords = Instance->Media.BlockSize / 4;
-+  BlockSizeInWords = Instance->BlockSize / 4;
- 
-   // Because the target *Buffer is a pointer to VOID, we must put all the data into a pointer
-   // to a proper data type, so use *ReadBuffer
-@@ -489,8 +485,8 @@ NorFlashReadBlocks (
-     DEBUG_BLKIO,
-     "NorFlashReadBlocks: BufferSize=0x%xB BlockSize=0x%xB LastBlock=%ld, Lba=%ld.\n",
-     BufferSizeInBytes,
--    Instance->Media.BlockSize,
--    Instance->Media.LastBlock,
-+    Instance->BlockSize,
-+    Instance->LastBlock,
-     Lba
-     ));
- 
-@@ -505,14 +501,14 @@ NorFlashReadBlocks (
-   }
- 
-   // The size of the buffer must be a multiple of the block size
--  if ((BufferSizeInBytes % Instance->Media.BlockSize) != 0) {
-+  if ((BufferSizeInBytes % Instance->BlockSize) != 0) {
-     return EFI_BAD_BUFFER_SIZE;
-   }
- 
-   // All blocks must be within the device
--  NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->Media.BlockSize;
-+  NumBlocks = ((UINT32)BufferSizeInBytes) / Instance->BlockSize;
- 
--  if ((Lba + NumBlocks) > (Instance->Media.LastBlock + 1)) {
-+  if ((Lba + NumBlocks) > (Instance->LastBlock + 1)) {
-     DEBUG ((DEBUG_ERROR, "NorFlashReadBlocks: ERROR - Read will exceed last block\n"));
-     return EFI_INVALID_PARAMETER;
-   }
-@@ -521,7 +517,7 @@ NorFlashReadBlocks (
-   StartAddress = GET_NOR_BLOCK_ADDRESS (
-                    Instance->RegionBaseAddress,
-                    Lba,
--                   Instance->Media.BlockSize
-+                   Instance->BlockSize
-                    );
- 
-   // Put the device into Read Array mode
-@@ -554,7 +550,7 @@ NorFlashRead (
-     return EFI_SUCCESS;
-   }
- 
--  if (((Lba * Instance->Media.BlockSize) + Offset + BufferSizeInBytes) > Instance->Size) {
-+  if (((Lba * Instance->BlockSize) + Offset + BufferSizeInBytes) > Instance->Size) {
-     DEBUG ((DEBUG_ERROR, "NorFlashRead: ERROR - Read will exceed device size.\n"));
-     return EFI_INVALID_PARAMETER;
-   }
-@@ -563,7 +559,7 @@ NorFlashRead (
-   StartAddress = GET_NOR_BLOCK_ADDRESS (
-                    Instance->RegionBaseAddress,
-                    Lba,
--                   Instance->Media.BlockSize
-+                   Instance->BlockSize
-                    );
- 
-   // Put the device into Read Array mode
-@@ -577,7 +573,7 @@ NorFlashRead (
- 
- /*
-   Write a full or portion of a block. It must not span block boundaries; that is,
--  Offset + *NumBytes <= Instance->Media.BlockSize.
-+  Offset + *NumBytes <= Instance->BlockSize.
- */
- EFI_STATUS
- NorFlashWriteSingleBlock (
-@@ -605,15 +601,8 @@ NorFlashWriteSingleBlock (
- 
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer));
- 
--  // Detect WriteDisabled state
--  if (Instance->Media.ReadOnly == TRUE) {
--    DEBUG ((DEBUG_ERROR, "NorFlashWriteSingleBlock: ERROR - Can not write: Device is in WriteDisabled state.\n"));
--    // It is in WriteDisabled state, return an error right away
--    return EFI_ACCESS_DENIED;
--  }
--
-   // Cache the block size to avoid de-referencing pointers all the time
--  BlockSize = Instance->Media.BlockSize;
-+  BlockSize = Instance->BlockSize;
- 
-   // The write must not span block boundaries.
-   // We need to check each variable individually because adding two large values together overflows.
-@@ -819,12 +808,6 @@ NorFlashVirtualNotifyEvent (
-     EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->DeviceBaseAddress);
-     EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->RegionBaseAddress);
- 
--    // Convert BlockIo protocol
--    EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->BlockIoProtocol.FlushBlocks);
--    EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->BlockIoProtocol.ReadBlocks);
--    EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->BlockIoProtocol.Reset);
--    EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->BlockIoProtocol.WriteBlocks);
--
-     // Convert Fvb
-     EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->FvbProtocol.EraseBlocks);
-     EfiConvertPointer (0x0, (VOID **)&mNorFlashInstances[Index]->FvbProtocol.GetAttributes);
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-index 7733ee02ee..b7f5d208b2 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-@@ -14,7 +14,6 @@
- 
- #include <Guid/EventGroup.h>
- 
--#include <Protocol/BlockIo.h>
- #include <Protocol/FirmwareVolumeBlock.h>
- 
- #include <Library/DebugLib.h>
-@@ -108,8 +107,7 @@
- #define P30_CMD_READ_CONFIGURATION_REGISTER        0x0003
- 
- #define NOR_FLASH_SIGNATURE  SIGNATURE_32('n', 'o', 'r', '0')
--#define INSTANCE_FROM_FVB_THIS(a)     CR(a, NOR_FLASH_INSTANCE, FvbProtocol, NOR_FLASH_SIGNATURE)
--#define INSTANCE_FROM_BLKIO_THIS(a)   CR(a, NOR_FLASH_INSTANCE, BlockIoProtocol, NOR_FLASH_SIGNATURE)
-+#define INSTANCE_FROM_FVB_THIS(a)  CR(a, NOR_FLASH_INSTANCE, FvbProtocol, NOR_FLASH_SIGNATURE)
- 
- typedef struct _NOR_FLASH_INSTANCE NOR_FLASH_INSTANCE;
- 
-@@ -129,9 +127,8 @@ struct _NOR_FLASH_INSTANCE {
-   UINTN                                  RegionBaseAddress;
-   UINTN                                  Size;
-   EFI_LBA                                StartLba;
--
--  EFI_BLOCK_IO_PROTOCOL                  BlockIoProtocol;
--  EFI_BLOCK_IO_MEDIA                     Media;
-+  EFI_LBA                                LastBlock;
-+  UINT32                                 BlockSize;
- 
-   EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL    FvbProtocol;
-   VOID                                   *ShadowBuffer;
-@@ -155,51 +152,6 @@ NorFlashWriteBuffer (
-   IN UINT32              *Buffer
-   );
- 
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.Reset
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoReset (
--  IN EFI_BLOCK_IO_PROTOCOL  *This,
--  IN BOOLEAN                ExtendedVerification
--  );
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.ReadBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoReadBlocks (
--  IN  EFI_BLOCK_IO_PROTOCOL  *This,
--  IN  UINT32                 MediaId,
--  IN  EFI_LBA                Lba,
--  IN  UINTN                  BufferSizeInBytes,
--  OUT VOID                   *Buffer
--  );
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.WriteBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoWriteBlocks (
--  IN  EFI_BLOCK_IO_PROTOCOL  *This,
--  IN  UINT32                 MediaId,
--  IN  EFI_LBA                Lba,
--  IN  UINTN                  BufferSizeInBytes,
--  IN  VOID                   *Buffer
--  );
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.FlushBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoFlushBlocks (
--  IN EFI_BLOCK_IO_PROTOCOL  *This
--  );
--
- //
- // NorFlashFvbDxe.c
- //
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-index 4875b057d5..2ceda22635 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-@@ -34,29 +34,8 @@ NOR_FLASH_INSTANCE  mNorFlashInstanceTemplate = {
-   0, // RegionBaseAddress ... NEED TO BE FILLED
-   0, // Size ... NEED TO BE FILLED
-   0, // StartLba
--
--  {
--    EFI_BLOCK_IO_PROTOCOL_REVISION2, // Revision
--    NULL,                            // Media ... NEED TO BE FILLED
--    NorFlashBlockIoReset,            // Reset;
--    NorFlashBlockIoReadBlocks,       // ReadBlocks
--    NorFlashBlockIoWriteBlocks,      // WriteBlocks
--    NorFlashBlockIoFlushBlocks       // FlushBlocks
--  }, // BlockIoProtocol
--
--  {
--    0,     // MediaId ... NEED TO BE FILLED
--    FALSE, // RemovableMedia
--    TRUE,  // MediaPresent
--    FALSE, // LogicalPartition
--    FALSE, // ReadOnly
--    FALSE, // WriteCaching;
--    0,     // BlockSize ... NEED TO BE FILLED
--    4,     //  IoAlign
--    0,     // LastBlock ... NEED TO BE FILLED
--    0,     // LowestAlignedLba
--    1,     // LogicalBlocksPerPhysicalBlock
--  }, // Media;
-+  0, // LastBlock
-+  0, // BlockSize
- 
-   {
-     FvbGetAttributes,      // GetAttributes
-@@ -115,11 +94,8 @@ NorFlashCreateInstance (
-   Instance->DeviceBaseAddress = NorFlashDeviceBase;
-   Instance->RegionBaseAddress = NorFlashRegionBase;
-   Instance->Size              = NorFlashSize;
--
--  Instance->BlockIoProtocol.Media = &Instance->Media;
--  Instance->Media.MediaId         = Index;
--  Instance->Media.BlockSize       = BlockSize;
--  Instance->Media.LastBlock       = (NorFlashSize / BlockSize)-1;
-+  Instance->BlockSize         = BlockSize;
-+  Instance->LastBlock         = (NorFlashSize / BlockSize) - 1;
- 
-   CopyGuid (&Instance->DevicePath.Vendor.Guid, &gEfiCallerIdGuid);
-   Instance->DevicePath.Index = (UINT8)Index;
-@@ -136,8 +112,6 @@ NorFlashCreateInstance (
-                     &Instance->Handle,
-                     &gEfiDevicePathProtocolGuid,
-                     &Instance->DevicePath,
--                    &gEfiBlockIoProtocolGuid,
--                    &Instance->BlockIoProtocol,
-                     &gEfiFirmwareVolumeBlockProtocolGuid,
-                     &Instance->FvbProtocol,
-                     NULL
-@@ -151,8 +125,6 @@ NorFlashCreateInstance (
-                     &Instance->Handle,
-                     &gEfiDevicePathProtocolGuid,
-                     &Instance->DevicePath,
--                    &gEfiBlockIoProtocolGuid,
--                    &Instance->BlockIoProtocol,
-                     NULL
-                     );
-     if (EFI_ERROR (Status)) {
-@@ -434,7 +406,7 @@ NorFlashFvbInitialize (
-                                 PcdGet64 (PcdFlashNvStorageVariableBase64) : PcdGet32 (PcdFlashNvStorageVariableBase);
- 
-   // Set the index of the first LBA for the FVB
--  Instance->StartLba = (mFlashNvStorageVariableBase - Instance->RegionBaseAddress) / Instance->Media.BlockSize;
-+  Instance->StartLba = (mFlashNvStorageVariableBase - Instance->RegionBaseAddress) / Instance->BlockSize;
- 
-   BootMode = GetBootModeHob ();
-   if (BootMode == BOOT_WITH_DEFAULT_SETTINGS) {
-@@ -455,7 +427,7 @@ NorFlashFvbInitialize (
-       ));
- 
-     // Erase all the NorFlash that is reserved for variable storage
--    FvbNumLba = (PcdGet32 (PcdFlashNvStorageVariableSize) + PcdGet32 (PcdFlashNvStorageFtwWorkingSize) + PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / Instance->Media.BlockSize;
-+    FvbNumLba = (PcdGet32 (PcdFlashNvStorageVariableSize) + PcdGet32 (PcdFlashNvStorageFtwWorkingSize) + PcdGet32 (PcdFlashNvStorageFtwSpareSize)) / Instance->BlockSize;
- 
-     Status = FvbEraseBlocks (&Instance->FvbProtocol, (EFI_LBA)0, FvbNumLba, EFI_LBA_LIST_TERMINATOR);
-     if (EFI_ERROR (Status)) {
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-index 53e9d58204..2a3d4a218e 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-@@ -19,7 +19,6 @@
- [Sources.common]
-   VirtNorFlash.c
-   VirtNorFlash.h
--  VirtNorFlashBlockIoDxe.c
-   VirtNorFlashDxe.c
-   VirtNorFlashFvb.c
- 
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-index c824e0a0fb..cc5eefaaf3 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-@@ -89,7 +89,7 @@ InitializeFvAndVariableStoreHeaders (
-   }
- 
-   // Check if the size of the area is at least one block size
--  if ((NvStorageVariableSize <= 0) || (NvStorageVariableSize / Instance->Media.BlockSize <= 0)) {
-+  if ((NvStorageVariableSize <= 0) || (NvStorageVariableSize / Instance->BlockSize <= 0)) {
-     DEBUG ((
-       DEBUG_ERROR,
-       "%a: NvStorageVariableSize is 0x%x, should be atleast one block size\n",
-@@ -99,7 +99,7 @@ InitializeFvAndVariableStoreHeaders (
-     return EFI_INVALID_PARAMETER;
-   }
- 
--  if ((NvStorageFtwWorkingSize <= 0) || (NvStorageFtwWorkingSize / Instance->Media.BlockSize <= 0)) {
-+  if ((NvStorageFtwWorkingSize <= 0) || (NvStorageFtwWorkingSize / Instance->BlockSize <= 0)) {
-     DEBUG ((
-       DEBUG_ERROR,
-       "%a: NvStorageFtwWorkingSize is 0x%x, should be atleast one block size\n",
-@@ -109,7 +109,7 @@ InitializeFvAndVariableStoreHeaders (
-     return EFI_INVALID_PARAMETER;
-   }
- 
--  if ((NvStorageFtwSpareSize <= 0) || (NvStorageFtwSpareSize / Instance->Media.BlockSize <= 0)) {
-+  if ((NvStorageFtwSpareSize <= 0) || (NvStorageFtwSpareSize / Instance->BlockSize <= 0)) {
-     DEBUG ((
-       DEBUG_ERROR,
-       "%a: NvStorageFtwSpareSize is 0x%x, should be atleast one block size\n",
-@@ -120,9 +120,9 @@ InitializeFvAndVariableStoreHeaders (
-   }
- 
-   // Ensure the Variable area Base Addresses are aligned on a block size boundaries
--  if ((NvStorageVariableBase % Instance->Media.BlockSize != 0) ||
--      (NvStorageFtwWorkingBase % Instance->Media.BlockSize != 0) ||
--      (NvStorageFtwSpareBase % Instance->Media.BlockSize != 0))
-+  if ((NvStorageVariableBase % Instance->BlockSize != 0) ||
-+      (NvStorageFtwWorkingBase % Instance->BlockSize != 0) ||
-+      (NvStorageFtwSpareBase % Instance->BlockSize != 0))
-   {
-     DEBUG ((DEBUG_ERROR, "%a: NvStorage Base addresses must be aligned to block size boundaries", __FUNCTION__));
-     return EFI_INVALID_PARAMETER;
-@@ -149,8 +149,8 @@ InitializeFvAndVariableStoreHeaders (
-                                                             );
-   FirmwareVolumeHeader->HeaderLength          = sizeof (EFI_FIRMWARE_VOLUME_HEADER) + sizeof (EFI_FV_BLOCK_MAP_ENTRY);
-   FirmwareVolumeHeader->Revision              = EFI_FVH_REVISION;
--  FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->Media.LastBlock + 1;
--  FirmwareVolumeHeader->BlockMap[0].Length    = Instance->Media.BlockSize;
-+  FirmwareVolumeHeader->BlockMap[0].NumBlocks = Instance->LastBlock + 1;
-+  FirmwareVolumeHeader->BlockMap[0].Length    = Instance->BlockSize;
-   FirmwareVolumeHeader->BlockMap[1].NumBlocks = 0;
-   FirmwareVolumeHeader->BlockMap[1].Length    = 0;
-   FirmwareVolumeHeader->Checksum              = CalculateCheckSum16 ((UINT16 *)FirmwareVolumeHeader, FirmwareVolumeHeader->HeaderLength);
-@@ -284,9 +284,6 @@ FvbGetAttributes (
-   )
- {
-   EFI_FVB_ATTRIBUTES_2  FlashFvbAttributes;
--  NOR_FLASH_INSTANCE    *Instance;
--
--  Instance = INSTANCE_FROM_FVB_THIS (This);
- 
-   FlashFvbAttributes = (EFI_FVB_ATTRIBUTES_2)(
- 
-@@ -294,17 +291,12 @@ FvbGetAttributes (
-                                               EFI_FVB2_READ_STATUS      | // Reads are currently enabled
-                                               EFI_FVB2_STICKY_WRITE     | // A block erase is required to flip bits into EFI_FVB2_ERASE_POLARITY
-                                               EFI_FVB2_MEMORY_MAPPED    | // It is memory mapped
--                                              EFI_FVB2_ERASE_POLARITY     // After erasure all bits take this value (i.e. '1')
-+                                              EFI_FVB2_ERASE_POLARITY   | // After erasure all bits take this value (i.e. '1')
-+                                              EFI_FVB2_WRITE_STATUS     | // Writes are currently enabled
-+                                              EFI_FVB2_WRITE_ENABLED_CAP  // Writes may be enabled
- 
-                                               );
- 
--  // Check if it is write protected
--  if (Instance->Media.ReadOnly != TRUE) {
--    FlashFvbAttributes = FlashFvbAttributes         |
--                         EFI_FVB2_WRITE_STATUS      | // Writes are currently enabled
--                         EFI_FVB2_WRITE_ENABLED_CAP;  // Writes may be enabled
--  }
--
-   *Attributes = FlashFvbAttributes;
- 
-   DEBUG ((DEBUG_BLKIO, "FvbGetAttributes(0x%X)\n", *Attributes));
-@@ -418,15 +410,15 @@ FvbGetBlockSize (
- 
-   Instance = INSTANCE_FROM_FVB_THIS (This);
- 
--  DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize(Lba=%ld, BlockSize=0x%x, LastBlock=%ld)\n", Lba, Instance->Media.BlockSize, Instance->Media.LastBlock));
-+  DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize(Lba=%ld, BlockSize=0x%x, LastBlock=%ld)\n", Lba, Instance->BlockSize, Instance->LastBlock));
- 
--  if (Lba > Instance->Media.LastBlock) {
--    DEBUG ((DEBUG_ERROR, "FvbGetBlockSize: ERROR - Parameter LBA %ld is beyond the last Lba (%ld).\n", Lba, Instance->Media.LastBlock));
-+  if (Lba > Instance->LastBlock) {
-+    DEBUG ((DEBUG_ERROR, "FvbGetBlockSize: ERROR - Parameter LBA %ld is beyond the last Lba (%ld).\n", Lba, Instance->LastBlock));
-     Status = EFI_INVALID_PARAMETER;
-   } else {
-     // This is easy because in this platform each NorFlash device has equal sized blocks.
--    *BlockSize      = (UINTN)Instance->Media.BlockSize;
--    *NumberOfBlocks = (UINTN)(Instance->Media.LastBlock - Lba + 1);
-+    *BlockSize      = (UINTN)Instance->BlockSize;
-+    *NumberOfBlocks = (UINTN)(Instance->LastBlock - Lba + 1);
- 
-     DEBUG ((DEBUG_BLKIO, "FvbGetBlockSize: *BlockSize=0x%x, *NumberOfBlocks=0x%x.\n", *BlockSize, *NumberOfBlocks));
- 
-@@ -498,7 +490,7 @@ FvbRead (
-   TempStatus = EFI_SUCCESS;
- 
-   // Cache the block size to avoid de-referencing pointers all the time
--  BlockSize = Instance->Media.BlockSize;
-+  BlockSize = Instance->BlockSize;
- 
-   DEBUG ((DEBUG_BLKIO, "FvbRead: Check if (Offset=0x%x + NumBytes=0x%x) <= BlockSize=0x%x\n", Offset, *NumBytes, BlockSize));
- 
-@@ -669,13 +661,6 @@ FvbEraseBlocks (
- 
-   Status = EFI_SUCCESS;
- 
--  // Detect WriteDisabled state
--  if (Instance->Media.ReadOnly == TRUE) {
--    // Firmware volume is in WriteDisabled state
--    DEBUG ((DEBUG_ERROR, "FvbEraseBlocks: ERROR - Device is in WriteDisabled state.\n"));
--    return EFI_ACCESS_DENIED;
--  }
--
-   // Before erasing, check the entire list of parameters to ensure all specified blocks are valid
- 
-   VA_START (Args, This);
-@@ -698,9 +683,9 @@ FvbEraseBlocks (
-       "FvbEraseBlocks: Check if: ( StartingLba=%ld + NumOfLba=%Lu - 1 ) > LastBlock=%ld.\n",
-       Instance->StartLba + StartingLba,
-       (UINT64)NumOfLba,
--      Instance->Media.LastBlock
-+      Instance->LastBlock
-       ));
--    if ((NumOfLba == 0) || ((Instance->StartLba + StartingLba + NumOfLba - 1) > Instance->Media.LastBlock)) {
-+    if ((NumOfLba == 0) || ((Instance->StartLba + StartingLba + NumOfLba - 1) > Instance->LastBlock)) {
-       VA_END (Args);
-       DEBUG ((DEBUG_ERROR, "FvbEraseBlocks: ERROR - Lba range goes past the last Lba.\n"));
-       Status = EFI_INVALID_PARAMETER;
-@@ -733,7 +718,7 @@ FvbEraseBlocks (
-       BlockAddress = GET_NOR_BLOCK_ADDRESS (
-                        Instance->RegionBaseAddress,
-                        Instance->StartLba + StartingLba,
--                       Instance->Media.BlockSize
-+                       Instance->BlockSize
-                        );
- 
-       // Erase it
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-map-flash-memory-as-uncachea.patch

