16 changed files with 4 additions and 3630 deletions
--- a/.edk2.metadata
+++ b/.edk2.metadata
@ -1,3 +1,3 @@
 de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
 4b2ed0d355d3ef44e21a72573e17017630b6d33c SOURCES/edk2-8736b8fdca.tar.xz
-0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
+bf431935cb72db4d80c8435a0956abb25ca71185 SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
 SOURCES/DBXUpdate-20230509.x64.bin
 SOURCES/edk2-8736b8fdca.tar.xz
-SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
+SOURCES/openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz
--- a/SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
+++ b/SOURCES/edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
@ -1,57 +0,0 @@
-From b8793ffc6a7e7cfe3ecd9bd0da566ffd913a4544 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:34:52 -0400
-Subject: [PATCH 7/8] CryptoPkg/Test: call ProcessLibraryConstructorList
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [7/8] 7b09b94bfb56f5b81df2ccf1e6dbe21a7354a723
-
-JIRA: https://issues.redhat.com/browse/RHEL-40270
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 94961b8817eec6f8d0434555ac50a7aa51c22201
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri Jun 14 11:45:49 2024 +0200
-
-    CryptoPkg/Test: call ProcessLibraryConstructorList
-
-    Needed to properly initialize BaseRngLib.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- .../Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c      | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-index d0c1c7a4f7..48d463b8ad 100644
--- a/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-+++ b/CryptoPkg/Test/UnitTest/Library/BaseCryptLib/UnitTestMain.c
-@@ -8,6 +8,12 @@
- **/
- #include "TestBaseCryptLib.h"
- 
-+VOID
-+EFIAPI
-+ProcessLibraryConstructorList (
-+  VOID
-+  );
-+
- /**
-   Initialize the unit test framework, suite, and unit tests for the
-   sample unit tests and run the unit tests.
-@@ -76,5 +82,6 @@ main (
-   char  *argv[]
-   )
- {
-+  ProcessLibraryConstructorList ();
-   return UefiTestMain ();
- }
-- 
-2.39.3
-
--- a/SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
+++ b/SOURCES/edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
@ -1,170 +0,0 @@
-From f01b34eaeff2ccdd0ee7f2cf6371542efc0b13f5 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Sat, 6 Apr 2024 11:00:29 -0400
-Subject: [PATCH 1/2] EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-RH-Jira: RHEL-30156
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [1/2] 1b851d3ecf23092f7961cd0320221dc56b69adc4
-
-JIRA: https://issues.redhat.com/browse/RHEL-30156
-CVE: CVE-2022-36765
-Upstream: Merged
-
-commit aeaee8944f0eaacbf4cdf39279785b9ba4836bb6
-Author: Gua Guo <gua.guo@intel.com>
-Date:   Thu Jan 11 13:07:50 2024 +0800
-
-    EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
-
-    Fix integer overflow in various CreateHob instances.
-    Fixes: CVE-2022-36765
-
-    The CreateHob() function aligns the requested size to 8
-    performing the following operation:
-    ```
-    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-    ```
-
-    No checks are performed to ensure this value doesn't
-    overflow, and could lead to CreateHob() returning a smaller
-    HOB than requested, which could lead to OOB HOB accesses.
-
-    Reported-by: Marc Beatove <mbeatove@google.com>
-    Cc: Leif Lindholm <quic_llindhol@quicinc.com>
-    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Abner Chang <abner.chang@amd.com>
-    Cc: John Mathew <john.mathews@intel.com>
-    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-    Signed-off-by: Gua Guo <gua.guo@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- EmbeddedPkg/Library/PrePiHobLib/Hob.c | 43 +++++++++++++++++++++++++++
- 1 file changed, 43 insertions(+)
-
-diff --git a/EmbeddedPkg/Library/PrePiHobLib/Hob.c b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-index 8eb175aa96..cbc35152cc 100644
--- a/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-+++ b/EmbeddedPkg/Library/PrePiHobLib/Hob.c
-@@ -110,6 +110,13 @@ CreateHob (
- 
-   HandOffHob = GetHobList ();
- 
-+  //
-+  // Check Length to avoid data overflow.
-+  //
-+  if (HobLength > MAX_UINT16 - 0x7) {
-+    return NULL;
-+  }
-+
-   HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
- 
-   FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
-@@ -160,6 +167,9 @@ BuildResourceDescriptorHob (
- 
-   Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
-   ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->ResourceType      = ResourceType;
-   Hob->ResourceAttribute = ResourceAttribute;
-@@ -401,6 +411,10 @@ BuildModuleHob (
-     );
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
-   Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
-@@ -449,6 +463,11 @@ BuildGuidHob (
-   ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return NULL;
-+  }
-+
-   CopyGuid (&Hob->Name, Guid);
-   return Hob + 1;
- }
-@@ -512,6 +531,10 @@ BuildFvHob (
-   EFI_HOB_FIRMWARE_VOLUME  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -543,6 +566,10 @@ BuildFv2Hob (
-   EFI_HOB_FIRMWARE_VOLUME2  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -584,6 +611,10 @@ BuildFv3Hob (
-   EFI_HOB_FIRMWARE_VOLUME3  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV3, sizeof (EFI_HOB_FIRMWARE_VOLUME3));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress          = BaseAddress;
-   Hob->Length               = Length;
-@@ -639,6 +670,10 @@ BuildCpuHob (
-   EFI_HOB_CPU  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->SizeOfMemorySpace = SizeOfMemorySpace;
-   Hob->SizeOfIoSpace     = SizeOfIoSpace;
-@@ -676,6 +711,10 @@ BuildStackHob (
-     );
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_STACK));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->AllocDescriptor.Name), &gEfiHobMemoryAllocStackGuid);
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
-@@ -756,6 +795,10 @@ BuildMemoryAllocationHob (
-     );
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
-- 
-2.39.3
-
--- a/SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
+++ b/SOURCES/edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
@ -1,213 +0,0 @@
-From a0f61781d9d7d816363704823688ba251fe7e0ba Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:32:29 -0400
-Subject: [PATCH 4/8] MdePkg/BaseRngLib: Add a smoketest for RDRAND and check
- CPUID
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [4/8] 4fe23181254479e4a0f1abd31cedabacaec22944
-
-JIRA: https://issues.redhat.com/browse/RHEL-40270
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit c3a8ca7b54a9fd17acdf16c6282a92cc989fa92a
-Author: Pedro Falcato <pedro.falcato@gmail.com>
-Date:   Tue Nov 22 22:31:03 2022 +0000
-
-    MdePkg/BaseRngLib: Add a smoketest for RDRAND and check CPUID
-
-    RDRAND has notoriously been broken many times over its lifespan.
-    Add a smoketest to RDRAND, in order to better sniff out potential
-    security concerns.
-
-    Also add a proper CPUID test in order to support older CPUs which may
-    not have it; it was previously being tested but then promptly ignored.
-
-    Testing algorithm inspired by linux's arch/x86/kernel/cpu/rdrand.c
-    :x86_init_rdrand() per commit 049f9ae9..
-
-    Many thanks to Jason Donenfeld for relicensing his linux RDRAND detection
-    code to MIT and the public domain.
-
-    >On Tue, Nov 22, 2022 at 2:21 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
-      <..>
-    >    I (re)wrote that function in Linux. I hereby relicense it as MIT, and
-    >    also place it into public domain. Do with it what you will now.
-    >
-    >    Jason
-
-    BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
-
-    Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
-    Cc: Michael D Kinney <michael.d.kinney@intel.com>
-    Cc: Liming Gao <gaoliming@byosoft.com.cn>
-    Cc: Zhiguang Liu <zhiguang.liu@intel.com>
-    Cc: Jason A. Donenfeld <Jason@zx2c4.com>
-
-Signed-off-by: Jon Maloy <jmaloy@gmail.com>
---
- MdePkg/Library/BaseRngLib/Rand/RdRand.c | 99 +++++++++++++++++++++++--
- 1 file changed, 91 insertions(+), 8 deletions(-)
-
-diff --git a/MdePkg/Library/BaseRngLib/Rand/RdRand.c b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-index 9bd68352f9..06d2a6f12d 100644
--- a/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-+++ b/MdePkg/Library/BaseRngLib/Rand/RdRand.c
-@@ -3,6 +3,7 @@
-   to provide high-quality random numbers.
- 
- Copyright (c) 2023, Arm Limited. All rights reserved.<BR>
-+Copyright (c) 2022, Pedro Falcato. All rights reserved.<BR>
- Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR>
- Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
- 
-@@ -24,6 +25,88 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- STATIC BOOLEAN  mRdRandSupported;
- 
-+//
-+// Intel SDM says 10 tries is good enough for reliable RDRAND usage.
-+//
-+#define RDRAND_RETRIES  10
-+
-+#define RDRAND_TEST_SAMPLES  8
-+
-+#define RDRAND_MIN_CHANGE  5
-+
-+//
-+// Add a define for native-word RDRAND, just for the test.
-+//
-+#ifdef MDE_CPU_X64
-+#define ASM_RDRAND  AsmRdRand64
-+#else
-+#define ASM_RDRAND  AsmRdRand32
-+#endif
-+
-+/**
-+  Tests RDRAND for broken implementations.
-+
-+  @retval TRUE         RDRAND is reliable (and hopefully safe).
-+  @retval FALSE        RDRAND is unreliable and should be disabled, despite CPUID.
