Compare commits

..

No commits in common. 'c10-beta' and 'c9' have entirely different histories.
c10-beta ... c9

@ -1,4 +1,4 @@
From 890270bd27f2177f0eb2158ca8c75b101d27283b Mon Sep 17 00:00:00 2001 From de9f92d118c1374243d9d3f006088a29ec7dcf8d Mon Sep 17 00:00:00 2001
From: Miroslav Rezanina <mrezanin@redhat.com> From: Miroslav Rezanina <mrezanin@redhat.com>
Date: Thu, 24 Mar 2022 03:23:02 -0400 Date: Thu, 24 Mar 2022 03:23:02 -0400
Subject: [PATCH] Remove paths leading to submodules Subject: [PATCH] Remove paths leading to submodules

@ -1,4 +1,4 @@
From 496d843eaa1efdc7c113ba9a919dcc6c2ae53c9f Mon Sep 17 00:00:00 2001 From 5c48211bdce4b30c86e92636e852e9da4ede4c1e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 25 Feb 2014 22:40:01 +0100 Date: Tue, 25 Feb 2014 22:40:01 +0100
Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode Subject: [PATCH] MdeModulePkg: TerminalDxe: set xterm resolution on mode

@ -1,4 +1,4 @@
From 3830b4cfd575bcb5d44b69f4d8f8d49f6992fcc3 Mon Sep 17 00:00:00 2001 From 0976965c3dd6ac841f59dc09220a6637060ba901 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 14 Oct 2015 15:59:06 +0200 Date: Wed, 14 Oct 2015 15:59:06 +0200
Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH Subject: [PATCH] OvmfPkg: take PcdResizeXterm from the QEMU command line (RH

@ -1,4 +1,4 @@
From 7461128f36076d1a5e45f89f00c8b2a5d92bd745 Mon Sep 17 00:00:00 2001 From 4c45a397402f58a67b1d4ea1348bb79f3716c7a5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Sun, 26 Jul 2015 08:02:50 +0000 Date: Sun, 26 Jul 2015 08:02:50 +0000
Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line Subject: [PATCH] ArmVirtPkg: take PcdResizeXterm from the QEMU command line

@ -1,4 +1,4 @@
From 9f24c54074c15630f78e019e018f791296a768d7 Mon Sep 17 00:00:00 2001 From 3dbb4913b3e1c0413dd3016681aca3a3d12edd0d Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com> From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:45 +0100 Date: Tue, 21 Nov 2017 00:57:45 +0100
Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) Subject: [PATCH] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)

@ -1,4 +1,4 @@
From 271d90ce05cbdb95c8f839e3bee5d0a0937e12fc Mon Sep 17 00:00:00 2001 From ac8f2a85bad100eaf42d3537b6fcb37fa3db5fd9 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com> From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:46 +0100 Date: Tue, 21 Nov 2017 00:57:46 +0100
Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in Subject: [PATCH] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in

@ -1,4 +1,4 @@
From f3810904a75876f09592863281fe4e8464851f18 Mon Sep 17 00:00:00 2001 From 511531fe074c28dd8139f722b25979df1995e492 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 27 Jan 2016 03:05:18 +0100 Date: Wed, 27 Jan 2016 03:05:18 +0100
Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in Subject: [PATCH] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in

@ -1,4 +1,4 @@
From 3fba0b8213fc5be8a164b3908d54af511fa21a10 Mon Sep 17 00:00:00 2001 From 3bf394bd43a4cf00c2b52b965b47b8194a406166 Mon Sep 17 00:00:00 2001
From: Philippe Mathieu-Daude <philmd@redhat.com> From: Philippe Mathieu-Daude <philmd@redhat.com>
Date: Thu, 1 Aug 2019 20:43:48 +0200 Date: Thu, 1 Aug 2019 20:43:48 +0200
Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 Subject: [PATCH] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64