@@ -1,67 +0,0 @@
-From 15415de9a228e74ff1847777a29f1531754b03b0 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 11 Jan 2023 19:00:23 +0100
-Subject: [PATCH 08/18] OvmfPkg/VirtNorFlashDxe: map flash memory as
- uncacheable
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [10/20] 40ca967bead9ec5c98c528bfe0757f75f3d3352f
-
-Switching from the ArmPlatformPkg/NorFlashDxe driver to the
-OvmfPkg/VirtNorFlashDxe driver had the side effect that flash address
-space got registered as EFI_MEMORY_WC instead of EFI_MEMORY_UC.
-
-That confuses the linux kernel's numa code, seems this makes kernel
-consider the flash being node memory.  "lsmem" changes from ...
-
-    RANGE                                 SIZE  STATE REMOVABLE BLOCK
-    0x0000000040000000-0x000000013fffffff   4G online       yes  8-39
-
-... to ...
-
-    RANGE                                  SIZE  STATE REMOVABLE BLOCK
-    0x0000000000000000-0x0000000007ffffff  128M online       yes     0
-    0x0000000040000000-0x000000013fffffff    4G online       yes  8-39
-
-... and in the kernel log got new error lines:
-
-    NUMA: Warning: invalid memblk node 512 [mem 0x0000000004000000-0x0000000007ffffff]
-    NUMA: Faking a node at [mem 0x0000000004000000-0x000000013fffffff]
-
-Changing the attributes back to EFI_MEMORY_UC fixes this.
-
-Fixes: b92298af8218 ("ArmVirtPkg/ArmVirtQemu: migrate to OVMF's VirtNorFlashDxe")
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit e5ec3ba409b5baa9cf429cc25fdf3c8d1b8dcef0)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-index ff3121af2a..f9a41f6aab 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-@@ -394,14 +394,14 @@ NorFlashFvbInitialize (
-                   EfiGcdMemoryTypeMemoryMappedIo,
-                   Instance->DeviceBaseAddress,
-                   RuntimeMmioRegionSize,
--                  EFI_MEMORY_WC | EFI_MEMORY_RUNTIME
-+                  EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-                   );
-   ASSERT_EFI_ERROR (Status);
- 
-   Status = gDS->SetMemorySpaceAttributes (
-                   Instance->DeviceBaseAddress,
-                   RuntimeMmioRegionSize,
--                  EFI_MEMORY_WC | EFI_MEMORY_RUNTIME
-+                  EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-                   );
-   ASSERT_EFI_ERROR (Status);
- 
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-move-DoErase-code-block-into.patch

@@ -1,131 +0,0 @@
-From 791c26a4a172b4a609a708db8018411ab653de4a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:05 +0100
-Subject: [PATCH 16/18] OvmfPkg/VirtNorFlashDxe: move DoErase code block into
- new function
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [18/20] 10f4685bfcb0c5423e392b4cf0e8633cd25b46b4
-
-Move the DoErase code block into a separate function, call the function
-instead of jumping around with goto.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-Id: <20240116171105.37831-7-kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit b481b00f593ef37695ee14271453320ed02a1256)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 76 ++++++++++++++++++--------
- 1 file changed, 52 insertions(+), 24 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 3d1d20daa1..e6aaed27ce 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -502,6 +502,38 @@ NorFlashRead (
-   return EFI_SUCCESS;
- }
- 
-+STATIC
-+EFI_STATUS
-+NorFlashWriteSingleBlockWithErase (
-+  IN        NOR_FLASH_INSTANCE  *Instance,
-+  IN        EFI_LBA             Lba,
-+  IN        UINTN               Offset,
-+  IN OUT    UINTN               *NumBytes,
-+  IN        UINT8               *Buffer
-+  )
-+{
-+  EFI_STATUS  Status;
-+
-+  // Read NOR Flash data into shadow buffer
-+  Status = NorFlashReadBlocks (Instance, Lba, Instance->BlockSize, Instance->ShadowBuffer);
-+  if (EFI_ERROR (Status)) {
-+    // Return one of the pre-approved error statuses
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  // Put the data at the appropriate location inside the buffer area
-+  CopyMem ((VOID *)((UINTN)Instance->ShadowBuffer + Offset), Buffer, *NumBytes);
-+
-+  // Write the modified buffer back to the NorFlash
-+  Status = NorFlashWriteBlocks (Instance, Lba, Instance->BlockSize, Instance->ShadowBuffer);
-+  if (EFI_ERROR (Status)) {
-+    // Return one of the pre-approved error statuses
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  return EFI_SUCCESS;
-+}
-+
- /*
-   Write a full or portion of a block. It must not span block boundaries; that is,
-   Offset + *NumBytes <= Instance->BlockSize.
-@@ -607,7 +639,14 @@ NorFlashWriteSingleBlock (
-     // that we want to set. In that case, we will need to erase the block first.
-     for (CurOffset = 0; CurOffset < *NumBytes; CurOffset++) {
-       if (~(UINT32)OrigData[CurOffset] & (UINT32)Buffer[CurOffset]) {
--        goto DoErase;
-+        Status = NorFlashWriteSingleBlockWithErase (
-+                   Instance,
-+                   Lba,
-+                   Offset,
-+                   NumBytes,
-+                   Buffer
-+                   );
-+        return Status;
-       }
- 
-       OrigData[CurOffset] = Buffer[CurOffset];
-@@ -636,33 +675,22 @@ NorFlashWriteSingleBlock (
-         goto Exit;
-       }
-     }
--
--Exit:
--    // Put device back into Read Array mode
--    SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
--
-+  } else {
-+    Status = NorFlashWriteSingleBlockWithErase (
-+               Instance,
-+               Lba,
-+               Offset,
-+               NumBytes,
-+               Buffer
-+               );
-     return Status;
-   }
- 
--DoErase:
--  // Read NOR Flash data into shadow buffer
--  Status = NorFlashReadBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
--  if (EFI_ERROR (Status)) {
--    // Return one of the pre-approved error statuses
--    return EFI_DEVICE_ERROR;
--  }
--
--  // Put the data at the appropriate location inside the buffer area
--  CopyMem ((VOID *)((UINTN)Instance->ShadowBuffer + Offset), Buffer, *NumBytes);
--
--  // Write the modified buffer back to the NorFlash
--  Status = NorFlashWriteBlocks (Instance, Lba, BlockSize, Instance->ShadowBuffer);
--  if (EFI_ERROR (Status)) {
--    // Return one of the pre-approved error statuses
--    return EFI_DEVICE_ERROR;
--  }
-+Exit:
-+  // Put device back into Read Array mode
-+  SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
- 
--  return EFI_SUCCESS;
-+  return Status;
- }
- 
- EFI_STATUS
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-CheckBlockLocked-feat.patch

