import edk2-20240524-9.el10

cs10 imports/cs10/edk2-20240524-9.el10
MSVSphere Packaging Team 2 months ago
commit ae692628e9
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

@ -0,0 +1,3 @@
de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
6da44cf37c27ab03f2940769c58515b07271e047 SOURCES/edk2-3e722403cd.tar.xz
0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

3
.gitignore vendored

@ -0,0 +1,3 @@
SOURCES/DBXUpdate-20230509.x64.bin
SOURCES/edk2-3e722403cd.tar.xz
SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

@ -0,0 +1,65 @@
From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 24 Mar 2022 03:23:02 -0400
Subject: [PATCH] Remove paths leading to submodules
We removed submodules used upstream. However, edk2 build system requires
such include paths to resolve successfully, regardless of the firmware
platform being built.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
BaseTools/Source/C/GNUmakefile | 1 -
MdeModulePkg/MdeModulePkg.dec | 3 ---
MdePkg/MdePkg.dec | 5 -----
3 files changed, 9 deletions(-)
diff --git a/BaseTools/Source/C/GNUmakefile b/BaseTools/Source/C/GNUmakefile
index 5275f657ef..39d7199753 100644
--- a/BaseTools/Source/C/GNUmakefile
+++ b/BaseTools/Source/C/GNUmakefile
@@ -51,7 +51,6 @@ all: makerootdir subdirs
LIBRARIES = Common
VFRAUTOGEN = VfrCompile/VfrLexer.h
APPLICATIONS = \
- BrotliCompress \
VfrCompile \
EfiRom \
GenFfs \
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index f7339f0aec..badb93238f 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -26,9 +26,6 @@
Include
Test/Mock/Include
-[Includes.Common.Private]
- Library/BrotliCustomDecompressLib/brotli/c/include
-
[LibraryClasses]
## @libraryclass Defines a set of methods to reset whole system.
ResetSystemLib|Include/Library/ResetSystemLib.h
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index bf94549cbf..605b0f1be8 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -29,7 +29,6 @@
Include
Test/UnitTest/Include
Test/Mock/Include
- Library/MipiSysTLib/mipisyst/library/include
[Includes.IA32]
Include/Ia32
@@ -295,10 +294,6 @@
#
FdtLib|Include/Library/FdtLib.h
- ## @libraryclass Provides general mipi sys-T services.
- #
- MipiSysTLib|Include/Library/MipiSysTLib.h
-
## @libraryclass Provides API to output Trace Hub debug message.
#
TraceHubDebugSysTLib|Include/Library/TraceHubDebugSysTLib.h

@ -0,0 +1,190 @@
From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode
change (RH only)
Notes for rebase to edk2-stable202311:
- Minor context changes due to new PCDs (for USB Networking) being added.
Notes for rebase to edk2-stable202205:
- Minor context changes due to fd306d1dbc MdeModulePkg: Add PcdTdxSharedBitMask
Notes for rebase to edk2-stable202202:
- Minor context changes due to 1436aea4d MdeModulePkg: Apply uncrustify changes
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Resolve harmless conflict in "MdeModulePkg/MdeModulePkg.dec",
originating from new upstream commits
- 45bc28172fbf ("MdeModulePkg.dec: Change PCDs for status code.",
2020-06-18),
- 0785c619a58a ("MdeModulePkg/Bus/Pci/PciBusDxe: Support PCIe Resizable
BAR Capability", 2021-01-04),
- ef23012e5439 ("MdeModulePkg: Change default value of
PcdPcieResizableBarSupport to FALSE", 2021-01-14).
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Resolve trivial conflict in "MdeModulePkg/MdeModulePkg.dec", arising
from upstream commit 166830d8f7ca ("MdeModulePkg/dec: add
PcdTcgPfpMeasurementRevision PCD", 2020-01-06).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
- 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
2019-06-26),
- 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
PcdUse5LevelPageTable", 2019-08-09),
with easy manual resolution.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- refresh commit 519b9751573e against various context changes
The
CSI Ps ; Ps ; Ps t
escape sequence serves for window manipulation. We can use the
CSI 8 ; <rows> ; <columns> t
sequence to adapt eg. the xterm window size to the selected console mode.
Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
(cherry picked from commit a11602f5e2ef930be5b693ddfd0c789a1bd4c60c)
(cherry picked from commit bc2266f20de5db1636e09a07e4a72c8dbf505f5a)
---
MdeModulePkg/MdeModulePkg.dec | 4 +++
.../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++
.../Console/TerminalDxe/TerminalDxe.inf | 2 ++
3 files changed, 36 insertions(+)
diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index badb93238f..3a67acc090 100644
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -2222,6 +2222,10 @@
# @Prompt The value is use for Usb Network rate limiting supported.
gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
+ # mode change.
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
+
[PcdsPatchableInModule]
## Specify memory size with page number for PEI code when
# Loading Module at Fixed Address feature is enabled.
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
index 7809869e7d..3be801039b 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include <Library/PrintLib.h>
+
#include "Terminal.h"
//
@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 };
CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 };
+//
+// Note that this is an ASCII format string, taking two INT32 arguments:
+// rows, columns.
+//
+// A %d (INT32) format specification can expand to at most 11 characters.
+//
+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
+
+
//
// Body of the ConOut functions
//
@@ -498,6 +510,24 @@ TerminalConOutSetMode (
return EFI_DEVICE_ERROR;
}
+ if (PcdGetBool (PcdResizeXterm)) {
+ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
+
+ UnicodeSPrintAsciiFormat (
+ ResizeSequence,
+ sizeof ResizeSequence,
+ mResizeTextAreaFormatString,
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
+ );
+ TerminalDevice->OutputEscChar = TRUE;
+ Status = This->OutputString (This, ResizeSequence);
+ TerminalDevice->OutputEscChar = FALSE;
+ if (EFI_ERROR (Status)) {
+ return EFI_DEVICE_ERROR;
+ }
+ }
+
This->Mode->Mode = (INT32)ModeNumber;
Status = This->ClearScreen (This);
diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
index b2a8aeba85..96810f337c 100644
--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
@@ -55,6 +55,7 @@
DebugLib
PcdLib
BaseLib
+ PrintLib
[Guids]
## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
@@ -87,6 +88,7 @@
[Pcd]
gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES
# [Event]
# # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.

@ -0,0 +1,212 @@
From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH
only)
Notes about edk2-stable202205 rebase
- Necessary minor fixes for upstream changes
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
We've always patched all those DSC/FDF files in OvmfPkg down-stream that
made sense at least in theory on QEMU. (For example, we've always
patched "OvmfPkgIa32.dsc" and "OvmfPkgIa32.fdf", even though we never
build or ship the pure IA32 firmware platform.) Follow suit with
"AmdSevX64.dsc".
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Resolve contextual conflict in the DSC files, from upstream commit
b0ed7ebdebd1 ("OvmfPkg: set fixed FlashNvStorage base addresses with -D
SMM_REQUIRE", 2020-03-12).
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- refresh downstream-only commit 8abc2a6ddad2 against context differences
in the DSC files from upstream commit 5e167d7e784c
("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
SMM_REQUIRE", 2017-03-12).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- no changes
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
(cherry picked from commit 2cc462ee963d0be119bc97bfc9c70d292a40516f)
(cherry picked from commit 51e0de961029af84b5bdbfddcc9762b1819d500f)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 +
OvmfPkg/CloudHv/CloudHvX64.dsc | 1 +
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 1 +
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/PlatformPei/Platform.c | 13 +++++++++++++
OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
9 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 8eb6f4f24f..627fded641 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -484,6 +484,7 @@
[PcdsDynamicDefault]
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 4996885301..51a49c09ad 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -581,6 +581,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 0931ce061a..9f49b60ff0 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -477,6 +477,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 69de4dd3f1..fb73f2e089 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -590,7 +590,7 @@
# only set when
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
-
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 2ca005d768..dddef5ed0e 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -599,6 +599,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index a39070a626..933abb258f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -611,6 +611,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 1b90aa8f57..04157ab14b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -629,6 +629,7 @@
# ($(SMM_REQUIRE) == FALSE)
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
!if $(SMM_REQUIRE) == FALSE
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index df35726ff6..6c786bfc1e 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -41,6 +41,18 @@
#include "Platform.h"
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
+ BOOLEAN Setting; \
+ RETURN_STATUS PcdStatus; \
+ \
+ if (!RETURN_ERROR (QemuFwCfgParseBool ( \
+ "opt/ovmf/" #TokenName, &Setting))) { \
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
+ ASSERT_RETURN_ERROR (PcdStatus); \
+ } \
+ } while (0)
+
EFI_PEI_PPI_DESCRIPTOR mPpiBootMode[] = {
{
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
@@ -355,6 +367,7 @@ InitializePlatform (
MemTypeInfoInitialization (PlatformInfoHob);
MemMapInitialization (PlatformInfoHob);
NoexecDxeInitialization (PlatformInfoHob);
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
}
InstallClearCacheCallback ();
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index e036018eab..a2f59e8fc8 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -103,6 +103,7 @@
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareSize
gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack

@ -0,0 +1,201 @@
From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line
(RH only)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- no change
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- Resolve leading context divergence in "ArmVirtPkg/ArmVirtQemu.dsc",
arising from upstream commits:
- 82662a3b5f56 ("ArmVirtPkg/PlatformPeiLib: discover the TPM base
address from the DT", 2020-03-04)
- ddd34a818315 ("ArmVirtPkg/ArmVirtQemu: enable TPM2 support in the PEI
phase", 2020-03-04)
- cdc3fa54184a ("ArmVirtPkg: control PXEv4 / PXEv6 boot support from the
QEMU command line", 2020-04-28)
- Rework the downstream patch quite a bit, paralleling the upstream work
done for <https://bugzilla.tianocore.org/show_bug.cgi?id=2681> in commit
range 64ab457d1f21..cdc3fa54184a:
- Refresh copyright year in TerminalPcdProducerLib.{inf,c}. Also replace
open-coded BSDL with "SPDX-License-Identifier: BSD-2-Clause-Patent".
- Simplify LIBRARY_CLASS: this lib instance is meant to be consumed only
via NULL class resolution (basically: as a plugin), so use NULL for
LIBRARY_CLASS, not "TerminalPcdProducerLib|DXE_DRIVER".
- Sort the [Packages] section alphabetically in the INF file.
- Replace the open-coded GetNamedFwCfgBoolean() function with a call to
QemuFwCfgParseBool(), from QemuFwCfgSimpleParserLib.
- Add the SOMETIMES_PRODUCES usage comment in the [Pcd] section of the
INF file.
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no change
Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
- Refresh downstream-only commit d4564d39dfdb against context changes in
"ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870
("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
override", 2017-03-29).
Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
setter functions for dynamic PCDs that don't return a status code (such
as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
there's really no circumstance in this case when it could fail.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
(cherry picked from commit 8338545260fbb423f796d5196faaaf8ff6e1ed99)
(cherry picked from commit a5f7a57bf390f1f340ff1d1f1884a73716817ef1)
---
ArmVirtPkg/ArmVirtQemu.dsc | 7 +++-
.../TerminalPcdProducerLib.c | 34 +++++++++++++++++++
.../TerminalPcdProducerLib.inf | 33 ++++++++++++++++++
3 files changed, 73 insertions(+), 1 deletion(-)
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 64aa4e96e5..c37c4ba61e 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -311,6 +311,8 @@
gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
!endif
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+
[PcdsDynamicHii]
gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
@@ -416,7 +418,10 @@
MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
+ <LibraryClasses>
+ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
+ }
MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
new file mode 100644
index 0000000000..37f71c5e4c
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
@@ -0,0 +1,34 @@
+/** @file
+* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+*
+* Copyright (C) 2015-2020, Red Hat, Inc.
+* Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+*
+* SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/QemuFwCfgSimpleParserLib.h>
+
+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \
+ do { \
+ BOOLEAN Setting; \
+ RETURN_STATUS PcdStatus; \
+ \
+ if (!RETURN_ERROR (QemuFwCfgParseBool ( \
+ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
+ PcdStatus = PcdSetBoolS (TokenName, Setting); \
+ ASSERT_RETURN_ERROR (PcdStatus); \
+ } \
+ } while (0)
+
+RETURN_STATUS
+EFIAPI
+TerminalPcdProducerLibConstructor (
+ VOID
+ )
+{
+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
+ return RETURN_SUCCESS;
+}
diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
new file mode 100644
index 0000000000..c840f6f97a
--- /dev/null
+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
@@ -0,0 +1,33 @@
+## @file
+# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
+#
+# Copyright (C) 2015-2020, Red Hat, Inc.
+# Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TerminalPcdProducerLib
+ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+ CONSTRUCTOR = TerminalPcdProducerLibConstructor
+
+[Sources]
+ TerminalPcdProducerLib.c
+
+[Packages]
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+ DebugLib
+ PcdLib
+ QemuFwCfgSimpleParserLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## SOMETIMES_PRODUCES

@ -0,0 +1,118 @@
From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
- Remove obsolete commit message tags related to downstream patch
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
(RHBZ#1846481).
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- context difference from upstream commit 46bb81200742 ("OvmfPkg: Make
SOURCE_DEBUG_ENABLE actually need to be set to TRUE", 2019-10-22)
resolved automatically
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Bugzilla: 1488247
Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
debug messages, and code in OvmfPkg logs many messages on the
DEBUG_VERBOSE level.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117)
(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
(cherry picked from commit 3cb92f9ba18ac79911bd5258ff4f949cc617ae89)
(cherry picked from commit 5ecc18badaabe774d9d0806b027ab63a30c6a2d7)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 627fded641..cef43b34b7 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -429,7 +429,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index dddef5ed0e..270bd612e5 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -535,7 +535,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 933abb258f..269a4b2b21 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -542,7 +542,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 04157ab14b..9614cc1c56 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -561,7 +561,7 @@
# DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may
# // significantly impact boot performance
# DEBUG_ERROR 0x80000000 // Error
- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
!if $(SOURCE_DEBUG_ENABLE) == TRUE
gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17