-+
-+**/
-+STATIC
-+BOOLEAN
-+TestRdRand (
-+  VOID
-+  )
-+{
-+  //
-+  // Test for notoriously broken rdrand implementations that always return the same
-+  // value, like the Zen 3 uarch (all-1s) or other several AMD families on suspend/resume (also all-1s).
-+  // Note that this should be expanded to extensively test for other sorts of possible errata.
-+  //
-+
-+  //
-+  // Our algorithm samples rdrand $RDRAND_TEST_SAMPLES times and expects
-+  // a different result $RDRAND_MIN_CHANGE times for reliable RDRAND usage.
-+  //
-+  UINTN   Prev;
-+  UINT8   Idx;
-+  UINT8   TestIteration;
-+  UINT32  Changed;
-+
-+  Changed = 0;
-+
-+  for (TestIteration = 0; TestIteration < RDRAND_TEST_SAMPLES; TestIteration++) {
-+    UINTN  Sample;
-+    //
-+    // Note: We use a retry loop for rdrand. Normal users get this in BaseRng.c
-+    // Any failure to get a random number will assume RDRAND does not work.
-+    //
-+    for (Idx = 0; Idx < RDRAND_RETRIES; Idx++) {
-+      if (ASM_RDRAND (&Sample)) {
-+        break;
-+      }
-+    }
-+
-+    if (Idx == RDRAND_RETRIES) {
-+      DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: Failed to get an RDRAND random number - disabling\n"));
-+      return FALSE;
-+    }
-+
-+    if (TestIteration != 0) {
-+      Changed += Sample != Prev;
-+    }
-+
-+    Prev = Sample;
-+  }
-+
-+  if (Changed < RDRAND_MIN_CHANGE) {
-+    DEBUG ((DEBUG_ERROR, "BaseRngLib/x86: CPU BUG: RDRAND not reliable - disabling\n"));
-+    return FALSE;
-+  }
-+
-+  return TRUE;
-+}
-+
-+#undef ASM_RDRAND
-+
- /**
-   The constructor function checks whether or not RDRAND instruction is supported
-   by the host hardware.
-@@ -48,10 +131,13 @@ BaseRngLibConstructor (
-   // CPUID. A value of 1 indicates that processor support RDRAND instruction.
-   //
-   AsmCpuid (1, 0, 0, &RegEcx, 0);
-  ASSERT ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
- 
-   mRdRandSupported = ((RegEcx & RDRAND_MASK) == RDRAND_MASK);
- 
-+  if (mRdRandSupported) {
-+    mRdRandSupported = TestRdRand ();
-+  }
-+
-   return EFI_SUCCESS;
- }
- 
-@@ -70,6 +156,7 @@ ArchGetRandomNumber16 (
-   OUT     UINT16  *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand16 (Rand);
- }
- 
-@@ -88,6 +175,7 @@ ArchGetRandomNumber32 (
-   OUT     UINT32  *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand32 (Rand);
- }
- 
-@@ -106,6 +194,7 @@ ArchGetRandomNumber64 (
-   OUT     UINT64  *Rand
-   )
- {
-+  ASSERT (mRdRandSupported);
-   return AsmRdRand64 (Rand);
- }
- 
-@@ -122,13 +211,7 @@ ArchIsRngSupported (
-   VOID
-   )
- {
-  /*
-     Existing software depends on this always returning TRUE, so for
-     now hard-code it.
-
-     return mRdRandSupported;
-  */
-  return TRUE;
-+  return mRdRandSupported;
- }
- 
- /**
-- 
-2.39.3
-
--- a/SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
+++ b/SOURCES/edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
@ -1,63 +0,0 @@
-From 90461020e9b7534dc03baeea7b485045ed5962e9 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:35:27 -0400
-Subject: [PATCH 8/8] MdePkg/X86UnitTestHost: set rdrand cpuid bit
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [8/8] 5bacbf3cf6fadd3362dfd6f31743707e65b4f119
-
-JIRA: https://issues.redhat.com/browse/RHEL-40270
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit 5e776299a2604b336a947e68593012ab2cc16eb4
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri Jun 14 11:45:53 2024 +0200
-
-    MdePkg/X86UnitTestHost: set rdrand cpuid bit
-
-    Set the rdrand feature bit when faking cpuid for host test cases.
-    Needed to make the CryptoPkg test cases work.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- MdePkg/Library/BaseLib/X86UnitTestHost.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/MdePkg/Library/BaseLib/X86UnitTestHost.c b/MdePkg/Library/BaseLib/X86UnitTestHost.c
-index 8ba4f54a38..7f7276f7f4 100644
--- a/MdePkg/Library/BaseLib/X86UnitTestHost.c
-+++ b/MdePkg/Library/BaseLib/X86UnitTestHost.c
-@@ -66,6 +66,15 @@ UnitTestHostBaseLibAsmCpuid (
-   OUT     UINT32  *Edx   OPTIONAL
-   )
- {
-+  UINT32  RetEcx;
-+
-+  RetEcx = 0;
-+  switch (Index) {
-+    case 1:
-+      RetEcx |= BIT30; /* RdRand */
-+      break;
-+  }
-+
-   if (Eax != NULL) {
-     *Eax = 0;
-   }
-@@ -75,7 +84,7 @@ UnitTestHostBaseLibAsmCpuid (
-   }
- 
-   if (Ecx != NULL) {
-    *Ecx = 0;
-+    *Ecx = RetEcx;
-   }
- 
-   if (Edx != NULL) {
-- 
-2.39.3
-
--- a/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
+++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
@ -1,43 +0,0 @@
-From 07d8292cce31630859b9e3138078d8cc8412a72f Mon Sep 17 00:00:00 2001
-From: Oliver Steffen <osteffen@redhat.com>
-Date: Wed, 14 Aug 2024 09:53:49 +0200
-Subject: [PATCH 3/3] NetworkPkg/DxeNetLib: Reword PseudoRandom error logging
-
-RH-Author: Oliver Steffen <osteffen@redhat.com>
-RH-MergeRequest: 82: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
-RH-Jira: RHEL-54188
-RH-Commit: [2/2] acea6a5fd931cdb6854c69a4e3c6e49caed83e68
-
-The word "Failed" is used when logging tired Rng algorithms.
-These mostly non-critical messages confused some users.
-
-Reword it and also add a message confirming eventual success to
-deescalate the importance somewhat.
-
-Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-index 4dfbe91a55..905a944975 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-@@ -946,12 +946,13 @@ PseudoRandom (
-         //
-         // Secure Algorithm was supported on this platform
-         //
-+        DEBUG ((DEBUG_VERBOSE, "Generated random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
-         return EFI_SUCCESS;
-       } else if (Status == EFI_UNSUPPORTED) {
-         //
-         // Secure Algorithm was not supported on this platform
-         //
-        DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
-+        DEBUG ((DEBUG_VERBOSE, "Unable to generate random data using secure algorithm %d not available: %r\n", AlgorithmIndex, Status));
- 
-         //
-         // Try the next secure algorithm
-- 
-2.39.3
-
--- a/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
+++ b/SOURCES/edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
@ -1,48 +0,0 @@
-From 537128fa22e410dac59b149ed11264731f09765b Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 19 Jun 2024 09:07:56 +0200
-Subject: [PATCH 2/3] NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
-
-RH-Author: Oliver Steffen <osteffen@redhat.com>
-RH-MergeRequest: 82: NetworkPkg/DxeNetLib: adjust PseudoRandom error logging
-RH-Jira: RHEL-54188
-RH-Commit: [1/2] 5c4699fd88b0ebcf7fe8b7e3a3895bf772aebdb3
-
-There is a list of allowed rng algorithms, if /one/ of them is not
-supported this is not a problem, only /all/ of them failing is an
-error condition.
-
-Downgrade the message for a single unsupported algorithm from ERROR to
-VERBOSE.  Add an error message in case we finish the loop without
-finding a supported algorithm.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 6862b9d538d96363635677198899e1669e591259)
---
- NetworkPkg/Library/DxeNetLib/DxeNetLib.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-index 01c13c08d2..4dfbe91a55 100644
--- a/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-+++ b/NetworkPkg/Library/DxeNetLib/DxeNetLib.c
-@@ -951,7 +951,7 @@ PseudoRandom (
-         //
-         // Secure Algorithm was not supported on this platform
-         //
-        DEBUG ((DEBUG_ERROR, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
-+        DEBUG ((DEBUG_VERBOSE, "Failed to generate random data using secure algorithm %d: %r\n", AlgorithmIndex, Status));
- 
-         //
-         // Try the next secure algorithm
-@@ -971,6 +971,7 @@ PseudoRandom (
-     // If we get here, we failed to generate random data using any secure algorithm
-     // Platform owner should ensure that at least one secure algorithm is supported
-     //
-+    DEBUG ((DEBUG_ERROR, "Failed to generate random data, no supported secure algorithm found\n"));
-     ASSERT_EFI_ERROR (Status);
-     return Status;
-   }
-- 
-2.39.3
-
--- a/SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
+++ b/SOURCES/edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
--- a/SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
+++ b/SOURCES/edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
@ -1,74 +0,0 @@
-From 5e93f6c09a57dd69f1b05654455452c4a0154a79 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 13 Jun 2024 18:35:46 -0400
-Subject: [PATCH 3/8] NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in
- iPXE environment
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [3/8] 9307e82e90d6f526d303607255a4c469ebe574d4
-
-JIRA: https://issues.redhat.com/browse/RHEL-40272
-Upstream: Merged
-CVE: CVE-2023-45236
-
-commit ced13b93afea87a8a1fe6ddbb67240a84cb2e3d3
-Author: Sam <Sam_Tsai@wiwynn.com>
-Date:   Wed May 29 07:46:03 2024 +0800
-
-    NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE environment
-
-    This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
-    REF: 1904a64
-
-    Issue Description:
-    An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:
-
-    NetworkPkg\TcpDxe\TcpDriver.c
-    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);
-
-    Root Cause Analysis:
-    The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.