@@ -1,94 +0,0 @@
-From 03e0a729a5c3ebcab8806d136cd8908627bd91c9 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 16:45:02 +0200
-Subject: [PATCH 02/18] OvmfPkg/VirtNorFlashDxe: remove CheckBlockLocked
- feature
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [4/20] 990bdf373801df8107d8a6ec4db3fb93e5a6ad68
-
-We inherited a feature from the ArmPlatformPkg version of this driver
-that never gets enabled. Let's remove it.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 0a64106c566273ff8ef951d56ddfa972fe65bd6c)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c      | 35 +++++----------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf |  3 --
- 2 files changed, 8 insertions(+), 30 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 12fa720dad..59a562efdf 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -65,35 +65,16 @@ NorFlashUnlockSingleBlock (
-   // Raise the Task Priority Level to TPL_NOTIFY to serialise all its operations
-   // and to protect shared data structures.
- 
--  if (FeaturePcdGet (PcdNorFlashCheckBlockLocked) == TRUE) {
--    do {
--      // Request a lock setup
--      SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_LOCK_BLOCK_SETUP);
-+  // Request a lock setup
-+  SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_LOCK_BLOCK_SETUP);
- 
--      // Request an unlock
--      SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_UNLOCK_BLOCK);
-+  // Request an unlock
-+  SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_UNLOCK_BLOCK);
- 
--      // Send command for reading device id
--      SEND_NOR_COMMAND (BlockAddress, 2, P30_CMD_READ_DEVICE_ID);
--
--      // Read block lock status
--      LockStatus = MmioRead32 (CREATE_NOR_ADDRESS (BlockAddress, 2));
--
--      // Decode block lock status
--      LockStatus = FOLD_32BIT_INTO_16BIT (LockStatus);
--    } while ((LockStatus & 0x1) == 1);
--  } else {
--    // Request a lock setup
--    SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_LOCK_BLOCK_SETUP);
--
--    // Request an unlock
--    SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_UNLOCK_BLOCK);
--
--    // Wait until the status register gives us the all clear
--    do {
--      LockStatus = NorFlashReadStatusRegister (Instance, BlockAddress);
--    } while ((LockStatus & P30_SR_BIT_WRITE) != P30_SR_BIT_WRITE);
--  }
-+  // Wait until the status register gives us the all clear
-+  do {
-+    LockStatus = NorFlashReadStatusRegister (Instance, BlockAddress);
-+  } while ((LockStatus & P30_SR_BIT_WRITE) != P30_SR_BIT_WRITE);
- 
-   // Put device back into Read Array mode
-   SEND_NOR_COMMAND (BlockAddress, 0, P30_CMD_READ_ARRAY);
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-index 1bf50e4823..53e9d58204 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-@@ -24,7 +24,6 @@
-   VirtNorFlashFvb.c
- 
- [Packages]
--  ArmPlatformPkg/ArmPlatformPkg.dec
-   EmbeddedPkg/EmbeddedPkg.dec
-   MdePkg/MdePkg.dec
-   MdeModulePkg/MdeModulePkg.dec
-@@ -66,7 +65,5 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
- 
--  gArmPlatformTokenSpaceGuid.PcdNorFlashCheckBlockLocked
--
- [Depex]
-   gEfiCpuArchProtocolGuid
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-remove-disk-I-O-protocol-imp.patch

@@ -1,386 +0,0 @@
-From 56041232238e4e4d3c8d703b27f51b0bc70fd5c8 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 16:50:05 +0200
-Subject: [PATCH 03/18] OvmfPkg/VirtNorFlashDxe: remove disk I/O protocol
- implementation
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [5/20] 0551c3f56f43396cfdc380127565e89d69eb29a3
-
-We only use NOR flash for firmware volumes, either for executable images
-or for the variable store. So we have no need for exposing disk I/O on
-top of the NOR flash partitions so let's remove it.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 68d234989b2d6bd8f255577e08bf8be0b1d197bb)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c        | 129 ------------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h        |  29 ----
- .../VirtNorFlashDxe/VirtNorFlashBlockIoDxe.c  | 123 -----------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c     |   8 --
- 4 files changed, 289 deletions(-)
- delete mode 100644 OvmfPkg/VirtNorFlashDxe/VirtNorFlashBlockIoDxe.c
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 59a562efdf..1094d48f7d 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -788,135 +788,6 @@ NorFlashWriteSingleBlock (
-   return EFI_SUCCESS;
- }
- 
--/*
--  Although DiskIoDxe will automatically install the DiskIO protocol whenever
--  we install the BlockIO protocol, its implementation is sub-optimal as it reads
--  and writes entire blocks using the BlockIO protocol. In fact we can access
--  NOR flash with a finer granularity than that, so we can improve performance
--  by directly producing the DiskIO protocol.
--*/
--
--/**
--  Read BufferSize bytes from Offset into Buffer.
--
--  @param  This                  Protocol instance pointer.
--  @param  MediaId               Id of the media, changes every time the media is replaced.
--  @param  Offset                The starting byte offset to read from
--  @param  BufferSize            Size of Buffer
--  @param  Buffer                Buffer containing read data
--
--  @retval EFI_SUCCESS           The data was read correctly from the device.
--  @retval EFI_DEVICE_ERROR      The device reported an error while performing the read.
--  @retval EFI_NO_MEDIA          There is no media in the device.
--  @retval EFI_MEDIA_CHANGED     The MediaId does not match the current device.
--  @retval EFI_INVALID_PARAMETER The read request contains device addresses that are not
--                                valid for the device.
--
--**/
--EFI_STATUS
--EFIAPI
--NorFlashDiskIoReadDisk (
--  IN EFI_DISK_IO_PROTOCOL  *This,
--  IN UINT32                MediaId,
--  IN UINT64                DiskOffset,
--  IN UINTN                 BufferSize,
--  OUT VOID                 *Buffer
--  )
--{
--  NOR_FLASH_INSTANCE  *Instance;
--  UINT32              BlockSize;
--  UINT32              BlockOffset;
--  EFI_LBA             Lba;
--
--  Instance = INSTANCE_FROM_DISKIO_THIS (This);
--
--  if (MediaId != Instance->Media.MediaId) {
--    return EFI_MEDIA_CHANGED;
--  }
--
--  BlockSize = Instance->Media.BlockSize;
--  Lba       = (EFI_LBA)DivU64x32Remainder (DiskOffset, BlockSize, &BlockOffset);
--
--  return NorFlashRead (Instance, Lba, BlockOffset, BufferSize, Buffer);
--}
--
--/**
--  Writes a specified number of bytes to a device.
--
--  @param  This       Indicates a pointer to the calling context.
--  @param  MediaId    ID of the medium to be written.
--  @param  Offset     The starting byte offset on the logical block I/O device to write.
--  @param  BufferSize The size in bytes of Buffer. The number of bytes to write to the device.
--  @param  Buffer     A pointer to the buffer containing the data to be written.
--
--  @retval EFI_SUCCESS           The data was written correctly to the device.
--  @retval EFI_WRITE_PROTECTED   The device can not be written to.
--  @retval EFI_DEVICE_ERROR      The device reported an error while performing the write.
--  @retval EFI_NO_MEDIA          There is no media in the device.
--  @retval EFI_MEDIA_CHANGED     The MediaId does not match the current device.
--  @retval EFI_INVALID_PARAMETER The write request contains device addresses that are not
--                                 valid for the device.
--
--**/
--EFI_STATUS
--EFIAPI
--NorFlashDiskIoWriteDisk (
--  IN EFI_DISK_IO_PROTOCOL  *This,
--  IN UINT32                MediaId,
--  IN UINT64                DiskOffset,
--  IN UINTN                 BufferSize,
--  IN VOID                  *Buffer
--  )
--{
--  NOR_FLASH_INSTANCE  *Instance;
--  UINT32              BlockSize;
--  UINT32              BlockOffset;
--  EFI_LBA             Lba;
--  UINTN               RemainingBytes;
--  UINTN               WriteSize;
--  EFI_STATUS          Status;
--
--  Instance = INSTANCE_FROM_DISKIO_THIS (This);
--
--  if (MediaId != Instance->Media.MediaId) {
--    return EFI_MEDIA_CHANGED;
--  }
--
--  BlockSize = Instance->Media.BlockSize;
--  Lba       = (EFI_LBA)DivU64x32Remainder (DiskOffset, BlockSize, &BlockOffset);
--
--  RemainingBytes = BufferSize;
--
--  // Write either all the remaining bytes, or the number of bytes that bring
--  // us up to a block boundary, whichever is less.
--  // (DiskOffset | (BlockSize - 1)) + 1) rounds DiskOffset up to the next
--  // block boundary (even if it is already on one).
--  WriteSize = MIN (RemainingBytes, ((DiskOffset | (BlockSize - 1)) + 1) - DiskOffset);
--
--  do {
--    if (WriteSize == BlockSize) {
--      // Write a full block
--      Status = NorFlashWriteFullBlock (Instance, Lba, Buffer, BlockSize / sizeof (UINT32));
--    } else {
--      // Write a partial block
--      Status = NorFlashWriteSingleBlock (Instance, Lba, BlockOffset, &WriteSize, Buffer);
--    }
--
--    if (EFI_ERROR (Status)) {
--      return Status;
--    }
--
--    // Now continue writing either all the remaining bytes or single blocks.
--    RemainingBytes -= WriteSize;
--    Buffer          = (UINT8 *)Buffer + WriteSize;
--    Lba++;
--    BlockOffset = 0;
--    WriteSize   = MIN (RemainingBytes, BlockSize);
--  } while (RemainingBytes);
--
--  return Status;
--}
--
- EFI_STATUS
- NorFlashReset (
-   IN  NOR_FLASH_INSTANCE  *Instance
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-index e46522a198..7733ee02ee 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.h
-@@ -15,7 +15,6 @@
- #include <Guid/EventGroup.h>
- 
- #include <Protocol/BlockIo.h>
--#include <Protocol/DiskIo.h>
- #include <Protocol/FirmwareVolumeBlock.h>
- 
- #include <Library/DebugLib.h>
-@@ -111,7 +110,6 @@
- #define NOR_FLASH_SIGNATURE  SIGNATURE_32('n', 'o', 'r', '0')
- #define INSTANCE_FROM_FVB_THIS(a)     CR(a, NOR_FLASH_INSTANCE, FvbProtocol, NOR_FLASH_SIGNATURE)
- #define INSTANCE_FROM_BLKIO_THIS(a)   CR(a, NOR_FLASH_INSTANCE, BlockIoProtocol, NOR_FLASH_SIGNATURE)
--#define INSTANCE_FROM_DISKIO_THIS(a)  CR(a, NOR_FLASH_INSTANCE, DiskIoProtocol, NOR_FLASH_SIGNATURE)
- 
- typedef struct _NOR_FLASH_INSTANCE NOR_FLASH_INSTANCE;
- 
-@@ -134,7 +132,6 @@ struct _NOR_FLASH_INSTANCE {
- 
-   EFI_BLOCK_IO_PROTOCOL                  BlockIoProtocol;
-   EFI_BLOCK_IO_MEDIA                     Media;
--  EFI_DISK_IO_PROTOCOL                   DiskIoProtocol;
- 
-   EFI_FIRMWARE_VOLUME_BLOCK2_PROTOCOL    FvbProtocol;
-   VOID                                   *ShadowBuffer;
-@@ -203,32 +200,6 @@ NorFlashBlockIoFlushBlocks (
-   IN EFI_BLOCK_IO_PROTOCOL  *This
-   );
- 
--//
--// DiskIO Protocol function EFI_DISK_IO_PROTOCOL.ReadDisk
--//
--EFI_STATUS
--EFIAPI
--NorFlashDiskIoReadDisk (
--  IN EFI_DISK_IO_PROTOCOL  *This,
--  IN UINT32                MediaId,
--  IN UINT64                Offset,
--  IN UINTN                 BufferSize,
--  OUT VOID                 *Buffer
--  );
--
--//
--// DiskIO Protocol function EFI_DISK_IO_PROTOCOL.WriteDisk
--//
--EFI_STATUS
--EFIAPI
--NorFlashDiskIoWriteDisk (
--  IN EFI_DISK_IO_PROTOCOL  *This,
--  IN UINT32                MediaId,
--  IN UINT64                Offset,
--  IN UINTN                 BufferSize,
--  IN VOID                  *Buffer
--  );
--
- //
- // NorFlashFvbDxe.c
- //
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashBlockIoDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashBlockIoDxe.c
-deleted file mode 100644
-index ecf152e355..0000000000
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashBlockIoDxe.c
-+++ /dev/null
-@@ -1,123 +0,0 @@
--/** @file  NorFlashBlockIoDxe.c
--
--  Copyright (c) 2011-2013, ARM Ltd. All rights reserved.<BR>
--
--  SPDX-License-Identifier: BSD-2-Clause-Patent
--
--**/
--
--#include <Library/BaseMemoryLib.h>
--#include <Library/UefiBootServicesTableLib.h>
--
--#include "VirtNorFlash.h"
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.Reset
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoReset (
--  IN EFI_BLOCK_IO_PROTOCOL  *This,
--  IN BOOLEAN                ExtendedVerification
--  )
--{
--  NOR_FLASH_INSTANCE  *Instance;
--
--  Instance = INSTANCE_FROM_BLKIO_THIS (This);
--
--  DEBUG ((DEBUG_BLKIO, "NorFlashBlockIoReset(MediaId=0x%x)\n", This->Media->MediaId));
--
--  return NorFlashReset (Instance);
--}
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.ReadBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoReadBlocks (
--  IN  EFI_BLOCK_IO_PROTOCOL  *This,
--  IN  UINT32                 MediaId,
--  IN  EFI_LBA                Lba,
--  IN  UINTN                  BufferSizeInBytes,
--  OUT VOID                   *Buffer
--  )
--{
--  NOR_FLASH_INSTANCE  *Instance;
--  EFI_STATUS          Status;
--  EFI_BLOCK_IO_MEDIA  *Media;
--
--  if (This == NULL) {
--    return EFI_INVALID_PARAMETER;
--  }
--
--  Instance = INSTANCE_FROM_BLKIO_THIS (This);
--  Media    = This->Media;
--
--  DEBUG ((DEBUG_BLKIO, "NorFlashBlockIoReadBlocks(MediaId=0x%x, Lba=%ld, BufferSize=0x%x bytes (%d kB), BufferPtr @ 0x%08x)\n", MediaId, Lba, BufferSizeInBytes, BufferSizeInBytes, Buffer));
--
--  if (!Media) {
--    Status = EFI_INVALID_PARAMETER;
--  } else if (!Media->MediaPresent) {
--    Status = EFI_NO_MEDIA;
--  } else if (Media->MediaId != MediaId) {
--    Status = EFI_MEDIA_CHANGED;
--  } else if ((Media->IoAlign > 2) && (((UINTN)Buffer & (Media->IoAlign - 1)) != 0)) {
--    Status = EFI_INVALID_PARAMETER;
--  } else {
--    Status = NorFlashReadBlocks (Instance, Lba, BufferSizeInBytes, Buffer);
--  }
--
--  return Status;
--}
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.WriteBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoWriteBlocks (
--  IN  EFI_BLOCK_IO_PROTOCOL  *This,
--  IN  UINT32                 MediaId,
--  IN  EFI_LBA                Lba,
--  IN  UINTN                  BufferSizeInBytes,
--  IN  VOID                   *Buffer
--  )
--{
--  NOR_FLASH_INSTANCE  *Instance;
--  EFI_STATUS          Status;
--
--  Instance = INSTANCE_FROM_BLKIO_THIS (This);
--
--  DEBUG ((DEBUG_BLKIO, "NorFlashBlockIoWriteBlocks(MediaId=0x%x, Lba=%ld, BufferSize=0x%x bytes, BufferPtr @ 0x%08x)\n", MediaId, Lba, BufferSizeInBytes, Buffer));
--
--  if ( !This->Media->MediaPresent ) {
--    Status = EFI_NO_MEDIA;
--  } else if ( This->Media->MediaId != MediaId ) {
--    Status = EFI_MEDIA_CHANGED;
--  } else if ( This->Media->ReadOnly ) {
--    Status = EFI_WRITE_PROTECTED;
--  } else {
--    Status = NorFlashWriteBlocks (Instance, Lba, BufferSizeInBytes, Buffer);
--  }
--
--  return Status;
--}
--
--//
--// BlockIO Protocol function EFI_BLOCK_IO_PROTOCOL.FlushBlocks
--//
--EFI_STATUS
--EFIAPI
--NorFlashBlockIoFlushBlocks (
--  IN EFI_BLOCK_IO_PROTOCOL  *This
--  )
--{
--  // No Flush required for the NOR Flash driver
--  // because cache operations are not permitted.
--
--  DEBUG ((DEBUG_BLKIO, "NorFlashBlockIoFlushBlocks: Function NOT IMPLEMENTED (not required).\n"));
--
--  // Nothing to do so just return without error
--  return EFI_SUCCESS;
--}
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-index 819425545e..4875b057d5 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-@@ -58,12 +58,6 @@ NOR_FLASH_INSTANCE  mNorFlashInstanceTemplate = {
-     1,     // LogicalBlocksPerPhysicalBlock
-   }, // Media;
- 
--  {
--    EFI_DISK_IO_PROTOCOL_REVISION, // Revision
--    NorFlashDiskIoReadDisk,        // ReadDisk
--    NorFlashDiskIoWriteDisk        // WriteDisk
--  },
--
-   {
-     FvbGetAttributes,      // GetAttributes
-     FvbSetAttributes,      // SetAttributes
-@@ -159,8 +153,6 @@ NorFlashCreateInstance (
-                     &Instance->DevicePath,
-                     &gEfiBlockIoProtocolGuid,
-                     &Instance->BlockIoProtocol,
--                    &gEfiDiskIoProtocolGuid,
--                    &Instance->DiskIoProtocol,
-                     NULL
-                     );
-     if (EFI_ERROR (Status)) {
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variable2.patch