@ -0,0 +1,171 @@
From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
QemuVideoDxe/QemuRamfbDxe (RH)
edk2-stable202402 rebase:
- context changes due to CSM support removal.
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
- Remove obsolete commit message tags related to downstream patch
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
(RHBZ#1846481).
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
"QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
Resolve the conflict manually.
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14)
introduced another GOP driver that consumes FrameBufferBltLib, and
thereby produces a large number of (mostly useless) debug messages at
the DEBUG_VERBOSE level. Extend the patch to suppress those messages in
both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly.
QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also
the original commit message at the bottom of this downstream patch).
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Bugzilla: 1488247
In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
FrameBufferBltLib.
The FrameBufferBltLib instance added in commit b1ca386074bd
("MdeModulePkg: Add FrameBufferBltLib library instance") logs many
messages on the VERBOSE level; for example, a normal boot with OVMF can
produce 500+ "VideoFill" messages, dependent on the progress bar, when the
VERBOSE bit is set in PcdDebugPrintErrorLevel.
QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose
none of its messages this way.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52)
(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
(cherry picked from commit c8c3f893e7c3710afe45c46839e97954871536e4)
(cherry picked from commit 1355849ad97c1e4a5c430597a377165a5cc118f7)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++--
4 files changed, 32 insertions(+), 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cef43b34b7..f53380aca2 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -691,8 +691,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 270bd612e5..d942c7354a 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -828,8 +828,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 269a4b2b21..d915b847cb 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -842,8 +842,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 9614cc1c56..12ee5510bd 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -910,8 +910,14 @@
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf

@ -0,0 +1,94 @@
From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
QemuRamfbDxe (RH only)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- no change
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- The previous version of this patch (downstream commit 76b4ac28e975)
caused a regression (RHBZ#1714446), which was fixed up in downstream
commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
Squash the fixup into the original patch. Fuse the commit messages.
(Acked-by tags are not preserved, lest we confuse ourselves while
reviewing this rebase.)
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add
QemuRamfbDxe", 2018-06-14)
QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in
commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library
instance") logs many messages on the VERBOSE level; for example, a normal
boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
dependent on the progress bar, when the VERBOSE bit is set in
PcdDebugPrintErrorLevel.
Clear the VERBOSE bit without touching other bits -- those other bits
differ between the "silent" and "verbose" builds, so we can't set them as
constants.
QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
none of its messages, with the VERBOSE bit clear.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
Reported-by: Andrew Jones <drjones@redhat.com>
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit e5b8152bced2364a1ded0926dbba4d65e23e3f84)
(cherry picked from commit e7f57f154439c1c18ea5030b01f8d7bc492698b2)
---
ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++-
ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index c37c4ba61e..00e656d0c9 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -546,7 +546,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 2cf96accbd..c7918c8cf3 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -450,7 +450,10 @@
#
# Video support
#
- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
+ }
OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/PlatformDxe/Platform.inf

@ -0,0 +1,92 @@
From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64
silent builds (RH only)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- no change
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- We have to carry this downstream-only patch -- committed originally as
aaaedc1e2cfd -- indefinitely.
- To avoid confusion, remove the tags from the commit message that had
been added by the downstream maintainer scripts, such as: Message-id,
Patchwork-id, O-Subject, Acked-by. These remain available on the
original downstream commit. The Bugzilla line is preserved, as it
doesn't relate to a specific posting, but to the problem.
Bugzilla: 1714446
To suppress an error message on the silent build when ramfb is
not configured, change QemuRamfbDxe to return EFI_SUCCESS even
when it fails.
Some memory is wasted (driver stays resident without
any good use), but it is mostly harmless, as the memory
is released by the OS after ExitBootServices().
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit aa2b66b18a62d652bdbefae7b5732297294306ca)
(cherry picked from commit deb3451034326b75fd760aba47a5171493ff055e)
---
OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++
OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 +
2 files changed, 15 insertions(+)
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
index 5a1044f0dc..83c6d26c74 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
@@ -13,6 +13,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/FrameBufferBltLib.h>
#include <Library/MemoryAllocationLib.h>
@@ -259,6 +260,19 @@ InitializeQemuRamfb (
Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
if (EFI_ERROR (Status)) {
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1714446
+ // If no ramfb device was configured, this platform DXE driver should
+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
+ // using a silent build, an error message is issued to the guest console.
+ // Since this confuse users, return success and stay resident. The wasted
+ // guest RAM still gets freed later after ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ return EFI_SUCCESS;
+ }
+#endif
return EFI_NOT_FOUND;
}
diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
index e3890b8c20..f79a4bc987 100644
--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
@@ -29,6 +29,7 @@
BaseLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
FrameBufferBltLib
MemoryAllocationLib

@ -0,0 +1,128 @@
From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe
(RH only)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Extend the DSC change to the new OvmfPkg/AmdSev platform, which has been
introduced upstream in commit 30d277ed7a82 ("OvmfPkg/Amdsev: Base commit
to build encrypted boot specific OVMF", 2020-12-14), for TianoCore#3077.
- Remove obsolete commit message tags related to downstream patch
management: Message-id, Patchwork-id, O-Subject, Acked-by, From
(RHBZ#1846481).
Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
- no change
Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
- no change
Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
RHEL-8.1/20190308-89910a39dcfd rebase:
- no change
Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
RHEL-8.0/20180508-ee3198e672e2 rebase:
- reorder the rebase changelog in the commit message so that it reads like
a blog: place more recent entries near the top
- no changes to the patch body
Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
- no changes
Bugzilla: 1488247
NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
level.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f)
(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
(cherry picked from commit b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6)
(cherry picked from commit ed89844b47f46cfe911f1bf2bda40e537a908502)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32.dsc | 5 ++++-
OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
OvmfPkg/OvmfPkgX64.dsc | 5 ++++-
4 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index f53380aca2..32f47704bc 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -686,7 +686,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d942c7354a..49540d54d0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -823,7 +823,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index d915b847cb..1c4e0514ed 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -837,7 +837,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 12ee5510bd..e50e63b3f6 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -905,7 +905,10 @@
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
+ <PcdsFixedAtBuild>
+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
+ }
MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf

@ -0,0 +1,80 @@
From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:31:36 +0200
Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"
in silent aa64 build (RH)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Remove obsolete commit message tags related to downstream patch
management: Message-id, Patchwork-id, O-Subject, Acked-by, From,
RH-Acked-by, RH-Author (RHBZ#1846481).
Bugzilla: 1844682
If the "-kernel" QEMU option is not used, then QemuKernelLoaderFsDxe
should return EFI_NOT_FOUND, so that the DXE Core can unload it. However,
the associated error message, logged by the DXE Core to the serial
console, is not desired in the silent edk2-aarch64 build, given that the
absence of "-kernel" is nothing out of the ordinary. Therefore, return
success and stay resident. The wasted guest RAM still gets freed after
ExitBootServices().
(Inspired by RHEL-8.1.0 commit aaaedc1e2cfd.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
(cherry picked from commit 9adcdf493ebbd11efb74e2905ab5f6c8996e096d)
---
.../QemuKernelLoaderFsDxe.c | 17 +++++++++++++++++
.../QemuKernelLoaderFsDxe.inf | 1 +
2 files changed, 18 insertions(+)
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index 3c12085f6c..e192809198 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -19,6 +19,7 @@
#include <Library/BaseMemoryLib.h>
#include <Library/BlobVerifierLib.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/DevicePathLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/QemuFwCfgLib.h>
@@ -1081,6 +1082,22 @@ QemuKernelLoaderFsDxeEntrypoint (
if (KernelBlob->Data == NULL) {
Status = EFI_NOT_FOUND;
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1844682
+ //
+ // If the "-kernel" QEMU option is not being used, this platform DXE driver
+ // should return EFI_NOT_FOUND, so that the DXE Core can unload it.
+ // However, the associated error message, logged by the DXE Core to the
+ // serial console, is not desired in the silent edk2-aarch64 build, given
+ // that the absence of "-kernel" is nothing out of the ordinary. Therefore,
+ // return success and stay resident. The wasted guest RAM still gets freed
+ // after ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ Status = EFI_SUCCESS;
+ }
+#endif
goto FreeBlobs;
}
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
index 7b35adb8e0..23d9f5fca1 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf
@@ -28,6 +28,7 @@
BaseLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
DevicePathLib
MemoryAllocationLib
QemuFwCfgLib

@ -0,0 +1,79 @@
From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:40:09 +0200
Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent
aa64 build (RH)
Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
- Remove obsolete commit message tags related to downstream patch
management: Message-id, Patchwork-id, O-Subject, Acked-by, From,
RH-Acked-by, RH-Author (RHBZ#1846481).
Bugzilla: 1844682
If swtpm / vTPM2 is not being used, Tcg2Dxe should return EFI_UNSUPPORTED,
so that the DXE Core can unload it. However, the associated error message,
logged by the DXE Core to the serial console, is not desired in the silent
edk2-aarch64 build, given that the absence of swtpm / vTPM2 is nothing out
of the ordinary. Therefore, return success and stay resident. The wasted
guest RAM still gets freed after ExitBootServices().
(Inspired by RHEL-8.1.0 commit aaaedc1e2cfd.)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
(cherry picked from commit cbce29f7749477e271f9764fed82de94724af5df)
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 17 +++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 18 insertions(+)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index b55b6c12d2..0be885c391 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -29,6 +29,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/ResetNotification.h>
#include <Library/DebugLib.h>
+#include <Library/DebugPrintErrorLevelLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiDriverEntryPoint.h>
@@ -2743,6 +2744,22 @@ DriverEntry (
CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
{
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
+#if defined (MDE_CPU_AARCH64)
+ //
+ // RHBZ#1844682
+ //
+ // If swtpm / vTPM2 is not being used, this driver should return
+ // EFI_UNSUPPORTED, so that the DXE Core can unload it. However, the
+ // associated error message, logged by the DXE Core to the serial console,
+ // is not desired in the silent edk2-aarch64 build, given that the absence
+ // of swtpm / vTPM2 is nothing out of the ordinary. Therefore, return
+ // success and stay resident. The wasted guest RAM still gets freed after
+ // ExitBootServices().
+ //
+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
+ return EFI_SUCCESS;
+ }
+#endif
return EFI_UNSUPPORTED;
}
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index a645474bf3..dbb7a52f33 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -55,6 +55,7 @@
UefiRuntimeServicesTableLib
BaseMemoryLib
DebugLib
+ DebugPrintErrorLevelLib
Tpm2CommandLib
PrintLib
UefiLib

@ -0,0 +1,126 @@
From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:49 +0200
Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [2/19] 6777c3dc453e4aecddc20216f783ba2a5acccaa0
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove EFI Byte Code interpreter.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 32f47704bc..6b6e108d11 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -611,7 +611,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 595945181c..c176043482 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -212,7 +212,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 49540d54d0..d368aa11fe 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -746,7 +746,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0d4abb50a8..ef933def99 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -216,7 +216,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1c4e0514ed..cf09bdf785 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -760,7 +760,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
UefiCpuPkg/CpuDxe/CpuDxe.inf
OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 23a825a012..0cd98ada5a 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -217,7 +217,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
INF OvmfPkg/LocalApicTimerDxe/LocalApicTimerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index e50e63b3f6..098d569381 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -805,7 +805,6 @@
!include OvmfPkg/Include/Dsc/OvmfTpmSecurityStub.dsc.inc
}
- MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
UefiCpuPkg/CpuDxe/CpuDxe.inf {
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 4dcd6a033c..b201505214 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -245,7 +245,6 @@ INF MdeModulePkg/Universal/PCD/Dxe/Pcd.inf
INF MdeModulePkg/Core/RuntimeDxe/RuntimeDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
-INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF UefiCpuPkg/CpuIo2Dxe/CpuIo2Dxe.inf
INF UefiCpuPkg/CpuDxe/CpuDxe.inf

@ -0,0 +1,126 @@
From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:59 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [4/19] f0a41317291f2e9e3b5bd3125149c3866f23ab08
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
QemuVideoDxe binds virtio-vga, so VirtioGpu is not needed.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 6b6e108d11..5461c1290d 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -701,7 +701,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
#
# ISA Support
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c176043482..10538a0465 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -300,7 +300,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d368aa11fe..40e78014c4 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -838,7 +838,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index ef933def99..68d59968ec 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -317,7 +317,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
INF OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index cf09bdf785..6ade9aa0ef 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -852,7 +852,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
#
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 0cd98ada5a..8891d96422 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -323,7 +323,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 098d569381..8563835ae5 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -920,7 +920,6 @@
<PcdsFixedAtBuild>
gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
}
- OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
OvmfPkg/VirtHstiDxe/VirtHstiDxe.inf
#
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index b201505214..06ac4423da 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -356,7 +356,6 @@ INF MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
INF OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
INF OvmfPkg/AmdSevDxe/AmdSevDxe.inf
INF OvmfPkg/IoMmuDxe/IoMmuDxe.inf

@ -0,0 +1,100 @@
From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:13 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [9/19] b40d8a6b9c38568a74fb922b12bbae9f0e721f95
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the virtio-fs driver.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
6 files changed, 6 deletions(-)
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 40e78014c4..afd2a3c5c0 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -816,7 +816,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 68d59968ec..c392b96470 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 6ade9aa0ef..f5a4c57c8e 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -830,7 +830,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 8891d96422..6278daeeee 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -291,7 +291,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 8563835ae5..08b73a64c9 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -898,7 +898,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index 06ac4423da..fc4b6dd3a4 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -322,7 +322,6 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
-INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf

@ -0,0 +1,61 @@
From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:16 +0200
Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [10/19] 808ad4385c24fbf34fb0ba359808e6d364e1d030
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the virtio-fs driver.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 -
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 -
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 00e656d0c9..d1deccaadc 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -464,7 +464,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
#
# Bds
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 38906004d7..7205274bed 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -85,7 +85,6 @@ READ_LOCK_STATUS = TRUE
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- INF OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index c7918c8cf3..9643fd5427 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -368,7 +368,6 @@
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- OvmfPkg/VirtioFsDxe/VirtioFsDxe.inf
#
# Bds