-
-    Implemented Solution:
-    To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:
-
-    NetworkPkg\TcpDxe\TcpDriver.c
-    Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);
-
-    This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
-
-    Verification:
-    Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.
-
-    Cc: Doug Flick [MSFT] <doug.edk2@gmail.com>
-
-    Signed-off-by: Sam Tsai [Wiwynn] <sam_tsai@wiwynn.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- NetworkPkg/TcpDxe/TcpDriver.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 40bba4080c..c6e7c0df54 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -509,7 +509,7 @@ TcpDestroyService (
-     //
-     // Destroy the instance of the hashing protocol for this controller.
-     //
-    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, mHash2ServiceHandle);
-     if (EFI_ERROR (Status)) {
-       return EFI_UNSUPPORTED;
-     }
-- 
-2.39.3
-
--- a/SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
+++ b/SOURCES/edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
@ -1,841 +0,0 @@
-From 6f0cf9f14b1abefa62416c1611f01d6fb3353c44 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Tue, 11 Jun 2024 15:20:29 -0400
-Subject: [PATCH 2/8] NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [2/8] 18e88b5def6b058ecd4ffa565ef6f3bafe6f03ad
-
-JIRA: https://issues.redhat.com/browse/RHEL-40272
-Upstream: Merged
-CVE: CVE-2023-45236
-
-commit 1904a64bcc18199738e5be183d28887ac5d837d7
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Wed May 8 22:56:29 2024 -0700
-
-    NetworkPkg TcpDxe: SECURITY PATCH CVE-2023-45236
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4541
-    REF: https://www.rfc-editor.org/rfc/rfc1948.txt
-    REF: https://www.rfc-editor.org/rfc/rfc6528.txt
-    REF: https://www.rfc-editor.org/rfc/rfc9293.txt
-
-    Bug Overview:
-    PixieFail Bug #8
-    CVE-2023-45236
-    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
-    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
-
-    Updates TCP ISN generation to use a cryptographic hash of the
-    connection's identifying parameters and a secret key.
-    This prevents an attacker from guessing the ISN used for some other
-    connection.
-
-    This is follows the guidance in RFC 1948, RFC 6528, and RFC 9293.
-
-    RFC: 9293 Section 3.4.1.  Initial Sequence Number Selection
-
-       A TCP implementation MUST use the above type of "clock" for clock-
-       driven selection of initial sequence numbers (MUST-8), and SHOULD
-       generate its initial sequence numbers with the expression:
-
-       ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-
-       where M is the 4 microsecond timer, and F() is a pseudorandom
-       function (PRF) of the connection's identifying parameters ("localip,
-       localport, remoteip, remoteport") and a secret key ("secretkey")
-       (SHLD-1).  F() MUST NOT be computable from the outside (MUST-9), or
-       an attacker could still guess at sequence numbers from the ISN used
-       for some other connection.  The PRF could be implemented as a
-       cryptographic hash of the concatenation of the TCP connection
-       parameters and some secret data.  For discussion of the selection of
-       a specific hash algorithm and management of the secret key data,
-       please see Section 3 of [42].
-
-       For each connection there is a send sequence number and a receive
-       sequence number.  The initial send sequence number (ISS) is chosen by
-       the data sending TCP peer, and the initial receive sequence number
-       (IRS) is learned during the connection-establishing procedure.
-
-       For a connection to be established or initialized, the two TCP peers
-       must synchronize on each other's initial sequence numbers.  This is
-       done in an exchange of connection-establishing segments carrying a
-       control bit called "SYN" (for synchronize) and the initial sequence
-       numbers.  As a shorthand, segments carrying the SYN bit are also
-       called "SYNs".  Hence, the solution requires a suitable mechanism for
-       picking an initial sequence number and a slightly involved handshake
-       to exchange the ISNs.
-
-    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
-    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- NetworkPkg/SecurityFixes.yaml |  22 +++
- NetworkPkg/TcpDxe/TcpDriver.c |  92 ++++++++++++-
- NetworkPkg/TcpDxe/TcpDxe.inf  |   8 +-
- NetworkPkg/TcpDxe/TcpFunc.h   |  23 ++--
- NetworkPkg/TcpDxe/TcpInput.c  |  13 +-
- NetworkPkg/TcpDxe/TcpMain.h   |  59 ++++++--
- NetworkPkg/TcpDxe/TcpMisc.c   | 244 ++++++++++++++++++++++++++++++++--
- NetworkPkg/TcpDxe/TcpTimer.c  |   3 +-
- 8 files changed, 415 insertions(+), 49 deletions(-)
-
-diff --git a/NetworkPkg/SecurityFixes.yaml b/NetworkPkg/SecurityFixes.yaml
-index 20a4555019..4305328425 100644
--- a/NetworkPkg/SecurityFixes.yaml
-+++ b/NetworkPkg/SecurityFixes.yaml
-@@ -122,6 +122,28 @@ CVE_2023_45235:
-     - http://www.openwall.com/lists/oss-security/2024/01/16/2
-     - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-     - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
-+CVE_2023_45236:
-+  commit_titles:
-+    - "NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Patch"
-+  cve: CVE-2023-45236
-+  date_reported: 2023-08-28 13:56 UTC
-+  description: "Bug 08 - edk2/NetworkPkg: Predictable TCP Initial Sequence Numbers"
-+  note:
-+  files_impacted:
-+    - NetworkPkg/Include/Library/NetLib.h
-+    - NetworkPkg/TcpDxe/TcpDriver.c
-+    - NetworkPkg/TcpDxe/TcpDxe.inf
-+    - NetworkPkg/TcpDxe/TcpFunc.h
-+    - NetworkPkg/TcpDxe/TcpInput.c
-+    - NetworkPkg/TcpDxe/TcpMain.h
-+    - NetworkPkg/TcpDxe/TcpMisc.c
-+    - NetworkPkg/TcpDxe/TcpTimer.c
-+  links:
-+    - https://bugzilla.tianocore.org/show_bug.cgi?id=4541
-+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45236
-+    - http://www.openwall.com/lists/oss-security/2024/01/16/2
-+    - http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html
-+    - https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
- CVE_2023_45237:
-   commit_titles:
-     - "NetworkPkg:: SECURITY PATCH CVE 2023-45237"
-diff --git a/NetworkPkg/TcpDxe/TcpDriver.c b/NetworkPkg/TcpDxe/TcpDriver.c
-index 8fe6badd68..40bba4080c 100644
--- a/NetworkPkg/TcpDxe/TcpDriver.c
-+++ b/NetworkPkg/TcpDxe/TcpDriver.c
-@@ -83,6 +83,12 @@ EFI_SERVICE_BINDING_PROTOCOL  gTcpServiceBinding = {
-   TcpServiceBindingDestroyChild
- };
- 
-+//
-+// This is the handle for the Hash2ServiceBinding Protocol instance this driver produces
-+// if the platform does not provide one.
-+//
-+EFI_HANDLE  mHash2ServiceHandle = NULL;
-+
- /**
-   Create and start the heartbeat timer for the TCP driver.
- 
-@@ -165,6 +171,23 @@ TcpDriverEntryPoint (
-   EFI_STATUS  Status;
-   UINT32      Random;
- 
-+  //
-+  // Initialize the Secret used for hashing TCP sequence numbers
-+  //
-+  // Normally this should be regenerated periodically, but since
-+  // this is only used for UEFI networking and not a general purpose
-+  // operating system, it is not necessary to regenerate it.
-+  //
-+  Status = PseudoRandomU32 (&mTcpGlobalSecret);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_ERROR, "%a failed to generate random number: %r\n", __func__, Status));
-+    return Status;
-+  }
-+
-+  //
-+  // Get a random number used to generate a random port number
-+  // Intentionally not linking this to mTcpGlobalSecret to avoid leaking information about the secret
-+  //
-   Status = PseudoRandomU32 (&Random);
-   if (EFI_ERROR (Status)) {
-     DEBUG ((DEBUG_ERROR, "%a Failed to generate random number: %r\n", __func__, Status));
-@@ -207,9 +230,8 @@ TcpDriverEntryPoint (
-   }
- 
-   //
-  // Initialize ISS and random port.
-+  // Initialize the random port.
-   //
-  mTcpGlobalIss   = Random % mTcpGlobalIss;
-   mTcp4RandomPort = (UINT16)(TCP_PORT_KNOWN + (Random % TCP_PORT_KNOWN));
-   mTcp6RandomPort = mTcp4RandomPort;
- 
-@@ -224,6 +246,8 @@ TcpDriverEntryPoint (
-   @param[in]  IpVersion          IP_VERSION_4 or IP_VERSION_6.