@ -1,4 +1,4 @@
From 57370ffc06e8d5de6eb5c41e5b33a7891cdcc0e7 Mon Sep 17 00:00:00 2001 From b9ac7e96d76caa161d1689c0436551e95728ac0e Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com> From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 21 Nov 2017 00:57:47 +0100 Date: Tue, 21 Nov 2017 00:57:47 +0100
Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe Subject: [PATCH] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe

@ -1,4 +1,4 @@
From 1025d0336c038ed12354830fccef84771f611656 Mon Sep 17 00:00:00 2001 From 8c67b1b96e42c39a3562c8790ae5985a240edfce Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:31:36 +0200 Date: Wed, 24 Jun 2020 11:31:36 +0200
Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel" Subject: [PATCH] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no "-kernel"

@ -1,4 +1,4 @@
From 49bcb15e8b15f3a02427787981a09f09d17528f7 Mon Sep 17 00:00:00 2001 From de3d6fb999bd464f08c11b879cb4587295f3c0b1 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com> From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 24 Jun 2020 11:40:09 +0200 Date: Wed, 24 Jun 2020 11:40:09 +0200
Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent Subject: [PATCH] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in silent

@ -1,4 +1,4 @@
From b42de989e72259b0acd839b1fb6670ad9ff97aed Mon Sep 17 00:00:00 2001 From 3208551a4a7934a905ba33dde70bfea37c9a95af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:49 +0200 Date: Thu, 1 Jul 2021 20:28:49 +0200
Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only) Subject: [PATCH] OvmfPkg: Remove EbcDxe (RHEL only)

@ -1,4 +1,4 @@
From a16503fb8e213d321920b195d6fc40015a00cc20 Mon Sep 17 00:00:00 2001 From 42becc4c97abe443d06bb128a4b7d5e279842715 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:28:59 +0200 Date: Thu, 1 Jul 2021 20:28:59 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only) Subject: [PATCH] OvmfPkg: Remove VirtioGpu device driver (RHEL only)

@ -1,4 +1,4 @@
From 1c3ff57eaf5b559a1b390888ab6f5e235bec414d Mon Sep 17 00:00:00 2001 From 67e5739ca9ba906914aade6b5ad84c420ad9af29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:13 +0200 Date: Thu, 1 Jul 2021 20:29:13 +0200
Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only) Subject: [PATCH] OvmfPkg: Remove VirtioFsDxe filesystem driver (RHEL only)

@ -1,4 +1,4 @@
From d074f2941368b1b91ede467445c4f18904b7c228 Mon Sep 17 00:00:00 2001 From 9827ce562f432da36410ef0e9ce6d7971e502b99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:16 +0200 Date: Thu, 1 Jul 2021 20:29:16 +0200
Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only) Subject: [PATCH] ArmVirtPkg: Remove VirtioFsDxe filesystem driver (RHEL only)

@ -1,4 +1,4 @@
From cb327136ecf44079a7fcc1dd9b68d98e1124becc Mon Sep 17 00:00:00 2001 From 98e35df340a8a5cd18cb386361c7da6350c54800 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:19 +0200 Date: Thu, 1 Jul 2021 20:29:19 +0200
Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only) Subject: [PATCH] OvmfPkg: Remove UdfDxe filesystem driver (RHEL only)

@ -1,4 +1,4 @@
From 2b7c645f028c66efbaa7f7132e4f2fcec003869b Mon Sep 17 00:00:00 2001 From 9b039f2eb195f37b724f86efc31c8a4d6abd217d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:22 +0200 Date: Thu, 1 Jul 2021 20:29:22 +0200
Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only) Subject: [PATCH] ArmVirtPkg: Remove UdfDxe filesystem driver (RHEL only)

@ -1,4 +1,4 @@
From 11a0907d91727e05a5b86b5ede4f0e75572a894e Mon Sep 17 00:00:00 2001 From d417cfeb0ed76b3187b44e2491611f55d6de33b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:25 +0200 Date: Thu, 1 Jul 2021 20:29:25 +0200
Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only) Subject: [PATCH] OvmfPkg: Remove TftpDynamicCommand from shell (RHEL only)