@@ -1,216 +0,0 @@
-From c4d2144caff4eddb7021752fce6c2dec6d5e1632 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 Jan 2024 12:29:02 +0100
-Subject: [PATCH 10/18] OvmfPkg/VirtNorFlashDxe: sanity-check variables
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [12/20] 2ad3957478b82a4ca29249ceb9620f97c591a1fe
-
-Extend the ValidateFvHeader function, additionally to the header checks
-walk over the list of variables and sanity check them.
-
-In case we find inconsistencies indicating variable store corruption
-return EFI_NOT_FOUND so the variable store will be re-initialized.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-Id: <20240109112902.30002-4-kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-[lersek@redhat.com: fix StartId initialization/assignment coding style]
-(cherry picked from commit 4a443f73fd67ca8caaf0a3e1a01f8231b330d2e0)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf |   1 +
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c   | 149 +++++++++++++++++++-
- 2 files changed, 145 insertions(+), 5 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-index 2a3d4a218e..f549400280 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-@@ -34,6 +34,7 @@
-   DxeServicesTableLib
-   HobLib
-   IoLib
-+  SafeIntLib
-   UefiBootServicesTableLib
-   UefiDriverEntryPoint
-   UefiLib
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-index c503272a2b..acc4a413ee 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-@@ -12,6 +12,7 @@
- #include <Library/BaseMemoryLib.h>
- #include <Library/MemoryAllocationLib.h>
- #include <Library/PcdLib.h>
-+#include <Library/SafeIntLib.h>
- #include <Library/UefiLib.h>
- 
- #include <Guid/NvVarStoreFormatted.h>
-@@ -185,11 +186,12 @@ ValidateFvHeader (
-   IN  NOR_FLASH_INSTANCE  *Instance
-   )
- {
--  UINT16                      Checksum;
--  EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
--  VARIABLE_STORE_HEADER       *VariableStoreHeader;
--  UINTN                       VariableStoreLength;
--  UINTN                       FvLength;
-+  UINT16                            Checksum;
-+  CONST EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
-+  CONST VARIABLE_STORE_HEADER       *VariableStoreHeader;
-+  UINTN                             VarOffset;
-+  UINTN                             VariableStoreLength;
-+  UINTN                             FvLength;
- 
-   FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER *)Instance->RegionBaseAddress;
- 
-@@ -258,6 +260,143 @@ ValidateFvHeader (
-     return EFI_NOT_FOUND;
-   }
- 
-+  //
-+  // check variables
-+  //
-+  DEBUG ((DEBUG_INFO, "%a: checking variables\n", __func__));
-+  VarOffset = sizeof (*VariableStoreHeader);
-+  for ( ; ;) {
-+    UINTN                                VarHeaderEnd;
-+    UINTN                                VarNameEnd;
-+    UINTN                                VarEnd;
-+    UINTN                                VarPadding;
-+    CONST AUTHENTICATED_VARIABLE_HEADER  *VarHeader;
-+    CONST CHAR16                         *VarName;
-+    CONST CHAR8                          *VarState;
-+    RETURN_STATUS                        Status;
-+
-+    Status = SafeUintnAdd (VarOffset, sizeof (*VarHeader), &VarHeaderEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarHeaderEnd >= VariableStoreHeader->Size) {
-+      if (VarOffset <= VariableStoreHeader->Size - sizeof (UINT16)) {
-+        CONST UINT16  *StartId;
-+
-+        StartId = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
-+        if (*StartId == 0x55aa) {
-+          DEBUG ((DEBUG_ERROR, "%a: startid at invalid location\n", __func__));
-+          return EFI_NOT_FOUND;
-+        }
-+      }
-+
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (no space left)\n", __func__));
-+      break;
-+    }
-+
-+    VarHeader = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
-+    if (VarHeader->StartId != 0x55aa) {
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (no startid)\n", __func__));
-+      break;
-+    }
-+
-+    VarName = NULL;
-+    switch (VarHeader->State) {
-+      // usage: State = VAR_HEADER_VALID_ONLY
-+      case VAR_HEADER_VALID_ONLY:
-+        VarState = "header-ok";
-+        VarName  = L"<unknown>";
-+        break;
-+
-+      // usage: State = VAR_ADDED
-+      case VAR_ADDED:
-+        VarState = "ok";
-+        break;
-+
-+      // usage: State &= VAR_IN_DELETED_TRANSITION
-+      case VAR_ADDED &VAR_IN_DELETED_TRANSITION:
-+        VarState = "del-in-transition";
-+        break;
-+
-+      // usage: State &= VAR_DELETED
-+      case VAR_ADDED &VAR_DELETED:
-+      case VAR_ADDED &VAR_DELETED &VAR_IN_DELETED_TRANSITION:
-+        VarState = "deleted";
-+        break;
-+
-+      default:
-+        DEBUG ((
-+          DEBUG_ERROR,
-+          "%a: invalid variable state: 0x%x\n",
-+          __func__,
-+          VarHeader->State
-+          ));
-+        return EFI_NOT_FOUND;
-+    }
-+
-+    Status = SafeUintnAdd (VarHeaderEnd, VarHeader->NameSize, &VarNameEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    Status = SafeUintnAdd (VarNameEnd, VarHeader->DataSize, &VarEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarEnd > VariableStoreHeader->Size) {
-+      DEBUG ((
-+        DEBUG_ERROR,
-+        "%a: invalid variable size: 0x%Lx + 0x%Lx + 0x%x + 0x%x > 0x%x\n",
-+        __func__,
-+        (UINT64)VarOffset,
-+        (UINT64)(sizeof (*VarHeader)),
-+        VarHeader->NameSize,
-+        VarHeader->DataSize,
-+        VariableStoreHeader->Size
-+        ));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (((VarHeader->NameSize & 1) != 0) ||
-+        (VarHeader->NameSize < 4))
-+    {
-+      DEBUG ((DEBUG_ERROR, "%a: invalid name size\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarName == NULL) {
-+      VarName = (VOID *)((UINTN)VariableStoreHeader + VarHeaderEnd);
-+      if (VarName[VarHeader->NameSize / 2 - 1] != L'\0') {
-+        DEBUG ((DEBUG_ERROR, "%a: name is not null terminated\n", __func__));
-+        return EFI_NOT_FOUND;
-+      }
-+    }
-+
-+    DEBUG ((
-+      DEBUG_VERBOSE,
-+      "%a: +0x%04Lx: name=0x%x data=0x%x guid=%g '%s' (%a)\n",
-+      __func__,
-+      (UINT64)VarOffset,
-+      VarHeader->NameSize,
-+      VarHeader->DataSize,
-+      &VarHeader->VendorGuid,
-+      VarName,
-+      VarState
-+      ));
-+
-+    VarPadding = (4 - (VarEnd & 3)) & 3;
-+    Status     = SafeUintnAdd (VarEnd, VarPadding, &VarOffset);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+  }
-+
-   return EFI_SUCCESS;
- }
- 
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-sanity-check-variables.patch

