diff --git a/.edk2.metadata b/.edk2.metadata
index 7618d45..aba6cf1 100644
--- a/.edk2.metadata
+++ b/.edk2.metadata
@@ -1,2 +1,2 @@
-87a87bbfca0e751b2840f74b0612e2f0dad70535 SOURCES/edk2-89910a39dcfd.tar.xz
-f0655dec5d8d815956bab417fcdb25e6da7e21b8 SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
+c7ca6a13a5f9e7fe8071010c26a11ba41548308b SOURCES/edk2-37eef91017ad.tar.xz
+cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
diff --git a/.gitignore b/.gitignore
index 549c44d..ee17a8c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/edk2-89910a39dcfd.tar.xz
-SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
+SOURCES/edk2-37eef91017ad.tar.xz
+SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
diff --git a/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch b/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch
new file mode 100644
index 0000000..f7ece09
--- /dev/null
+++ b/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch
@@ -0,0 +1,668 @@
+From ac1a0b44df858e53be9e8af499e80a459f0cef16 Mon Sep 17 00:00:00 2001
+From: Shenglei Zhang <shenglei.zhang@intel.com>
+Date: Tue, 29 Oct 2019 15:43:11 +0000
+Subject: CryptoPkg/OpensslLib: Update process_files.pl to generate .h files
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- New patch (cherry-picked from upstream, to be dropped at the next
+  downstream rebase).
+
+- Upstream moved to OpenSSL_1.1.1b (for TianoCore#1089) in release
+  edk2-stable201905. As part of that OpenSSL update, "OpensslLib.inf" and
+  "OpensslLibCrypto.inf" failed to list some new header files.
+
+- As a part of edk2-stable201908, commit 8906f076de35
+  ("CryptoPkg/OpensslLib: Add missing header files in INF file",
+  2019-08-16) fixed up "OpensslLib.inf" and "OpensslLibCrypto.inf" with
+  the missing header files, but did so manually.
+
+- The present patch (which is going to be released in edk2-stable201911)
+  updates "process_files.pl" to list the subject header files
+  automatically.
+
+- This patch is being backported primarily in order to keep further
+  backports for the modified files conflict-free. It might also come in
+  handy once we adopt RHEL8's own OpenSSL version (in case we have to
+  re-run "process_files.pl" ourselves).
+
+There are missing headers added into INF files at 8906f076de35b222a..
+They are now manually added but not auto-generated. So we update the
+perl script to enable this feature.
+Meanwhile, update the order of the .h files in INF files, which are
+auto-generated now.
+https://bugzilla.tianocore.org/show_bug.cgi?id=2085
+
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Xiaoyu Lu <xiaoyux.lu@intel.com>
+(cherry picked from commit 9f4fbd56d43054cc73d722c1643659f9741c0fcf)
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf   | 103 +++++++++---------
+ .../Library/OpensslLib/OpensslLibCrypto.inf   |  96 ++++++++--------
+ CryptoPkg/Library/OpensslLib/process_files.pl |  28 +++++
+ 3 files changed, 129 insertions(+), 98 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index 7432321fd4..dd873a0dcd 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -34,9 +34,7 @@
+   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+   $(OPENSSL_PATH)/crypto/aria/aria.c
+-  $(OPENSSL_PATH)/crypto/arm_arch.h
+   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
+   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
+   $(OPENSSL_PATH)/crypto/asn1/a_digest.c
+@@ -101,21 +99,12 @@
+   $(OPENSSL_PATH)/crypto/asn1/x_sig.c
+   $(OPENSSL_PATH)/crypto/asn1/x_spki.c
+   $(OPENSSL_PATH)/crypto/asn1/x_val.c
+-  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+-  $(OPENSSL_PATH)/crypto/asn1/charmap.h
+-  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+-  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+   $(OPENSSL_PATH)/crypto/async/arch/async_null.c
+   $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
+   $(OPENSSL_PATH)/crypto/async/arch/async_win.c
+   $(OPENSSL_PATH)/crypto/async/async.c
+   $(OPENSSL_PATH)/crypto/async/async_err.c
+   $(OPENSSL_PATH)/crypto/async/async_wait.c
+-  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+-  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+-  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+   $(OPENSSL_PATH)/crypto/bio/b_addr.c
+   $(OPENSSL_PATH)/crypto/bio/b_dump.c
+   $(OPENSSL_PATH)/crypto/bio/b_sock.c
+@@ -138,7 +127,6 @@
+   $(OPENSSL_PATH)/crypto/bio/bss_mem.c
+   $(OPENSSL_PATH)/crypto/bio/bss_null.c
+   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+   $(OPENSSL_PATH)/crypto/bn/bn_add.c
+   $(OPENSSL_PATH)/crypto/bn/bn_asm.c
+   $(OPENSSL_PATH)/crypto/bn/bn_blind.c
+@@ -170,9 +158,6 @@
+   $(OPENSSL_PATH)/crypto/bn/bn_srp.c
+   $(OPENSSL_PATH)/crypto/bn/bn_word.c
+   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
+   $(OPENSSL_PATH)/crypto/buffer/buffer.c
+   $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+@@ -181,7 +166,6 @@
+   $(OPENSSL_PATH)/crypto/comp/c_zlib.c
+   $(OPENSSL_PATH)/crypto/comp/comp_err.c
+   $(OPENSSL_PATH)/crypto/comp/comp_lib.c
+-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+   $(OPENSSL_PATH)/crypto/conf/conf_api.c
+   $(OPENSSL_PATH)/crypto/conf/conf_def.c
+   $(OPENSSL_PATH)/crypto/conf/conf_err.c
+@@ -190,8 +174,6 @@
+   $(OPENSSL_PATH)/crypto/conf/conf_mod.c
+   $(OPENSSL_PATH)/crypto/conf/conf_sap.c
+   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
+-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+   $(OPENSSL_PATH)/crypto/cpt_err.c
+   $(OPENSSL_PATH)/crypto/cryptlib.c
+   $(OPENSSL_PATH)/crypto/ctype.c
+@@ -215,8 +197,6 @@
+   $(OPENSSL_PATH)/crypto/des/set_key.c
+   $(OPENSSL_PATH)/crypto/des/str2key.c
+   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
+-  $(OPENSSL_PATH)/crypto/des/spr.h
+-  $(OPENSSL_PATH)/crypto/des/des_locl.h
+   $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+   $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+   $(OPENSSL_PATH)/crypto/dh/dh_check.c
+@@ -231,7 +211,6 @@
+   $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+   $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
+-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
+   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
+   $(OPENSSL_PATH)/crypto/dso/dso_err.c
+@@ -239,7 +218,6 @@
+   $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
+   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+   $(OPENSSL_PATH)/crypto/ebcdic.c
+   $(OPENSSL_PATH)/crypto/err/err.c
+   $(OPENSSL_PATH)/crypto/err/err_prn.c
+@@ -304,13 +282,11 @@
+   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+   $(OPENSSL_PATH)/crypto/ex_data.c
+   $(OPENSSL_PATH)/crypto/getenv.c
+   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
+   $(OPENSSL_PATH)/crypto/hmac/hmac.c
+-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+   $(OPENSSL_PATH)/crypto/init.c
+   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+@@ -318,13 +294,10 @@
+   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
+   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+   $(OPENSSL_PATH)/crypto/lhash/lhash.c
+-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+   $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
+   $(OPENSSL_PATH)/crypto/md4/md4_one.c
+-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+   $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