@ -1,4 +1,4 @@
From 886bace5ff4ab40fd94475ffb2668def36149790 Mon Sep 17 00:00:00 2001 From b548dd4acf23412e9266be15d65d7f8cfccbf028 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:28 +0200 Date: Thu, 1 Jul 2021 20:29:28 +0200
Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only) Subject: [PATCH] ArmVirtPkg: Remove TftpDynamicCommand from shell (RHEL only)

@ -1,4 +1,4 @@
From 54738f50a11c9b607a22100dfd712bed0bc5c019 Mon Sep 17 00:00:00 2001 From 8a68c775e8ba00da3d725396fd8c78f67fbc8697 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:31 +0200 Date: Thu, 1 Jul 2021 20:29:31 +0200
Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only) Subject: [PATCH] OvmfPkg: Remove HttpDynamicCommand from shell (RHEL only)

@ -1,4 +1,4 @@
From 2d3f1c042054454de24c4842e768957c2a875129 Mon Sep 17 00:00:00 2001 From 1f15cf34691e2f9604ee6efe142c2d710aad579c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:34 +0200 Date: Thu, 1 Jul 2021 20:29:34 +0200
Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only) Subject: [PATCH] ArmVirtPkg: Remove HttpDynamicCommand from shell (RHEL only)

@ -1,4 +1,4 @@
From 8b920381f97c2c32d6bff465a58dd7c901626a34 Mon Sep 17 00:00:00 2001 From cd1746c9920e93bf40994172881bc13cf185991c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:39 +0200 Date: Thu, 1 Jul 2021 20:29:39 +0200
Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) Subject: [PATCH] OvmfPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)

@ -1,4 +1,4 @@
From 8b574a1461c50e453bb431a304bb0c63d14c5ab8 Mon Sep 17 00:00:00 2001 From ec9c5e512252964f28c493d10b9f484b88c87c13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Date: Thu, 1 Jul 2021 20:29:46 +0200 Date: Thu, 1 Jul 2021 20:29:46 +0200
Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only) Subject: [PATCH] ArmVirtPkg: Remove LinuxInitrdDynamicShellCommand (RHEL only)

@ -1,4 +1,4 @@
From 827b877dfc01336a12539b31753358e7e264b7f3 Mon Sep 17 00:00:00 2001 From 3d02fb6da82331176952e480160223136679ce74 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 28 Feb 2023 15:47:00 +0100 Date: Tue, 28 Feb 2023 15:47:00 +0100
Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug Subject: [PATCH] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug

@ -1,4 +1,4 @@
From 24fe28e0ee42ef36f48763e7e4d738fd4c6b3583 Mon Sep 17 00:00:00 2001 From c916516d37fb50c187020bd01da21cca85c8e83a Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com> From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 16 Aug 2023 12:09:40 +0200 Date: Wed, 16 Aug 2023 12:09:40 +0200
Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only)

@ -1,4 +1,4 @@
From 95345a66f0c8e7d77ebc1b5cae3e745a2c201751 Mon Sep 17 00:00:00 2001 From 7a07b2f16eabf460891a21c05b30cd9c2f875a2a Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:11:02 +0200 Date: Mon, 28 Aug 2023 13:11:02 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file. Subject: [PATCH] CryptoPkg/CrtLib: add stat.h include file.

@ -1,4 +1,4 @@
From 0cac1a197d1e84bcde60aba246c1e16bf5508091 Mon Sep 17 00:00:00 2001 From 168cfe83b250d3166817549c1e96e6b1f02bcab4 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Mon, 28 Aug 2023 13:27:09 +0200 Date: Mon, 28 Aug 2023 13:27:09 +0200
Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls Subject: [PATCH] CryptoPkg/CrtLib: add access/open/read/write/close syscalls

@ -1,4 +1,4 @@
From 348ea6ca54889a2b4006cc71168a173e8182f12e Mon Sep 17 00:00:00 2001 From 4c49c1bcb2db128cc4d2ebb29b1ac53fe3ef6b18 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:38 +0100 Date: Tue, 30 Jan 2024 14:04:38 +0100
Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process. Subject: [PATCH] OvmfPkg/Sec: Setup MTRR early in the boot process.

