Re-enable HTTPS support, with edk2 fix included (bz 1820836)

Signed-off-by: Cole Robinson <crobinso@redhat.com>

0001-build-customize-configuration.patch

@@ -1,6 +1,8 @@
 diff -rupN ipxe-20190125-git36a4c85f/src/config/local/general.h ipxe-20190125-git36a4c85f.new/src/config/local/general.h
 --- ipxe-20190125-git36a4c85f/src/config/local/general.h	1970-01-01 01:00:00.000000000 +0100
 +++ ipxe-20190125-git36a4c85f.new/src/config/local/general.h	2019-02-01 16:40:42.725293033 +0000
-@@ -0,0 +1,2 @@
+@@ -0,0 +1,4 @@
 +/* Enable IPv6. */
 +#define NET_PROTO_IPV6
++/* Enable HTTPS */
++#define DOWNLOAD_PROTO_HTTPS

0003-efi-Raise-TPL-during-driver-entry-point.patch

@@ -0,0 +1,63 @@
+From 82a962066fb5a41b6dc50476f8676b559ac1edcc Mon Sep 17 00:00:00 2001
+From: Michael Brown <mcb30@ipxe.org>
+Date: Tue, 30 Jun 2020 16:32:59 +0100
+Subject: [PATCH] [efi] Raise TPL during driver entry point
+
+As per commit c89a446 ("[efi] Run at TPL_CALLBACK to protect against
+UEFI timers") we expect to run at TPL_CALLBACK almost all of the time.
+Various code paths rely on this assumption.  Code paths that need to
+temporarily lower the TPL (e.g. for entropy gathering) will restore it
+to TPL_CALLBACK.
+
+The entropy gathering code will be run during DRBG initialisation,
+which happens during the call to startup().  In the case of iPXE
+compiled as an EFI application this code will run within the scope of
+efi_snp_claim() and so will execute at TPL_CALLBACK as expected.
+
+In the case of iPXE compiled as an EFI driver the code will
+incorrectly run at TPL_APPLICATION since there is nothing within the
+EFI driver entry point that raises (and restores) the TPL.  The net
+effect is that a build that includes the entropy-gathering code
+(e.g. a build with HTTPS enabled) will return from the driver entry
+point at TPL_CALLBACK, which causes a system lockup.
+
+Fix by raising and restoring the TPL within the EFI driver entry
+point.
+
+Debugged-by: Ignat Korchagin <ignat@cloudflare.com>
+Signed-off-by: Michael Brown <mcb30@ipxe.org>
+(cherry picked from commit 2ae5d4338661b65c63eb5cb1a96e5b803fe7d620)
+---
+ src/interface/efi/efidrvprefix.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/interface/efi/efidrvprefix.c b/src/interface/efi/efidrvprefix.c
+index 4fbb19ff..a8ef6673 100644
+--- a/src/interface/efi/efidrvprefix.c
++++ b/src/interface/efi/efidrvprefix.c
+@@ -34,16 +34,25 @@ FILE_LICENCE ( GPL2_OR_LATER );
+  */
+ EFI_STATUS EFIAPI _efidrv_start ( EFI_HANDLE image_handle,
+ 				  EFI_SYSTEM_TABLE *systab ) {
++	EFI_BOOT_SERVICES *bs;
++	EFI_TPL saved_tpl;
+ 	EFI_STATUS efirc;
+ 
+ 	/* Initialise EFI environment */
+ 	if ( ( efirc = efi_init ( image_handle, systab ) ) != 0 )
+ 		return efirc;
+ 
++	/* Raise TPL */
++	bs = efi_systab->BootServices;
++	saved_tpl = bs->RaiseTPL ( TPL_CALLBACK );
++
+ 	/* Initialise iPXE environment */
+ 	initialise();
+ 	startup();
+ 
++	/* Restore TPL */
++	bs->RestoreTPL ( saved_tpl );
++
+ 	return 0;
+ }
+ 

ipxe.spec

@@ -3,6 +3,12 @@
 %global efi_ia32 1
 %endif
 
+# With the addition of HTTPS support, we need to drop
+# efi_ia32 so qemu roms still stay in the expected size
+# range. If no one complains we can drop the efi_ia32
+# infrastructure in 2021 IMO
+%global efi_ia32 0
+
 # PCI IDs (vendor,product) of the ROMS we want for QEMU
 #
 #    pcnet32: 0x1022 0x2000
@@ -59,6 +65,7 @@ Source0: %{name}-%{version}-git%{hash}.tar.xz
 # Sent upstream: http://lists.ipxe.org/pipermail/ipxe-devel/2015-November/004494.html
 Patch0001: 0001-build-customize-configuration.patch
 Patch0002: 0002-Use-spec-compliant-timeouts.patch
+Patch0003: 0003-efi-Raise-TPL-during-driver-entry-point.patch
 
 %ifarch %{buildarches}
 BuildRequires: perl-interpreter