+   $(OPENSSL_PATH)/crypto/md5/md5_one.c
+-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+   $(OPENSSL_PATH)/crypto/mem.c
+   $(OPENSSL_PATH)/crypto/mem_clr.c
+   $(OPENSSL_PATH)/crypto/mem_dbg.c
+@@ -339,7 +312,6 @@
+   $(OPENSSL_PATH)/crypto/modes/ofb128.c
+   $(OPENSSL_PATH)/crypto/modes/wrap128.c
+   $(OPENSSL_PATH)/crypto/modes/xts128.c
+-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+   $(OPENSSL_PATH)/crypto/o_dir.c
+   $(OPENSSL_PATH)/crypto/o_fips.c
+   $(OPENSSL_PATH)/crypto/o_fopen.c
+@@ -351,9 +323,6 @@
+   $(OPENSSL_PATH)/crypto/objects/obj_err.c
+   $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+   $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+@@ -364,7 +333,6 @@
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+   $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
+-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+   $(OPENSSL_PATH)/crypto/pem/pem_all.c
+   $(OPENSSL_PATH)/crypto/pem/pem_err.c
+   $(OPENSSL_PATH)/crypto/pem/pem_info.c
+@@ -392,7 +360,6 @@
+   $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c
+   $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c
+   $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c
+-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+   $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c
+@@ -401,7 +368,6 @@
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
+-  $(OPENSSL_PATH)/crypto/ppc_arch.h
+   $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
+   $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
+   $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+@@ -410,10 +376,8 @@
+   $(OPENSSL_PATH)/crypto/rand/rand_unix.c
+   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
+   $(OPENSSL_PATH)/crypto/rand/rand_win.c
+-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
+@@ -436,24 +400,18 @@
+   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+-  $(OPENSSL_PATH)/crypto/s390x_arch.h
+   $(OPENSSL_PATH)/crypto/sha/keccak1600.c
+   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
+   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
+   $(OPENSSL_PATH)/crypto/sha/sha256.c
+   $(OPENSSL_PATH)/crypto/sha/sha512.c
+-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+   $(OPENSSL_PATH)/crypto/siphash/siphash.c
+   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
+   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+-  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
+   $(OPENSSL_PATH)/crypto/sm3/sm3.c
+-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+   $(OPENSSL_PATH)/crypto/sm4/sm4.c
+   $(OPENSSL_PATH)/crypto/stack/stack.c
+-  $(OPENSSL_PATH)/crypto/sparc_arch.h
+   $(OPENSSL_PATH)/crypto/threads_none.c
+   $(OPENSSL_PATH)/crypto/threads_pthread.c
+   $(OPENSSL_PATH)/crypto/threads_win.c
+@@ -463,8 +421,6 @@
+   $(OPENSSL_PATH)/crypto/ui/ui_null.c
+   $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
+   $(OPENSSL_PATH)/crypto/ui/ui_util.c
+-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+-  $(OPENSSL_PATH)/crypto/vms_rms.h
+   $(OPENSSL_PATH)/crypto/uid.c
+   $(OPENSSL_PATH)/crypto/x509/by_dir.c
+   $(OPENSSL_PATH)/crypto/x509/by_file.c
+@@ -502,7 +458,6 @@
+   $(OPENSSL_PATH)/crypto/x509/x_req.c
+   $(OPENSSL_PATH)/crypto/x509/x_x509.c
+   $(OPENSSL_PATH)/crypto/x509/x_x509a.c
+-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
+@@ -540,11 +495,57 @@
+   $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
+   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
+   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
++  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
++  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
++  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
++  $(OPENSSL_PATH)/crypto/conf/conf_def.h
++  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
++  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
++  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
++  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
++  $(OPENSSL_PATH)/crypto/store/store_locl.h
++  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
++  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
++  $(OPENSSL_PATH)/crypto/arm_arch.h
++  $(OPENSSL_PATH)/crypto/mips_arch.h
++  $(OPENSSL_PATH)/crypto/ppc_arch.h
++  $(OPENSSL_PATH)/crypto/s390x_arch.h
++  $(OPENSSL_PATH)/crypto/sparc_arch.h
++  $(OPENSSL_PATH)/crypto/vms_rms.h
++  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
++  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
++  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
++  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
++  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
++  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
++  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
++  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
++  $(OPENSSL_PATH)/crypto/asn1/charmap.h
++  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
++  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
++  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
++  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
++  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
++  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
++  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
++  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
++  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
++  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
++  $(OPENSSL_PATH)/crypto/des/des_locl.h
++  $(OPENSSL_PATH)/crypto/des/spr.h
++  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
++  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
++  $(OPENSSL_PATH)/crypto/async/async_locl.h
++  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+-  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
+-  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
+-  $(OPENSSL_PATH)/ms/uplink.h
++  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
++  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
++  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
++  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+   $(OPENSSL_PATH)/ssl/bio_ssl.c
+   $(OPENSSL_PATH)/ssl/d1_lib.c
+   $(OPENSSL_PATH)/ssl/d1_msg.c
+@@ -589,13 +590,13 @@
+   $(OPENSSL_PATH)/ssl/t1_trce.c
+   $(OPENSSL_PATH)/ssl/tls13_enc.c
+   $(OPENSSL_PATH)/ssl/tls_srp.c
+-  $(OPENSSL_PATH)/ssl/record/record_locl.h
+   $(OPENSSL_PATH)/ssl/statem/statem.h
+   $(OPENSSL_PATH)/ssl/statem/statem_locl.h
++  $(OPENSSL_PATH)/ssl/packet_locl.h
++  $(OPENSSL_PATH)/ssl/ssl_cert_table.h
+   $(OPENSSL_PATH)/ssl/ssl_locl.h
+   $(OPENSSL_PATH)/ssl/record/record.h
+-  $(OPENSSL_PATH)/ssl/ssl_cert_table.h
+-  $(OPENSSL_PATH)/ssl/packet_locl.h
++  $(OPENSSL_PATH)/ssl/record/record_locl.h
+ # Autogenerated files list ends here
+ 
+   ossl_store.c
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index 8134b45eda..a1bb560255 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -33,9 +33,7 @@
+   $(OPENSSL_PATH)/crypto/aes/aes_misc.c
+   $(OPENSSL_PATH)/crypto/aes/aes_ofb.c
+   $(OPENSSL_PATH)/crypto/aes/aes_wrap.c
+-  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
+   $(OPENSSL_PATH)/crypto/aria/aria.c
+-  $(OPENSSL_PATH)/crypto/arm_arch.h