- 
-   @retval EFI_OUT_OF_RESOURCES   Failed to allocate some resources.
-+  @retval EFI_UNSUPPORTED        Service Binding Protocols are unavailable.
-+  @retval EFI_ALREADY_STARTED    The TCP driver is already started on the controller.
-   @retval EFI_SUCCESS            A new IP6 service binding private was created.
- 
- **/
-@@ -234,11 +258,13 @@ TcpCreateService (
-   IN UINT8       IpVersion
-   )
- {
-  EFI_STATUS        Status;
-  EFI_GUID          *IpServiceBindingGuid;
-  EFI_GUID          *TcpServiceBindingGuid;
-  TCP_SERVICE_DATA  *TcpServiceData;
-  IP_IO_OPEN_DATA   OpenData;
-+  EFI_STATUS                    Status;
-+  EFI_GUID                      *IpServiceBindingGuid;
-+  EFI_GUID                      *TcpServiceBindingGuid;
-+  TCP_SERVICE_DATA              *TcpServiceData;
-+  IP_IO_OPEN_DATA               OpenData;
-+  EFI_SERVICE_BINDING_PROTOCOL  *Hash2ServiceBinding;
-+  EFI_HASH2_PROTOCOL            *Hash2Protocol;
- 
-   if (IpVersion == IP_VERSION_4) {
-     IpServiceBindingGuid  = &gEfiIp4ServiceBindingProtocolGuid;
-@@ -272,6 +298,33 @@ TcpCreateService (
-     return EFI_UNSUPPORTED;
-   }
- 
-+  Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
-+  if (EFI_ERROR (Status)) {
-+    //
-+    // If we can't find the Hashing protocol, then we need to create one.
-+    //
-+
-+    //
-+    // Platform is expected to publish the hash service binding protocol to support TCP.
-+    //
-+    Status = gBS->LocateProtocol (
-+                    &gEfiHash2ServiceBindingProtocolGuid,
-+                    NULL,
-+                    (VOID **)&Hash2ServiceBinding
-+                    );
-+    if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->CreateChild == NULL)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    //
-+    // Create an instance of the hash protocol for this controller.
-+    //
-+    Status = Hash2ServiceBinding->CreateChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    if (EFI_ERROR (Status)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+  }
-+
-   //
-   // Create the TCP service data.
-   //
-@@ -423,6 +476,7 @@ TcpDestroyService (
-   EFI_STATUS                               Status;
-   LIST_ENTRY                               *List;
-   TCP_DESTROY_CHILD_IN_HANDLE_BUF_CONTEXT  Context;
-+  EFI_SERVICE_BINDING_PROTOCOL             *Hash2ServiceBinding;
- 
-   ASSERT ((IpVersion == IP_VERSION_4) || (IpVersion == IP_VERSION_6));
- 
-@@ -439,6 +493,30 @@ TcpDestroyService (
-     return EFI_SUCCESS;
-   }
- 
-+  //
-+  // Destroy the Hash2ServiceBinding instance if it is created by Tcp driver.
-+  //
-+  if (mHash2ServiceHandle != NULL) {
-+    Status = gBS->LocateProtocol (
-+                    &gEfiHash2ServiceBindingProtocolGuid,
-+                    NULL,
-+                    (VOID **)&Hash2ServiceBinding
-+                    );
-+    if (EFI_ERROR (Status) || (Hash2ServiceBinding == NULL) || (Hash2ServiceBinding->DestroyChild == NULL)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    //
-+    // Destroy the instance of the hashing protocol for this controller.
-+    //
-+    Status = Hash2ServiceBinding->DestroyChild (Hash2ServiceBinding, &mHash2ServiceHandle);
-+    if (EFI_ERROR (Status)) {
-+      return EFI_UNSUPPORTED;
-+    }
-+
-+    mHash2ServiceHandle = NULL;
-+  }
-+
-   Status = gBS->OpenProtocol (
-                   NicHandle,
-                   ServiceBindingGuid,
-diff --git a/NetworkPkg/TcpDxe/TcpDxe.inf b/NetworkPkg/TcpDxe/TcpDxe.inf
-index cf5423f4c5..76de4cf9ec 100644
--- a/NetworkPkg/TcpDxe/TcpDxe.inf
-+++ b/NetworkPkg/TcpDxe/TcpDxe.inf
-@@ -6,6 +6,7 @@
- #  stack has been loaded in system. This driver supports both IPv4 and IPv6 network stack.
- #
- #  Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
-+#  Copyright (c) Microsoft Corporation
- #
- #  SPDX-License-Identifier: BSD-2-Clause-Patent
- #
-@@ -68,7 +69,6 @@
-   NetLib
-   IpIoLib
- 
-
- [Protocols]
-   ## SOMETIMES_CONSUMES
-   ## SOMETIMES_PRODUCES
-@@ -81,6 +81,12 @@
-   gEfiIp6ServiceBindingProtocolGuid             ## TO_START
-   gEfiTcp6ProtocolGuid                          ## BY_START
-   gEfiTcp6ServiceBindingProtocolGuid            ## BY_START
-+  gEfiHash2ProtocolGuid                         ## BY_START
-+  gEfiHash2ServiceBindingProtocolGuid           ## BY_START
-+
-+[Guids]
-+  gEfiHashAlgorithmMD5Guid                      ## CONSUMES
-+  gEfiHashAlgorithmSha256Guid                   ## CONSUMES
- 
- [Depex]
-   gEfiHash2ServiceBindingProtocolGuid
-diff --git a/NetworkPkg/TcpDxe/TcpFunc.h b/NetworkPkg/TcpDxe/TcpFunc.h
-index a7af01fff2..c707bee3e5 100644
--- a/NetworkPkg/TcpDxe/TcpFunc.h
-+++ b/NetworkPkg/TcpDxe/TcpFunc.h
-@@ -2,7 +2,7 @@
-   Declaration of external functions shared in TCP driver.
- 
-   Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
-
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -36,8 +36,11 @@ VOID
- 
-   @param[in, out]  Tcb               Pointer to the TCP_CB of this TCP instance.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
-VOID
-+EFI_STATUS
- TcpInitTcbLocal (
-   IN OUT TCP_CB  *Tcb
-   );
-@@ -128,17 +131,6 @@ TcpCloneTcb (
-   IN TCP_CB  *Tcb
-   );
- 
-/**
-  Compute an ISS to be used by a new connection.
-
-  @return The result ISS.
-
-**/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-  );
-
- /**
-   Get the local mss.
- 
-@@ -202,8 +194,11 @@ TcpFormatNetbuf (
-   @param[in, out]  Tcb          Pointer to the TCP_CB that wants to initiate a
-                                 connection.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
-VOID
-+EFI_STATUS
- TcpOnAppConnect (
-   IN OUT TCP_CB  *Tcb
-   );
-diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
-index 7b329be64d..86dd7c4907 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
-+++ b/NetworkPkg/TcpDxe/TcpInput.c
-@@ -724,6 +724,7 @@ TcpInput (
-   TCP_SEQNO   Urg;
-   UINT16      Checksum;
-   INT32       Usable;
-+  EFI_STATUS  Status;
- 
-   ASSERT ((Version == IP_VERSION_4) || (Version == IP_VERSION_6));
- 
-@@ -872,7 +873,17 @@ TcpInput (
-       Tcb->LocalEnd.Port  = Head->DstPort;
-       Tcb->RemoteEnd.Port = Head->SrcPort;
- 
-      TcpInitTcbLocal (Tcb);
-+      Status = TcpInitTcbLocal (Tcb);
-+      if (EFI_ERROR (Status)) {
-+        DEBUG (
-+          (DEBUG_ERROR,
-+           "TcpInput: discard a segment because failed to init local end for TCB %p\n",
-+           Tcb)
-+          );
-+
-+        goto DISCARD;
-+      }
-+
-       TcpInitTcbPeer (Tcb, Seg, &Option);
- 
-       TcpSetState (Tcb, TCP_SYN_RCVD);
-diff --git a/NetworkPkg/TcpDxe/TcpMain.h b/NetworkPkg/TcpDxe/TcpMain.h
-index c0c9b7f46e..4d5566ab93 100644
--- a/NetworkPkg/TcpDxe/TcpMain.h
-+++ b/NetworkPkg/TcpDxe/TcpMain.h
-@@ -3,7 +3,7 @@
-   It is the common head file for all Tcp*.c in TCP driver.
- 
-   Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
-
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -13,6 +13,7 @@
- 
- #include <Protocol/ServiceBinding.h>
- #include <Protocol/DriverBinding.h>
-+#include <Protocol/Hash2.h>
- #include <Library/IpIoLib.h>
- #include <Library/DevicePathLib.h>
- #include <Library/PrintLib.h>
-@@ -31,7 +32,7 @@ extern EFI_UNICODE_STRING_TABLE      *gTcpControllerNameTable;
- 
- extern LIST_ENTRY  mTcpRunQue;
- extern LIST_ENTRY  mTcpListenQue;
-extern TCP_SEQNO   mTcpGlobalIss;
-+extern TCP_SEQNO   mTcpGlobalSecret;
- extern UINT32      mTcpTick;
- 
- ///
-@@ -45,14 +46,6 @@ extern UINT32      mTcpTick;
- 
- #define TCP_EXPIRE_TIME  65535
- 
-///
-/// The implementation selects the initial send sequence number and the unit to
-/// be added when it is increased.