@ -1,4 +1,4 @@
From d521976e1641c242c86d0495647f200694f6ba44 Mon Sep 17 00:00:00 2001 From 3124da27dc460926f40477d247e021ceeabe0be3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:39 +0100 Date: Tue, 30 Jan 2024 14:04:39 +0100
Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types Subject: [PATCH] MdePkg/ArchitecturalMsr.h: add #defines for MTRR cache types

@ -1,4 +1,4 @@
From 75618356e04278e4346ffc5e147b9f6f101e8173 Mon Sep 17 00:00:00 2001 From f015a541308b2d752c399b9ef9597c4585218032 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:40 +0100 Date: Tue, 30 Jan 2024 14:04:40 +0100
Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from Subject: [PATCH] UefiCpuPkg/MtrrLib.h: use cache type #defines from

@ -1,4 +1,4 @@
From 4eea9b4625d7ea5eaf5ae0d541d96bfccacf7810 Mon Sep 17 00:00:00 2001 From dd543686c34fc3c6ddfafc0104066889ad9d1813 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 30 Jan 2024 14:04:41 +0100 Date: Tue, 30 Jan 2024 14:04:41 +0100
Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h Subject: [PATCH] OvmfPkg/Sec: use cache type #defines from ArchitecturalMsr.h

@ -1,4 +1,4 @@
From ee4774a753c2bc1061761e818d543a3e925ca1f0 Mon Sep 17 00:00:00 2001 From bbd537bc6560494b0b08886364c38406b1e8107a Mon Sep 17 00:00:00 2001
From: Sam <Sam_Tsai@wiwynn.com> From: Sam <Sam_Tsai@wiwynn.com>
Date: Wed, 29 May 2024 07:46:03 +0800 Date: Wed, 29 May 2024 07:46:03 +0800
Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in Subject: [PATCH] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in

@ -1,4 +1,4 @@
From 0f36c7f078215008ffa3a8e776aacd87793b8392 Mon Sep 17 00:00:00 2001 From 3f8eab199430de18c1c6a98d1d0772499b17cc86 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 8 May 2024 13:14:26 +0200 Date: Wed, 8 May 2024 13:14:26 +0200
Subject: [PATCH] OvmfPkg: add morlock support Subject: [PATCH] OvmfPkg: add morlock support

@ -1,4 +1,4 @@
From 1691865ebaa8730203e8eb6bb052edff14dbaa70 Mon Sep 17 00:00:00 2001 From 3899f089b8197f52ca63fe1561f8e5e1341f8198 Mon Sep 17 00:00:00 2001
From: Pedro Falcato <pedro.falcato@gmail.com> From: Pedro Falcato <pedro.falcato@gmail.com>
Date: Tue, 22 Nov 2022 22:31:03 +0000 Date: Tue, 22 Nov 2022 22:31:03 +0000
Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID Subject: [PATCH] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID

@ -1,4 +1,4 @@
From da8fda9932ab4a64a07d318d30b03baafbf1e0c1 Mon Sep 17 00:00:00 2001 From 4947d363211159647e9266fa20ad9d4c8bc52f71 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 31 May 2024 09:49:13 +0200 Date: Fri, 31 May 2024 09:49:13 +0200
Subject: [PATCH] SecurityPkg/RngDxe: add rng test Subject: [PATCH] SecurityPkg/RngDxe: add rng test