+   $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c
+   $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c
+   $(OPENSSL_PATH)/crypto/asn1/a_digest.c
+@@ -100,21 +98,12 @@
+   $(OPENSSL_PATH)/crypto/asn1/x_sig.c
+   $(OPENSSL_PATH)/crypto/asn1/x_spki.c
+   $(OPENSSL_PATH)/crypto/asn1/x_val.c
+-  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
+-  $(OPENSSL_PATH)/crypto/asn1/charmap.h
+-  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
+-  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
+-  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
+   $(OPENSSL_PATH)/crypto/async/arch/async_null.c
+   $(OPENSSL_PATH)/crypto/async/arch/async_posix.c
+   $(OPENSSL_PATH)/crypto/async/arch/async_win.c
+-  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
+-  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
+-  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
+   $(OPENSSL_PATH)/crypto/async/async.c
+   $(OPENSSL_PATH)/crypto/async/async_err.c
+   $(OPENSSL_PATH)/crypto/async/async_wait.c
+-  $(OPENSSL_PATH)/crypto/async/async_locl.h
+   $(OPENSSL_PATH)/crypto/bio/b_addr.c
+   $(OPENSSL_PATH)/crypto/bio/b_dump.c
+   $(OPENSSL_PATH)/crypto/bio/b_sock.c
+@@ -137,7 +126,6 @@
+   $(OPENSSL_PATH)/crypto/bio/bss_mem.c
+   $(OPENSSL_PATH)/crypto/bio/bss_null.c
+   $(OPENSSL_PATH)/crypto/bio/bss_sock.c
+-  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
+   $(OPENSSL_PATH)/crypto/bn/bn_add.c
+   $(OPENSSL_PATH)/crypto/bn/bn_asm.c
+   $(OPENSSL_PATH)/crypto/bn/bn_blind.c
+@@ -169,9 +157,6 @@
+   $(OPENSSL_PATH)/crypto/bn/bn_srp.c
+   $(OPENSSL_PATH)/crypto/bn/bn_word.c
+   $(OPENSSL_PATH)/crypto/bn/bn_x931p.c
+-  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
+-  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
+-  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
+   $(OPENSSL_PATH)/crypto/buffer/buf_err.c
+   $(OPENSSL_PATH)/crypto/buffer/buffer.c
+   $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c
+@@ -180,7 +165,6 @@
+   $(OPENSSL_PATH)/crypto/comp/c_zlib.c
+   $(OPENSSL_PATH)/crypto/comp/comp_err.c
+   $(OPENSSL_PATH)/crypto/comp/comp_lib.c
+-  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
+   $(OPENSSL_PATH)/crypto/conf/conf_api.c
+   $(OPENSSL_PATH)/crypto/conf/conf_def.c
+   $(OPENSSL_PATH)/crypto/conf/conf_err.c
+@@ -189,8 +173,6 @@
+   $(OPENSSL_PATH)/crypto/conf/conf_mod.c
+   $(OPENSSL_PATH)/crypto/conf/conf_sap.c
+   $(OPENSSL_PATH)/crypto/conf/conf_ssl.c
+-  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
+-  $(OPENSSL_PATH)/crypto/conf/conf_def.h
+   $(OPENSSL_PATH)/crypto/cpt_err.c
+   $(OPENSSL_PATH)/crypto/cryptlib.c
+   $(OPENSSL_PATH)/crypto/ctype.c
+@@ -214,8 +196,6 @@
+   $(OPENSSL_PATH)/crypto/des/set_key.c
+   $(OPENSSL_PATH)/crypto/des/str2key.c
+   $(OPENSSL_PATH)/crypto/des/xcbc_enc.c
+-  $(OPENSSL_PATH)/crypto/des/spr.h
+-  $(OPENSSL_PATH)/crypto/des/des_locl.h
+   $(OPENSSL_PATH)/crypto/dh/dh_ameth.c
+   $(OPENSSL_PATH)/crypto/dh/dh_asn1.c
+   $(OPENSSL_PATH)/crypto/dh/dh_check.c
+@@ -230,7 +210,6 @@
+   $(OPENSSL_PATH)/crypto/dh/dh_prn.c
+   $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c
+   $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c
+-  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
+   $(OPENSSL_PATH)/crypto/dso/dso_dl.c
+   $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c
+   $(OPENSSL_PATH)/crypto/dso/dso_err.c
+@@ -238,7 +217,6 @@
+   $(OPENSSL_PATH)/crypto/dso/dso_openssl.c
+   $(OPENSSL_PATH)/crypto/dso/dso_vms.c
+   $(OPENSSL_PATH)/crypto/dso/dso_win32.c
+-  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
+   $(OPENSSL_PATH)/crypto/ebcdic.c
+   $(OPENSSL_PATH)/crypto/err/err.c
+   $(OPENSSL_PATH)/crypto/err/err_prn.c
+@@ -280,7 +258,6 @@
+   $(OPENSSL_PATH)/crypto/evp/evp_pkey.c
+   $(OPENSSL_PATH)/crypto/evp/m_md2.c
+   $(OPENSSL_PATH)/crypto/evp/m_md4.c
+-  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
+   $(OPENSSL_PATH)/crypto/evp/m_md5.c
+   $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c
+   $(OPENSSL_PATH)/crypto/evp/m_mdc2.c
+@@ -304,13 +281,11 @@
+   $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c
+   $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c
+   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
+-  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
+   $(OPENSSL_PATH)/crypto/ex_data.c
+   $(OPENSSL_PATH)/crypto/getenv.c
+   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
+   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
+   $(OPENSSL_PATH)/crypto/hmac/hmac.c
+-  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
+   $(OPENSSL_PATH)/crypto/init.c
+   $(OPENSSL_PATH)/crypto/kdf/hkdf.c
+   $(OPENSSL_PATH)/crypto/kdf/kdf_err.c
+@@ -318,12 +293,10 @@
+   $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c
+   $(OPENSSL_PATH)/crypto/lhash/lh_stats.c
+   $(OPENSSL_PATH)/crypto/lhash/lhash.c
+-  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
+   $(OPENSSL_PATH)/crypto/md4/md4_dgst.c
+   $(OPENSSL_PATH)/crypto/md4/md4_one.c
+   $(OPENSSL_PATH)/crypto/md5/md5_dgst.c
+   $(OPENSSL_PATH)/crypto/md5/md5_one.c
+-  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
+   $(OPENSSL_PATH)/crypto/mem.c
+   $(OPENSSL_PATH)/crypto/mem_clr.c
+   $(OPENSSL_PATH)/crypto/mem_dbg.c
+@@ -338,7 +311,6 @@
+   $(OPENSSL_PATH)/crypto/modes/ofb128.c
+   $(OPENSSL_PATH)/crypto/modes/wrap128.c
+   $(OPENSSL_PATH)/crypto/modes/xts128.c
+-  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
+   $(OPENSSL_PATH)/crypto/o_dir.c
+   $(OPENSSL_PATH)/crypto/o_fips.c
+   $(OPENSSL_PATH)/crypto/o_fopen.c
+@@ -350,9 +322,6 @@
+   $(OPENSSL_PATH)/crypto/objects/obj_err.c
+   $(OPENSSL_PATH)/crypto/objects/obj_lib.c
+   $(OPENSSL_PATH)/crypto/objects/obj_xref.c
+-  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
+-  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+-  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c
+@@ -363,7 +332,6 @@
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c
+   $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c
+   $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c
+-  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
+   $(OPENSSL_PATH)/crypto/pem/pem_all.c
+   $(OPENSSL_PATH)/crypto/pem/pem_err.c
+   $(OPENSSL_PATH)/crypto/pem/pem_info.c
+@@ -399,8 +367,6 @@
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c
+   $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c
+-  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
+-  $(OPENSSL_PATH)/crypto/ppc_arch.h
+   $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c
+   $(OPENSSL_PATH)/crypto/rand/drbg_lib.c
+   $(OPENSSL_PATH)/crypto/rand/rand_egd.c
+@@ -409,10 +375,8 @@
+   $(OPENSSL_PATH)/crypto/rand/rand_unix.c
+   $(OPENSSL_PATH)/crypto/rand/rand_vms.c
+   $(OPENSSL_PATH)/crypto/rand/rand_win.c
+-  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
+   $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c
+   $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c
+-  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
+   $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c
+@@ -435,24 +399,18 @@
+   $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c
+   $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c
+-  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
