You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
331 lines
12 KiB
331 lines
12 KiB
From e22e11cc37c3bf3530ea8db1d18371c47c9e4440 Mon Sep 17 00:00:00 2001
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
|
Date: Thu, 20 Jun 2024 10:34:22 -0400
|
|
Subject: [PATCH 6/8] OvmfPkg: wire up RngDxe
|
|
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|
RH-MergeRequest: 75: NetworkPkg: SECURITY PATCH CVE-2023-45236 and CVE-2023-45237
|
|
RH-Jira: RHEL-40270 RHEL-40272
|
|
RH-Acked-by: Gerd Hoffmann <None>
|
|
RH-Commit: [6/8] 4adf88888386923ee824469cf836b4f63117807d
|
|
|
|
JIRA: https://issues.redhat.com/browse/RHEL-40270
|
|
Upstream: Merged
|
|
CVE: CVE-2023-45237
|
|
Conflicts: Cherry pick wanted to add include files from the
|
|
missing 'add ShellComponents' (commit 2cb466cc2cbf...)
|
|
series. This had to be handled manually.
|
|
|
|
commit 712797cf19acd292bf203522a79e40e7e13d268b
|
|
Author: Gerd Hoffmann <kraxel@redhat.com>
|
|
Date: Fri May 24 12:51:17 2024 +0200
|
|
|
|
OvmfPkg: wire up RngDxe
|
|
|
|
Add OvmfRng include snippets with the random number generator
|
|
configuration for OVMF. Include RngDxe, build with BaseRngLib,
|
|
so the rdrand instruction is used (if available).
|
|
|
|
Also move VirtioRng to the include snippets.
|
|
|
|
Use the new include snippets for OVMF builds.
|
|
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
|
---
|
|
OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +-
|
|
OvmfPkg/AmdSev/AmdSevX64.fdf | 3 ++-
|
|
OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc | 9 +++++++++
|
|
OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc | 6 ++++++
|
|
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
|
|
OvmfPkg/IntelTdx/IntelTdxX64.fdf | 3 ++-
|
|
OvmfPkg/Microvm/MicrovmX64.dsc | 2 +-
|
|
OvmfPkg/Microvm/MicrovmX64.fdf | 3 ++-
|
|
OvmfPkg/OvmfPkgIa32.dsc | 2 +-
|
|
OvmfPkg/OvmfPkgIa32.fdf | 3 ++-
|
|
OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
|
|
OvmfPkg/OvmfPkgIa32X64.fdf | 3 ++-
|
|
OvmfPkg/OvmfPkgX64.dsc | 2 +-
|
|
OvmfPkg/OvmfPkgX64.fdf | 3 ++-
|
|
14 files changed, 33 insertions(+), 12 deletions(-)
|
|
create mode 100644 OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
create mode 100644 OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
index 7bb6ffb3f0..5d50e77002 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
|
|
@@ -651,7 +651,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
!endif
|
|
@@ -763,6 +762,7 @@
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
!endif
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
OvmfPkg/PlatformDxe/Platform.inf
|
|
OvmfPkg/AmdSevDxe/AmdSevDxe.inf {
|
|
diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
index 0e3d7bea2b..c94f2d34ee 100644
|
|
--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
|
|
@@ -220,7 +220,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
!endif
|
|
@@ -316,6 +315,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
################################################################################
|
|
|
|
[FV.FVMAIN_COMPACT]
|
|
diff --git a/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
new file mode 100644
|
|
index 0000000000..68839a0caa
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
@@ -0,0 +1,9 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
|
|
+ <LibraryClasses>
|
|
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
|
|
+ }
|
|
+ OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
diff --git a/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
new file mode 100644
|
|
index 0000000000..99cb4a32b1
|
|
--- /dev/null
|
|
+++ b/OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
@@ -0,0 +1,6 @@
|
|
+##
|
|
+# SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
+##
|
|
+
|
|
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
|
|
+INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
|
index fd6722499a..d38fed2171 100644
|
|
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
|
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
|
|
@@ -641,7 +641,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
!endif
|
|
@@ -752,6 +751,7 @@
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
!endif
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
|
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
|
|
index 69ed7a9bc6..077a5c8637 100644
|
|
--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
|
|
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
|
|
@@ -285,7 +285,6 @@ READ_LOCK_STATUS = TRUE
|
|
#
|
|