@ -1,4 +1,4 @@
From 7703744d07e81a9cd3109dca9184a61f16584d44 Mon Sep 17 00:00:00 2001 From 0aa96c512c689426838ec1cf4aa78ff088c03a1e Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 24 May 2024 12:51:17 +0200 Date: Fri, 24 May 2024 12:51:17 +0200
Subject: [PATCH] OvmfPkg: wire up RngDxe Subject: [PATCH] OvmfPkg: wire up RngDxe

@ -1,4 +1,4 @@
From ef076eab3cad92111c550d0041ac8d1a4e979714 Mon Sep 17 00:00:00 2001 From d5d19043e62a268a492f9a1ef6a11380d8f7e784 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:49 +0200 Date: Fri, 14 Jun 2024 11:45:49 +0200
Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList Subject: [PATCH] CryptoPkg/Test: call ProcessLibraryConstructorList

@ -1,4 +1,4 @@
From 46f82fa0cfe716f147b7878b7155983f7f6edb20 Mon Sep 17 00:00:00 2001 From 320207a3df995771af36639c7bdf89c4203cf1c2 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Fri, 14 Jun 2024 11:45:53 +0200 Date: Fri, 14 Jun 2024 11:45:53 +0200
Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit Subject: [PATCH] MdePkg/X86UnitTestHost: set rdrand cpuid bit

@ -1,13 +1,13 @@
From ebcdc6db77d338aa1054292d0c4b745bd482d9a2 Mon Sep 17 00:00:00 2001 From 481310a21104aba17bc0cddd236ecdf69d4ba662 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com> From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 26 Aug 2024 19:25:52 +0200 Date: Mon, 26 Aug 2024 19:25:52 +0200
Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP Subject: [PATCH] AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Author: Oliver Steffen <osteffen@redhat.com> RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 69: AmdSevDxe: Fix the shim fallback reboot workaround for SNP RH-MergeRequest: 68: AmdSevDxe: Fix the shim fallback reboot workaround for SNP
RH-Jira: RHEL-56082 RH-Jira: RHEL-56081
RH-Acked-by: Gerd Hoffmann <None> RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] 55ae7744e57ea51e1f35f482dffc2dd2089c5f77 (osteffen/edk2) RH-Commit: [1/1] ab8678b61d171f9c19459e034483437b29037b4b (osteffen/edk2)
The shim fallback reboot workaround (introduced for SEV-ES) does The shim fallback reboot workaround (introduced for SEV-ES) does
not always work for SEV-SNP, due to a conditional early return. not always work for SEV-SNP, due to a conditional early return.

@ -1,14 +1,14 @@
From b1b719573ff7410985fd502b3c30e6592229c3bd Mon Sep 17 00:00:00 2001 From 880c1ca7420b873c5f81563b122d7bd1ebad72cb Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com> From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Mar 2024 15:32:58 +0100 Date: Mon, 4 Mar 2024 15:32:58 +0100
Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing Subject: [PATCH] MdeModulePkg: Warn if out of flash space when writing
variables variables
RH-Author: Oliver Steffen <osteffen@redhat.com> RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 65: MdeModulePkg: Warn if out of flash space when writing variables RH-MergeRequest: 64: MdeModulePkg: Warn if out of flash space when writing variables
RH-Jira: RHEL-45261 RH-Jira: RHEL-43442
RH-Acked-by: Gerd Hoffmann <None> RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] b1f6ac49f246cc6a670b9fdd583da3bb9556550d (osteffen/edk2) RH-Commit: [1/1] b65130800090192f47f13d67ff14f902a4f5bfb5 (osteffen/edk2)
Emit a DEBUG_WARN message if there is not enough flash space left to Emit a DEBUG_WARN message if there is not enough flash space left to
write/update a variable. This condition is currently not logged write/update a variable. This condition is currently not logged

@ -0,0 +1,50 @@
From 10d25d4d502e419476c3846e0243bbf6be24d8e4 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 1 Oct 2024 18:40:41 -0400
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 95: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60831
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 2f345a9e5f277598a78edc1aab33c6acc96c6caa
JIRA: https://issues.redhat.com/browse/RHEL-60831
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e769b..128090d98e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.39.3

