.edk2.metadata

@@ -1,2 +0,0 @@
-ae830c7278f985cb25e90f4687b46c8b22316bef SOURCES/edk2-bb1bba3d77.tar.xz
-85388ae6525650667302c6b553894430197d9e0d SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz

.gitignore

@@ -1,2 +1,18 @@
-SOURCES/edk2-bb1bba3d77.tar.xz
-SOURCES/openssl-rhel-cf317b2bb227899cb2e761b9163210f62cab1b1e.tar.xz
+/openssl-*-hobbled.tar.xz
+/edk2-*.tar.xz
+/qemu-ovmf-secureboot-*.tar.gz
+/edk2-*.tar.gz
+/softfloat-20180726-gitb64af41.tar.xz
+/qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz
+/qemu-ovmf-secureboot-20200228-gitc3e16b3.tar.xz
+/openssl-rhel-a75722161d20fd632f8875585d3aa066ec5fea93.tar.xz
+/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
+/openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
+/jansson-2.13.1.tar.bz2
+/openssl-rhel-3adb22b68e9fe61fc4863c2d2dc6cc6fc094b005.tar.xz
+/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
+/DBXUpdate-20230509.x64.bin
+/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
+/openssl-rhel-*.tar.xz
+/DBXUpdate-*.x64.bin
+/dtc-1.7.0.tar.xz

0003-Remove-paths-leading-to-submodules.patch

@@ -0,0 +1,65 @@
+From 7c992488db69cd0f5f4e26eb7819907f3bb3b5b4 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Thu, 24 Mar 2022 03:23:02 -0400
+Subject: [PATCH] Remove paths leading to submodules
+
+We removed submodules used upstream. However, edk2 build system requires
+such include paths to resolve successfully, regardless of the firmware
+platform being built.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ BaseTools/Source/C/GNUmakefile | 1 -
+ MdeModulePkg/MdeModulePkg.dec  | 3 ---
+ MdePkg/MdePkg.dec              | 5 -----
+ 3 files changed, 9 deletions(-)
+
+diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
+index 5275f657ef..39d7199753 100644
+--- a/BaseTools/Source/C/GNUmakefile
++++ b/BaseTools/Source/C/GNUmakefile
+@@ -51,7 +51,6 @@ all: makerootdir subdirs
+ LIBRARIES = Common
+ VFRAUTOGEN = VfrCompile/VfrLexer.h
+ APPLICATIONS = \
+-  BrotliCompress \
+   VfrCompile \
+   EfiRom \
+   GenFfs \
+diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
+index b9bc7041f2..168f224d4b 100644
+--- a/MdeModulePkg/MdeModulePkg.dec
++++ b/MdeModulePkg/MdeModulePkg.dec
+@@ -26,9 +26,6 @@
+   Include
+   Test/Mock/Include
+ 
+-[Includes.Common.Private]
+-  Library/BrotliCustomDecompressLib/brotli/c/include
+-
+ [LibraryClasses]
+   ##  @libraryclass  Defines a set of methods to reset whole system.
+   ResetSystemLib|Include/Library/ResetSystemLib.h
+diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
+index 624f626360..46ce26916b 100644
+--- a/MdePkg/MdePkg.dec
++++ b/MdePkg/MdePkg.dec
+@@ -29,7 +29,6 @@
+   Include
+   Test/UnitTest/Include
+   Test/Mock/Include
+-  Library/MipiSysTLib/mipisyst/library/include
+ 
+ [Includes.IA32]
+   Include/Ia32
+@@ -295,10 +294,6 @@
+   #
+   FdtLib|Include/Library/FdtLib.h
+ 
+-  ##  @libraryclass  Provides general mipi sys-T services.
+-  #
+-  MipiSysTLib|Include/Library/MipiSysTLib.h
+-
+   ##  @libraryclass  Provides API to output Trace Hub debug message.
+   #
+   TraceHubDebugSysTLib|Include/Library/TraceHubDebugSysTLib.h

0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch

@@ -1,8 +1,20 @@
-From fbfd113142f594c4f257b5a044a6e17ef7f66505 Mon Sep 17 00:00:00 2001
+From 36fd1664301ede2fb27811f03db77333170bcf05 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Tue, 25 Feb 2014 22:40:01 +0100
-Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
- only)
+Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
+ change (RH only)
+
+Notes for rebase to edk2-stable202311:
+
+- Minor context changes due to new PCDs (for USB Networking) being added.
+
+Notes for rebase to edk2-stable202205:
+
+- Minor context changes due to fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask
+
+Notes for rebase to edk2-stable202202:
+
+- Minor context changes due to 1436aea4d MdeModulePkg: Apply uncrustify changes
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -87,12 +99,12 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  3 files changed, 36 insertions(+)
 
 diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 9d69fb86ed..08d59dfb3e 100644
+index 168f224d4b..5b6287341f 100644
 --- a/MdeModulePkg/MdeModulePkg.dec
 +++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -2076,6 +2076,10 @@
-   # @Prompt Enable PCIe Resizable BAR Capability support.
-   gEfiMdeModulePkgTokenSpaceGuid.PcdPcieResizableBarSupport|FALSE|BOOLEAN|0x10000024
+@@ -2275,6 +2275,10 @@
+   # @Prompt The value is use for Usb Network rate limiting supported.
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
  
 +  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
 +  #  mode change.
@@ -102,7 +114,7 @@ index 9d69fb86ed..08d59dfb3e 100644
    ## Specify memory size with page number for PEI code when
    #  Loading Module at Fixed Address feature is enabled.
 diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-index aae470e956..26156857aa 100644
+index 7809869e7d..3be801039b 100644
 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
 +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
 @@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -131,7 +143,7 @@ index aae470e956..26156857aa 100644
  //
  // Body of the ConOut functions
  //
-@@ -506,6 +518,24 @@ TerminalConOutSetMode (
+@@ -498,6 +510,24 @@ TerminalConOutSetMode (
      return EFI_DEVICE_ERROR;
    }
  
@@ -157,7 +169,7 @@ index aae470e956..26156857aa 100644
  
    Status = This->ClearScreen (This);
 diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-index b2a8aeba85..eff6253465 100644
+index b2a8aeba85..96810f337c 100644
 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
 +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
 @@ -55,6 +55,7 @@
@@ -176,6 +188,3 @@ index b2a8aeba85..eff6253465 100644
  
  # [Event]
  # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
--- 
-2.27.0
-

0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch

@@ -1,7 +1,12 @@
-From 9ea7b3f689bf7d21b869adb829139be7eb91bb33 Mon Sep 17 00:00:00 2001
+From 384f25e733e073e3641c7e1889cd423f9f038298 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 14 Oct 2015 15:59:06 +0200
-Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
+Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
+ only)
+
+Notes about edk2-stable202205 rebase
+
+- Necessary minor fixes for upstream changes
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -67,86 +72,141 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 (cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f)
 ---
  OvmfPkg/AmdSev/AmdSevX64.dsc        |  1 +
+ OvmfPkg/CloudHv/CloudHvX64.dsc      |  1 +
+ OvmfPkg/IntelTdx/IntelTdxX64.dsc    |  1 +
+ OvmfPkg/Microvm/MicrovmX64.dsc      |  2 +-
  OvmfPkg/OvmfPkgIa32.dsc             |  1 +
  OvmfPkg/OvmfPkgIa32X64.dsc          |  1 +
  OvmfPkg/OvmfPkgX64.dsc              |  1 +
- OvmfPkg/PlatformPei/Platform.c      | 1 +
- OvmfPkg/PlatformPei/PlatformPei.inf | 2 ++
- 6 files changed, 7 insertions(+)
+ OvmfPkg/PlatformPei/Platform.c      | 13 +++++++++++++
+ OvmfPkg/PlatformPei/PlatformPei.inf |  1 +
+ 9 files changed, 21 insertions(+), 1 deletion(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 5ee5445116..6ea3621225 100644
+index 40553c0019..b51eba71fc 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -534,6 +534,7 @@
+@@ -484,6 +484,7 @@
  [PcdsDynamicDefault]
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
+diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
+index 38137d8c13..542ca013e2 100644
+--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
++++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
+@@ -581,6 +581,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+ !if $(SMM_REQUIRE) == FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+index fc1332598e..4b7e1596fc 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+@@ -477,6 +477,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
+diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
+index bc9be1c5c2..d76fa4269f 100644
+--- a/OvmfPkg/Microvm/MicrovmX64.dsc
++++ b/OvmfPkg/Microvm/MicrovmX64.dsc
+@@ -590,7 +590,7 @@
+   # only set when
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+-
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 6a5be97c05..4cacf0ea94 100644
+index 7ab6af3a69..c56d24a676 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -594,6 +594,7 @@
+@@ -600,6 +600,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 71227d1b70..6225f8e095 100644
+index e7fff78df9..b560fb7718 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -600,6 +600,7 @@
+@@ -611,6 +611,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 52f7598cf1..b66fc67563 100644
+index 556984bdaa..c46a8e05d6 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -600,6 +600,7 @@
+@@ -629,6 +629,7 @@
    #   ($(SMM_REQUIRE) == FALSE)
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
  !if $(SMM_REQUIRE) == FALSE
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index df2d9ad015..d0e2c08de9 100644
+index dc81ce9e2b..05b924f99f 100644
 --- a/OvmfPkg/PlatformPei/Platform.c
 +++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -752,6 +752,7 @@ InitializePlatform (
-     MemTypeInfoInitialization ();
-     MemMapInitialization ();
-     NoexecDxeInitialization ();
+@@ -43,6 +43,18 @@
+ #include "Platform.h"
+ #include "PlatformId.h"
+ 
++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                   \
++          do {                                                      \
++            BOOLEAN       Setting;                                  \
++            RETURN_STATUS PcdStatus;                                \
++                                                                    \
++            if (!RETURN_ERROR (QemuFwCfgParseBool (                 \
++                              "opt/ovmf/" #TokenName, &Setting))) { \
++              PcdStatus = PcdSetBoolS (TokenName, Setting);         \
++              ASSERT_RETURN_ERROR (PcdStatus);                      \
++            }                                                       \
++          } while (0)
++
+ EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
+   {
+     EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+@@ -361,6 +373,7 @@ InitializePlatform (
+     MemTypeInfoInitialization (PlatformInfoHob);
+     MemMapInitialization (PlatformInfoHob);
+     NoexecDxeInitialization (PlatformInfoHob);
 +    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
    }
  
    InstallClearCacheCallback ();
 diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 67eb7aa716..7d26b43680 100644
+index 0bb1a46291..9185c2398c 100644
 --- a/OvmfPkg/PlatformPei/PlatformPei.inf
 +++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -93,6 +93,8 @@
+@@ -106,6 +106,7 @@
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
    gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
    gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
    gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
    gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
    gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
--- 
-2.27.0
-

0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch

@@ -1,7 +1,8 @@
-From b846a65eeb926a483cff3e35242097eb6d21ceab Mon Sep 17 00:00:00 2001
+From e7d683517880eb66faf1c54d0afe396f87a62a60 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Sun, 26 Jul 2015 08:02:50 +0000
-Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
+Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
+ (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -90,25 +91,24 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  ArmVirtPkg/ArmVirtQemu.dsc                    |  7 +++-
  .../TerminalPcdProducerLib.c                  | 34 +++++++++++++++++++
  .../TerminalPcdProducerLib.inf                | 33 ++++++++++++++++++
- OvmfPkg/PlatformPei/PlatformPei.inf           |  1 -
- 4 files changed, 73 insertions(+), 2 deletions(-)
+ 3 files changed, 73 insertions(+), 1 deletion(-)
  create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
  create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 
 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 891e065311..e0476ede4f 100644
+index 1ba63d2e16..fa98980acf 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -282,6 +282,8 @@
-   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0
+@@ -313,6 +313,8 @@
+   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
  !endif
  
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
 +
  [PcdsDynamicHii]
-   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
+   gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
  
-@@ -384,7 +386,10 @@
+@@ -422,7 +424,10 @@
    MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
    MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
    MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
@@ -122,7 +122,7 @@ index 891e065311..e0476ede4f 100644
    MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
 diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
 new file mode 100644
-index 0000000000..bfd3a6a535
+index 0000000000..37f71c5e4c
 --- /dev/null
 +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
 @@ -0,0 +1,34 @@
@@ -162,7 +162,7 @@ index 0000000000..bfd3a6a535
 +}
 diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 new file mode 100644
-index 0000000000..a51dbd1670
+index 0000000000..c840f6f97a
 --- /dev/null
 +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
 @@ -0,0 +1,33 @@
@@ -199,18 +199,3 @@ index 0000000000..a51dbd1670
 +
 +[Pcd]
 +  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES
-diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 7d26b43680..69eb3edad3 100644
---- a/OvmfPkg/PlatformPei/PlatformPei.inf
-+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -93,7 +93,6 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
--  gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
-   gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
-   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
-   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
--- 
-2.27.0
-

0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch

@@ -1,7 +1,7 @@
-From 02687f83845b9ae8455655e117f0b7cdaa18ba5c Mon Sep 17 00:00:00 2001
+From 7d24bd2c35d2fc0109c33854b79683e60ac75836 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:45 +0100
-Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
+Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -65,10 +65,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 4 insertions(+), 4 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 6ea3621225..366fa79f62 100644
+index b51eba71fc..1128968857 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -486,7 +486,7 @@
+@@ -429,7 +429,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -78,10 +78,10 @@ index 6ea3621225..366fa79f62 100644
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 4cacf0ea94..2aacf1a5ff 100644
+index c56d24a676..9ff998dda5 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -534,7 +534,7 @@
+@@ -536,7 +536,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -91,10 +91,10 @@ index 4cacf0ea94..2aacf1a5ff 100644
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 6225f8e095..2613c83adb 100644
+index b560fb7718..162f0cf385 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -538,7 +538,7 @@
+@@ -542,7 +542,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -104,10 +104,10 @@ index 6225f8e095..2613c83adb 100644
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index b66fc67563..d7d34eeef2 100644
+index c46a8e05d6..d97ccb44cc 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -540,7 +540,7 @@
+@@ -561,7 +561,7 @@
    # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
    #                             // significantly impact boot performance
    # DEBUG_ERROR     0x80000000  // Error
@@ -116,6 +116,3 @@ index b66fc67563..d7d34eeef2 100644
  
  !if $(SOURCE_DEBUG_ENABLE) == TRUE
    gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
--- 
-2.27.0
-

0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch

@@ -1,9 +1,13 @@
-From a5dd9e06c570b2c003a2b6aea681f0d93bfbfdc4 Mon Sep 17 00:00:00 2001
+From f473e531dd0f912326aa0c559bcc8a17556cfbb6 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:46 +0100
-Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
+Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
  QemuVideoDxe/QemuRamfbDxe (RH)
 
+edk2-stable202402 rebase:
+
+- context changes due to CSM support removal.
+
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
 
@@ -82,12 +86,12 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 32 insertions(+), 8 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 366fa79f62..a289d8a573 100644
+index 1128968857..0b29aa1157 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -750,8 +750,14 @@
+@@ -690,8 +690,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
  
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
 -  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@@ -103,71 +107,65 @@ index 366fa79f62..a289d8a573 100644
  
    #
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 2aacf1a5ff..1a5cfa4c6d 100644
+index 9ff998dda5..92f5fd0850 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -846,9 +846,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -830,8 +830,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
  
-   #
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 2613c83adb..11002ffd95 100644
+index 162f0cf385..feac55d1dd 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -860,9 +860,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -843,8 +843,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
  
-   #
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d7d34eeef2..f176aa4061 100644
+index d97ccb44cc..1c925296a2 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -858,9 +858,15 @@
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+@@ -908,8 +908,14 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
  
- !ifndef $(CSM_ENABLE)
 -  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
- !endif
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
 +    <PcdsFixedAtBuild>
 +      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
 +  }
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
- 
-   #
--- 
-2.27.0
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
  

0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch

@@ -1,8 +1,8 @@
-From ccc2c9c85f43662f942bf5c303f4a1a9f964c36d Mon Sep 17 00:00:00 2001
+From 1e26f3bcdfab0f2f61675eb351fecc4624e074fd Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 27 Jan 2016 03:05:18 +0100
-Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
- only)
+Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
+ QemuRamfbDxe (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  2 files changed, 8 insertions(+), 2 deletions(-)
 
 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index ec0edf6e7b..e6fad9f066 100644
+index fa98980acf..8735d2881e 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -509,7 +509,10 @@
+@@ -552,7 +552,10 @@
    #
    # Video support
    #
@@ -77,10 +77,10 @@ index ec0edf6e7b..e6fad9f066 100644
    OvmfPkg/PlatformDxe/Platform.inf
  
 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index a8bb83b288..656c9d99a3 100644
+index 9927bdae0e..c15d51dab0 100644
 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
 +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -438,7 +438,10 @@
+@@ -457,7 +457,10 @@
    #
    # Video support
    #
@@ -92,6 +92,3 @@ index a8bb83b288..656c9d99a3 100644
    OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
    OvmfPkg/PlatformDxe/Platform.inf
  
--- 
-2.27.0
-

0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch

@@ -1,8 +1,8 @@
-From b3147a5ce92a149532ef1ec47cdf14082a56654d Mon Sep 17 00:00:00 2001
+From bb0c1a69e72906992dbb41145dc30217ed80a4bf Mon Sep 17 00:00:00 2001
 From: Philippe Mathieu-Daude <philmd@redhat.com>
 Date: Thu, 1 Aug 2019 20:43:48 +0200
-Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
- builds (RH only)
+Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64
+ silent builds (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -47,7 +47,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
  2 files changed, 15 insertions(+)
 
 diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
-index 0d49d8bbab..dbf9bcbe16 100644
+index 5a1044f0dc..83c6d26c74 100644
 --- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
 +++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
 @@ -13,6 +13,7 @@
@@ -58,7 +58,7 @@ index 0d49d8bbab..dbf9bcbe16 100644
  #include <Library/DevicePathLib.h>
  #include <Library/FrameBufferBltLib.h>
  #include <Library/MemoryAllocationLib.h>
-@@ -242,6 +243,19 @@ InitializeQemuRamfb (
+@@ -259,6 +260,19 @@ InitializeQemuRamfb (
  
    Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
    if (EFI_ERROR (Status)) {
@@ -77,9 +77,9 @@ index 0d49d8bbab..dbf9bcbe16 100644
 +#endif
      return EFI_NOT_FOUND;
    }
-   if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
+ 
 diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-index e3890b8c20..6ffee5acb2 100644
+index e3890b8c20..f79a4bc987 100644
 --- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 +++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
 @@ -29,6 +29,7 @@
@@ -90,6 +90,3 @@ index e3890b8c20..6ffee5acb2 100644
    DevicePathLib
    FrameBufferBltLib
    MemoryAllocationLib
--- 
-2.27.0
-

0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch

@@ -1,8 +1,8 @@
-From a663867a4a99b97d0e1c5fdfed0389312fecd767 Mon Sep 17 00:00:00 2001
+From b788c5310578081342d178819b2b6c48fb4007a3 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:47 +0100
-Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
- only)
+Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
+ (RH only)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -63,11 +63,11 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  4 files changed, 16 insertions(+), 4 deletions(-)
 
 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index a289d8a573..ccdf9b8ce0 100644
+index 0b29aa1157..4160d8d752 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -744,7 +744,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -685,7 +685,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -79,11 +79,11 @@ index a289d8a573..ccdf9b8ce0 100644
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 1a5cfa4c6d..a0666930d6 100644
+index 92f5fd0850..ae4ca08e32 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -839,7 +839,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -825,7 +825,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -95,11 +95,11 @@ index 1a5cfa4c6d..a0666930d6 100644
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 11002ffd95..5efeb42bf3 100644
+index feac55d1dd..7f88e89d0f 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -853,7 +853,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -838,7 +838,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -111,11 +111,11 @@ index 11002ffd95..5efeb42bf3 100644
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index f176aa4061..10fb7d7069 100644
+index 1c925296a2..50af72adb2 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -851,7 +851,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -903,7 +903,10 @@
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
    MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
    MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@@ -126,6 +126,3 @@ index f176aa4061..10fb7d7069 100644
    MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
    MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
    MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
--- 
-2.27.0
-

0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch

@@ -1,8 +1,8 @@
-From d9416e3015cadb3214d5ca409e57fd2352ae1961 Mon Sep 17 00:00:00 2001
+From b34701a562571a8d03c3e9609dea1abafc65d18b Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:31:36 +0200
-Subject: OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" in
- silent aa64 build (RH)
+Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
+ in silent aa64 build (RH)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -32,7 +32,7 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
  2 files changed, 18 insertions(+)
 
 diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
-index 6832d563bc..08ed67f5ff 100644
+index cf58c97cd2..023eece6d9 100644
 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
 +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
 @@ -19,6 +19,7 @@
@@ -43,7 +43,7 @@ index 6832d563bc..08ed67f5ff 100644
  #include <Library/DevicePathLib.h>
  #include <Library/MemoryAllocationLib.h>
  #include <Library/QemuFwCfgLib.h>
-@@ -1054,6 +1055,22 @@ QemuKernelLoaderFsDxeEntrypoint (
+@@ -1080,6 +1081,22 @@ QemuKernelLoaderFsDxeEntrypoint (
  
    if (KernelBlob->Data == NULL) {
      Status = EFI_NOT_FOUND;
@@ -67,7 +67,7 @@ index 6832d563bc..08ed67f5ff 100644
    }
  
 diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
-index 7b35adb8e0..e0331c6e2c 100644
+index 7b35adb8e0..23d9f5fca1 100644
 --- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
 +++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
 @@ -28,6 +28,7 @@
@@ -78,6 +78,3 @@ index 7b35adb8e0..e0331c6e2c 100644
    DevicePathLib
    MemoryAllocationLib
    QemuFwCfgLib
--- 
-2.27.0
-

0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch

@@ -1,8 +1,8 @@
-From fd19e4e33d52e843e6e35adde2c1e266497e8a7b Mon Sep 17 00:00:00 2001
+From b185c171fa05b8b366dfdbe8c1ae6a057ef42fd1 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:40:09 +0200
-Subject: SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent aa64 build
- (RH)
+Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
+ aa64 build (RH)
 
 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
 RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
@@ -31,10 +31,10 @@ Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
  2 files changed, 18 insertions(+)
 
 diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
-index 6d17616c1c..f1a97d4b2d 100644
+index 4d0c241f4d..e228d5f39f 100644
 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
 +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
-@@ -28,6 +28,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+@@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
  #include <Protocol/ResetNotification.h>
  
  #include <Library/DebugLib.h>
@@ -42,9 +42,9 @@ index 6d17616c1c..f1a97d4b2d 100644
  #include <Library/BaseMemoryLib.h>
  #include <Library/UefiRuntimeServicesTableLib.h>
  #include <Library/UefiDriverEntryPoint.h>
-@@ -2642,6 +2643,22 @@ DriverEntry (
-   if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
-       CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
+@@ -2754,6 +2755,22 @@ DriverEntry (
+       CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
+   {
      DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
 +#if defined (MDE_CPU_AARCH64)
 +    //
@@ -66,7 +66,7 @@ index 6d17616c1c..f1a97d4b2d 100644
    }
  
 diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
-index 7dc7a2683d..3bc8833931 100644
+index a645474bf3..dbb7a52f33 100644
 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
 +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
 @@ -55,6 +55,7 @@
@@ -77,6 +77,3 @@ index 7dc7a2683d..3bc8833931 100644
    Tpm2CommandLib
    PrintLib
    UefiLib
--- 
-2.27.0
-

0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch

@@ -0,0 +1,126 @@
+From 763877f2bd3bc2e6bb00095c47915a3fb1f8b406 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:28:49 +0200
+Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [2/19] 6777c3dc453e4aecddc20216f783ba2a5acccaa0
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove EFI Byte Code interpreter.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 4160d8d752..0d21eb795e 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -611,7 +611,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 42178701fc..3dea9b36f8 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -212,7 +212,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index ae4ca08e32..cbe9a503e8 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -749,7 +749,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index bc7bb678b4..59d15bb77d 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -216,7 +216,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 7f88e89d0f..315ecf7d89 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -762,7 +762,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+   UefiCpuPkg/CpuDxe/CpuDxe.inf
+   OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 98c05e491d..048fda9f16 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -217,7 +217,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf
+ INF  OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 50af72adb2..156e52e430 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -804,7 +804,6 @@
+ !include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
+   }
+ 
+-  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+   UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ 
+   UefiCpuPkg/CpuDxe/CpuDxe.inf {
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 489d03b60e..ef01da45e6 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -245,7 +245,6 @@ INF  MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
+ 
+ INF  MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
+ INF  MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+-INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
+ INF  UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
+ 
+ INF  UefiCpuPkg/CpuDxe/CpuDxe.inf

0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch

@@ -0,0 +1,126 @@
+From 6d6f5919b81d40e46ee18d1a3e54f183c220c91d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:28:59 +0200
+Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [4/19] f0a41317291f2e9e3b5bd3125149c3866f23ab08
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+QemuVideoDxe binds virtio-vga, so VirtioGpu is not needed.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 0d21eb795e..89c9b610d1 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -700,7 +700,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+   # ISA Support
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 3dea9b36f8..899f02981f 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -299,7 +299,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ 
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index cbe9a503e8..d35d04b39a 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -840,7 +840,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+ 
+   #
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 59d15bb77d..7fd9203427 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -316,7 +316,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+ INF  OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 315ecf7d89..5710183135 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -853,7 +853,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+ 
+   #
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 048fda9f16..a15cd72f13 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -322,7 +322,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 156e52e430..11a05298b6 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -918,7 +918,6 @@
+     <PcdsFixedAtBuild>
+       gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+   }
+-  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
+ 
+   #
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index ef01da45e6..e8562442d3 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -355,7 +355,6 @@ INF  MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
+ 
+ INF  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
+ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+-INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf

0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch

@@ -0,0 +1,100 @@
+From ede6f8b9c357dc1c711a49201459538b265c65dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:13 +0200
+Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [9/19] b40d8a6b9c38568a74fb922b12bbae9f0e721f95
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the virtio-fs driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf    | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
+ OvmfPkg/OvmfPkgX64.dsc     | 1 -
+ OvmfPkg/OvmfPkgX64.fdf     | 1 -
+ 6 files changed, 6 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index d35d04b39a..5a1c7058c8 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -818,7 +818,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 7fd9203427..7e09e3aac9 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -289,7 +289,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 5710183135..4fb8b9ba39 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -831,7 +831,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index a15cd72f13..8ba0ce211d 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -290,7 +290,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 11a05298b6..21c6a5b3c0 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -896,7 +896,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index e8562442d3..f3cb0ea40c 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -321,7 +321,6 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 

0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch

@@ -0,0 +1,61 @@
+From 7b3630372e0ab0b86a94ca7250c791cbe67947c0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:16 +0200
+Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [10/19] 808ad4385c24fbf34fb0ba359808e6d364e1d030
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the virtio-fs driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           | 1 -
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     | 1 -
+ 3 files changed, 3 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 8735d2881e..44bee7c339 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -470,7 +470,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Bds
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 38906004d7..7205274bed 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -85,7 +85,6 @@ READ_LOCK_STATUS   = TRUE
+   INF FatPkg/EnhancedFatDxe/Fat.inf
+   INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Status Code Routing
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index c15d51dab0..e0bc37ac7c 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -375,7 +375,6 @@
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+   MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+-  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
+ 
+   #
+   # Bds

0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch

@@ -0,0 +1,126 @@
+From b8e59f096ab5cebccdd712839cc2fcd8c185ffdb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:19 +0200
+Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [11/19] 21614de37221fca27d4eec0f03c5c8bce5911af3
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the UDF driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
+ OvmfPkg/OvmfPkgIa32.dsc      | 1 -
+ OvmfPkg/OvmfPkgIa32.fdf      | 1 -
+ OvmfPkg/OvmfPkgIa32X64.dsc   | 1 -
+ OvmfPkg/OvmfPkgIa32X64.fdf   | 1 -
+ OvmfPkg/OvmfPkgX64.dsc       | 1 -
+ OvmfPkg/OvmfPkgX64.fdf       | 1 -
+ 8 files changed, 8 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 89c9b610d1..4edc2a9069 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -678,7 +678,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 899f02981f..2fe05eccdd 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -279,7 +279,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
+ INF  OvmfPkg/AmdSev/Grub/Grub.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 5a1c7058c8..5333708216 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -817,7 +817,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 7e09e3aac9..30649699cd 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -288,7 +288,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 4fb8b9ba39..9e6f35607d 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -830,7 +830,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 8ba0ce211d..8ef8519cfe 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -289,7 +289,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 21c6a5b3c0..c127ace963 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -895,7 +895,6 @@
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
+   MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index f3cb0ea40c..c0da2672a3 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -320,7 +320,6 @@ INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+ INF MdeModulePkg/Logo/LogoDxe.inf
+ 

0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch

@@ -0,0 +1,61 @@
+From d394876cac9e91d30858f20b6c5abb2ade4aabbb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:22 +0200
+Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [12/19] fcadb6a747b65e4d449d48131c9a2eeed4bd3c9a
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the UDF driver.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           | 1 -
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     | 1 -
+ 3 files changed, 3 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 44bee7c339..e7e9df3b42 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -469,7 +469,6 @@
+   MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Bds
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 7205274bed..24a9dac2fd 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -84,7 +84,6 @@ READ_LOCK_STATUS   = TRUE
+   INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   INF FatPkg/EnhancedFatDxe/Fat.inf
+   INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+-  INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Status Code Routing
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index e0bc37ac7c..ee2459e31d 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -374,7 +374,6 @@
+   MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
+   MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
+   FatPkg/EnhancedFatDxe/Fat.inf
+-  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
+   #
+   # Bds

0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch

@@ -0,0 +1,55 @@
+From 96eac5543ee94478cec9db044bea2903adb8940b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:25 +0200
+Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+rebase to edk2-stable202405:
+
+rewrite due to shell build config being moved to an include file
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [13/19] cf9ef346386ac89fa05b29d429d8d1b27cf0e3b0
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via TFTP.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 4 ----
+ OvmfPkg/Include/Fdf/ShellDxe.fdf.inc        | 1 -
+ 2 files changed, 5 deletions(-)
+
+diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+index 4075688e41..3663938054 100644
+--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
++++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+@@ -6,10 +6,6 @@
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ !if $(NETWORK_ENABLE) == TRUE
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+index 38f69747b0..1637083ff1 100644
+--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
++++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+@@ -6,7 +6,6 @@
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ !if $(NETWORK_ENABLE) == TRUE
+-INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf

0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch

@@ -0,0 +1,54 @@
+From bd961e984e6e4dc70e88b38e7277f086405360c6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:28 +0200
+Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via TFTP.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 7 +++----
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 5384a41818..2a8236e520 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -393,10 +393,9 @@
+   #
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+ 
+-  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
++  #
++  # UEFI application (Shell Embedded Boot Loader)
++  #
+   ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 24a9dac2fd..1341de0a2f 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -100,7 +100,6 @@ READ_LOCK_STATUS   = TRUE
+   INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+-  INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+   INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch

@@ -0,0 +1,63 @@
+From 1176f49c73da2d2bd607dcd565f3bc1d59029209 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:31 +0200
+Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+rebase to edk2-stable202405:
+
+rewrite due to shell build config being moved to an include file
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [15/19] 1911cf04f27467ef1175b1976864c1111d93d19e
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via HTTP(S).
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 6 ------
+ OvmfPkg/Include/Fdf/ShellDxe.fdf.inc        | 3 ---
+ 2 files changed, 9 deletions(-)
+
+diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+index 3663938054..a568f1ecc5 100644
+--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
++++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+@@ -5,12 +5,6 @@
+ !if $(BUILD_SHELL) == TRUE
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+-!if $(NETWORK_ENABLE) == TRUE
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+-!endif
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+index 1637083ff1..c0118a46e2 100644
+--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
++++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+@@ -5,9 +5,6 @@
+ !if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+-!if $(NETWORK_ENABLE) == TRUE
+-INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+-!endif
+ INF  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+ INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif

0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch

@@ -0,0 +1,55 @@
+From dc68c045087e771dac52733d6b64feb3db38ece0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:34 +0200
+Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to download files in the shell via HTTP(S).
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 4 ----
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
+ 2 files changed, 5 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 2a8236e520..5bfb16c27e 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -396,10 +396,6 @@
+   #
+   # UEFI application (Shell Embedded Boot Loader)
+   #
+-  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 1341de0a2f..b49bf7ad4e 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -100,7 +100,6 @@ READ_LOCK_STATUS   = TRUE
+   INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+-  INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+   INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ 

0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch

@@ -0,0 +1,64 @@
+From d140a278bde8ed85efd41f228c471c5d89971ce9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:39 +0200
+Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+rebase to edk2-stable202405:
+
+rewrite due to shell build config being moved to an include file
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [17/19] 491fe1301ea29c7cb56c20272e45614d5fcb6f14
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to register a file in the shell as the
+initial ramdisk for a UEFI stubbed kernel, to be booted next.
+
+Note: as further dynamic shell commands might show up upstream,
+we intentionally preserve the empty !ifdef'ry context to ease
+future downstream rebases.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 4 ----
+ OvmfPkg/Include/Fdf/ShellDxe.fdf.inc        | 1 -
+ 2 files changed, 5 deletions(-)
+
+diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+index a568f1ecc5..f7e0f5e90e 100644
+--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
++++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+@@ -9,10 +9,6 @@
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+ !endif
+ 
+   ShellPkg/Application/Shell/Shell.inf {
+diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+index c0118a46e2..dced75e388 100644
+--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
++++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+@@ -6,7 +6,6 @@
+ 
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+-INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ !endif
+ 
+ INF  ShellPkg/Application/Shell/Shell.inf

0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch

@@ -0,0 +1,66 @@
+From 0abc22a0a5f8d38e31b7e6356de46a2e55e63785 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
+Date: Thu, 1 Jul 2021 20:29:46 +0200
+Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rebase to edk2-stable202311:
+
+Minor update, context change due to new variable policy shell command.
+
+RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-MergeRequest: 3: Disable features for RHEL9
+RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d
+RH-Bugzilla: 1967747
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+
+Remove the command to register a file in the shell as the initial
+ramdisk for a UEFI stubbed kernel, to be booted next.
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ ArmVirtPkg/ArmVirt.dsc.inc           | 10 +++-------
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |  1 -
+ 2 files changed, 3 insertions(+), 8 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
+index 5bfb16c27e..49e3bf9de4 100644
+--- a/ArmVirtPkg/ArmVirt.dsc.inc
++++ b/ArmVirtPkg/ArmVirt.dsc.inc
+@@ -393,17 +393,13 @@
+   #
+   MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
+ 
+-  #
+-  # UEFI application (Shell Embedded Boot Loader)
+-  #
++  #
++  # UEFI application (Shell Embedded Boot Loader)
++  #
+   ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
+     <PcdsFixedAtBuild>
+       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+   }
+-  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
+-    <PcdsFixedAtBuild>
+-      gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
+-  }
+   ShellPkg/Application/Shell/Shell.inf {
+     <LibraryClasses>
+       ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index b49bf7ad4e..753afd799b 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -101,7 +101,6 @@ READ_LOCK_STATUS   = TRUE
+ 
+   INF ShellPkg/Application/Shell/Shell.inf
+   INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
+-  INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
+ 
+   #
+   # Bds

0026-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch

@@ -0,0 +1,123 @@
+From ca812e951cc824d6d7db16ec04a23a4b7fbb6830 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Wed, 16 Aug 2023 12:09:40 +0200
+Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
+RH-Bugzilla: 2218196
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2)
+
+Add a callback at the end of the Dxe phase that sets the
+"FB_NO_REBOOT" variable under the Shim GUID.
+This is a workaround for a boot loop in case a confidential
+guest that uses shim is booted with a vtpm device present.
+
+BZ 2218196
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
+present_in_specfile: true
+location_in_specfile: 44
+---
+ OvmfPkg/AmdSevDxe/AmdSevDxe.c   | 43 +++++++++++++++++++++++++++++++++
+ OvmfPkg/AmdSevDxe/AmdSevDxe.inf |  2 ++
+ 2 files changed, 45 insertions(+)
+
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+index d497a343d3..ca345e95da 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+@@ -19,6 +19,7 @@
+ #include <Library/MemoryAllocationLib.h>
+ #include <Library/UefiBootServicesTableLib.h>
+ #include <Guid/ConfidentialComputingSevSnpBlob.h>
++#include <Guid/GlobalVariable.h>
+ #include <Library/PcdLib.h>
+ #include <Pi/PiDxeCis.h>
+ #include <Protocol/SevMemoryAcceptance.h>
+@@ -28,6 +29,10 @@
+ // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
+ #define EFI_MEMORY_INTERNAL_MASK  0x0700000000000000ULL
+ 
++static EFI_GUID  ShimLockGuid = {
++  0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 }
++};
++
+ STATIC
+ EFI_STATUS
+ AllocateConfidentialComputingBlob (
+@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL  mMemoryAcceptProtocol = {
+   AmdSevMemoryAccept
+ };
+ 
++VOID
++EFIAPI
++PopulateVarstore (
++  EFI_EVENT  Event,
++  VOID       *Context
++  )
++{
++  EFI_SYSTEM_TABLE  *SystemTable = (EFI_SYSTEM_TABLE *)Context;
++  EFI_STATUS        Status;
++
++  DEBUG ((DEBUG_INFO, "Populating Varstore\n"));
++  UINT32  data = 1;
++
++  Status = SystemTable->RuntimeServices->SetVariable (
++                                           L"FB_NO_REBOOT",
++                                           &ShimLockGuid,
++                                           EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
++                                           sizeof (data),
++                                           &data
++                                           );
++  ASSERT_EFI_ERROR (Status);
++
++  Status = SystemTable->BootServices->CloseEvent (Event);
++  ASSERT_EFI_ERROR (Status);
++}
++
+ EFI_STATUS
+ EFIAPI
+ AmdSevDxeEntryPoint (
+@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint (
+   UINTN                                     NumEntries;
+   UINTN                                     Index;
+   CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION  *SnpBootDxeTable;
++  EFI_EVENT                                 PopulateVarstoreEvent;
+ 
+   //
+   // Do nothing when SEV is not enabled
+@@ -211,6 +243,17 @@ AmdSevDxeEntryPoint (
+     return EFI_UNSUPPORTED;
+   }
+ 
++  // Shim fallback reboot workaround
++  Status = gBS->CreateEventEx (
++                  EVT_NOTIFY_SIGNAL,
++                  TPL_CALLBACK,
++                  PopulateVarstore,
++                  SystemTable,
++                  &gEfiEndOfDxeEventGroupGuid,
++                  &PopulateVarstoreEvent
++                  );
++  ASSERT_EFI_ERROR (Status);
++
+   //
+   // Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
+   // memory space. The NonExistent memory space will be used for mapping the
+diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+index e7c7d526c9..09cbd2b0ca 100644
+--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+@@ -54,6 +54,8 @@
+ [Guids]
+   gConfidentialComputingSevSnpBlobGuid
+   gEfiEventBeforeExitBootServicesGuid
++  gEfiEndOfDxeEventGroupGuid              ## CONSUMES ## Event
++
+ 
+ [Pcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId

0027-CryptoPkg-CrtLib-add-stat.h-include-file.patch

@@ -0,0 +1,28 @@
+From 0454b8eaabf7fa0240b6d7c4f6409584161552d4 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:11:02 +0200
+Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.
+
+Needed by rhel downstream openssl patches.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ CryptoPkg/Library/Include/sys/stat.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+ create mode 100644 CryptoPkg/Library/Include/sys/stat.h
+
+diff --git a/CryptoPkg/Library/Include/sys/stat.h b/CryptoPkg/Library/Include/sys/stat.h
+new file mode 100644
+index 0000000000..22247bb2db
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/stat.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building the third-party cryptographic library.
++
++Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
++SPDX-License-Identifier: BSD-2-Clause-Patent
++
++**/
++
++#include <CrtLibSupport.h>

0028-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch

@@ -0,0 +1,139 @@
+From b9adc98473593da055c45f036219a469ceddbc34 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:27:09 +0200
+Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
+
+Needed by rhel downstream openssl patches, they use unix syscalls
+for file access (instead of fopen + friends like the rest of the
+code base).  No actual file access is needed for edk2, so just
+add stubs to make linking work.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 46 +++++++++++++++++++
+ CryptoPkg/Library/Include/CrtLibSupport.h     | 41 +++++++++++++++++
+ 2 files changed, 87 insertions(+)
+
+diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+index b114cc069a..6ba751c1f1 100644
+--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+@@ -589,6 +589,52 @@ fread (
+   return 0;
+ }
+ 
++int
++access(
++  const char*,
++  int
++  )
++{
++  return -1;
++}
++
++int
++open (
++  const char *,
++  int
++  )
++{
++  return -1;
++}
++
++ssize_t
++read (
++  int,
++  void*,
++  size_t
++  )
++{
++  return -1;
++}
++
++ssize_t
++write (
++  int,
++  const void*,
++  size_t
++  )
++{
++  return -1;
++}
++
++int
++close (
++  int
++  )
++{
++  return -1;
++}
++
+ uid_t
+ getuid (
+   void
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index cd51e197e7..b1616a7b4c 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
++++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -79,6 +79,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ //
+ // Definitions for global constants used by CRT library routines
+ //
++#define EINTR         4
+ #define EINVAL        22              /* Invalid argument */
+ #define EAFNOSUPPORT  47              /* Address family not supported by protocol family */
+ #define INT_MAX       0x7FFFFFFF      /* Maximum (signed) int value */
+@@ -103,6 +104,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ #define NS_INADDRSZ   4   /*%< IPv4 T_A */
+ #define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
+ 
++#define O_RDONLY        00000000
++#define O_WRONLY        00000001
++#define O_RDWR          00000002
++
++#define R_OK  4
++#define W_OK  2
++#define X_OK  1
++#define F_OK  0
++
+ //
+ // Basic types mapping
+ //
+@@ -329,6 +339,37 @@ fprintf     (
+   ...
+   );
+ 
++int
++access(
++  const char*,
++  int
++  );
++
++int
++open (
++  const char *,
++  int
++  );
++
++ssize_t
++read (
++  int,
++  void*,
++  size_t
++  );
++
++ssize_t
++write (
++  int,
++  const void*,
++  size_t
++  );
++
++int
++close (
++  int
++  );
++
+ time_t
+ time        (
+   time_t *

0029-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch

@@ -0,0 +1,45 @@
+From 2837b67434701fc5e3d2ef846e0e3c7d409df631 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Wed, 14 Aug 2024 09:53:49 +0200
+Subject: [PATCH] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
+RH-Jira: RHEL-45829
+RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
+RH-Commit: [2/2] d1f24c14ccea7346d395c263ed577039f91debfd (osteffen/edk2)
+
+The word "Failed" is used when logging tired Rng algorithms.
+These mostly non-critical messages confused some users.
+
+Reword it and also add a message confirming eventual success to
+deescalate the importance somewhat.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
+present_in_specfile: true
+location_in_specfile: 41
+---
+ NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+index 9acc21caeb..73ddf8b0fb 100644
+--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
++++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+@@ -952,12 +952,13 @@ PseudoRandom (
+         //
+         // Secure Algorithm was supported on this platform
+         //
++        DEBUG ((DEBUG_VERBOSE, "Generated random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+         return EFI_SUCCESS;
+       } else if (Status == EFI_UNSUPPORTED) {
+         //
+         // Secure Algorithm was not supported on this platform
+         //
+-        DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
++        DEBUG ((DEBUG_VERBOSE, "Unable to generate random data using secure algorithm %d not available: %r\n", AlgorithmIndex, Status));
+ 
+         //
+         // Try the next secure algorithm

0030-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch

@@ -0,0 +1,351 @@
+From 24da4bc42a6f16094ea589ffb2a9326cf8a596cc Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 12:40:12 +0100
+Subject: [PATCH] OvmfPkg: Add a Fallback RNG (RH only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 82: Add a Fallback RNG (RH only)
+RH-Jira: RHEL-66234
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/2] bb62ac9e3f1cd5eae1bb94e047fb6ebada57cd24 (osteffen/edk2)
+
+Since the pixiefail CVE fix, the network stack requires a random number
+generator.
+In case there is no hardware random number generator available,
+have the Platform Boot Manager install a pseudo RNG to ensure
+the network can be used.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
+present_in_specfile: true
+location_in_specfile: 48
+---
+ .../PlatformBootManagerLib/BdsPlatform.c      |   7 +
+ .../PlatformBootManagerLib/FallbackRng.c      | 222 ++++++++++++++++++
+ .../PlatformBootManagerLib/FallbackRng.h      |  20 ++
+ .../PlatformBootManagerLib.inf                |   5 +
+ 4 files changed, 254 insertions(+)
+ create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+ create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index d9f61757cf..87d1ac3142 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -15,6 +15,8 @@
+ #include <Library/Tcg2PhysicalPresenceLib.h>
+ #include <Library/XenPlatformLib.h>
+ 
++#include "FallbackRng.h"
++
+ //
+ // Global data
+ //
+@@ -539,6 +541,9 @@ PlatformBootManagerBeforeConsole (
+     ConnectVirtioPciRng,
+     NULL
+     );
++
++  FallbackRngCheckAndInstall ();
++
+ }
+ 
+ EFI_STATUS
+@@ -1778,6 +1783,8 @@ PlatformBootManagerAfterConsole (
+ 
+   DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ 
++  FallbackRngPrintWarning ();
++
+   if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
+     DEBUG ((
+       DEBUG_INFO,
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+new file mode 100644
+index 0000000000..bba60e29d5
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
+@@ -0,0 +1,222 @@
++/** @file
++  Copyright (C) 2024, Red Hat, Inc.
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <Uefi/UefiBaseType.h>
++#include <Uefi/UefiSpec.h>
++#include <Protocol/Rng.h>
++#include <Library/BaseMemoryLib.h>
++#include <Library/BaseLib.h>
++#include <Library/DebugLib.h>
++#include <Library/RngLib.h>
++#include <Library/UefiBootServicesTableLib.h>
++#include <Library/UefiLib.h>
++#include <Library/PrintLib.h>
++#include <Library/DxeServicesTableLib.h>
++
++#include "FallbackRng.h"
++
++typedef struct {
++  EFI_RNG_PROTOCOL    Rng;
++  EFI_HANDLE          Handle;
++} FALLBACK_RNG_DEV;
++
++/**
++  Returns information about the random number generation implementation.
++
++  @param[in]     This                 A pointer to the EFI_RNG_PROTOCOL
++                                      instance.
++  @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
++                                      RNGAlgorithmList.
++                                      On output with a return code of
++                                      EFI_SUCCESS, the size in bytes of the
++                                      data returned in RNGAlgorithmList. On
++                                      output with a return code of
++                                      EFI_BUFFER_TOO_SMALL, the size of
++                                      RNGAlgorithmList required to obtain the
++                                      list.
++  @param[out] RNGAlgorithmList        A caller-allocated memory buffer filled
++                                      by the driver with one EFI_RNG_ALGORITHM
++                                      element for each supported RNG algorithm.
++                                      The list must not change across multiple
++                                      calls to the same driver. The first
++                                      algorithm in the list is the default
++                                      algorithm for the driver.
++
++  @retval EFI_SUCCESS                 The RNG algorithm list was returned
++                                      successfully.
++  @retval EFI_UNSUPPORTED             The services is not supported by this
++                                      driver.
++  @retval EFI_DEVICE_ERROR            The list of algorithms could not be
++                                      retrieved due to a hardware or firmware
++                                      error.
++  @retval EFI_INVALID_PARAMETER       One or more of the parameters are
++                                      incorrect.
++  @retval EFI_BUFFER_TOO_SMALL        The buffer RNGAlgorithmList is too small
++                                      to hold the result.
++
++**/
++STATIC
++EFI_STATUS
++EFIAPI
++FallbackRngGetInfo (
++  IN      EFI_RNG_PROTOCOL   *This,
++  IN OUT  UINTN              *RNGAlgorithmListSize,
++  OUT     EFI_RNG_ALGORITHM  *RNGAlgorithmList
++  )
++{
++  if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
++    return EFI_INVALID_PARAMETER;
++  }
++
++  if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
++    *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
++    return EFI_BUFFER_TOO_SMALL;
++  }
++
++  if (RNGAlgorithmList == NULL) {
++    return EFI_INVALID_PARAMETER;
++  }
++
++  *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
++  CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
++
++  return EFI_SUCCESS;
++}
++
++/**
++  Produces and returns an RNG value using either the default or specified RNG
++  algorithm.
++
++  @param[in]  This                    A pointer to the EFI_RNG_PROTOCOL
++                                      instance.
++  @param[in]  RNGAlgorithm            A pointer to the EFI_RNG_ALGORITHM that
++                                      identifies the RNG algorithm to use. May
++                                      be NULL in which case the function will
++                                      use its default RNG algorithm.
++  @param[in]  RNGValueLength          The length in bytes of the memory buffer
++                                      pointed to by RNGValue. The driver shall
++                                      return exactly this numbers of bytes.
++  @param[out] RNGValue                A caller-allocated memory buffer filled
++                                      by the driver with the resulting RNG
++                                      value.
++
++  @retval EFI_SUCCESS                 The RNG value was returned successfully.
++  @retval EFI_UNSUPPORTED             The algorithm specified by RNGAlgorithm
++                                      is not supported by this driver.
++  @retval EFI_DEVICE_ERROR            An RNG value could not be retrieved due
++                                      to a hardware or firmware error.
++  @retval EFI_NOT_READY               There is not enough random data available
++                                      to satisfy the length requested by
++                                      RNGValueLength.
++  @retval EFI_INVALID_PARAMETER       RNGValue is NULL or RNGValueLength is
++                                      zero.
++
++**/
++STATIC
++EFI_STATUS
++EFIAPI
++FallbackRngGetRNG (
++  IN EFI_RNG_PROTOCOL   *This,
++  IN EFI_RNG_ALGORITHM  *RNGAlgorithm  OPTIONAL,
++  IN UINTN              RNGValueLength,
++  OUT UINT8             *RNGValue
++  )
++{
++  UINT64      RandomData;
++  EFI_STATUS  Status;
++  UINTN       i;
++
++  if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
++    return EFI_INVALID_PARAMETER;
++  }
++
++  //
++  // We only support the raw algorithm, so reject requests for anything else
++  //
++  if ((RNGAlgorithm != NULL) &&
++      !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
++  {
++    return EFI_UNSUPPORTED;
++  }
++
++  for (i = 0; i < RNGValueLength; ++i) {
++    if (i % 4 == 0) {
++      Status = GetRandomNumber64 (&RandomData);
++      if (EFI_ERROR (Status)) {
++        return Status;
++      }
++    }
++  }
++
++  return EFI_SUCCESS;
++}
++
++static FALLBACK_RNG_DEV  Dev = {
++  .Rng.GetInfo = FallbackRngGetInfo,
++  .Rng.GetRNG  = FallbackRngGetRNG,
++  .Handle      = NULL,
++};
++
++EFI_STATUS
++FallbackRngCheckAndInstall (
++  )
++{
++  EFI_STATUS  Status;
++  EFI_HANDLE  *HandleBuffer = NULL;
++  UINTN       HandleCount   = 0;
++
++  if (Dev.Handle != NULL) {
++    DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
++    return EFI_ALREADY_STARTED;
++  }
++
++  Status = gBS->LocateHandleBuffer (
++                  ByProtocol,
++                  &gEfiRngProtocolGuid,
++                  NULL,
++                  &HandleCount,
++                  &HandleBuffer
++                  );
++
++  gBS->FreePool (HandleBuffer);
++
++  if (Status == EFI_NOT_FOUND) {
++    HandleCount = 0;
++  } else if (EFI_ERROR (Status)) {
++    DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
++    return Status;
++  }
++
++  DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
++
++  if (HandleCount == 0) {
++    // Install RNG
++    Status = gBS->InstallProtocolInterface (
++                    &Dev.Handle,
++                    &gEfiRngProtocolGuid,
++                    EFI_NATIVE_INTERFACE,
++                    &Dev.Rng
++                    );
++    if (EFI_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
++      return Status;
++    }
++
++    gDS->Dispatch ();
++  }
++
++  return EFI_SUCCESS;
++}
++
++VOID
++FallbackRngPrintWarning (
++  )
++{
++  if (Dev.Handle != NULL) {
++    Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
++    DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
++    gBS->Stall (2000000);
++  }
++}
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+new file mode 100644
+index 0000000000..77332bc51c
+--- /dev/null
++++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
+@@ -0,0 +1,20 @@
++/** @file
++  Copyright (C) 2024, Red Hat, Inc.
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#ifndef _FALLBACK_RNG_H_
++#define _FALLBACK_RNG_H_
++
++#include <Uefi/UefiBaseType.h>
++#include <Uefi/UefiSpec.h>
++
++EFI_STATUS
++FallbackRngCheckAndInstall (
++  );
++
++VOID
++FallbackRngPrintWarning (
++  );
++
++#endif
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+index c6ffc1ed9e..211716e30d 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
++++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+@@ -25,6 +25,8 @@
+   PlatformData.c
+   QemuKernel.c
+   BdsPlatform.h
++  FallbackRng.c
++  FallbackRng.h
+ 
+ [Packages]
+   MdePkg/MdePkg.dec
+@@ -56,6 +58,7 @@
+   PlatformBmPrintScLib
+   Tcg2PhysicalPresenceLib
+   XenPlatformLib
++  RngLib
+ 
+ [Pcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
+@@ -80,6 +83,7 @@
+   gEfiDxeSmmReadyToLockProtocolGuid             # PROTOCOL SOMETIMES_PRODUCED
+   gEfiLoadedImageProtocolGuid                   # PROTOCOL SOMETIMES_PRODUCED
+   gEfiFirmwareVolume2ProtocolGuid               # PROTOCOL SOMETIMES_CONSUMED
++  gEfiRngProtocolGuid                           # PROTOCOL SOMETIMES_PRODUCED
+ 
+ [Guids]
+   gEfiEndOfDxeEventGroupGuid
+@@ -87,3 +91,4 @@
+   gRootBridgesConnectedEventGroupGuid
+   gUefiShellFileGuid
+   gGrubFileGuid
++  gEfiRngAlgorithmRaw

0031-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch

@@ -0,0 +1,102 @@
+From 14ce76be0e92a9926a7f2b33d64b13966c6bfaf2 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Thu, 7 Nov 2024 11:36:22 +0100
+Subject: [PATCH] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 82: Add a Fallback RNG (RH only)
+RH-Jira: RHEL-66234
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [2/2] ae2c04680e6420e096c667a22c52ec6f6fb46935 (osteffen/edk2)
+
+Since the pixiefail CVE fix, the network stack requires a random number
+generator.
+In case there is no hardware random number generator available,
+have the Platform Boot Manager install a pseudo RNG to ensure
+the network can be used.
+
+This patch adds the fallback rng which was introduced in a
+previous commit also to the ArmVirtPkg PlatformBootManagerLib.
+
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+
+patch_name: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
+present_in_specfile: true
+location_in_specfile: 49
+---
+ OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c    | 6 ++++++
+ .../PlatformBootManagerLibLight/PlatformBootManagerLib.inf  | 5 +++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+index 8e93f3cfed..8aa1e8e2df 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+@@ -30,6 +30,7 @@
+ #include <Guid/GlobalVariable.h>
+ #include <Guid/RootBridgesConnectedEventGroup.h>
+ #include <Guid/SerialPortLibVendor.h>
++#include "FallbackRng.h"
+ 
+ #include "PlatformBm.h"
+ 
+@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
+   //
+   FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+ 
++
+   //
+   // Add the hardcoded short-form USB keyboard device path to ConIn.
+   //
+@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
+   //
+   FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
+   FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
++
++  FallbackRngCheckAndInstall ();
+ }
+ 
+ /**
+@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
+   RETURN_STATUS  Status;
+   BOOLEAN        Uninstall;
+ 
++  FallbackRngPrintWarning ();
++
+   //
+   // Show the splash screen.
+   //
+diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+index 8e7cd5605f..4583c05ef4 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
++++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+@@ -27,6 +27,8 @@
+   PlatformBm.c
+   PlatformBm.h
+   QemuKernel.c
++  ../PlatformBootManagerLib/FallbackRng.h
++  ../PlatformBootManagerLib/FallbackRng.c
+ 
+ [Packages]
+   MdeModulePkg/MdeModulePkg.dec
+@@ -53,6 +55,7 @@
+   UefiBootServicesTableLib
+   UefiLib
+   UefiRuntimeServicesTableLib
++  RngLib
+ 
+ [FixedPcd]
+   gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
+@@ -70,6 +73,7 @@
+   gEfiGlobalVariableGuid
+   gRootBridgesConnectedEventGroupGuid
+   gUefiShellFileGuid
++  gEfiRngAlgorithmRaw
+ 
+ [Protocols]
+   gEfiFirmwareVolume2ProtocolGuid
+@@ -77,3 +81,4 @@
+   gEfiMemoryAttributeProtocolGuid
+   gEfiPciRootBridgeIoProtocolGuid
+   gVirtioDeviceProtocolGuid
++  gEfiRngProtocolGuid

0032-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-Do-not-use-fl.patch

@@ -0,0 +1,37 @@
+From ee75d5f03a473eb4007f7aaa58a41719adca0429 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Mon, 18 Nov 2024 12:59:32 -0600
+Subject: [PATCH] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: Do not use flash with
+ SEV-SNP
+
+SEV-SNP does not support the use of the Qemu flash device as SEV-SNP
+guests are started using the Qemu -bios option instead of the Qemu -drive
+if=pflash option. Perform runtime detection of SEV-SNP and exit early from
+the Qemu flash device initialization, indicating the Qemu flash device is
+not present. SEV-SNP guests will use the emulated variable support.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+(cherry picked from commit f0d2bc3ab268c8e3c6da4158208df38bc9d3677e)
+---
+ OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
+index a577aea556..5e393e98ed 100644
+--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
++++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
+@@ -259,6 +259,14 @@ QemuFlashInitialize (
+   VOID
+   )
+ {
++  //
++  // The SNP model does not provide for QEMU flash device support, so exit
++  // early before attempting to initialize any QEMU flash device support.
++  //
++  if (MemEncryptSevSnpIsEnabled ()) {
++    return EFI_UNSUPPORTED;
++  }
++
+   mFlashBase   = (UINT8 *)(UINTN)PcdGet32 (PcdOvmfFdBaseAddress);
+   mFdBlockSize = PcdGet32 (PcdOvmfFirmwareBlockSize);
+   ASSERT (PcdGet32 (PcdOvmfFirmwareFdSize) % mFdBlockSize == 0);

0033-OvmfPkg-PlatformPei-Move-NV-vars-init-to-after-SEV-S.patch

@@ -0,0 +1,52 @@
+From 6fc76f3572566a83a34bb26d21e16c0e75de3609 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Mon, 18 Nov 2024 12:59:32 -0600
+Subject: [PATCH] OvmfPkg/PlatformPei: Move NV vars init to after SEV-SNP
+ memory acceptance
+
+When OVMF is built with the SECURE_BOOT_ENABLE set to true, reserving and
+initializing the emulated variable store happens before memory has been
+accepted under SEV-SNP. This results in a #VC exception for accessing
+memory that hasn't been validated (error code 0x404). The #VC handler
+treats this error code as a fatal error, causing the OVMF boot to fail.
+
+Move the call to ReserveEmuVariableNvStore() to after memory has been
+accepted by AmdSevInitialize().
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+(cherry picked from commit 52fa7e78d282f8434b41aff24b3a5a745611ff87)
+---
+ OvmfPkg/PlatformPei/Platform.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
+index 05b924f99f..54903cfca2 100644
+--- a/OvmfPkg/PlatformPei/Platform.c
++++ b/OvmfPkg/PlatformPei/Platform.c
+@@ -365,10 +365,6 @@ InitializePlatform (
+   InitializeRamRegions (PlatformInfoHob);
+ 
+   if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
+-    if (!PlatformInfoHob->SmmSmramRequire) {
+-      ReserveEmuVariableNvStore ();
+-    }
+-
+     PeiFvInitialization (PlatformInfoHob);
+     MemTypeInfoInitialization (PlatformInfoHob);
+     MemMapInitialization (PlatformInfoHob);
+@@ -391,5 +387,15 @@ InitializePlatform (
+     RelocateSmBase ();
+   }
+ 
++  //
++  // Performed after CoCo (SEV/TDX) initialization to allow the memory
++  // used to be validated before being used.
++  //
++  if (PlatformInfoHob->BootMode != BOOT_ON_S3_RESUME) {
++    if (!PlatformInfoHob->SmmSmramRequire) {
++      ReserveEmuVariableNvStore ();
++    }
++  }
++
+   return EFI_SUCCESS;
+ }

0034-OvmfPkg-PlatformInitLib-Retry-NV-vars-FV-check-as-sh.patch

@@ -0,0 +1,103 @@
+From 3ae6cb5329ce5e48efc29989943e19cfccbfb38b Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Mon, 18 Nov 2024 12:59:32 -0600
+Subject: [PATCH] OvmfPkg/PlatformInitLib: Retry NV vars FV check as shared
+
+When OVMF is built with SECURE_BOOT_ENABLE, the variable store will be
+populated and validated in PlatformValidateNvVarStore(). When an SEV
+or an SEV-ES guest is running, this may be encrypted or unencrypted
+depending on how the guest was started. If the guest was started with the
+combined code and variable contents (OVMF.fd), then the variable store
+will be encrypted. If the guest was started with the separate code and
+variables contents (OVMF_CODE.fd and OVMF_VARS.fd), then the variable
+store will be unencrypted.
+
+When PlatformValidateNvVarStore() is first invoked, the variable store
+area is initially mapped encrypted, which may or may not pass the variable
+validation step depending how the guest was launched. To accomodate this,
+retry the validation step on failure after remapping the variable store
+area as unencrypted.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+(cherry picked from commit d502cc7702e4d537c2bcbe5256e26cba6d4ca8c6)
+---
+ OvmfPkg/Library/PlatformInitLib/Platform.c    | 32 +++++++++++++++++--
+ .../PlatformInitLib/PlatformInitLib.inf       |  1 +
+ 2 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c
+index 10fc17355f..715533b1f2 100644
+--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
+@@ -34,6 +34,7 @@
+ #include <Guid/VariableFormat.h>
+ #include <OvmfPlatforms.h>
+ #include <Library/TdxLib.h>
++#include <Library/MemEncryptSevLib.h>
+ 
+ #include <Library/PlatformInitLib.h>
+ 
+@@ -774,6 +775,8 @@ PlatformValidateNvVarStore (
+   EFI_FIRMWARE_VOLUME_HEADER     *NvVarStoreFvHeader;
+   VARIABLE_STORE_HEADER          *NvVarStoreHeader;
+   AUTHENTICATED_VARIABLE_HEADER  *VariableHeader;
++  BOOLEAN                        Retry;
++  EFI_STATUS                     Status;
+ 
+   static EFI_GUID  FvHdrGUID       = EFI_SYSTEM_NV_DATA_FV_GUID;
+   static EFI_GUID  VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID;
+@@ -792,6 +795,15 @@ PlatformValidateNvVarStore (
+   //
+   NvVarStoreFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)NvVarStoreBase;
+ 
++  //
++  // SEV and SEV-ES can use separate flash devices for OVMF code and
++  // OVMF variables. In this case, the OVMF variables will need to be
++  // mapped unencrypted. If the initial validation fails, remap the
++  // NV variable store as unencrypted and retry the validation.
++  //
++  Retry = MemEncryptSevIsEnabled ();
++
++RETRY:
+   if ((!IsZeroBuffer (NvVarStoreFvHeader->ZeroVector, 16)) ||
+       (!CompareGuid (&FvHdrGUID, &NvVarStoreFvHeader->FileSystemGuid)) ||
+       (NvVarStoreFvHeader->Signature != EFI_FVH_SIGNATURE) ||
+@@ -801,8 +813,24 @@ PlatformValidateNvVarStore (
+       (NvVarStoreFvHeader->FvLength != NvVarStoreSize)
+       )
+   {
+-    DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n"));
+-    return FALSE;
++    if (!Retry) {
++      DEBUG ((DEBUG_ERROR, "NvVarStore FV headers were invalid.\n"));
++      return FALSE;
++    }
++
++    DEBUG ((DEBUG_INFO, "Remapping NvVarStore as shared\n"));
++    Status = MemEncryptSevClearMmioPageEncMask (
++               0,
++               (UINTN)NvVarStoreBase,
++               EFI_SIZE_TO_PAGES (NvVarStoreSize)
++               );
++    if (EFI_ERROR (Status)) {
++      DEBUG ((DEBUG_ERROR, "Failed to map NvVarStore as shared\n"));
++      return FALSE;
++    }
++
++    Retry = FALSE;
++    goto RETRY;
+   }
+ 
+   //
+diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+index 3e63ef4423..fb179e6791 100644
+--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+@@ -48,6 +48,7 @@
+   HobLib
+   QemuFwCfgLib
+   QemuFwCfgSimpleParserLib
++  MemEncryptSevLib
+   MemoryAllocationLib
+   MtrrLib
+   PcdLib

0035-OvmfPkg-EmuVariableFvbRuntimeDxe-Issue-NV-vars-initi.patch

@@ -0,0 +1,28 @@
+From 6944acabf2aa916e7f321c28f19e7d95b155df99 Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Mon, 18 Nov 2024 12:59:32 -0600
+Subject: [PATCH] OvmfPkg/EmuVariableFvbRuntimeDxe: Issue NV vars
+ initializitation message
+
+Add a debug message that indicates when the NV variables are being
+initialized through the template structure.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+(cherry picked from commit 6142f0a8a53557ba50300c762a15bf3c18382162)
+---
+ OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
+index c07e38966e..cc476c7df2 100644
+--- a/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
++++ b/OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.c
+@@ -692,6 +692,8 @@ InitializeFvAndVariableStoreHeaders (
+   //
+   Fv           = (EFI_FIRMWARE_VOLUME_HEADER *)Ptr;
+   Fv->Checksum = CalculateCheckSum16 (Ptr, Fv->HeaderLength);
++
++  DEBUG ((DEBUG_INFO, "EMU Variable FVB: Initialized FV using template structure\n"));
+ }
+ 
+ /**

0036-OvmfPkg-PlatformInitLib-enable-x2apic-mode-if-needed.patch

@@ -0,0 +1,51 @@
+From 87a3869f6d509e36d8c5dfe5a1bd8dea62195dab Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Fri, 23 Aug 2024 11:55:31 +0200
+Subject: [PATCH] OvmfPkg/PlatformInitLib: enable x2apic mode if needed
+
+Enable x2apic mode in case the number of possible CPUs (including
+hotplug-able CPus which are not (yet) online) is larger than 255.
+
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+(cherry picked from commit 8c8e05db24d8578cf87669e491f983fbd8357d55)
+---
+ OvmfPkg/Library/PlatformInitLib/Platform.c          | 6 ++++++
+ OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 +
+ 2 files changed, 7 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformInitLib/Platform.c b/OvmfPkg/Library/PlatformInitLib/Platform.c
+index 715533b1f2..afe8b0abd6 100644
+--- a/OvmfPkg/Library/PlatformInitLib/Platform.c
++++ b/OvmfPkg/Library/PlatformInitLib/Platform.c
+@@ -30,6 +30,7 @@
+ #include <Library/QemuFwCfgS3Lib.h>
+ #include <Library/QemuFwCfgSimpleParserLib.h>
+ #include <Library/PciLib.h>
++#include <Library/LocalApicLib.h>
+ #include <Guid/SystemNvDataGuid.h>
+ #include <Guid/VariableFormat.h>
+ #include <OvmfPlatforms.h>
+@@ -720,6 +721,11 @@ PlatformMaxCpuCountInitialization (
+     ));
+   ASSERT (BootCpuCount <= MaxCpuCount);
+ 
++  if (MaxCpuCount > 255) {
++    DEBUG ((DEBUG_INFO, "%a: enable x2apic mode\n", __func__));
++    SetApicMode (LOCAL_APIC_MODE_X2APIC);
++  }
++
+   PlatformInfoHob->PcdCpuMaxLogicalProcessorNumber  = MaxCpuCount;
+   PlatformInfoHob->PcdCpuBootLogicalProcessorNumber = BootCpuCount;
+ }
+diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+index fb179e6791..c79b2ee106 100644
+--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
++++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
+@@ -48,6 +48,7 @@
+   HobLib
+   QemuFwCfgLib
+   QemuFwCfgSimpleParserLib
++  LocalApicLib
+   MemEncryptSevLib
+   MemoryAllocationLib
+   MtrrLib

0037-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch

@@ -0,0 +1,37 @@
+From 8f117e06457536a78feeee1e49c43ca435d94842 Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 19:00:11 +0100
+Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
+
+Since the pixiefail CVE fix the network stack requires a hardware
+random number generator. This can currently be a modern CPU supporting
+the RDRAND instruction or a virtio-rng device.
+The latter is initialized during the BDS phase.
+To ensure all depending (network) modules are also started, we need to
+run the dispatcher once more after the device was initialized.
+Without this, network boot is not available under certain hardware
+configurations.
+
+Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
+
+Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
+Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+(cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f)
+---
+ OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 87d1ac3142..1f1298eb0b 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
+     if (EFI_ERROR (Status)) {
+       goto Error;
+     }
++
++    gDS->Dispatch ();
+   }
+ 
+   return EFI_SUCCESS;

30-edk2-ovmf-x64-sb-enrolled.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
             "format": "raw"
@@ -24,7 +25,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
         "enrolled-keys",
         "requires-smm",
         "secure-boot",

40-edk2-ovmf-x64-sb.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
             "format": "raw"
@@ -24,7 +25,6 @@
     ],
     "features": [
         "acpi-s3",
-        "amd-sev",
         "requires-smm",
         "secure-boot",
         "verbose-dynamic"

50-edk2-aarch64-qcow2.json

@@ -0,0 +1,32 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode": "split",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+
+    ],
+    "tags": [
+
+    ]
+}

50-edk2-ovmf-x64-nosb.json

@@ -1,12 +1,13 @@
 {
-    "description": "OVMF with SEV-ES support",
+    "description": "OVMF without SB+SMM, empty varstore",
     "interface-types": [
         "uefi"
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
-            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.cc.fd",
+            "filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
             "format": "raw"
         },
         "nvram-template": {
@@ -18,12 +19,12 @@
         {
             "architecture": "x86_64",
             "machines": [
-                "pc-q35-rhel8.6.0",
-                "pc-q35-rhel8.5.0"
+                "pc-q35-*"
             ]
         }
     ],
     "features": [
+        "acpi-s3",
         "amd-sev",
         "amd-sev-es",
         "verbose-dynamic"

51-edk2-aarch64-raw.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
             "format": "raw"

52-edk2-aarch64-verbose-qcow2.json

@@ -0,0 +1,32 @@
+{
+    "description": "UEFI firmware for ARM64 virtual machines, verbose logs",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode": "split",
+        "executable": {
+            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "aarch64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+        "verbose-static"
+    ],
+    "tags": [
+
+    ]
+}

53-edk2-aarch64-verbose-raw.json

@@ -5,6 +5,7 @@
     ],
     "mapping": {
         "device": "flash",
+        "mode": "split",
         "executable": {
             "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
             "format": "raw"

60-edk2-ovmf-x64-amdsev.json

@@ -0,0 +1,27 @@
+{
+    "description": "OVMF with SEV-ES support",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd"
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "amd-sev",
+        "amd-sev-es",
+        "amd-sev-snp",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

60-edk2-ovmf-x64-inteltdx.json

@@ -0,0 +1,27 @@
+{
+    "description": "OVMF with TDX support",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "memory",
+        "filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd"
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-*"
+            ]
+        }
+    ],
+    "features": [
+        "enrolled-keys",
+        "intel-tdx",
+        "secure-boot",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}

SOURCES/0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch

@@ -1,43 +0,0 @@
-From 0790c9c4f796fdce8ba6618359b78e1d0b331c95 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 4 Jun 2020 13:34:12 +0200
-Subject: BaseTools: do not build BrotliCompress (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- New patch.
-
-BrotliCompress is not used for building ArmVirtPkg or OvmfPkg platforms.
-It depends on one of the upstream Brotli git submodules that we removed
-earlier in this rebase series. (See patch "remove upstream edk2's Brotli
-submodules (RH only").
-
-Do not attempt to build BrotliCompress.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit db8ccca337e2c5722c1d408d2541cf653d3371a2)
----
- BaseTools/Source/C/GNUmakefile | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
-index 8c191e0c38..3eae824a1c 100644
---- a/BaseTools/Source/C/GNUmakefile
-+++ b/BaseTools/Source/C/GNUmakefile
-@@ -48,7 +48,6 @@ all: makerootdir subdirs
- LIBRARIES = Common
- VFRAUTOGEN = VfrCompile/VfrLexer.h
- APPLICATIONS = \
--  BrotliCompress \
-   VfrCompile \
-   EfiRom \
-   GenFfs \
--- 
-2.27.0
-

SOURCES/0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch

@@ -1,49 +0,0 @@
-From df9e25b7e6179a7764d44f915de95af5f850a020 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 4 Jun 2020 13:39:08 +0200
-Subject: MdeModulePkg: remove package-private Brotli include path (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- New patch.
-
-Originating from upstream commit 58802e02c41b
-("MdeModulePkg/BrotliCustomDecompressLib: Make brotli a submodule",
-2020-04-16), "MdeModulePkg/MdeModulePkg.dec" contains a package-internal
-include path into a Brotli submodule.
-
-The edk2 build system requires such include paths to resolve successfully,
-regardless of the firmware platform being built. Because
-BrotliCustomDecompressLib is not consumed by any OvmfPkg or ArmVirtPkg
-platforms, and we've removed the submodule earlier in this patch set,
-remove the include path too.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit e05e0de713c4a2b8adb6ff9809611f222bfe50ed)
----
- MdeModulePkg/MdeModulePkg.dec | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 463e889e9a..9d69fb86ed 100644
---- a/MdeModulePkg/MdeModulePkg.dec
-+++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -24,9 +24,6 @@
- [Includes]
-   Include
- 
--[Includes.Common.Private]
--  Library/BrotliCustomDecompressLib/brotli/c/include
--
- [LibraryClasses]
-   ##  @libraryclass  Defines a set of methods to reset whole system.
-   ResetSystemLib|Include/Library/ResetSystemLib.h
--- 
-2.27.0
-