-///
-#define TCP_BASE_ISS         0x4d7e980b
-#define TCP_ISS_INCREMENT_1  2048
-#define TCP_ISS_INCREMENT_2  100
-
- typedef union {
-   EFI_TCP4_CONFIG_DATA    Tcp4CfgData;
-   EFI_TCP6_CONFIG_DATA    Tcp6CfgData;
-@@ -774,4 +767,50 @@ Tcp6Poll (
-   IN EFI_TCP6_PROTOCOL  *This
-   );
- 
-+/**
-+  Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
-+  and remote IP addresses and ports.
-+
-+  This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
-+  Where the ISN is computed as follows:
-+    ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
-+
-+  Otherwise:
-+    ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-+
-+    "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
-+    connection's identifying parameters ("localip, localport, remoteip, remoteport")
-+    and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
-+    outside (MUST-9), or an attacker could still guess at sequence numbers from the
-+    ISN used for some other connection. The PRF could be implemented as a
-+    cryptographic hash of the concatenation of the TCP connection parameters and some
-+    secret data. For discussion of the selection of a specific hash algorithm and
-+    management of the secret key data."
-+
-+  @param[in]       LocalIp        A pointer to the local IP address of the TCP connection.
-+  @param[in]       LocalIpSize    The size, in bytes, of the LocalIp buffer.
-+  @param[in]       LocalPort      The local port number of the TCP connection.
-+  @param[in]       RemoteIp       A pointer to the remote IP address of the TCP connection.
-+  @param[in]       RemoteIpSize   The size, in bytes, of the RemoteIp buffer.
-+  @param[in]       RemotePort     The remote port number of the TCP connection.
-+  @param[out]      Isn            A pointer to the variable that will receive the Initial
-+                                  Sequence Number (ISN).
-+
-+  @retval EFI_SUCCESS             The operation completed successfully, and the ISN was
-+                                  retrieved.
-+  @retval EFI_INVALID_PARAMETER   One or more of the input parameters are invalid.
-+  @retval EFI_UNSUPPORTED         The operation is not supported.
-+
-+**/
-+EFI_STATUS
-+TcpGetIsn (
-+  IN UINT8       *LocalIp,
-+  IN UINTN       LocalIpSize,
-+  IN UINT16      LocalPort,
-+  IN UINT8       *RemoteIp,
-+  IN UINTN       RemoteIpSize,
-+  IN UINT16      RemotePort,
-+  OUT TCP_SEQNO  *Isn
-+  );
-+
- #endif
-diff --git a/NetworkPkg/TcpDxe/TcpMisc.c b/NetworkPkg/TcpDxe/TcpMisc.c
-index c93212d47d..3310306f63 100644
--- a/NetworkPkg/TcpDxe/TcpMisc.c
-+++ b/NetworkPkg/TcpDxe/TcpMisc.c
-@@ -3,7 +3,7 @@
- 
-   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
-   Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
-
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -20,7 +20,34 @@ LIST_ENTRY  mTcpListenQue = {
-   &mTcpListenQue
- };
- 
-TCP_SEQNO  mTcpGlobalIss = TCP_BASE_ISS;
-+//
-+// The Session secret
-+// This must be initialized to a random value at boot time
-+//
-+TCP_SEQNO  mTcpGlobalSecret;
-+
-+//
-+// Union to hold either an IPv4 or IPv6 address
-+// This is used to simplify the ISN hash computation
-+//
-+typedef union {
-+  UINT8    IPv4[4];
-+  UINT8    IPv6[16];
-+} NETWORK_ADDRESS;
-+
-+//
-+// The ISN is computed by hashing this structure
-+// It is initialized with the local and remote IP addresses and ports
-+// and the secret
-+//
-+//
-+typedef struct {
-+  UINT16             LocalPort;
-+  UINT16             RemotePort;
-+  NETWORK_ADDRESS    LocalAddress;
-+  NETWORK_ADDRESS    RemoteAddress;
-+  TCP_SEQNO          Secret;
-+} ISN_HASH_CTX;
- 
- CHAR16  *mTcpStateName[] = {
-   L"TCP_CLOSED",
-@@ -41,12 +68,18 @@ CHAR16  *mTcpStateName[] = {
- 
-   @param[in, out]  Tcb               Pointer to the TCP_CB of this TCP instance.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
-VOID
-+EFI_STATUS
- TcpInitTcbLocal (
-   IN OUT TCP_CB  *Tcb
-   )
- {
-+  TCP_SEQNO   Isn;
-+  EFI_STATUS  Status;
-+
-   //
-   // Compute the checksum of the fixed parts of pseudo header
-   //
-@@ -57,6 +90,16 @@ TcpInitTcbLocal (
-                      0x06,
-                      0
-                      );
-+
-+    Status = TcpGetIsn (
-+               Tcb->LocalEnd.Ip.v4.Addr,
-+               sizeof (IPv4_ADDRESS),
-+               Tcb->LocalEnd.Port,
-+               Tcb->RemoteEnd.Ip.v4.Addr,
-+               sizeof (IPv4_ADDRESS),
-+               Tcb->RemoteEnd.Port,
-+               &Isn
-+               );
-   } else {
-     Tcb->HeadSum = NetIp6PseudoHeadChecksum (
-                      &Tcb->LocalEnd.Ip.v6,
-@@ -64,9 +107,25 @@ TcpInitTcbLocal (
-                      0x06,
-                      0
-                      );
-+
-+    Status = TcpGetIsn (
-+               Tcb->LocalEnd.Ip.v6.Addr,
-+               sizeof (IPv6_ADDRESS),
-+               Tcb->LocalEnd.Port,
-+               Tcb->RemoteEnd.Ip.v6.Addr,
-+               sizeof (IPv6_ADDRESS),
-+               Tcb->RemoteEnd.Port,
-+               &Isn
-+               );
-+  }
-+
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_ERROR, "TcpInitTcbLocal: failed to get isn\n"));
-+    ASSERT (FALSE);
-+    return Status;
-   }
- 
-  Tcb->Iss    = TcpGetIss ();
-+  Tcb->Iss    = Isn;
-   Tcb->SndUna = Tcb->Iss;
-   Tcb->SndNxt = Tcb->Iss;
- 
-@@ -82,6 +141,8 @@ TcpInitTcbLocal (
-   Tcb->RetxmitSeqMax = 0;
- 
-   Tcb->ProbeTimerOn = FALSE;
-+
-+  return EFI_SUCCESS;
- }
- 
- /**
-@@ -506,18 +567,162 @@ TcpCloneTcb (
- }
- 
- /**
-  Compute an ISS to be used by a new connection.
-
-  @return The resulting ISS.
-+  Retrieves the Initial Sequence Number (ISN) for a TCP connection identified by local
-+  and remote IP addresses and ports.
-+
-+  This method is based on https://datatracker.ietf.org/doc/html/rfc9293#section-3.4.1
-+  Where the ISN is computed as follows:
-+    ISN = TimeStamp + MD5(LocalIP, LocalPort, RemoteIP, RemotePort, Secret)
-+
-+  Otherwise:
-+    ISN = M + F(localip, localport, remoteip, remoteport, secretkey)
-+
-+    "Here M is the 4 microsecond timer, and F() is a pseudorandom function (PRF) of the
-+    connection's identifying parameters ("localip, localport, remoteip, remoteport")
-+    and a secret key ("secretkey") (SHLD-1). F() MUST NOT be computable from the
-+    outside (MUST-9), or an attacker could still guess at sequence numbers from the
-+    ISN used for some other connection. The PRF could be implemented as a
-+    cryptographic hash of the concatenation of the TCP connection parameters and some
-+    secret data. For discussion of the selection of a specific hash algorithm and
-+    management of the secret key data."
-+
-+  @param[in]       LocalIp        A pointer to the local IP address of the TCP connection.
-+  @param[in]       LocalIpSize    The size, in bytes, of the LocalIp buffer.
-+  @param[in]       LocalPort      The local port number of the TCP connection.
-+  @param[in]       RemoteIp       A pointer to the remote IP address of the TCP connection.
-+  @param[in]       RemoteIpSize   The size, in bytes, of the RemoteIp buffer.
-+  @param[in]       RemotePort     The remote port number of the TCP connection.
-+  @param[out]      Isn            A pointer to the variable that will receive the Initial
-+                                  Sequence Number (ISN).
-+
-+  @retval EFI_SUCCESS             The operation completed successfully, and the ISN was
-+                                  retrieved.
-+  @retval EFI_INVALID_PARAMETER   One or more of the input parameters are invalid.
-+  @retval EFI_UNSUPPORTED         The operation is not supported.
