From 16e51b6f9f7aec58233869874e1ad106eca15684 Mon Sep 17 00:00:00 2001 From: Oliver Steffen Date: Mon, 4 Nov 2024 19:00:11 +0100 Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng Since the pixiefail CVE fix the network stack requires a hardware random number generator. This can currently be a modern CPU supporting the RDRAND instruction or a virtio-rng device. The latter is initialized during the BDS phase. To ensure all depending (network) modules are also started, we need to run the dispatcher once more after the device was initialized. Without this, network boot is not available under certain hardware configurations. Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") Analysed-by: Stefano Garzarella Suggested-by: Gerd Hoffmann Signed-off-by: Oliver Steffen (cherry picked from commit 9c4542a0645ac832e22d0c3da0f1ee7b127a316f) --- OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c index 87d1ac3142..1f1298eb0b 100644 --- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c @@ -675,6 +675,8 @@ ConnectVirtioPciRng ( if (EFI_ERROR (Status)) { goto Error; } + + gDS->Dispatch (); } return EFI_SUCCESS;