INF MdeModulePkg/Universal/EbcDxe/EbcDxe.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
!endif
|
|
@@ -333,6 +332,8 @@ INF OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
|
|
INF OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
|
|
INF OvmfPkg/PlatformDxe/Platform.inf
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
################################################################################
|
|
|
|
[FV.FVMAIN_COMPACT]
|
|
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
index 79f14b5c05..ca6902971f 100644
|
|
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
|
|
@@ -754,7 +754,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
|
|
MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
|
|
@@ -880,6 +879,7 @@
|
|
gEfiShellPkgTokenSpaceGuid.PcdShellLibAutoInitialize|FALSE
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
|
diff --git a/OvmfPkg/Microvm/MicrovmX64.fdf b/OvmfPkg/Microvm/MicrovmX64.fdf
|
|
index eda24a3ec9..767ee4b338 100644
|
|
--- a/OvmfPkg/Microvm/MicrovmX64.fdf
|
|
+++ b/OvmfPkg/Microvm/MicrovmX64.fdf
|
|
@@ -204,7 +204,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
@@ -303,6 +302,8 @@ INF OvmfPkg/EmuVariableFvbRuntimeDxe/Fvb.inf
|
|
INF MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
|
|
INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
################################################################################
|
|
|
|
[FV.FVMAIN_COMPACT]
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
|
|
index 83adecc374..4074aa382d 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32.dsc
|
|
+++ b/OvmfPkg/OvmfPkgIa32.dsc
|
|
@@ -804,7 +804,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -942,6 +941,7 @@
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
!endif
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
|
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
|
|
index 88c57ff5ff..20cfd2788e 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32.fdf
|
|
+++ b/OvmfPkg/OvmfPkgIa32.fdf
|
|
@@ -236,7 +236,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -367,6 +366,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
!if $(LOAD_X64_ON_IA32_ENABLE) == TRUE
|
|
INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf
|
|
!endif
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
index b47cdf63e7..75ef19bc85 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
|
|
@@ -822,7 +822,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -960,6 +959,7 @@
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
!endif
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
|
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
index ab5a9bc306..8517c79ba2 100644
|
|
--- a/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
|
|
@@ -237,7 +237,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -374,6 +373,8 @@ INF MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
|
|
#
|
|
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
################################################################################
|
|
|
|
[FV.FVMAIN_COMPACT]
|
|
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
|
|
index be3824ec1e..631ff0c788 100644
|
|
--- a/OvmfPkg/OvmfPkgX64.dsc
|
|
+++ b/OvmfPkg/OvmfPkgX64.dsc
|
|
@@ -890,7 +890,6 @@
|
|
OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
- OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -1028,6 +1027,7 @@
|
|
gEfiMdePkgTokenSpaceGuid.PcdUefiLibMaxPrintBufferSize|8000
|
|
}
|
|
!endif
|
|
+!include OvmfPkg/Include/Dsc/OvmfRngComponents.dsc.inc
|
|
|
|
!if $(SECURE_BOOT_ENABLE) == TRUE
|
|
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
|
|
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
|
|
index 851399888f..7ecde357ce 100644
|
|
--- a/OvmfPkg/OvmfPkgX64.fdf
|
|
+++ b/OvmfPkg/OvmfPkgX64.fdf
|
|
@@ -262,7 +262,6 @@ INF OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
|
|
INF OvmfPkg/Virtio10Dxe/Virtio10.inf
|
|
INF OvmfPkg/VirtioBlkDxe/VirtioBlk.inf
|
|
INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
|
|
-INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
|
|
INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
|
|
!if $(PVSCSI_ENABLE) == TRUE
|
|
INF OvmfPkg/PvScsiDxe/PvScsiDxe.inf
|
|
@@ -408,6 +407,8 @@ INF SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
|
|
#
|
|
!include OvmfPkg/Include/Fdf/OvmfTpmDxe.fdf.inc
|
|
|
|
+!include OvmfPkg/Include/Fdf/OvmfRngDxe.fdf.inc
|
|
+
|
|
################################################################################
|
|
|
|
[FV.FVMAIN_COMPACT]
|
|
--
|
|
2.39.3
|
|
|