- 
- **/
-TCP_SEQNO
-TcpGetIss (
-  VOID
-+EFI_STATUS
-+TcpGetIsn (
-+  IN UINT8       *LocalIp,
-+  IN UINTN       LocalIpSize,
-+  IN UINT16      LocalPort,
-+  IN UINT8       *RemoteIp,
-+  IN UINTN       RemoteIpSize,
-+  IN UINT16      RemotePort,
-+  OUT TCP_SEQNO  *Isn
-   )
- {
-  mTcpGlobalIss += TCP_ISS_INCREMENT_1;
-  return mTcpGlobalIss;
-+  EFI_STATUS          Status;
-+  EFI_HASH2_PROTOCOL  *Hash2Protocol;
-+  EFI_HASH2_OUTPUT    HashResult;
-+  ISN_HASH_CTX        IsnHashCtx;
-+  EFI_TIME            TimeStamp;
-+
-+  //
-+  // Check that the ISN pointer is valid
-+  //
-+  if (Isn == NULL) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // The local ip may be a v4 or v6 address and may not be NULL
-+  //
-+  if ((LocalIp == NULL) || (LocalIpSize == 0) || (RemoteIp == NULL) || (RemoteIpSize == 0)) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // the local ip may be a v4 or v6 address
-+  //
-+  if ((LocalIpSize != sizeof (EFI_IPv4_ADDRESS)) && (LocalIpSize != sizeof (EFI_IPv6_ADDRESS))) {
-+    return EFI_INVALID_PARAMETER;
-+  }
-+
-+  //
-+  // Locate the Hash Protocol
-+  //
-+  Status = gBS->LocateProtocol (&gEfiHash2ProtocolGuid, NULL, (VOID **)&Hash2Protocol);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to locate Hash Protocol: %r\n", Status));
-+
-+    //
-+    // TcpCreateService(..) is expected to be called prior to this function
-+    //
-+    ASSERT_EFI_ERROR (Status);
-+    return Status;
-+  }
-+
-+  //
-+  // Initialize the hash algorithm
-+  //
-+  Status = Hash2Protocol->HashInit (Hash2Protocol, &gEfiHashAlgorithmSha256Guid);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to initialize sha256 hash algorithm: %r\n", Status));
-+    return Status;
-+  }
-+
-+  IsnHashCtx.LocalPort  = LocalPort;
-+  IsnHashCtx.RemotePort = RemotePort;
-+  IsnHashCtx.Secret     = mTcpGlobalSecret;
-+
-+  //
-+  // Check the IP address family and copy accordingly
-+  //
-+  if (LocalIpSize == sizeof (EFI_IPv4_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.LocalAddress.IPv4, LocalIp, LocalIpSize);
-+  } else if (LocalIpSize == sizeof (EFI_IPv6_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.LocalAddress.IPv6, LocalIp, LocalIpSize);
-+  } else {
-+    return EFI_INVALID_PARAMETER; // Unsupported address size
-+  }
-+
-+  //
-+  // Repeat the process for the remote IP address
-+  //
-+  if (RemoteIpSize == sizeof (EFI_IPv4_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.RemoteAddress.IPv4, RemoteIp, RemoteIpSize);
-+  } else if (RemoteIpSize == sizeof (EFI_IPv6_ADDRESS)) {
-+    CopyMem (&IsnHashCtx.RemoteAddress.IPv6, RemoteIp, RemoteIpSize);
-+  } else {
-+    return EFI_INVALID_PARAMETER; // Unsupported address size
-+  }
-+
-+  //
-+  // Compute the hash
-+  // Update the hash with the data
-+  //
-+  Status = Hash2Protocol->HashUpdate (Hash2Protocol, (UINT8 *)&IsnHashCtx, sizeof (IsnHashCtx));
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to update hash: %r\n", Status));
-+    return Status;
-+  }
-+
-+  //
-+  // Finalize the hash and retrieve the result
-+  //
-+  Status = Hash2Protocol->HashFinal (Hash2Protocol, &HashResult);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((DEBUG_NET, "Failed to finalize hash: %r\n", Status));
-+    return Status;
-+  }
-+
-+  Status = gRT->GetTime (&TimeStamp, NULL);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  //
-+  // copy the first 4 bytes of the hash result into the ISN
-+  //
-+  CopyMem (Isn, HashResult.Md5Hash, sizeof (*Isn));
-+
-+  //
-+  // now add the timestamp to the ISN as 4 microseconds units (1000 / 4 = 250)
-+  //
-+  *Isn += (TCP_SEQNO)TimeStamp.Nanosecond * 250;
-+
-+  return Status;
- }
- 
- /**
-@@ -721,17 +926,28 @@ TcpFormatNetbuf (
-   @param[in, out]  Tcb          Pointer to the TCP_CB that wants to initiate a
-                                 connection.
- 
-+  @retval EFI_SUCCESS             The operation completed successfully
-+  @retval others                  The underlying functions failed and could not complete the operation
-+
- **/
-VOID
-+EFI_STATUS
- TcpOnAppConnect (
-   IN OUT TCP_CB  *Tcb
-   )
- {
-  TcpInitTcbLocal (Tcb);
-+  EFI_STATUS  Status;
-+
-+  Status = TcpInitTcbLocal (Tcb);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-   TcpSetState (Tcb, TCP_SYN_SENT);
- 
-   TcpSetTimer (Tcb, TCP_TIMER_CONNECT, Tcb->ConnectTimeout);
-   TcpToSendData (Tcb, 1);
-+
-+  return EFI_SUCCESS;
- }
- 
- /**
-diff --git a/NetworkPkg/TcpDxe/TcpTimer.c b/NetworkPkg/TcpDxe/TcpTimer.c
-index 5d2e124977..065b1bdf5f 100644
--- a/NetworkPkg/TcpDxe/TcpTimer.c
-+++ b/NetworkPkg/TcpDxe/TcpTimer.c
-@@ -2,7 +2,7 @@
-   TCP timer related functions.
- 
-   Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR>
-
-+  Copyright (c) Microsoft Corporation
-   SPDX-License-Identifier: BSD-2-Clause-Patent
- 
- **/
-@@ -483,7 +483,6 @@ TcpTickingDpc (
-   INT16       Index;
- 
-   mTcpTick++;
-  mTcpGlobalIss += TCP_ISS_INCREMENT_2;
- 
-   //
-   // Don't use LIST_FOR_EACH, which isn't delete safe.
-- 
-2.39.3
-
--- a/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
+++ b/SOURCES/edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
@ -1,201 +0,0 @@
-From 1b48c27469c9867c69e6f2b35aa7cd5562b5cf39 Mon Sep 17 00:00:00 2001
-From: Doug Flick <dougflick@microsoft.com>
-Date: Wed, 8 May 2024 22:56:24 -0700
-Subject: [PATCH 1/3] OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-
-RH-Author: Oliver Steffen <osteffen@redhat.com>
-RH-MergeRequest: 79: OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-RH-Jira: RHEL-46976
-RH-Commit: [1/1] 71f16261937c2fe2ff6fa434db6f300ff7f4fef0
-
-JIRA: https://issues.redhat.com/browse/RHEL-46976
-Upstream: Merged
-
-Upstream commit 4c4ceb2ceb80 ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
-broke HTTP boot in OVMF. This fixes it.
-
-commit cb9d71189134e78efb00759eb9649ce92bf5b29a
-Author: Doug Flick <dougflick@microsoft.com>
-Date:   Wed May 8 22:56:24 2024 -0700
-
-    OvmfPkg: Add Hash2DxeCrypto to OvmfPkg
-
-    This patch adds Hash2DxeCrypto to OvmfPkg. The Hash2DxeCrypto is
-    used to provide the hashing protocol services.
-
-    Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Jiewen Yao <jiewen.yao@intel.com>
-    Cc: Gerd Hoffmann <kraxel@redhat.com>
-
-    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
-    Tested-by: Gerd Hoffmann <kraxel@redhat.com>
-    Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-    Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-
-Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
- OvmfPkg/OvmfPkgIa32.dsc    | 6 +++++-
- OvmfPkg/OvmfPkgIa32.fdf    | 5 +++++
- OvmfPkg/OvmfPkgIa32X64.dsc | 6 +++++-
- OvmfPkg/OvmfPkgIa32X64.fdf | 5 +++++
- OvmfPkg/OvmfPkgX64.dsc     | 6 +++++-
- OvmfPkg/OvmfPkgX64.fdf     | 5 +++++
- OvmfPkg/OvmfXen.dsc        | 5 +++++
- OvmfPkg/OvmfXen.fdf        | 5 +++++
- 8 files changed, 40 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 4074aa382d..bd15bb30fe 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -226,7 +226,6 @@
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
- 
-
-   #
-   # Network libraries
-   #
-@@ -884,6 +883,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 20cfd2788e..2df265982b 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -303,6 +303,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 75ef19bc85..358f510ef8 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -231,7 +231,6 @@
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
- 
-
-   #
-   # Network libraries
-   #
-@@ -902,6 +901,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index 8517c79ba2..4a73d67238 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -304,6 +304,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 631ff0c788..266d77e15c 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -247,7 +247,6 @@
-   VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
-   VariableFlashInfoLib|MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf
- 
-
-   #
-   # Network libraries
-   #
-@@ -970,6 +969,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index 7ecde357ce..cedc362d04 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -331,6 +331,11 @@ INF MdeModulePkg/Logo/LogoDxe.inf
- 
- INF OvmfPkg/TdxDxe/TdxDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
-index 0063245b56..021558423d 100644
--- a/OvmfPkg/OvmfXen.dsc
-+++ b/OvmfPkg/OvmfXen.dsc
-@@ -682,6 +682,11 @@
-   MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
-   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
- 
-+  #
-+  # Hash2 Protocol producer
-+  #
-+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
-   #
-   # Network Support
-   #
-diff --git a/OvmfPkg/OvmfXen.fdf b/OvmfPkg/OvmfXen.fdf
-index bdff7c52d8..e970b91652 100644
--- a/OvmfPkg/OvmfXen.fdf
-+++ b/OvmfPkg/OvmfXen.fdf
-@@ -315,6 +315,11 @@ INF  ShellPkg/Application/Shell/Shell.inf
- 
- INF MdeModulePkg/Logo/LogoDxe.inf
- 
-+#
-+# Hash2 Protocol producer
-+#
-+INF SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
-+
- #
- # Network modules
- #
-- 
-2.39.3
-
--- a/SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch
+++ b/SOURCES/edk2-OvmfPkg-wire-up-RngDxe.patch
@ -1,330 +0,0 @@
-From e22e11cc37c3bf3530ea8db1d18371c47c9e4440 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:34:22 -0400
-Subject: [PATCH 6/8] OvmfPkg: wire up RngDxe
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [6/8] 4adf88888386923ee824469cf836b4f63117807d
-
-JIRA: https://issues.redhat.com/browse/RHEL-40270
-Upstream: Merged
-CVE: CVE-2023-45237
-Conflicts: Cherry pick wanted to add include files from the
-           missing 'add ShellComponents' (commit 2cb466cc2cbf...)