SOURCES/0010-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch

@@ -1,82 +0,0 @@
-From 1a1bdd69fad22bbf48e3906bb73b33ede6632102 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 20 Feb 2014 22:54:45 +0100
-Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- trivial context difference due to upstream commit 2fe5f2f52918
-  ("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
-  by git-cherry-pick automatically
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no changes
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Upstream prefers short debug messages (sometimes even limited to 80
-characters), but any line length under 512 characters is just unsuitable
-for effective debugging. (For example, config strings in HII routing,
-logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
-level, can be several hundred characters long.) 512 is an empirically good
-value.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
-(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
-(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
-(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
-(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
-(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
-(cherry picked from commit e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5)
-(cherry picked from commit a95cff0b9573bf23699551beb4786383f697ff1e)
----
- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-index dffb20822d..0577c43c3d 100644
---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-@@ -21,7 +21,7 @@
- //
- // Define the maximum debug and assert message length that this library supports
- //
--#define MAX_DEBUG_MESSAGE_LENGTH  0x100
-+#define MAX_DEBUG_MESSAGE_LENGTH  0x200
- 
- //
- // VA_LIST can not initialize to NULL for all compiler, so we use this to
--- 
-2.27.0
-

SOURCES/0011-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch

@@ -1,168 +0,0 @@
-From 8ea4ac38206664e1d833085a0b7d4e0736870c2b Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 25 Feb 2014 18:40:35 +0100
-Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no changes
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no changes
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- update commit message as requested in
-  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
-  390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
-  InitializeTerminalConsoleTextMode", 2017-01-10).
-
-When the console output is multiplexed to several devices by
-ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
-supported by all console output devices.
-
-Two notable output devices are provided by:
-(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
-(2) MdeModulePkg/Universal/Console/TerminalDxe.
-
-GraphicsConsoleDxe supports four modes at most -- see
-InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
-
-(1a) 80x25 (required by the UEFI spec as mode 0),
-(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
-     requires the driver to provide it as mode 1),
-(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
-     spec requires from all plug-in graphics devices),
-(1d) "full screen" resolution, derived form the underlying GOP's
-     horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
-     (8) and EFI_GLYPH_HEIGHT (19), respectively.
-
-The automatic "full screen resolution" makes GraphicsConsoleDxe's
-character console very flexible. However, TerminalDxe (which runs on
-serial ports) only provides the following fixed resolutions -- see
-InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
-
-(2a) 80x25 (required by the UEFI spec as mode 0),
-(2b) 80x50 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 1),
-(2c) 100x31 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 2).
-
-When ConSplitterDxe combines (1) and (2), multiplexing console output to
-both video output and serial terminal, the list of commonly supported text
-modes (ie. the "intersection") comprises:
-
-(3a) 80x25, unconditionally, from (1a) and (2a),
-(3b) 80x50, if the graphics console provides at least 640x950 pixel
-     resolution, from (1b) and (2b)
-(3c) 100x31, if the graphics device is a plug-in one (because in that case
-     800x600 is a mandated pixel resolution), from (1c) and (2c).
-
-Unfortunately, the "full screen resolution" (1d) of the GOP-based text
-console is not available in general.
-
-Mitigate this problem by extending "mTerminalConsoleModeData" with a
-handful of text resolutions that are derived from widespread maximal pixel
-resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
-the most frequent (1d) values from the intersection, and eg. the MODE
-command in the UEFI shell will offer the "best" (ie. full screen)
-resolution too.
-
-Upstreaming efforts for this patch have been discontinued; it was clear
-from the off-list thread that consensus was impossible to reach.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
-(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
-(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
-(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
-(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
-(cherry picked from commit 12cb13a1da913912bd9148ce8f2353a75be77f18)
-(cherry picked from commit 82b9edc5fef3a07227a45059bbe821af7b9abd69)
----
- .../Universal/Console/TerminalDxe/Terminal.c  | 41 +++++++++++++++++--
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-index a98b690c8b..ded5513c74 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-@@ -115,9 +115,44 @@ TERMINAL_DEV  mTerminalDevTemplate = {
- };
- 
- TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
--  {80,  25},
--  {80,  50},
--  {100, 31},
-+  {   80,  25 }, // from graphics resolution  640 x  480
-+  {   80,  50 }, // from graphics resolution  640 x  960
-+  {  100,  25 }, // from graphics resolution  800 x  480
-+  {  100,  31 }, // from graphics resolution  800 x  600
-+  {  104,  32 }, // from graphics resolution  832 x  624
-+  {  120,  33 }, // from graphics resolution  960 x  640
-+  {  128,  31 }, // from graphics resolution 1024 x  600
-+  {  128,  40 }, // from graphics resolution 1024 x  768
-+  {  144,  45 }, // from graphics resolution 1152 x  864
-+  {  144,  45 }, // from graphics resolution 1152 x  870
-+  {  160,  37 }, // from graphics resolution 1280 x  720
-+  {  160,  40 }, // from graphics resolution 1280 x  760
-+  {  160,  40 }, // from graphics resolution 1280 x  768
-+  {  160,  42 }, // from graphics resolution 1280 x  800
-+  {  160,  50 }, // from graphics resolution 1280 x  960
-+  {  160,  53 }, // from graphics resolution 1280 x 1024
-+  {  170,  40 }, // from graphics resolution 1360 x  768
-+  {  170,  40 }, // from graphics resolution 1366 x  768
-+  {  175,  55 }, // from graphics resolution 1400 x 1050
-+  {  180,  47 }, // from graphics resolution 1440 x  900
-+  {  200,  47 }, // from graphics resolution 1600 x  900
-+  {  200,  63 }, // from graphics resolution 1600 x 1200
-+  {  210,  55 }, // from graphics resolution 1680 x 1050
-+  {  240,  56 }, // from graphics resolution 1920 x 1080
-+  {  240,  63 }, // from graphics resolution 1920 x 1200
-+  {  240,  75 }, // from graphics resolution 1920 x 1440
-+  {  250, 105 }, // from graphics resolution 2000 x 2000
-+  {  256,  80 }, // from graphics resolution 2048 x 1536
-+  {  256, 107 }, // from graphics resolution 2048 x 2048
-+  {  320,  75 }, // from graphics resolution 2560 x 1440
-+  {  320,  84 }, // from graphics resolution 2560 x 1600
-+  {  320, 107 }, // from graphics resolution 2560 x 2048
-+  {  350, 110 }, // from graphics resolution 2800 x 2100
-+  {  400, 126 }, // from graphics resolution 3200 x 2400
-+  {  480, 113 }, // from graphics resolution 3840 x 2160
-+  {  512, 113 }, // from graphics resolution 4096 x 2160
-+  {  960, 227 }, // from graphics resolution 7680 x 4320
-+  { 1024, 227 }, // from graphics resolution 8192 x 4320
-   //
-   // New modes can be added here.
-   //
--- 
-2.27.0
-

SOURCES/0015-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch

@@ -1,172 +0,0 @@
-From e8e12cb7d3a47e5823cf2cb12c9bfe5901d3b100 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Nov 2014 23:02:53 +0100
-Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
- only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- No manual / explicit code change is necessary, because the newly
-  inherited OvmfPkg/AmdSev platform already has its own BUILD_SHELL
-  build-time macro (feature test flag), with default value FALSE -- from
-  upstream commit b261a30c900a ("OvmfPkg/AmdSev: add Grub Firmware Volume
-  Package", 2020-12-14).
-
-- Contextual differences from new upstream commits 2d8ca4f90eae ("OvmfPkg:
-  enable HttpDynamicCommand", 2020-10-01) and 5ab6a0e1c8e9 ("OvmfPkg:
-  introduce VirtioFsDxe", 2020-12-21) have been auto-resolved by
-  git-cherry-pick.
-
-- Remove obsolete commit message tags related to downstream patch
-  management: Message-id, Patchwork-id, O-Subject, Acked-by
-  (RHBZ#1846481).
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- context difference from upstream commit ec41733cfd10 ("OvmfPkg: add the
-  'initrd' dynamic shell command", 2020-03-04) correctly auto-resolved
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- update the patch against the following upstream commits:
-  - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
-  - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
-                  tool chain", 2018-11-27)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Bugzilla: 1147592
-
-When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
-binary from the firmware image.
-
-Peter Jones advised us that firmware vendors for physical systems disable
-the memory-mapped, firmware image-contained UEFI shell in
-SecureBoot-enabled builds. The reason being that the memory-mapped shell
-can always load, it may have direct access to various hardware in the
-system, and it can run UEFI shell scripts (which cannot be signed at all).
-
-Intended use of the new build option:
-
-- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
-  firmware image will contain a shell binary, independently of SecureBoot
-  enablement, which is flexible for interactive development. (Ie. no
-  change for in-tree builds.)
-
-- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
-  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
-
-  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
-
-  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
-
-  - UefiShell.iso: a bootable ISO image with the shell on it as default
-    boot loader. The shell binary will load when SecureBoot is turned off,
-    and won't load when SecureBoot is turned on (because it is not
-    signed).
-
-    UefiShell.iso is the reason we're not excluding the shell from the DSC
-    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
-    is specified, the shell binary needs to be built the same, only it
-    will be included in UefiShell.iso.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
-(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
-(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
-(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
-(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
-(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
-(cherry picked from commit 229c88dc3ded9baeaca8b87767dc5c41c05afd6e)
-(cherry picked from commit c2812d7189dee06c780f05a5880eb421c359a687)
----
- OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
- OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
- OvmfPkg/OvmfPkgX64.fdf     | 2 ++
- 3 files changed, 6 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 775ea2d710..00ea14adf0 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -290,12 +290,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index 9d8695922f..e33a40c44e 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -294,12 +294,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index b6cc3cabdd..85b4b23857 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -310,12 +310,14 @@ INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF  OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- INF  ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
- INF  OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
--- 
-2.27.0
-

SOURCES/0016-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch

@@ -1,93 +0,0 @@
-From eba5ecf4b2611d593a978ccac804314ab7848754 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:49:43 +0200
-Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
-machine firmware) print a reasonably early, simple hello message to the
-serial port, regardless of debug mask settings. This should inform
-interactive users, and provide some rough help in localizing boot
-problems, even with restrictive debug masks.
-
-If a platform doesn't want this feature, it should stick with the default
-empty string.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Suggested-by: Drew Jones <drjones@redhat.com>
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
-(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
-(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
-(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
-(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
-(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
-(cherry picked from commit 9f756c1ad83cc81f7d892cd036d59a2b567b02dc)
-(cherry picked from commit c75aea7a738ac7fb944c0695a4bfffc3985afaa9)
----
- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
-index 3a25ddcdc8..b2b58553c7 100644
---- a/ArmPlatformPkg/ArmPlatformPkg.dec
-+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
-@@ -121,6 +121,13 @@
-   ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
-   gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
- 
-+  #
-+  # Early hello message (ASCII string), printed to the serial port.
-+  # If set to the empty string, nothing is printed.
-+  # Otherwise, a trailing CRLF should be specified explicitly.
-+  #
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
-+
- [PcdsFixedAtBuild.common,PcdsDynamic.common]
-   ## PL031 RealTimeClock
-   gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
--- 
-2.27.0
-

SOURCES/0017-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch

@@ -1,145 +0,0 @@
-From 8be1d7253ba8a7d30bb54835ef1fc866aa62e216 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:59:20 +0200
-Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
- port (RH)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- no change
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
-  temporary stack before entering PEI core", 2017-11-09) -- conflict
-  resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-The FixedPcdGetSize() macro expands to an integer constant, therefore an
-optimizing compiler can eliminate the new code, if the platform DSC
-doesn't override the empty string (size=1) default of
-PcdEarlyHelloMessage.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
-(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
-(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
-(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
-(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
-(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
-(cherry picked from commit 8d5a8827aabc67cb2a046697e1a750ca8d9cc453)
-(cherry picked from commit 49fe5596cd79c94d903c4d506c563d642ccd69aa)
----
- ArmPlatformPkg/PrePeiCore/MainMPCore.c          | 5 +++++
- ArmPlatformPkg/PrePeiCore/MainUniCore.c         | 5 +++++
- ArmPlatformPkg/PrePeiCore/PrePeiCore.h          | 1 +
- ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf  | 2 ++
- ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
- 5 files changed, 15 insertions(+)
-
-diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-index 859f1adf20..cf9e65bb7c 100644
---- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-@@ -111,6 +111,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Enable the GIC Distributor
-diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-index 220f9b5680..158cc34c77 100644
---- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-@@ -29,6 +29,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-index 7b155a8a61..e9e283f9ec 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-@@ -15,6 +15,7 @@
- #include <Library/DebugLib.h>
- #include <Library/IoLib.h>
- #include <Library/PcdLib.h>
-+#include <Library/SerialPortLib.h>
- 
- #include <PiPei.h>
- #include <Ppi/TemporaryRamSupport.h>
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-index fb01dd1a11..a6681c1032 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-@@ -69,6 +69,8 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gArmTokenSpaceGuid.PcdGicDistributorBase
-   gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
-   gArmTokenSpaceGuid.PcdGicSgiIntId
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-index e9eb092d3a..c98dc82f0c 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-@@ -67,4 +67,6 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
--- 
-2.27.0
-

SOURCES/0018-ArmVirtPkg-set-early-hello-message-RH-only.patch

@@ -1,82 +0,0 @@
-From 12873d08db00e113ef28eb4552f478cd4ffb3393 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 14:07:17 +0200
-Subject: ArmVirtPkg: set early hello message (RH only)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- no change
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- context difference from upstream commit f5cb3767038e
-  ("ArmVirtPkg/ArmVirtQemu: add ResetSystem PEIM for upcoming TPM2
-  support", 2020-03-04) automatically resolved correctly
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- no change
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
-  don't set PcdCoreCount", 2019-02-13)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Print a friendly banner on QEMU, regardless of debug mask settings.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
-(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
-(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
-(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
-(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
-(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
-(cherry picked from commit ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b)
-(cherry picked from commit 72550e12ae469012a505bf5b98a6543a754028d3)
----
- ArmVirtPkg/ArmVirtQemu.dsc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index e0476ede4f..ec0edf6e7b 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -134,6 +134,7 @@
-   gArmVirtTokenSpaceGuid.PcdTpm2SupportEnabled|$(TPM2_ENABLE)
- 
- [PcdsFixedAtBuild.common]
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
- !if $(ARCH) == AARCH64
-   gArmTokenSpaceGuid.PcdVFPEnabled|1
- !endif
--- 
-2.27.0
-

SOURCES/0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

@@ -1,179 +0,0 @@
-From e0b349962f12a500afa449900a81440a96ca21f4 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Sat, 16 Nov 2019 17:11:27 +0100
-Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
- (RH)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
-- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
-
-- Recreate the patch based on downstream commits:
-
-  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
-                  in the INFs (RH)", 2020-06-05),
-  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
-                  2020-11-23),
-  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
-                  RHEL-8.4", 2020-11-23).
-
-  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
-      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
-      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
-
-      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
-      files, namely
-
-      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
-      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-
-      in the following commits only:
-
-      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
-        option", 2020-08-12), which did not affect the source file list at
-        all,
-
-      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
-        entropy in rand_pool", 2020-09-18), which replaced some of the
-        *edk2-specific* "rand_pool_noise" source files with an RngLib
-        dependency.
-
-      This means that the list of required, actual OpenSSL source files
-      has not changed in upstream edk2 since our downstream edk2 commit
-      e81751a1c303.
-
-  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
-      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
-      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
-      shipped in RHEL-8.3.0.z", 2020-10-23).
-
-      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
-      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
-      2021-05-25), which is the current head of the rhel-8.5.0 branch.
-      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
-
-      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
-      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
-      source tree, with "rpmbuild -bp". Subsequently I compared the
-      prepped source trees recursively.
-
-      - The following files disappeared:
-
-        - 29 backup files created by "patch",
-
-        - the assembly generator perl script called
-          "ecp_nistz256-avx2.pl", which is not used during the build.
-
-      - The following new files appeared:
-
-        - 18 files directly or indirectly under the "test" subdirectory,
-          which are not used during the build,
-
-        - 5 backup files created by "patch",
-
-        - 2 DCL scripts used when building OpenSSL on OpenVMS.
-
-      This means that the total list of RHEL-8 OpenSSL source files has
-      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
-      commit 3e3fe5e62079.
-
-  As a result, copy the "RHEL8-specific OpenSSL file list" sections
-  verbatim from the INF files, at downstream commit e81751a1c303. (I used
-  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
-  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
-- "OpensslLib.inf":
-
-  - Automatic leading context refresh against upstream commit c72ca4666886
-    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
-    loop", 2020-03-10).
-
-  - Manual trailing context refresh against upstream commit b49a6c8f80d9
-    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
-
-- "OpensslLibCrypto.inf":
-
-  - Automatic leading context refresh against upstream commits
-    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
-    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
-    process_files.pl to generate .h files", 2019-10-30).
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
-- new patch
-
-The downstream changes in RHEL8's OpenSSL package, for example in
-"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
-preexistent code into those new files. In order to avoid undefined
-references in link editing, we have to list the new files.
-
-Note: "process_files.pl" is not re-run at this time manually, because
-
-(a) "process_files.pl" would pollute the file list (and some of the
-    auto-generated header files) with RHEL8-specific FIPS artifacts, which
-    are explicitly unwanted in edk2,
-
-(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
-    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
-    and will help with future changes too.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
-(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
----
- CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
- 2 files changed, 22 insertions(+)
-
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-index d84bde056a..19913a4ac6 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-@@ -570,6 +570,17 @@
-   $(OPENSSL_PATH)/ssl/statem/statem.h
-   $(OPENSSL_PATH)/ssl/statem/statem_local.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-index cdeed0d073..5057857e8d 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-@@ -519,6 +519,17 @@
-   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
-   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
--- 
-2.27.0
-

SOURCES/LICENSE.qosb

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2017 Patrick Uiterwijk
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

SOURCES/RedHatSecureBootPkKek1.pem

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
-BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
-9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
-MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
-RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
-+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
-huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
-bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
-3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
-y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
-AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
-HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
-ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
-3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
-1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
-qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
-NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
-R+SqIs/vdWGA40O3SFdzET14m2k=
------END CERTIFICATE-----

SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-migrate-to-OVMF-s-VirtNorFlas.patch

@@ -1,149 +0,0 @@
-From 9ef10bbe9a03f22aa5c5ff659012794d37ef9839 Mon Sep 17 00:00:00 2001
-From: Ard Biesheuvel <ardb@kernel.org>
-Date: Mon, 24 Oct 2022 18:41:22 +0200
-Subject: [PATCH 17/18] ArmVirtPkg/ArmVirtQemu: migrate to OVMF's
- VirtNorFlashDxe
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [19/20] 2160140b0ea566451ab723e941d2ab91e1ad874e
-
-Switch to the virt specific NorFlashDxe driver implementation that was
-added recently.
-
-Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
-Reviewed-by: Sunil V L <sunilvl@ventanamicro.com>
-(cherry picked from commit b92298af8218dd074c231947bc95f2be94af663c)
----
- ArmVirtPkg/ArmVirtQemu.dsc                           |  4 ++--
- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc                 |  2 +-
- ArmVirtPkg/ArmVirtQemuKernel.dsc                     |  4 ++--
- ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c | 12 ++++++------
- .../Library/NorFlashQemuLib/NorFlashQemuLib.inf      |  4 ++--
- 5 files changed, 13 insertions(+), 13 deletions(-)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index e6fad9f066..2b23becf30 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -67,7 +67,7 @@
-   ArmPlatformLib|ArmPlatformPkg/Library/ArmPlatformLibNull/ArmPlatformLibNull.inf
- 
-   TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
--  NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+  VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
- 
-   CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
-   BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
-@@ -400,7 +400,7 @@
-     <LibraryClasses>
-       NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
-   }
--  ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-index f6a538df72..7c655d384d 100644
---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-@@ -73,7 +73,7 @@ READ_LOCK_STATUS   = TRUE
- 
-   INF ArmPkg/Drivers/ArmGic/ArmGicDxe.inf
-   INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
--  INF ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 656c9d99a3..344e2c4ed9 100644
---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
-+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -65,7 +65,7 @@
-   ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoLib.inf
- 
-   TimerLib|ArmPkg/Library/ArmArchTimerLib/ArmArchTimerLib.inf
--  NorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+  VirtNorFlashPlatformLib|ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
- 
-   CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
-   BootLogoLib|MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf
-@@ -329,7 +329,7 @@
-     <LibraryClasses>
-       NULL|ArmVirtPkg/Library/ArmVirtTimerFdtClientLib/ArmVirtTimerFdtClientLib.inf
-   }
--  ArmPlatformPkg/Drivers/NorFlashDxe/NorFlashDxe.inf
-+  OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
-   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
- 
-   #
-diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-index 271d7f0efb..93a2fed40f 100644
---- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.c
-@@ -8,8 +8,8 @@
- 
- #include <Library/BaseLib.h>
- #include <Library/DebugLib.h>
--#include <Library/NorFlashPlatformLib.h>
- #include <Library/UefiBootServicesTableLib.h>
-+#include <Library/VirtNorFlashPlatformLib.h>
- 
- #include <Protocol/FdtClient.h>
- 
-@@ -18,19 +18,19 @@
- #define MAX_FLASH_BANKS        4
- 
- EFI_STATUS
--NorFlashPlatformInitialization (
-+VirtNorFlashPlatformInitialization (
-   VOID
-   )
- {
-   return EFI_SUCCESS;
- }
- 
--NOR_FLASH_DESCRIPTION mNorFlashDevices[MAX_FLASH_BANKS];
-+STATIC VIRT_NOR_FLASH_DESCRIPTION  mNorFlashDevices[MAX_FLASH_BANKS];
- 
- EFI_STATUS
--NorFlashPlatformGetDevices (
--  OUT NOR_FLASH_DESCRIPTION   **NorFlashDescriptions,
--  OUT UINT32                  *Count
-+VirtNorFlashPlatformGetDevices (
-+  OUT VIRT_NOR_FLASH_DESCRIPTION  **NorFlashDescriptions,
-+  OUT UINT32                      *Count
-   )
- {
-   FDT_CLIENT_PROTOCOL         *FdtClient;
-diff --git a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-index 4c3683bf5d..a6b5865be9 100644
---- a/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-+++ b/ArmVirtPkg/Library/NorFlashQemuLib/NorFlashQemuLib.inf
-@@ -14,17 +14,17 @@
-   FILE_GUID                      = 339B7829-4C5F-4EFC-B2DD-5050E530DECE
-   MODULE_TYPE                    = DXE_DRIVER
-   VERSION_STRING                 = 1.0
--  LIBRARY_CLASS                  = NorFlashPlatformLib
-+  LIBRARY_CLASS                  = VirtNorFlashPlatformLib
- 
- [Sources.common]
-   NorFlashQemuLib.c
- 
- [Packages]
-   MdePkg/MdePkg.dec
--  ArmPlatformPkg/ArmPlatformPkg.dec
-   ArmPkg/ArmPkg.dec
-   ArmVirtPkg/ArmVirtPkg.dec
-   EmbeddedPkg/EmbeddedPkg.dec
-+  OvmfPkg/OvmfPkg.dec
- 
- [LibraryClasses]
-   BaseLib
--- 
-2.41.0
-

SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch

@@ -1,56 +0,0 @@
-From 045496325e278716e724ffdf9685667a8766d4f3 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:34:52 -0400
-Subject: [PATCH 28/31] CryptoPkg/Test: call ProcessLibraryConstructorList
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [28/31] 5ff484fbc68d094fbcdda2772c2869818c67de8d
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 94961b8817eec6f8d0434555ac50a7aa51c22201
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri Jun 14 11:45:49 2024 +0200
-
-    CryptoPkg/Test: call ProcessLibraryConstructorList
-
-    Needed to properly initialize BaseRngLib.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-index 88a3f96305..0ba9f35840 100644
---- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-@@ -8,6 +8,11 @@
- **/
- #include "TestBaseCryptLib.h"
- 
-+VOID
-+EFIAPI
-+ProcessLibraryConstructorList (
-+  VOID
-+  );
- 
- /**
-   Initialize the unit test framework, suite, and unit tests for the
-@@ -77,5 +82,6 @@ main (
-   char *argv[]
-   )
- {
-+  ProcessLibraryConstructorList ();
-   return UefiTestMain ();
- }
--- 
-2.39.3
-

SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch

@@ -1,174 +0,0 @@
-From f8691984227809170b702f6fd087add1f95ee8fe Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 5 Mar 2024 16:38:49 -0500
-Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 66: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-RH-Jira: RHEL-21158
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [1/2] 301d3bfe82c39179fb85d510788831aa340212d9
-
-JIRA: https://issues.redhat.com/browse/RHEL-21158
-CVE: CVE-2022-36765
-Upstream: Merged
-
-commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
-Author: Gua Guo <gua.guo@intel.com>
-Date:   Thu Jan 11 13:07:50 2024 +0800
-
-    EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
-
-    Fix integer overflow in various CreateHob instances.
-    Fixes: CVE-2022-36765
-
-    The CreateHob() function aligns the requested size to 8
-    performing the following operation:
-    ```
-    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-    ```
-
-    No checks are performed to ensure this value doesn't
-    overflow, and could lead to CreateHob() returning a smaller
-    HOB than requested, which could lead to OOB HOB accesses.
-
-    Reported-by: Marc Beatove <mbeatove@google.com>
-    Cc: Leif Lindholm <quic_llindhol@quicinc.com>
-    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Abner Chang <abner.chang@amd.com>
-    Cc: John Mathew <john.mathews@intel.com>
-    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-    Signed-off-by: Gua Guo <gua.guo@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- EmbeddedPkg/Library/PrePiHobLib/Hob.c | 47 +++++++++++++++++++++++++--
- 1 file changed, 45 insertions(+), 2 deletions(-)
-
-diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-index b5cc6c5d8f..f4c99369c6 100644
---- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-@@ -112,6 +112,13 @@ CreateHob (
- 
-   HandOffHob = GetHobList ();
- 
-+  //
-+  // Check Length to avoid data overflow.
-+  //
-+  if (HobLength > MAX_UINT16 - 0x7) {
-+    return NULL;
-+  }
-+
-   HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
- 
-   FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
-@@ -161,7 +168,10 @@ BuildResourceDescriptorHob (
-   EFI_HOB_RESOURCE_DESCRIPTOR  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
--  ASSERT(Hob != NULL);
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->ResourceType      = ResourceType;
-   Hob->ResourceAttribute = ResourceAttribute;
-@@ -403,6 +413,10 @@ BuildModuleHob (
-           ((ModuleLength & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
-   Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
-@@ -450,7 +464,12 @@ BuildGuidHob (
-   //
-   ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
- 
--  Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16) (sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return NULL;
-+  }
-+
-   CopyGuid (&Hob->Name, Guid);
-   return Hob + 1;
- }
-@@ -516,6 +535,10 @@ BuildFvHob (
-   EFI_HOB_FIRMWARE_VOLUME  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -548,6 +571,10 @@ BuildFv2Hob (
-   EFI_HOB_FIRMWARE_VOLUME2  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -589,6 +616,10 @@ BuildFv3Hob (
-   EFI_HOB_FIRMWARE_VOLUME3  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress          = BaseAddress;
-   Hob->Length               = Length;
-@@ -645,6 +676,10 @@ BuildCpuHob (
-   EFI_HOB_CPU  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->SizeOfMemorySpace = SizeOfMemorySpace;
-   Hob->SizeOfIoSpace     = SizeOfIoSpace;
-@@ -681,6 +716,10 @@ BuildStackHob (
-           ((Length & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid);
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
-@@ -761,6 +800,10 @@ BuildMemoryAllocationHob (
-           ((Length & (EFI_PAGE_SIZE - 1)) == 0));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
--- 
-2.39.3
-

SOURCES/edk2-MdeModulePkg-Potential-UINT32-overflow-in-S3-ResumeC.patch

@@ -1,66 +0,0 @@
-From 2e4b2b8fce40cf93f35e052102f37fee07b2e64a Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Mon, 10 Jun 2024 18:13:29 -0400
-Subject: [PATCH 02/31] MdeModulePkg: Potential UINT32 overflow in S3
- ResumeCount
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [2/31] a3592c3437041cbd33a6c11feb3d0999e122c8c0
-
-JIRA: https://issues.redhat.com/browse/RHEL-40099
-CVE: CVE-2024-1298
-Upstream: Merged
-
-commit 284dbac43da752ee34825c8b3f6f9e8281cb5a19
-Author: Shanmugavel Pakkirisamy <shanmugavelx.pakkirisamy@intel.com>
-Date:   Mon May 6 17:53:09 2024 +0800
-
-    MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4677
-
-    Attacker able to modify physical memory and ResumeCount.
-    System will crash/DoS when ResumeCount reaches its MAX_UINT32.
-
-    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-    Cc: Dandan Bi <dandan.bi@intel.com>
-    Cc: Liming Gao <gaoliming@byosoft.com.cn>
-
-    Signed-off-by: Pakkirisamy ShanmugavelX <shanmugavelx.pakkirisamy@intel.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../FirmwarePerformancePei.c                         | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-index 6881466201..54b3bc3c54 100644
---- a/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-+++ b/MdeModulePkg/Universal/Acpi/FirmwarePerformanceDataTablePei/FirmwarePerformancePei.c
-@@ -110,11 +110,15 @@ FpdtStatusCodeListenerPei (
-   //
-   S3ResumeTotal = MultU64x32 (AcpiS3ResumeRecord->AverageResume, AcpiS3ResumeRecord->ResumeCount);
-   AcpiS3ResumeRecord->ResumeCount++;
--  AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
-+  if (AcpiS3ResumeRecord->ResumeCount > 0) {
-+    AcpiS3ResumeRecord->AverageResume = DivU64x32 (S3ResumeTotal + AcpiS3ResumeRecord->FullResume, AcpiS3ResumeRecord->ResumeCount);
-+    DEBUG ((DEBUG_INFO, "\nFPDT: S3 Resume Performance - AverageResume = 0x%x\n", AcpiS3ResumeRecord->AverageResume));
-+  } else {
-+    DEBUG ((DEBUG_ERROR, "\nFPDT: S3 ResumeCount reaches the MAX_UINT32 value. S3 ResumeCount record reset to Zero."));
-+  }
- 
--  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount   = %d\n", AcpiS3ResumeRecord->ResumeCount));
--  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume    = %ld\n", AcpiS3ResumeRecord->FullResume));
--  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - AverageResume = %ld\n", AcpiS3ResumeRecord->AverageResume));
-+  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - ResumeCount   = 0x%x\n", AcpiS3ResumeRecord->ResumeCount));
-+  DEBUG ((DEBUG_INFO, "FPDT: S3 Resume Performance - FullResume    = 0x%x\n", AcpiS3ResumeRecord->FullResume));
- 
-   //
-   // Update S3 Suspend Performance Record.
--- 
-2.39.3
-

SOURCES/edk2-MdeModulePkg-Rng-Add-GUID-to-describe-unsafe-Rng-alg.patch

@@ -1,90 +0,0 @@
-From 5ba444af245d59e3208260478aa710d4f143f259 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 16:06:25 -0400
-Subject: [PATCH 20/31] MdeModulePkg/Rng: Add GUID to describe unsafe Rng
- algorithms
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [20/31] d0e553560d60122f2fe5f33923b5b943c138a18d
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 414c0f20896f3dec412135fa4260f8aad8bef246
-Author: Pierre Gondois <pierre.gondois@arm.com>
-Date:   Fri Aug 11 16:33:07 2023 +0200
-
-    MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
-
-    The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
-    implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
-    To allow the RngDxe to detect when such implementation is used,
-    a GetRngGuid() function is added in a following patch.
-
-    Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
-    to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
-
-    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Acked-by: Ard Biesheuvel <ardb@kernel.org>
-    Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 +++++++++++++++++++++++
- MdeModulePkg/MdeModulePkg.dec            |  3 +++
- 2 files changed, 26 insertions(+)
- create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
-
-diff --git a/MdeModulePkg/Include/Guid/RngAlgorithm.h b/MdeModulePkg/Include/Guid/RngAlgorithm.h
-new file mode 100644
-index 0000000000..e2ac2ba3e5
---- /dev/null
-+++ b/MdeModulePkg/Include/Guid/RngAlgorithm.h
-@@ -0,0 +1,23 @@
-+/** @file
-+  Rng Algorithm
-+
-+  Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#ifndef RNG_ALGORITHM_GUID_H_
-+#define RNG_ALGORITHM_GUID_H_
-+
-+///
-+/// The implementation of a Random Number Generator might be unsafe, when using
-+/// a dummy implementation for instance. Allow identifying such implementation
-+/// with this GUID.
-+///
-+#define EDKII_RNG_ALGORITHM_UNSAFE \
-+  { \
-+    0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \
-+  }
-+
-+extern EFI_GUID  gEdkiiRngAlgorithmUnSafe;
-+
-+#endif // #ifndef RNG_ALGORITHM_GUID_H_
-diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 08d59dfb3e..3513a9678a 100644
---- a/MdeModulePkg/MdeModulePkg.dec
-+++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -401,6 +401,9 @@
-   ## Include/Guid/MigratedFvInfo.h
-   gEdkiiMigratedFvInfoGuid = { 0xc1ab12f7, 0x74aa, 0x408d, { 0xa2, 0xf4, 0xc6, 0xce, 0xfd, 0x17, 0x98, 0x71 } }
- 
-+  ## Include/Guid/RngAlgorithm.h
-+  gEdkiiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
-+
-   #
-   # GUID defined in UniversalPayload
-   #
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-Add-deprecated-warning-to-BaseRngLibTimer.patch

@@ -1,89 +0,0 @@
-From 3800b9ee5d6d4c05c7e27f949c3b32c422c78f2d Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 16:02:31 -0400
-Subject: [PATCH 16/31] MdePkg: Add deprecated warning to BaseRngLibTimer
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [16/31] 6e199344d083e90f60cbe01dfb3c2a3719e3177d
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit e93468442b7da7bc80e00014e854c0c8a0a7184b
-Author: Pierre Gondois <pierre.gondois@arm.com>
-Date:   Fri Aug 11 16:33:03 2023 +0200
-
-    MdePkg: Add deprecated warning to BaseRngLibTimer
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
-
-    To keep the MdePkg self-contained and avoid dependencies on GUIDs
-    defined in other packages, the BaseRngLibTimer was moved to the
-    MdePkg.
-    Add a constructor to warn and request to use the MdeModulePkg
-    implementation.
-
-    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Acked-by: Ard Biesheuvel <ardb@kernel.org>
-    Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  1 +
- .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 22 +++++++++++++++++++
- 2 files changed, 23 insertions(+)
-
-diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-index f857290e82..96c90db63f 100644
---- a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-@@ -23,6 +23,7 @@
-   MODULE_TYPE                    = BASE
-   VERSION_STRING                 = 1.0
-   LIBRARY_CLASS                  = RngLib
-+  CONSTRUCTOR                    = BaseRngLibTimerConstructor
- 
- [Sources]
-   RngLibTimer.c
-diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-index 54d29d96f3..6b8392162b 100644
---- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-@@ -13,6 +13,28 @@
- 
- #define DEFAULT_DELAY_TIME_IN_MICROSECONDS 10
- 
-+/**
-+  This implementation is to be replaced by its MdeModulePkg copy.
-+  The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
-+  be defined in the MdePkg.
-+
-+  @retval EFI_SUCCESS   The constructor always returns EFI_SUCCESS.
-+**/
-+RETURN_STATUS
-+EFIAPI
-+BaseRngLibTimerConstructor (
-+  VOID
-+  )
-+{
-+  DEBUG ((
-+    DEBUG_WARN,
-+    "Warning: This BaseRngTimerLib implementation will be deprecated. "
-+    "Please use the MdeModulePkg implementation equivalent.\n"
-+    ));
-+
-+  return RETURN_SUCCESS;
-+}
-+
- /**
-  Using the TimerLib GetPerformanceCounterProperties() we delay
-  for enough time for the PerformanceCounter to increment.
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-Apply-uncrustify-changes.patch

@@ -1,94 +0,0 @@
-From 1198bceefa4834c09e1edc1c558aeffe4930d1f5 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 11 Jun 2024 21:32:26 -0400
-Subject: [PATCH 03/31] MdePkg: Apply uncrustify changes
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [3/31] 422d94b837bf0e65164968272a358c2656f59838
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-This is a subset of the whitespace changes in the corresponding upstream
-commit. It is needed for the next commits in this series to apply with
-less fewer conflicts.
-
-commit 2f88bd3a1296c522317f1c21377876de63de5be7
-Author: Michael Kubacki <michael.kubacki@microsoft.com>
-Date:   Sun Dec 5 14:54:05 2021 -0800
-
-    MdePkg: Apply uncrustify changes
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737
-
-    Apply uncrustify changes to .c/.h files in the MdePkg package
-
-    Cc: Andrew Fish <afish@apple.com>
-    Cc: Leif Lindholm <leif@nuviainc.com>
-    Cc: Michael D Kinney <michael.d.kinney@intel.com>
-    Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Include/Protocol/Rng.h | 24 ++++++++++++------------
- 1 file changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
-index a0a05d1661..baf425587b 100644
---- a/MdePkg/Include/Protocol/Rng.h
-+++ b/MdePkg/Include/Protocol/Rng.h
-@@ -93,7 +93,7 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
- **/
- typedef
- EFI_STATUS
--(EFIAPI *EFI_RNG_GET_INFO) (
-+(EFIAPI *EFI_RNG_GET_INFO)(
-   IN EFI_RNG_PROTOCOL             *This,
-   IN OUT UINTN                    *RNGAlgorithmListSize,
-   OUT EFI_RNG_ALGORITHM           *RNGAlgorithmList
-@@ -123,9 +123,9 @@ EFI_STATUS
- **/
- typedef
- EFI_STATUS
--(EFIAPI *EFI_RNG_GET_RNG) (
-+(EFIAPI *EFI_RNG_GET_RNG)(
-   IN EFI_RNG_PROTOCOL            *This,
--  IN EFI_RNG_ALGORITHM           *RNGAlgorithm, OPTIONAL
-+  IN EFI_RNG_ALGORITHM           *RNGAlgorithm  OPTIONAL,
-   IN UINTN                       RNGValueLength,
-   OUT UINT8                      *RNGValue
-   );
-@@ -135,16 +135,16 @@ EFI_STATUS
- /// applications, or entropy for seeding other random number generators.
- ///
- struct _EFI_RNG_PROTOCOL {
--  EFI_RNG_GET_INFO                GetInfo;
--  EFI_RNG_GET_RNG                 GetRNG;
-+  EFI_RNG_GET_INFO    GetInfo;
-+  EFI_RNG_GET_RNG     GetRNG;
- };
- 
--extern EFI_GUID gEfiRngProtocolGuid;
--extern EFI_GUID gEfiRngAlgorithmSp80090Hash256Guid;
--extern EFI_GUID gEfiRngAlgorithmSp80090Hmac256Guid;
--extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid;
--extern EFI_GUID gEfiRngAlgorithmX9313DesGuid;
--extern EFI_GUID gEfiRngAlgorithmX931AesGuid;
--extern EFI_GUID gEfiRngAlgorithmRaw;
-+extern EFI_GUID  gEfiRngProtocolGuid;
-+extern EFI_GUID  gEfiRngAlgorithmSp80090Hash256Guid;
-+extern EFI_GUID  gEfiRngAlgorithmSp80090Hmac256Guid;
-+extern EFI_GUID  gEfiRngAlgorithmSp80090Ctr256Guid;
-+extern EFI_GUID  gEfiRngAlgorithmX9313DesGuid;
-+extern EFI_GUID  gEfiRngAlgorithmX931AesGuid;
-+extern EFI_GUID  gEfiRngAlgorithmRaw;
- 
- #endif
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch

@@ -1,213 +0,0 @@
-From 1d4b6d489cb919faa3ad67a3ae53fe26c4cd0a75 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:32:29 -0400
-Subject: [PATCH 25/31] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
- CPUID
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [25/31] 11804d6f86a644ae2c3dcad89c633ad63b794d3f
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
-Author: Pedro Falcato <pedro.falcato@gmail.com>
-Date:   Tue Nov 22 22:31:03 2022 +0000
-
-    MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
-
-    RDRAND has notoriously been broken many times over its lifespan.
-    Add a smoketest to RDRAND, in order to better sniff out potential
-    security concerns.
-
-    Also add a proper CPUID test in order to support older CPUs which may
-    not have it; it was previously being tested but then promptly ignored.
-
-    Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
-    :x86_init_rdrand() per commit 049f9ae9..
-
-    Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
-    code to MIT and the public domain.
-
-    >On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
-      <..>
-    >    I (re)wrote that function in Linux. I hereby relicense it as MIT, and
-    >    also place it into public domain. Do with it what you will now.
-    >
-    >    Jason
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
-
-    Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
-    Cc: Michael D Kinney <michael.d.kinney@intel.com>
-    Cc: Liming Gao <gaoliming@byosoft.com.cn>
-    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-    Cc: Jason A. Donenfeld <Jason@zx2c4.com>
-
-Signed-off-by: Jon Maloy <jmaloy@gmail.com>
----
- MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
- 1 file changed, 91 insertions(+), 8 deletions(-)
-
-diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-index aee8ea04e8..7132ab0efd 100644
---- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-@@ -3,6 +3,7 @@
-   to provide high-quality random numbers.
- 
- Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
-+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
- Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- 
-@@ -25,6 +26,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- STATIC BOOLEAN mRdRandSupported;
- 
-+//
-+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
-+//
-+#define RDRAND_RETRIES  10
-+
-+#define RDRAND_TEST_SAMPLES  8
-+
-+#define RDRAND_MIN_CHANGE  5
-+
-+//
-+// Add a define for native-word RDRAND, just for the test.
-+//
-+#ifdef MDE_CPU_X64
-+#define ASM_RDRAND  AsmRdRand64
-+#else
-+#define ASM_RDRAND  AsmRdRand32
-+#endif
-+
-+/**
-+  Tests RDRAND for broken implementations.
-+
-+  @retval TRUE         RDRAND is reliable (and hopefully safe).
-+  @retval FALSE        RDRAND is unreliable and should be disabled, despite CPUID.
-+
-+**/
-+STATIC
-+BOOLEAN
-+TestRdRand (
-+  VOID
-+  )
-+{
-+  //
-+  // Test for notoriously broken rdrand implementations that always return the same
-+  // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
-+  // Note that this should be expanded to extensively test for other sorts of possible errata.
-+  //
-+
-+  //
-+  // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
-+  // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
-+  //
-+  UINTN   Prev;
-+  UINT8   Idx;
-+  UINT8   TestIteration;
-+  UINT32  Changed;
-+
-+  Changed = 0;
-+
-+  for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
-+    UINTN  Sample;
-+    //
-+    // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
-+    // Any failure to get a random number will assume RDRAND does not work.
-+    //
-+    for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
-+      if (ASM_RDRAND (&Sample)) {
-+        break;
-+      }
-+    }
-+
-+    if (Idx == RDRAND_RETRIES) {
-+      DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
-+      return FALSE;
-+    }
-+
-+    if (TestIteration != 0) {
-+      Changed += Sample != Prev;
-+    }
-+
-+    Prev = Sample;
-+  }
-+
-+  if (Changed < RDRAND_MIN_CHANGE) {
-+    DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
-+    return FALSE;
-+  }
-+
-+  return TRUE;
-+}
-+
-+#undef ASM_RDRAND
-+
- /**
-   The constructor function checks whether or not RDRAND instruction is supported
-   by the host hardware.
-@@ -49,10 +132,13 @@ BaseRngLibConstructor (
-   // CPUID. A value of 1 indicates that processor support RDRAND instruction.
-   //
-   AsmCpuid (1, 0, 0, &RegEcx, 0);
--  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
- 
-   mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
- 
-+  if (mRdRandSupported) {
-+    mRdRandSupported = TestRdRand ();
-+  }
-+
-   return EFI_SUCCESS;
- }
- 
-@@ -71,6 +157,7 @@ ArchGetRandomNumber16 (
-   OUT     UINT16                    *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand16 (Rand);
- }
- 
-@@ -89,6 +176,7 @@ ArchGetRandomNumber32 (
-   OUT     UINT32                    *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand32 (Rand);
- }
- 
-@@ -107,6 +195,7 @@ ArchGetRandomNumber64 (
-   OUT     UINT64                    *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand64 (Rand);
- }
- 
-@@ -123,13 +212,7 @@ ArchIsRngSupported (
-   VOID
-   )
- {
--  /*
--     Existing software depends on this always returning TRUE, so for
--     now hard-code it.
--
--     return mRdRandSupported;
--  */
--  return TRUE;
-+  return mRdRandSupported;
- }
- 
- /**
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-DxeRngLib-Request-raw-algorithm-instead-of-de.patch

@@ -1,66 +0,0 @@
-From 3351bd0ba07cc490c344d2dc54b86833993ca5a2 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 15:58:58 -0400
-Subject: [PATCH 18/31] MdePkg/DxeRngLib: Request raw algorithm instead of
- default
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [18/31] fa2da700127ae713aa578638c2390673fc49522d
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit bd1f0eecc1dfe51ba20161bef8860d12392006bd
-Author: Pierre Gondois <pierre.gondois@arm.com>
-Date:   Fri Aug 11 16:33:05 2023 +0200
-
-    MdePkg/DxeRngLib: Request raw algorithm instead of default
-
-    The DxeRngLib tries to generate a random number using the 3 NIST
-    SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
-    If none of the call is successful, the fallback option is the default
-    RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
-    be an unsafe implementation.
-
-    Try requesting the Raw algorithm before requesting the default one.
-
-    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Acked-by: Ard Biesheuvel <ardb@kernel.org>
-    Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Library/DxeRngLib/DxeRngLib.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
-index 9c3d67b5a6..4b2fc1cde5 100644
---- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
-+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
-@@ -64,9 +64,16 @@ GenerateRandomNumberViaNist800Algorithm (
-   if (!EFI_ERROR (Status)) {
-     return Status;
-   }
-+
-+  Status = RngProtocol->GetRNG (RngProtocol, &gEfiRngAlgorithmRaw, BufferSize, Buffer);
-+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm Raw - Status = %r\n", __func__, Status));
-+  if (!EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-   // If all the other methods have failed, use the default method from the RngProtocol
-   Status = RngProtocol->GetRNG (RngProtocol, NULL, BufferSize, Buffer);
--  DEBUG((DEBUG_INFO, "%a: GetRNG algorithm Hash-256 - Status = %r\n", __FUNCTION__, Status));
-+  DEBUG ((DEBUG_INFO, "%a: GetRNG algorithm default - Status = %r\n", __func__, Status));
-   if (!EFI_ERROR (Status)) {
-     return Status;
-   }
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch

@@ -1,63 +0,0 @@
-From 30da4837584643c637eea751dbb01e0718fa764d Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Mon, 21 Oct 2024 14:45:37 -0400
-Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 96: MdePkg: Fix overflow issue in BasePeCoffLib
-RH-Jira: RHEL-60830
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [1/1] 5406406ac2711215ec2bd3d9c1a2e6bb268dda38 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-60830
-CVE: CVE-2024-38796
-Upstream: Merged
-
-commit c95233b8525ca6828921affd1496146cff262e65
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Sep 27 12:08:55 2024 -0700
-
-    MdePkg: Fix overflow issue in BasePeCoffLib
-
-    The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
-    also a UINT32 value. The current code does not check for overflow when
-    adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
-    check to ensure that the addition does not overflow.
-
-    Signed-off-by: Doug Flick <dougflick@microsoft.com>
-    Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 15 ++++++++-------
- 1 file changed, 8 insertions(+), 7 deletions(-)
-
-diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-index 1102833b94..6b1ccc7217 100644
---- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
-@@ -991,13 +991,14 @@ PeCoffLoaderRelocateImage (
-     RelocDir = &Hdr.Te->DataDirectory[0];
-   }
- 
--  if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
--    RelocBase = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
--    RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *) PeCoffLoaderImageAddress (ImageContext,
--                                                                            RelocDir->VirtualAddress + RelocDir->Size - 1,
--                                                                            TeStrippedOffset
--                                                                            );
--    if (RelocBase == NULL || RelocBaseEnd == NULL || (UINTN) RelocBaseEnd < (UINTN) RelocBase) {
-+  if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
-+    RelocBase    = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
-+    RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
-+                                                  ImageContext,
-+                                                  RelocDir->VirtualAddress + RelocDir->Size - 1,
-+                                                  TeStrippedOffset
-+                                                  );
-+    if ((RelocBase == NULL) || (RelocBaseEnd == NULL) || ((UINTN)RelocBaseEnd < (UINTN)RelocBase)) {
-       ImageContext->ImageError = IMAGE_ERROR_FAILED_RELOCATION;
-       return RETURN_LOAD_ERROR;
-     }
--- 
-2.45.2
-

SOURCES/edk2-MdePkg-Introduce-CcMeasurementProtocol-for-CC-Guest-.patch

@@ -1,390 +0,0 @@
-From b8261ac422ba284249cd4f341d78d058e79960f5 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 7 Feb 2024 11:56:37 -0500
-Subject: [PATCH 03/17] MdePkg: Introduce CcMeasurementProtocol for CC Guest
- firmware
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 44: edk2: heap buffer overflow in Tcg2MeasureGptTable()
-RH-Jira: RHEL-21154 RHEL-21156
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [3/13] 6bf304f8e3bc875024c8fb0a4cd5d2c944f69480 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21154
-CVE: CVE-2022-36763
-Upstream: Merged
-
-commit e193584da60550008722498442c62ddb77bf27d5
-Author: Min Xu <min.m.xu@intel.com>
-Date:   Sat Dec 11 21:08:40 2021 +0800
-
-    MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625
-
-    CC guest is a Confidential Computing guest. If CC Guest firmware
-    supports measurement and an event is created, CC Guest firmware
-    is designed to report the event log with the same data structure
-    in TCG-Platform-Firmware-Profile specification with
-    EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
-
-    The CC Guest firmware supports measurement. It is designed to
-    produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
-    EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides
-    hash capability.
-
-    Cc: Michael D Kinney <michael.d.kinney@intel.com>
-    Cc: Liming Gao <gaoliming@byosoft.com.cn>
-    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-    Cc: Jian J Wang <jian.j.wang@intel.com>
-    Cc: Ken Lu <ken.lu@intel.com>
-    Cc: Sami Mujawar <sami.mujawar@arm.com>
-    Cc: Gerd Hoffmann <kraxel@redhat.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
-    Signed-off-by: Min Xu <min.m.xu@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Include/Protocol/CcMeasurement.h | 302 ++++++++++++++++++++++++
- MdePkg/MdePkg.dec                       |   6 +
- 2 files changed, 308 insertions(+)
- create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h
-
-diff --git a/MdePkg/Include/Protocol/CcMeasurement.h b/MdePkg/Include/Protocol/CcMeasurement.h
-new file mode 100644
-index 0000000000..68029e977f
---- /dev/null
-+++ b/MdePkg/Include/Protocol/CcMeasurement.h
-@@ -0,0 +1,302 @@
-+/** @file
-+  If CC Guest firmware supports measurement and an event is created,
-+  CC Guest firmware is designed to report the event log with the same
-+  data structure in TCG-Platform-Firmware-Profile specification with
-+  EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format.
-+
-+  The CC Guest firmware supports measurement, the CC Guest Firmware is
-+  designed to produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID
-+  EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides hash
-+  capability.
-+
-+Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
-+SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#ifndef CC_MEASUREMENT_PROTOCOL_H_
-+#define CC_MEASUREMENT_PROTOCOL_H_
-+
-+#include <IndustryStandard/UefiTcgPlatform.h>
-+
-+#define EFI_CC_MEASUREMENT_PROTOCOL_GUID  \
-+  { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
-+extern EFI_GUID  gEfiCcMeasurementProtocolGuid;
-+
-+typedef struct _EFI_CC_MEASUREMENT_PROTOCOL EFI_CC_MEASUREMENT_PROTOCOL;
-+
-+typedef struct {
-+  UINT8    Major;
-+  UINT8    Minor;
-+} EFI_CC_VERSION;
-+
-+//
-+// EFI_CC Type/SubType definition
-+//
-+#define EFI_CC_TYPE_NONE  0
-+#define EFI_CC_TYPE_SEV   1
-+#define EFI_CC_TYPE_TDX   2
-+
-+typedef struct {
-+  UINT8    Type;
-+  UINT8    SubType;
-+} EFI_CC_TYPE;
-+
-+typedef UINT32 EFI_CC_EVENT_LOG_BITMAP;
-+typedef UINT32 EFI_CC_EVENT_LOG_FORMAT;
-+typedef UINT32 EFI_CC_EVENT_ALGORITHM_BITMAP;
-+typedef UINT32 EFI_CC_MR_INDEX;
-+
-+//
-+// Intel TDX measure register index
-+//
-+#define TDX_MR_INDEX_MRTD   0
-+#define TDX_MR_INDEX_RTMR0  1
-+#define TDX_MR_INDEX_RTMR1  2
-+#define TDX_MR_INDEX_RTMR2  3
-+#define TDX_MR_INDEX_RTMR3  4
-+
-+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2  0x00000002
-+#define EFI_CC_BOOT_HASH_ALG_SHA384    0x00000004
-+
-+//
-+// This bit is shall be set when an event shall be extended but not logged.
-+//
-+#define EFI_CC_FLAG_EXTEND_ONLY  0x0000000000000001
-+//
-+// This bit shall be set when the intent is to measure a PE/COFF image.
-+//
-+#define EFI_CC_FLAG_PE_COFF_IMAGE  0x0000000000000010
-+
-+#pragma pack (1)
-+
-+#define EFI_CC_EVENT_HEADER_VERSION  1
-+
-+typedef struct {
-+  //
-+  // Size of the event header itself (sizeof(EFI_CC_EVENT_HEADER)).
-+  //
-+  UINT32             HeaderSize;
-+  //
-+  // Header version. For this version of this specification, the value shall be 1.
-+  //
-+  UINT16             HeaderVersion;
-+  //
-+  // Index of the MR (measurement register) that shall be extended.
-+  //
-+  EFI_CC_MR_INDEX    MrIndex;
-+  //
-+  // Type of the event that shall be extended (and optionally logged).
-+  //
-+  UINT32             EventType;
-+} EFI_CC_EVENT_HEADER;
-+
-+typedef struct {
-+  //
-+  // Total size of the event including the Size component, the header and the Event data.
-+  //
-+  UINT32                 Size;
-+  EFI_CC_EVENT_HEADER    Header;
-+  UINT8                  Event[1];
-+} EFI_CC_EVENT;
-+
-+#pragma pack()
-+
-+typedef struct {
-+  //
-+  // Allocated size of the structure
-+  //
-+  UINT8                            Size;
-+  //
-+  // Version of the EFI_CC_BOOT_SERVICE_CAPABILITY structure itself.
-+  // For this version of the protocol, the Major version shall be set to 1
-+  // and the Minor version shall be set to 0.
-+  //
-+  EFI_CC_VERSION                   StructureVersion;
-+  //
-+  // Version of the EFI CC Measurement protocol.
-+  // For this version of the protocol, the Major version shall be set to 1
-+  // and the Minor version shall be set to 0.
-+  //
-+  EFI_CC_VERSION                   ProtocolVersion;
-+  //
-+  // Supported hash algorithms
-+  //
-+  EFI_CC_EVENT_ALGORITHM_BITMAP    HashAlgorithmBitmap;
-+  //
-+  // Bitmap of supported event log formats
-+  //
-+  EFI_CC_EVENT_LOG_BITMAP          SupportedEventLogs;
-+
-+  //
-+  // Indicates the CC type
-+  //
-+  EFI_CC_TYPE                      CcType;
-+} EFI_CC_BOOT_SERVICE_CAPABILITY;
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL GetCapability function call provides protocol
-+  capability information and state information.
-+
-+  @param[in]      This               Indicates the calling context
-+  @param[in, out] ProtocolCapability The caller allocates memory for a EFI_CC_BOOT_SERVICE_CAPABILITY
-+                                     structure and sets the size field to the size of the structure allocated.
-+                                     The callee fills in the fields with the EFI CC BOOT Service capability
-+                                     information and the current CC information.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
-+                                 The ProtocolCapability variable will not be populated.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
-+                                 The ProtocolCapability variable will not be populated.
-+  @retval EFI_BUFFER_TOO_SMALL   The ProtocolCapability variable is too small to hold the full response.
-+                                 It will be partially populated (required Size field will be set).
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_GET_CAPABILITY)(
-+  IN     EFI_CC_MEASUREMENT_PROTOCOL       *This,
-+  IN OUT EFI_CC_BOOT_SERVICE_CAPABILITY    *ProtocolCapability
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL Get Event Log function call allows a caller to
-+  retrieve the address of a given event log and its last entry.
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  EventLogFormat     The type of the event log for which the information is requested.
-+  @param[out] EventLogLocation   A pointer to the memory address of the event log.
-+  @param[out] EventLogLastEntry  If the Event Log contains more than one entry, this is a pointer to the
-+                                 address of the start of the last entry in the event log in memory.
-+  @param[out] EventLogTruncated  If the Event Log is missing at least one entry because an event would
-+                                 have exceeded the area allocated for events, this value is set to TRUE.
-+                                 Otherwise, the value will be FALSE and the Event Log will be complete.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect
-+                                 (e.g. asking for an event log whose format is not supported).
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_GET_EVENT_LOG)(
-+  IN  EFI_CC_MEASUREMENT_PROTOCOL     *This,
-+  IN  EFI_CC_EVENT_LOG_FORMAT         EventLogFormat,
-+  OUT EFI_PHYSICAL_ADDRESS            *EventLogLocation,
-+  OUT EFI_PHYSICAL_ADDRESS            *EventLogLastEntry,
-+  OUT BOOLEAN                         *EventLogTruncated
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL HashLogExtendEvent function call provides
-+  callers with an opportunity to extend and optionally log events without requiring
-+  knowledge of actual CC commands.
-+  The extend operation will occur even if this function cannot create an event
-+  log entry (e.g. due to the event log being full).
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  Flags              Bitmap providing additional information.
-+  @param[in]  DataToHash         Physical address of the start of the data buffer to be hashed.
-+  @param[in]  DataToHashLen      The length in bytes of the buffer referenced by DataToHash.
-+  @param[in]  EfiCcEvent        Pointer to data buffer containing information about the event.
-+
-+  @retval EFI_SUCCESS            Operation completed successfully.
-+  @retval EFI_DEVICE_ERROR       The command was unsuccessful.
-+  @retval EFI_VOLUME_FULL        The extend operation occurred, but the event could not be written to one or more event logs.
-+  @retval EFI_INVALID_PARAMETER  One or more of the parameters are incorrect.
-+  @retval EFI_UNSUPPORTED        The PE/COFF image type is not supported.
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_HASH_LOG_EXTEND_EVENT)(
-+  IN EFI_CC_MEASUREMENT_PROTOCOL    *This,
-+  IN UINT64                         Flags,
-+  IN EFI_PHYSICAL_ADDRESS           DataToHash,
-+  IN UINT64                         DataToHashLen,
-+  IN EFI_CC_EVENT                   *EfiCcEvent
-+  );
-+
-+/**
-+  The EFI_CC_MEASUREMENT_PROTOCOL MapPcrToMrIndex function call provides callers
-+  the info on TPM PCR <-> CC MR mapping information.
-+
-+  @param[in]  This               Indicates the calling context
-+  @param[in]  PcrIndex           TPM PCR index.
-+  @param[out] MrIndex            CC MR index.
-+
-+  @retval EFI_SUCCESS            The MrIndex is returned.
-+  @retval EFI_INVALID_PARAMETER  The MrIndex is NULL.
-+  @retval EFI_UNSUPPORTED        The PcrIndex is invalid.
-+**/
-+typedef
-+EFI_STATUS
-+(EFIAPI *EFI_CC_MAP_PCR_TO_MR_INDEX)(
-+  IN  EFI_CC_MEASUREMENT_PROTOCOL    *This,
-+  IN  TCG_PCRINDEX                   PcrIndex,
-+  OUT EFI_CC_MR_INDEX                *MrIndex
-+  );
-+
-+struct _EFI_CC_MEASUREMENT_PROTOCOL {
-+  EFI_CC_GET_CAPABILITY           GetCapability;
-+  EFI_CC_GET_EVENT_LOG            GetEventLog;
-+  EFI_CC_HASH_LOG_EXTEND_EVENT    HashLogExtendEvent;
-+  EFI_CC_MAP_PCR_TO_MR_INDEX      MapPcrToMrIndex;
-+};
-+
-+//
-+// CC event log
-+//
-+
-+#pragma pack(1)
-+
-+//
-+// Crypto Agile Log Entry Format.
-+// It is similar with TCG_PCR_EVENT2 except the field of MrIndex and PCRIndex.
-+//
-+typedef struct {
-+  EFI_CC_MR_INDEX       MrIndex;
-+  UINT32                EventType;
-+  TPML_DIGEST_VALUES    Digests;
-+  UINT32                EventSize;
-+  UINT8                 Event[1];
-+} CC_EVENT;
-+
-+//
-+// EFI CC Event Header
-+// It is similar with TCG_PCR_EVENT2_HDR except the field of MrIndex and PCRIndex
-+//
-+typedef struct {
-+  EFI_CC_MR_INDEX       MrIndex;
-+  UINT32                EventType;
-+  TPML_DIGEST_VALUES    Digests;
-+  UINT32                EventSize;
-+} CC_EVENT_HDR;
-+
-+#pragma pack()
-+
-+//
-+// Log entries after Get Event Log service
-+//
-+
-+#define EFI_CC_FINAL_EVENTS_TABLE_VERSION  1
-+
-+typedef struct {
-+  //
-+  // The version of this structure. It shall be set to 1.
-+  //
-+  UINT64    Version;
-+  //
-+  // Number of events recorded after invocation of GetEventLog API
-+  //
-+  UINT64    NumberOfEvents;
-+  //
-+  // List of events of type CC_EVENT.
-+  //
-+  // CC_EVENT              Event[1];
-+} EFI_CC_FINAL_EVENTS_TABLE;
-+
-+#define EFI_CC_FINAL_EVENTS_TABLE_GUID \
-+  {0xdd4a4648, 0x2de7, 0x4665, {0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46}}
-+
-+extern EFI_GUID  gEfiCcFinalEventsTableGuid;
-+
-+#endif
-diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
-index 8b18415b10..6389a48338 100644
---- a/MdePkg/MdePkg.dec
-+++ b/MdePkg/MdePkg.dec
-@@ -823,6 +823,9 @@
-   #
-   gLinuxEfiInitrdMediaGuid       = {0x5568e427, 0x68fc, 0x4f3d, {0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68}}
- 
-+  ## Include/Protocol/CcMeasurement.h
-+  gEfiCcFinalEventsTableGuid     = { 0xdd4a4648, 0x2de7, 0x4665, { 0x96, 0x4d, 0x21, 0xd9, 0xef, 0x5f, 0xb4, 0x46 }}
-+
- [Guids.IA32, Guids.X64]
-   ## Include/Guid/Cper.h
-   gEfiIa32X64ErrorTypeCacheCheckGuid = { 0xA55701F5, 0xE3EF, 0x43de, { 0xAC, 0x72, 0x24, 0x9B, 0x57, 0x3F, 0xAD, 0x2C }}
-@@ -1011,6 +1014,9 @@
-   ## Include/Protocol/PcdInfo.h
-   gGetPcdInfoProtocolGuid        = { 0x5be40f57, 0xfa68, 0x4610, { 0xbb, 0xbf, 0xe9, 0xc5, 0xfc, 0xda, 0xd3, 0x65 } }
- 
-+  ## Include/Protocol/CcMeasurement.h
-+  gEfiCcMeasurementProtocolGuid  = { 0x96751a3d, 0x72f4, 0x41a6, { 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b }}
-+
-   #
-   # Protocols defined in PI1.0.
-   #
--- 
-2.41.0
-

SOURCES/edk2-MdePkg-Rng-Add-GUID-to-describe-Arm-Rndr-Rng-algorit.patch

@@ -1,91 +0,0 @@
-From 2a01056c29542a10941cb32929032b80df091a17 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 16:04:48 -0400
-Subject: [PATCH 19/31] MdePkg/Rng: Add GUID to describe Arm Rndr Rng
- algorithms
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [19/31] 58b0f069c74b00eb6476427dd84a50a86aceb598
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
-Author: Pierre Gondois <pierre.gondois@arm.com>
-Date:   Fri Aug 11 16:33:06 2023 +0200
-
-    MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
-
-    The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
-    implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
-    To allow the RngDxe to detect when such implementation is used,
-    a GetRngGuid() function is added in a following patch.
-
-    Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
-    to describe a Rng algorithm accessed through Arm's RNDR instruction.
-    [1] states that the implementation of this algorithm should be
-    compliant to NIST SP900-80. The compliance is not guaranteed.
-
-    [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
-    sK12.1 'Properties of the generated random number'
-
-    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Acked-by: Ard Biesheuvel <ardb@kernel.org>
-    Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Include/Protocol/Rng.h | 10 ++++++++++
- MdePkg/MdePkg.dec             |  1 +
- 2 files changed, 11 insertions(+)
-
-diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
-index baf425587b..38bde53240 100644
---- a/MdePkg/Include/Protocol/Rng.h
-+++ b/MdePkg/Include/Protocol/Rng.h
-@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
-   { \
-     0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
-   }
-+///
-+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
-+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
-+/// inclusive of different geographies.
-+///
-+#define EFI_RNG_ALGORITHM_ARM_RNDR \
-+  { \
-+    0x43d2fde3, 0x9d4e, 0x4d79,  {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
-+  }
- 
- /**
-   Returns information about the random number generation implementation.
-@@ -146,5 +155,6 @@ extern EFI_GUID  gEfiRngAlgorithmSp80090Ctr256Guid;
- extern EFI_GUID  gEfiRngAlgorithmX9313DesGuid;
- extern EFI_GUID  gEfiRngAlgorithmX931AesGuid;
- extern EFI_GUID  gEfiRngAlgorithmRaw;
-+extern EFI_GUID  gEfiRngAlgorithmArmRndr;
- 
- #endif
-diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
-index 8f05e822ac..36501e8bb9 100644
---- a/MdePkg/MdePkg.dec
-+++ b/MdePkg/MdePkg.dec
-@@ -594,6 +594,7 @@
-   gEfiRngAlgorithmX9313DesGuid       = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
-   gEfiRngAlgorithmX931AesGuid        = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
-   gEfiRngAlgorithmRaw                = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
-+  gEfiRngAlgorithmArmRndr            = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
- 