+   $(OPENSSL_PATH)/crypto/sha/keccak1600.c
+   $(OPENSSL_PATH)/crypto/sha/sha1_one.c
+   $(OPENSSL_PATH)/crypto/sha/sha1dgst.c
+   $(OPENSSL_PATH)/crypto/sha/sha256.c
+   $(OPENSSL_PATH)/crypto/sha/sha512.c
+-  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
+   $(OPENSSL_PATH)/crypto/siphash/siphash.c
+   $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c
+   $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c
+-  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
+   $(OPENSSL_PATH)/crypto/sm3/m_sm3.c
+   $(OPENSSL_PATH)/crypto/sm3/sm3.c
+-  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
+   $(OPENSSL_PATH)/crypto/sm4/sm4.c
+   $(OPENSSL_PATH)/crypto/stack/stack.c
+-  $(OPENSSL_PATH)/crypto/s390x_arch.h
+-  $(OPENSSL_PATH)/crypto/sparc_arch.h
+   $(OPENSSL_PATH)/crypto/threads_none.c
+   $(OPENSSL_PATH)/crypto/threads_pthread.c
+   $(OPENSSL_PATH)/crypto/threads_win.c
+@@ -462,9 +420,7 @@
+   $(OPENSSL_PATH)/crypto/ui/ui_null.c
+   $(OPENSSL_PATH)/crypto/ui/ui_openssl.c
+   $(OPENSSL_PATH)/crypto/ui/ui_util.c
+-  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
+   $(OPENSSL_PATH)/crypto/uid.c
+-  $(OPENSSL_PATH)/crypto/vms_rms.h
+   $(OPENSSL_PATH)/crypto/x509/by_dir.c
+   $(OPENSSL_PATH)/crypto/x509/by_file.c
+   $(OPENSSL_PATH)/crypto/x509/t_crl.c
+@@ -501,7 +457,6 @@
+   $(OPENSSL_PATH)/crypto/x509/x_req.c
+   $(OPENSSL_PATH)/crypto/x509/x_x509.c
+   $(OPENSSL_PATH)/crypto/x509/x_x509a.c
+-  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c
+@@ -539,10 +494,57 @@
+   $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c
+   $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c
+   $(OPENSSL_PATH)/crypto/x509v3/v3err.c
++  $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
++  $(OPENSSL_PATH)/crypto/dh/dh_locl.h
++  $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
++  $(OPENSSL_PATH)/crypto/conf/conf_def.h
++  $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
++  $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
++  $(OPENSSL_PATH)/crypto/sha/sha_locl.h
++  $(OPENSSL_PATH)/crypto/md5/md5_locl.h
++  $(OPENSSL_PATH)/crypto/store/store_locl.h
++  $(OPENSSL_PATH)/crypto/dso/dso_locl.h
++  $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
++  $(OPENSSL_PATH)/crypto/arm_arch.h
++  $(OPENSSL_PATH)/crypto/mips_arch.h
++  $(OPENSSL_PATH)/crypto/ppc_arch.h
++  $(OPENSSL_PATH)/crypto/s390x_arch.h
++  $(OPENSSL_PATH)/crypto/sparc_arch.h
++  $(OPENSSL_PATH)/crypto/vms_rms.h
++  $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
++  $(OPENSSL_PATH)/crypto/bn/bn_prime.h
++  $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
++  $(OPENSSL_PATH)/crypto/ui/ui_locl.h
++  $(OPENSSL_PATH)/crypto/md4/md4_locl.h
++  $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h
++  $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
++  $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
++  $(OPENSSL_PATH)/crypto/asn1/charmap.h
++  $(OPENSSL_PATH)/crypto/asn1/standard_methods.h
++  $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
++  $(OPENSSL_PATH)/crypto/evp/evp_locl.h
++  $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
++  $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
++  $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
++  $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
++  $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
++  $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_null.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_posix.h
++  $(OPENSSL_PATH)/crypto/async/arch/async_win.h
++  $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
++  $(OPENSSL_PATH)/crypto/des/des_locl.h
++  $(OPENSSL_PATH)/crypto/des/spr.h
++  $(OPENSSL_PATH)/crypto/siphash/siphash_local.h
++  $(OPENSSL_PATH)/crypto/aes/aes_locl.h
++  $(OPENSSL_PATH)/crypto/async/async_locl.h
++  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
+   $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
+-  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
+   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
+-  $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
++  $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
++  $(OPENSSL_PATH)/crypto/objects/obj_dat.h
++  $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
++  $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ # Autogenerated files list ends here
+   buildinf.h
+   rand_pool_noise.h
+diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
+index e13c0acb4d..4fe54cd808 100755
+--- a/CryptoPkg/Library/OpensslLib/process_files.pl
++++ b/CryptoPkg/Library/OpensslLib/process_files.pl
+@@ -144,6 +144,34 @@ foreach my $product ((@{$unified_info{libraries}},
+     }
+ }
+ 
++
++#
++# Update the perl script to generate the missing header files
++#
++my @dir_list = ();
++for (keys %{$unified_info{dirinfo}}){
++  push @dir_list,$_;
++}
++
++my $dir = getcwd();
++my @files = ();
++my @headers = ();
++chdir ("openssl");
++foreach(@dir_list){
++  @files = glob($_."/*.h");
++  push @headers, @files;
++}
++chdir ($dir);
++
++foreach (@headers){
++  if(/ssl/){
++    push @sslfilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
++    next;
++  }
++  push @cryptofilelist, '  $(OPENSSL_PATH)/' . $_ . "\r\n";
++}
++
++
+ #
+ # Update OpensslLib.inf with autogenerated file list
+ #
+-- 
+2.18.1
+
diff --git a/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch b/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
new file mode 100644
index 0000000..3838c15
--- /dev/null
+++ b/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
@@ -0,0 +1,159 @@
+From bbda3f776bfcdbcb77b82f1f7fd5dafd798d9784 Mon Sep 17 00:00:00 2001
+From: Shenglei Zhang <shenglei.zhang@intel.com>
+Date: Mon, 21 Oct 2019 15:53:42 +0800
+Subject: CryptoPkg: Upgrade OpenSSL to 1.1.1d
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- New patch (cherry-picked from upstream, to be dropped at the next
+  downstream rebase).
+
+- Upstream OpenSSL-1.1.1c contains commit 5fba3afad017 ("Rework DSO API
+  conditions and configuration option", 2019-04-10). This upstream OpenSSL
+  change requires edk2 to #define DSO_NONE explicitly.
+
+- The present patch (which is going to be released in edk2-stable201911)
+  updates "process_files.pl" to generate "dso_conf.h" with the above
+  macro, and captures the result (i.e. the actual definition of the macro)
+  in the git tree.
+
+- This patch is being backported primarily for the DSO_NONE macro (OpenSSL
+  in RHEL-8.2.0 is based on OpenSSL-1.1.1c). The patch could also come in
+  handy in case we have to re-run "process_files.pl" ourselves.
+
+Upgrade openssl from 1.1.1b to 1.1.1d.
+Something needs to be noticed is that, there is a bug existing in the
+released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596),
+which causes build failure. So we switch the code base to a usable
+version, which is 2 commits later than the stable tag.
+Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc.
+This log is to fix the build failure.
+https://bugzilla.tianocore.org/show_bug.cgi?id=2226
+
+Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure
+in OvmfPkg. So update process_files.pl to generate information from
+"crypto/include/internal/dso_conf.h.in".
+
+shm.h and utsname.h are added to avoid GCC build failure.