@@ -1,216 +0,0 @@
-From c4eef747624d41aaa09dc64ccafdb84bf1fe656e Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 Jan 2024 12:29:02 +0100
-Subject: [PATCH 2/2] OvmfPkg/VirtNorFlashDxe: sanity-check variables
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 42: OvmfPkg/VirtNorFlashDxe: sanity-check variables
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [2/2] 56ff961f754d517c0e27ccf46a95b228efe7ab4b
-
-Extend the ValidateFvHeader function, additionally to the header checks
-walk over the list of variables and sanity check them.
-
-In case we find inconsistencies indicating variable store corruption
-return EFI_NOT_FOUND so the variable store will be re-initialized.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-Id: <20240109112902.30002-4-kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-[lersek@redhat.com: fix StartId initialization/assignment coding style]
-(cherry picked from commit 4a443f73fd67ca8caaf0a3e1a01f8231b330d2e0)
----
- .../Drivers/NorFlashDxe/NorFlashDxe.inf       |   1 +
- .../Drivers/NorFlashDxe/NorFlashFvb.c         | 149 +++++++++++++++++-
- 2 files changed, 145 insertions(+), 5 deletions(-)
-
-diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-index f8d4c27031..10388880a1 100644
---- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-@@ -35,6 +35,7 @@
-   DebugLib
-   HobLib
-   NorFlashPlatformLib
-+  SafeIntLib
-   UefiLib
-   UefiDriverEntryPoint
-   UefiBootServicesTableLib
-diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-index 904605cbbc..2a166c94a6 100644
---- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-@@ -13,6 +13,7 @@
- #include <Library/UefiLib.h>
- #include <Library/BaseMemoryLib.h>
- #include <Library/MemoryAllocationLib.h>
-+#include <Library/SafeIntLib.h>
- 
- #include <Guid/VariableFormat.h>
- #include <Guid/SystemNvDataGuid.h>
-@@ -166,11 +167,12 @@ ValidateFvHeader (
-   IN  NOR_FLASH_INSTANCE *Instance
-   )
- {
--  UINT16                      Checksum;
--  EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
--  VARIABLE_STORE_HEADER       *VariableStoreHeader;
--  UINTN                       VariableStoreLength;
--  UINTN                       FvLength;
-+  UINT16                            Checksum;
-+  CONST EFI_FIRMWARE_VOLUME_HEADER  *FwVolHeader;
-+  CONST VARIABLE_STORE_HEADER       *VariableStoreHeader;
-+  UINTN                             VarOffset;
-+  UINTN                             VariableStoreLength;
-+  UINTN                             FvLength;
- 
-   FwVolHeader = (EFI_FIRMWARE_VOLUME_HEADER*)Instance->RegionBaseAddress;
- 
-@@ -223,6 +225,143 @@ ValidateFvHeader (
-     return EFI_NOT_FOUND;
-   }
- 
-+  //
-+  // check variables
-+  //
-+  DEBUG ((DEBUG_INFO, "%a: checking variables\n", __func__));
-+  VarOffset = sizeof (*VariableStoreHeader);
-+  for ( ; ;) {
-+    UINTN                                VarHeaderEnd;
-+    UINTN                                VarNameEnd;
-+    UINTN                                VarEnd;
-+    UINTN                                VarPadding;
-+    CONST AUTHENTICATED_VARIABLE_HEADER  *VarHeader;
-+    CONST CHAR16                         *VarName;
-+    CONST CHAR8                          *VarState;
-+    RETURN_STATUS                        Status;
-+
-+    Status = SafeUintnAdd (VarOffset, sizeof (*VarHeader), &VarHeaderEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarHeaderEnd >= VariableStoreHeader->Size) {
-+      if (VarOffset <= VariableStoreHeader->Size - sizeof (UINT16)) {
-+        CONST UINT16  *StartId;
-+
-+        StartId = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
-+        if (*StartId == 0x55aa) {
-+          DEBUG ((DEBUG_ERROR, "%a: startid at invalid location\n", __func__));
-+          return EFI_NOT_FOUND;
-+        }
-+      }
-+
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (no space left)\n", __func__));
-+      break;
-+    }
-+
-+    VarHeader = (VOID *)((UINTN)VariableStoreHeader + VarOffset);
-+    if (VarHeader->StartId != 0x55aa) {
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (no startid)\n", __func__));
-+      break;
-+    }
-+
-+    VarName = NULL;
-+    switch (VarHeader->State) {
-+      // usage: State = VAR_HEADER_VALID_ONLY
-+      case VAR_HEADER_VALID_ONLY:
-+        VarState = "header-ok";
-+        VarName  = L"<unknown>";
-+        break;
-+
-+      // usage: State = VAR_ADDED
-+      case VAR_ADDED:
-+        VarState = "ok";
-+        break;
-+
-+      // usage: State &= VAR_IN_DELETED_TRANSITION
-+      case VAR_ADDED &VAR_IN_DELETED_TRANSITION:
-+        VarState = "del-in-transition";
-+        break;
-+
-+      // usage: State &= VAR_DELETED
-+      case VAR_ADDED &VAR_DELETED:
-+      case VAR_ADDED &VAR_DELETED &VAR_IN_DELETED_TRANSITION:
-+        VarState = "deleted";
-+        break;
-+
-+      default:
-+        DEBUG ((
-+          DEBUG_ERROR,
-+          "%a: invalid variable state: 0x%x\n",
-+          __func__,
-+          VarHeader->State
-+          ));
-+        return EFI_NOT_FOUND;
-+    }
-+
-+    Status = SafeUintnAdd (VarHeaderEnd, VarHeader->NameSize, &VarNameEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    Status = SafeUintnAdd (VarNameEnd, VarHeader->DataSize, &VarEnd);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarEnd > VariableStoreHeader->Size) {
-+      DEBUG ((
-+        DEBUG_ERROR,
-+        "%a: invalid variable size: 0x%Lx + 0x%Lx + 0x%x + 0x%x > 0x%x\n",
-+        __func__,
-+        (UINT64)VarOffset,
-+        (UINT64)(sizeof (*VarHeader)),
-+        VarHeader->NameSize,
-+        VarHeader->DataSize,
-+        VariableStoreHeader->Size
-+        ));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (((VarHeader->NameSize & 1) != 0) ||
-+        (VarHeader->NameSize < 4))
-+    {
-+      DEBUG ((DEBUG_ERROR, "%a: invalid name size\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+
-+    if (VarName == NULL) {
-+      VarName = (VOID *)((UINTN)VariableStoreHeader + VarHeaderEnd);
-+      if (VarName[VarHeader->NameSize / 2 - 1] != L'\0') {
-+        DEBUG ((DEBUG_ERROR, "%a: name is not null terminated\n", __func__));
-+        return EFI_NOT_FOUND;
-+      }
-+    }
-+
-+    DEBUG ((
-+      DEBUG_VERBOSE,
-+      "%a: +0x%04Lx: name=0x%x data=0x%x guid=%g '%s' (%a)\n",
-+      __func__,
-+      (UINT64)VarOffset,
-+      VarHeader->NameSize,
-+      VarHeader->DataSize,
-+      &VarHeader->VendorGuid,
-+      VarName,
-+      VarState
-+      ));
-+
-+    VarPadding = (4 - (VarEnd & 3)) & 3;
-+    Status     = SafeUintnAdd (VarEnd, VarPadding, &VarOffset);
-+    if (RETURN_ERROR (Status)) {
-+      DEBUG ((DEBUG_ERROR, "%a: integer overflow\n", __func__));
-+      return EFI_NOT_FOUND;
-+    }
-+  }
-+
-   return EFI_SUCCESS;
- }
- 
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariable2.patch

@@ -1,49 +0,0 @@
-From 1444157aad1b98ce9c1193ef109011b084113890 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 Jan 2024 12:29:01 +0100
-Subject: [PATCH 09/18] OvmfPkg/VirtNorFlashDxe: stop accepting
- gEfiVariableGuid
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [11/20] c7b9cd1b716e1b8163b8094fbea8117241901815
-
-Only accept gEfiAuthenticatedVariableGuid when checking the variable
-store header in ValidateFvHeader().
-
-The edk2 code base has been switched to use the authenticated varstore
-format unconditionally (even in case secure boot is not used or
-supported) a few years ago.
-
-Suggested-by: László Érsek <lersek@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240109112902.30002-3-kraxel@redhat.com>
-(cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-index cc5eefaaf3..c503272a2b 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-@@ -239,9 +239,7 @@ ValidateFvHeader (
-   VariableStoreHeader = (VARIABLE_STORE_HEADER *)((UINTN)FwVolHeader + FwVolHeader->HeaderLength);
- 
-   // Check the Variable Store Guid
--  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) &&
--      !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid))
--  {
-+  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) {
-     DEBUG ((
-       DEBUG_INFO,
-       "%a: Variable Store Guid non-compatible\n",
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-stop-accepting-gEfiVariableG.patch

@@ -1,47 +0,0 @@
-From abe5b633eaae333190fb742af3fa15968f02a92e Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 9 Jan 2024 12:29:01 +0100
-Subject: [PATCH 1/2] OvmfPkg/VirtNorFlashDxe: stop accepting gEfiVariableGuid
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 42: OvmfPkg/VirtNorFlashDxe: sanity-check variables
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [1/2] 790f895bd180bc2c4b957a7a3c7d07e9107dd74b
-
-Only accept gEfiAuthenticatedVariableGuid when checking the variable
-store header in ValidateFvHeader().
-
-The edk2 code base has been switched to use the authenticated varstore
-format unconditionally (even in case secure boot is not used or
-supported) a few years ago.
-
-Suggested-by: László Érsek <lersek@redhat.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240109112902.30002-3-kraxel@redhat.com>
-(cherry picked from commit ae22b2f136bcbd27135a5f4dd76d3a68a172d00e)
----
- ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-index db8eb595f4..904605cbbc 100644
---- a/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-+++ b/ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashFvb.c
-@@ -210,8 +210,7 @@ ValidateFvHeader (
-   VariableStoreHeader = (VARIABLE_STORE_HEADER*)((UINTN)FwVolHeader + FwVolHeader->HeaderLength);
- 
-   // Check the Variable Store Guid
--  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiVariableGuid) &&
--      !CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) {
-+  if (!CompareGuid (&VariableStoreHeader->Signature, &gEfiAuthenticatedVariableGuid)) {
-     DEBUG ((EFI_D_INFO, "%a: Variable Store Guid non-compatible\n",
-       __FUNCTION__));
-     return EFI_NOT_FOUND;
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-use-EFI_MEMORY_WC-and-drop-A.patch