@ -0,0 +1,126 @@
From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:19 +0200
Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [11/19] 21614de37221fca27d4eec0f03c5c8bce5911af3
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the UDF driver.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 1 -
OvmfPkg/AmdSev/AmdSevX64.fdf | 1 -
OvmfPkg/OvmfPkgIa32.dsc | 1 -
OvmfPkg/OvmfPkgIa32.fdf | 1 -
OvmfPkg/OvmfPkgIa32X64.dsc | 1 -
OvmfPkg/OvmfPkgIa32X64.fdf | 1 -
OvmfPkg/OvmfPkgX64.dsc | 1 -
OvmfPkg/OvmfPkgX64.fdf | 1 -
8 files changed, 8 deletions(-)
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 5461c1290d..cf1ad83e09 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -679,7 +679,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index 10538a0465..c56c98dc85 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -280,7 +280,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF OvmfPkg/AmdSev/SecretDxe/SecretDxe.inf
INF OvmfPkg/AmdSev/Grub/Grub.inf
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index afd2a3c5c0..d8ae542686 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -815,7 +815,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index c392b96470..0ffa3be750 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -289,7 +289,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index f5a4c57c8e..52ac2c96fc 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -829,7 +829,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index 6278daeeee..c4f3ec0735 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -290,7 +290,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 08b73a64c9..f76d0ef7bc 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -897,7 +897,6 @@
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
MdeModulePkg/Bus/Scsi/ScsiBusDxe/ScsiBusDxe.inf
MdeModulePkg/Bus/Scsi/ScsiDiskDxe/ScsiDiskDxe.inf
MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index fc4b6dd3a4..bedd85ef7a 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -321,7 +321,6 @@ INF MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
-INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
INF MdeModulePkg/Logo/LogoDxe.inf

@ -0,0 +1,61 @@
From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:22 +0200
Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [12/19] fcadb6a747b65e4d449d48131c9a2eeed4bd3c9a
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the UDF driver.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirtQemu.dsc | 1 -
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
ArmVirtPkg/ArmVirtQemuKernel.dsc | 1 -
3 files changed, 3 deletions(-)
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index d1deccaadc..f91bb09fa3 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -463,7 +463,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
#
# Bds
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 7205274bed..24a9dac2fd 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -84,7 +84,6 @@ READ_LOCK_STATUS = TRUE
INF MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
INF FatPkg/EnhancedFatDxe/Fat.inf
INF MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
- INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
#
# Status Code Routing
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index 9643fd5427..c2825aa4c2 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -367,7 +367,6 @@
MdeModulePkg/Universal/Disk/PartitionDxe/PartitionDxe.inf
MdeModulePkg/Universal/Disk/UnicodeCollation/EnglishDxe/EnglishDxe.inf
FatPkg/EnhancedFatDxe/Fat.inf
- MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
#
# Bds

@ -0,0 +1,55 @@
From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:25 +0200
Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
rebase to edk2-stable202405:
rewrite due to shell build config being moved to an include file
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [13/19] cf9ef346386ac89fa05b29d429d8d1b27cf0e3b0
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via TFTP.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 4 ----
OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | 1 -
2 files changed, 5 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index 4075688e41..3663938054 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -6,10 +6,6 @@
!if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index 38f69747b0..1637083ff1 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -6,7 +6,6 @@
!if $(TOOL_CHAIN_TAG) != "XCODE5"
!if $(NETWORK_ENABLE) == TRUE
-INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
!endif
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf

@ -0,0 +1,54 @@
From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:28 +0200
Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [14/19] 12436014941bd4a7c99a26d779ebdcd75f169403
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via TFTP.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 7 +++----
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 7044790a1e..ee98673e98 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,10 +391,9 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
- ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
+ #
+ # UEFI application (Shell Embedded Boot Loader)
+ #
ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 24a9dac2fd..1341de0a2f 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
INF ShellPkg/Application/Shell/Shell.inf
- INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

@ -0,0 +1,63 @@
From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:31 +0200
Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
rebase to edk2-stable202405:
rewrite due to shell build config being moved to an include file
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [15/19] 1911cf04f27467ef1175b1976864c1111d93d19e
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via HTTP(S).
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 6 ------
OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | 3 ---
2 files changed, 9 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index 3663938054..a568f1ecc5 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -5,12 +5,6 @@
!if $(BUILD_SHELL) == TRUE
!if $(TOOL_CHAIN_TAG) != "XCODE5"
-!if $(NETWORK_ENABLE) == TRUE
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
-!endif
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index 1637083ff1..c0118a46e2 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -5,9 +5,6 @@
!if $(BUILD_SHELL) == TRUE && $(SECURE_BOOT_ENABLE) == FALSE
!if $(TOOL_CHAIN_TAG) != "XCODE5"
-!if $(NETWORK_ENABLE) == TRUE
-INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
-!endif
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif

@ -0,0 +1,55 @@
From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:34 +0200
Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [16/19] 07a74f1fdcdbb9a31d25ce9760edcd852e9574c3
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to download files in the shell via HTTP(S).
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 4 ----
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 5 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index ee98673e98..996b4ddfc4 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -394,10 +394,6 @@
#
# UEFI application (Shell Embedded Boot Loader)
#
- ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index 1341de0a2f..b49bf7ad4e 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -100,7 +100,6 @@ READ_LOCK_STATUS = TRUE
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
INF ShellPkg/Application/Shell/Shell.inf
- INF ShellPkg/DynamicCommand/HttpDynamicCommand/HttpDynamicCommand.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf

@ -0,0 +1,64 @@
From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:39 +0200
Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
rebase to edk2-stable202405:
rewrite due to shell build config being moved to an include file
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [17/19] 491fe1301ea29c7cb56c20272e45614d5fcb6f14
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to register a file in the shell as the
initial ramdisk for a UEFI stubbed kernel, to be booted next.
Note: as further dynamic shell commands might show up upstream,
we intentionally preserve the empty !ifdef'ry context to ease
future downstream rebases.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
OvmfPkg/Include/Dsc/ShellComponents.dsc.inc | 4 ----
OvmfPkg/Include/Fdf/ShellDxe.fdf.inc | 1 -
2 files changed, 5 deletions(-)
diff --git a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
index a568f1ecc5..f7e0f5e90e 100644
--- a/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+++ b/OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
@@ -9,10 +9,6 @@
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
!endif
ShellPkg/Application/Shell/Shell.inf {
diff --git a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
index c0118a46e2..dced75e388 100644
--- a/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+++ b/OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
@@ -6,7 +6,6 @@
!if $(TOOL_CHAIN_TAG) != "XCODE5"
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
-INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
!endif
INF ShellPkg/Application/Shell/Shell.inf

@ -0,0 +1,66 @@
From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:46 +0200
Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rebase to edk2-stable202311:
Minor update, context change due to new variable policy shell command.
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
RH-MergeRequest: 3: Disable features for RHEL9
RH-Commit: [18/19] 8f4e4007108462533e3d2050b84d8830073a7c0d
RH-Bugzilla: 1967747
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Remove the command to register a file in the shell as the initial
ramdisk for a UEFI stubbed kernel, to be booted next.
Suggested-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
---
ArmVirtPkg/ArmVirt.dsc.inc | 10 +++-------
ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 -
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 996b4ddfc4..2561e10ff5 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -391,17 +391,13 @@
#
MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf
- #
- # UEFI application (Shell Embedded Boot Loader)
- #
+ #
+ # UEFI application (Shell Embedded Boot Loader)
+ #
ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf {
<PcdsFixedAtBuild>
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
}
- OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf {
- <PcdsFixedAtBuild>
- gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
- }
ShellPkg/Application/Shell/Shell.inf {
<LibraryClasses>
ShellCommandLib|ShellPkg/Library/UefiShellCommandLib/UefiShellCommandLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
index b49bf7ad4e..753afd799b 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
@@ -101,7 +101,6 @@ READ_LOCK_STATUS = TRUE
INF ShellPkg/Application/Shell/Shell.inf
INF ShellPkg/DynamicCommand/VariablePolicyDynamicCommand/VariablePolicyDynamicCommand.inf
- INF OvmfPkg/LinuxInitrdDynamicShellCommand/LinuxInitrdDynamicShellCommand.inf
#
# Bds

@ -0,0 +1,49 @@
From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 28 Feb 2023 15:47:00 +0100
Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Author: Gerd Hoffmann <kraxel@redhat.com>
RH-MergeRequest: 42: UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
RH-Bugzilla: 2124143
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/1] 5168501c31541a57aaeb3b3bd7c3602205eb7cdf (kraxel/centos-edk2)
In case the number of CPUs can in increase beyond 255
due to CPU hotplug choose x2apic mode.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
present_in_specfile: true
location_in_specfile: 38
---
UefiCpuPkg/Library/MpInitLib/MpLib.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
index d724456502..c478878bb0 100644
--- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
+++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
@@ -534,7 +534,9 @@ CollectProcessorCount (
//
// Enable x2APIC mode if
// 1. Number of CPU is greater than 255; or
- // 2. There are any logical processors reporting an Initial APIC ID of 255 or greater.
+ // 2. The platform exposed the exact *boot* CPU count to us in advance, and
+ // more than 255 logical processors are possible later, with hotplug; or
+ // 3. There are any logical processors reporting an Initial APIC ID of 255 or greater.
//
X2Apic = FALSE;
if (CpuMpData->CpuCount > 255) {
@@ -542,6 +544,10 @@ CollectProcessorCount (
// If there are more than 255 processor found, force to enable X2APIC
//
X2Apic = TRUE;
+ } else if ((PcdGet32 (PcdCpuBootLogicalProcessorNumber) > 0) &&
+ (PcdGet32 (PcdCpuMaxLogicalProcessorNumber) > 255))
+ {
+ X2Apic = TRUE;
} else {
CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
for (Index = 0; Index < CpuMpData->CpuCount; Index++) {

@ -0,0 +1,121 @@
From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 16 Aug 2023 12:09:40 +0200
Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)
RH-Bugzilla: 2218196
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2)
Add a callback at the end of the Dxe phase that sets the
"FB_NO_REBOOT" variable under the Shim GUID.
This is a workaround for a boot loop in case a confidential
guest that uses shim is booted with a vtpm device present.
BZ 2218196
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
present_in_specfile: true
location_in_specfile: 44
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++
OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++
2 files changed, 44 insertions(+)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index d497a343d3..0eb88e50ff 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -19,6 +19,7 @@
#include <Library/MemoryAllocationLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Guid/ConfidentialComputingSevSnpBlob.h>
+#include <Guid/GlobalVariable.h>
#include <Library/PcdLib.h>
#include <Pi/PiDxeCis.h>
#include <Protocol/SevMemoryAcceptance.h>
@@ -28,6 +29,10 @@
// Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h
#define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL
+static EFI_GUID ShimLockGuid = {
+ 0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 }
+};
+
STATIC
EFI_STATUS
AllocateConfidentialComputingBlob (
@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = {
AmdSevMemoryAccept
};
+VOID
+EFIAPI
+PopulateVarstore (
+ EFI_EVENT Event,
+ VOID *Context
+ )
+{
+ EFI_SYSTEM_TABLE *SystemTable = (EFI_SYSTEM_TABLE *)Context;
+ EFI_STATUS Status;
+
+ DEBUG ((DEBUG_INFO, "Populating Varstore\n"));
+ UINT32 data = 1;
+
+ Status = SystemTable->RuntimeServices->SetVariable (
+ L"FB_NO_REBOOT",
+ &ShimLockGuid,
+ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS,
+ sizeof (data),
+ &data
+ );
+ ASSERT_EFI_ERROR (Status);
+
+ Status = SystemTable->BootServices->CloseEvent (Event);
+ ASSERT_EFI_ERROR (Status);
+}
+
EFI_STATUS
EFIAPI
AmdSevDxeEntryPoint (
@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint (
UINTN NumEntries;
UINTN Index;
CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION *SnpBootDxeTable;
+ EFI_EVENT PopulateVarstoreEvent;
//
// Do nothing when SEV is not enabled
@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint (
);
}
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ PopulateVarstore,
+ SystemTable,
+ &gEfiEndOfDxeEventGroupGuid,
+ &PopulateVarstoreEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
return EFI_SUCCESS;
}
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
index e7c7d526c9..09cbd2b0ca 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf
@@ -54,6 +54,8 @@
[Guids]
gConfidentialComputingSevSnpBlobGuid
gEfiEventBeforeExitBootServicesGuid
+ gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event
+
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId

@ -0,0 +1,28 @@
From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:11:02 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.
Needed by rhel downstream openssl patches.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
CryptoPkg/Library/Include/sys/stat.h | 9 +++++++++
1 file changed, 9 insertions(+)
create mode 100644 CryptoPkg/Library/Include/sys/stat.h
diff --git a/CryptoPkg/Library/Include/sys/stat.h b/CryptoPkg/Library/Include/sys/stat.h
new file mode 100644
index 0000000000..22247bb2db
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/stat.h
@@ -0,0 +1,9 @@
+/** @file
+ Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>

@ -0,0 +1,139 @@
From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:27:09 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls
Needed by rhel downstream openssl patches, they use unix syscalls
for file access (instead of fopen + friends like the rest of the
code base). No actual file access is needed for edk2, so just
add stubs to make linking work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
.../Library/BaseCryptLib/SysCall/CrtWrapper.c | 46 +++++++++++++++++++
CryptoPkg/Library/Include/CrtLibSupport.h | 41 +++++++++++++++++
2 files changed, 87 insertions(+)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
index 37cdecc9bd..dfdb635536 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
@@ -550,6 +550,52 @@ fread (
return 0;
}
+int
+access(
+ const char*,
+ int
+ )
+{
+ return -1;
+}
+
+int
+open (
+ const char *,
+ int
+ )
+{
+ return -1;
+}
+
+ssize_t
+read (
+ int,
+ void*,
+ size_t
+ )
+{
+ return -1;
+}
+
+ssize_t
+write (
+ int,
+ const void*,
+ size_t
+ )
+{
+ return -1;
+}
+
+int
+close (
+ int
+ )
+{
+ return -1;
+}
+
uid_t
getuid (
void
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index f36fe08f0c..7d98496af8 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Definitions for global constants used by CRT library routines
//
+#define EINTR 4
#define EINVAL 22 /* Invalid argument */
#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */
#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */
@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define NS_INADDRSZ 4 /*%< IPv4 T_A */
#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */
+#define O_RDONLY 00000000
+#define O_WRONLY 00000001
+#define O_RDWR 00000002
+
+#define R_OK 4
+#define W_OK 2
+#define X_OK 1
+#define F_OK 0
+
//
// Basic types mapping
//
@@ -324,6 +334,37 @@ fprintf (
...
);
+int
+access(
+ const char*,
+ int
+ );
+
+int
+open (
+ const char *,
+ int
+ );
+
+ssize_t
+read (
+ int,
+ void*,
+ size_t
+ );
+
+ssize_t
+write (
+ int,
+ const void*,
+ size_t
+ );
+
+int
+close (
+ int
+ );
+
time_t
time (
time_t *