+
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Cc: Liming Gao <liming.gao@intel.com>
+Signed-off-by: Shenglei Zhang <shenglei.zhang@intel.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Laszlo Ersek <lersek@redhat.com>
+Tested-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 1bcc65b9a1408cf445b7b3f9499b27d9c235db71)
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ CryptoPkg/Library/Include/internal/dso_conf.h | 16 ++++++++++++++++
+ CryptoPkg/Library/Include/sys/shm.h           |  9 +++++++++
+ CryptoPkg/Library/Include/sys/utsname.h       |  9 +++++++++
+ CryptoPkg/Library/OpensslLib/openssl          |  2 +-
+ CryptoPkg/Library/OpensslLib/process_files.pl | 17 +++++++++++++++--
+ 5 files changed, 50 insertions(+), 3 deletions(-)
+ create mode 100644 CryptoPkg/Library/Include/sys/shm.h
+ create mode 100644 CryptoPkg/Library/Include/sys/utsname.h
+
+diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/internal/dso_conf.h
+index e69de29bb2..43c891588b 100644
+--- a/CryptoPkg/Library/Include/internal/dso_conf.h
++++ b/CryptoPkg/Library/Include/internal/dso_conf.h
+@@ -0,0 +1,16 @@
++/* WARNING: do not edit! */
++/* Generated from crypto/include/internal/dso_conf.h.in */
++/*
++ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef HEADER_DSO_CONF_H
++# define HEADER_DSO_CONF_H
++# define DSO_NONE
++# define DSO_EXTENSION ".so"
++#endif
+diff --git a/CryptoPkg/Library/Include/sys/shm.h b/CryptoPkg/Library/Include/sys/shm.h
+new file mode 100644
+index 0000000000..dc0b8e81c8
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/shm.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building the third-party cryptographic library.
++
++Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
++SPDX-License-Identifier: BSD-2-Clause-Patent
++
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/Include/sys/utsname.h b/CryptoPkg/Library/Include/sys/utsname.h
+new file mode 100644
+index 0000000000..dc0b8e81c8
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/utsname.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building the third-party cryptographic library.
++
++Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
++SPDX-License-Identifier: BSD-2-Clause-Patent
++
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
+index 4fe54cd808..bbcfa0d0e7 100755
+--- a/CryptoPkg/Library/OpensslLib/process_files.pl
++++ b/CryptoPkg/Library/OpensslLib/process_files.pl
+@@ -2,7 +2,7 @@
+ #
+ # This script runs the OpenSSL Configure script, then processes the
+ # resulting file list into our local OpensslLib[Crypto].inf and also
+-# takes a copy of opensslconf.h.
++# takes copies of opensslconf.h and dso_conf.h.
+ #
+ # This only needs to be done once by a developer when updating to a
+ # new version of OpenSSL (or changing options, etc.). Normal users
+@@ -106,6 +106,14 @@ BEGIN {
+                 ) == 0 ||
+                     die "Failed to generate opensslconf.h!\n";
+ 
++            # Generate dso_conf.h per config data
++            system(
++                "perl -I. -Mconfigdata util/dofile.pl " .
++                "crypto/include/internal/dso_conf.h.in " .
++                "> include/internal/dso_conf.h"
++                ) == 0 ||
++                    die "Failed to generate dso_conf.h!\n";
++
+             chdir($basedir) ||
+                 die "Cannot change to base directory \"" . $basedir . "\"";
+ 
+@@ -249,12 +257,17 @@ rename( $new_inf_file, $inf_file ) ||
+ print "Done!";
+ 
+ #
+-# Copy opensslconf.h generated from OpenSSL Configuration
++# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
+ #
+ print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
+ copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
+      $OPENSSL_PATH . "/../../Include/openssl/") ||
+    die "Cannot copy opensslconf.h!";
++print "Done!";
++print "\n--> Duplicating dso_conf.h into Include/internal ... ";
++copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
++     $OPENSSL_PATH . "/../../Include/internal/") ||
++   die "Cannot copy dso_conf.h!";
+ print "Done!\n";
+ 
+ print "\nProcessing Files Done!\n";
+-- 
+2.18.1
+
diff --git a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
deleted file mode 100644
index cf06037..0000000
--- a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
+++ /dev/null
@@ -1,602 +0,0 @@
-From 727c11ecd9f34990312e14f239e6238693619849 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 11 Jun 2014 23:33:33 +0200
-Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The
-  OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace
-  obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The
-  ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg:
-  Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14).
-
-  Consequently, because the NetworkPkg iSCSI driver requires OpenSSL
-  unconditionally, as explained in
-  <https://bugzilla.tianocore.org/show_bug.cgi?id=1278#c3>, this patch now
-  builds LogoOpenSSLDxe unconditionally, squashing and updating previous
-  downstream commits
-
-  - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo
-                 (RHEL only)
-  - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove
-  incorrect comments.", 2018-02-28)
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- After picking previous downstream-only commit 32192c62e289, carry new
-  upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing
-  dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to
-  "LogoOpenSSLDxe.inf".
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- For more fun, upstream completely changed the way logo bitmaps are
-  embedded in the firmware binary (see for example commit ab970515d2c6,
-  "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this
-  rebase, we reimplement the previous downstream-only commit e775fb20c999,
-  as described below.
-
-- Beyond the new bitmap file (which we preserve intact from the last
-  downstream branch), we introduce:
-
-  - a new IDF (image description file) referencing the new BMP,
-
-  - a new driver INF file, referencing the new BMP and new IDF (same C
-    source code though),
-
-  - a new UNI (~description) file for the new driver INF file.
-
-- In the OVMF DSC and FDF files, we select the new driver INF for
-  inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they
-  both make use of OpenSSL (although different subsets of it).
-
-- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE,
-  because the ArmVirtQemu platform does not support TLS_ENABLE yet.
-
-- This patch is best displayed with "git show --find-copies-harder".
-
-Notes about the d7c0dfa -> 90bb4c5 rebase:
-
-- squash in the following downstream-only commits (made originally for
-  <https://bugzilla.redhat.com/show_bug.cgi?id=1308678>):
-
-  - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment
-            (RHEL only)
-
-  - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure
-            Boot (RH only)
-
-  The reason is that ideas keep changing when and where to include the
-  Secure Boot feature, so the logo must be controllable directly on the
-  build command line, from the RPM spec file. See the following
-  references:
-
-  - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html
-  - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html
-  - https://bugzilla.redhat.com/show_bug.cgi?id=1323363
-
-- This squashed variant should remain the final version of this patch.
-
-Notes about the c9e5618 -> b9ffeab rebase:
-- AAVMF gained Secure Boot support, therefore the logo is again modified
-  in the common location, and no FDF changes are necessary.
-
-Notes about the 9ece15a -> c9e5618 rebase:
-- Logo.bmp is no longer modified in-place; instead a modified copy is
-  created. That's because AAVMF includes the logo too, but it doesn't
-  include OpenSSL / Secure Boot, so we need the original copy too.
-
-Because we may include the OpenSSL library in our OVMF and AAVMF builds
-now, we should advertise it as required by its license. This patch takes
-the original TianoCore logo, shifts it up by 20 pixels, and adds the
-horizontally centered message
-
-  This product includes software developed by the OpenSSL Project
-  for use in the OpenSSL Toolkit (http://www.openssl.org/)
-
-below.
-
-Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24
-Logo.bmp:         PC bitmap, Windows 3.x format, 193 x 58 x 8
-
-Downstream only because upstream edk2 does not intend to release a
-secure-boot-enabled OVMF build. (However the advertising requirement in
-the OpenSSL license,
-"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed
-nonetheless, which is why I'm changing the logo.)