-   ## Include/Protocol/AdapterInformation.h
-   gEfiAdapterInfoMediaStateGuid       = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-Rng-Add-GetRngGuid-to-RngLib.patch

@@ -1,409 +0,0 @@
-From b466e2545e25ebb2004ae9b9f95c6c2f60d1f168 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 16:08:28 -0400
-Subject: [PATCH 21/31] MdePkg/Rng: Add GetRngGuid() to RngLib
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [21/31] 54783ad88ba101c620240aa463c5d758fa416c31
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
-Author: Pierre Gondois <pierre.gondois@arm.com>
-Date:   Fri Aug 11 16:33:08 2023 +0200
-
-    MdePkg/Rng: Add GetRngGuid() to RngLib
-
-    The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple
-    implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
-    To allow the RngDxe to detect when such implementation is used,
-    add a GetRngGuid() function to the RngLib.
-
-    Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-    Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-    Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-    Acked-by: Ard Biesheuvel <ardb@kernel.org>
-    Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  4 ++
- .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 28 +++++++++++++
- MdePkg/Include/Library/RngLib.h               | 19 ++++++++-
- MdePkg/Library/BaseRngLib/AArch64/Rndr.c      | 42 +++++++++++++++++++
- MdePkg/Library/BaseRngLib/BaseRngLib.inf      | 10 +++++
- MdePkg/Library/BaseRngLib/Rand/RdRand.c       | 26 ++++++++++++
- .../Library/BaseRngLibNull/BaseRngLibNull.c   | 22 ++++++++++
- .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 23 ++++++++++
- MdePkg/Library/DxeRngLib/DxeRngLib.c          | 28 +++++++++++++
- 9 files changed, 201 insertions(+), 1 deletion(-)
-
-diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-index f729001060..8461260cc8 100644
---- a/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-@@ -29,6 +29,10 @@
- 
- [Packages]
-   MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+
-+[Guids]
-+  gEdkiiRngAlgorithmUnSafe
- 
- [LibraryClasses]
-   BaseLib
-diff --git a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-index 980854d67b..28ff46c71f 100644
---- a/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-+++ b/MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-@@ -2,14 +2,18 @@
-   BaseRng Library that uses the TimerLib to provide reasonably random numbers.
-   Do not use this on a production system.
- 
-+  Copyright (c) 2023, Arm Limited. All rights reserved.
-   Copyright (c) Microsoft Corporation.
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- **/
- 
- #include <Base.h>
-+#include <Uefi.h>
- #include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
- #include <Library/DebugLib.h>
- #include <Library/TimerLib.h>
-+#include <Guid/RngAlgorithm.h>
- 
- #define DEFAULT_DELAY_TIME_IN_MICROSECONDS  10
- 
-@@ -190,3 +194,27 @@ GetRandomNumber128 (
-   // Read second 64 bits
-   return GetRandomNumber64 (++Rand);
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  if (RngGuid == NULL) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  CopyMem (RngGuid, &gEdkiiRngAlgorithmUnSafe, sizeof (*RngGuid));
-+  return EFI_SUCCESS;
-+}
-diff --git a/MdePkg/Include/Library/RngLib.h b/MdePkg/Include/Library/RngLib.h
-index 05e513022e..801aa6d5bd 100644
---- a/MdePkg/Include/Library/RngLib.h
-+++ b/MdePkg/Include/Library/RngLib.h
-@@ -1,6 +1,7 @@
- /** @file
-   Provides random number generator services.
- 
-+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
- 
-@@ -77,4 +78,20 @@ GetRandomNumber128 (
-   OUT     UINT64                    *Rand
-   );
- 
--#endif  // __RNG_LIB_H__
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  );
-+
-+#endif // __RNG_LIB_H__
-diff --git a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
-index c9f8c813ed..7641314a54 100644
---- a/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
-+++ b/MdePkg/Library/BaseRngLib/AArch64/Rndr.c
-@@ -2,6 +2,7 @@
-   Random number generator service that uses the RNDR instruction
-   to provide pseudorandom numbers.
- 
-+  Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
-   Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
-   Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- 
-@@ -11,6 +12,7 @@
- 
- #include <Uefi.h>
- #include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
- #include <Library/DebugLib.h>
- #include <Library/RngLib.h>
- 
-@@ -137,3 +139,43 @@ ArchIsRngSupported (
- {
-   return mRndrSupported;
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  GUID  *RngLibGuid;
-+
-+  if (RngGuid == NULL) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  if (!mRndrSupported) {
-+    return EFI_UNSUPPORTED;
-+  }
-+
-+  //
-+  // If the platform advertises the algorithm behind RNDR instruction,
-+  // use it. Otherwise use gEfiRngAlgorithmArmRndr.
-+  //
-+  RngLibGuid = PcdGetPtr (PcdCpuRngSupportedAlgorithm);
-+  if (!IsZeroGuid (RngLibGuid)) {
-+    CopyMem (RngGuid, RngLibGuid, sizeof (*RngGuid));
-+  } else {
-+    CopyMem (RngGuid, &gEfiRngAlgorithmArmRndr, sizeof (*RngGuid));
-+  }
-+
-+  return EFI_SUCCESS;
-+}
-diff --git a/MdePkg/Library/BaseRngLib/BaseRngLib.inf b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
-index 1fcceb9414..49503b139b 100644
---- a/MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+++ b/MdePkg/Library/BaseRngLib/BaseRngLib.inf
-@@ -4,6 +4,7 @@
- #  BaseRng Library that uses CPU RNG instructions (e.g. RdRand) to
- #  provide random numbers.
- #
-+#  Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
- #  Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
- #  Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- #
-@@ -43,9 +44,18 @@
-   AArch64/ArmReadIdIsar0.asm | MSFT
-   AArch64/ArmRng.asm         | MSFT
- 
-+[Guids.AARCH64]
-+  gEfiRngAlgorithmArmRndr
-+
-+[Guids.Ia32, Guids.X64]
-+  gEfiRngAlgorithmSp80090Ctr256Guid
-+
- [Packages]
-   MdePkg/MdePkg.dec
- 
-+[Pcd.AARCH64]
-+  gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
-+
- [LibraryClasses]
-   BaseLib
-   DebugLib
-diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-index 09fb875ac3..aee8ea04e8 100644
---- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-@@ -2,6 +2,7 @@
-   Random number generator services that uses RdRand instruction access
-   to provide high-quality random numbers.
- 
-+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
- Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- 
-@@ -11,6 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- #include <Uefi.h>
- #include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
- #include <Library/DebugLib.h>
- 
- #include "BaseRngLibInternals.h"
-@@ -129,3 +131,27 @@ ArchIsRngSupported (
-   */
-   return TRUE;
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  if (RngGuid == NULL) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  CopyMem (RngGuid, &gEfiRngAlgorithmSp80090Ctr256Guid, sizeof (*RngGuid));
-+  return EFI_SUCCESS;
-+}
-diff --git a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
-index cad30599ea..34a18e6a4d 100644
---- a/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
-+++ b/MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
-@@ -1,13 +1,16 @@
- /** @file
-   Null version of Random number generator services.
- 
-+Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
- Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
- 
-+#include <Uefi.h>
- #include <Library/DebugLib.h>
- #include <Library/RngLib.h>
-+#include <Protocol/Rng.h>
- 
- /**
-   Generates a 16-bit random number.
-@@ -92,3 +95,22 @@ GetRandomNumber128 (
-   ASSERT (FALSE);
-   return FALSE;
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  return EFI_UNSUPPORTED;
-+}
-diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-index 6b8392162b..7337500fec 100644
---- a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-+++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
-@@ -209,3 +209,26 @@ GetRandomNumber128 (
-   // Read second 64 bits
-   return GetRandomNumber64 (++Rand);
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+RETURN_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  /* This implementation is to be replaced by its MdeModulePkg copy.
-+   * The cause being that some GUIDs (gEdkiiRngAlgorithmUnSafe) cannot
-+   * be defined in the MdePkg.
-+   */
-+  return RETURN_UNSUPPORTED;
-+}
-diff --git a/MdePkg/Library/DxeRngLib/DxeRngLib.c b/MdePkg/Library/DxeRngLib/DxeRngLib.c
-index 4b2fc1cde5..20248b4107 100644
---- a/MdePkg/Library/DxeRngLib/DxeRngLib.c
-+++ b/MdePkg/Library/DxeRngLib/DxeRngLib.c
-@@ -1,6 +1,7 @@
- /** @file
-  Provides an implementation of the library class RngLib that uses the Rng protocol.
- 
-+ Copyright (c) 2023, Arm Limited. All rights reserved.
-  Copyright (c) Microsoft Corporation. All rights reserved.
-  SPDX-License-Identifier: BSD-2-Clause-Patent
- 
-@@ -204,3 +205,30 @@ GetRandomNumber128 (
-   }
-   return TRUE;
- }
-+
-+/**
-+  Get a GUID identifying the RNG algorithm implementation.
-+
-+  @param [out] RngGuid  If success, contains the GUID identifying
-+                        the RNG algorithm implementation.
-+
-+  @retval EFI_SUCCESS             Success.
-+  @retval EFI_UNSUPPORTED         Not supported.
-+  @retval EFI_INVALID_PARAMETER   Invalid parameter.
-+**/
-+EFI_STATUS
-+EFIAPI
-+GetRngGuid (
-+  GUID  *RngGuid
-+  )
-+{
-+  /* It is not possible to know beforehand which Rng algorithm will
-+   * be used by this library.
-+   * This API is mainly used by RngDxe. RngDxe relies on the RngLib.
-+   * The RngLib|DxeRngLib.inf implementation locates and uses an installed
-+   * EFI_RNG_PROTOCOL.
-+   * It is thus not possible to have both RngDxe and RngLib|DxeRngLib.inf.
-+   * and it is ok not to support this API.
-+   */
-+  return EFI_UNSUPPORTED;
-+}
--- 
-2.39.3
-

SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch

@@ -1,63 +0,0 @@
-From 634ee7a8cef2eac9f41cff4b42859d9d54b204bf Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:35:27 -0400
-Subject: [PATCH 29/31] MdePkg/X86UnitTestHost: set rdrand cpuid bit
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [29/31] 60851c6253df6f0114dc2c5598e0dde139d56c4c
-
-JIRA: https://issues.redhat.com/browse/RHEL-21856
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 5e776299a2604b336a947e68593012ab2cc16eb4
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri Jun 14 11:45:53 2024 +0200
-
-    MdePkg/X86UnitTestHost: set rdrand cpuid bit
-
-    Set the rdrand feature bit when faking cpuid for host test cases.
-    Needed to make the CryptoPkg test cases work.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
-index d0e428457e..abc092a990 100644
---- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
-+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
-@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
-   OUT     UINT32                    *Edx   OPTIONAL
-   )
- {
-+  UINT32  RetEcx;
-+
-+  RetEcx = 0;
-+  switch (Index) {
-+    case 1:
-+      RetEcx |= BIT30; /* RdRand */
-+      break;
-+  }
-+
-   if (Eax != NULL) {
-     *Eax = 0;
-   }
-@@ -73,7 +82,7 @@ UnitTestHostBaseLibAsmCpuid (
-     *Ebx = 0;
-   }
-   if (Ecx != NULL) {
--    *Ecx = 0;
-+    *Ecx = RetEcx;
-   }
-   if (Edx != NULL) {
-     *Edx = 0;
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch

@@ -1,169 +0,0 @@
-From aa66757951e9880df4e21e191142400480aa3908 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 8 Feb 2024 10:35:14 -0500
-Subject: [PATCH 15/17] NetworkPkg: : Add Unit tests to CI and create Host Test
- DSC
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [2/4] 6669306e2dbb5aa3e7691d57f4a61685b7cd57b2 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21842
-CVE: CVE-2023-45230
-Upstream: Merged
-
-commit 8014ac2d7bbbc503f5562b51af46bb20ae3d22ff
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:44 2024 +0800
-
-    NetworkPkg: : Add Unit tests to CI and create Host Test DSC
-
-    Adds Host Based testing to the NetworkPkg
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/NetworkPkg.ci.yaml          |  7 +-
- NetworkPkg/Test/NetworkPkgHostTest.dsc | 98 ++++++++++++++++++++++++++
- 2 files changed, 104 insertions(+), 1 deletion(-)
- create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
-
-diff --git a/NetworkPkg/NetworkPkg.ci.yaml b/NetworkPkg/NetworkPkg.ci.yaml
-index 07dc7abd69..076424eb60 100644
---- a/NetworkPkg/NetworkPkg.ci.yaml
-+++ b/NetworkPkg/NetworkPkg.ci.yaml
-@@ -24,6 +24,9 @@
-     "CompilerPlugin": {
-         "DscPath": "NetworkPkg.dsc"
-     },
-+    "HostUnitTestCompilerPlugin": {
-+        "DscPath": "Test/NetworkPkgHostTest.dsc"
-+    },
-     "CharEncodingCheck": {
-         "IgnoreFiles": []
-     },
-@@ -35,7 +38,9 @@
-             "CryptoPkg/CryptoPkg.dec"
-         ],
-         # For host based unit tests
--        "AcceptableDependencies-HOST_APPLICATION":[],
-+        "AcceptableDependencies-HOST_APPLICATION":[
-+            UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+        ],
-         # For UEFI shell based apps
-         "AcceptableDependencies-UEFI_APPLICATION":[
-             "ShellPkg/ShellPkg.dec"
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-new file mode 100644
-index 0000000000..1aeca5c5b3
---- /dev/null
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -0,0 +1,98 @@
-+## @file
-+# NetworkPkgHostTest DSC file used to build host-based unit tests.
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+#
-+##
-+[Defines]
-+  PLATFORM_NAME           = NetworkPkgHostTest
-+  PLATFORM_GUID           = 3b68324e-fc07-4d49-9520-9347ede65879
-+  PLATFORM_VERSION        = 0.1
-+  DSC_SPECIFICATION       = 0x00010005
-+  OUTPUT_DIRECTORY        = Build/NetworkPkg/HostTest
-+  SUPPORTED_ARCHITECTURES = IA32|X64|AARCH64
-+  BUILD_TARGETS           = NOOPT
-+  SKUID_IDENTIFIER        = DEFAULT
-+
-+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+
-+[Components]
-+  #
-+  # Build HOST_APPLICATION that tests NetworkPkg
-+  #
-+
-+# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
-+[LibraryClasses]
-+  NetLib|NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
-+  DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
-+  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
-+  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
-+  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
-+  HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
-+  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
-+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
-+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
-+  UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
-+  UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
-+  UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
-+  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
-+  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
-+  UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
-+  UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
-+  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
-+  PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
-+  PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
-+  DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
-+  DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
-+  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
-+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-+!ifdef CONTINUOUS_INTEGRATION
-+  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
-+  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
-+!else
-+  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
-+  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
-+!endif
-+  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
-+  FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
-+  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
-+  SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
-+  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
-+
-+!if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022
-+[LibraryClasses.X64]
-+  # Provide StackCookie support lib so that we can link to /GS exports for VS builds
-+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+!endif
-+
-+[LibraryClasses.common.UEFI_DRIVER]
-+  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
-+  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
-+  DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
-+[LibraryClasses.common.UEFI_APPLICATION]
-+  DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
-+  ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
-+[LibraryClasses.ARM, LibraryClasses.AARCH64]
-+  #
-+  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-+  # This library provides the instrinsic functions generated by a given compiler.
-+  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-+  #
-+!if $(TOOL_CHAIN_TAG) != VS2017 and $(TOOL_CHAIN_TAG) != VS2015 and $(TOOL_CHAIN_TAG) != VS2019
-+  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-+!endif
-+  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-+[LibraryClasses.ARM]
-+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+[LibraryClasses.RISCV64]
-+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
-+
-+[PcdsFixedAtBuild]
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType|0x4
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch

@@ -1,170 +0,0 @@
-From ffa1202da2f55c1f540240e8267db9a7ec8d6a60 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 11/15] NetworkPkg: : Adds a SecurityFix.yaml file
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [11/15] 8a46b763887843d00293997bdd7d50ea120104d9
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit 1d0b95f6457d225c5108302a9da74b4ed7aa5a38
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:57 2024 +0800
-
-    NetworkPkg: : Adds a SecurityFix.yaml file
-
-    This creates / adds a security file that tracks the security fixes
-    found in this package and can be used to find the fixes that were
-    applied.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/SecurityFixes.yaml | 123 ++++++++++++++++++++++++++++++++++
- 1 file changed, 123 insertions(+)
- create mode 100644 NetworkPkg/SecurityFixes.yaml
-
-diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-new file mode 100644
-index 0000000000..7e900483fe
---- /dev/null
-+++ b/NetworkPkg/SecurityFixes.yaml
-@@ -0,0 +1,123 @@
-+## @file
-+# Security Fixes for SecurityPkg
-+#
-+# Copyright (c) Microsoft Corporation
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+CVE_2023_45229:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests"
-+  cve: CVE-2023-45229
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 01 - edk2/NetworkPkg: Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45229
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45230:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests"
-+  cve: CVE-2023-45230
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 02 - edk2/NetworkPkg: Buffer overflow in the DHCPv6 client via a long Server ID option"
-+  note:
-+  files_impacted:
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Io.c
-+    - NetworkPkg\Dhcp6Dxe\Dhcp6Impl.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4535
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45230
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45231:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests"
-+  cve: CVE-2023-45231
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 03 - edk2/NetworkPkg: Out-of-bounds read when handling a ND Redirect message with truncated options"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45231
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45232:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
-+  cve: CVE-2023-45232
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 04 - edk2/NetworkPkg: Infinite loop when parsing unknown options in the Destination Options header"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+    - NetworkPkg/Ip6Dxe/Ip6Option.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45232
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45233:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests"
-+  cve: CVE-2023-45233
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 05 - edk2/NetworkPkg: Infinite loop when parsing a PadN option in the Destination Options header "
-+  note: This was fixed along with CVE-2023-45233
-+  files_impacted:
-+    - NetworkPkg/Ip6Dxe/Ip6Option.c
-+    - NetworkPkg/Ip6Dxe/Ip6Option.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45233
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45234:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45234 Unit Tests"
-+  cve: CVE-2023-45234
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 06 - edk2/NetworkPkg: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45234
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45235:
-+  commit_titles:
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Patch"
-+    - "NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45235 Unit Tests"
-+  cve: CVE-2023-45235
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 07 - edk2/NetworkPkg: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+    - NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45235
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch

@@ -1,69 +0,0 @@
-From 649fe647114ca5dee84b0c55106ee58a9703984f Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 15/15] NetworkPkg: Dhcp6Dxe: Packet-Length is not updated
- before appending
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [15/15] bc7ef287311bb3f757bc26f8921875566bcb5917
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 75deaf5c3c0d164c61653258c331151241bb69d8
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:02 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: Packet-Length is not updated before appending
-
-    In order for Dhcp6AppendIaAddrOption (..) to safely append the IA
-    Address option, the Packet-Length field must be updated before appending
-    the option.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-index e172ffc2a2..c23eff8766 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-@@ -948,6 +948,11 @@ Dhcp6AppendIaOption (
-     *PacketCursor += sizeof (T2);
-   }
- 
-+  //
-+  // Update the packet length
-+  //
-+  Packet->Length += BytesNeeded;
-+
-   //
-   // Fill all the addresses belong to the Ia
-   //
-@@ -959,11 +964,6 @@ Dhcp6AppendIaOption (
-     }
-   }
- 
--  //
--  // Update the packet length
--  //
--  Packet->Length += BytesNeeded;
--
-   //
-   // Fill the value of Ia option length
-   //
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch

@@ -1,161 +0,0 @@
-From 4bf844922a963cb20fb1e72ca11a65a673992ca2 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 14/15] NetworkPkg: Dhcp6Dxe: Removes duplicate check and
- replaces with macro
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [14/15] a943400f9267b219bf1fd202534500f82a2a4c56
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit af3fad99d6088881562e50149f414f76a5be0140
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:01 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: Removes duplicate check and replaces with macro
-
-    Removes duplicate check after merge
-
-    >
-    >  //
-    >  // Verify the PacketCursor is within the packet
-    >  //
-    >  if (  (*PacketCursor < Packet->Dhcp6.Option)
-    >     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size -
-    sizeof (EFI_DHCP6_HEADER))))
-    >  {
-    >    return EFI_INVALID_PARAMETER;
-    >  }
-    >
-
-    Converts the check to a macro and replaces all instances of the check
-    with the macro
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 43 +++++++++++++-----------------
- 1 file changed, 18 insertions(+), 25 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-index 484c360a96..e172ffc2a2 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
-@@ -10,6 +10,15 @@
- 
- #include "Dhcp6Impl.h"
- 
-+//
-+// Verifies the packet cursor is within the packet
-+// otherwise it is invalid
-+//
-+#define IS_INVALID_PACKET_CURSOR(PacketCursor, Packet) \
-+  (((*PacketCursor) < (Packet)->Dhcp6.Option) || \
-+   ((*PacketCursor) >= (Packet)->Dhcp6.Option + ((Packet)->Size - sizeof(EFI_DHCP6_HEADER))) \
-+  )                                                                            \
-+
- 
- /**
-   Generate client Duid in the format of Duid-llt.
-@@ -662,9 +671,7 @@ Dhcp6AppendOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -681,15 +688,6 @@ Dhcp6AppendOption (
-     return EFI_BUFFER_TOO_SMALL;
-   }
- 
--  //
--  // Verify the PacketCursor is within the packet
--  //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
--    return EFI_INVALID_PARAMETER;
--  }
--
-   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);
-   *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;
-   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);
-@@ -768,9 +766,7 @@ Dhcp6AppendIaAddrOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -902,9 +898,7 @@ Dhcp6AppendIaOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
-@@ -966,14 +960,14 @@ Dhcp6AppendIaOption (
-   }
- 
-   //
--  // Fill the value of Ia option length
-+  // Update the packet length
-   //
--  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
-+  Packet->Length += BytesNeeded;
- 
-   //
--  // Update the packet length
-+  // Fill the value of Ia option length
-   //
--  Packet->Length += BytesNeeded;
-+  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));
- 
-   return EFI_SUCCESS;
- }
-@@ -982,6 +976,7 @@ Dhcp6AppendIaOption (
-   Append the appointed Elapsed time option to Buf, and move Buf to the end.
- 
-   @param[in, out] Packet        A pointer to the packet, on success Packet->Length
-+                                will be updated.
-   @param[in, out] PacketCursor  The pointer in the packet, on success PacketCursor
-                                 will be moved to the end of the option.
-   @param[in]      Instance      The pointer to the Dhcp6 instance.
-@@ -1037,9 +1032,7 @@ Dhcp6AppendETOption (
-   //
-   // Verify the PacketCursor is within the packet
-   //
--  if (  (*PacketCursor < Packet->Dhcp6.Option)
--     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))
--  {
-+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {
-     return EFI_INVALID_PARAMETER;
-   }
- 
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Pa.patch

@@ -1,621 +0,0 @@
-From a115d0a66c3e73c60b74ec6d09e3759da89e919b Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 9 Feb 2024 17:57:07 -0500
-Subject: [PATCH 17/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [4/4] 3daf69000f78416ee1f1bad0b6ceb01ed28a84a5 (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 1dbb10cc52dc8ef49bb700daa1cefc76b26d52e0
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:46 2024 +0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-
-    Bug Details:
-    PixieFail Bug #1
-    CVE-2023-45229
-    CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    CWE-125 Out-of-bounds Read
-
-    Change Overview:
-
-    Introduce Dhcp6SeekInnerOptionSafe which performs checks before seeking
-    the Inner Option from a DHCP6 Option.
-
-    >
-    > EFI_STATUS
-    > Dhcp6SeekInnerOptionSafe (
-    >  IN  UINT16  IaType,
-    >  IN  UINT8   *Option,
-    >  IN  UINT32  OptionLen,
-    >  OUT UINT8   **IaInnerOpt,
-    >  OUT UINT16  *IaInnerLen
-    >  );
-    >
-
-    Lots of code cleanup to improve code readability.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 138 ++++++++++++++++++---
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c   | 205 +++++++++++++++++++++-----------
- 2 files changed, 257 insertions(+), 86 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-index ec0ed5d8f5..e759ab9a62 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h
-@@ -47,6 +47,20 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
- #define DHCP6_SERVICE_SIGNATURE   SIGNATURE_32 ('D', 'H', '6', 'S')
- #define DHCP6_INSTANCE_SIGNATURE  SIGNATURE_32 ('D', 'H', '6', 'I')
- 
-+#define DHCP6_PACKET_ALL        0
-+#define DHCP6_PACKET_STATEFUL   1
-+#define DHCP6_PACKET_STATELESS  2
-+
-+#define DHCP6_BASE_PACKET_SIZE  1024
-+
-+#define DHCP6_PORT_CLIENT  546
-+#define DHCP6_PORT_SERVER  547
-+
-+#define DHCP_CHECK_MEDIA_WAITING_TIME    EFI_TIMER_PERIOD_SECONDS(20)
-+
-+#define DHCP6_INSTANCE_FROM_THIS(Instance) CR ((Instance), DHCP6_INSTANCE, Dhcp6, DHCP6_INSTANCE_SIGNATURE)
-+#define DHCP6_SERVICE_FROM_THIS(Service)   CR ((Service), DHCP6_SERVICE, ServiceBinding, DHCP6_SERVICE_SIGNATURE)
-+
- //
- // For more information on DHCP options see RFC 8415, Section 21.1
- //
-@@ -61,12 +75,10 @@ typedef struct _DHCP6_INSTANCE DHCP6_INSTANCE;
- //    |                      (option-len octets)                      |
- //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- //
--#define DHCP6_SIZE_OF_OPT_CODE  (sizeof(UINT16))
--#define DHCP6_SIZE_OF_OPT_LEN   (sizeof(UINT16))
-+#define DHCP6_SIZE_OF_OPT_CODE  (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpCode))
-+#define DHCP6_SIZE_OF_OPT_LEN   (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpLen))
- 
--//
- // Combined size of Code and Length
--//
- #define DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN  (DHCP6_SIZE_OF_OPT_CODE + \
-                                               DHCP6_SIZE_OF_OPT_LEN)
- 
-@@ -75,34 +87,122 @@ STATIC_ASSERT (
-   "Combined size of Code and Length must be 4 per RFC 8415"
-   );
- 
--//
- // Offset to the length is just past the code
--//
--#define DHCP6_OPT_LEN_OFFSET(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
-+#define DHCP6_OFFSET_OF_OPT_LEN(a)  (a + DHCP6_SIZE_OF_OPT_CODE)
- STATIC_ASSERT (
--  DHCP6_OPT_LEN_OFFSET (0) == 2,
-+  DHCP6_OFFSET_OF_OPT_LEN (0) == 2,
-   "Offset of length is + 2 past start of option"
-   );
- 
--#define DHCP6_OPT_DATA_OFFSET(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
-+#define DHCP6_OFFSET_OF_OPT_DATA(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
- STATIC_ASSERT (
--  DHCP6_OPT_DATA_OFFSET (0) == 4,
-+  DHCP6_OFFSET_OF_OPT_DATA (0) == 4,
-   "Offset to option data should be +4 from start of option"
-   );
-+//
-+// Identity Association options (both NA (Non-Temporary) and TA (Temporary Association))
-+// are defined in RFC 8415 and are a deriviation of a TLV stucture
-+// For more information on IA_NA see Section 21.4
-+// For more information on IA_TA see Section 21.5
-+//
-+//
-+//  The format of IA_NA and IA_TA option:
-+//
-+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |          OPTION_IA_NA         |          option-len           |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        IAID (4 octets)                        |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        T1 (only for IA_NA)                    |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                        T2 (only for IA_NA)                    |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |                                                               |
-+//    .                  IA_NA-options/IA_TA-options                  .
-+//    .                                                               .
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+#define DHCP6_SIZE_OF_IAID           (sizeof(UINT32))
-+#define DHCP6_SIZE_OF_TIME_INTERVAL  (sizeof(UINT32))
- 
--#define DHCP6_PACKET_ALL        0
--#define DHCP6_PACKET_STATEFUL   1
--#define DHCP6_PACKET_STATELESS  2
-+// Combined size of IAID, T1, and T2
-+#define DHCP6_SIZE_OF_COMBINED_IAID_T1_T2  (DHCP6_SIZE_OF_IAID +  \
-+                                            DHCP6_SIZE_OF_TIME_INTERVAL + \
-+                                            DHCP6_SIZE_OF_TIME_INTERVAL)
-+STATIC_ASSERT (
-+  DHCP6_SIZE_OF_COMBINED_IAID_T1_T2 == 12,
-+  "Combined size of IAID, T1, T2 must be 12 per RFC 8415"
-+  );
- 
--#define DHCP6_BASE_PACKET_SIZE    1024
-+// This is the size of IA_TA without options
-+#define DHCP6_MIN_SIZE_OF_IA_TA  (DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                  DHCP6_SIZE_OF_IAID)
-+STATIC_ASSERT (
-+  DHCP6_MIN_SIZE_OF_IA_TA == 8,
-+  "Minimum combined size of IA_TA per RFC 8415"
-+  );
- 
--#define DHCP6_PORT_CLIENT         546
--#define DHCP6_PORT_SERVER         547
-+// Offset to a IA_TA inner option
-+#define DHCP6_OFFSET_OF_IA_TA_INNER_OPT(a)  (a + DHCP6_MIN_SIZE_OF_IA_TA)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_TA_INNER_OPT (0) == 8,
-+  "Offset of IA_TA Inner option is + 8 past start of option"
-+  );
- 
--#define DHCP_CHECK_MEDIA_WAITING_TIME    EFI_TIMER_PERIOD_SECONDS(20)
-+// This is the size of IA_NA without options (16)
-+#define DHCP6_MIN_SIZE_OF_IA_NA  DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                 DHCP6_SIZE_OF_COMBINED_IAID_T1_T2
-+STATIC_ASSERT (
-+  DHCP6_MIN_SIZE_OF_IA_NA == 16,
-+  "Minimum combined size of IA_TA per RFC 8415"
-+  );
- 
--#define DHCP6_INSTANCE_FROM_THIS(Instance) CR ((Instance), DHCP6_INSTANCE, Dhcp6, DHCP6_INSTANCE_SIGNATURE)
--#define DHCP6_SERVICE_FROM_THIS(Service)   CR ((Service), DHCP6_SERVICE, ServiceBinding, DHCP6_SERVICE_SIGNATURE)
-+#define DHCP6_OFFSET_OF_IA_NA_INNER_OPT(a)  (a + DHCP6_MIN_SIZE_OF_IA_NA)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_INNER_OPT (0) == 16,
-+  "Offset of IA_NA Inner option is + 16 past start of option"
-+  );
-+
-+#define DHCP6_OFFSET_OF_IA_NA_T1(a)  (a + \
-+                                   DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN + \
-+                                   DHCP6_SIZE_OF_IAID)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_T1 (0) == 8,
-+  "Offset of IA_NA Inner option is + 8 past start of option"
-+  );
-+
-+#define DHCP6_OFFSET_OF_IA_NA_T2(a)  (a + \
-+                                   DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN +\
-+                                   DHCP6_SIZE_OF_IAID + \
-+                                   DHCP6_SIZE_OF_TIME_INTERVAL)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_IA_NA_T2 (0) == 12,
-+  "Offset of IA_NA Inner option is + 12 past start of option"
-+  );
-+
-+//
-+// For more information see RFC 8415 Section 21.13
-+//
-+// The format of the Status Code Option:
-+//
-+//     0                   1                   2                   3
-+//     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |       OPTION_STATUS_CODE      |         option-len            |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |          status-code          |                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
-+//    .                                                               .
-+//    .                        status-message                         .
-+//    .                                                               .
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+#define DHCP6_OFFSET_OF_STATUS_CODE(a)  (a + DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN)
-+STATIC_ASSERT (
-+  DHCP6_OFFSET_OF_STATUS_CODE (0) == 4,
-+  "Offset of status is + 4 past start of option"
-+  );
- 
- extern EFI_IPv6_ADDRESS           mAllDhcpRelayAndServersAddress;
- extern EFI_DHCP6_PROTOCOL         gDhcp6ProtocolTemplate;
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-index 2976684aba..d680febbf1 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-@@ -611,8 +611,8 @@ Dhcp6UpdateIaInfo (
-   // The inner options still start with 2 bytes option-code and 2 bytes option-len.
-   //
-   if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
--    T1 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 8)));
--    T2 = NTOHL (ReadUnaligned32 ((UINT32 *) (Option + 12)));
-+    T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T1 (Option))));
-+    T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T2 (Option))));
-     //
-     // Refer to RFC3155 Chapter 22.4. If a client receives an IA_NA with T1 greater than T2,
-     // and both T1 and T2 are greater than 0, the client discards the IA_NA option and processes
-@@ -621,13 +621,14 @@ Dhcp6UpdateIaInfo (
-     if (T1 > T2 && T2 > 0) {
-       return EFI_DEVICE_ERROR;
-     }
--    IaInnerOpt = Option + 16;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 12);
-+    IaInnerOpt = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
-+    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_COMBINED_IAID_T1_T2);
-   } else {
-     T1 = 0;
-     T2 = 0;
--    IaInnerOpt = Option + 8;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 2))) - 4);
-+
-+    IaInnerOpt = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
-+    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_IAID);
-   }
- 
-   //
-@@ -653,7 +654,7 @@ Dhcp6UpdateIaInfo (
-   Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
- 
-   if (Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -675,6 +676,87 @@ Dhcp6UpdateIaInfo (
- 
- 
- 
-+/**
-+  Seeks the Inner Options from a DHCP6 Option
-+
-+  @param[in]  IaType          The type of the IA option.
-+  @param[in]  Option          The pointer to the DHCP6 Option.
-+  @param[in]  OptionLen       The length of the DHCP6 Option.
-+  @param[out] IaInnerOpt      The pointer to the IA inner option.
-+  @param[out] IaInnerLen      The length of the IA inner option.
-+
-+  @retval EFI_SUCCESS         Seek the inner option successfully.
-+  @retval EFI_DEVICE_ERROR    The OptionLen is invalid. On Error,
-+                              the pointers are not modified
-+**/
-+EFI_STATUS
-+Dhcp6SeekInnerOptionSafe (
-+  IN  UINT16  IaType,
-+  IN  UINT8   *Option,
-+  IN  UINT32  OptionLen,
-+  OUT UINT8   **IaInnerOpt,
-+  OUT UINT16  *IaInnerLen
-+  )
-+{
-+  UINT16  IaInnerLenTmp;
-+  UINT8   *IaInnerOptTmp;
-+
-+  if (Option == NULL) {
-+    ASSERT (Option != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaInnerOpt == NULL) {
-+    ASSERT (IaInnerOpt != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaInnerLen == NULL) {
-+    ASSERT (IaInnerLen != NULL);
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  if (IaType == Dhcp6OptIana) {
-+    // Verify we have a fully formed IA_NA
-+    if (OptionLen < DHCP6_MIN_SIZE_OF_IA_NA) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    //
-+    IaInnerOptTmp = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
-+
-+    // Verify the IaInnerLen is valid.
-+    IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN (Option)));
-+    if (IaInnerLenTmp < DHCP6_SIZE_OF_COMBINED_IAID_T1_T2) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerLenTmp -= DHCP6_SIZE_OF_COMBINED_IAID_T1_T2;
-+  } else if (IaType == Dhcp6OptIata) {
-+    // Verify the OptionLen is valid.
-+    if (OptionLen < DHCP6_MIN_SIZE_OF_IA_TA) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerOptTmp = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
-+
-+    // Verify the IaInnerLen is valid.
-+    IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-+    if (IaInnerLenTmp < DHCP6_SIZE_OF_IAID) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+
-+    IaInnerLenTmp -= DHCP6_SIZE_OF_IAID;
-+  } else {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  *IaInnerOpt = IaInnerOptTmp;
-+  *IaInnerLen = IaInnerLenTmp;
-+
-+  return EFI_SUCCESS;
-+}
-+
- /**
-   Seek StatusCode Option in package. A Status Code option may appear in the
-   options field of a DHCP message and/or in the options field of another option.
-@@ -695,9 +777,15 @@ Dhcp6SeekStsOption (
-   OUT    UINT8                    **Option
-   )
- {
--  UINT8                       *IaInnerOpt;
--  UINT16                      IaInnerLen;
--  UINT16                      StsCode;
-+  UINT8   *IaInnerOpt;
-+  UINT16  IaInnerLen;
-+  UINT16  StsCode;
-+  UINT32  OptionLen;
-+
-+  // OptionLen is the length of the Options excluding the DHCP header.
-+  // Length of the EFI_DHCP6_PACKET from the first byte of the Header field to the last
-+  // byte of the Option[] field.
-+  OptionLen = Packet->Length - sizeof (Packet->Dhcp6.Header);
- 
-   //
-   // Seek StatusCode option directly in DHCP message body. That is, search in
-@@ -705,12 +793,12 @@ Dhcp6SeekStsOption (
-   //
-   *Option = Dhcp6SeekOption (
-               Packet->Dhcp6.Option,
--              Packet->Length - 4,
-+              OptionLen,
-               Dhcp6OptStatusCode
-               );
- 
-   if (*Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_STATUS_CODE (*Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -721,7 +809,7 @@ Dhcp6SeekStsOption (
-   //
-   *Option = Dhcp6SeekIaOption (
-               Packet->Dhcp6.Option,
--              Packet->Length - sizeof (EFI_DHCP6_HEADER),
-+              OptionLen,
-               &Instance->Config->IaDescriptor
-               );
-   if (*Option == NULL) {
-@@ -729,52 +817,35 @@ Dhcp6SeekStsOption (
-   }
- 
-   //
--  // The format of the IA_NA option is:
-+  // Calculate the distance from Packet->Dhcp6.Option to the IA option.
-   //
--  //     0                   1                   2                   3
--  //     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |          OPTION_IA_NA         |          option-len           |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                        IAID (4 octets)                        |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                              T1                               |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                              T2                               |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                                                               |
--  //    .                         IA_NA-options                         .
--  //    .                                                               .
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+  // Packet->Size and Packet->Length are both UINT32 type, and Packet->Size is
-+  // the size of the whole packet, including the DHCP header, and Packet->Length
-+  // is the length of the DHCP message body, excluding the DHCP header.
-   //
--  // The format of the IA_TA option is:
-+  // (*Option - Packet->Dhcp6.Option) is the number of bytes from the start of