-	   series. This had to be handled manually.
-
-commit 712797cf19acd292bf203522a79e40e7e13d268b
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri May 24 12:51:17 2024 +0200
-
-    OvmfPkg: wire up RngDxe
-
-    Add OvmfRng include snippets with the random number generator
-    configuration for OVMF.  Include RngDxe, build with BaseRngLib,
-    so the rdrand instruction is used (if available).
-
-    Also move VirtioRng to the include snippets.
-
-    Use the new include snippets for OVMF builds.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- OvmfPkg/AmdSev/AmdSevX64.dsc                  | 2 +-
- OvmfPkg/AmdSev/AmdSevX64.fdf                  | 3 ++-
- OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
- OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc        | 6 ++++++
- OvmfPkg/IntelTdx/IntelTdxX64.dsc              | 2 +-
- OvmfPkg/IntelTdx/IntelTdxX64.fdf              | 3 ++-
- OvmfPkg/Microvm/MicrovmX64.dsc                | 2 +-
- OvmfPkg/Microvm/MicrovmX64.fdf                | 3 ++-
- OvmfPkg/OvmfPkgIa32.dsc                       | 2 +-
- OvmfPkg/OvmfPkgIa32.fdf                       | 3 ++-
- OvmfPkg/OvmfPkgIa32X64.dsc                    | 2 +-
- OvmfPkg/OvmfPkgIa32X64.fdf                    | 3 ++-
- OvmfPkg/OvmfPkgX64.dsc                        | 2 +-
- OvmfPkg/OvmfPkgX64.fdf                        | 3 ++-
- 14 files changed, 33 insertions(+), 12 deletions(-)
- create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-
-diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 7bb6ffb3f0..5d50e77002 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
-+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -651,7 +651,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- !if $(PVSCSI_ENABLE) == TRUE
-   OvmfPkg/PvScsiDxe/PvScsiDxe.inf
- !endif
-@@ -763,6 +762,7 @@
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
- !endif
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
-   OvmfPkg/PlatformDxe/Platform.inf
-   OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
-diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
-index 0e3d7bea2b..c94f2d34ee 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
-+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
-@@ -220,7 +220,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
- INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
- INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- !if $(PVSCSI_ENABLE) == TRUE
- INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
- !endif
-@@ -316,6 +315,8 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- #
- !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- ################################################################################
- 
- [FV.FVMAIN_COMPACT]
-diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
-new file mode 100644
-index 0000000000..68839a0caa
--- /dev/null
-+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
-@@ -0,0 +1,9 @@
-+##
-+#    SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+
-+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
-+    <LibraryClasses>
-+      RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
-+  }
-+  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-new file mode 100644
-index 0000000000..99cb4a32b1
--- /dev/null
-+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-@@ -0,0 +1,6 @@
-+##
-+#    SPDX-License-Identifier: BSD-2-Clause-Patent
-+##
-+
-+INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
-+INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-index fd6722499a..d38fed2171 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-@@ -641,7 +641,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- !if $(PVSCSI_ENABLE) == TRUE
-   OvmfPkg/PvScsiDxe/PvScsiDxe.inf
- !endif
-@@ -752,6 +751,7 @@
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
- !endif
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
-index 69ed7a9bc6..077a5c8637 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
-+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
-@@ -285,7 +285,6 @@ READ_LOCK_STATUS   = TRUE
- #
- INF  MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- !if $(PVSCSI_ENABLE) == TRUE
- INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
- !endif
-@@ -333,6 +332,8 @@ INF  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
- INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
- INF  OvmfPkg/PlatformDxe/Platform.inf
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- ################################################################################
- 
- [FV.FVMAIN_COMPACT]
-diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
-index 79f14b5c05..ca6902971f 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
-+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
-@@ -754,7 +754,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-   OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
-   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
-   MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
-@@ -880,6 +879,7 @@
-       gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
-index eda24a3ec9..767ee4b338 100644
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
-+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
-@@ -204,7 +204,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
- INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
- INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- INF  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-@@ -303,6 +302,8 @@ INF  OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
- INF  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
- INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- ################################################################################
- 
- [FV.FVMAIN_COMPACT]
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 83adecc374..4074aa382d 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -804,7 +804,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-   OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
-   OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -942,6 +941,7 @@
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
- !endif
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 88c57ff5ff..20cfd2788e 100644
--- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -236,7 +236,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
- INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
- INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- INF  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
- INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -367,6 +366,8 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- #
- !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- !if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
- INF  OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
- !endif
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index b47cdf63e7..75ef19bc85 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -822,7 +822,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-   OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
-   OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -960,6 +959,7 @@
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
- !endif
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index ab5a9bc306..8517c79ba2 100644
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -237,7 +237,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
- INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
- INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- INF  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
- INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -374,6 +373,8 @@ INF  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
- #
- !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- ################################################################################
- 
- [FV.FVMAIN_COMPACT]
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index be3824ec1e..631ff0c788 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -890,7 +890,6 @@
-   OvmfPkg/Virtio10Dxe/Virtio10.inf
-   OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-  OvmfPkg/VirtioRngDxe/VirtioRng.inf
-   OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
-   OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -1028,6 +1027,7 @@
-       gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
-   }
- !endif
-+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index 851399888f..7ecde357ce 100644
--- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -262,7 +262,6 @@ INF  OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
- INF  OvmfPkg/Virtio10Dxe/Virtio10.inf
- INF  OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
- INF  OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-INF  OvmfPkg/VirtioRngDxe/VirtioRng.inf
- INF  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- !if $(PVSCSI_ENABLE) == TRUE
- INF  OvmfPkg/PvScsiDxe/PvScsiDxe.inf
-@@ -408,6 +407,8 @@ INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
- #
- !include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
- 
-+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
-+
- ################################################################################
- 
- [FV.FVMAIN_COMPACT]
-- 
-2.39.3
-
--- a/SOURCES/edk2-SecurityPkg-RngDxe-add-rng-test.patch
+++ b/SOURCES/edk2-SecurityPkg-RngDxe-add-rng-test.patch
@ -1,71 +0,0 @@
-From 7719d41979ef6e376d183c70cd47951ff5bf6ef1 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Thu, 20 Jun 2024 10:33:43 -0400
-Subject: [PATCH 5/8] SecurityPkg/RngDxe: add rng test
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
-RH-Jira: RHEL-40270 RHEL-40272
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [5/8] 84a58daaed0ee81ebed501392be33338da575df6
-
-JIRA: https://issues.redhat.com/browse/RHEL-40270
-Upstream: Merged
-CVE: CVE-2023-45237
-
-commit a61bc0accb8a76edba4f073fdc7bafc908df045d
-Author: Gerd Hoffmann <kraxel@redhat.com>
-Date:   Fri May 31 09:49:13 2024 +0200
-
-    SecurityPkg/RngDxe: add rng test
-
-    Check whenever RngLib actually returns random numbers, only return
-    a non-zero number of Algorithms if that is the case.
-
-    This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
-    only in case it can actually deliver random numbers.
-
-    Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
-
-Check whenever RngLib actually returns random numbers, only return
-a non-zero number of Algorithms if that is the case.
-
-This has the effect that RndDxe loads and installs EFI_RNG_PROTOCOL
-only in case it can actually deliver random numbers.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
- SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-index 7e06e16e4b..285b5f46e7 100644
--- a/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-+++ b/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c
-@@ -23,6 +23,7 @@
- 
- #include <Library/BaseLib.h>
- #include <Library/BaseMemoryLib.h>
-+#include <Library/RngLib.h>
- 
- #include "RngDxeInternals.h"
- 
-@@ -43,7 +44,12 @@ GetAvailableAlgorithms (
-   VOID
-   )
- {
-  mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
-+  UINT64  RngTest;
-+
-+  if (GetRandomNumber64 (&RngTest)) {
-+    mAvailableAlgoArrayCount = RNG_ALGORITHM_COUNT;
-+  }
-+
-   return EFI_SUCCESS;
- }
- 
-- 
-2.39.3
-
--- a/SOURCES/edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
+++ b/SOURCES/edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
@ -1,148 +0,0 @@
-From 0ef57f5f435ee1909d14da24cd1c3edc91fef405 Mon Sep 17 00:00:00 2001
-From: Jon Maloy <jmaloy@redhat.com>
-Date: Sat, 6 Apr 2024 11:00:29 -0400
-Subject: [PATCH 2/2] StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
-
-RH-Author: Jon Maloy <jmaloy@redhat.com>
-RH-MergeRequest: 69: EmbeddedPkg/Hob: Integer Overflow in CreateHob()
-RH-Jira: RHEL-30156
-RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
-RH-Acked-by: Gerd Hoffmann <None>
-RH-Commit: [2/2] 3c3454688975f62041dd8d3393f0bba5ec3b71f1
-
-JIRA: https://issues.redhat.com/browse/RHEL-30156
-CVE: CVE-2022-36765
-Upstream: Merged
-
-commit 9a75b030cf27d2530444e9a2f9f11867f79bf679
-Author: Gua Guo <gua.guo@intel.com>
-Date:   Thu Jan 11 13:03:26 2024 +0800
-
-    StandaloneMmPkg/Hob: Integer Overflow in CreateHob()
-
-    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4166
-
-    Fix integer overflow in various CreateHob instances.