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b)
-(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
-(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
-(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmVirtPkg/ArmVirtQemu.dsc           |   2 +-
- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |   2 +-
- ArmVirtPkg/ArmVirtQemuKernel.dsc     |   2 +-
- MdeModulePkg/Logo/Logo-OpenSSL.bmp   | Bin 0 -> 156342 bytes
- MdeModulePkg/Logo/Logo-OpenSSL.idf   |  15 +++++++
- MdeModulePkg/Logo/LogoOpenSSLDxe.inf |  61 +++++++++++++++++++++++++++
- MdeModulePkg/Logo/LogoOpenSSLDxe.uni |  22 ++++++++++
- OvmfPkg/OvmfPkgIa32.dsc              |   2 +-
- OvmfPkg/OvmfPkgIa32.fdf              |   2 +-
- OvmfPkg/OvmfPkgIa32X64.dsc           |   2 +-
- OvmfPkg/OvmfPkgIa32X64.fdf           |   2 +-
- OvmfPkg/OvmfPkgX64.dsc               |   2 +-
- OvmfPkg/OvmfPkgX64.fdf               |   2 +-
- 13 files changed, 107 insertions(+), 9 deletions(-)
- create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp
- create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf
- create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index a77d71bcea..f2e5125494 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -347,7 +347,7 @@
-   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-   MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
-   MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
--  MdeModulePkg/Logo/LogoDxe.inf
-+  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-   MdeModulePkg/Application/UiApp/UiApp.inf {
-     <LibraryClasses>
-       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
-diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-index 098d40b61b..ab799ca67f 100644
---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-@@ -203,7 +203,7 @@ READ_LOCK_STATUS   = TRUE
-   #
-   # TianoCore logo (splash screen)
-   #
--  INF MdeModulePkg/Logo/LogoDxe.inf
-+  INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
-   #
-   # Ramdisk support
-diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 1e5388ae70..d2b3f24394 100644
---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
-+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -331,7 +331,7 @@
-   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-   MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
-   MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
--  MdeModulePkg/Logo/LogoDxe.inf
-+  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-   MdeModulePkg/Application/UiApp/UiApp.inf {
-     <LibraryClasses>
-       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
-diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp
-new file mode 100644
-index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29
-GIT binary patch
-literal 156342
-zcmeI5d(>~$xW~&aw_M64<QfWz7#dP?t3($>NYZ7LkVerMIgB$pYT%5)88Oa?KguvP
-zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY
-zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l
-zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12
-zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo*
-z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t
-z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw
-z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8
-zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&n<tedLa%?xslom<X-FfGo
-z|N7Uz;zQR$QEQ9?GD3Gi=7I|@pfCK+KmYs#4?Hjq5uDk6`|VNq*T4RC_0?DJzyJQK
-zsC})Wq6;y((@r~m>s#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a?
-zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE
-z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb
-zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK
-zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI
-zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W)
-ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN
-z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5&
-z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc
-z(W5B_Snb5D<<krM8Rdr0QJ*T%G?&$9Kl|Aaedt5q{N^`bbkRjt=pxTd#b-YA8EUQl
-zKchfbq0T+_*u#B>LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2`
-zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC
-z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr
-zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O
-ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_<AJw{W#8P-F
-zCZ+ter#+36>Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm
-zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y
-z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn<x8h_IHKi^H{SS?OD<7Pl&u5c1iZic)vw55
-zPYCS8DxE<E)W+zbHi&JlM^g+iInTa(VydW{U!X0uhR=omt+(FFeX!eo+~Xc+g)Z`x
-zdj8N=)=t4F&^=~kG;gb}a*}(FCaQITC`z4#i;q6~=*up<jJqdTY_rWab6qT>7Jr_#
-zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT
-zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL
-z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7
-zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9
-zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO
-zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44<v6$8atncWoEpM%TfyD5
-zOKl<QH-<r@2>UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ
-zZ)HZA9HQN?fBowS=bd-nQAZucL<BNN<e-BNlK!B=7$Y*peh}MQkER%4wG*?Jk9!5$
-za=YO(`jIg>9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT
-zMP`<n_i+x3u2}-%qy?KI2ieQE8H)@%t3@GJQLXK^+fEA9!X?Qg9Y7gIU_L>$;+{w6
-zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts
-zL;~R<E6L(oPAf#^!mHl--`*n_trZ3-svVA^Ip*035tJEaa=!3|FC2E*VF<?^cN{an
-zpZw$}k$H$uzVrtb#u$+)_Ji2gdNjoVtDTs&eB3M0mfH=V(T|M5>A-VBcb3QU(O`l6
-zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e
-zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3<H!}
-zOgDezBOgJQ@<<0zX6g9rU;p~pgk<J_zx&<qN?y8jDNh()@{*U}8|xq9T7^bKwH~n|
-zXWMPJ?Y8KgL4^VYSF8z9zcvi0+bE*cMlA5;4GMOE>HMf%xC9#(>mO=IFj^}NHV#Lj
-z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt
-zeC{#^7{V<qOo9rSOuO{bOX-pOULeo<hfja{(=J^*1?~;O)IW6+y5!tu#Iq31@hO~3
-zI7SRYrl&O{C>ZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb
-zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y
-z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A
-zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH
-z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q
-z#U5^JZ4<b$t--qHc9p*$iO#Qj2f3KD%!onr@|V9{>wkHy#0}}mC!ZV}nnU^RZ+|=Y
-zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg|
-zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz
-z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~<Y{if>z)>P3#
-z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+<gohY|!t!t&VqcB%E2zeG7{rS&-E|$&A
-zRTB%*&a<BNEN1AqDOiZk)nlLW-p=>98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3
-z<ZvD3hF6+V9#ePS(OC^gfeB*%0MAbg)*WoKr-?u!kO(9Ki9jNd2qXfDKq8O`Bm#**
-zB9I8o3j*^!p))T|r_psDfqQG*va*mB>-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq
-zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1
-zxc%S<KgjCC1qR8yFA-U2{Vn`qvGClFie8IFrjr)%tnm{2=r>hrZ`6<0RHgQodrAoh
-zSgFbiHWu-)l-PgPQu`<dRrqrq-s8s$rTEic{^Z79@#o0g;&op=SNPLN_FA@n!=*+?