@ -0,0 +1,194 @@
From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:38 +0100
Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [1/4] c4061788d34f409944898b48642d610c259161f3 (kraxel.rh/centos-src-edk2)
Specifically before running lzma uncompress of the main firmware volume.
This is needed to make sure caching is enabled, otherwise the uncompress
can be extremely slow.
Adapt the ASSERTs and MTRR setup in PlatformInitLib to the changes.
Background: Depending on virtual machine configuration kvm may uses EPT
memory types to apply guest MTRR settings. In case MTRRs are disabled
kvm will use the uncachable memory type for all mappings. The
vmx_get_mt_mask() function in the linux kernel handles this and can be
found here:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/arch/x86/kvm/vmx/vmx.c?h=v6.7.1#n7580
In most VM configurations kvm uses MTRR_TYPE_WRBACK unconditionally. In
case the VM has a mdev device assigned that is not the case though.
Before commit e8aa4c6546ad ("UefiCpuPkg/ResetVector: Cache Disable
should not be set by default in CR0") kvm also ended up using
MTRR_TYPE_WRBACK due to KVM_X86_QUIRK_CD_NW_CLEARED. After that commit
kvm evaluates guest mtrr settings, which why setting up MTRRs early is
important now.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-2-kraxel@redhat.com>
[ kraxel: Downstream-only for now. Timely upstream merge is unlikely
due to chinese holidays and rhel-9.4 deadlines are close.
QE regression testing passed. So go with upstream posted
series v3 ]
patch_name: edk2-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
present_in_specfile: true
location_in_specfile: 49
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 32 +++++++++++++++++++++
OvmfPkg/Library/PlatformInitLib/MemDetect.c | 10 +++----
OvmfPkg/Sec/SecMain.c | 32 +++++++++++++++++++++
3 files changed, 69 insertions(+), 5 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 4e750755bf..7094d86159 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -26,6 +26,8 @@
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
#include <Library/PeilessStartupLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#define SEC_IDT_ENTRY_COUNT 34
@@ -47,6 +49,31 @@ IA32_IDT_GATE_DESCRIPTOR mIdtEntryTemplate = {
}
};
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -203,6 +230,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
PeilessStartup (&SecCoreData);
ASSERT (FALSE);
diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
index e64c0ee324..b6ba63ef95 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
@@ -1164,18 +1164,18 @@ PlatformQemuInitializeRam (
MtrrGetAllMtrrs (&MtrrSettings);
//
- // MTRRs disabled, fixed MTRRs disabled, default type is uncached
+ // See SecMtrrSetup(), default type should be write back
//
- ASSERT ((MtrrSettings.MtrrDefType & BIT11) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & BIT11) != 0);
ASSERT ((MtrrSettings.MtrrDefType & BIT10) == 0);
- ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == 0);
+ ASSERT ((MtrrSettings.MtrrDefType & 0xFF) == MTRR_CACHE_WRITE_BACK);
//
// flip default type to writeback
//
- SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, 0x06);
+ SetMem (&MtrrSettings.Fixed, sizeof MtrrSettings.Fixed, MTRR_CACHE_WRITE_BACK);
ZeroMem (&MtrrSettings.Variables, sizeof MtrrSettings.Variables);
- MtrrSettings.MtrrDefType |= BIT11 | BIT10 | 6;
+ MtrrSettings.MtrrDefType |= BIT10;
MtrrSetAllMtrrs (&MtrrSettings);
//
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 60dfa61842..725b57e2fa 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -29,6 +29,8 @@
#include <Ppi/MpInitLibDep.h>
#include <Library/TdxHelperLib.h>
#include <Library/CcProbeLib.h>
+#include <Register/Intel/ArchitecturalMsr.h>
+#include <Register/Intel/Cpuid.h>
#include "AmdSev.h"
#define SEC_IDT_ENTRY_COUNT 34
@@ -743,6 +745,31 @@ FindAndReportEntryPoints (
return;
}
+//
+// Enable MTRR early, set default type to write back.
+// Needed to make sure caching is enabled,
+// without this lzma decompress can be very slow.
+//
+STATIC
+VOID
+SecMtrrSetup (
+ VOID
+ )
+{
+ CPUID_VERSION_INFO_EDX Edx;
+ MSR_IA32_MTRR_DEF_TYPE_REGISTER DefType;
+
+ AsmCpuid (CPUID_VERSION_INFO, NULL, NULL, NULL, &Edx.Uint32);
+ if (!Edx.Bits.MTRR) {
+ return;
+ }
+
+ DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
+ DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.E = 1; /* enable */
+ AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
+}
+
VOID
EFIAPI
SecCoreStartupWithStack (
@@ -942,6 +969,11 @@ SecCoreStartupWithStack (
InitializeApicTimer (0, MAX_UINT32, TRUE, 5);
DisableApicTimerInterrupt ();
+ //
+ // Initialize MTRR
+ //
+ SecMtrrSetup ();
+
//
// Initialize Debug Agent to support source level debug in SEC/PEI phases before memory ready.
//

@ -0,0 +1,41 @@
From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:39 +0100
Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [2/4] a568bc2793d677462a2971aae9566a9bbc64b063 (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-3-kraxel@redhat.com>
patch_name: edk2-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
present_in_specfile: true
location_in_specfile: 50
---
MdePkg/Include/Register/Intel/ArchitecturalMsr.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
index 756e7c86ec..08ba949cf7 100644
--- a/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
+++ b/MdePkg/Include/Register/Intel/ArchitecturalMsr.h
@@ -2103,6 +2103,13 @@ typedef union {
#define MSR_IA32_MTRR_PHYSBASE9 0x00000212
/// @}
+#define MSR_IA32_MTRR_CACHE_UNCACHEABLE 0
+#define MSR_IA32_MTRR_CACHE_WRITE_COMBINING 1
+#define MSR_IA32_MTRR_CACHE_WRITE_THROUGH 4
+#define MSR_IA32_MTRR_CACHE_WRITE_PROTECTED 5
+#define MSR_IA32_MTRR_CACHE_WRITE_BACK 6
+#define MSR_IA32_MTRR_CACHE_INVALID_TYPE 7
+
/**
MSR information returned for MSR indexes #MSR_IA32_MTRR_PHYSBASE0 to
#MSR_IA32_MTRR_PHYSBASE9

@ -0,0 +1,70 @@
From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:40 +0100
Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from
ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [3/4] 8b766c97b247a8665662697534455c19423ff23c (kraxel.rh/centos-src-edk2)
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-4-kraxel@redhat.com>
patch_name: edk2-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
present_in_specfile: true
location_in_specfile: 51
---
UefiCpuPkg/Include/Library/MtrrLib.h | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/UefiCpuPkg/Include/Library/MtrrLib.h b/UefiCpuPkg/Include/Library/MtrrLib.h
index 86cc1aab3b..287d249a99 100644
--- a/UefiCpuPkg/Include/Library/MtrrLib.h
+++ b/UefiCpuPkg/Include/Library/MtrrLib.h
@@ -9,6 +9,8 @@
#ifndef _MTRR_LIB_H_
#define _MTRR_LIB_H_
+#include <Register/Intel/ArchitecturalMsr.h>
+
//
// According to IA32 SDM, MTRRs number and MSR offset are always consistent
// for IA32 processor family
@@ -82,20 +84,20 @@ typedef struct _MTRR_SETTINGS_ {
// Memory cache types
//
typedef enum {
- CacheUncacheable = 0,
- CacheWriteCombining = 1,
- CacheWriteThrough = 4,
- CacheWriteProtected = 5,
- CacheWriteBack = 6,
- CacheInvalid = 7
+ CacheUncacheable = MSR_IA32_MTRR_CACHE_UNCACHEABLE,
+ CacheWriteCombining = MSR_IA32_MTRR_CACHE_WRITE_COMBINING,
+ CacheWriteThrough = MSR_IA32_MTRR_CACHE_WRITE_THROUGH,
+ CacheWriteProtected = MSR_IA32_MTRR_CACHE_WRITE_PROTECTED,
+ CacheWriteBack = MSR_IA32_MTRR_CACHE_WRITE_BACK,
+ CacheInvalid = MSR_IA32_MTRR_CACHE_INVALID_TYPE,
} MTRR_MEMORY_CACHE_TYPE;
-#define MTRR_CACHE_UNCACHEABLE 0
-#define MTRR_CACHE_WRITE_COMBINING 1
-#define MTRR_CACHE_WRITE_THROUGH 4
-#define MTRR_CACHE_WRITE_PROTECTED 5
-#define MTRR_CACHE_WRITE_BACK 6
-#define MTRR_CACHE_INVALID_TYPE 7
+#define MTRR_CACHE_UNCACHEABLE MSR_IA32_MTRR_CACHE_UNCACHEABLE
+#define MTRR_CACHE_WRITE_COMBINING MSR_IA32_MTRR_CACHE_WRITE_COMBINING
+#define MTRR_CACHE_WRITE_THROUGH MSR_IA32_MTRR_CACHE_WRITE_THROUGH
+#define MTRR_CACHE_WRITE_PROTECTED MSR_IA32_MTRR_CACHE_WRITE_PROTECTED
+#define MTRR_CACHE_WRITE_BACK MSR_IA32_MTRR_CACHE_WRITE_BACK
+#define MTRR_CACHE_INVALID_TYPE MSR_IA32_MTRR_CACHE_INVALID_TYPE
typedef struct {
UINT64 BaseAddress;

@ -0,0 +1,49 @@
From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:41 +0100
Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 55: OvmfPkg/Sec: Setup MTRR early in the boot process.
RH-Jira: RHEL-21704
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
RH-Commit: [4/4] 55f00e3e153ca945ca458e7abc26780a8d83ac85 (kraxel.rh/centos-src-edk2)
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-ID: <20240130130441.772484-5-kraxel@redhat.com>
patch_name: edk2-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
present_in_specfile: true
location_in_specfile: 52
---
OvmfPkg/IntelTdx/Sec/SecMain.c | 2 +-
OvmfPkg/Sec/SecMain.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c
index 7094d86159..1a19f26178 100644
--- a/OvmfPkg/IntelTdx/Sec/SecMain.c
+++ b/OvmfPkg/IntelTdx/Sec/SecMain.c
@@ -69,7 +69,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}
diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index 725b57e2fa..26963b924d 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -765,7 +765,7 @@ SecMtrrSetup (
}
DefType.Uint64 = AsmReadMsr64 (MSR_IA32_MTRR_DEF_TYPE);
- DefType.Bits.Type = 6; /* write back */
+ DefType.Bits.Type = MSR_IA32_MTRR_CACHE_WRITE_BACK;
DefType.Bits.E = 1; /* enable */
AsmWriteMsr64 (MSR_IA32_MTRR_DEF_TYPE, DefType.Uint64);
}

@ -0,0 +1,54 @@
From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001
From: Sam <Sam_Tsai@wiwynn.com>
Date: Wed, 29 May 2024 07:46:03 +0800
Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
iPXE environment
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64
Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
(cherry picked from commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3)
---
NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
index 40bba4080c..c6e7c0df54 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
+++ b/NetworkPkg/TcpDxe/TcpDriver.c
@@ -509,7 +509,7 @@ TcpDestroyService (
//
// Destroy the instance of the hashing protocol for this controller.
//
- Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
+ Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
if (EFI_ERROR (Status)) {
return EFI_UNSUPPORTED;
}

@ -0,0 +1,127 @@
From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 8 May 2024 13:14:26 +0200
Subject: [PATCH] OvmfPkg: add morlock support
Add dsc + fdf include files to add the MorLock drivers to the build.
Add the include files to OVMF build configurations.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit b45aff0dc9cb87f316eb17a11e5d4438175d9cca)
---
OvmfPkg/Include/Dsc/MorLock.dsc.inc | 10 ++++++++++
OvmfPkg/Include/Fdf/MorLock.fdf.inc | 10 ++++++++++
OvmfPkg/OvmfPkgIa32.dsc | 1 +
OvmfPkg/OvmfPkgIa32.fdf | 1 +
OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
OvmfPkg/OvmfPkgX64.dsc | 1 +
OvmfPkg/OvmfPkgX64.fdf | 1 +
8 files changed, 26 insertions(+)
create mode 100644 OvmfPkg/Include/Dsc/MorLock.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/MorLock.fdf.inc
diff --git a/OvmfPkg/Include/Dsc/MorLock.dsc.inc b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
new file mode 100644
index 0000000000..a8c5fb24b8
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/MorLock.dsc.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+ SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+ SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/Include/Fdf/MorLock.fdf.inc b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
new file mode 100644
index 0000000000..20b7d6619a
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/MorLock.fdf.inc
@@ -0,0 +1,10 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# MorLock support
+##
+
+INF SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf
+!if $(SMM_REQUIRE) == TRUE
+INF SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf
+!endif
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index d8ae542686..65a866ae0c 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -887,6 +887,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 0ffa3be750..10eb6fe72b 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -355,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 52ac2c96fc..679e25501b 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -901,6 +901,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index c4f3ec0735..ff06bbfc6f 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -362,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index f76d0ef7bc..d294fd4625 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -969,6 +969,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index bedd85ef7a..f3b787201f 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -402,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
################################################################################