-+  // DHCP6 option area to the start of the IA option.
-   //
--  //     0                   1                   2                   3
--  //     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |         OPTION_IA_TA          |          option-len           |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                        IAID (4 octets)                        |
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
--  //    |                                                               |
--  //    .                         IA_TA-options                         .
--  //    .                                                               .
--  //    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+  // Dhcp6SeekInnerOptionSafe() is searching starting from the start of the
-+  // IA option to the end of the DHCP6 option area, thus subtract the space
-+  // up until this option
-   //
-+  OptionLen = OptionLen - (*Option - Packet->Dhcp6.Option);
- 
-   //
--  // sizeof (option-code + option-len + IaId)           = 8
--  // sizeof (option-code + option-len + IaId + T1)      = 12
--  // sizeof (option-code + option-len + IaId + T1 + T2) = 16
-+  // Seek the inner option
-   //
--  // The inner options still start with 2 bytes option-code and 2 bytes option-len.
--  //
--  if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
--    IaInnerOpt = *Option + 16;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 12);
--  } else {
--    IaInnerOpt = *Option + 8;
--    IaInnerLen = (UINT16) (NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 2))) - 4);
-+  if (EFI_ERROR (
-+        Dhcp6SeekInnerOptionSafe (
-+          Instance->Config->IaDescriptor.Type,
-+          *Option,
-+          OptionLen,
-+          &IaInnerOpt,
-+          &IaInnerLen
-+          )
-+        ))
-+  {
-+    return EFI_DEVICE_ERROR;
-   }
- 
-   //
-@@ -798,7 +869,7 @@ Dhcp6SeekStsOption (
-   //
-   *Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
-   if (*Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (*Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (*Option)))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -1123,7 +1194,7 @@ Dhcp6SendRequestMsg (
-   //
-   Option = Dhcp6SeekOption (
-              Instance->AdSelect->Dhcp6.Option,
--             Instance->AdSelect->Length - 4,
-+             Instance->AdSelect->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1309,7 +1380,7 @@ Dhcp6SendDeclineMsg (
-   //
-   Option = Dhcp6SeekOption (
-              LastReply->Dhcp6.Option,
--             LastReply->Length - 4,
-+             LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1469,7 +1540,7 @@ Dhcp6SendReleaseMsg (
-   //
-   Option = Dhcp6SeekOption (
-              LastReply->Dhcp6.Option,
--             LastReply->Length - 4,
-+             LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
-   if (Option == NULL) {
-@@ -1695,7 +1766,7 @@ Dhcp6SendRenewRebindMsg (
- 
-     Option = Dhcp6SeekOption (
-                LastReply->Dhcp6.Option,
--               LastReply->Length - 4,
-+               LastReply->Length - sizeof (EFI_DHCP6_HEADER),
-                Dhcp6OptServerId
-                );
-     if (Option == NULL) {
-@@ -2235,7 +2306,7 @@ Dhcp6HandleReplyMsg (
-   //
-   Option = Dhcp6SeekOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptRapidCommit
-              );
- 
-@@ -2383,7 +2454,7 @@ Dhcp6HandleReplyMsg (
-     //
-     // Any error status code option is found.
-     //
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) (Option + 4)));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)((DHCP6_OFFSET_OF_STATUS_CODE (Option)))));
-     switch (StsCode) {
-     case Dhcp6StsUnspecFail:
-       //
-@@ -2514,7 +2585,7 @@ Dhcp6SelectAdvertiseMsg (
-   //
-   Option = Dhcp6SeekOption(
-              AdSelect->Dhcp6.Option,
--             AdSelect->Length - 4,
-+             AdSelect->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerUnicast
-              );
- 
-@@ -2526,7 +2597,7 @@ Dhcp6SelectAdvertiseMsg (
-       return EFI_OUT_OF_RESOURCES;
-     }
- 
--    CopyMem (Instance->Unicast, Option + 4, sizeof(EFI_IPv6_ADDRESS));
-+    CopyMem (Instance->Unicast, DHCP6_OFFSET_OF_OPT_DATA (Option), sizeof (EFI_IPv6_ADDRESS));
-   }
- 
-   //
-@@ -2580,7 +2651,7 @@ Dhcp6HandleAdvertiseMsg (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptRapidCommit
-              );
- 
-@@ -2676,7 +2747,7 @@ Dhcp6HandleAdvertiseMsg (
-       CopyMem (Instance->AdSelect, Packet, Packet->Size);
- 
-       if (Option != NULL) {
--        Instance->AdPref = *(Option + 4);
-+        Instance->AdPref = *(DHCP6_OFFSET_OF_OPT_DATA (Option));
-       }
-     } else {
-       //
-@@ -2747,11 +2818,11 @@ Dhcp6HandleStateful (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
-              Dhcp6OptClientId
-              );
- 
--  if (Option == NULL || CompareMem (Option + 4, ClientId->Duid, ClientId->Length) != 0) {
-+  if ((Option == NULL) || (CompareMem (DHCP6_OFFSET_OF_OPT_DATA (Option), ClientId->Duid, ClientId->Length) != 0)) {
-     goto ON_CONTINUE;
-   }
- 
-@@ -2760,7 +2831,7 @@ Dhcp6HandleStateful (
-   //
-   Option = Dhcp6SeekOption(
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - DHCP6_SIZE_OF_COMBINED_CODE_AND_LEN,
-              Dhcp6OptServerId
-              );
- 
-@@ -2865,7 +2936,7 @@ Dhcp6HandleStateless (
-   //
-   Option = Dhcp6SeekOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - 4,
-+             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-              Dhcp6OptServerId
-              );
- 
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch

@@ -1,257 +0,0 @@
-From 1b58858f28a364a8f8fa897a78db7ced068719dd Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 13/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229
- Related Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [13/15] 904fd82592208d0ca42bbb64f437691a5bdfd0b6
-
-JIRA: https://issues.redhat.com/browse/RHEL-21840
-CVE: CVE-2023-45229
-Upstream: Merged
-
-commit 1c440a5eceedc64e892877eeac0f1a4938f5abbb
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Tue Feb 13 10:46:00 2024 -0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4673
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
-
-    This was not part of the Quarkslab bugs however the same pattern
-    as CVE-2023-45229 exists in Dhcp6UpdateIaInfo.
-
-    This patch replaces the code in question with the safe function
-    created to patch CVE-2023-45229
-
-    >
-    >   if (EFI_ERROR (
-    >        Dhcp6SeekInnerOptionSafe (
-    >          Instance->Config->IaDescriptor.Type,
-    >          Option,
-    >          OptionLen,
-    >          &IaInnerOpt,
-    >          &IaInnerLen
-    >          )
-    >        ))
-    >  {
-    >    return EFI_DEVICE_ERROR;
-    >  }
-    >
-
-    Additionally corrects incorrect usage of macro to read the status
-
-    > - StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN
-     (Option)));
-    > + StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)
-    DHCP6_OFFSET_OF_STATUS_CODE (Option));
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 70 ++++++++++++++++++++++++++---------
- NetworkPkg/Dhcp6Dxe/Dhcp6Io.h | 22 +++++++++++
- 2 files changed, 75 insertions(+), 17 deletions(-)
-
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-index 3b8feb4a20..a9bffae353 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
-@@ -528,13 +528,23 @@ Dhcp6UpdateIaInfo (
- {
-   EFI_STATUS  Status;
-   UINT8       *Option;
-+  UINT32      OptionLen;
-   UINT8       *IaInnerOpt;
-   UINT16      IaInnerLen;
-   UINT16      StsCode;
-   UINT32      T1;
-   UINT32      T2;
- 
-+  T1 = 0;
-+  T2 = 0;
-+
-   ASSERT (Instance->Config != NULL);
-+
-+  // OptionLen is the length of the Options excluding the DHCP header.
-+  // Length of the EFI_DHCP6_PACKET from the first byte of the Header field to the last
-+  // byte of the Option[] field.
-+  OptionLen = Packet->Length - sizeof (Packet->Dhcp6.Header);
-+
-   //
-   // If the reply was received in response to a solicit with rapid commit option,
-   // request, renew or rebind message, the client updates the information it has
-@@ -549,13 +559,29 @@ Dhcp6UpdateIaInfo (
-   //
-   Option = Dhcp6SeekIaOption (
-              Packet->Dhcp6.Option,
--             Packet->Length - sizeof (EFI_DHCP6_HEADER),
-+             OptionLen,
-              &Instance->Config->IaDescriptor
-              );
-   if (Option == NULL) {
-     return EFI_DEVICE_ERROR;
-   }
- 
-+  //
-+  // Calculate the distance from Packet->Dhcp6.Option to the IA option.
-+  //
-+  // Packet->Size and Packet->Length are both UINT32 type, and Packet->Size is
-+  // the size of the whole packet, including the DHCP header, and Packet->Length
-+  // is the length of the DHCP message body, excluding the DHCP header.
-+  //
-+  // (*Option - Packet->Dhcp6.Option) is the number of bytes from the start of
-+  // DHCP6 option area to the start of the IA option.
-+  //
-+  // Dhcp6SeekInnerOptionSafe() is searching starting from the start of the
-+  // IA option to the end of the DHCP6 option area, thus subtract the space
-+  // up until this option
-+  //
-+  OptionLen = OptionLen - (UINT32)(Option - Packet->Dhcp6.Option);
-+
-   //
-   // The format of the IA_NA option is:
-   //
-@@ -591,32 +617,32 @@ Dhcp6UpdateIaInfo (
-   //
- 
-   //
--  // sizeof (option-code + option-len + IaId)           = 8
--  // sizeof (option-code + option-len + IaId + T1)      = 12
--  // sizeof (option-code + option-len + IaId + T1 + T2) = 16
--  //
--  // The inner options still start with 2 bytes option-code and 2 bytes option-len.
-+  // Seek the inner option
-   //
-+  if (EFI_ERROR (
-+        Dhcp6SeekInnerOptionSafe (
-+          Instance->Config->IaDescriptor.Type,
-+          Option,
-+          OptionLen,
-+          &IaInnerOpt,
-+          &IaInnerLen
-+          )
-+        ))
-+  {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-   if (Instance->Config->IaDescriptor.Type == Dhcp6OptIana) {
-     T1 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T1 (Option))));
-     T2 = NTOHL (ReadUnaligned32 ((UINT32 *)(DHCP6_OFFSET_OF_IA_NA_T2 (Option))));
-     //
-     // Refer to RFC3155 Chapter 22.4. If a client receives an IA_NA with T1 greater than T2,
-     // and both T1 and T2 are greater than 0, the client discards the IA_NA option and processes
--    // the remainder of the message as though the server had not  included the invalid IA_NA option.
-+    // the remainder of the message as though the server had not included the invalid IA_NA option.
-     //
-     if ((T1 > T2) && (T2 > 0)) {
-       return EFI_DEVICE_ERROR;
-     }
--
--    IaInnerOpt = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
--    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_COMBINED_IAID_T1_T2);
--  } else {
--    T1 = 0;
--    T2 = 0;
--
--    IaInnerOpt = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
--    IaInnerLen = (UINT16)(NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option)))) - DHCP6_SIZE_OF_IAID);
-   }
- 
-   //
-@@ -642,7 +668,7 @@ Dhcp6UpdateIaInfo (
-   Option  = Dhcp6SeekOption (IaInnerOpt, IaInnerLen, Dhcp6OptStatusCode);
- 
-   if (Option != NULL) {
--    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-+    StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_STATUS_CODE (Option))));
-     if (StsCode != Dhcp6StsSuccess) {
-       return EFI_DEVICE_ERROR;
-     }
-@@ -703,15 +729,21 @@ Dhcp6SeekInnerOptionSafe (
-   }
- 
-   if (IaType == Dhcp6OptIana) {
-+    //
-     // Verify we have a fully formed IA_NA
-+    //
-     if (OptionLen < DHCP6_MIN_SIZE_OF_IA_NA) {
-       return EFI_DEVICE_ERROR;
-     }
- 
-+    //
-+    // Get the IA Inner Option and Length
-     //
-     IaInnerOptTmp = DHCP6_OFFSET_OF_IA_NA_INNER_OPT (Option);
- 
-+    //
-     // Verify the IaInnerLen is valid.
-+    //
-     IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN (Option)));
-     if (IaInnerLenTmp < DHCP6_SIZE_OF_COMBINED_IAID_T1_T2) {
-       return EFI_DEVICE_ERROR;
-@@ -719,14 +751,18 @@ Dhcp6SeekInnerOptionSafe (
- 
-     IaInnerLenTmp -= DHCP6_SIZE_OF_COMBINED_IAID_T1_T2;
-   } else if (IaType == Dhcp6OptIata) {
-+    //
-     // Verify the OptionLen is valid.
-+    //
-     if (OptionLen < DHCP6_MIN_SIZE_OF_IA_TA) {
-       return EFI_DEVICE_ERROR;
-     }
- 
-     IaInnerOptTmp = DHCP6_OFFSET_OF_IA_TA_INNER_OPT (Option);
- 
-+    //
-     // Verify the IaInnerLen is valid.
-+    //
-     IaInnerLenTmp = (UINT16)NTOHS (ReadUnaligned16 ((UINT16 *)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
-     if (IaInnerLenTmp < DHCP6_SIZE_OF_IAID) {
-       return EFI_DEVICE_ERROR;
-diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-index 554f0f5e5d..8c0d282bca 100644
---- a/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
-@@ -218,4 +218,26 @@ Dhcp6OnTimerTick (
-   IN VOID                   *Context
-   );
- 
-+/**
-+  Seeks the Inner Options from a DHCP6 Option
-+
-+  @param[in]  IaType          The type of the IA option.
-+  @param[in]  Option          The pointer to the DHCP6 Option.
-+  @param[in]  OptionLen       The length of the DHCP6 Option.
-+  @param[out] IaInnerOpt      The pointer to the IA inner option.
-+  @param[out] IaInnerLen      The length of the IA inner option.
-+
-+  @retval EFI_SUCCESS         Seek the inner option successfully.
-+  @retval EFI_DEVICE_ERROR    The OptionLen is invalid. On Error,
-+                              the pointers are not modified
-+**/
-+EFI_STATUS
-+Dhcp6SeekInnerOptionSafe (
-+  IN  UINT16  IaType,
-+  IN  UINT8   *Option,
-+  IN  UINT32  OptionLen,
-+  OUT UINT8   **IaInnerOpt,
-+  OUT UINT16  *IaInnerLen
-+  );
-+
- #endif
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch

@@ -1,629 +0,0 @@
-From f5274b449181cb37efce0f08ed5d75a6bf6e54a8 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 8 Feb 2024 10:35:14 -0500
-Subject: [PATCH 16/17] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
-RH-Jira: RHEL-21840 RHEL-21842
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [3/4] 43b8569c0586c7dbf66b19c5db335d0ce05829de (jmaloy/jons_fork)
-
-JIRA: https://issues.redhat.com/browse/RHEL-21842
-CVE: CVE-2023-45230
-Upstream: Merged
-
-commit 5f3658197bf29c83b3349b0ab1d99cdb0c3814bc
-Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
-Date:   Fri Jan 26 05:54:45 2024 +0800
-
-    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535
-
-    Confirms that reported issue...
-
-    "Buffer overflow in the DHCPv6 client via a long Server ID option"
-
-    ..has been corrected by the provided patch.
-
-    Tests the following functions to ensure they appropriately handle
-    untrusted data (either too long or too small) to prevent a buffer
-    overflow:
-
-    Dhcp6AppendOption
-    Dhcp6AppendETOption
-    Dhcp6AppendIaOption
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
- .../GoogleTest/Dhcp6DxeGoogleTest.inf         |  43 ++
- .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 478 ++++++++++++++++++
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- 4 files changed, 542 insertions(+)
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
- create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..9aeced2f91
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
-@@ -0,0 +1,20 @@
-+/** @file
-+  Acts as the main entry point for the tests for the Dhcp6Dxe module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-new file mode 100644
-index 0000000000..8e9119a371
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-@@ -0,0 +1,43 @@
-+## @file
-+# Unit test suite for the Dhcp6Dxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+  INF_VERSION         = 0x00010017
-+  BASE_NAME           = Dhcp6DxeGoogleTest
-+  FILE_GUID           = 1D2A4C65-38C8-4C2F-BB60-B5FA49625AA9
-+  VERSION_STRING      = 1.0
-+  MODULE_TYPE         = HOST_APPLICATION
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
-+#
-+[Sources]
-+  Dhcp6DxeGoogleTest.cpp
-+  Dhcp6IoGoogleTest.cpp
-+  ../Dhcp6Io.c
-+  ../Dhcp6Utility.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
-diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-new file mode 100644
-index 0000000000..7ee40e4af4
---- /dev/null
-+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
-@@ -0,0 +1,478 @@
-+/** @file
-+  Tests for Dhcp6Io.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include <Library/BaseMemoryLib.h>
-+  #include "../Dhcp6Impl.h"
-+  #include "../Dhcp6Utility.h"
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Defines
-+////////////////////////////////////////////////////////////////////////
-+
-+#define DHCP6_PACKET_MAX_LEN  1500
-+
-+////////////////////////////////////////////////////////////////////////
-+////////////////////////////////////////////////////////////////////////
-+// Symbol Definitions
-+// These functions are not directly under test - but required to compile
-+////////////////////////////////////////////////////////////////////////
-+
-+// This definition is used by this test but is also required to compile
-+// by Dhcp6Io.c
-+EFI_IPv6_ADDRESS  mAllDhcpRelayAndServersAddress = {
-+  { 0xFF, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2 }
-+};
-+
-+EFI_STATUS
-+EFIAPI
-+UdpIoSendDatagram (
-+  IN  UDP_IO           *UdpIo,
-+  IN  NET_BUF          *Packet,
-+  IN  UDP_END_POINT    *EndPoint OPTIONAL,
-+  IN  EFI_IP_ADDRESS   *Gateway  OPTIONAL,
-+  IN  UDP_IO_CALLBACK  CallBack,
-+  IN  VOID             *Context
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+EFIAPI
-+UdpIoRecvDatagram (
-+  IN  UDP_IO           *UdpIo,
-+  IN  UDP_IO_CALLBACK  CallBack,
-+  IN  VOID             *Context,
-+  IN  UINT32           HeadLen
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendOptionTest Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet       = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size = DHCP6_PACKET_MAX_LEN;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is too small by a duid that is too large
-+TEST_F (Dhcp6AppendOptionTest, InvalidDataExpectBufferTooSmall) {
-+  UINT8           *Cursor;
-+  EFI_DHCP6_DUID  *UntrustedDuid;
-+  EFI_STATUS      Status;
-+
-+  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
-+  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
-+
-+  UntrustedDuid->Length = NTOHS (0xFFFF);
-+
-+  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendOption (
-+             Dhcp6AppendOptionTest::Packet,
-+             &Cursor,
-+             HTONS (Dhcp6OptServerId),
-+             UntrustedDuid->Length,
-+             UntrustedDuid->Duid
-+             );
-+
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is large enough
-+TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
-+  UINT8           *Cursor;
-+  EFI_DHCP6_DUID  *UntrustedDuid;
-+  EFI_STATUS      Status;
-+  UINTN           OriginalLength;
-+
-+  UINT8  Duid[6] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
-+  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
-+
-+  UntrustedDuid->Length = NTOHS (sizeof (Duid));
-+  CopyMem (UntrustedDuid->Duid, Duid, sizeof (Duid));
-+
-+  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendOption (
-+             Dhcp6AppendOptionTest::Packet,
-+             &Cursor,
-+             HTONS (Dhcp6OptServerId),
-+             UntrustedDuid->Length,
-+             UntrustedDuid->Duid
-+             );
-+
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendOptionTest::Packet->Dhcp6.Option + sizeof (Duid) + 4);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendOptionTest::Packet->Length, OriginalLength + sizeof (Duid) + 4);
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendETOption Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendETOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet         = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size   = DHCP6_PACKET_MAX_LEN;
-+    Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is too small by a duid that is too large
-+TEST_F (Dhcp6AppendETOptionTest, InvalidDataExpectBufferTooSmall) {
-+  UINT8           *Cursor;
-+  EFI_STATUS      Status;
-+  DHCP6_INSTANCE  Instance;
-+  UINT16          ElapsedTimeVal;
-+  UINT16          *ElapsedTime;
-+
-+  Cursor      = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
-+  ElapsedTime = &ElapsedTimeVal;
-+
-+  Packet->Length = Packet->Size - 2;
-+
-+  Status = Dhcp6AppendETOption (
-+             Dhcp6AppendETOptionTest::Packet,
-+             &Cursor,
-+             &Instance, // Instance is not used in this function
-+             &ElapsedTime
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that is large enough
-+TEST_F (Dhcp6AppendETOptionTest, ValidDataExpectSuccess) {
-+  UINT8           *Cursor;
-+  EFI_STATUS      Status;
-+  DHCP6_INSTANCE  Instance;
-+  UINT16          ElapsedTimeVal;
-+  UINT16          *ElapsedTime;
-+  UINTN           ExpectedSize;
-+  UINTN           OriginalLength;
-+
-+  Cursor         = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
-+  ElapsedTime    = &ElapsedTimeVal;
-+  ExpectedSize   = 6;
-+  OriginalLength = Packet->Length;
-+
-+  Status = Dhcp6AppendETOption (
-+             Dhcp6AppendETOptionTest::Packet,
-+             &Cursor,
-+             &Instance, // Instance is not used in this function
-+             &ElapsedTime
-+             );
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendETOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendETOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Dhcp6AppendIaOption Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+class Dhcp6AppendIaOptionTest : public ::testing::Test {
-+public:
-+  UINT8 *Buffer = NULL;
-+  EFI_DHCP6_PACKET *Packet;
-+  EFI_DHCP6_IA *Ia;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
-+    ASSERT_NE (Buffer, (UINT8 *)NULL);
-+
-+    Packet       = (EFI_DHCP6_PACKET *)Buffer;
-+    Packet->Size = DHCP6_PACKET_MAX_LEN;
-+
-+    Ia = (EFI_DHCP6_IA *)AllocateZeroPool (sizeof (EFI_DHCP6_IA) + sizeof (EFI_DHCP6_IA_ADDRESS) * 2);
-+    ASSERT_NE (Ia, (EFI_DHCP6_IA *)NULL);
-+
-+    CopyMem (Ia->IaAddress, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
-+    CopyMem (Ia->IaAddress + 1, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
-+
-+    Ia->IaAddressCount = 2;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+    if (Buffer != NULL) {
-+      FreePool (Buffer);
-+    }
-+
-+    if (Ia != NULL) {
-+      FreePool (Ia);
-+    }
-+  }
-+};
-+
-+// Test Description:
-+// Attempt to append an option to a packet that doesn't have enough space
-+// for the option header
-+TEST_F (Dhcp6AppendIaOptionTest, IaNaInvalidDataExpectBufferTooSmall) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+
-+  Packet->Length = Packet->Size - 2;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIana;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0x12345678,
-+             0x11111111,
-+             Dhcp6OptIana
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+// Test Description:
-+// Attempt to append an option to a packet that doesn't have enough space
-+// for the option header
-+TEST_F (Dhcp6AppendIaOptionTest, IaTaInvalidDataExpectBufferTooSmall) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+
-+  // Use up nearly all the space in the packet
-+  Packet->Length = Packet->Size - 2;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIata;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0,
-+             0,
-+             Dhcp6OptIata
-+             );
-+
-+  // verify that we error out because the packet is too small for the option header
-+  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
-+
-+  // reset the length
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+}
-+
-+TEST_F (Dhcp6AppendIaOptionTest, IaNaValidDataExpectSuccess) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+  UINTN       ExpectedSize;
-+  UINTN       OriginalLength;
-+
-+  //
-+  // 2 bytes for the option header type
-+  //
-+  ExpectedSize = 2;
-+  //
-+  // 2 bytes for the option header length
-+  //
-+  ExpectedSize += 2;
-+  //
-+  // 4 bytes for the IAID
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + 4 bytes for the T1
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + 4 bytes for the T2
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+  //   + 2 bytes for the option header type
-+  //   + 2 bytes for the option header length
-+  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
-+  //
-+  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIana;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0x12345678,
-+             0x12345678,
-+             Dhcp6OptIana
-+             );
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+}
-+
-+TEST_F (Dhcp6AppendIaOptionTest, IaTaValidDataExpectSuccess) {
-+  UINT8       *Cursor;
-+  EFI_STATUS  Status;
-+  UINTN       ExpectedSize;
-+  UINTN       OriginalLength;
-+
-+  //
-+  // 2 bytes for the option header type
-+  //
-+  ExpectedSize = 2;
-+  //
-+  // 2 bytes for the option header length
-+  //
-+  ExpectedSize += 2;
-+  //
-+  // 4 bytes for the IAID
-+  //
-+  ExpectedSize += 4;
-+  //
-+  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+  //   + 2 bytes for the option header type
-+  //   + 2 bytes for the option header length
-+  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
-+  //
-+  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
-+
-+  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
-+
-+  Packet->Length = sizeof (EFI_DHCP6_HEADER);
-+  OriginalLength = Packet->Length;
-+
-+  Ia->Descriptor.Type = Dhcp6OptIata;
-+  Ia->Descriptor.IaId = 0x12345678;
-+
-+  Status = Dhcp6AppendIaOption (
-+             Dhcp6AppendIaOptionTest::Packet,
-+             &Cursor,
-+             Ia,
-+             0,
-+             0,
-+             Dhcp6OptIata
-+             );
-+
-+  // verify that the pointer to cursor moved by the expected amount
-+  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
-+
-+  // verify that the length of the packet is now the expected amount
-+  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
-+
-+  // verify that the status is EFI_SUCCESS
-+  ASSERT_EQ (Status, EFI_SUCCESS);
-+}
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index 1aeca5c5b3..20bc90b172 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -24,6 +24,7 @@
-   #
-   # Build HOST_APPLICATION that tests NetworkPkg
-   #
-+  NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
--- 
-2.41.0
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch

@@ -1,78 +0,0 @@
-From e3f153773bd2ca13ee4869187f1711840fc8afc9 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 15 Feb 2024 11:51:09 -0500
-Subject: [PATCH 02/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [2/15] 61eaf6aac61b774c3a8ace54af8abd607651d2db
-
-JIRA: https://issues.redhat.com/browse/RHEL-21844
-CVE: CVE-2022-45231
-Upstream: Merged
-
-commit bbfee34f4188ac00371abe1389ae9c9fb989a0cd
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:48 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-
-    Bug Overview:
-    PixieFail Bug #3
-    CVE-2023-45231
-    CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    CWE-125 Out-of-bounds Read
-
-    Out-of-bounds read when handling a ND Redirect message with truncated
-    options
-
-    Change Overview:
-
-    Adds a check to prevent truncated options from being parsed
-    +  //
-    +  // Cannot process truncated options.
-    +  // Cannot process options with a length of 0 as there is no Type
-    field.
-    +  //
-    +  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
-    +    return FALSE;
-    +  }
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
-index 199eea124d..8718d5d875 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.c
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
-@@ -137,6 +137,14 @@ Ip6IsNDOptionValid (
-     return FALSE;
-   }
- 
-+  //
-+  // Cannot process truncated options.
-+  // Cannot process options with a length of 0 as there is no Type field.
-+  //
-+  if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
-+    return FALSE;
-+  }
-+
-   Offset = 0;
- 
-   //
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch

@@ -1,277 +0,0 @@
-From e8200dda7752d21794b2268efe9e957958ffef29 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 14 Feb 2024 12:24:44 -0500
-Subject: [PATCH 03/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit
- Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [3/15] ca554677a3397423073d3bb4774f856b2329ae9c
-
-JIRA: https://issues.redhat.com/browse/RHEL-21844
-CVE: CVE-2022-45231
-Upstream: Merged
-
-commit 6f77463d72807ec7f4ed6518c3dac29a1040df9f
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:49 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
-
-    Validates that the patch for...
-
-    Out-of-bounds read when handling a ND Redirect message with truncated
-    options
-
-    .. has been fixed
-
-    Tests the following function to ensure that an out of bounds read does
-    not occur
-    Ip6OptionValidation
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp    |  20 +++
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  42 ++++++
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 129 ++++++++++++++++++
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- 4 files changed, 192 insertions(+)
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..6ebfd5fdfb
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
-@@ -0,0 +1,20 @@
-+/** @file
-+  Acts as the main entry point for the tests for the Ip6Dxe module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-new file mode 100644
-index 0000000000..6e4de0745f
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-@@ -0,0 +1,42 @@
-+## @file
-+# Unit test suite for the Ip6Dxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+  INF_VERSION         = 0x00010017
-+  BASE_NAME           = Ip6DxeUnitTest
-+  FILE_GUID           = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
-+  VERSION_STRING      = 1.0
-+  MODULE_TYPE         = HOST_APPLICATION
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
-+#
-+[Sources]
-+  Ip6DxeGoogleTest.cpp
-+  Ip6OptionGoogleTest.cpp
-+  ../Ip6Option.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-new file mode 100644
-index 0000000000..f2cd90e1a9
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-@@ -0,0 +1,129 @@
-+/** @file
-+  Tests for Ip6Option.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include "../Ip6Impl.h"
-+  #include "../Ip6Option.h"
-+}
-+
-+/////////////////////////////////////////////////////////////////////////
-+// Defines
-+///////////////////////////////////////////////////////////////////////
-+
-+#define IP6_PREFIX_INFO_OPTION_DATA_LEN    32
-+#define OPTION_HEADER_IP6_PREFIX_DATA_LEN  (sizeof (IP6_OPTION_HEADER) + IP6_PREFIX_INFO_OPTION_DATA_LEN)
-+
-+////////////////////////////////////////////////////////////////////////
-+// Symbol Definitions
-+// These functions are not directly under test - but required to compile
-+////////////////////////////////////////////////////////////////////////
-+UINT32  mIp6Id;
-+
-+EFI_STATUS
-+Ip6SendIcmpError (
-+  IN IP6_SERVICE       *IpSb,
-+  IN NET_BUF           *Packet,
-+  IN EFI_IPv6_ADDRESS  *SourceAddress       OPTIONAL,
-+  IN EFI_IPv6_ADDRESS  *DestinationAddress,
-+  IN UINT8             Type,
-+  IN UINT8             Code,
-+  IN UINT32            *Pointer             OPTIONAL
-+  )
-+{
-+  // ..
-+  return EFI_SUCCESS;
-+}
-+
-+////////////////////////////////////////////////////////////////////////
-+// Ip6OptionValidation Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+// Define a fixture for your tests if needed
-+class Ip6OptionValidationTest : public ::testing::Test {
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description:
-+// Null option should return false
-+TEST_F (Ip6OptionValidationTest, NullOptionShouldReturnFalse) {
-+  UINT8   *option   = nullptr;
-+  UINT16  optionLen = 10; // Provide a suitable length
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Truncated option should return false
-+TEST_F (Ip6OptionValidationTest, TruncatedOptionShouldReturnFalse) {
-+  UINT8   option[]  = { 0x01 }; // Provide a truncated option
-+  UINT16  optionLen = 1;
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with zero length should return false
-+TEST_F (Ip6OptionValidationTest, OptionWithZeroLengthShouldReturnFalse) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 0;
-+  UINT8  option[sizeof (IP6_OPTION_HEADER)];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+  UINT16  optionLen = sizeof (IP6_OPTION_HEADER);
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with valid length should return true
-+TEST_F (Ip6OptionValidationTest, ValidPrefixInfoOptionShouldReturnTrue) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 4; // Length 4 * 8 = 32
-+  UINT8  option[OPTION_HEADER_IP6_PREFIX_DATA_LEN];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+
-+  EXPECT_TRUE (Ip6IsNDOptionValid (option, IP6_PREFIX_INFO_OPTION_DATA_LEN));
-+}
-+
-+// Test Description:
-+// Ip6OptionPrefixInfo Option with invalid length should return false
-+TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) {
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPrefixInfo;
-+  optionHeader.Length = 3; // Length 3 * 8 = 24 (Invalid)
-+  UINT8  option[sizeof (IP6_OPTION_HEADER)];
-+
-+  CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
-+  UINT16  optionLen = sizeof (IP6_OPTION_HEADER);
-+
-+  EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
-+}
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index 20bc90b172..ab7c2857b6 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -25,6 +25,7 @@
-   # Build HOST_APPLICATION that tests NetworkPkg
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-+  NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch

@@ -1,377 +0,0 @@
-From 23b31a16bbb789f4c251b1d2f23334210a9fb545 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 15 Feb 2024 11:51:09 -0500
-Subject: [PATCH 04/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [4/15] 48c273e43a6275c7eae3223c4ffa433f4d6531a4
-
-JIRA: https://issues.redhat.com/browse/RHEL-21846
-CVE: CVE-2022-45232
-Upstream: Merged
-
-JIRA: https://issues.redhat.com/browse/RHEL-21848
-CVE: CVE-2022-45233
-Upstream: Merged
-
-commit 4df0229ef992d4f2721a8508787ebf9dc81fbd6e
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:50 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-
-    Bug Details:
-    PixieFail Bug #4
-    CVE-2023-45232
-    CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
-
-    Infinite loop when parsing unknown options in the Destination Options
-    header
-
-    PixieFail Bug #5
-    CVE-2023-45233
-    CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
-
-    Infinite loop when parsing a PadN option in the Destination Options
-    header
-
-    Change Overview:
-
-    Most importantly this change corrects the following incorrect math
-    and cleans up the code.
-
-    >   // It is a PadN option
-    >   //
-    > - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2);
-    > + OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
-    > + Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-
-    > case Ip6OptionSkip:
-    > - Offset = (UINT8)(Offset + *(Option + Offset + 1));
-    >   OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length;
-    >   Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-
-    Additionally, this change also corrects incorrect math where the calling
-    function was calculating the HDR EXT optionLen as a uint8 instead of a
-    uint16
-
-    > - OptionLen = (UINT8)((*Option + 1) * 8 - 2);
-    > + OptionLen = IP6_HDR_EXT_LEN (*Option) -
-    IP6_COMBINED_SIZE_OF_NEXT_HDR_AND_LEN;
-
-    Additionally this check adds additional logic to santize the incoming
-    data
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Ip6Dxe/Ip6Nd.h     | 35 ++++++++++++++++
- NetworkPkg/Ip6Dxe/Ip6Option.c | 76 ++++++++++++++++++++++++++++++-----
- NetworkPkg/Ip6Dxe/Ip6Option.h | 71 ++++++++++++++++++++++++++++++++
- 3 files changed, 171 insertions(+), 11 deletions(-)
-
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h
-index 860934a167..bf64e9114e 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Nd.h
-+++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h
-@@ -56,13 +56,48 @@ VOID
-   VOID  *Context
-   );
- 
-+//
-+// Per RFC8200 Section 4.2
-+//
-+//   Two of the currently-defined extension headers -- the Hop-by-Hop
-+//   Options header and the Destination Options header -- carry a variable
-+//   number of type-length-value (TLV) encoded "options", of the following
-+//   format:
-+//
-+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
-+//      |  Option Type  |  Opt Data Len |  Option Data
-+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - -
-+//
-+//      Option Type          8-bit identifier of the type of option.
-+//
-+//      Opt Data Len         8-bit unsigned integer.  Length of the Option
-+//                           Data field of this option, in octets.
-+//
-+//      Option Data          Variable-length field.  Option-Type-specific
-+//                           data.
-+//
- typedef struct _IP6_OPTION_HEADER {
-+  ///
-+  /// identifier of the type of option.
-+  ///
-   UINT8    Type;
-+  ///
-+  /// Length of the Option Data field of this option, in octets.
-+  ///
-   UINT8    Length;
-+  ///
-+  /// Option-Type-specific data.
-+  ///
- } IP6_OPTION_HEADER;
- 
- STATIC_ASSERT (sizeof (IP6_OPTION_HEADER) == 2, "IP6_OPTION_HEADER is expected to be exactly 2 bytes long.");
- 
-+#define IP6_NEXT_OPTION_OFFSET(offset, length)  (offset + sizeof(IP6_OPTION_HEADER) + length)
-+STATIC_ASSERT (
-+  IP6_NEXT_OPTION_OFFSET (0, 0) == 2,
-+  "The next option is minimally the combined size of the option tag and length"
-+  );
-+
- typedef struct _IP6_ETHE_ADDR_OPTION {
-   UINT8    Type;
-   UINT8    Length;
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
-index 8718d5d875..fd97ce116f 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.c
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
-@@ -17,7 +17,8 @@
-   @param[in]  IpSb              The IP6 service data.
-   @param[in]  Packet            The to be validated packet.
-   @param[in]  Option            The first byte of the option.
--  @param[in]  OptionLen         The length of the whole option.
-+  @param[in]  OptionLen         The length of all options, expressed in byte length of octets.
-+                                Maximum length is 2046 bytes or ((n + 1) * 8) - 2 where n is 255.
-   @param[in]  Pointer           Identifies the octet offset within
-                                 the invoking packet where the error was detected.
- 
-@@ -31,12 +32,33 @@ Ip6IsOptionValid (
-   IN IP6_SERVICE  *IpSb,
-   IN NET_BUF      *Packet,
-   IN UINT8        *Option,
--  IN UINT8        OptionLen,
-+  IN UINT16       OptionLen,
-   IN UINT32       Pointer
-   )
- {
--  UINT8  Offset;
--  UINT8  OptionType;
-+  UINT16  Offset;
-+  UINT8   OptionType;
-+  UINT8   OptDataLen;
-+
-+  if (Option == NULL) {
-+    ASSERT (Option != NULL);
-+    return FALSE;
-+  }
-+
-+  if ((OptionLen <= 0) || (OptionLen > IP6_MAX_EXT_DATA_LENGTH)) {
-+    ASSERT (OptionLen > 0 && OptionLen <= IP6_MAX_EXT_DATA_LENGTH);
-+    return FALSE;
-+  }
-+
-+  if (Packet == NULL) {
-+    ASSERT (Packet != NULL);
-+    return FALSE;
-+  }
-+
-+  if (IpSb == NULL) {
-+    ASSERT (IpSb != NULL);
-+    return FALSE;
-+  }
- 
-   Offset = 0;
- 
-@@ -54,7 +76,8 @@ Ip6IsOptionValid (
-         //
-         // It is a PadN option
-         //
--        Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2);
-+        OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length;
-+        Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-         break;
-       case Ip6OptionRouterAlert:
-         //
-@@ -69,7 +92,8 @@ Ip6IsOptionValid (
-         //
-         switch (OptionType & Ip6OptionMask) {
-           case Ip6OptionSkip:
--            Offset = (UINT8)(Offset + *(Option + Offset + 1));
-+            OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length;
-+            Offset     = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen);
-             break;
-           case Ip6OptionDiscard:
-             return FALSE;
-@@ -308,7 +332,7 @@ Ip6IsExtsValid (
-   UINT32               Pointer;
-   UINT32               Offset;
-   UINT8                *Option;
--  UINT8                OptionLen;
-+  UINT16               OptionLen;
-   BOOLEAN              Flag;
-   UINT8                CountD;
-   UINT8                CountA;
-@@ -385,6 +409,36 @@ Ip6IsExtsValid (
-       // Fall through
-       //
-       case IP6_DESTINATION:
-+        //
-+        // See https://www.rfc-editor.org/rfc/rfc2460#section-4.2 page 23
-+        //
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+        // |  Next Header  |  Hdr Ext Len  |                               |
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
-+        // |                                                               |
-+        // .                                                               .
-+        // .                            Options                            .
-+        // .                                                               .
-+        // |                                                               |
-+        // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+        //
-+        //
-+        //   Next Header    8-bit selector.  Identifies the type of header
-+        //                  immediately following the Destination Options
-+        //                  header.  Uses the same values as the IPv4
-+        //                  Protocol field [RFC-1700 et seq.].
-+        //
-+        //   Hdr Ext Len    8-bit unsigned integer.  Length of the
-+        //                  Destination Options header in 8-octet units, not
-+        //                  including the first 8 octets.
-+        //
-+        //   Options        Variable-length field, of length such that the
-+        //                  complete Destination Options header is an