@@ -1,150 +0,0 @@
-From e65da48afdabc9a5cba1c212b4323898b91ef2a4 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 18:16:18 +0200
-Subject: [PATCH 07/18] OvmfPkg/VirtNorFlashDxe: use EFI_MEMORY_WC and drop
- AlignedCopyMem()
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [9/20] 0c01619eff8282d08e05fae8c37175b944449f59
-
-NOR flash emulation under KVM involves switching between two modes,
-where array mode is backed by a read-only memslot, and programming mode
-is fully emulated, i.e., the memory region is not backed by anything,
-and the faulting accesses are forwarded to the VMM by the hypervisor,
-which translates them into NOR flash programming commands.
-
-Normally, we are limited to the use of device attributes when mapping
-such regions, given that the programming mode has MMIO semantics.
-However, when running under KVM, the chosen memory attributes only take
-effect when in array mode, since no memory mapping exists otherwise.
-
-This means we can tune the memory mapping so it behaves a bit more like
-a ROM, by switching to EFI_MEMORY_WC attributes. This means we no longer
-need a special CopyMem() implementation that avoids unaligned accesses
-at all cost.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 789a723285533f35652ebd6029976e2ddc955655)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c    | 65 +----------------------
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c |  4 +-
- 2 files changed, 4 insertions(+), 65 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 0343131a54..1afd60ce66 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -401,67 +401,6 @@ NorFlashWriteBlocks (
-   return Status;
- }
- 
--#define BOTH_ALIGNED(a, b, align)  ((((UINTN)(a) | (UINTN)(b)) & ((align) - 1)) == 0)
--
--/**
--  Copy Length bytes from Source to Destination, using aligned accesses only.
--  Note that this implementation uses memcpy() semantics rather then memmove()
--  semantics, i.e., SourceBuffer and DestinationBuffer should not overlap.
--
--  @param  DestinationBuffer The target of the copy request.
--  @param  SourceBuffer      The place to copy from.
--  @param  Length            The number of bytes to copy.
--
--  @return Destination
--
--**/
--STATIC
--VOID *
--AlignedCopyMem (
--  OUT     VOID        *DestinationBuffer,
--  IN      CONST VOID  *SourceBuffer,
--  IN      UINTN       Length
--  )
--{
--  UINT8         *Destination8;
--  CONST UINT8   *Source8;
--  UINT32        *Destination32;
--  CONST UINT32  *Source32;
--  UINT64        *Destination64;
--  CONST UINT64  *Source64;
--
--  if (BOTH_ALIGNED (DestinationBuffer, SourceBuffer, 8) && (Length >= 8)) {
--    Destination64 = DestinationBuffer;
--    Source64      = SourceBuffer;
--    while (Length >= 8) {
--      *Destination64++ = *Source64++;
--      Length          -= 8;
--    }
--
--    Destination8 = (UINT8 *)Destination64;
--    Source8      = (CONST UINT8 *)Source64;
--  } else if (BOTH_ALIGNED (DestinationBuffer, SourceBuffer, 4) && (Length >= 4)) {
--    Destination32 = DestinationBuffer;
--    Source32      = SourceBuffer;
--    while (Length >= 4) {
--      *Destination32++ = *Source32++;
--      Length          -= 4;
--    }
--
--    Destination8 = (UINT8 *)Destination32;
--    Source8      = (CONST UINT8 *)Source32;
--  } else {
--    Destination8 = DestinationBuffer;
--    Source8      = SourceBuffer;
--  }
--
--  while (Length-- != 0) {
--    *Destination8++ = *Source8++;
--  }
--
--  return DestinationBuffer;
--}
--
- EFI_STATUS
- NorFlashReadBlocks (
-   IN NOR_FLASH_INSTANCE  *Instance,
-@@ -516,7 +455,7 @@ NorFlashReadBlocks (
-   SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
- 
-   // Readout the data
--  AlignedCopyMem (Buffer, (VOID *)StartAddress, BufferSizeInBytes);
-+  CopyMem (Buffer, (VOID *)StartAddress, BufferSizeInBytes);
- 
-   return EFI_SUCCESS;
- }
-@@ -558,7 +497,7 @@ NorFlashRead (
-   SEND_NOR_COMMAND (Instance->DeviceBaseAddress, 0, P30_CMD_READ_ARRAY);
- 
-   // Readout the data
--  AlignedCopyMem (Buffer, (VOID *)(StartAddress + Offset), BufferSizeInBytes);
-+  CopyMem (Buffer, (VOID *)(StartAddress + Offset), BufferSizeInBytes);
- 
-   return EFI_SUCCESS;
- }
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-index f9a41f6aab..ff3121af2a 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.c
-@@ -394,14 +394,14 @@ NorFlashFvbInitialize (
-                   EfiGcdMemoryTypeMemoryMappedIo,
-                   Instance->DeviceBaseAddress,
-                   RuntimeMmioRegionSize,
--                  EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+                  EFI_MEMORY_WC | EFI_MEMORY_RUNTIME
-                   );
-   ASSERT_EFI_ERROR (Status);
- 
-   Status = gDS->SetMemorySpaceAttributes (
-                   Instance->DeviceBaseAddress,
-                   RuntimeMmioRegionSize,
--                  EFI_MEMORY_UC | EFI_MEMORY_RUNTIME
-+                  EFI_MEMORY_WC | EFI_MEMORY_RUNTIME
-                   );
-   ASSERT_EFI_ERROR (Status);
- 
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-clone-NorFlashPlatformLib-into-VirtNorFlashP.patch

@@ -1,80 +0,0 @@
-From 59fb955aa77b75345f7828bf9f83764adf4bed46 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 18:35:10 +0200
-Subject: [PATCH 18/18] OvmfPkg: clone NorFlashPlatformLib into
- VirtNorFlashPlatformLib
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [20/20] 50ea104b99a997d7d08c1fdef617df1d930ffae6
-
-Create a new library class in Ovmf that duplicates the existing
-NorFlashPlatformLib, but which will be tied to the VirtNorFlashDxe
-driver that will be introduced in a subsequent patch. This allows us to
-retire the original from ArmPlatformPkg.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit 16bf588b604a9f190accb71ada715b81756c94e2)
----
- .../Include/Library/VirtNorFlashPlatformLib.h | 30 +++++++++++++++++++
- OvmfPkg/OvmfPkg.dec                           |  4 +++
- 2 files changed, 34 insertions(+)
- create mode 100644 OvmfPkg/Include/Library/VirtNorFlashPlatformLib.h
-
-diff --git a/OvmfPkg/Include/Library/VirtNorFlashPlatformLib.h b/OvmfPkg/Include/Library/VirtNorFlashPlatformLib.h
-new file mode 100644
-index 0000000000..8f5b5e972d
---- /dev/null
-+++ b/OvmfPkg/Include/Library/VirtNorFlashPlatformLib.h
-@@ -0,0 +1,30 @@
-+/** @file
-+
-+ Copyright (c) 2011-2012, ARM Ltd. All rights reserved.<BR>
-+
-+ SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+ **/
-+
-+#ifndef __VIRT_NOR_FLASH_PLATFORM_LIB__
-+#define __VIRT_NOR_FLASH_PLATFORM_LIB__
-+
-+typedef struct {
-+  UINTN    DeviceBaseAddress;       // Start address of the Device Base Address (DBA)
-+  UINTN    RegionBaseAddress;       // Start address of one single region
-+  UINTN    Size;
-+  UINTN    BlockSize;
-+} VIRT_NOR_FLASH_DESCRIPTION;
-+
-+EFI_STATUS
-+VirtNorFlashPlatformInitialization (
-+  VOID
-+  );
-+
-+EFI_STATUS
-+VirtNorFlashPlatformGetDevices (
-+  OUT VIRT_NOR_FLASH_DESCRIPTION  **NorFlashDescriptions,
-+  OUT UINT32                      *Count
-+  );
-+
-+#endif /* __VIRT_NOR_FLASH_PLATFORM_LIB__ */
-diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
-index 340d83f794..e65ebd81c8 100644
---- a/OvmfPkg/OvmfPkg.dec
-+++ b/OvmfPkg/OvmfPkg.dec
-@@ -97,6 +97,10 @@
-   #                  transports.
-   VirtioMmioDeviceLib|Include/Library/VirtioMmioDeviceLib.h
- 
-+  ##  @libraryclass  Provides a Nor flash interface.
-+  #
-+  VirtNorFlashPlatformLib|Include/Library/VirtNorFlashPlatformLib.h
-+
-   ##  @libraryclass  Invoke Xen hypercalls
-   #
-   XenHypercallLib|Include/Library/XenHypercallLib.h
--- 
-2.41.0
-

SOURCES/edk2-SecurityPkg-Adding-CVE-2022-36763-to-SecurityFixes.y.patch

@@ -1,68 +0,0 @@
-From 2794a967f43f2bbdfcd2cb5197ac8cad4b13c3de Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 17 Jan 2024 12:20:52 -0500
-Subject: [PATCH 08/17] SecurityPkg: Adding CVE 2022-36763 to
- SecurityFixes.yaml
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
-RH-Jira: RHEL-21154 RHEL-21156
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [8/13] 74117caf760e403566f6511332b2c0f41483f28c (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21154
-Upstream: Merged
-CVE: CVE-2022-36763
-
-commit 1ddcb9fc6b4164e882687b031e8beacfcf7df29e
-Author: Douglas Flick [MSFT] <doug.edk2@gmail.com>
-Date:   Fri Jan 12 02:16:03 2024 +0800
-
-    SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml
-
-    This creates / adds a security file that tracks the security fixes
-    found in this package and can be used to find the fixes that were
-    applied.
-
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- SecurityPkg/SecurityFixes.yaml | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
- create mode 100644 SecurityPkg/SecurityFixes.yaml
-
-diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
-new file mode 100644
-index 0000000000..f9e3e7be74
---- /dev/null
-+++ b/SecurityPkg/SecurityFixes.yaml
-@@ -0,0 +1,22 @@
-+## @file
-+# Security Fixes for SecurityPkg
-+#
-+# Copyright (c) Microsoft Corporation
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+CVE_2022_36763:
-+  commit_titles:
-+    - "SecurityPkg: DxeTpm2Measurement: SECURITY PATCH 4117 - CVE 2022-36763"
-+    - "SecurityPkg: DxeTpmMeasurement: SECURITY PATCH 4117 - CVE 2022-36763"
-+    - "SecurityPkg: : Adding CVE 2022-36763 to SecurityFixes.yaml"
-+  cve: CVE-2022-36763
-+  date_reported: 2022-10-25 11:31 UTC
-+  description: (CVE-2022-36763) - Heap Buffer Overflow in Tcg2MeasureGptTable()
-+  note: This patch is related to and supersedes TCBZ2168
-+  files_impacted:
-+  - Library\DxeTpm2MeasureBootLib\DxeTpm2MeasureBootLib.c
-+  - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
-+  links:
-+  - https://bugzilla.tianocore.org/show_bug.cgi?id=4117
-+  - https://bugzilla.tianocore.org/show_bug.cgi?id=2168
-+  - https://bugzilla.tianocore.org/show_bug.cgi?id=1990
--- 
-2.41.0
-