@ -0,0 +1,192 @@
From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001
From: Pedro Falcato <pedro.falcato@gmail.com>
Date: Tue, 22 Nov 2022 22:31:03 +0000
Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
RDRAND has notoriously been broken many times over its lifespan.
Add a smoketest to RDRAND, in order to better sniff out potential
security concerns.
Also add a proper CPUID test in order to support older CPUs which may
not have it; it was previously being tested but then promptly ignored.
Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
:x86_init_rdrand() per commit 049f9ae9..
Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
code to MIT and the public domain.
>On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
<..>
> I (re)wrote that function in Linux. I hereby relicense it as MIT, and
> also place it into public domain. Do with it what you will now.
>
> Jason
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a)
---
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
1 file changed, 91 insertions(+), 8 deletions(-)
diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
index 9bd68352f9..06d2a6f12d 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
@@ -3,6 +3,7 @@
to provide high-quality random numbers.
Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
STATIC BOOLEAN mRdRandSupported;
+//
+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
+//
+#define RDRAND_RETRIES 10
+
+#define RDRAND_TEST_SAMPLES 8
+
+#define RDRAND_MIN_CHANGE 5
+
+//
+// Add a define for native-word RDRAND, just for the test.
+//
+#ifdef MDE_CPU_X64
+#define ASM_RDRAND AsmRdRand64
+#else
+#define ASM_RDRAND AsmRdRand32
+#endif
+
+/**
+ Tests RDRAND for broken implementations.
+
+ @retval TRUE RDRAND is reliable (and hopefully safe).
+ @retval FALSE RDRAND is unreliable and should be disabled, despite CPUID.
+
+**/
+STATIC
+BOOLEAN
+TestRdRand (
+ VOID
+ )
+{
+ //
+ // Test for notoriously broken rdrand implementations that always return the same
+ // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
+ // Note that this should be expanded to extensively test for other sorts of possible errata.
+ //
+
+ //
+ // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
+ // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
+ //
+ UINTN Prev;
+ UINT8 Idx;
+ UINT8 TestIteration;
+ UINT32 Changed;
+
+ Changed = 0;
+
+ for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
+ UINTN Sample;
+ //
+ // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
+ // Any failure to get a random number will assume RDRAND does not work.
+ //
+ for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
+ if (ASM_RDRAND (&Sample)) {
+ break;
+ }
+ }
+
+ if (Idx == RDRAND_RETRIES) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
+ return FALSE;
+ }
+
+ if (TestIteration != 0) {
+ Changed += Sample != Prev;
+ }
+
+ Prev = Sample;
+ }
+
+ if (Changed < RDRAND_MIN_CHANGE) {
+ DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+#undef ASM_RDRAND
+
/**
The constructor function checks whether or not RDRAND instruction is supported
by the host hardware.
@@ -48,10 +131,13 @@ BaseRngLibConstructor (
// CPUID. A value of 1 indicates that processor support RDRAND instruction.
//
AsmCpuid (1, 0, 0, &RegEcx, 0);
- ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
+ if (mRdRandSupported) {
+ mRdRandSupported = TestRdRand ();
+ }
+
return EFI_SUCCESS;
}
@@ -70,6 +156,7 @@ ArchGetRandomNumber16 (
OUT UINT16 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand16 (Rand);
}
@@ -88,6 +175,7 @@ ArchGetRandomNumber32 (
OUT UINT32 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand32 (Rand);
}
@@ -106,6 +194,7 @@ ArchGetRandomNumber64 (
OUT UINT64 *Rand
)
{
+ ASSERT (mRdRandSupported);
return AsmRdRand64 (Rand);
}
@@ -122,13 +211,7 @@ ArchIsRngSupported (
VOID
)
{
- /*
- Existing software depends on this always returning TRUE, so for
- now hard-code it.
-
- return mRdRandSupported;
- */
- return TRUE;
+ return mRdRandSupported;
}
/**

@ -0,0 +1,43 @@
From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200
Subject: [PATCH] SecurityPkg/RngDxe: add rng test
Check whenever RngLib actually returns random numbers, only return
a non-zero number of Algorithms if that is the case.
This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
only in case it can actually deliver random numbers.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit a61bc0accb8a76edba4f073fdc7bafc908df045d)
---
SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
index 5723ed6957..8b0742bab6 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
@@ -23,6 +23,7 @@
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
+#include <Library/RngLib.h>
#include "RngDxeInternals.h"
@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
VOID
)
{
- mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ UINT64 RngTest;
+
+ if (GetRandomNumber64 (&RngTest)) {
+ mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
+ }
+
return EFI_SUCCESS;
}

@ -0,0 +1,301 @@
From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 24 May 2024 12:51:17 +0200
Subject: [PATCH] OvmfPkg: wire up RngDxe
Add OvmfRng include snippets with the random number generator
configuration for OVMF. Include RngDxe, build with BaseRngLib,
so the rdrand instruction is used (if available).
Also move VirtioRng to the include snippets.
Use the new include snippets for OVMF builds.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 712797cf19acd292bf203522a79e40e7e13d268b)
---
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
OvmfPkg/AmdSev/AmdSevX64.fdf | 2 +-
OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 2 +-
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
OvmfPkg/Microvm/MicrovmX64.fdf | 2 +-
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
OvmfPkg/OvmfPkgIa32.fdf | 2 +-
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
OvmfPkg/OvmfPkgIa32X64.fdf | 2 +-
OvmfPkg/OvmfPkgX64.dsc | 2 +-
OvmfPkg/OvmfPkgX64.fdf | 2 +-
14 files changed, 27 insertions(+), 12 deletions(-)
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index cf1ad83e09..4edc2a9069 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -649,7 +649,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -740,6 +739,7 @@
OvmfPkg/AmdSev/Grub/Grub.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
OvmfPkg/PlatformDxe/Platform.inf
OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
index c56c98dc85..480837b0fa 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
@@ -227,7 +227,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -318,6 +317,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
new file mode 100644
index 0000000000..68839a0caa
--- /dev/null
+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
@@ -0,0 +1,9 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+ <LibraryClasses>
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ }
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
new file mode 100644
index 0000000000..99cb4a32b1
--- /dev/null
+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
@@ -0,0 +1,6 @@
+##
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 9f49b60ff0..4b7e1596fc 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -636,7 +636,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -719,6 +718,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
index ce5d542048..88d0f75ae2 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE
#
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
!endif
@@ -326,6 +325,7 @@ INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
INF OvmfPkg/PlatformDxe/Platform.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index fb73f2e089..9206f01816 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -760,7 +760,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
@@ -846,6 +845,7 @@
MdeModulePkg/Bus/Usb/UsbMassStorageDxe/UsbMassStorageDxe.inf
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
index 055e659a35..c8268d7e8c 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
@@ -207,7 +207,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(SECURE_BOOT_ENABLE) == TRUE
@@ -299,6 +298,7 @@ INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 65a866ae0c..b64c215585 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -784,7 +784,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -888,6 +887,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
index 10eb6fe72b..c31276e4a3 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
+++ b/OvmfPkg/OvmfPkgIa32.fdf
@@ -231,7 +231,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -356,6 +355,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 679e25501b..ececac3757 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -798,7 +798,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -902,6 +901,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
index ff06bbfc6f..a7b4aeac08 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
@@ -232,7 +232,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -363,6 +362,7 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index d294fd4625..0ab4d3df06 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -866,7 +866,6 @@
OvmfPkg/Virtio10Dxe/Virtio10.inf
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -970,6 +969,7 @@
!include OvmfPkg/Include/Dsc/ShellComponents.dsc.inc
!include OvmfPkg/Include/Dsc/MorLock.dsc.inc
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
!if $(SECURE_BOOT_ENABLE) == TRUE
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
index f3b787201f..ae08ac4fe9 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
+++ b/OvmfPkg/OvmfPkgX64.fdf
@@ -263,7 +263,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
!if $(PVSCSI_ENABLE) == TRUE
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
@@ -403,6 +402,7 @@ INF OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
!include OvmfPkg/Include/Fdf/ShellDxe.fdf.inc
!include OvmfPkg/Include/Fdf/MorLock.fdf.inc
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
################################################################################

@ -0,0 +1,37 @@
From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:49 +0200
Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList
Needed to properly initialize BaseRngLib.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 94961b8817eec6f8d0434555ac50a7aa51c22201)
---
.../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
index d0c1c7a4f7..48d463b8ad 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
@@ -8,6 +8,12 @@
**/
#include "TestBaseCryptLib.h"
+VOID
+EFIAPI
+ProcessLibraryConstructorList (
+ VOID
+ );
+
/**
Initialize the unit test framework, suite, and unit tests for the
sample unit tests and run the unit tests.
@@ -76,5 +82,6 @@ main (
char *argv[]
)
{
+ ProcessLibraryConstructorList ();
return UefiTestMain ();
}

@ -0,0 +1,43 @@
From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:53 +0200
Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit
Set the rdrand feature bit when faking cpuid for host test cases.
Needed to make the CryptoPkg test cases work.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 5e776299a2604b336a947e68593012ab2cc16eb4)
---
MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
index 8ba4f54a38..7f7276f7f4 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
OUT UINT32 *Edx OPTIONAL
)
{
+ UINT32 RetEcx;
+
+ RetEcx = 0;
+ switch (Index) {
+ case 1:
+ RetEcx |= BIT30; /* RdRand */
+ break;
+ }
+
if (Eax != NULL) {
*Eax = 0;
}
@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid (
}
if (Ecx != NULL) {
- *Ecx = 0;
+ *Ecx = RetEcx;
}
if (Edx != NULL) {

@ -0,0 +1,36 @@
{
"description": "OVMF with SB+SMM, SB enabled, MS certs enrolled",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"enrolled-keys",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

@ -0,0 +1,35 @@
{
"description": "OVMF with SB+SMM, empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"requires-smm",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

@ -0,0 +1,32 @@
{
"description": "UEFI firmware for ARM64 virtual machines",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.qcow2",
"format": "qcow2"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
"format": "qcow2"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
],
"tags": [
]
}

@ -0,0 +1,35 @@
{
"description": "OVMF without SB+SMM, empty varstore",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF_CODE.fd",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"acpi-s3",
"amd-sev",
"amd-sev-es",
"verbose-dynamic"
],
"tags": [
]
}

@ -0,0 +1,32 @@
{
"description": "UEFI firmware for ARM64 virtual machines",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
"format": "raw"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
],
"tags": [
]
}

@ -0,0 +1,32 @@
{
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.qcow2",
"format": "qcow2"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.qcow2",
"format": "qcow2"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [
]
}

@ -0,0 +1,32 @@
{
"description": "UEFI firmware for ARM64 virtual machines, verbose logs",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "split",
"executable": {
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
"format": "raw"
},
"nvram-template": {
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
"format": "raw"
}
},
"targets": [
{
"architecture": "aarch64",
"machines": [
"virt-*"
]
}
],
"features": [
"verbose-static"
],
"tags": [
]
}

@ -0,0 +1,31 @@
{
"description": "OVMF with SEV-ES support",
"interface-types": [
"uefi"
],
"mapping": {
"device": "flash",
"mode": "stateless",
"executable": {
"filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
"format": "raw"
}
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"amd-sev",
"amd-sev-es",
"amd-sev-snp",
"verbose-dynamic"
],
"tags": [
]
}

@ -0,0 +1,27 @@
{
"description": "OVMF with TDX support",
"interface-types": [
"uefi"
],
"mapping": {
"device": "memory",
"filename": "/usr/share/edk2/ovmf/OVMF.inteltdx.secboot.fd"
},
"targets": [
{
"architecture": "x86_64",
"machines": [
"pc-q35-*"
]
}
],
"features": [
"enrolled-keys",
"intel-tdx",
"secure-boot",
"verbose-dynamic"
],
"tags": [
]
}

@ -0,0 +1,63 @@
From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 26 Aug 2024 19:25:52 +0200
Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Jira: RHEL-56082
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2)
The shim fallback reboot workaround (introduced for SEV-ES) does
not always work for SEV-SNP, due to a conditional early return.
Let's just register the workaround earlier in this function to
fix that.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/AmdSevDxe/AmdSevDxe.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
index 0eb88e50ff..ca345e95da 100644
--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c
+++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c
@@ -243,6 +243,17 @@ AmdSevDxeEntryPoint (
return EFI_UNSUPPORTED;
}
+ // Shim fallback reboot workaround
+ Status = gBS->CreateEventEx (
+ EVT_NOTIFY_SIGNAL,
+ TPL_CALLBACK,
+ PopulateVarstore,
+ SystemTable,
+ &gEfiEndOfDxeEventGroupGuid,
+ &PopulateVarstoreEvent
+ );
+ ASSERT_EFI_ERROR (Status);
+
//
// Iterate through the GCD map and clear the C-bit from MMIO and NonExistent
// memory space. The NonExistent memory space will be used for mapping the
@@ -393,15 +404,5 @@ AmdSevDxeEntryPoint (
);
}
- Status = gBS->CreateEventEx (
- EVT_NOTIFY_SIGNAL,
- TPL_CALLBACK,
- PopulateVarstore,
- SystemTable,
- &gEfiEndOfDxeEventGroupGuid,
- &PopulateVarstoreEvent
- );
- ASSERT_EFI_ERROR (Status);
-
return EFI_SUCCESS;
}
--
2.39.3

@ -0,0 +1,43 @@
From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Mar 2024 15:32:58 +0100
Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing
variables
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables
RH-Jira: RHEL-45261
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2)
Emit a DEBUG_WARN message if there is not enough flash space left to
write/update a variable. This condition is currently not logged
appropriately in all cases, given that full variable store can easily
render the system unbootable.
This new message helps identifying this condition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 80b59ff8320d1bd134bf689fe9c0ddf4e0473b88)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index d394d237a5..1c7659031d 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -2364,6 +2364,8 @@ Done:
);
ASSERT_EFI_ERROR (Status);
}
+ } else if (Status == EFI_OUT_OF_RESOURCES) {
+ DEBUG ((DEBUG_WARN, "UpdateVariable failed: Out of flash space\n"));
}
return Status;
--
2.39.3

@ -0,0 +1,50 @@
From f0facba2e1458636c73399b8b0aea8c8db47f5f2 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 1 Oct 2024 18:40:41 -0400
Subject: [PATCH 3/3] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 79: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60829
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 295f85a105fe778de5e555a65fdd2b7297c721a6
JIRA: https://issues.redhat.com/browse/RHEL-60829
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e769b..128090d98e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.39.3