-    Fixes: CVE-2022-36765
-
-    The CreateHob() function aligns the requested size to 8
-    performing the following operation:
-    ```
-    HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
-    ```
-
-    No checks are performed to ensure this value doesn't
-    overflow, and could lead to CreateHob() returning a smaller
-    HOB than requested, which could lead to OOB HOB accesses.
-
-    Reported-by: Marc Beatove <mbeatove@google.com>
-    Reviewed-by: Ard Biesheuvel <ardb+tianocore@kernel.org>
-    Cc: Sami Mujawar <sami.mujawar@arm.com>
-    Reviewed-by: Ray Ni <ray.ni@intel.com>
-    Cc: John Mathew <john.mathews@intel.com>
-    Authored-by: Gerd Hoffmann <kraxel@redhat.com>
-    Signed-off-by: Gua Guo <gua.guo@intel.com>
-
-Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
- .../Arm/StandaloneMmCoreHobLib.c              | 35 +++++++++++++++++++
- 1 file changed, 35 insertions(+)
-
-diff --git a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
-index 1550e1babc..59473e28fe 100644
--- a/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
-+++ b/StandaloneMmPkg/Library/StandaloneMmCoreHobLib/Arm/StandaloneMmCoreHobLib.c
-@@ -34,6 +34,13 @@ CreateHob (
- 
-   HandOffHob = GetHobList ();
- 
-+  //
-+  // Check Length to avoid data overflow.
-+  //
-+  if (HobLength > MAX_UINT16 - 0x7) {
-+    return NULL;
-+  }
-+
-   HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
- 
-   FreeMemory = HandOffHob->EfiFreeMemoryTop - HandOffHob->EfiFreeMemoryBottom;
-@@ -89,6 +96,10 @@ BuildModuleHob (
-     );
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION_MODULE));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   CopyGuid (&(Hob->MemoryAllocationHeader.Name), &gEfiHobMemoryAllocModuleGuid);
-   Hob->MemoryAllocationHeader.MemoryBaseAddress = MemoryAllocationModule;
-@@ -129,6 +140,9 @@ BuildResourceDescriptorHob (
- 
-   Hob = CreateHob (EFI_HOB_TYPE_RESOURCE_DESCRIPTOR, sizeof (EFI_HOB_RESOURCE_DESCRIPTOR));
-   ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->ResourceType      = ResourceType;
-   Hob->ResourceAttribute = ResourceAttribute;
-@@ -167,6 +181,11 @@ BuildGuidHob (
-   ASSERT (DataLength <= (0xffff - sizeof (EFI_HOB_GUID_TYPE)));
- 
-   Hob = CreateHob (EFI_HOB_TYPE_GUID_EXTENSION, (UINT16)(sizeof (EFI_HOB_GUID_TYPE) + DataLength));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return NULL;
-+  }
-+
-   CopyGuid (&Hob->Name, Guid);
-   return Hob + 1;
- }
-@@ -226,6 +245,10 @@ BuildFvHob (
-   EFI_HOB_FIRMWARE_VOLUME  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV, sizeof (EFI_HOB_FIRMWARE_VOLUME));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -255,6 +278,10 @@ BuildFv2Hob (
-   EFI_HOB_FIRMWARE_VOLUME2  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_FV2, sizeof (EFI_HOB_FIRMWARE_VOLUME2));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->BaseAddress = BaseAddress;
-   Hob->Length      = Length;
-@@ -282,6 +309,10 @@ BuildCpuHob (
-   EFI_HOB_CPU  *Hob;
- 
-   Hob = CreateHob (EFI_HOB_TYPE_CPU, sizeof (EFI_HOB_CPU));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   Hob->SizeOfMemorySpace = SizeOfMemorySpace;
-   Hob->SizeOfIoSpace     = SizeOfIoSpace;
-@@ -319,6 +350,10 @@ BuildMemoryAllocationHob (
-     );
- 
-   Hob = CreateHob (EFI_HOB_TYPE_MEMORY_ALLOCATION, sizeof (EFI_HOB_MEMORY_ALLOCATION));
-+  ASSERT (Hob != NULL);
-+  if (Hob == NULL) {
-+    return;
-+  }
- 
-   ZeroMem (&(Hob->AllocDescriptor.Name), sizeof (EFI_GUID));
-   Hob->AllocDescriptor.MemoryBaseAddress = BaseAddress;
-- 
-2.39.3
-
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@ -5,7 +5,7 @@ ExclusiveArch: x86_64 aarch64
 %define TOOLCHAIN      GCC5

 %define OPENSSL_VER    3.0.7
-%define OPENSSL_HASH   0205b589887203b065154ddc8e8107c4ac8625a1
+%define OPENSSL_HASH   db0287935122edceb91dcda8dfb53b4090734e22

 %define DBXDATE        20230509

@ -20,7 +20,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}
-Release:    6%{?dist}.4
+Release:    6%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@ -264,40 +264,6 @@ Patch69: edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch
 # For RHEL-21851 - CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-9]
 # For RHEL-21853 - TRIAGE CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-9]
 Patch70: edk2-NetworkPkg-Updating-SecurityFixes.yaml.patch
-# For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
-Patch71: edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch
-# For RHEL-30156 - CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z]
-Patch72: edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch73: edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch74: edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch75: edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch76: edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch77: edk2-SecurityPkg-RngDxe-add-rng-test.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch78: edk2-OvmfPkg-wire-up-RngDxe.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch79: edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch
-# For RHEL-40270 - CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z]
-# For RHEL-40272 - CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z]
-Patch80: edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch
-# For RHEL-46976 - No http boot support on edk2-ovmf-20231122-6.el9_4.2
-Patch81: edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch
-# For RHEL-54188 - [RHEL-9.4.z] edk2 hit Failed to generate random data
-Patch82: edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
-# For RHEL-54188 - [RHEL-9.4.z] edk2 hit Failed to generate random data
-Patch83: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch

 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@ -631,40 +597,6 @@ install -m 0644 \


 %changelog
-* Wed Sep 18 2024 Jon Maloy <jmaloy@redhat.com> - 20231122-6.el9_4.4
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55337]
- Resolves: RHEL-55337
-  (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.4.z])
-
-* Tue Aug 20 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.3
- edk2-OvmfPkg-Add-Hash2DxeCrypto-to-OvmfPkg.patch [RHEL-46976]
- edk2-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch [RHEL-54188]
- edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch [RHEL-54188]
- Resolves: RHEL-46976
-  (No http boot support on edk2-ovmf-20231122-6.el9_4.2)
- Resolves: RHEL-54188
-  ([RHEL-9.4.z] edk2 hit Failed to generate random data)
-
-* Mon Jul 01 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.2
- edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch [RHEL-40270 RHEL-40272]
- edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch [RHEL-40270 RHEL-40272]
- edk2-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch [RHEL-40270 RHEL-40272]
- edk2-MdePkg-BaseRngLib-Add-a-smoketest-for-RDRAND-and-che.patch [RHEL-40270 RHEL-40272]
- edk2-SecurityPkg-RngDxe-add-rng-test.patch [RHEL-40270 RHEL-40272]
- edk2-OvmfPkg-wire-up-RngDxe.patch [RHEL-40270 RHEL-40272]
- edk2-CryptoPkg-Test-call-ProcessLibraryConstructorList.patch [RHEL-40270 RHEL-40272]
- edk2-MdePkg-X86UnitTestHost-set-rdrand-cpuid-bit.patch [RHEL-40270 RHEL-40272]
- Resolves: RHEL-40270
-  (CVE-2023-45237 edk2: Use of a Weak PseudoRandom Number Generator [rhel-9.4.z])
- Resolves: RHEL-40272
-  (CVE-2023-45236 edk2: Predictable TCP Initial Sequence Numbers [rhel-9.4.z])
-
-* Wed Apr 10 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6.el9_4.1
- edk2-EmbeddedPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- edk2-StandaloneMmPkg-Hob-Integer-Overflow-in-CreateHob.patch [RHEL-30156]
- Resolves: RHEL-30156
-  (CVE-2022-36765 edk2: integer overflow in CreateHob() could lead to HOB OOB R/W [rhel-9.4.z])
-
 * Thu Feb 22 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20231122-6
 - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]
 - edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch [RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853]