SOURCES/edk2-SecurityPkg-Change-OPTIONAL-keyword-usage-style.patch

@@ -1,403 +0,0 @@
-From e2ccaef3baa2eb045019558c325bb94cabf65e1a Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 7 Feb 2024 11:56:37 -0500
-Subject: [PATCH 02/17] SecurityPkg: Change OPTIONAL keyword usage style
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
-RH-Jira: RHEL-21154 RHEL-21156
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [2/13] 6a2141d871e3efc3aeea1994ab9c325614ddce57 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21154
-CVE: CVE-2022-36763
-Upstream: Merged
-
-commit 948f4003ee399241a40dc147a738f05ad2e37375
-Author: Michael D Kinney <michael.d.kinney@intel.com>
-Date:   Thu Dec 2 18:00:56 2021 -0800
-
-    SecurityPkg: Change OPTIONAL keyword usage style
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760
-
-    Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params.
-
-    Cc: Andrew Fish <afish@apple.com>
-    Cc: Leif Lindholm <leif@nuviainc.com>
-    Cc: Michael Kubacki <michael.kubacki@microsoft.com>
-    Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
-    Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- SecurityPkg/Include/Library/Tcg2PpVendorLib.h      |  2 +-
- SecurityPkg/Include/Library/Tpm2CommandLib.h       | 14 +++++++-------
- SecurityPkg/Library/AuthVariableLib/AuthService.c  |  6 +++---
- .../DxeImageAuthenticationStatusLib.c              |  2 +-
- .../DxeImageVerificationLib.c                      |  2 +-
- .../DxeRsa2048Sha256GuidedSectionExtractLib.c      |  2 +-
- .../DxeTcg2PhysicalPresenceLib.c                   |  4 ++--
- .../DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c  |  2 +-
- .../DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c    |  2 +-
- .../PeiRsa2048Sha256GuidedSectionExtractLib.c      |  2 +-
- .../Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c      |  2 +-
- .../Tpm2CommandLib/Tpm2EnhancedAuthorization.c     |  2 +-
- SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c      |  2 +-
- SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c |  2 +-
- SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c |  2 +-
- SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c |  6 +++---
- .../RandomNumberGenerator/RngDxe/AArch64/RngDxe.c  |  2 +-
- .../RandomNumberGenerator/RngDxe/Rand/RngDxe.c     |  2 +-
- .../RandomNumberGenerator/RngDxe/RngDxeInternals.h |  2 +-
- SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c       |  2 +-
- 20 files changed, 31 insertions(+), 31 deletions(-)
-
-diff --git a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h
-index 569eba6874..914517f034 100644
---- a/SecurityPkg/Include/Library/Tcg2PpVendorLib.h
-+++ b/SecurityPkg/Include/Library/Tcg2PpVendorLib.h
-@@ -40,7 +40,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
- UINT32
- EFIAPI
- Tcg2PpVendorLibExecutePendingRequest (
--  IN TPM2B_AUTH             *PlatformAuth,  OPTIONAL
-+  IN TPM2B_AUTH             *PlatformAuth   OPTIONAL,
-   IN UINT32                 OperationRequest,
-   IN OUT UINT32             *ManagementFlags,
-   OUT BOOLEAN               *ResetRequired
-diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
-index ee8eb62295..ad3b982d48 100644
---- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
-+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
-@@ -186,7 +186,7 @@ EFI_STATUS
- EFIAPI
- Tpm2ClearControl (
-   IN TPMI_RH_CLEAR             AuthHandle,
--  IN TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN TPMI_YES_NO               Disable
-   );
- 
-@@ -340,7 +340,7 @@ EFI_STATUS
- EFIAPI
- Tpm2NvDefineSpace (
-   IN      TPMI_RH_PROVISION         AuthHandle,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_AUTH                *Auth,
-   IN      TPM2B_NV_PUBLIC           *NvPublic
-   );
-@@ -383,7 +383,7 @@ EFIAPI
- Tpm2NvRead (
-   IN      TPMI_RH_NV_AUTH           AuthHandle,
-   IN      TPMI_RH_NV_INDEX          NvIndex,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      UINT16                    Size,
-   IN      UINT16                    Offset,
-   IN OUT  TPM2B_MAX_BUFFER          *OutData
-@@ -407,7 +407,7 @@ EFIAPI
- Tpm2NvWrite (
-   IN      TPMI_RH_NV_AUTH           AuthHandle,
-   IN      TPMI_RH_NV_INDEX          NvIndex,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_MAX_BUFFER          *InData,
-   IN      UINT16                    Offset
-   );
-@@ -566,7 +566,7 @@ Tpm2PcrAllocate (
- EFI_STATUS
- EFIAPI
- Tpm2PcrAllocateBanks (
--  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
-+  IN TPM2B_AUTH                *PlatformAuth   OPTIONAL,
-   IN UINT32                    SupportedPCRBanks,
-   IN UINT32                    PCRBanks
-   );
-@@ -908,7 +908,7 @@ EFIAPI
- Tpm2PolicySecret (
-   IN      TPMI_DH_ENTITY            AuthHandle,
-   IN      TPMI_SH_POLICY            PolicySession,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_NONCE               *NonceTPM,
-   IN      TPM2B_DIGEST              *CpHashA,
-   IN      TPM2B_NONCE               *PolicyRef,
-@@ -1004,7 +1004,7 @@ Tpm2ReadPublic (
- UINT32
- EFIAPI
- CopyAuthSessionCommand (
--  IN      TPMS_AUTH_COMMAND         *AuthSessionIn, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSessionIn  OPTIONAL,
-   OUT     UINT8                     *AuthSessionOut
-   );
- 
-diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
-index aa9ebaf3be..3059e5d256 100644
---- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
-+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
-@@ -1183,9 +1183,9 @@ FindCertsFromDb (
-   IN     EFI_GUID         *VendorGuid,
-   IN     UINT8            *Data,
-   IN     UINTN            DataSize,
--  OUT    UINT32           *CertOffset,    OPTIONAL
--  OUT    UINT32           *CertDataSize,  OPTIONAL
--  OUT    UINT32           *CertNodeOffset,OPTIONAL
-+  OUT    UINT32           *CertOffset     OPTIONAL,
-+  OUT    UINT32           *CertDataSize   OPTIONAL,
-+  OUT    UINT32           *CertNodeOffset OPTIONAL,
-   OUT    UINT32           *CertNodeSize   OPTIONAL
-   )
- {
-diff --git a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
-index ec77151c9c..9acff2ae7d 100644
---- a/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
-+++ b/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c
-@@ -32,7 +32,7 @@ EFI_STATUS
- EFIAPI
- DxeImageAuthenticationStatusHandler (
-   IN  UINT32                           AuthenticationStatus,
--  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
-+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File  OPTIONAL,
-   IN  VOID                             *FileBuffer,
-   IN  UINTN                            FileSize,
-   IN  BOOLEAN                          BootPolicy
-diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-index 1252927664..0a12692454 100644
---- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-@@ -1636,7 +1636,7 @@ EFI_STATUS
- EFIAPI
- DxeImageVerificationHandler (
-   IN  UINT32                           AuthenticationStatus,
--  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
-+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File  OPTIONAL,
-   IN  VOID                             *FileBuffer,
-   IN  UINTN                            FileSize,
-   IN  BOOLEAN                          BootPolicy
-diff --git a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
-index 28807d4d98..5124b884c9 100644
---- a/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
-+++ b/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c
-@@ -123,7 +123,7 @@ EFIAPI
- Rsa2048Sha256GuidedSectionHandler (
-   IN CONST  VOID    *InputSection,
-   OUT       VOID    **OutputBuffer,
--  IN        VOID    *ScratchBuffer,        OPTIONAL
-+  IN        VOID    *ScratchBuffer         OPTIONAL,
-   OUT       UINT32  *AuthenticationStatus
-   )
- {
-diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
-index fce5c0af50..d92658f80d 100644
---- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
-+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
-@@ -147,7 +147,7 @@ Tpm2CommandChangeEps (
- **/
- UINT32
- Tcg2ExecutePhysicalPresence (
--  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
-+  IN      TPM2B_AUTH                       *PlatformAuth   OPTIONAL,
-   IN      UINT32                           CommandCode,
-   IN      UINT32                           CommandParameter,
-   IN OUT  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags
-@@ -720,7 +720,7 @@ Tcg2HaveValidTpmRequest  (
- **/
- VOID
- Tcg2ExecutePendingTpmRequest (
--  IN      TPM2B_AUTH                       *PlatformAuth,  OPTIONAL
-+  IN      TPM2B_AUTH                       *PlatformAuth   OPTIONAL,
-   IN OUT  EFI_TCG2_PHYSICAL_PRESENCE       *TcgPpData,
-   IN OUT  EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags
-   )
-diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-index a531385f81..95682ac567 100644
---- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-@@ -416,7 +416,7 @@ EFI_STATUS
- EFIAPI
- DxeTpm2MeasureBootHandler (
-   IN  UINT32                           AuthenticationStatus,
--  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
-+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File  OPTIONAL,
-   IN  VOID                             *FileBuffer,
-   IN  UINTN                            FileSize,
-   IN  BOOLEAN                          BootPolicy
-diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
-index 4e74cd9db6..27c0ea48ca 100644
---- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
-+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
-@@ -710,7 +710,7 @@ EFI_STATUS
- EFIAPI
- DxeTpmMeasureBootHandler (
-   IN  UINT32                           AuthenticationStatus,
--  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File, OPTIONAL
-+  IN  CONST EFI_DEVICE_PATH_PROTOCOL   *File  OPTIONAL,
-   IN  VOID                             *FileBuffer,
-   IN  UINTN                            FileSize,
-   IN  BOOLEAN                          BootPolicy
-diff --git a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
-index a759183d20..96638e26aa 100644
---- a/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
-+++ b/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c
-@@ -121,7 +121,7 @@ EFIAPI
- Rsa2048Sha256GuidedSectionHandler (
-   IN CONST  VOID    *InputSection,
-   OUT       VOID    **OutputBuffer,
--  IN        VOID    *ScratchBuffer,        OPTIONAL
-+  IN        VOID    *ScratchBuffer         OPTIONAL,
-   OUT       UINT32  *AuthenticationStatus
-   )
- {
-diff --git a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c
-index 895d05a28d..aa3dcb6beb 100644
---- a/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c
-+++ b/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c
-@@ -30,7 +30,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
- UINT32
- EFIAPI
- Tcg2PpVendorLibExecutePendingRequest (
--  IN TPM2B_AUTH             *PlatformAuth,  OPTIONAL
-+  IN TPM2B_AUTH             *PlatformAuth   OPTIONAL,
-   IN UINT32                 OperationRequest,
-   IN OUT UINT32             *ManagementFlags,
-   OUT BOOLEAN               *ResetRequired
-diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
-index 0404c0f321..53983d745b 100644
---- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
-+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c
-@@ -90,7 +90,7 @@ EFIAPI
- Tpm2PolicySecret (
-   IN      TPMI_DH_ENTITY            AuthHandle,
-   IN      TPMI_SH_POLICY            PolicySession,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_NONCE               *NonceTPM,
-   IN      TPM2B_DIGEST              *CpHashA,
-   IN      TPM2B_NONCE               *PolicyRef,
-diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
-index 13eeb6ec18..44115cded3 100644
---- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
-+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
-@@ -84,7 +84,7 @@ GetHashMaskFromAlgo (
- UINT32
- EFIAPI
- CopyAuthSessionCommand (
--  IN      TPMS_AUTH_COMMAND         *AuthSessionIn, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSessionIn  OPTIONAL,
-   OUT     UINT8                     *AuthSessionOut
-   )
- {
-diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
-index 043d358a06..957d694431 100644
---- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
-+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c
-@@ -305,7 +305,7 @@ EFI_STATUS
- EFIAPI
- Tpm2ClearControl (
-   IN TPMI_RH_CLEAR             AuthHandle,
--  IN TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN TPMI_YES_NO               Disable
-   )
- {
-diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
-index 8c87de0b0c..d232fe725d 100644
---- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
-+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
-@@ -566,7 +566,7 @@ Done:
- EFI_STATUS
- EFIAPI
- Tpm2PcrAllocateBanks (
--  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
-+  IN TPM2B_AUTH                *PlatformAuth   OPTIONAL,
-   IN UINT32                    SupportedPCRBanks,
-   IN UINT32                    PCRBanks
-   )
-diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
-index fb46af0fed..d9171fb9a0 100644
---- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
-+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
-@@ -281,7 +281,7 @@ EFI_STATUS
- EFIAPI
- Tpm2NvDefineSpace (
-   IN      TPMI_RH_PROVISION         AuthHandle,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_AUTH                *Auth,
-   IN      TPM2B_NV_PUBLIC           *NvPublic
-   )
-@@ -525,7 +525,7 @@ EFIAPI
- Tpm2NvRead (
-   IN      TPMI_RH_NV_AUTH           AuthHandle,
-   IN      TPMI_RH_NV_INDEX          NvIndex,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      UINT16                    Size,
-   IN      UINT16                    Offset,
-   IN OUT  TPM2B_MAX_BUFFER          *OutData
-@@ -670,7 +670,7 @@ EFIAPI
- Tpm2NvWrite (
-   IN      TPMI_RH_NV_AUTH           AuthHandle,
-   IN      TPMI_RH_NV_INDEX          NvIndex,
--  IN      TPMS_AUTH_COMMAND         *AuthSession, OPTIONAL
-+  IN      TPMS_AUTH_COMMAND         *AuthSession  OPTIONAL,
-   IN      TPM2B_MAX_BUFFER          *InData,
-   IN      UINT16                    Offset
-   )
-diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
-index 282fdca9d3..1cdc842966 100644
---- a/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
-+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c
-@@ -53,7 +53,7 @@ EFI_STATUS
- EFIAPI
- RngGetRNG (
-   IN EFI_RNG_PROTOCOL            *This,
--  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm  OPTIONAL,
-   IN UINTN                       RNGValueLength,
-   OUT UINT8                      *RNGValue
-   )
-diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-index d0e6b7de06..834123b945 100644
---- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-@@ -49,7 +49,7 @@ EFI_STATUS
- EFIAPI
- RngGetRNG (
-   IN EFI_RNG_PROTOCOL            *This,
--  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm  OPTIONAL,
-   IN UINTN                       RNGValueLength,
-   OUT UINT8                      *RNGValue
-   )
-diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
-index 2660ed5875..25cccbe92c 100644
---- a/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
-+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h
-@@ -67,7 +67,7 @@ EFI_STATUS
- EFIAPI
- RngGetRNG (
-   IN EFI_RNG_PROTOCOL            *This,
--  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm  OPTIONAL,
-   IN UINTN                       RNGValueLength,
-   OUT UINT8                      *RNGValue
-   );
-diff --git a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
-index 68cd62307c..09cb4b0ee9 100644
---- a/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
-+++ b/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
-@@ -56,7 +56,7 @@ HII_VENDOR_DEVICE_PATH          mTcgHiiVendorDevicePath = {
- EFI_STATUS
- GetTpmState (
-   IN  EFI_TCG_PROTOCOL          *TcgProtocol,
--  OUT BOOLEAN                   *TpmEnable,  OPTIONAL
-+  OUT BOOLEAN                   *TpmEnable   OPTIONAL,
-   OUT BOOLEAN                   *TpmActivate OPTIONAL
-   )
- {
--- 
-2.41.0
-

SOURCES/edk2-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch

@@ -1,109 +0,0 @@
-From bb0f29580825e60a5dc5c67e260dd20258eb71b0 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 29 Mar 2023 11:52:52 -0400
-Subject: [PATCH] SecurityPkg/DxeImageVerificationLib: Check result of
- GetEfiGlobalVariable2
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 22: SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2
-RH-Bugzilla: 1861743
-RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-RH-Commit: [1/1] 70e1ae5e2c7c148fc23160acdd360c044df5f4ff
-
-Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1861743
-Upstream: Merged
-CVE: CVE-2019-14560
-
-commit 494127613b36e870250649b02cd4ce5f1969d9bd
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri Mar 3 18:35:53 2023 +0800
-
-    SecurityPkg/DxeImageVerificationLib: Check result of GetEfiGlobalVariable2
-
-    Call gRT->GetVariable() directly to read the SecureBoot variable.  It is
-    one byte in size so we can easily place it on the stack instead of
-    having GetEfiGlobalVariable2() allocate it for us, which avoids a few
-    possible error cases.
-
-    Skip secure boot checks if (and only if):
-
-     (a) the SecureBoot variable is not present (EFI_NOT_FOUND) according to
-         the return value, or
-     (b) the SecureBoot variable was read successfully and is set to
-         SECURE_BOOT_MODE_DISABLE.
-
-    Previously the code skipped the secure boot checks on *any*
-    gRT->GetVariable() error (GetEfiGlobalVariable2 sets the variable
-    value to NULL in that case) and also on memory allocation failures.
-
-    Fixes: CVE-2019-14560
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-    Suggested-by: Marvin Häuser <mhaeuser@posteo.de>
-    Reviewed-by: Min Xu <min.m.xu@intel.com>
-    Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../DxeImageVerificationLib.c                  | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-index c48861cd64..1252927664 100644
---- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
-@@ -1650,7 +1650,8 @@ DxeImageVerificationHandler (
-   EFI_IMAGE_EXECUTION_ACTION           Action;
-   WIN_CERTIFICATE                      *WinCertificate;
-   UINT32                               Policy;
--  UINT8                                *SecureBoot;
-+  UINT8                                SecureBoot;
-+  UINTN                                SecureBootSize;
-   PE_COFF_LOADER_IMAGE_CONTEXT         ImageContext;
-   UINT32                               NumberOfRvaAndSizes;
-   WIN_CERTIFICATE_EFI_PKCS             *PkcsCertData;
-@@ -1665,6 +1666,8 @@ DxeImageVerificationHandler (
-   RETURN_STATUS                        PeCoffStatus;
-   EFI_STATUS                           HashStatus;
-   EFI_STATUS                           DbStatus;
-+  EFI_STATUS                           VarStatus;
-+  UINT32                               VarAttr;
-   BOOLEAN                              IsFound;
- 
-   SignatureList     = NULL;
-@@ -1720,22 +1723,25 @@ DxeImageVerificationHandler (
-     CpuDeadLoop ();
-   }
- 
--  GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
-+  SecureBootSize = sizeof (SecureBoot);
-+  VarStatus      = gRT->GetVariable (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, &VarAttr, &SecureBootSize, &SecureBoot);
-   //
-   // Skip verification if SecureBoot variable doesn't exist.
-   //
--  if (SecureBoot == NULL) {
-+  if (VarStatus == EFI_NOT_FOUND) {
-     return EFI_SUCCESS;
-   }
- 
-   //
-   // Skip verification if SecureBoot is disabled but not AuditMode
-   //
--  if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
--    FreePool (SecureBoot);
-+  if ((VarStatus == EFI_SUCCESS) &&
-+      (VarAttr == (EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+                   EFI_VARIABLE_RUNTIME_ACCESS)) &&
-+      (SecureBoot == SECURE_BOOT_MODE_DISABLE))
-+  {
-     return EFI_SUCCESS;
-   }
--  FreePool (SecureBoot);
- 
-   //
-   // Read the Dos header.
--- 
-2.39.1
-