@ -0,0 +1,44 @@
From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 14 Aug 2024 09:53:49 +0200
Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [2/2] d1f24c14ccea7346d395c263ed577039f91debfd (osteffen/edk2)
The word "Failed" is used when logging tired Rng algorithms.
These mostly non-critical messages confused some users.
Reword it and also add a message confirming eventual success to
deescalate the importance somewhat.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 4dfbe91a55..905a944975 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -946,12 +946,13 @@ PseudoRandom (
//
// Secure Algorithm was supported on this platform
//
+ DEBUG ((DEBUG_VERBOSE, "Generated random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
return EFI_SUCCESS;
} else if (Status == EFI_UNSUPPORTED) {
//
// Secure Algorithm was not supported on this platform
//
- DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ DEBUG ((DEBUG_VERBOSE, "Unable to generate random data using secure algorithm %d not available: %r\n", AlgorithmIndex, Status));
//
// Try the next secure algorithm
--
2.39.3

@ -0,0 +1,49 @@
From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 19 Jun 2024 09:07:56 +0200
Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2)
There is a list of allowed rng algorithms, if /one/ of them is not
supported this is not a problem, only /all/ of them failing is an
error condition.
Downgrade the message for a single unsupported algorithm from ERROR to
VERBOSE. Add an error message in case we finish the loop without
finding a supported algorithm.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 6862b9d538d96363635677198899e1669e591259)
---
NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
index 01c13c08d2..4dfbe91a55 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
@@ -951,7 +951,7 @@ PseudoRandom (
//
// Secure Algorithm was not supported on this platform
//
- DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
+ DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
//
// Try the next secure algorithm
@@ -971,6 +971,7 @@ PseudoRandom (
// If we get here, we failed to generate random data using any secure algorithm
// Platform owner should ensure that at least one secure algorithm is supported
//
+ DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n"));
ASSERT_EFI_ERROR (Status);
return Status;
}
--
2.39.3

@ -0,0 +1,46 @@
From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56154
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

@ -0,0 +1,65 @@
From 0ddcdbae55f2dd6bbd4c4893ecfc0feeb21b9d91 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 23 Aug 2024 14:36:16 +0200
Subject: [PATCH 2/3] OvmfPkg/QemuVideoDxe: ignore display resolutions smaller
than 640x480
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 73: ignore display resolutions smaller than 640x480
RH-Jira: RHEL-56249
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [2/2] 95d973e06f759c00637831a9521063794ce5cf28 (kraxel.rh/centos-src-edk2)
GraphicsConsoleDxe will assert in case the resolution is too small.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 391666da2c1dc5671bbb3393079d86f46e3435af)
---
OvmfPkg/QemuVideoDxe/Initialize.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/OvmfPkg/QemuVideoDxe/Initialize.c b/OvmfPkg/QemuVideoDxe/Initialize.c
index 050ae878ec..2d1f50637f 100644
--- a/OvmfPkg/QemuVideoDxe/Initialize.c
+++ b/OvmfPkg/QemuVideoDxe/Initialize.c
@@ -293,6 +293,8 @@ QemuVideoBochsEdid (
)
{
EFI_STATUS Status;
+ UINT32 X;
+ UINT32 Y;
if (Private->Variant != QEMU_VIDEO_BOCHS_MMIO) {
return;
@@ -344,16 +346,24 @@ QemuVideoBochsEdid (
return;
}
- *XRes = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4);
- *YRes = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4);
+ X = Private->Edid[56] | ((Private->Edid[58] & 0xf0) << 4);
+ Y = Private->Edid[59] | ((Private->Edid[61] & 0xf0) << 4);
DEBUG ((
DEBUG_INFO,
"%a: default resolution: %dx%d\n",
__func__,
- *XRes,
- *YRes
+ X,
+ Y
));
+ if ((X < 640) || (Y < 480)) {
+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */
+ return;
+ }
+
+ *XRes = X;
+ *YRes = Y;
+
if (PcdGet8 (PcdVideoResolutionSource) == 0) {
Status = PcdSet32S (PcdVideoHorizontalResolution, *XRes);
ASSERT_RETURN_ERROR (Status);
--
2.39.3

@ -0,0 +1,37 @@
From 66b4a85fcb8ec13c5e4e152d1265dbf31eaa34f3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 23 Aug 2024 14:35:53 +0200
Subject: [PATCH 1/3] OvmfPkg/VirtioGpuDxe: ignore display resolutions smaller
than 640x480
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 73: ignore display resolutions smaller than 640x480
RH-Jira: RHEL-56249
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/2] 24ec635d43a396ceb50197136ad7ffdc4a614a47 (kraxel.rh/centos-src-edk2)
GraphicsConsoleDxe will assert in case the resolution is too small.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 58035e8b5e11cfe2b9e6428d14c7817b6b1c83a2)
---
OvmfPkg/VirtioGpuDxe/Gop.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/OvmfPkg/VirtioGpuDxe/Gop.c b/OvmfPkg/VirtioGpuDxe/Gop.c
index f64dfce5f4..d767114bbb 100644
--- a/OvmfPkg/VirtioGpuDxe/Gop.c
+++ b/OvmfPkg/VirtioGpuDxe/Gop.c
@@ -265,7 +265,8 @@ GopInitialize (
// query host for display resolution
//
GopNativeResolution (VgpuGop, &XRes, &YRes);
- if ((XRes == 0) || (YRes == 0)) {
+ if ((XRes < 640) || (YRes < 480)) {
+ /* ignore hint, GraphicsConsoleDxe needs 640x480 or larger */
return;
}
--
2.39.3

@ -0,0 +1,143 @@
From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 27 Aug 2024 12:06:15 +0200
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if
not needed.
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed.
RH-Jira: RHEL-50185
RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2)
Add the new global mMsrIa32MiscEnableSupported variable to track
whenever support for the IA32_MISC_ENABLE MSR is present or not.
Add new local PatchingNeeded variable to CheckFeatureSupported()
to track if patching the SMM setup code is needed or not.
Issue PatchInstructionX86() calls only if needed, i.e. if one of
the *Supported variables has been updated.
Result is that on a typical SMP machine where all processors are
identical the PatchInstructionX86() calls are issued only once,
when checking the first processor. Specifically this avoids
PatchInstructionX86() being called in OVMF on CPU hotplug. That
is important because instruction patching at runtime does not not
work and leads to page faults.
This fixes CPU hotplug on OVMF not working with AMD cpus.
Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++-----
1 file changed, 40 insertions(+), 9 deletions(-)
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
index 8142d3ceac..8e299fd29a 100644
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c
@@ -40,6 +40,11 @@ BOOLEAN mXdEnabled = FALSE;
//
BOOLEAN mBtsSupported = TRUE;
+//
+// The flag indicates if MSR_IA32_MISC_ENABLE is supported by processor
+//
+BOOLEAN mMsrIa32MiscEnableSupported = TRUE;
+
//
// The flag indicates if SMM profile starts to record data.
//
@@ -904,18 +909,23 @@ CheckFeatureSupported (
UINT32 RegEcx;
UINT32 RegEdx;
MSR_IA32_MISC_ENABLE_REGISTER MiscEnableMsr;
+ BOOLEAN PatchingNeeded = FALSE;
if ((PcdGet32 (PcdControlFlowEnforcementPropertyMask) != 0) && mCetSupported) {
AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);
if (RegEax >= CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS) {
AsmCpuidEx (CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS, CPUID_STRUCTURED_EXTENDED_FEATURE_FLAGS_SUB_LEAF_INFO, NULL, NULL, &RegEcx, NULL);
if ((RegEcx & CPUID_CET_SS) == 0) {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
} else {
- mCetSupported = FALSE;
- PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ if (mCetSupported) {
+ mCetSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -925,8 +935,10 @@ CheckFeatureSupported (
//
// Extended CPUID functions are not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
AsmCpuid (CPUID_EXTENDED_CPU_SIG, NULL, NULL, NULL, &RegEdx);
@@ -934,15 +946,20 @@ CheckFeatureSupported (
//
// Execute Disable Bit feature is not supported on this processor.
//
- mXdSupported = FALSE;
- PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ if (mXdSupported) {
+ mXdSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
if (StandardSignatureIsAuthenticAMD ()) {
//
// AMD processors do not support MSR_IA32_MISC_ENABLE
//
- PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ if (mMsrIa32MiscEnableSupported) {
+ mMsrIa32MiscEnableSupported = FALSE;
+ PatchingNeeded = TRUE;
+ }
}
}
@@ -966,6 +983,20 @@ CheckFeatureSupported (
}
}
}
+
+ if (PatchingNeeded) {
+ if (!mCetSupported) {
+ PatchInstructionX86 (mPatchCetSupported, mCetSupported, 1);
+ }
+
+ if (!mXdSupported) {
+ PatchInstructionX86 (gPatchXdSupported, mXdSupported, 1);
+ }
+
+ if (!mMsrIa32MiscEnableSupported) {
+ PatchInstructionX86 (gPatchMsrIa32MiscEnableSupported, FALSE, 1);
+ }
+ }
}
/**
--
2.39.3