@ -1,13 +1,12 @@
From 054d42879bba986d7b2c2568fe4459959a8fe38b Mon Sep 17 00:00:00 2001 From c5f142e26ea5e892a63ed35ca952c8b583a9f8c1 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com> From: Oliver Steffen <osteffen@redhat.com>
Date: Wed, 14 Aug 2024 09:53:49 +0200 Date: Wed, 14 Aug 2024 09:53:49 +0200
Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging Subject: [PATCH 2/2] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com> RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829 RH-Jira: RHEL-45899
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com> RH-Commit: [2/2] 0d465ca0ea00598e6826446cd08e890c2ae4bea7 (osteffen/edk2)
RH-Commit: [2/2] d1f24c14ccea7346d395c263ed577039f91debfd (osteffen/edk2)
The word "Failed" is used when logging tired Rng algorithms. The word "Failed" is used when logging tired Rng algorithms.
These mostly non-critical messages confused some users. These mostly non-critical messages confused some users.

@ -1,13 +1,12 @@
From a424c0877b38ffb3c9c2a29cf52efb78c19ea8f2 Mon Sep 17 00:00:00 2001 From 7cbd00792445ad50e861e4835cdb5ba60466aae3 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed, 19 Jun 2024 09:07:56 +0200 Date: Wed, 19 Jun 2024 09:07:56 +0200
Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging Subject: [PATCH 1/2] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Author: Oliver Steffen <osteffen@redhat.com> RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 66: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging RH-MergeRequest: 67: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
RH-Jira: RHEL-45829 RH-Jira: RHEL-45899
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com> RH-Commit: [1/2] 15135d672cef4310cb29f8a55146f36b2ee1f15d (osteffen/edk2)
RH-Commit: [1/2] 9cf7cc1e68e01c54ab6fae15e3b5cdef1c0b15bc (osteffen/edk2)
There is a list of allowed rng algorithms, if /one/ of them is not There is a list of allowed rng algorithms, if /one/ of them is not
supported this is not a problem, only /all/ of them failing is an supported this is not a problem, only /all/ of them failing is an