SOURCES/edk2-SecurityPkg-DxeTpm2MeasureBootLib-SEC-PATCH-4118-2.patch

@@ -1,272 +0,0 @@
-From 7b5040e857f1a16bed935f7944bda8bc6f6999ac Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 13 Feb 2024 16:30:10 -0500
-Subject: [PATCH 11/17] SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH
- 4117/4118 symbol rename
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
-RH-Jira: RHEL-21154 RHEL-21156
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [11/13] 45fc2658aaa726b57219789bb1af64f5c4e2cfdc (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21156
-CVE: CVE-2022-36764
-Upstream: Merged
-
-commit 40adbb7f628dee79156c679fb0857968b61b7620
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Wed Jan 17 14:47:20 2024 -0800
-
-    SecurityPkg: DxeTpm2MeasureBootLib: SECURITY PATCH 4117/4118 symbol rename
-
-    Updates the sanitation function names to be lib unique names
-
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-    Cc: Rahul Kumar <rahul1.kumar@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Message-Id: <7b18434c8a8b561654efd40ced3becb8b378c8f1.1705529990.git.doug.edk2@gmail.com>
-    Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../DxeTpm2MeasureBootLib.c                   |  8 +++---
- .../DxeTpm2MeasureBootLibSanitization.c       |  8 +++---
- .../DxeTpm2MeasureBootLibSanitization.h       |  8 +++---
- .../DxeTpm2MeasureBootLibSanitizationTest.c   | 26 +++++++++----------
- 4 files changed, 25 insertions(+), 25 deletions(-)
-
-diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-index f06926e631..8f8bef1d0b 100644
---- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c
-@@ -197,7 +197,7 @@ Tcg2MeasureGptTable (
-                      BlockIo->Media->BlockSize,
-                      (UINT8 *)PrimaryHeader
-                      );
--  if (EFI_ERROR (Status) || EFI_ERROR (SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
-+  if (EFI_ERROR (Status) || EFI_ERROR (Tpm2SanitizeEfiPartitionTableHeader (PrimaryHeader, BlockIo))) {
-     DEBUG ((DEBUG_ERROR, "Failed to read Partition Table Header or invalid Partition Table Header!\n"));
-     FreePool (PrimaryHeader);
-     return EFI_DEVICE_ERROR;
-@@ -206,7 +206,7 @@ Tcg2MeasureGptTable (
-   //
-   // Read the partition entry.
-   //
--  Status = SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
-+  Status = Tpm2SanitizePrimaryHeaderAllocationSize (PrimaryHeader, &AllocSize);
-   if (EFI_ERROR (Status)) {
-     FreePool (PrimaryHeader);
-     return EFI_BAD_BUFFER_SIZE;
-@@ -245,7 +245,7 @@ Tcg2MeasureGptTable (
-   //
-   // Prepare Data for Measurement (CcProtocol and Tcg2Protocol)
-   //
--  Status = SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &TcgEventSize);
-+  Status = Tpm2SanitizePrimaryHeaderGptEventSize (PrimaryHeader, NumberOfPartition, &TcgEventSize);
-   if (EFI_ERROR (Status)) {
-     FreePool (PrimaryHeader);
-     FreePool (EntryPtr);
-@@ -414,7 +414,7 @@ Tcg2MeasurePeImage (
-   }
- 
-   FilePathSize = (UINT32)GetDevicePathSize (FilePath);
--  Status       = SanitizePeImageEventSize (FilePathSize, &EventSize);
-+  Status       = Tpm2SanitizePeImageEventSize (FilePathSize, &EventSize);
-   if (EFI_ERROR (Status)) {
-     return EFI_UNSUPPORTED;
-   }
-diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.c
-index 2a4d52c6d5..809a3bfd89 100644
---- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.c
-+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.c
-@@ -63,7 +63,7 @@
- **/
- EFI_STATUS
- EFIAPI
--SanitizeEfiPartitionTableHeader (
-+Tpm2SanitizeEfiPartitionTableHeader (
-   IN CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   IN CONST EFI_BLOCK_IO_PROTOCOL       *BlockIo
-   )
-@@ -169,7 +169,7 @@ SanitizeEfiPartitionTableHeader (
- **/
- EFI_STATUS
- EFIAPI
--SanitizePrimaryHeaderAllocationSize (
-+Tpm2SanitizePrimaryHeaderAllocationSize (
-   IN CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   OUT UINT32                           *AllocationSize
-   )
-@@ -221,7 +221,7 @@ SanitizePrimaryHeaderAllocationSize (
-     One of the passed parameters was invalid.
- **/
- EFI_STATUS
--SanitizePrimaryHeaderGptEventSize (
-+Tpm2SanitizePrimaryHeaderGptEventSize (
-   IN  CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   IN  UINTN                             NumberOfPartition,
-   OUT UINT32                            *EventSize
-@@ -292,7 +292,7 @@ SanitizePrimaryHeaderGptEventSize (
-     One of the passed parameters was invalid.
- **/
- EFI_STATUS
--SanitizePeImageEventSize (
-+Tpm2SanitizePeImageEventSize (
-   IN  UINT32  FilePathSize,
-   OUT UINT32  *EventSize
-   )
-diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.h b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.h
-index 8f72ba4240..8526bc7537 100644
---- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.h
-+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLibSanitization.h
-@@ -54,7 +54,7 @@
- **/
- EFI_STATUS
- EFIAPI
--SanitizeEfiPartitionTableHeader (
-+Tpm2SanitizeEfiPartitionTableHeader (
-   IN CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   IN CONST EFI_BLOCK_IO_PROTOCOL       *BlockIo
-   );
-@@ -78,7 +78,7 @@ SanitizeEfiPartitionTableHeader (
- **/
- EFI_STATUS
- EFIAPI
--SanitizePrimaryHeaderAllocationSize (
-+Tpm2SanitizePrimaryHeaderAllocationSize (
-   IN CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   OUT UINT32                           *AllocationSize
-   );
-@@ -107,7 +107,7 @@ SanitizePrimaryHeaderAllocationSize (
-     One of the passed parameters was invalid.
- **/
- EFI_STATUS
--SanitizePrimaryHeaderGptEventSize (
-+Tpm2SanitizePrimaryHeaderGptEventSize (
-   IN  CONST EFI_PARTITION_TABLE_HEADER  *PrimaryHeader,
-   IN  UINTN                             NumberOfPartition,
-   OUT UINT32                            *EventSize
-@@ -131,7 +131,7 @@ SanitizePrimaryHeaderGptEventSize (
-     One of the passed parameters was invalid.
- **/
- EFI_STATUS
--SanitizePeImageEventSize (
-+Tpm2SanitizePeImageEventSize (
-   IN  UINT32  FilePathSize,
-   OUT UINT32  *EventSize
-   );
-diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTest.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTest.c
-index 820e99aeb9..50a68e1076 100644
---- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTest.c
-+++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/InternalUnitTest/DxeTpm2MeasureBootLibSanitizationTest.c
-@@ -84,27 +84,27 @@ TestSanitizeEfiPartitionTableHeader (
-   PrimaryHeader.Header.CRC32 = CalculateCrc32 ((UINT8 *)&PrimaryHeader, PrimaryHeader.Header.HeaderSize);
- 
-   // Test that a normal PrimaryHeader passes validation
--  Status = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-+  Status = Tpm2SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-   UT_ASSERT_NOT_EFI_ERROR (Status);
- 
-   // Test that when number of partition entries is 0, the function returns EFI_DEVICE_ERROR
-   // Should print "Invalid Partition Table Header NumberOfPartitionEntries!""
-   PrimaryHeader.NumberOfPartitionEntries = 0;
--  Status                                 = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-+  Status                                 = Tpm2SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-   UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
-   PrimaryHeader.NumberOfPartitionEntries = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY;
- 
-   // Test that when the header size is too small, the function returns EFI_DEVICE_ERROR
-   // Should print "Invalid Partition Table Header Size!"
-   PrimaryHeader.Header.HeaderSize = 0;
--  Status                          = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-+  Status                          = Tpm2SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-   UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
-   PrimaryHeader.Header.HeaderSize = sizeof (EFI_PARTITION_TABLE_HEADER);
- 
-   // Test that when the SizeOfPartitionEntry is too small, the function returns EFI_DEVICE_ERROR
-   // should print: "SizeOfPartitionEntry shall be set to a value of 128 x 2^n where n is an integer greater than or equal to zero (e.g., 128, 256, 512, etc.)!"
-   PrimaryHeader.SizeOfPartitionEntry = 1;
--  Status                             = SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-+  Status                             = Tpm2SanitizeEfiPartitionTableHeader (&PrimaryHeader, &BlockIo);
-   UT_ASSERT_EQUAL (Status, EFI_DEVICE_ERROR);
- 
-   DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
-@@ -137,7 +137,7 @@ TestSanitizePrimaryHeaderAllocationSize (
-   PrimaryHeader.NumberOfPartitionEntries = 5;
-   PrimaryHeader.SizeOfPartitionEntry     = DEFAULT_PRIMARY_TABLE_HEADER_SIZE_OF_PARTITION_ENTRY;
- 
--  Status = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-+  Status = Tpm2SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-   UT_ASSERT_NOT_EFI_ERROR (Status);
- 
-   // Test that the allocation size is correct compared to the existing logic
-@@ -146,19 +146,19 @@ TestSanitizePrimaryHeaderAllocationSize (
-   // Test that an overflow is detected
-   PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32;
-   PrimaryHeader.SizeOfPartitionEntry     = 5;
--  Status                                 = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-+  Status                                 = Tpm2SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   // Test the inverse
-   PrimaryHeader.NumberOfPartitionEntries = 5;
-   PrimaryHeader.SizeOfPartitionEntry     = MAX_UINT32;
--  Status                                 = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-+  Status                                 = Tpm2SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   // Test the worst case scenario
-   PrimaryHeader.NumberOfPartitionEntries = MAX_UINT32;
-   PrimaryHeader.SizeOfPartitionEntry     = MAX_UINT32;
--  Status                                 = SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-+  Status                                 = Tpm2SanitizePrimaryHeaderAllocationSize (&PrimaryHeader, &AllocationSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
-@@ -196,7 +196,7 @@ TestSanitizePrimaryHeaderGptEventSize (
-   NumberOfPartition = 13;
- 
-   // that the primary event size is correct
--  Status = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
-+  Status = Tpm2SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
-   UT_ASSERT_NOT_EFI_ERROR (Status);
- 
-   // Calculate the existing logic event size
-@@ -207,12 +207,12 @@ TestSanitizePrimaryHeaderGptEventSize (
-   UT_ASSERT_EQUAL (EventSize, ExistingLogicEventSize);
- 
-   // Tests that the primary event size may not overflow
--  Status = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, MAX_UINT32, &EventSize);
-+  Status = Tpm2SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, MAX_UINT32, &EventSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   // Test that the size of partition entries may not overflow
-   PrimaryHeader.SizeOfPartitionEntry = MAX_UINT32;
--  Status                             = SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
-+  Status                             = Tpm2SanitizePrimaryHeaderGptEventSize (&PrimaryHeader, NumberOfPartition, &EventSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
-@@ -245,7 +245,7 @@ TestSanitizePeImageEventSize (
-   FilePathSize = 255;
- 
-   // Test that a normal PE image passes validation
--  Status = SanitizePeImageEventSize (FilePathSize, &EventSize);
-+  Status = Tpm2SanitizePeImageEventSize (FilePathSize, &EventSize);
-   UT_ASSERT_EQUAL (Status, EFI_SUCCESS);
- 
-   // Test that the event size is correct compared to the existing logic
-@@ -258,7 +258,7 @@ TestSanitizePeImageEventSize (
-   }
- 
-   // Test that the event size may not overflow
--  Status = SanitizePeImageEventSize (MAX_UINT32, &EventSize);
-+  Status = Tpm2SanitizePeImageEventSize (MAX_UINT32, &EventSize);
-   UT_ASSERT_EQUAL (Status, EFI_BAD_BUFFER_SIZE);
- 
-   DEBUG ((DEBUG_INFO, "%a: Test passed\n", __func__));
--- 
-2.41.0
-