@ -0,0 +1,447 @@
#!/usr/bin/python3
"""
build helper script for edk2, see
https://gitlab.com/kraxel/edk2-build-config
"""
import os
import sys
import time
import shutil
import argparse
import subprocess
import configparser
rebase_prefix = ""
version_override = None
release_date = None
# pylint: disable=unused-variable
def check_rebase():
""" detect 'git rebase -x edk2-build.py master' testbuilds """
global rebase_prefix
global version_override
gitdir = '.git'
if os.path.isfile(gitdir):
with open(gitdir, 'r', encoding = 'utf-8') as f:
(unused, gitdir) = f.read().split()
if not os.path.exists(f'{gitdir}/rebase-merge/msgnum'):
return
with open(f'{gitdir}/rebase-merge/msgnum', 'r', encoding = 'utf-8') as f:
msgnum = int(f.read())
with open(f'{gitdir}/rebase-merge/end', 'r', encoding = 'utf-8') as f:
end = int(f.read())
with open(f'{gitdir}/rebase-merge/head-name', 'r', encoding = 'utf-8') as f:
head = f.read().strip().split('/')
rebase_prefix = f'[ {int(msgnum/2)} / {int(end/2)} - {head[-1]} ] '
if msgnum != end and not version_override:
# fixed version speeds up builds
version_override = "test-build-patch-series"
def get_coredir(cfg):
if cfg.has_option('global', 'core'):
return os.path.abspath(cfg['global']['core'])
return os.getcwd()
def get_toolchain(cfg, build):
if cfg.has_option(build, 'tool'):
return cfg[build]['tool']
if cfg.has_option('global', 'tool'):
return cfg['global']['tool']
return 'GCC5'
def get_hostarch():
mach = os.uname().machine
if mach == 'x86_64':
return 'X64'
if mach == 'aarch64':
return 'AARCH64'
if mach == 'riscv64':
return 'RISCV64'
return 'UNKNOWN'
def get_version(cfg, silent = False):
coredir = get_coredir(cfg)
if version_override:
version = version_override
if not silent:
print('')
print(f'### version [override]: {version}')
return version
if os.environ.get('RPM_PACKAGE_NAME'):
version = os.environ.get('RPM_PACKAGE_NAME')
version += '-' + os.environ.get('RPM_PACKAGE_VERSION')
version += '-' + os.environ.get('RPM_PACKAGE_RELEASE')
if not silent:
print('')
print(f'### version [rpmbuild]: {version}')
return version
if os.path.exists(coredir + '/.git'):
cmdline = [ 'git', 'describe', '--tags', '--abbrev=8',
'--match=edk2-stable*' ]
result = subprocess.run(cmdline, cwd = coredir,
stdout = subprocess.PIPE,
check = True)
version = result.stdout.decode().strip()
if not silent:
print('')
print(f'### version [git]: {version}')
return version
return None
def pcd_string(name, value):
return f'{name}=L{value}\\0'
def pcd_version(cfg, silent = False):
version = get_version(cfg, silent)
if version is None:
return []
return [ '--pcd', pcd_string('PcdFirmwareVersionString', version) ]
def pcd_release_date():
if release_date is None:
return []
return [ '--pcd', pcd_string('PcdFirmwareReleaseDateString', release_date) ]
def build_message(line, line2 = None, silent = False):
if os.environ.get('TERM') in [ 'xterm', 'xterm-256color' ]:
# setxterm title
start = '\x1b]2;'
end = '\x07'
print(f'{start}{rebase_prefix}{line}{end}', end = '')
if silent:
print(f'### {rebase_prefix}{line}', flush = True)
else:
print('')
print('###')
print(f'### {rebase_prefix}{line}')
if line2:
print(f'### {line2}')
print('###', flush = True)
def build_run(cmdline, name, section, silent = False, nologs = False):
if silent:
logfile = f'{section}.log'
if nologs:
print(f'### building in silent mode [no log] ...', flush = True)
else:
print(f'### building in silent mode [{logfile}] ...', flush = True)
start = time.time()
result = subprocess.run(cmdline, check = False,
stdout = subprocess.PIPE,
stderr = subprocess.STDOUT)
if not nologs:
with open(logfile, 'wb') as f:
f.write(result.stdout)
if result.returncode:
print('### BUILD FAILURE')
print('### cmdline')
print(cmdline)
print('### output')
print(result.stdout.decode())
print(f'### exit code: {result.returncode}')
else:
secs = int(time.time() - start)
print(f'### OK ({int(secs/60)}:{secs%60:02d})')
else:
print(cmdline, flush = True)
result = subprocess.run(cmdline, check = False)
if result.returncode:
print(f'ERROR: {cmdline[0]} exited with {result.returncode}'
f' while building {name}')
sys.exit(result.returncode)
def build_copy(plat, tgt, toolchain, dstdir, copy):
srcdir = f'Build/{plat}/{tgt}_{toolchain}'
names = copy.split()
srcfile = names[0]
if len(names) > 1:
dstfile = names[1]
else:
dstfile = os.path.basename(srcfile)
print(f'# copy: {srcdir} / {srcfile} => {dstdir} / {dstfile}')
src = srcdir + '/' + srcfile
dst = dstdir + '/' + dstfile
os.makedirs(os.path.dirname(dst), exist_ok = True)
shutil.copy(src, dst)
def pad_file(dstdir, pad):
args = pad.split()
if len(args) < 2:
raise RuntimeError(f'missing arg for pad ({args})')
name = args[0]
size = args[1]
cmdline = [
'truncate',
'--size', size,
dstdir + '/' + name,
]
print(f'# padding: {dstdir} / {name} => {size}')
subprocess.run(cmdline, check = True)
# pylint: disable=too-many-branches
def build_one(cfg, build, jobs = None, silent = False, nologs = False):
b = cfg[build]
cmdline = [ 'build' ]
cmdline += [ '-t', get_toolchain(cfg, build) ]
cmdline += [ '-p', b['conf'] ]
if (b['conf'].startswith('OvmfPkg/') or
b['conf'].startswith('ArmVirtPkg/')):
cmdline += pcd_version(cfg, silent)
cmdline += pcd_release_date()
if jobs:
cmdline += [ '-n', jobs ]
for arch in b['arch'].split():
if arch == 'HOST':
cmdline += [ '-a', get_hostarch() ]
else:
cmdline += [ '-a', arch ]
if 'opts' in b:
for name in b['opts'].split():
section = 'opts.' + name
for opt in cfg[section]:
cmdline += [ '-D', opt + '=' + cfg[section][opt] ]
if 'pcds' in b:
for name in b['pcds'].split():
section = 'pcds.' + name
for pcd in cfg[section]:
cmdline += [ '--pcd', pcd + '=' + cfg[section][pcd] ]
if 'tgts' in b:
tgts = b['tgts'].split()
else:
tgts = [ 'DEBUG' ]
for tgt in tgts:
desc = None
if 'desc' in b:
desc = b['desc']
build_message(f'building: {b["conf"]} ({b["arch"]}, {tgt})',
f'description: {desc}',
silent = silent)
build_run(cmdline + [ '-b', tgt ],
b['conf'],
build + '.' + tgt,
silent,
nologs)
if 'plat' in b:
# copy files
for cpy in b:
if not cpy.startswith('cpy'):
continue
build_copy(b['plat'], tgt,
get_toolchain(cfg, build),
b['dest'], b[cpy])
# pad builds
for pad in b:
if not pad.startswith('pad'):
continue
pad_file(b['dest'], b[pad])
def build_basetools(silent = False, nologs = False):
build_message('building: BaseTools', silent = silent)
basedir = os.environ['EDK_TOOLS_PATH']
cmdline = [ 'make', '-C', basedir ]
build_run(cmdline, 'BaseTools', 'build.basetools', silent, nologs)
def binary_exists(name):
for pdir in os.environ['PATH'].split(':'):
if os.path.exists(pdir + '/' + name):
return True
return False
def prepare_env(cfg, silent = False):
""" mimic Conf/BuildEnv.sh """
workspace = os.getcwd()
packages = [ workspace, ]
path = os.environ['PATH'].split(':')
dirs = [
'BaseTools/Bin/Linux-x86_64',
'BaseTools/BinWrappers/PosixLike'
]
if cfg.has_option('global', 'pkgs'):
for pkgdir in cfg['global']['pkgs'].split():
packages.append(os.path.abspath(pkgdir))
coredir = get_coredir(cfg)
if coredir != workspace:
packages.append(coredir)
# add basetools to path
for pdir in dirs:
p = coredir + '/' + pdir
if not os.path.exists(p):
continue
if p in path:
continue
path.insert(0, p)
# run edksetup if needed
toolsdef = coredir + '/Conf/tools_def.txt'
if not os.path.exists(toolsdef):
os.makedirs(os.path.dirname(toolsdef), exist_ok = True)
build_message('running BaseTools/BuildEnv', silent = silent)
cmdline = [ 'bash', 'BaseTools/BuildEnv' ]
subprocess.run(cmdline, cwd = coredir, check = True)
# set variables
os.environ['PATH'] = ':'.join(path)
os.environ['PACKAGES_PATH'] = ':'.join(packages)
os.environ['WORKSPACE'] = workspace
os.environ['EDK_TOOLS_PATH'] = coredir + '/BaseTools'
os.environ['CONF_PATH'] = coredir + '/Conf'
os.environ['PYTHON_COMMAND'] = '/usr/bin/python3'
os.environ['PYTHONHASHSEED'] = '1'
# for cross builds
if binary_exists('arm-linux-gnueabi-gcc'):
# ubuntu
os.environ['GCC5_ARM_PREFIX'] = 'arm-linux-gnueabi-'
os.environ['GCC_ARM_PREFIX'] = 'arm-linux-gnueabi-'
elif binary_exists('arm-linux-gnu-gcc'):
# fedora
os.environ['GCC5_ARM_PREFIX'] = 'arm-linux-gnu-'
os.environ['GCC_ARM_PREFIX'] = 'arm-linux-gnu-'
if binary_exists('loongarch64-linux-gnu-gcc'):
os.environ['GCC5_LOONGARCH64_PREFIX'] = 'loongarch64-linux-gnu-'
os.environ['GCC_LOONGARCH64_PREFIX'] = 'loongarch64-linux-gnu-'
hostarch = os.uname().machine
if binary_exists('aarch64-linux-gnu-gcc') and hostarch != 'aarch64':
os.environ['GCC5_AARCH64_PREFIX'] = 'aarch64-linux-gnu-'
os.environ['GCC_AARCH64_PREFIX'] = 'aarch64-linux-gnu-'
if binary_exists('riscv64-linux-gnu-gcc') and hostarch != 'riscv64':
os.environ['GCC5_RISCV64_PREFIX'] = 'riscv64-linux-gnu-'
os.environ['GCC_RISCV64_PREFIX'] = 'riscv64-linux-gnu-'
if binary_exists('x86_64-linux-gnu-gcc') and hostarch != 'x86_64':
os.environ['GCC5_IA32_PREFIX'] = 'x86_64-linux-gnu-'
os.environ['GCC5_X64_PREFIX'] = 'x86_64-linux-gnu-'
os.environ['GCC5_BIN'] = 'x86_64-linux-gnu-'
os.environ['GCC_IA32_PREFIX'] = 'x86_64-linux-gnu-'
os.environ['GCC_X64_PREFIX'] = 'x86_64-linux-gnu-'
os.environ['GCC_BIN'] = 'x86_64-linux-gnu-'
def build_list(cfg):
for build in cfg.sections():
if not build.startswith('build.'):
continue
name = build.lstrip('build.')
desc = 'no description'
if 'desc' in cfg[build]:
desc = cfg[build]['desc']
print(f'# {name:20s} - {desc}')
def main():
parser = argparse.ArgumentParser(prog = 'edk2-build',
description = 'edk2 build helper script')
parser.add_argument('-c', '--config', dest = 'configfile',
type = str, default = '.edk2.builds', metavar = 'FILE',
help = 'read configuration from FILE (default: .edk2.builds)')
parser.add_argument('-C', '--directory', dest = 'directory', type = str,
help = 'change to DIR before building', metavar = 'DIR')
parser.add_argument('-j', '--jobs', dest = 'jobs', type = str,
help = 'allow up to JOBS parallel build jobs',
metavar = 'JOBS')
parser.add_argument('-m', '--match', dest = 'match',
type = str, action = 'append',
help = 'only run builds matching INCLUDE (substring)',
metavar = 'INCLUDE')
parser.add_argument('-x', '--exclude', dest = 'exclude',
type = str, action = 'append',
help = 'skip builds matching EXCLUDE (substring)',
metavar = 'EXCLUDE')
parser.add_argument('-l', '--list', dest = 'list',
action = 'store_true', default = False,
help = 'list build configs available')
parser.add_argument('--silent', dest = 'silent',
action = 'store_true', default = False,
help = 'write build output to logfiles, '
'write to console only on errors')
parser.add_argument('--no-logs', dest = 'nologs',
action = 'store_true', default = False,
help = 'do not write build log files (with --silent)')
parser.add_argument('--core', dest = 'core', type = str, metavar = 'DIR',
help = 'location of the core edk2 repository '
'(i.e. where BuildTools are located)')
parser.add_argument('--pkg', '--package', dest = 'pkgs',
type = str, action = 'append', metavar = 'DIR',
help = 'location(s) of additional packages '
'(can be specified multiple times)')
parser.add_argument('-t', '--toolchain', dest = 'toolchain',
type = str, metavar = 'NAME',
help = 'tool chain to be used to build edk2')
parser.add_argument('--version-override', dest = 'version_override',
type = str, metavar = 'VERSION',
help = 'set firmware build version')
parser.add_argument('--release-date', dest = 'release_date',
type = str, metavar = 'DATE',
help = 'set firmware build release date (in MM/DD/YYYY format)')
options = parser.parse_args()
if options.directory:
os.chdir(options.directory)
if not os.path.exists(options.configfile):
print(f'config file "{options.configfile}" not found')
return 1
cfg = configparser.ConfigParser()
cfg.optionxform = str
cfg.read(options.configfile)
if options.list:
build_list(cfg)
return 0
if not cfg.has_section('global'):
cfg.add_section('global')
if options.core:
cfg.set('global', 'core', options.core)
if options.pkgs:
cfg.set('global', 'pkgs', ' '.join(options.pkgs))
if options.toolchain:
cfg.set('global', 'tool', options.toolchain)
global version_override
global release_date
check_rebase()
if options.version_override:
version_override = options.version_override
if options.release_date:
release_date = options.release_date
prepare_env(cfg, options.silent)
build_basetools(options.silent, options.nologs)
for build in cfg.sections():
if not build.startswith('build.'):
continue
if options.match:
matching = False
for item in options.match:
if item in build:
matching = True
if not matching:
print(f'# skipping "{build}" (not matching "{"|".join(options.match)}")')
continue
if options.exclude:
exclude = False
for item in options.exclude:
if item in build:
print(f'# skipping "{build}" (matching "{item}")')
exclude = True
if exclude:
continue
build_one(cfg, build, options.jobs, options.silent, options.nologs)
return 0
if __name__ == '__main__':
sys.exit(main())

@ -0,0 +1,129 @@
[opts.ovmf.common]
NETWORK_HTTP_BOOT_ENABLE = TRUE
NETWORK_IP6_ENABLE = TRUE
NETWORK_TLS_ENABLE = TRUE
NETWORK_ISCSI_ENABLE = TRUE
NETWORK_ALLOW_HTTP_CONNECTIONS = TRUE
TPM2_ENABLE = TRUE
TPM2_CONFIG_ENABLE = TRUE
TPM1_ENABLE = FALSE
CAVIUM_ERRATUM_27456 = TRUE
[opts.ovmf.4m]
FD_SIZE_4MB = TRUE
[opts.ovmf.sb.smm]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = TRUE
# old downstream
EXCLUDE_SHELL_FROM_FD = TRUE
# new upstream
BUILD_SHELL = FALSE
[opts.ovmf.sb.stateless]
SECURE_BOOT_ENABLE = TRUE
SMM_REQUIRE = FALSE
[opts.armvirt.verbose]
DEBUG_PRINT_ERROR_LEVEL = 0x8040004F
[opts.armvirt.silent]
DEBUG_PRINT_ERROR_LEVEL = 0x80000000
[pcds.nx.strict]
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD5
PcdUninstallMemAttrProtocol = FALSE
[pcds.nx.broken.shim.grub]
# grub.efi uses EfiLoaderData for code
PcdDxeNxMemoryProtectionPolicy = 0xC000000000007FD1
# shim.efi has broken MemAttr code
PcdUninstallMemAttrProtocol = TRUE
#####################################################################
# stateful ovmf builds (with vars in flash)
[build.ovmf.4m.default]
desc = ovmf build (64-bit, 4MB)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
plat = OvmfX64
dest = RHEL-9/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.fd
cpy2 = FV/OVMF_VARS.fd
cpy3 = X64/Shell.efi
[build.ovmf.4m.sb.smm]
desc = ovmf build (64-bit, 4MB, q35 only, needs smm, secure boot)
conf = OvmfPkg/OvmfPkgX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.smm
plat = OvmfX64
dest = RHEL-9/ovmf
cpy1 = FV/OVMF_CODE.fd OVMF_CODE.secboot.fd
cpy2 = X64/EnrollDefaultKeys.efi
#####################################################################
# stateless ovmf builds (firmware in rom or r/o flash)
[build.ovmf.amdsev]
desc = ovmf build for AmdSev (4MB)
conf = OvmfPkg/AmdSev/AmdSevX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
plat = AmdSev
dest = RHEL-9/ovmf
cpy1 = FV/OVMF.fd OVMF.amdsev.fd
[build.ovmf.inteltdx]
desc = ovmf build for IntelTdx (4MB)
conf = OvmfPkg/IntelTdx/IntelTdxX64.dsc
arch = X64
opts = ovmf.common
ovmf.4m
ovmf.sb.stateless
plat = IntelTdx
dest = RHEL-9/ovmf
cpy1 = FV/OVMF.fd OVMF.inteltdx.fd
#####################################################################
# armvirt builds
[build.armvirt.aa64.verbose]
desc = ArmVirt build for qemu, 64-bit (arm v8), verbose
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.verbose
pcds = nx.broken.shim.grub
plat = ArmVirtQemu-AARCH64
dest = RHEL-9/aarch64
cpy1 = FV/QEMU_EFI.fd
cpy2 = FV/QEMU_VARS.fd
cpy3 = FV/QEMU_EFI.fd QEMU_EFI-pflash.raw
cpy4 = FV/QEMU_VARS.fd vars-template-pflash.raw
pad3 = QEMU_EFI-pflash.raw 64m
pad4 = vars-template-pflash.raw 64m
[build.armvirt.aa64.silent]
desc = ArmVirt build for qemu, 64-bit (arm v8), silent
conf = ArmVirtPkg/ArmVirtQemu.dsc
arch = AARCH64
opts = ovmf.common
armvirt.silent
pcds = nx.broken.shim.grub
plat = ArmVirtQemu-AARCH64
dest = RHEL-9/aarch64
cpy1 = FV/QEMU_EFI.fd QEMU_EFI.silent.fd
cpy2 = FV/QEMU_EFI.fd QEMU_EFI-silent-pflash.raw
pad2 = QEMU_EFI-silent-pflash.raw 64m