-+        //                  integer multiple of 8 octets long.  Contains one
-+        //                  or  more TLV-encoded options, as described in
-+        //                  section 4.2.
-+        //
-+
-         if (*NextHeader == IP6_DESTINATION) {
-           CountD++;
-         }
-@@ -398,7 +452,7 @@ Ip6IsExtsValid (
- 
-         Offset++;
-         Option    = ExtHdrs + Offset;
--        OptionLen = (UINT8)((*Option + 1) * 8 - 2);
-+        OptionLen = IP6_HDR_EXT_LEN (*Option) - sizeof (IP6_EXT_HDR);
-         Option++;
-         Offset++;
- 
-@@ -430,7 +484,7 @@ Ip6IsExtsValid (
-           //
-           // Ignore the routing header and proceed to process the next header.
-           //
--          Offset = Offset + (RoutingHead->HeaderLen + 1) * 8;
-+          Offset = Offset + IP6_HDR_EXT_LEN (RoutingHead->HeaderLen);
- 
-           if (UnFragmentLen != NULL) {
-             *UnFragmentLen = Offset;
-@@ -441,7 +495,7 @@ Ip6IsExtsValid (
-           // to the packet's source address, pointing to the unrecognized routing
-           // type.
-           //
--          Pointer = Offset + 2 + sizeof (EFI_IP6_HEADER);
-+          Pointer = Offset + sizeof (IP6_EXT_HDR) + sizeof (EFI_IP6_HEADER);
-           if ((IpSb != NULL) && (Packet != NULL) &&
-               !IP6_IS_MULTICAST (&Packet->Ip.Ip6->DestinationAddress))
-           {
-@@ -527,7 +581,7 @@ Ip6IsExtsValid (
-         //
-         // RFC2402, Payload length is specified in 32-bit words, minus "2".
-         //
--        OptionLen = (UINT8)((*Option + 2) * 4);
-+        OptionLen = ((UINT16)(*Option + 2) * 4);
-         Offset    = Offset + OptionLen;
-         break;
- 
-diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.h b/NetworkPkg/Ip6Dxe/Ip6Option.h
-index bd8e223c8a..fb07c28f5a 100644
---- a/NetworkPkg/Ip6Dxe/Ip6Option.h
-+++ b/NetworkPkg/Ip6Dxe/Ip6Option.h
-@@ -12,6 +12,77 @@
- 
- #define IP6_FRAGMENT_OFFSET_MASK  (~0x3)
- 
-+//
-+// For more information see RFC 8200, Section 4.3, 4.4, and 4.6
-+//
-+//  This example format is from section 4.6
-+//  This does not apply to fragment headers
-+//
-+//     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//    |  Next Header  |  Hdr Ext Len  |                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               +
-+//    |                                                               |
-+//    .                                                               .
-+//    .                  Header-Specific Data                         .
-+//    .                                                               .
-+//    |                                                               |
-+//    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-+//
-+//      Next Header           8-bit selector.  Identifies the type of
-+//                            header immediately following the extension
-+//                            header.  Uses the same values as the IPv4
-+//                            Protocol field [IANA-PN].
-+//
-+//      Hdr Ext Len           8-bit unsigned integer.  Length of the
-+//                            Destination Options header in 8-octet units,
-+//                            not including the first 8 octets.
-+
-+//
-+// These defines apply to the following:
-+//   1. Hop by Hop
-+//   2. Routing
-+//   3. Destination
-+//
-+typedef struct _IP6_EXT_HDR {
-+  ///
-+  /// The Next Header field identifies the type of header immediately
-+  ///
-+  UINT8    NextHeader;
-+  ///
-+  /// The Hdr Ext Len field specifies the length of the Hop-by-Hop Options
-+  ///
-+  UINT8    HdrExtLen;
-+  ///
-+  /// Header-Specific Data
-+  ///
-+} IP6_EXT_HDR;
-+
-+STATIC_ASSERT (
-+  sizeof (IP6_EXT_HDR) == 2,
-+  "The combined size of Next Header and Len is two 8 bit fields"
-+  );
-+
-+//
-+// IPv6 extension headers contain an 8-bit length field which describes the size of
-+// the header. However, the length field only includes the size of the extension
-+// header options, not the size of the first 8 bytes of the header. Therefore, in
-+// order to calculate the full size of the extension header, we add 1 (to account
-+// for the first 8 bytes omitted by the length field reporting) and then multiply
-+// by 8 (since the size is represented in 8-byte units).
-+//
-+// a is the length field of the extension header (UINT8)
-+// The result may be up to 2046 octets (UINT16)
-+//
-+#define IP6_HDR_EXT_LEN(a)  (((UINT16)((UINT8)(a)) + 1) * 8)
-+
-+// This is the maxmimum length permissible by a extension header
-+// Length is UINT8 of 8 octets not including the first 8 octets
-+#define IP6_MAX_EXT_DATA_LENGTH  (IP6_HDR_EXT_LEN (MAX_UINT8) - sizeof(IP6_EXT_HDR))
-+STATIC_ASSERT (
-+  IP6_MAX_EXT_DATA_LENGTH == 2046,
-+  "Maximum data length is ((MAX_UINT8 + 1) * 8) - 2"
-+  );
-+
- typedef struct _IP6_FRAGMENT_HEADER {
-   UINT8     NextHeader;
-   UINT8     Reserved;
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch

@@ -1,430 +0,0 @@
-From 2bd8bc051f6394f2ab3c22649c54ecbed5d636cd Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Wed, 14 Feb 2024 20:25:29 -0500
-Subject: [PATCH 05/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit
- Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [5/15] 624365d403df25927ab0514b0e25faea7376def8
-
-JIRA: https://issues.redhat.com/browse/RHEL-21846
-CVE: CVE-2022-45232
-Upstream: Merged
-
-commit c9c87f08dd6ace36fa843424522c3558a8374cac
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:51 2024 +0800
-
-    NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538
-
-    Unit tests to confirm that..
-    Infinite loop when parsing unknown options in the Destination Options
-    header
-
-    and
-
-    Infinite loop when parsing a PadN option in the Destination Options
-    header
-
-    ... have been patched
-
-    This patch tests the following functions:
-    Ip6IsOptionValid
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  10 +-
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 278 ++++++++++++++++++
- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +++
- 3 files changed, 324 insertions(+), 4 deletions(-)
- create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-index 6e4de0745f..ba29dbabad 100644
---- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-@@ -1,13 +1,13 @@
- ## @file
--# Unit test suite for the Ip6Dxe using Google Test
-+# Unit test suite for the Ip6DxeGoogleTest using Google Test
- #
- # Copyright (c) Microsoft Corporation.<BR>
- # SPDX-License-Identifier: BSD-2-Clause-Patent
- ##
- [Defines]
-   INF_VERSION         = 0x00010017
--  BASE_NAME           = Ip6DxeUnitTest
--  FILE_GUID           = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
-+  BASE_NAME           = Ip6DxeGoogleTest
-+  FILE_GUID           = AE39981C-B7FE-41A8-A9C2-F41910477CA3
-   VERSION_STRING      = 1.0
-   MODULE_TYPE         = HOST_APPLICATION
- #
-@@ -16,9 +16,11 @@
- #  VALID_ARCHITECTURES           = IA32 X64 AARCH64
- #
- [Sources]
-+  ../Ip6Option.c
-+  Ip6OptionGoogleTest.h
-   Ip6DxeGoogleTest.cpp
-   Ip6OptionGoogleTest.cpp
--  ../Ip6Option.c
-+  Ip6OptionGoogleTest.h
- 
- [Packages]
-   MdePkg/MdePkg.dec
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-index f2cd90e1a9..29f8a4a96e 100644
---- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
-@@ -12,6 +12,7 @@ extern "C" {
-   #include <Library/DebugLib.h>
-   #include "../Ip6Impl.h"
-   #include "../Ip6Option.h"
-+  #include "Ip6OptionGoogleTest.h"
- }
- 
- /////////////////////////////////////////////////////////////////////////
-@@ -127,3 +128,280 @@ TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse)
- 
-   EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
- }
-+
-+////////////////////////////////////////////////////////////////////////
-+// Ip6IsOptionValid Tests
-+////////////////////////////////////////////////////////////////////////
-+
-+// Define a fixture for your tests if needed
-+class Ip6IsOptionValidTest : public ::testing::Test {
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    // Initialize any resources or variables
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description
-+// Verify that a NULL option is Invalid
-+TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  IP6_SERVICE  *IpSb = NULL;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  EXPECT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 0 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength0) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 0;    // This will cause an infinite loop if the function is not working correctly
-+
-+  // This should be a valid option even though the length is 0
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 1 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength1) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 1;    // This will cause an infinite loop if the function is not working correctly
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that an unknown option with a length of 2 and type of <unknown> does not cause an infinite loop
-+TEST_F (Ip6IsOptionValidTest, VerifyIpSkipUnknownOption) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 2;    // Valid length for an unknown option
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that Ip6OptionPad1 is valid with a length of 0
-+TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPad1) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPad1;
-+  optionHeader.Length = 0;
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that Ip6OptionPadN doesn't overflow with various lengths
-+TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPadN) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = Ip6OptionPadN;
-+  optionHeader.Length = 0xFF;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFE;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFD;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFC;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify an unknown option doesn't cause an infinite loop with various lengths
-+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLengthAttemptOverflow) {
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  IP6_OPTION_HEADER  optionHeader;
-+
-+  optionHeader.Type   = 23;   // Unknown Option
-+  optionHeader.Length = 0xFF;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFE;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFD;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+
-+  optionHeader.Length = 0xFC;
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));
-+}
-+
-+// Test Description
-+// Verify that the function supports multiple options
-+TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) {
-+  UINT16   HdrLen;
-+  NET_BUF  Packet = { 0 };
-+  // we need to define enough of the packet to make the function work
-+  // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above
-+  UINT32  DeadCode = 0xDeadC0de;
-+  // Don't actually use this pointer, just pass it to the function, nothing will be done with it
-+  IP6_SERVICE  *IpSb = (IP6_SERVICE *)&DeadCode;
-+
-+  EFI_IPv6_ADDRESS  SourceAddress      = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IPv6_ADDRESS  DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };
-+  EFI_IP6_HEADER    Ip6Header          = { 0 };
-+
-+  Ip6Header.SourceAddress      = SourceAddress;
-+  Ip6Header.DestinationAddress = DestinationAddress;
-+  Packet.Ip.Ip6                = &Ip6Header;
-+
-+  UINT8              ExtHdr[1024] = { 0 };
-+  UINT8              *Cursor      = ExtHdr;
-+  IP6_OPTION_HEADER  *Option      = (IP6_OPTION_HEADER *)ExtHdr;
-+
-+  // Let's start chaining options
-+
-+  Option->Type   = 23;   // Unknown Option
-+  Option->Length = 0xFC;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC;
-+
-+  Option       = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type = Ip6OptionPad1;
-+
-+  Cursor += sizeof (1);
-+
-+  // Type and length aren't processed, instead it just moves the pointer forward by 4 bytes
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionRouterAlert;
-+  Option->Length = 4;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 4;
-+
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionPadN;
-+  Option->Length = 0xFC;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC;
-+
-+  Option         = (IP6_OPTION_HEADER *)Cursor;
-+  Option->Type   = Ip6OptionRouterAlert;
-+  Option->Length = 4;
-+
-+  Cursor += sizeof (IP6_OPTION_HEADER) + 4;
-+
-+  // Total 524
-+
-+  HdrLen = (UINT16)(Cursor - ExtHdr);
-+
-+  EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0));
-+}
-diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-new file mode 100644
-index 0000000000..0509b6ae30
---- /dev/null
-+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
-@@ -0,0 +1,40 @@
-+/** @file
-+  Exposes the functions needed to test the Ip6Option module.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#ifndef IP6_OPTION_HEADER_GOOGLE_TEST_H_
-+#define IP6_OPTION_HEADER_GOOGLE_TEST_H_
-+
-+#include <Uefi.h>
-+#include "../Ip6Impl.h"
-+
-+/**
-+  Validate the IP6 option format for both the packets we received
-+  and that we will transmit. It will compute the ICMPv6 error message fields
-+  if the option is malformatted.
-+
-+  @param[in]  IpSb              The IP6 service data.
-+  @param[in]  Packet            The to be validated packet.
-+  @param[in]  Option            The first byte of the option.
-+  @param[in]  OptionLen         The length of the whole option.
-+  @param[in]  Pointer           Identifies the octet offset within
-+                                the invoking packet where the error was detected.
-+
-+
-+  @retval TRUE     The option is properly formatted.
-+  @retval FALSE    The option is malformatted.
-+
-+**/
-+BOOLEAN
-+Ip6IsOptionValid (
-+  IN IP6_SERVICE  *IpSb,
-+  IN NET_BUF      *Packet,
-+  IN UINT8        *Option,
-+  IN UINT16       OptionLen,
-+  IN UINT32       Pointer
-+  );
-+
-+#endif // __IP6_OPTION_HEADER_GOOGLE_TEST_H__
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch

@@ -1,74 +0,0 @@
-From 6eceae607639b46ea46ba26a288270bd1c97dc0f Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 13 Jun 2024 18:35:46 -0400
-Subject: [PATCH 31/31] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow
- in iPXE environment
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [31/31] 2088a79fef3d6dfec032f2f560ccf87ae42d786f
-
-JIRA: https://issues.redhat.com/browse/RHEL-21854
-Upstream: Merged
-CVE: CVE-2023-45236
-
-commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
-Author: Sam <Sam_Tsai@wiwynn.com>
-Date:   Wed May 29 07:46:03 2024 +0800
-
-    NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
-
-    This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
-    REF: 1904a64
-
-    Issue Description:
-    An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
-
-    NetworkPkg\TcpDxe\TcpDriver.c
-    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, ​&mHash2ServiceHandle);
-
-    Root Cause Analysis:
-    The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
-
-    Implemented Solution:
-    To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
-
-    NetworkPkg\TcpDxe\TcpDriver.c
-    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
-
-    This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
-
-    Verification:
-    Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
-
-    Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
-
-    Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 34ae838ae0..1aec292501 100644
---- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -509,7 +509,7 @@ TcpDestroyService (
-     //
-     // Destroy the instance of the hashing protocol for this controller.
-     //
--    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
-     if (EFI_ERROR (Status)) {
-       return EFI_UNSUPPORTED;
-     }
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch

@@ -1,808 +0,0 @@
-From 1e7f4034ddc0896e16c981d4220a1178813b4e86 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 11 Jun 2024 15:20:29 -0400
-Subject: [PATCH 30/31] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 77: UINT32 overflow in S3 ResumeCount and Pixiefail fixes
-RH-Jira: RHEL-21854 RHEL-21856 RHEL-40099
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [30/31] 9ae15a2abf1d9bd0a0df1ff73a88446b9eb33602
-
-JIRA: https://issues.redhat.com/browse/RHEL-21854
-Upstream: Merged
-CVE: CVE-2023-45236
-Conflicts: Didn't add new file NetworkPkg/SecurityFixes.yaml
-
-commit 1904a64bcc18199738e5be183d28887ac5d837d7
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Wed May 8 22:56:29 2024 -0700
-
-    NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
-    REF: https://www.rfc-editor.org/rfc/rfc1948.txt
-    REF: https://www.rfc-editor.org/rfc/rfc6528.txt
-    REF: https://www.rfc-editor.org/rfc/rfc9293.txt
-
-    Bug Overview:
-    PixieFail Bug #8
-    CVE-2023-45236
-    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
-    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
-
-    Updates TCP ISN generation to use a cryptographic hash of the
-    connection's identifying parameters and a secret key.
-    This prevents an attacker from guessing the ISN used for some other
-    connection.
-
-    This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
-
-    RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection
-
-       A TCP implementation MUST use the above type of "clock" for clock-
-       driven selection of initial sequence numbers (MUST-8), and SHOULD
-       generate its initial sequence numbers with the expression:
-
-       ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-
-       where M is the 4 microsecond timer, and F() is a pseudorandom
-       function (PRF) of the connection's identifying parameters ("localip,
-       localport, remoteip, remoteport") and a secret key ("secretkey")
-       (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
-       an attacker could still guess at sequence numbers from the ISN used
-       for some other connection.  The PRF could be implemented as a
-       cryptographic hash of the concatenation of the TCP connection
-       parameters and some secret data.  For discussion of the selection of
-       a specific hash algorithm and management of the secret key data,
-       please see Section 3 of [42].
-
-       For each connection there is a send sequence number and a receive
-       sequence number.  The initial send sequence number (ISS) is chosen by
-       the data sending TCP peer, and the initial receive sequence number
-       (IRS) is learned during the connection-establishing procedure.
-
-       For a connection to be established or initialized, the two TCP peers
-       must synchronize on each other's initial sequence numbers.  This is
-       done in an exchange of connection-establishing segments carrying a
-       control bit called "SYN" (for synchronize) and the initial sequence
-       numbers.  As a shorthand, segments carrying the SYN bit are also
-       called "SYNs".  Hence, the solution requires a suitable mechanism for
-       picking an initial sequence number and a slightly involved handshake
-       to exchange the ISNs.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/TcpDxe/TcpDriver.c |  92 ++++++++++++-
- NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
- NetworkPkg/TcpDxe/TcpFunc.h   |  23 ++--
- NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
- NetworkPkg/TcpDxe/TcpMain.h   |  59 ++++++--
- NetworkPkg/TcpDxe/TcpMisc.c   | 244 ++++++++++++++++++++++++++++++++--
- NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
- 7 files changed, 394 insertions(+), 48 deletions(-)
-
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 430911c2f4..34ae838ae0 100644
---- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL  gTcpServiceBinding = {
-   TcpServiceBindingDestroyChild
- };
- 
-+//
-+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
-+// if the platform does not provide one.
-+//
-+EFI_HANDLE  mHash2ServiceHandle = NULL;
-+
- /**
-   Create and start the heartbeat timer for the TCP driver.
- 
-@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
-   EFI_STATUS  Status;
-   UINT32      Random;
- 
-+  //
-+  // Initialize the Secret used for hashing TCP sequence numbers
-+  //
-+  // Normally this should be regenerated periodically, but since
-+  // this is only used for UEFI networking and not a general purpose
-+  // operating system, it is not necessary to regenerate it.
-+  //
-+  Status = PseudoRandomU32 (&mTcpGlobalSecret);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
-+    return Status;
-+  }
-+
-+  //
-+  // Get a random number used to generate a random port number
-+  // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
-+  //
-   Status = PseudoRandomU32 (&Random);
-   if (EFI_ERROR (Status)) {
-     DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
-@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
-   }
- 
-   //
--  // Initialize ISS and random port.
-+  // Initialize the random port.
-   //
--  mTcpGlobalIss   = Random % mTcpGlobalIss;
-   mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
-   mTcp6RandomPort = mTcp4RandomPort;
- 
-@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
-   @param[in]  IpVersion          IP_VERSION_4 or IP_VERSION_6.
- 
-   @retval EFI_OUT_OF_RESOURCES   Failed to allocate some resources.
-+  @retval EFI_UNSUPPORTED        Service Binding Protocols are unavailable.
-+  @retval EFI_ALREADY_STARTED    The TCP driver is already started on the controller.
-   @retval EFI_SUCCESS            A new IP6 service binding private was created.
- 
- **/
-@@ -234,11 +258,13 @@ TcpCreateService (
-   IN UINT8       IpVersion
-   )
- {
--  EFI_STATUS        Status;
--  EFI_GUID          *IpServiceBindingGuid;
--  EFI_GUID          *TcpServiceBindingGuid;
--  TCP_SERVICE_DATA  *TcpServiceData;
--  IP_IO_OPEN_DATA   OpenData;
-+  EFI_STATUS                    Status;
-+  EFI_GUID                      *IpServiceBindingGuid;
-+  EFI_GUID                      *TcpServiceBindingGuid;
-+  TCP_SERVICE_DATA              *TcpServiceData;
-+  IP_IO_OPEN_DATA               OpenData;
-+  EFI_SERVICE_BINDING_PROTOCOL  *Hash2ServiceBinding;
-+  EFI_HASH2_PROTOCOL            *Hash2Protocol;
- 
-   if (IpVersion == IP_VERSION_4) {
-     IpServiceBindingGuid  = &gEfiIp4ServiceBindingProtocolGuid;
-@@ -272,6 +298,33 @@ TcpCreateService (
-     return EFI_UNSUPPORTED;
-   }
- 
-+  Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
-+  if (EFI_ERROR (Status)) {
-+    //
-+    // If we can't find the Hashing protocol, then we need to create one.
-+    //
-+
-+    //
-+    // Platform is expected to publish the hash service binding protocol to support TCP.
-+    //
-+    Status = gBS->LocateProtocol (
-+                    &gEfiHash2ServiceBindingProtocolGuid,
-+                    NULL,
-+                    (VOID **)&Hash2ServiceBinding
-+                    );
-+    if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    //
-+    // Create an instance of the hash protocol for this controller.
-+    //
-+    Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    if (EFI_ERROR (Status)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+  }
-+
-   //
-   // Create the TCP service data.
-   //
-@@ -423,6 +476,7 @@ TcpDestroyService (
-   EFI_STATUS                               Status;
-   LIST_ENTRY                               *List;
-   TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT  Context;
-+  EFI_SERVICE_BINDING_PROTOCOL             *Hash2ServiceBinding;
- 
-   ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
- 
-@@ -439,6 +493,30 @@ TcpDestroyService (
-     return EFI_SUCCESS;
-   }
- 
-+  //
-+  // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
-+  //
-+  if (mHash2ServiceHandle != NULL) {
-+    Status = gBS->LocateProtocol (
-+                    &gEfiHash2ServiceBindingProtocolGuid,
-+                    NULL,
-+                    (VOID **)&Hash2ServiceBinding
-+                    );
-+    if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    //
-+    // Destroy the instance of the hashing protocol for this controller.
-+    //
-+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    if (EFI_ERROR (Status)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    mHash2ServiceHandle = NULL;
-+  }
-+
-   Status = gBS->OpenProtocol (
-                   NicHandle,
-                   ServiceBindingGuid,
-diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
-index cf5423f4c5..76de4cf9ec 100644
---- a/NetworkPkg/TcpDxe/TcpDxe.inf
-+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
-@@ -6,6 +6,7 @@
- #  stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
- #
- #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-+#  Copyright (c) Microsoft Corporation
- #
- #  SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -68,7 +69,6 @@
-   NetLib
-   IpIoLib
- 
--
- [Protocols]
-   ## SOMETIMES_CONSUMES
-   ## SOMETIMES_PRODUCES
-@@ -81,6 +81,12 @@
-   gEfiIp6ServiceBindingProtocolGuid             ## TO_START
-   gEfiTcp6ProtocolGuid                          ## BY_START
-   gEfiTcp6ServiceBindingProtocolGuid            ## BY_START
-+  gEfiHash2ProtocolGuid                         ## BY_START
-+  gEfiHash2ServiceBindingProtocolGuid           ## BY_START
-+
-+[Guids]
-+  gEfiHashAlgorithmMD5Guid                      ## CONSUMES
-+  gEfiHashAlgorithmSha256Guid                   ## CONSUMES
- 
- [Depex]
-   gEfiHash2ServiceBindingProtocolGuid
-diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
-index 05cd3c75dc..e578b8bb29 100644
---- a/NetworkPkg/TcpDxe/TcpFunc.h
-+++ b/NetworkPkg/TcpDxe/TcpFunc.h
-@@ -2,7 +2,7 @@
-   Declaration of external functions shared in TCP driver.
- 
-   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
--
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -36,8 +36,11 @@ VOID
- 
-   @param[in, out]  Tcb               Pointer to the TCP_CB of this TCP instance.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
--VOID
-+EFI_STATUS
- TcpInitTcbLocal (
-   IN OUT TCP_CB *Tcb
-   );
-@@ -128,17 +131,6 @@ TcpCloneTcb (
-   IN TCP_CB *Tcb
-   );
- 
--/**
--  Compute an ISS to be used by a new connection.
--
--  @return The result ISS.
--
--**/
--TCP_SEQNO
--TcpGetIss (
--  VOID
--  );
--
- /**
-   Get the local mss.
- 
-@@ -202,8 +194,11 @@ TcpFormatNetbuf (
-   @param[in, out]  Tcb          Pointer to the TCP_CB that wants to initiate a
-                                 connection.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
--VOID
-+EFI_STATUS
- TcpOnAppConnect (
-   IN OUT TCP_CB  *Tcb
-   );
-diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
-index 5e6c8c54ca..c0656ccd7d 100644
---- a/NetworkPkg/TcpDxe/TcpInput.c
-+++ b/NetworkPkg/TcpDxe/TcpInput.c
-@@ -759,6 +759,7 @@ TcpInput (
-   TCP_SEQNO   Urg;
-   UINT16      Checksum;
-   INT32       Usable;
-+  EFI_STATUS  Status;
- 
-   ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
- 
-@@ -908,7 +909,17 @@ TcpInput (
-       Tcb->LocalEnd.Port  = Head->DstPort;
-       Tcb->RemoteEnd.Port = Head->SrcPort;
- 
--      TcpInitTcbLocal (Tcb);
-+      Status = TcpInitTcbLocal (Tcb);
-+      if (EFI_ERROR (Status)) {
-+        DEBUG (
-+          (DEBUG_ERROR,
-+           "TcpInput: discard a segment because failed to init local end for TCB %p\n",
-+           Tcb)
-+          );
-+
-+        goto DISCARD;
-+      }
-+
-       TcpInitTcbPeer (Tcb, Seg, &Option);
- 
-       TcpSetState (Tcb, TCP_SYN_RCVD);
-diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
-index 0709298bbf..3fa572d3d4 100644
---- a/NetworkPkg/TcpDxe/TcpMain.h
-+++ b/NetworkPkg/TcpDxe/TcpMain.h
-@@ -3,6 +3,7 @@
-   It is the common head file for all Tcp*.c in TCP driver.
- 
-   Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -12,6 +13,7 @@
- 
- #include <Protocol/ServiceBinding.h>
- #include <Protocol/DriverBinding.h>
-+#include <Protocol/Hash2.h>
- #include <Library/IpIoLib.h>
- #include <Library/DevicePathLib.h>
- #include <Library/PrintLib.h>
-@@ -30,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE      *gTcpControllerNameTable;
- 
- extern LIST_ENTRY  mTcpRunQue;
- extern LIST_ENTRY  mTcpListenQue;
--extern TCP_SEQNO   mTcpGlobalIss;
-+extern TCP_SEQNO   mTcpGlobalSecret;
- extern UINT32      mTcpTick;
- 
- ///
-@@ -44,15 +46,6 @@ extern UINT32      mTcpTick;
- 
- #define TCP_EXPIRE_TIME            65535
- 
--///
--/// The implementation selects the initial send sequence number and the unit to
--/// be added when it is increased.
--///
--#define TCP_BASE_ISS               0x4d7e980b
--#define TCP_ISS_INCREMENT_1        2048
--#define TCP_ISS_INCREMENT_2        100
--
--
- typedef union {
-   EFI_TCP4_CONFIG_DATA    Tcp4CfgData;
-   EFI_TCP6_CONFIG_DATA    Tcp6CfgData;
-@@ -774,4 +767,50 @@ Tcp6Poll (
-   IN EFI_TCP6_PROTOCOL  *This
-   );
- 
-+/**
-+  Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
-+  and remote IP addresses and ports.
-+
-+  This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
-+  Where the ISN is computed as follows:
-+    ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
-+
-+  Otherwise:
-+    ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-+
-+    "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
-+    connection's identifying parameters ("localip, localport, remoteip, remoteport")
-+    and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
-+    outside (MUST-9), or an attacker could still guess at sequence numbers from the
-+    ISN used for some other connection. The PRF could be implemented as a
-+    cryptographic hash of the concatenation of the TCP connection parameters and some
-+    secret data. For discussion of the selection of a specific hash algorithm and
-+    management of the secret key data."
-+
-+  @param[in]       LocalIp        A pointer to the local IP address of the TCP connection.
-+  @param[in]       LocalIpSize    The size, in bytes, of the LocalIp buffer.
-+  @param[in]       LocalPort      The local port number of the TCP connection.
-+  @param[in]       RemoteIp       A pointer to the remote IP address of the TCP connection.
-+  @param[in]       RemoteIpSize   The size, in bytes, of the RemoteIp buffer.
-+  @param[in]       RemotePort     The remote port number of the TCP connection.
-+  @param[out]      Isn            A pointer to the variable that will receive the Initial
-+                                  Sequence Number (ISN).
-+
-+  @retval EFI_SUCCESS             The operation completed successfully, and the ISN was
-+                                  retrieved.
-+  @retval EFI_INVALID_PARAMETER   One or more of the input parameters are invalid.
-+  @retval EFI_UNSUPPORTED         The operation is not supported.
-+
-+**/
-+EFI_STATUS
-+TcpGetIsn (
-+  IN UINT8       *LocalIp,
-+  IN UINTN       LocalIpSize,
-+  IN UINT16      LocalPort,
-+  IN UINT8       *RemoteIp,
-+  IN UINTN       RemoteIpSize,
-+  IN UINT16      RemotePort,
-+  OUT TCP_SEQNO  *Isn
-+  );
-+
- #endif
-diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
-index 3fa9d90d9f..42dc9fa941 100644
---- a/NetworkPkg/TcpDxe/TcpMisc.c
-+++ b/NetworkPkg/TcpDxe/TcpMisc.c
-@@ -3,6 +3,7 @@
- 
-   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-   Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -19,7 +20,34 @@ LIST_ENTRY  mTcpListenQue = {
-   &mTcpListenQue
- };
- 
--TCP_SEQNO       mTcpGlobalIss = TCP_BASE_ISS;
-+//
-+// The Session secret
-+// This must be initialized to a random value at boot time
-+//
-+TCP_SEQNO  mTcpGlobalSecret;
-+
-+//
-+// Union to hold either an IPv4 or IPv6 address
-+// This is used to simplify the ISN hash computation
-+//
-+typedef union {
-+  UINT8    IPv4[4];
-+  UINT8    IPv6[16];
-+} NETWORK_ADDRESS;
-+
-+//
-+// The ISN is computed by hashing this structure
-+// It is initialized with the local and remote IP addresses and ports
-+// and the secret
-+//
-+//
-+typedef struct {
-+  UINT16             LocalPort;
-+  UINT16             RemotePort;
-+  NETWORK_ADDRESS    LocalAddress;
-+  NETWORK_ADDRESS    RemoteAddress;
-+  TCP_SEQNO          Secret;
-+} ISN_HASH_CTX;
- 
- CHAR16  *mTcpStateName[] = {
-   L"TCP_CLOSED",
-@@ -40,12 +68,18 @@ CHAR16  *mTcpStateName[] = {
- 
-   @param[in, out]  Tcb               Pointer to the TCP_CB of this TCP instance.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
--VOID
-+EFI_STATUS
- TcpInitTcbLocal (
-   IN OUT TCP_CB *Tcb
-   )
- {
-+  TCP_SEQNO   Isn;
-+  EFI_STATUS  Status;
-+
-   //
-   // Compute the checksum of the fixed parts of pseudo header
-   //
-@@ -56,6 +90,16 @@ TcpInitTcbLocal (
-                      0x06,
-                      0
-                      );
-+
-+    Status = TcpGetIsn (
-+               Tcb->LocalEnd.Ip.v4.Addr,
-+               sizeof (IPv4_ADDRESS),
-+               Tcb->LocalEnd.Port,
-+               Tcb->RemoteEnd.Ip.v4.Addr,
-+               sizeof (IPv4_ADDRESS),
-+               Tcb->RemoteEnd.Port,
-+               &Isn
-+               );
-   } else {
-     Tcb->HeadSum = NetIp6PseudoHeadChecksum (
-                      &Tcb->LocalEnd.Ip.v6,
-@@ -63,9 +107,25 @@ TcpInitTcbLocal (
-                      0x06,
-                      0
-                      );
-+
-+    Status = TcpGetIsn (
-+               Tcb->LocalEnd.Ip.v6.Addr,
-+               sizeof (IPv6_ADDRESS),
-+               Tcb->LocalEnd.Port,
-+               Tcb->RemoteEnd.Ip.v6.Addr,
-+               sizeof (IPv6_ADDRESS),
-+               Tcb->RemoteEnd.Port,
-+               &Isn
-+               );
-+  }
-+
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
-+    ASSERT (FALSE);
-+    return Status;
-   }
- 
--  Tcb->Iss    = TcpGetIss ();
-+  Tcb->Iss    = Isn;
-   Tcb->SndUna = Tcb->Iss;
-   Tcb->SndNxt = Tcb->Iss;
- 
-@@ -81,6 +141,8 @@ TcpInitTcbLocal (
-   Tcb->RetxmitSeqMax = 0;
- 
-   Tcb->ProbeTimerOn = FALSE;
-+
-+  return EFI_SUCCESS;
- }
- 
- /**
-@@ -505,18 +567,162 @@ TcpCloneTcb (
- }
- 
- /**
--  Compute an ISS to be used by a new connection.
--
--  @return The resulting ISS.
-+  Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
-+  and remote IP addresses and ports.
-+
-+  This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
-+  Where the ISN is computed as follows:
-+    ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
-+
-+  Otherwise:
-+    ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-+
-+    "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
-+    connection's identifying parameters ("localip, localport, remoteip, remoteport")
-+    and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
-+    outside (MUST-9), or an attacker could still guess at sequence numbers from the
-+    ISN used for some other connection. The PRF could be implemented as a
-+    cryptographic hash of the concatenation of the TCP connection parameters and some
-+    secret data. For discussion of the selection of a specific hash algorithm and
-+    management of the secret key data."
-+
-+  @param[in]       LocalIp        A pointer to the local IP address of the TCP connection.
-+  @param[in]       LocalIpSize    The size, in bytes, of the LocalIp buffer.
-+  @param[in]       LocalPort      The local port number of the TCP connection.
-+  @param[in]       RemoteIp       A pointer to the remote IP address of the TCP connection.
-+  @param[in]       RemoteIpSize   The size, in bytes, of the RemoteIp buffer.
-+  @param[in]       RemotePort     The remote port number of the TCP connection.
-+  @param[out]      Isn            A pointer to the variable that will receive the Initial
-+                                  Sequence Number (ISN).
-+
-+  @retval EFI_SUCCESS             The operation completed successfully, and the ISN was
-+                                  retrieved.
-+  @retval EFI_INVALID_PARAMETER   One or more of the input parameters are invalid.
-+  @retval EFI_UNSUPPORTED         The operation is not supported.
- 
- **/
--TCP_SEQNO
--TcpGetIss (
--  VOID
-+EFI_STATUS
-+TcpGetIsn (
-+  IN UINT8       *LocalIp,
-+  IN UINTN       LocalIpSize,
-+  IN UINT16      LocalPort,
-+  IN UINT8       *RemoteIp,
-+  IN UINTN       RemoteIpSize,
-+  IN UINT16      RemotePort,
-+  OUT TCP_SEQNO  *Isn
-   )
- {
--  mTcpGlobalIss += TCP_ISS_INCREMENT_1;
--  return mTcpGlobalIss;
-+  EFI_STATUS          Status;
-+  EFI_HASH2_PROTOCOL  *Hash2Protocol;
-+  EFI_HASH2_OUTPUT    HashResult;
-+  ISN_HASH_CTX        IsnHashCtx;
-+  EFI_TIME            TimeStamp;
-+
-+  //
-+  // Check that the ISN pointer is valid
-+  //
-+  if (Isn == NULL) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // The local ip may be a v4 or v6 address and may not be NULL
-+  //
-+  if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // the local ip may be a v4 or v6 address
-+  //
-+  if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // Locate the Hash Protocol
-+  //
-+  Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
-+
-+    //
-+    // TcpCreateService(..) is expected to be called prior to this function
-+    //
-+    ASSERT_EFI_ERROR (Status);
-+    return Status;
-+  }
-+
-+  //
-+  // Initialize the hash algorithm
-+  //
-+  Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
-+    return Status;
-+  }
-+
-+  IsnHashCtx.LocalPort  = LocalPort;
-+  IsnHashCtx.RemotePort = RemotePort;
-+  IsnHashCtx.Secret     = mTcpGlobalSecret;
-+
-+  //
-+  // Check the IP address family and copy accordingly
-+  //
-+  if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
-+  } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
-+  } else {
-+    return EFI_INVALID_PARAMETER; // Unsupported address size
-+  }
-+
-+  //
-+  // Repeat the process for the remote IP address
-+  //
-+  if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
-+  } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
-+  } else {
-+    return EFI_INVALID_PARAMETER; // Unsupported address size
-+  }
-+
-+  //
-+  // Compute the hash
-+  // Update the hash with the data
-+  //
-+  Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
-+    return Status;
-+  }
-+
-+  //
-+  // Finalize the hash and retrieve the result
-+  //
-+  Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
-+    return Status;
-+  }
-+
-+  Status = gRT->GetTime (&TimeStamp, NULL);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  //
-+  // copy the first 4 bytes of the hash result into the ISN
-+  //
-+  CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
-+
-+  //
-+  // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
-+  //
-+  *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
-+
-+  return Status;
- }
- 
- /**
-@@ -719,17 +925,29 @@ TcpFormatNetbuf (
- 
-   @param[in, out]  Tcb          Pointer to the TCP_CB that wants to initiate a
-                                 connection.
-+
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
--VOID
-+EFI_STATUS
- TcpOnAppConnect (
-   IN OUT TCP_CB  *Tcb
-   )
- {
--  TcpInitTcbLocal (Tcb);
-+  EFI_STATUS  Status;
-+
-+  Status = TcpInitTcbLocal (Tcb);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-   TcpSetState (Tcb, TCP_SYN_SENT);
- 
-   TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
-   TcpToSendData (Tcb, 1);
-+
-+  return EFI_SUCCESS;
- }
- 
- /**
-diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
-index 106d9470db..535d09d342 100644
---- a/NetworkPkg/TcpDxe/TcpTimer.c
-+++ b/NetworkPkg/TcpDxe/TcpTimer.c
-@@ -2,7 +2,7 @@
-   TCP timer related functions.
- 
-   Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
--
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -497,7 +497,6 @@ TcpTickingDpc (
-   INT16           Index;
- 
-   mTcpTick++;
--  mTcpGlobalIss += TCP_ISS_INCREMENT_2;
- 
-   //
-   // Don't use LIST_FOR_EACH, which isn't delete safe.
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch

@@ -1,168 +0,0 @@
-From 38baf93892ec464490b6fe611c23b014f574344b Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 07/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [7/15] c1baa0b2facbf0b63a90a0bfd55264af9f893098
-
-JIRA: https://issues.redhat.com/browse/RHEL-21850
-CVE: CVE-2022-45234
-Upstream: Merged
-
-commit 1b53515d53d303166b2bbd31e2cc7f16fd0aecd7
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:52 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-
-    Bug Details:
-    PixieFail Bug #6
-    CVE-2023-45234
-    CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
-    CWE-119 Improper Restriction of Operations within the Bounds of
-     a Memory Buffer
-
-    Buffer overflow when processing DNS Servers option in a DHCPv6
-    Advertise message
-
-    Change Overview:
-
-    Introduces a function to cache the Dns Server and perform sanitizing
-    on the incoming DnsServerLen to ensure that the length is valid
-
-    > + EFI_STATUS
-    > + PxeBcCacheDnsServerAddresses (
-    > +  IN PXEBC_PRIVATE_DATA        *Private,
-    > +  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-    > +  )
-
-    Additional code cleanup
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 71 +++++++++++++++++++++++++---
- 1 file changed, 65 insertions(+), 6 deletions(-)
-
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-index 425e0cf806..2b2d372889 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-@@ -3,6 +3,7 @@
- 
-   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-+  Copyright (c) Microsoft Corporation
- 
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
-@@ -1312,6 +1313,65 @@ PxeBcSelectDhcp6Offer (
-   }
- }
- 
-+/**
-+  Cache the DHCPv6 DNS Server addresses
-+
-+  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
-+  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
-+
-+  @retval    EFI_SUCCESS           Cache the DHCPv6 DNS Server address successfully.
-+  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval    EFI_DEVICE_ERROR      The DNS Server Address Length provided by a untrusted
-+                                   option is not a multiple of 16 bytes (sizeof (EFI_IPv6_ADDRESS)).
-+**/
-+EFI_STATUS
-+PxeBcCacheDnsServerAddresses (
-+  IN PXEBC_PRIVATE_DATA        *Private,
-+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-+  )
-+{
-+  UINT16  DnsServerLen;
-+
-+  DnsServerLen = NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen);