@ -0,0 +1,350 @@
From fb1162845ff2d0e5f7fc7bb890896a4a6bde2981 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 12:40:12 +0100
Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/2] d4aec962fd120ac2903b91403d87b86af944bd83
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
.../PlatformBootManagerLib/BdsPlatform.c | 7 +
.../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++
.../PlatformBootManagerLib/FallbackRng.h | 20 ++
.../PlatformBootManagerLib.inf | 5 +
4 files changed, 254 insertions(+)
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index d9f61757cf..87d1ac3142 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -15,6 +15,8 @@
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/XenPlatformLib.h>
+#include "FallbackRng.h"
+
//
// Global data
//
@@ -539,6 +541,9 @@ PlatformBootManagerBeforeConsole (
ConnectVirtioPciRng,
NULL
);
+
+ FallbackRngCheckAndInstall ();
+
}
EFI_STATUS
@@ -1778,6 +1783,8 @@ PlatformBootManagerAfterConsole (
DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ FallbackRngPrintWarning ();
+
if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
DEBUG ((
DEBUG_INFO,
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
new file mode 100644
index 0000000000..bba60e29d5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
@@ -0,0 +1,222 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Protocol/Rng.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include "FallbackRng.h"
+
+typedef struct {
+ EFI_RNG_PROTOCOL Rng;
+ EFI_HANDLE Handle;
+} FALLBACK_RNG_DEV;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
+ RNGAlgorithmList.
+ On output with a return code of
+ EFI_SUCCESS, the size in bytes of the
+ data returned in RNGAlgorithmList. On
+ output with a return code of
+ EFI_BUFFER_TOO_SMALL, the size of
+ RNGAlgorithmList required to obtain the
+ list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled
+ by the driver with one EFI_RNG_ALGORITHM
+ element for each supported RNG algorithm.
+ The list must not change across multiple
+ calls to the same driver. The first
+ algorithm in the list is the default
+ algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned
+ successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this
+ driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be
+ retrieved due to a hardware or firmware
+ error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are
+ incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small
+ to hold the result.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+{
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (RNGAlgorithmList == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG
+ algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that
+ identifies the RNG algorithm to use. May
+ be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer
+ pointed to by RNGValue. The driver shall
+ return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled
+ by the driver with the resulting RNG
+ value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm
+ is not supported by this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due
+ to a hardware or firmware error.
+ @retval EFI_NOT_READY There is not enough random data available
+ to satisfy the length requested by
+ RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is
+ zero.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ UINT64 RandomData;
+ EFI_STATUS Status;
+ UINTN i;
+
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // We only support the raw algorithm, so reject requests for anything else
+ //
+ if ((RNGAlgorithm != NULL) &&
+ !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
+ {
+ return EFI_UNSUPPORTED;
+ }
+
+ for (i = 0; i < RNGValueLength; ++i) {
+ if (i % 4 == 0) {
+ Status = GetRandomNumber64 (&RandomData);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+static FALLBACK_RNG_DEV Dev = {
+ .Rng.GetInfo = FallbackRngGetInfo,
+ .Rng.GetRNG = FallbackRngGetRNG,
+ .Handle = NULL,
+};
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINTN HandleCount = 0;
+
+ if (Dev.Handle != NULL) {
+ DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
+ return EFI_ALREADY_STARTED;
+ }
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiRngProtocolGuid,
+ NULL,
+ &HandleCount,
+ &HandleBuffer
+ );
+
+ gBS->FreePool (HandleBuffer);
+
+ if (Status == EFI_NOT_FOUND) {
+ HandleCount = 0;
+ } else if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
+
+ if (HandleCount == 0) {
+ // Install RNG
+ Status = gBS->InstallProtocolInterface (
+ &Dev.Handle,
+ &gEfiRngProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Dev.Rng
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
+ return Status;
+ }
+
+ gDS->Dispatch ();
+ }
+
+ return EFI_SUCCESS;
+}
+
+VOID
+FallbackRngPrintWarning (
+ )
+{
+ if (Dev.Handle != NULL) {
+ Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
+ DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
+ gBS->Stall (2000000);
+ }
+}
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
new file mode 100644
index 0000000000..77332bc51c
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
@@ -0,0 +1,20 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _FALLBACK_RNG_H_
+#define _FALLBACK_RNG_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ );
+
+VOID
+FallbackRngPrintWarning (
+ );
+
+#endif
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c6ffc1ed9e..211716e30d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -25,6 +25,8 @@
PlatformData.c
QemuKernel.c
BdsPlatform.h
+ FallbackRng.c
+ FallbackRng.h
[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +58,7 @@
PlatformBmPrintScLib
Tcg2PhysicalPresenceLib
XenPlatformLib
+ RngLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
@@ -80,6 +83,7 @@
gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED
+ gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
[Guids]
gEfiEndOfDxeEventGroupGuid
@@ -87,3 +91,4 @@
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
gGrubFileGuid
+ gEfiRngAlgorithmRaw
--
2.39.3