File diff suppressed because it is too large Load Diff

@ -0,0 +1,494 @@
ExclusiveArch: x86_64 aarch64
# edk2-stable202405
%define GITDATE 20240524
%define GITCOMMIT 3e722403cd
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define DBXDATE 20230509
%define build_ovmf 0
%define build_aarch64 0
%ifarch x86_64
%define build_ovmf 1
%endif
%ifarch aarch64
%define build_aarch64 1
%endif
Name: edk2
Version: %{GITDATE}
Release: 9%{?dist}
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
# The source tarball is created using following commands:
# COMMIT=ba91d0292e
# git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
Source0: edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-%{OPENSSL_HASH}.tar.xz
# json description files
Source10: 50-edk2-aarch64-qcow2.json
Source11: 51-edk2-aarch64-raw.json
Source12: 52-edk2-aarch64-verbose-qcow2.json
Source13: 53-edk2-aarch64-verbose-raw.json
Source40: 30-edk2-ovmf-x64-sb-enrolled.json
Source41: 40-edk2-ovmf-x64-sb.json
Source43: 50-edk2-ovmf-x64-nosb.json
Source44: 60-edk2-ovmf-x64-amdsev.json
Source45: 60-edk2-ovmf-x64-inteltdx.json
# https://gitlab.com/kraxel/edk2-build-config
Source80: edk2-build.py
Source82: edk2-build.rhel-9
Source90: DBXUpdate-%{DBXDATE}.x64.bin
Patch1: 0003-Remove-paths-leading-to-submodules.patch
Patch2: 0004-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch3: 0005-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch4: 0006-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch5: 0007-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Patch6: 0008-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
Patch7: 0009-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
Patch8: 0010-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
Patch9: 0011-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch10: 0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
Patch11: 0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
Patch12: 0014-OvmfPkg-Remove-EbcDxe-RHEL-only.patch
Patch13: 0015-OvmfPkg-Remove-VirtioGpu-device-driver-RHEL-only.patch
Patch14: 0016-OvmfPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL-on.patch
Patch15: 0017-ArmVirtPkg-Remove-VirtioFsDxe-filesystem-driver-RHEL.patch
Patch16: 0018-OvmfPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
Patch17: 0019-ArmVirtPkg-Remove-UdfDxe-filesystem-driver-RHEL-only.patch
Patch18: 0020-OvmfPkg-Remove-TftpDynamicCommand-from-shell-RHEL-on.patch
Patch19: 0021-ArmVirtPkg-Remove-TftpDynamicCommand-from-shell-RHEL.patch
Patch20: 0022-OvmfPkg-Remove-HttpDynamicCommand-from-shell-RHEL-on.patch
Patch21: 0023-ArmVirtPkg-Remove-HttpDynamicCommand-from-shell-RHEL.patch
Patch22: 0024-OvmfPkg-Remove-LinuxInitrdDynamicShellCommand-RHEL-o.patch
Patch23: 0025-ArmVirtPkg-Remove-LinuxInitrdDynamicShellCommand-RHE.patch
Patch24: 0026-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
Patch25: 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
Patch26: 0028-CryptoPkg-CrtLib-add-stat.h-include-file.patch
Patch27: 0029-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
Patch28: 0030-OvmfPkg-Sec-Setup-MTRR-early-in-the-boot-process.patch
Patch29: 0031-MdePkg-ArchitecturalMsr.h-add-defines-for-MTRR-cache.patch
Patch30: 0032-UefiCpuPkg-MtrrLib.h-use-cache-type-defines-from-Arc.patch
Patch31: 0033-OvmfPkg-Sec-use-cache-type-defines-from-Architectura.patch
Patch32: 0034-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
Patch33: 0035-OvmfPkg-add-morlock-support.patch
Patch34: 0036-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
Patch35: 0037-SecurityPkg-RngDxe-add-rng-test.patch
Patch36: 0038-OvmfPkg-wire-up-RngDxe.patch
Patch37: 0039-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
Patch38: 0040-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
# For RHEL-45261 - [RHEL10] edk2 disconnects abnormally before loading the kernel
Patch39: edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch40: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
# For RHEL-45829 - [RHEL-10.0] edk2 hit Failed to generate random data
Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
# For RHEL-56082 - [EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10]
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-50185 - [RHEL10] Hit soft lockup when hotplug vcpu
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56154 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10]
Patch45: edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch
# For RHEL-56249 - 507x510 display resolution should not crash the firmware [edk2,rhel-10]
Patch46: edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch
# For RHEL-60829 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0]
Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
# verification with "ovmf-vars-generator".
BuildRequires: python3-devel
BuildRequires: libuuid-devel
BuildRequires: /usr/bin/iasl
BuildRequires: binutils gcc git gcc-c++ make
BuildRequires: perl perl(JSON)
BuildRequires: qemu-img
%if %{build_ovmf}
# Only OVMF includes 80x86 assembly files (*.nasm*).
BuildRequires: nasm
# Only OVMF includes the Secure Boot feature, for which we need to separate out
# the UEFI shell.
BuildRequires: dosfstools
BuildRequires: mtools
BuildRequires: xorriso
# secure boot enrollment
BuildRequires: python3dist(virt-firmware) >= 23.4
# endif build_ovmf
%endif
%package ovmf
Summary: UEFI firmware for x86_64 virtual machines
BuildArch: noarch
Provides: OVMF = %{version}-%{release}
Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
# library.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD-2-Clause-Patent and Apache-2.0
# URL taken from the Maintainers.txt file.
URL: http://www.tianocore.org/ovmf/
%description ovmf
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for
Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU
and KVM.
%package aarch64
Summary: UEFI firmware for aarch64 virtual machines
BuildArch: noarch
Provides: AAVMF = %{version}-%{release}
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
# need libvirt version with qcow2 support
Conflicts: libvirt-daemon-driver-qemu < 9.2.0
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: BSD-2-Clause-Patent and Apache-2.0
# URL taken from the Maintainers.txt file.
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
%description aarch64
AAVMF (ARM Architecture Virtual Machine Firmware) is an EFI Development Kit II
platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This
package contains a 64-bit build.
%package tools
Summary: EFI Development Kit II Tools
License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
%description tools
This package provides tools that are needed to
build EFI executables and ROMs using the GNU tools.
%package tools-doc
Summary: Documentation for EFI Development Kit II Tools
BuildArch: noarch
License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
%description tools-doc
This package documents the tools that are needed to
build EFI executables and ROMs using the GNU tools.
%description
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.
%prep
# We needs some special git config options that %%autosetup won't give us.
# We init the git dir ourselves, then tell %%autosetup not to blow it away.
%setup -q -n edk2-%{GITCOMMIT}
git init -q
git config core.whitespace cr-at-eol
git config am.keepcr true
# -T is passed to %%setup to not re-extract the archive
# -D is passed to %%setup to not delete the existing archive dir
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
cp -a -- %{SOURCE1} .
cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
cp -a -- %{SOURCE40} %{SOURCE41} %{SOURCE43} %{SOURCE44} %{SOURCE45} .
cp -a -- %{SOURCE80} %{SOURCE82} .
cp -a -- %{SOURCE90} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# Done by %setup, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
%build
build_iso() {
dir="$1"
UEFI_SHELL_BINARY=${dir}/Shell.efi
ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi
UEFI_SHELL_IMAGE=uefi_shell.img
ISO_IMAGE=${dir}/UefiShell.iso
UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY")
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
# add 1MB then 10% for metadata
UEFI_SHELL_IMAGE_KB=$((
(UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024
))
# create non-partitioned FAT image
rm -f -- "$UEFI_SHELL_IMAGE"
mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
# copy the shell binary into the FAT image
export MTOOLS_SKIP_CHECK=1
mmd -i "$UEFI_SHELL_IMAGE" ::efi
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi
mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" ::
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
# build ISO with FAT image file as El Torito EFI boot image
mkisofs -input-charset ASCII -J -rational-rock \
-e "$UEFI_SHELL_IMAGE" -no-emul-boot \
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
}
export EXTRA_OPTFLAGS="%{optflags}"
export EXTRA_LDFLAGS="%{__global_ldflags}"
export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')"
touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
python3 CryptoPkg/Library/OpensslLib/configure.py
# include dirs of unused submodules
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include/mbedtls
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/library
mkdir -p SecurityPkg/DeviceSecurity/SpdmLib/libspdm/include
%if %{build_ovmf}
./edk2-build.py --config edk2-build.rhel-9 -m ovmf --release-date "$RELEASE_DATE"
build_iso RHEL-9/ovmf
cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \
--output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot \
--set-fallback-no-reboot
%endif
%if %{build_aarch64}
./edk2-build.py --config edk2-build.rhel-9 -m armvirt --release-date "$RELEASE_DATE"
for raw in */aarch64/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
done
%endif
%install
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
# install the tools
mkdir -p %{buildroot}%{_bindir} \
%{buildroot}%{_datadir}/%{name}/Conf \
%{buildroot}%{_datadir}/%{name}/Scripts
install BaseTools/Source/C/bin/* \
%{buildroot}%{_bindir}
install BaseTools/BinWrappers/PosixLike/LzmaF86Compress \
%{buildroot}%{_bindir}
install BaseTools/BuildEnv \
%{buildroot}%{_datadir}/%{name}
install BaseTools/Conf/*.template \
%{buildroot}%{_datadir}/%{name}/Conf
install BaseTools/Scripts/GccBase.lds \
%{buildroot}%{_datadir}/%{name}/Scripts
mkdir -p %{buildroot}%{_datadir}/%{name}
cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name}
%if %{build_ovmf}
mkdir -p %{buildroot}%{_datadir}/OVMF
ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/
ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
install -m 0644 \
30-edk2-ovmf-x64-sb-enrolled.json \
40-edk2-ovmf-x64-sb.json \
50-edk2-ovmf-x64-nosb.json \
60-edk2-ovmf-x64-amdsev.json \
60-edk2-ovmf-x64-inteltdx.json \
%{buildroot}%{_datadir}/qemu/firmware
# endif build_ovmf
%endif
%if %{build_aarch64}
mkdir -p %{buildroot}%{_datadir}/AAVMF
ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
ln -s ../%{name}/aarch64/vars-template-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
install -m 0644 \
50-edk2-aarch64-qcow2.json \
51-edk2-aarch64-raw.json \
52-edk2-aarch64-verbose-qcow2.json \
53-edk2-aarch64-verbose-raw.json \
%{buildroot}%{_datadir}/qemu/firmware
# endif build_aarch64
%endif
%check
%global common_files \
%%license License.txt License.OvmfPkg.txt License-History.txt LICENSE.openssl \
%%dir %%{_datadir}/%%{name}/ \
%%dir %%{_datadir}/qemu \
%%dir %%{_datadir}/qemu/firmware
%if %{build_ovmf}
%files ovmf
%common_files
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir %{_datadir}/OVMF/
%dir %{_datadir}/%{name}/ovmf/
%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd
%{_datadir}/%{name}/ovmf/DBXUpdate*.bin
%{_datadir}/%{name}/ovmf/UefiShell.iso
%{_datadir}/OVMF/OVMF_CODE.secboot.fd
%{_datadir}/OVMF/OVMF_VARS.fd
%{_datadir}/OVMF/OVMF_VARS.secboot.fd
%{_datadir}/OVMF/UefiShell.iso
%{_datadir}/%{name}/ovmf/Shell.efi
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
%{_datadir}/qemu/firmware/30-edk2-ovmf-x64-sb-enrolled.json
%{_datadir}/qemu/firmware/40-edk2-ovmf-x64-sb.json
%{_datadir}/qemu/firmware/50-edk2-ovmf-x64-nosb.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
# endif build_ovmf
%endif
%if %{build_aarch64}
%files aarch64
%common_files
%dir %{_datadir}/AAVMF/
%dir %{_datadir}/%{name}/aarch64/
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
%{_datadir}/%{name}/aarch64/vars-template-pflash.*
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json
# endif build_aarch64
%endif
%files tools
%license License.txt
%license License-History.txt
%{_bindir}/DevicePath
%{_bindir}/EfiRom
%{_bindir}/GenCrc32
%{_bindir}/GenFfs
%{_bindir}/GenFv
%{_bindir}/GenFw
%{_bindir}/GenSec
%{_bindir}/LzmaCompress
%{_bindir}/LzmaF86Compress
%{_bindir}/TianoCompress
%{_bindir}/VfrCompile
%{_bindir}/VolInfo
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/BuildEnv
%{_datadir}/%{name}/Conf
%{_datadir}/%{name}/Scripts
%files tools-doc
%doc BaseTools/UserManuals/*.rtf
%changelog
* Tue Oct 08 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-9
- edk2-OvmfPkg-VirtioGpuDxe-ignore-display-resolutions-smal.patch [RHEL-56249]
- edk2-OvmfPkg-QemuVideoDxe-ignore-display-resolutions-smal.patch [RHEL-56249]
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60829]
- Resolves: RHEL-56249
(507x510 display resolution should not crash the firmware [edk2,rhel-10])
- Resolves: RHEL-60829
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-10.0])
* Fri Sep 27 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-8
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55302]
- Resolves: RHEL-55302
(CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-10.0 beta])
* Fri Sep 13 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-7
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56154]
- Resolves: RHEL-56154
(qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-10])
* Mon Sep 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-5
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-50185]
- Resolves: RHEL-50185
([RHEL10] Hit soft lockup when hotplug vcpu)
* Mon Sep 02 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-4
- edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch [RHEL-56082]
- Resolves: RHEL-56082
([EDK2] Shim fallback reboot workaround might not work on SNP [rhel-10])
* Tue Aug 20 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-3
- edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch [RHEL-45829]
- edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch [RHEL-45829]
- Resolves: RHEL-45829
([RHEL-10.0] edk2 hit Failed to generate random data )
* Wed Jul 24 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-2
- edk2-MdeModulePkg-Warn-if-out-of-flash-space-when-writing.patch [RHEL-45261]
- Resolves: RHEL-45261
([RHEL10] edk2 disconnects abnormally before loading the kernel)
* Fri Jun 28 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-1
- Rebase to edk2-stable202405
- Resolves: RHEL-32487
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 20240214-2
- Bump release for June 2024 mass rebuild
* Tue Apr 02 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240214-1
- Imported edk2-202402 from RHEL 9
- Resolves: RHEL-30180
Loading…
Cancel
Save