-+  //
-+  // Make sure that the number is nonzero
-+  //
-+  if (DnsServerLen == 0) {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  //
-+  // Make sure the DnsServerlen is a multiple of EFI_IPv6_ADDRESS (16)
-+  //
-+  if (DnsServerLen % sizeof (EFI_IPv6_ADDRESS) != 0) {
-+    return EFI_DEVICE_ERROR;
-+  }
-+
-+  //
-+  // This code is currently written to only support a single DNS Server instead
-+  // of multiple such as is spec defined (RFC3646, Section 3). The proper behavior
-+  // would be to allocate the full space requested, CopyMem all of the data,
-+  // and then add a DnsServerCount field to Private and update additional code
-+  // that depends on this.
-+  //
-+  // To support multiple DNS servers the `AllocationSize` would need to be changed to DnsServerLen
-+  //
-+  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
-+  //
-+  Private->DnsServer = AllocateZeroPool (sizeof (EFI_IPv6_ADDRESS));
-+  if (Private->DnsServer == NULL) {
-+    return EFI_OUT_OF_RESOURCES;
-+  }
-+
-+  //
-+  // Intentionally only copy over the first server address.
-+  // To support multiple DNS servers, the `Length` would need to be changed to DnsServerLen
-+  //
-+  CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
-+
-+  return EFI_SUCCESS;
-+}
-+
- /**
-   Handle the DHCPv6 offer packet.
- 
-@@ -1335,6 +1395,7 @@ PxeBcHandleDhcp6Offer (
-   UINT32                    SelectIndex;
-   UINT32                    Index;
- 
-+  ASSERT (Private != NULL);
-   ASSERT (Private->SelectIndex > 0);
-   SelectIndex = (UINT32)(Private->SelectIndex - 1);
-   ASSERT (SelectIndex < PXEBC_OFFER_MAX_NUM);
-@@ -1342,15 +1403,13 @@ PxeBcHandleDhcp6Offer (
-   Status = EFI_SUCCESS;
- 
-   //
--  // First try to cache DNS server address if DHCP6 offer provides.
-+  // First try to cache DNS server addresses if DHCP6 offer provides.
-   //
-   if (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] != NULL) {
--    Private->DnsServer = AllocateZeroPool (NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen));
--    if (Private->DnsServer == NULL) {
--      return EFI_OUT_OF_RESOURCES;
-+    Status = PxeBcCacheDnsServerAddresses (Private, Cache6);
-+    if (EFI_ERROR (Status)) {
-+      return Status;
-     }
--
--    CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
-   }
- 
-   if (Cache6->OfferType == PxeOfferTypeDhcpBinl) {
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch

@@ -1,511 +0,0 @@
-From fd1bc6ff10a45123b0ec7f9ae3354ad3713bc532 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 08/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [8/15] f88ebc7fa79ce4fe615dd79c42fedee0a0da7a0b
-
-JIRA: https://issues.redhat.com/browse/RHEL-21850
-CVE: CVE-2022-45234
-Upstream: Merged
-
-commit 458c582685fc0e8057d2511c5a0394078d988c17
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:53 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
-
-    Unit tests to that the bug..
-
-    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise
-    message
-
-    ..has been patched
-
-    This contains tests for the following functions:
-    PxeBcHandleDhcp6Offer
-    PxeBcCacheDnsServerAddresses
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
- .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 300 ++++++++++++++++++
- .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  50 +++
- .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 ++
- .../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +++
- 5 files changed, 418 insertions(+)
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
- create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index ab7c2857b6..c8a991e5c1 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -26,6 +26,7 @@
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
-+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-new file mode 100644
-index 0000000000..8260eeee50
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-@@ -0,0 +1,300 @@
-+/** @file
-+  Host based unit test for PxeBcDhcp6.c.
-+
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+extern "C" {
-+  #include <Uefi.h>
-+  #include <Library/BaseLib.h>
-+  #include <Library/DebugLib.h>
-+  #include "../PxeBcImpl.h"
-+  #include "../PxeBcDhcp6.h"
-+  #include "PxeBcDhcp6GoogleTest.h"
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// Definitions
-+///////////////////////////////////////////////////////////////////////////////
-+
-+#define PACKET_SIZE  (1500)
-+
-+typedef struct {
-+  UINT16    OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)
-+  UINT16    OptionLen;    // The length of the option (e.g., 16 bytes)
-+  UINT8     ServerId[16]; // The 16-byte DHCPv6 Server Identifier
-+} DHCP6_OPTION_SERVER_ID;
-+
-+///////////////////////////////////////////////////////////////////////////////
-+/// Symbol Definitions
-+///////////////////////////////////////////////////////////////////////////////
-+
-+EFI_STATUS
-+MockUdpWrite (
-+  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
-+  IN UINT16                          OpFlags,
-+  IN EFI_IP_ADDRESS                  *DestIp,
-+  IN EFI_PXE_BASE_CODE_UDP_PORT      *DestPort,
-+  IN EFI_IP_ADDRESS                  *GatewayIp   OPTIONAL,
-+  IN EFI_IP_ADDRESS                  *SrcIp       OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
-+  IN UINTN                           *HeaderSize  OPTIONAL,
-+  IN VOID                            *HeaderPtr   OPTIONAL,
-+  IN UINTN                           *BufferSize,
-+  IN VOID                            *BufferPtr
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+MockUdpRead (
-+  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
-+  IN UINT16                          OpFlags,
-+  IN OUT EFI_IP_ADDRESS              *DestIp      OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *DestPort    OPTIONAL,
-+  IN OUT EFI_IP_ADDRESS              *SrcIp       OPTIONAL,
-+  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
-+  IN UINTN                           *HeaderSize  OPTIONAL,
-+  IN VOID                            *HeaderPtr   OPTIONAL,
-+  IN OUT UINTN                       *BufferSize,
-+  IN VOID                            *BufferPtr
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+EFI_STATUS
-+MockConfigure (
-+  IN EFI_UDP6_PROTOCOL     *This,
-+  IN EFI_UDP6_CONFIG_DATA  *UdpConfigData OPTIONAL
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+// Needed by PxeBcSupport
-+EFI_STATUS
-+EFIAPI
-+QueueDpc (
-+  IN EFI_TPL            DpcTpl,
-+  IN EFI_DPC_PROCEDURE  DpcProcedure,
-+  IN VOID               *DpcContext    OPTIONAL
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcHandleDhcp6OfferTest Tests
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcHandleDhcp6OfferTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+  EFI_PXE_BASE_CODE_MODE Mode = { 0 };
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_MODE
-+    Private.PxeBc.Mode = &Mode;
-+
-+    // for this test it doesn't really matter what the Dhcpv6 ack is set to
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Note:
-+// Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
-+// properly setup Private structure. Attempting to properly test this function
-+// without a signficant refactor is a fools errand. Instead, we will test
-+// that we can prevent an overflow in the function.
-+TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+
-+  Private.SelectIndex = 1; // SelectIndex is 1-based
-+  Cache6              = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
-+
-+  ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), EFI_DEVICE_ERROR);
-+}
-+
-+class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+  }
-+};
-+
-+// Test Description
-+// Test that we cache the DNS server address from the DHCPv6 offer packet
-+TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
-+  UINT8                     SearchPattern[16] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF };
-+  EFI_DHCP6_PACKET_OPTION   *Option;
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Option = (EFI_DHCP6_PACKET_OPTION *)AllocateZeroPool (sizeof (EFI_DHCP6_PACKET_OPTION) + sizeof (SearchPattern));
-+  ASSERT_NE (Option, nullptr);
-+
-+  Option->OpCode = DHCP6_OPT_SERVER_ID;
-+  Option->OpLen  = NTOHS (sizeof (SearchPattern));
-+  CopyMem (Option->Data, SearchPattern, sizeof (SearchPattern));
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = Option;
-+
-+  Private.DnsServer = nullptr;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
-+  ASSERT_NE (Private.DnsServer, nullptr);
-+  ASSERT_EQ (CompareMem (Private.DnsServer, SearchPattern, sizeof (SearchPattern)), 0);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+
-+  if (Option) {
-+    FreePool (Option);
-+  }
-+}
-+// Test Description
-+// Test that we can prevent an overflow in the function
-+TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
-+  ASSERT_EQ (Private.DnsServer, nullptr);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-+
-+// Test Description
-+// Test that we can prevent an underflow in the function
-+TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptUnderflowTest) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (2);
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
-+  ASSERT_EQ (Private.DnsServer, nullptr);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-+
-+// Test Description
-+// Test that we can handle recursive dns (multiple dns entries)
-+TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
-+  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
-+  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
-+
-+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-+  // Setup the DHCPv6 offer packet
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-+
-+  EFI_IPv6_ADDRESS  addresses[2] = {
-+    // 2001:db8:85a3::8a2e:370:7334
-+    { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x00, 0x00, 0x00, 0x00, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34 },
-+    // fe80::d478:91c3:ecd7:4ff9
-+    { 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd4, 0x78, 0x91, 0xc3, 0xec, 0xd7, 0x4f, 0xf9 }
-+  };
-+
-+  CopyMem (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, &addresses, sizeof (addresses));
-+
-+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen = NTOHS (sizeof (addresses));
-+
-+  Private.DnsServer = NULL;
-+
-+  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
-+
-+  ASSERT_NE (Private.DnsServer, nullptr);
-+
-+  //
-+  // This is expected to fail until DnsServer supports multiple DNS servers
-+  //
-+  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
-+  //
-+  // Disabling:
-+  // ASSERT_EQ (CompareMem(Private.DnsServer, &addresses, sizeof(addresses)), 0);
-+
-+  if (Private.DnsServer) {
-+    FreePool (Private.DnsServer);
-+  }
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-new file mode 100644
-index 0000000000..b17c314791
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-@@ -0,0 +1,50 @@
-+/** @file
-+  This file exposes the internal interfaces which may be unit tested
-+  for the PxeBcDhcp6Dxe driver.
-+
-+  Copyright (c) Microsoft Corporation.<BR>
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+
-+#ifndef PXE_BC_DHCP6_GOOGLE_TEST_H_
-+#define PXE_BC_DHCP6_GOOGLE_TEST_H_
-+
-+//
-+// Minimal includes needed to compile
-+//
-+#include <Uefi.h>
-+#include "../PxeBcImpl.h"
-+
-+/**
-+  Handle the DHCPv6 offer packet.
-+
-+  @param[in]  Private             The pointer to PXEBC_PRIVATE_DATA.
-+
-+  @retval     EFI_SUCCESS           Handled the DHCPv6 offer packet successfully.
-+  @retval     EFI_NO_RESPONSE       No response to the following request packet.
-+  @retval     EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval     EFI_BUFFER_TOO_SMALL  Can't cache the offer pacet.
-+
-+**/
-+EFI_STATUS
-+PxeBcHandleDhcp6Offer (
-+  IN PXEBC_PRIVATE_DATA  *Private
-+  );
-+
-+/**
-+  Cache the DHCPv6 Server address
-+
-+  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
-+  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
-+
-+  @retval    EFI_SUCCESS           Cache the DHCPv6 Server address successfully.
-+  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval    EFI_DEVICE_ERROR      Failed to cache the DHCPv6 Server address.
-+**/
-+EFI_STATUS
-+PxeBcCacheDnsServerAddresses (
-+  IN PXEBC_PRIVATE_DATA        *Private,
-+  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-+  );
-+
-+#endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
-new file mode 100644
-index 0000000000..cc4fdf525b
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
-@@ -0,0 +1,19 @@
-+/** @file
-+  Acts as the main entry point for the tests for the UefiPxeBcDxe module.
-+  Copyright (c) Microsoft Corporation
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+**/
-+#include <gtest/gtest.h>
-+
-+////////////////////////////////////////////////////////////////////////////////
-+// Run the tests
-+////////////////////////////////////////////////////////////////////////////////
-+int
-+main (
-+  int   argc,
-+  char  *argv[]
-+  )
-+{
-+  testing::InitGoogleTest (&argc, argv);
-+  return RUN_ALL_TESTS ();
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-new file mode 100644
-index 0000000000..301dcdf611
---- /dev/null
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-@@ -0,0 +1,48 @@
-+## @file
-+# Unit test suite for the UefiPxeBcDxe using Google Test
-+#
-+# Copyright (c) Microsoft Corporation.<BR>
-+# SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+[Defines]
-+INF_VERSION    = 0x00010005
-+BASE_NAME      = UefiPxeBcDxeGoogleTest
-+FILE_GUID      = 77D45C64-EC1E-4174-887B-886E89FD1EDF
-+MODULE_TYPE    = HOST_APPLICATION
-+VERSION_STRING = 1.0
-+
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64
-+#
-+
-+[Sources]
-+  UefiPxeBcDxeGoogleTest.cpp
-+  PxeBcDhcp6GoogleTest.cpp
-+  PxeBcDhcp6GoogleTest.h
-+  ../PxeBcDhcp6.c
-+  ../PxeBcSupport.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
-+  NetworkPkg/NetworkPkg.dec
-+
-+[LibraryClasses]
-+  GoogleTestLib
-+  DebugLib
-+  NetLib
-+  PcdLib
-+
-+[Protocols]
-+  gEfiDhcp6ServiceBindingProtocolGuid
-+  gEfiDns6ServiceBindingProtocolGuid
-+  gEfiDns6ProtocolGuid
-+
-+[Pcd]
-+  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
-+
-+[Guids]
-+  gZeroGuid
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch

@@ -1,257 +0,0 @@
-From 0016db53099ba979617f376fe1104fefada4fa29 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 09/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
- Patch
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [9/15] c48c060b87761537ee526e1f8a9e5993eb1a0381
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit fac297724e6cc343430cd0104e55cd7a96d1151e
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:55 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-
-    Bug Details:
-    PixieFail Bug #7
-    CVE-2023-45235
-    CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
-    CWE-119 Improper Restriction of Operations within the Bounds of
-     a Memory Buffer
-
-    Buffer overflow when handling Server ID option from a DHCPv6 proxy
-    Advertise message
-
-    Change Overview:
-
-    Performs two checks
-
-    1. Checks that the length of the duid is accurate
-    > + //
-    > + // Check that the minimum and maximum requirements are met
-    > + //
-    > + if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) ||
-    (OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
-    > +  Status = EFI_INVALID_PARAMETER;
-    > +  goto ON_ERROR;
-    > + }
-
-    2. Ensures that the amount of data written to the buffer is tracked and
-    never exceeds that
-    > + //
-    > + // Check that the option length is valid.
-    > + //
-    > + if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN)
-     > DiscoverLenNeeded) {
-    > +     Status = EFI_OUT_OF_RESOURCES;
-    > +     goto ON_ERROR;
-    > + }
-
-    Additional code clean up and fix for memory leak in case Option was NULL
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 77 ++++++++++++++++++++++------
- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 ++++++
- 2 files changed, 78 insertions(+), 16 deletions(-)
-
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-index 2b2d372889..7fd1281c11 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
-@@ -887,6 +887,7 @@ PxeBcRequestBootService (
-   EFI_STATUS                       Status;
-   EFI_DHCP6_PACKET                 *IndexOffer;
-   UINT8                            *Option;
-+  UINTN                            DiscoverLenNeeded;
- 
-   PxeBc      = &Private->PxeBc;
-   Request    = Private->Dhcp6Request;
-@@ -899,7 +900,8 @@ PxeBcRequestBootService (
-     return EFI_DEVICE_ERROR;
-   }
- 
--  Discover = AllocateZeroPool (sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
-+  DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
-+  Discover          = AllocateZeroPool (DiscoverLenNeeded);
-   if (Discover == NULL) {
-     return EFI_OUT_OF_RESOURCES;
-   }
-@@ -924,16 +926,34 @@ PxeBcRequestBootService (
-                DHCP6_OPT_SERVER_ID
-                );
-     if (Option == NULL) {
--      return EFI_NOT_FOUND;
-+      Status = EFI_NOT_FOUND;
-+      goto ON_ERROR;
-     }
- 
-     //
-     // Add Server ID Option.
-     //
-     OpLen = NTOHS (((EFI_DHCP6_PACKET_OPTION *)Option)->OpLen);
--    CopyMem (DiscoverOpt, Option, OpLen + 4);
--    DiscoverOpt += (OpLen + 4);
--    DiscoverLen += (OpLen + 4);
-+
-+    //
-+    // Check that the minimum and maximum requirements are met
-+    //
-+    if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) || (OpLen > PXEBC_MAX_SIZE_OF_DUID)) {
-+      Status = EFI_INVALID_PARAMETER;
-+      goto ON_ERROR;
-+    }
-+
-+    //
-+    // Check that the option length is valid.
-+    //
-+    if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN) > DiscoverLenNeeded) {
-+      Status = EFI_OUT_OF_RESOURCES;
-+      goto ON_ERROR;
-+    }
-+
-+    CopyMem (DiscoverOpt, Option, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   while (RequestLen < Request->Length) {
-@@ -944,16 +964,24 @@ PxeBcRequestBootService (
-         (OpCode != DHCP6_OPT_SERVER_ID)
-         )
-     {
-+      //
-+      // Check that the option length is valid.
-+      //
-+      if (DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN > DiscoverLenNeeded) {
-+        Status = EFI_OUT_OF_RESOURCES;
-+        goto ON_ERROR;
-+      }
-+
-       //
-       // Copy all the options except IA option and Server ID
-       //
--      CopyMem (DiscoverOpt, RequestOpt, OpLen + 4);
--      DiscoverOpt += (OpLen + 4);
--      DiscoverLen += (OpLen + 4);
-+      CopyMem (DiscoverOpt, RequestOpt, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-     }
- 
--    RequestOpt += (OpLen + 4);
--    RequestLen += (OpLen + 4);
-+    RequestOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    RequestLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   //
-@@ -2154,6 +2182,7 @@ PxeBcDhcp6Discover (
-   UINT16                           OpLen;
-   UINT32                           Xid;
-   EFI_STATUS                       Status;
-+  UINTN                            DiscoverLenNeeded;
- 
-   PxeBc    = &Private->PxeBc;
-   Mode     = PxeBc->Mode;
-@@ -2169,7 +2198,8 @@ PxeBcDhcp6Discover (
-     return EFI_DEVICE_ERROR;
-   }
- 
--  Discover = AllocateZeroPool (sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));
-+  DiscoverLenNeeded = sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET);
-+  Discover          = AllocateZeroPool (DiscoverLenNeeded);
-   if (Discover == NULL) {
-     return EFI_OUT_OF_RESOURCES;
-   }
-@@ -2185,22 +2215,37 @@ PxeBcDhcp6Discover (
-   DiscoverLen             = sizeof (EFI_DHCP6_HEADER);
-   RequestLen              = DiscoverLen;
- 
-+  //
-+  // The request packet is generated by the UEFI network stack. In the DHCP4 DORA and DHCP6 SARR sequence,
-+  // the first (discover in DHCP4 and solicit in DHCP6) and third (request in both DHCP4 and DHCP6) are
-+  // generated by the DHCP client (the UEFI network stack in this case). By the time this function executes,
-+  // the DHCP sequence already has been executed once (see UEFI Specification Figures 24.2 and 24.3), with
-+  // Private->Dhcp6Request being a cached copy of the DHCP6 request packet that UEFI network stack previously
-+  // generated and sent.
-+  //
-+  // Therefore while this code looks like it could overflow, in practice it's not possible.
-+  //
-   while (RequestLen < Request->Length) {
-     OpCode = NTOHS (((EFI_DHCP6_PACKET_OPTION *)RequestOpt)->OpCode);
-     OpLen  = NTOHS (((EFI_DHCP6_PACKET_OPTION *)RequestOpt)->OpLen);
-     if ((OpCode != EFI_DHCP6_IA_TYPE_NA) &&
-         (OpCode != EFI_DHCP6_IA_TYPE_TA))
-     {
-+      if (DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN > DiscoverLenNeeded) {
-+        Status = EFI_OUT_OF_RESOURCES;
-+        goto ON_ERROR;
-+      }
-+
-       //
-       // Copy all the options except IA option.
-       //
--      CopyMem (DiscoverOpt, RequestOpt, OpLen + 4);
--      DiscoverOpt += (OpLen + 4);
--      DiscoverLen += (OpLen + 4);
-+      CopyMem (DiscoverOpt, RequestOpt, OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+      DiscoverLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-     }
- 
--    RequestOpt += (OpLen + 4);
--    RequestLen += (OpLen + 4);
-+    RequestOpt += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-+    RequestLen += (OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN);
-   }
- 
-   Status = PxeBc->UdpWrite (
-diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-index ae4be775e8..47eb8cc0c0 100644
---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h
-@@ -35,6 +35,23 @@
- #define PXEBC_ADDR_START_DELIMITER        '['
- #define PXEBC_ADDR_END_DELIMITER          ']'
- 
-+//
-+// A DUID consists of a 2-octet type code represented in network byte
-+// order, followed by a variable number of octets that make up the
-+// actual identifier.  The length of the DUID (not including the type
-+// code) is at least 1 octet and at most 128 octets.
-+//
-+#define PXEBC_MIN_SIZE_OF_DUID  (sizeof(UINT16) + 1)
-+#define PXEBC_MAX_SIZE_OF_DUID  (sizeof(UINT16) + 128)
-+
-+//
-+// This define represents the combineds code and length field from
-+// https://datatracker.ietf.org/doc/html/rfc3315#section-22.1
-+//
-+#define PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN  \
-+      (sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpCode) + \
-+      sizeof (((EFI_DHCP6_PACKET_OPTION *)0)->OpLen))
-+
- #define GET_NEXT_DHCP6_OPTION(Opt) \
-   (EFI_DHCP6_PACKET_OPTION *) ((UINT8 *) (Opt) + \
-   sizeof (EFI_DHCP6_PACKET_OPTION) + (NTOHS ((Opt)->OpLen)) - 1)
--- 
-2.39.3
-

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch

@@ -1,409 +0,0 @@
-From 80b34c0f56228353c174f9ff739d0755c62d76cf Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Fri, 16 Feb 2024 10:48:05 -0500
-Subject: [PATCH 10/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235
- Unit Tests
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
-RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Commit: [10/15] 5dbf3f771506ff9a0c28827c568d04e825572658
-
-JIRA: https://issues.redhat.com/browse/RHEL-21852
-CVE: CVE-2022-45235
-Upstream: Merged
-
-commit ff2986358f75d8f58ef08a66fe673539c9c48f41
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Fri Jan 26 05:54:56 2024 +0800
-
-    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests
-
-    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540
-
-    Unit tests to confirm that the bug..
-
-    Buffer overflow when handling Server ID option from a DHCPv6 proxy
-    Advertise message
-
-    ..has been patched.
-
-    This patch contains unit tests for the following functions:
-    PxeBcRequestBootService
-    PxeBcDhcp6Discover
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
----
- NetworkPkg/Test/NetworkPkgHostTest.dsc        |   5 +-
- .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 278 +++++++++++++++++-
- .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  18 ++
- 3 files changed, 298 insertions(+), 3 deletions(-)
-
-diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-index c8a991e5c1..1010a80a15 100644
---- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
-+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
-@@ -26,7 +26,10 @@
-   #
-   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
-   NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
--  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
-+  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf {
-+    <LibraryClasses>
-+      UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf
-+  }
- 
- # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
- [LibraryClasses]
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-index 8260eeee50..bd423ebadf 100644
---- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
-@@ -4,7 +4,9 @@
-   Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- **/
--#include <gtest/gtest.h>
-+#include <Library/GoogleTestLib.h>
-+#include <GoogleTest/Library/MockUefiLib.h>
-+#include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>
- 
- extern "C" {
-   #include <Uefi.h>
-@@ -19,7 +21,8 @@ extern "C" {
- // Definitions
- ///////////////////////////////////////////////////////////////////////////////
- 
--#define PACKET_SIZE  (1500)
-+#define PACKET_SIZE            (1500)
-+#define REQUEST_OPTION_LENGTH  (120)
- 
- typedef struct {
-   UINT16    OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)
-@@ -76,6 +79,26 @@ MockConfigure (
- }
- 
- // Needed by PxeBcSupport
-+EFI_STATUS
-+PxeBcDns6 (
-+  IN PXEBC_PRIVATE_DATA  *Private,
-+  IN     CHAR16          *HostName,
-+  OUT EFI_IPv6_ADDRESS   *IpAddress
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
-+UINT32
-+PxeBcBuildDhcp6Options (
-+  IN  PXEBC_PRIVATE_DATA       *Private,
-+  OUT EFI_DHCP6_PACKET_OPTION  **OptList,
-+  IN  UINT8                    *Buffer
-+  )
-+{
-+  return EFI_SUCCESS;
-+}
-+
- EFI_STATUS
- EFIAPI
- QueueDpc (
-@@ -159,6 +182,10 @@ TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
-   ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), EFI_DEVICE_ERROR);
- }
- 
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcCacheDnsServerAddresses Tests
-+///////////////////////////////////////////////////////////////////////////////
-+
- class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
- public:
-   PXEBC_PRIVATE_DATA Private = { 0 };
-@@ -298,3 +325,250 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
-     FreePool (Private.DnsServer);
-   }
- }
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcRequestBootServiceTest Test Cases
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcRequestBootServiceTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+
-+protected:
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+TEST_F (PxeBcRequestBootServiceTest, ServerDiscoverBasicUsageTest) {
-+  PxeBcRequestBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType = PxeOfferTypeProxyBinl;
-+
-+  DHCP6_OPTION_SERVER_ID  Server = { 0 };
-+
-+  Server.OptionCode =  HTONS (DHCP6_OPT_SERVER_ID);
-+  Server.OptionLen  = HTONS (16); // valid length
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dhcp6.Packet.Offer;
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &Server, sizeof (Server));
-+  Cursor += sizeof (Server);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_SUCCESS);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, AttemptDiscoverOverFlowExpectFailure) {
-+  PxeBcRequestBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType = PxeOfferTypeProxyBinl;
-+
-+  DHCP6_OPTION_SERVER_ID  Server = { 0 };
-+
-+  Server.OptionCode =  HTONS (DHCP6_OPT_SERVER_ID);
-+  Server.OptionLen  = HTONS (1500); // This length would overflow without a check
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dhcp6.Packet.Offer;
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &Server, sizeof (Server));
-+  Cursor += sizeof (Server);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  // This is going to be stopped by the duid overflow check
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_INVALID_PARAMETER);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, RequestBasicUsageTest) {
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = 0; // valid length
-+
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_SUCCESS);
-+}
-+
-+TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) {
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = 1500; // this length would overflow without a check
-+
-+  UINT8  Index = 0;
-+
-+  EFI_DHCP6_PACKET  *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];
-+
-+  UINT8  *Cursor = (UINT8 *)(Packet->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  // Update the packet length
-+  Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);
-+  Packet->Size   = PACKET_SIZE;
-+
-+  ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTest::Private), Index), EFI_OUT_OF_RESOURCES);
-+}
-+
-+///////////////////////////////////////////////////////////////////////////////
-+// PxeBcDhcp6Discover Test
-+///////////////////////////////////////////////////////////////////////////////
-+
-+class PxeBcDhcp6DiscoverTest : public ::testing::Test {
-+public:
-+  PXEBC_PRIVATE_DATA Private = { 0 };
-+  EFI_UDP6_PROTOCOL Udp6Read;
-+
-+protected:
-+  MockUefiRuntimeServicesTableLib RtServicesMock;
-+
-+  // Add any setup code if needed
-+  virtual void
-+  SetUp (
-+    )
-+  {
-+    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
-+
-+    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  UdpWrite
-+    //  UdpRead
-+
-+    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
-+    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
-+
-+    // Need to setup EFI_UDP6_PROTOCOL
-+    // The function under test really only needs the following:
-+    //  Configure
-+
-+    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
-+    Private.Udp6Read   = &Udp6Read;
-+  }
-+
-+  // Add any cleanup code if needed
-+  virtual void
-+  TearDown (
-+    )
-+  {
-+    if (Private.Dhcp6Request != NULL) {
-+      FreePool (Private.Dhcp6Request);
-+    }
-+
-+    // Clean up any resources or variables
-+  }
-+};
-+
-+// Test Description
-+// This will cause an overflow by an untrusted packet during the option parsing
-+TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
-+  EFI_IPv6_ADDRESS         DestIp     = { 0 };
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = HTONS (0xFFFF); // overflow
-+
-+  UINT8  *Cursor = (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
-+
-+  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-+    .WillOnce (::testing::Return (0));
-+
-+  ASSERT_EQ (
-+    PxeBcDhcp6Discover (
-+      &(PxeBcDhcp6DiscoverTest::Private),
-+      0,
-+      NULL,
-+      FALSE,
-+      (EFI_IP_ADDRESS *)&DestIp
-+      ),
-+    EFI_OUT_OF_RESOURCES
-+    );
-+}
-+
-+// Test Description
-+// This will test that we can handle a packet with a valid option length
-+TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
-+  EFI_IPv6_ADDRESS         DestIp     = { 0 };
-+  EFI_DHCP6_PACKET_OPTION  RequestOpt = { 0 }; // the data section doesn't really matter
-+
-+  RequestOpt.OpCode = HTONS (0x1337);
-+  RequestOpt.OpLen  = HTONS (0x30);
-+
-+  UINT8  *Cursor = (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);
-+
-+  CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));
-+  Cursor += sizeof (RequestOpt);
-+
-+  Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request);
-+
-+  EXPECT_CALL (RtServicesMock, gRT_GetTime)
-+    .WillOnce (::testing::Return (0));
-+
-+  ASSERT_EQ (
-+    PxeBcDhcp6Discover (
-+      &(PxeBcDhcp6DiscoverTest::Private),
-+      0,
-+      NULL,
-+      FALSE,
-+      (EFI_IP_ADDRESS *)&DestIp
-+      ),
-+    EFI_SUCCESS
-+    );
-+}
-diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-index b17c314791..0d825e4425 100644
---- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
-@@ -47,4 +47,22 @@ PxeBcCacheDnsServerAddresses (
-   IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
-   );
- 
-+/**
-+  Build and send out the request packet for the bootfile, and parse the reply.
-+
-+  @param[in]  Private               The pointer to PxeBc private data.
-+  @param[in]  Index                 PxeBc option boot item type.
-+
-+  @retval     EFI_SUCCESS           Successfully discovered the boot file.
-+  @retval     EFI_OUT_OF_RESOURCES  Failed to allocate resources.
-+  @retval     EFI_NOT_FOUND         Can't get the PXE reply packet.
-+  @retval     Others                Failed to discover the boot file.
-+
-+**/
-+EFI_STATUS
-+PxeBcRequestBootService (
-+  IN  PXEBC_PRIVATE_DATA  *Private,
-+  IN  UINT32              Index
-+  );
-+
- #endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
--- 
-2.39.3
-

SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch

@@ -1,202 +0,0 @@
-From d6cdd646e7d9c4cfc78a061d66ab9ba4d2f02cf3 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Wed, 8 May 2024 22:56:24 -0700
-Subject: [PATCH] OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-
-RH-Author: Oliver Steffen <osteffen@redhat.com>
-RH-MergeRequest: 81: OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-RH-Jira: RHEL-53009
-RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
-RH-Commit: [1/1] 07d3c21a816826beefe963908284cc8b5dd0b075
-
-JIRA: https://issues.redhat.com/browse/RHEL-53009
-Upstream: Merged
-
-Upstream commit 4c4ceb2ceb80 ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
-broke HTTP boot in OVMF. This fixes it.
-
-commit cb9d71189134e78efb00759eb9649ce92bf5b29a
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Wed May 8 22:56:24 2024 -0700
-
-    OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-
-    This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
-    used to provide the hashing protocol services.
-
-    Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-    Cc: Gerd Hoffmann <kraxel@redhat.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Tested-by: Gerd Hoffmann <kraxel@redhat.com>
-    Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-    Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-
-Signed-off-by: Oliver Steffen <osteffen@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc    | 6 +++++-
- OvmfPkg/OvmfPkgIa32.fdf    | 5 +++++
- OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++-
- OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++
- OvmfPkg/OvmfPkgX64.dsc     | 6 +++++-
- OvmfPkg/OvmfPkgX64.fdf     | 5 +++++
- OvmfPkg/OvmfXen.dsc        | 5 +++++
- OvmfPkg/OvmfXen.fdf        | 5 +++++
- 8 files changed, 40 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index f03906a9ff..47c1732409 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -213,7 +213,6 @@
-   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
- 
--
-   #
-   # Network libraries
-   #
-@@ -884,6 +883,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 050148948c..71fb83b285 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -300,6 +300,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 81145050c3..186f783ff5 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -217,7 +217,6 @@
-   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
- 
--
-   #
-   # Network libraries
-   #
-@@ -898,6 +897,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index 3e2373f225..6762627073 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -304,6 +304,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 1cb169b447..e968ab6be2 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -217,7 +217,6 @@
-   VariablePolicyLib|MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
- 
--
-   #
-   # Network libraries
-   #
-@@ -896,6 +895,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index 8ba0ca437a..95544c2bc5 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -320,6 +320,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
-index e7c36d1b80..462e57ddcc 100644
---- a/OvmfPkg/OvmfXen.dsc
-+++ b/OvmfPkg/OvmfXen.dsc
-@@ -660,6 +660,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
-index 8b58235559..3c64619e8e 100644
---- a/OvmfPkg/OvmfXen.fdf
-+++ b/OvmfPkg/OvmfXen.fdf
-@@ -369,6 +369,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
--- 
-2.45.1
-

SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch

@@ -1,50 +0,0 @@
-From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001
-From: Dov Murik <dovmurik@linux.ibm.com>
-Date: Tue, 4 Jan 2022 15:16:40 +0800
-Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
- reserved
-
-RH-Author: Pawel Polawski <None>
-RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
-RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2)
-RH-Bugzilla: 2041754
-RH-Acked-by: Oliver Steffen <None>
-
-Mark the SEV launch secret MEMFD area as reserved, which will allow the
-guest OS to use it during the lifetime of the OS, without creating
-copies of the sensitive content.
-
-Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
-Cc: Jordan Justen <jordan.l.justen@intel.com>
-Cc: Gerd Hoffmann <kraxel@redhat.com>
-Cc: Brijesh Singh <brijesh.singh@amd.com>
-Cc: Erdem Aktas <erdemaktas@google.com>
-Cc: James Bottomley <jejb@linux.ibm.com>
-Cc: Jiewen Yao <jiewen.yao@intel.com>
-Cc: Min Xu <min.m.xu@intel.com>
-Cc: Tom Lendacky <thomas.lendacky@amd.com>
-Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
-Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
-Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
----
- OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-index db94c26b54..6bf1a55dea 100644
---- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-+++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
-@@ -19,7 +19,7 @@ InitializeSecretPei (
-   BuildMemoryAllocationHob (
-     PcdGet32 (PcdSevLaunchSecretBase),
-     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
--    EfiBootServicesData
-+    EfiReservedMemoryType
-     );
- 
-   return EFI_SUCCESS;
--- 
-2.27.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-ValidateFvHeader-unwritten-s.patch

@@ -1,47 +0,0 @@
-From f2aeff31924f6d070d7f8b87550dc6d9820531ad Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:04 +0100
-Subject: [PATCH 15/18] OvmfPkg/VirtNorFlashDxe: ValidateFvHeader: unwritten
- state is EOL too
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [17/20] 37220c700ea816c815e0612031e10b7d466b71a2
-
-It is possible to find variable entries with State being 0xff, i.e. not
-updated since flash block erase.   This indicates the variable driver
-could not complete the header write while appending a new entry, and
-therefore State was not set to VAR_HEADER_VALID_ONLY.
-
-This can only happen at the end of the variable list, so treat this as
-additional "end of variable list" condition.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-6-kraxel@redhat.com>
-(cherry picked from commit 735d0a5e2e25c1577bf9bea7826da937ca38169d)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-index acc4a413ee..f8e71f88c1 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlashFvb.c
-@@ -302,6 +302,11 @@ ValidateFvHeader (
-       break;
-     }
- 
-+    if (VarHeader->State == 0xff) {
-+      DEBUG ((DEBUG_INFO, "%a: end of var list (unwritten state)\n", __func__));
-+      break;
-+    }
-+
-     VarName = NULL;
-     switch (VarHeader->State) {
-       // usage: State = VAR_HEADER_VALID_ONLY
--- 
-2.41.0
-

SOURCES/edk2-OvmfPkg-VirtNorFlashDxe-add-a-loop-for-NorFlashWrite.patch

@@ -1,73 +0,0 @@
-From 00d9e2d6cb03afeef5a1110d6f1fae1389a06f7a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 Jan 2024 18:11:02 +0100
-Subject: [PATCH 13/18] OvmfPkg/VirtNorFlashDxe: add a loop for
- NorFlashWriteBuffer calls.
-
-RH-Author: Gerd Hoffmann <None>
-RH-MergeRequest: 43: OvmfPkg/VirtNorFlashDxe backport
-RH-Jira: RHEL-17587
-RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
-RH-Commit: [15/20] 72004a196ea61d627ab528573db657dd7db16de2
-
-Replace the two NorFlashWriteBuffer() calls with a loop containing a
-single NorFlashWriteBuffer() call.
-
-With the changes in place the code is able to handle updates larger
-than two P30_MAX_BUFFER_SIZE_IN_BYTES blocks, even though the patch
-does not actually change the size limit.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Message-Id: <20240116171105.37831-4-kraxel@redhat.com>
-(cherry picked from commit 28ffd726894f11a587a6ac7f71a4c4af341e24d2)
----
- OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c | 21 ++++++++-------------
- 1 file changed, 8 insertions(+), 13 deletions(-)
-
-diff --git a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-index 88a4d2c23f..3d1343b381 100644
---- a/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-+++ b/OvmfPkg/VirtNorFlashDxe/VirtNorFlash.c
-@@ -521,6 +521,7 @@ NorFlashWriteSingleBlock (
-   UINTN       BlockAddress;
-   UINT8       *OrigData;
-   UINTN       Start, End;
-+  UINT32      Index, Count;
- 
-   DEBUG ((DEBUG_BLKIO, "NorFlashWriteSingleBlock(Parameters: Lba=%ld, Offset=0x%x, *NumBytes=0x%x, Buffer @ 0x%08x)\n", Lba, Offset, *NumBytes, Buffer));
- 
-@@ -621,23 +622,17 @@ NorFlashWriteSingleBlock (
-       goto Exit;
-     }
- 
--    Status = NorFlashWriteBuffer (
--               Instance,
--               BlockAddress + Start,
--               P30_MAX_BUFFER_SIZE_IN_BYTES,
--               Instance->ShadowBuffer
--               );
--    if (EFI_ERROR (Status)) {
--      goto Exit;
--    }
--
--    if ((End - Start) > P30_MAX_BUFFER_SIZE_IN_BYTES) {
-+    Count = (End - Start) / P30_MAX_BUFFER_SIZE_IN_BYTES;
-+    for (Index = 0; Index < Count; Index++) {
-       Status = NorFlashWriteBuffer (
-                  Instance,
--                 BlockAddress + Start + P30_MAX_BUFFER_SIZE_IN_BYTES,
-+                 BlockAddress + Start + Index * P30_MAX_BUFFER_SIZE_IN_BYTES,
-                  P30_MAX_BUFFER_SIZE_IN_BYTES,
--                 Instance->ShadowBuffer + P30_MAX_BUFFER_SIZE_IN_BYTES
-+                 Instance->ShadowBuffer + Index * P30_MAX_BUFFER_SIZE_IN_BYTES
-                  );
-+      if (EFI_ERROR (Status)) {
-+        goto Exit;
-+      }
-     }
- 
- Exit:
--- 
-2.41.0
-