@ -0,0 +1,101 @@
From 194fa0cc8ba8c0c2b8ca4e478ce80f17e25812d9 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/2] 8bf84d42332ab54f6d1f768c8abe62485e7a12c9
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
This patch adds the fallback RNG which was introduced in a
previous commit also to the ArmVirtPkg PlatformBootManagerLib.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
index 8e93f3cfed..8aa1e8e2df 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
@@ -30,6 +30,7 @@
#include <Guid/GlobalVariable.h>
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Guid/SerialPortLibVendor.h>
+#include "FallbackRng.h"
#include "PlatformBm.h"
@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+
//
// Add the hardcoded short-form USB keyboard device path to ConIn.
//
@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
+
+ FallbackRngCheckAndInstall ();
}
/**
@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
RETURN_STATUS Status;
BOOLEAN Uninstall;
+ FallbackRngPrintWarning ();
+
//
// Show the splash screen.
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
index 8e7cd5605f..4583c05ef4 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
@@ -27,6 +27,8 @@
PlatformBm.c
PlatformBm.h
QemuKernel.c
+ ../PlatformBootManagerLib/FallbackRng.h
+ ../PlatformBootManagerLib/FallbackRng.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -53,6 +55,7 @@
UefiBootServicesTableLib
UefiLib
UefiRuntimeServicesTableLib
+ RngLib
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
@@ -70,6 +73,7 @@
gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gEfiRngAlgorithmRaw
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
@@ -77,3 +81,4 @@
gEfiMemoryAttributeProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid
--
2.39.3

@ -1,13 +1,13 @@
From b2e458faf8603547bcdf578f465fdf777df44500 Mon Sep 17 00:00:00 2001 From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200 Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH] OvmfPkg/CpuHotplugSmm: delay SMM exit Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None> RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 75: OvmfPkg/CpuHotplugSmm: delay SMM exit RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56154 RH-Jira: RHEL-56974
RH-Acked-by: Oliver Steffen <osteffen@redhat.com> RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 591189c9b119804cab4c48e9c27e428751993169 (kraxel.rh/centos-src-edk2) RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU the CPU. This makes sure all APs stay in SMM mode until the CPU

@ -0,0 +1,45 @@
From 203d30bedd01e953a2f5962877c87da7a1d6fcc3 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 19:00:11 +0100
Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 105: OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Jira: RHEL-63094
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/1] 87d0a3f9392d3b7788193148ee74f6edfe719a3e
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 87d1ac3142..1f1298eb0b 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
if (EFI_ERROR (Status)) {
goto Error;
}
+
+ gDS->Dispatch ();
}
return EFI_SUCCESS;
--
2.45.1

@ -1,14 +1,14 @@
From 6b26812cbf5a871d0a311036b6605635684ed3e1 Mon Sep 17 00:00:00 2001 From c4aa4797fafa3a627205eaa346401e399d4a7146 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com> From: Gerd Hoffmann <kraxel@redhat.com>
Date: Tue, 27 Aug 2024 12:06:15 +0200 Date: Tue, 27 Aug 2024 12:06:15 +0200
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if
not needed. not needed.
RH-Author: Oliver Steffen <osteffen@redhat.com> RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 70: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed. RH-MergeRequest: 71: UefiCpuPkg/PiSmmCpuDxeSmm: skip PatchInstructionX86 calls if not needed.
RH-Jira: RHEL-50185 RH-Jira: RHEL-45847
RH-Acked-by: Gerd Hoffmann <None> RH-Acked-by: Gerd Hoffmann <None>
RH-Commit: [1/1] a9c96249a5258e0902e38d4579079dfcc188b980 (osteffen/edk2) RH-Commit: [1/1] 70ceffb2c1e695276af87d3aa334fe9be8e2e90e (osteffen/edk2)
Add the new global mMsrIa32MiscEnableSupported variable to track Add the new global mMsrIa32MiscEnableSupported variable to track
whenever support for the IA32_MISC_ENABLE MSR is present or not. whenever support for the IA32_MISC_ENABLE MSR is present or not.
@ -31,7 +31,6 @@ This fixes CPU hotplug on OVMF not working with AMD cpus.
Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase") Fixes: 6b3a89a9fdb5 ("OvmfPkg/PlatformPei: Relocate SmBases in PEI phase")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
(cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4) (cherry picked from commit 17ff8960848b2cb2e49fffb3dfbacd08865786a4)
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
--- ---
UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++----- UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 49 +++++++++++++++++++++-----
1 file changed, 40 insertions(+), 9 deletions(-) 1 file changed, 40 insertions(+), 9 deletions(-)

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save