-zDB|xddq34N2I_`R4OKfVWC~c?-(29YpLt&li<Eg&*GVUx#G5Nv*-lcX3d@bIN#Fb0
-zQEpq{?RT^o-vc0nH9Vtx4RC7Xw(U%#3-Zc;X2wY7mi8}y`3rA*P?7iitvoODi?70Q
-zk%V}#Vs|Jlk~I(tgDi;yipIBBWO)iq3V&j<{dE;uY%5@@`z!i|LXlG>y9%`-LB*)t
-z0JfJO;vrk<L$v7JBGX9=Xf|GAZ#xK$H|j@gXg1z*&)??qN4GEne;CG_Rv;<Nsuk96
-z_I?zDn>hX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgB<FFE9q`noa{%J1h_i
-zSlZuQ;BSZcQxUM`opT8MStqY4@S8si%Z;u@{HFs43mj<vnAm^aAe)Uw?Op?%#<*=*
-zZge5`RIgdkcTBiiGoIu7gV5yN6#O|1L=bC5IUX!`M+!07a5Y*(9{lzSI@4hi{lSQn
-zgI`w}RIsU{FEKf&Qz$fsM0CCZY>gk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD
-zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Q<b
-zsMA2z4y$63Y=3is8xgLBZjr+pt4A4~kzJb(99~t!i$vfrZfN2kST-89du?!P<F;YB
-z(FJ3LfCF)Qm&l!0GDZd7tn~i(zn}Ni#LOtW3$j)#YPcG!jQRG88kz!==xX$q36^+L
-z%bz*_{7TV!?6u@Vp)n+)^9^7J`C-C`qWNB*tYaaX=)S~0mQp3Yku!d>p|I9?%YE^}
-zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc
-z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$
-zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG
-zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ
-z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY
-zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf
-z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;<eqg*5#u10HPzP%#L
-zQ()3?FZ#e_HxmwX{`r-n_1L21LZLAvgn()_faOs3GEdRa-JbO3k~#P-fW}Mg?>4>S
-zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl>
-z7^rJH4OAO`j``+-dZ#@M60IS}<JIU|G%^J^y!n^Qxjym7CvR!UZ{lw>YFFFf)W&VY
-za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R)
-zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y
-zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp
-zKFQt>Vbm<Ux`o0el8ugF)~`ZFGk&UL4AeE92C5A|$9!|axFPVI(;w*|iRE~_8eNM<
-zrT~ZUZ!%$LBfO}dN6$(&8g<9p;MB%#!*Zhwb`k*x;#3L49-C4iKYl>=t6%*pub_){
-zCA$l<)_b;6)NnQ0<R*s6gqR~aetU%+8l3_YYW1E+jF8pv`IQJ1UEuzkm!JLHil6$3
-zLL94&At3}*s{t%Uz06a1B0K&3O9+jX?$;cmiN;Ip?>4>SzuFu1i70ta6~A`DdXC=j
-zVqk`4D7>weC&k1#JZWL!jy<uUMxErF8jNEmD0xQD`W_yP*emNer>LuB?XwXz%QkDF
-zYqrr5PP5vlI>ta<(`lgE@N@8+3#<j?Z?p*F7|=WcW9@+^Vd--B$Tqqrh_s&q9InuO
-zW86ldW8TECWTR1cya7&a++w_8xzPnXiGXpYZWzgo=PkF~lEpbpo=D*v-}naPU}ath
-z`n9ip%}ERH0y(v_m7<2LHia<e+bgI|he_=`8vMG-ph5&8b|=ccI>4^wr`@sI7!sJZ
-zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6
-zsm0{}`|r=14;<iOB^)7z_z461*{#cMAoJ+84`K9LcGDKRX342_gd$=$o^&x@i%)fo
-zfx4m7MYa1;k_gL~?<w$<@03$cA?9VM@TCT(EHw#0FM5w`t!skF`&og*3*%t~F0rnT
-z%*32u>04_w9-uBbSZj=1wN<lBX`>7F69<S`8Ogv7dVc3J@g`)t#THvwlN$?i$afAx
-zJXj=aXRE3-T(wQ^$8m-+?;He<BY}?J(>NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+
-zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV
-zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B
-zp7K{7GJLB2)HbE_<iuQ=T@??f{)9o>`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE
-z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K%
-zc<qSR@(0Y#L-BlgvWhmRt3F+=IYD%Rf0Tqi&J#HEWVZL9^tRQT*;{=~=G<Bv)8aa-
-zlTfd-hdw)=2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q
-z0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**
-zB9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`
-zBm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(P$0lJ{_>XytO^3f
-zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW
-zvK_w54ib*s{pCdx<x~Ir<7gg#)M1ScwTsR@`}C7e)OOZs|6@4{OP4Oa_R1?RyYPbc
-zhT5$+--ssL_19djJ;F`bU&mfKWG-E@<gUew?^tx3wma{*BMKyygEe<Kg*icB>`+U+
-zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK
-zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_ga<bby^J7Q&qT
-ziV>B`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g
-zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5<Ha3eBxHw&!B4z<)v
-z1QLM)0iT5MDWR^&*Mw_9`6v_rt|I?JzT#r&a#s9HMa_-C-Eb}>vhUWL{rld#LnSaW
-zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgM<J9r<8$mhZ!wxSe=iM!dP
-zzkCI2L+;e2U4coXRAG-AITXSB)TL3G;*tQ2m?D!L>ChaRR3Q`NWYVa52T-<54&6jk
-z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi<G
-zWFn9Vj77jF60B<e?S{bSU(U&q{LA^w#`!Fv*kech3sXP=jSV&Ui*ud{5GV=#y*A$j
-zvyce<i&^&Mvqy)y5fs=%A~XR{5f?98wv-~c+nt4X=mq2}@}lGDV-}V{P2@#gQ830K
-zBkEFwpR`C37D!^5e5jDtMSLW2OzyEKiCOqmb;+SojL;%7MOelZT~i0i#4&Q%C{<sO
-zvBQtLY`Dt)1AFdl9jaiHq|Cza)Wsk=>}i57aDByd`it`*14L?zOuC7O<Up?iP>`Zb
-zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6
-zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=|
-zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQ<UNc
-zq=^DVi8ELrX`aOnKQTK3U7)Af!E<nsaazP}?9h<%k<Gs}ho2N-AG0)s9rUS=Sv*96
-z_!m<&jbpGj)#WgIoYW<RDl@KxUooOGnFu5TV-fIq#CawDHQN>fr!>mb@vk@wzKEOR
-zUl^giiGN`YjEEEA6vzVN5F<bqVl?a^Ll%l0QNY`odEuoq@h?SKfKwE5sxH(+5nY2{
-zsD*v<v4DLjTlypc2QFrh49#JLQZ$7gyoPZ~$su3Ni)9?ZAjWY_b@7wdQAUl6oOEaf
-zfgE&@+2fLZkg^&=4GWSXN@RS-INqwFWa_FG{*aFwvPP*Kzz$u2<*BFxs_wHVM_92(
-z2Ytwz9^sxaVb3K^K4?F7sHI*akO&kA_(bBgcjW8%*TU5E51hc-AOg!0X2rkI1QZON
-z5veIE#2{P%(ZCK+344-o4Q$9B>LCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6
-zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc<P_9y!4YSy!AzGmqSi?Ouu_F?MQZXVQs7^1?
-zN6mbPH8o0qb+telC(*%4O7RD5vB{o%TBIQupGHN^7^JRyhcznV8_KB3Np2~~CkKD%
-z8p`T5nV97wjVTWsgknTxG7(4w#v<SoiF3^J4@KnbB+6n65lU^38YeuO;#u}Ob+uO}
-zrL*E+g=R1UG$8_os-P0`B|uVe4L9c8M6*YRJ0v^)g{QCpPsth%u%V2@=z{<P_MslA
-z8G}?OhaW*Stb_oYlSwTlR}?O%A?O&ogbnE(eTM<9jDRu~RhMM3en3gwpcNTJUtv3$
-zw53e;Vq5k!M?=a-hiPbx$j*#)o(e9TnWGSK!@{_PGG=3sP(Y0z_^3Pbb0#ZPpHaA{
-zzu*RdGYa81cBrLZB9I6a2>3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox
-z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`<Kx(5PUL1d36lzLD0@c(#-S!%H%
-zU>V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@
-z;@R>q?8C{=X3m9KyurT&nC9F<fP!Zt$|Xw*&UN=wm>PkxLoM|ZfkdD{z-Jwk38Gqf
-zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZs<UH63%W?JlP<
-zCkPZHDwByoA}|(#IXMHTH!?F*IkZi0J!`HG1jY`v)Jp^sfdT=apgiX0!48uK+ALcj
-zA7!FcG}(x7wMX!#9Mp(UiE6tWu_~F`6WF@-6xLh>iV>B`L?96ui-1pi)&}t0pQmuO
-zjkyJsVOUM<GMP{aPNG(uQqU7BO*JrM;MP-Ea}gLj)KV`INCXN5eA>gmwe@7qN10I9
-zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q
-z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{
-zrxeR<HJ#WhYSF8<OT~!FWFn9Vj77j_9rFxCzNXr)5Ff0Wd3yzHPQkx~%q;BHCK9)A
-zQGn}t5{MdWV43A`5d=ytLU>A9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH
-zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$
-zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW)
-z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw
-z3l@f;rKYP((H5Gr$(|rLmcp<mdN*WceBjS9dShygKx7c5d9x5qeCYIYCG^^;jy34A
-z;7VB4trSJ>6r6t4$t%^Y9|aV;zhXpXG7(4w#v<U;Y0l%{IMwSp2Md%I^AE(oS^x)&
-zwfPq{Ht5g%E27k2izosmhpPf4NTz7fi|S}dy@r3`Ww9rJBxWcq*ep6R{-qbRE;lH`
-z2v;wBhQ!sJ_Sh`?h-Iiy3~Qc6fKRnKQ>;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_
-z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C
-zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk
-zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y
-zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA
-zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr=
-zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W
-z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK<i8w#Q2)WYbaoUR{YBqMYY&_
-z{sGQaTM#;z83Pyv*j#-<$HWcsnd6{B!qvtvM#?B_A~;&;Wl0Q5M^x*%f*9U*`8UpK
-zK;OMT)>>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_
-zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO
-z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPT<Xx3#lMaCx0rvJ
-zZTvfO{=qRROzP)v^a7gm!!+@u_b@UX%GMkIN^NldLGdq>zaT>uOf~q|a}+cx{*6-y
-z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB
-zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<<Tq+<(2pX33R^wk3;8R^)jD`d{
-zsOl&<)EyuHs;>AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9
-zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^
-zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095
-zOig9PT5<lDYXhyY;js1yY?1nHRz@ZVRHhPvL|`-mJ`b5LAhvC9DC@;KB0KgL#C=NY
-ztH8EAQWzQkcGo{(ABKfk;X8<uj&xfjD5eO7?)o$FGDSF0RP>`Z>N@_#zD%)aez~YZ
-z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{
-z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r
-zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^
-zg<d)aMb=iH4Z;=UP{pbyQ<{k68(BWqf<q~SL)l<esF@#iBeSCqmFow~6Yx6jritP=
-zIiNC?2qXfd5%9SLahPzS+PG<L1ACOAHi)vlnfq*fjDTgx4pM`*@T67+$HcRcBeZKZ
-zswiJZ{4NW)QZy>damB9JKZs<hjwS?6U22J5DI!1CqD8uoCi$`nJFB_K%aq1m#K&U2
-zp{qO67NAAg(`<+U3zGvann1}cnuzlcu`V(di-&tsz$`^<zHD^O%GJ?hEfo`iL|_sD
-zpY8DvD<b(u8RhxoU&X(o!pL0qP=a_?+!y(m*;^(VM3>s5qfIuEVafQ{8IFHZ(DOQ1
-zL2xbpxXzOgb_Q=@TibU<H4QI=o0TO*-c;0CC=^M8Py$ah2~Hi2qC@N)X9Eg86{Qwa
-z6XsudInuQ1dOiWQZmI1n+%B9XIXR#*l?WsPqY?1wr1)2%Zsgo3qYUM>gI`Lgj(=e>
-zMU)Nx<vO9YaXjPljlX-r<pCB}%u85Gl**>~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo
-zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh
-z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{<Xtx0jlLuAq36V
-zUD(j5%f*8#)Gf$*unM)>RlEdP#0v4%e#ImMtXlgq`3qxe(=<X&v&d&Ygj$U%Qb4Ch
-zyEZsEpfZ&RBm$!m@L5#M|MmvLD9=g!OGL>XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE
-zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr
-zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?D<v+=r8c!<bcXlB9I7-
-zM!@H`<KN!M7si~!`3J&VJ>c?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7>
-zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a
-z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q
-zf7)`qfCKTHn1c<ucMDcvF&WReh=>Vw*|W7Di!H#8j2>&Lm<S{SlL+{H9vT16-}+yB
-zlERvWz~q3+R3eZFj7GqxI<X{ws@vXB9;s%tDXjGfj2>&Lm<S{SlL(j{SPiDtvf8t>
-z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K
-zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@
-z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33W<Ob
-zm>f`<N(2&t(Fph~>WzQnL<F*xQ%D4i!054-iitoXFo}TAq9XoPvdFY@3W<Obm>f`<
-zN(2&t(Fph~a{Oz~wUF}<Mk$3Z0;9)TDkcJnz$5}bog&*t+2l*6l~YIrjKJi8%2Xnd
-z2#iL+XOZJy6K+?qateun5g0wzQZW%o1SS#iS(Go<F%&7x3W3Q1m8nD^5g3iYtj@Gl
-zP6WCLj2>&Lm<S{SlL&NAr_4zNW`)4yfXY-NkO+)MU{+^ZDklP61V)dwRJ=D3_<z$H
-BLUI5A
-
-literal 0
-HcmV?d00001
-
-diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf
-new file mode 100644
-index 0000000000..a80de29a63
---- /dev/null
-+++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf
-@@ -0,0 +1,15 @@
-+// /** @file
-+// Platform Logo image definition file.
-+//
-+// Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
-+//
-+// This program and the accompanying materials
-+// are licensed and made available under the terms and conditions of the BSD License
-+// which accompanies this distribution. The full text of the license may be found at
-+// http://opensource.org/licenses/bsd-license.php
-+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+//
-+// **/
-+
-+#image IMG_LOGO Logo-OpenSSL.bmp
-diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-new file mode 100644
-index 0000000000..2f79d873e2
---- /dev/null
-+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-@@ -0,0 +1,61 @@
-+## @file
-+#  The default logo bitmap picture shown on setup screen.
-+#
-+#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
-+#
-+#  This program and the accompanying materials
-+#  are licensed and made available under the terms and conditions of the BSD License
-+#  which accompanies this distribution. The full text of the license may be found at
-+#  http://opensource.org/licenses/bsd-license.php
-+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+#
-+#
-+##
-+
-+[Defines]
-+  INF_VERSION                    = 0x00010005
-+  BASE_NAME                      = LogoOpenSSLDxe
-+  MODULE_UNI_FILE                = LogoOpenSSLDxe.uni
-+  FILE_GUID                      = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF
-+  MODULE_TYPE                    = DXE_DRIVER
-+  VERSION_STRING                 = 1.0
-+
-+  ENTRY_POINT                    = InitializeLogo
-+#
-+#  This flag specifies whether HII resource section is generated into PE image.
-+#
-+  UEFI_HII_RESOURCE_SECTION      = TRUE
-+
-+#
-+# The following information is for reference only and not required by the build tools.
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64
-+#
-+
-+[Sources]
-+  Logo-OpenSSL.bmp
-+  Logo.c
-+  Logo-OpenSSL.idf
-+
-+[Packages]
-+  MdeModulePkg/MdeModulePkg.dec
-+  MdePkg/MdePkg.dec
-+
-+[LibraryClasses]
-+  UefiBootServicesTableLib
-+  UefiDriverEntryPoint
-+  DebugLib
-+
-+[Protocols]
-+  gEfiHiiDatabaseProtocolGuid        ## CONSUMES
-+  gEfiHiiImageExProtocolGuid         ## CONSUMES
-+  gEfiHiiPackageListProtocolGuid     ## PRODUCES CONSUMES
-+  gEdkiiPlatformLogoProtocolGuid     ## PRODUCES
-+
-+[Depex]
-+  gEfiHiiDatabaseProtocolGuid AND
-+  gEfiHiiImageExProtocolGuid
-+
-+[UserExtensions.TianoCore."ExtraFiles"]
-+  LogoDxeExtra.uni
-diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
-new file mode 100644
-index 0000000000..7227ac3910
---- /dev/null
-+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
-@@ -0,0 +1,22 @@
-+// /** @file
-+// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen.
-+//
-+// This module provides the logo bitmap picture (with OpenSSL advertisment)
-+// shown on setup screen, through EDKII Platform Logo protocol.
-+//
-+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
-+//
-+// This program and the accompanying materials
-+// are licensed and made available under the terms and conditions of the BSD License
-+// which accompanies this distribution. The full text of the license may be found at
-+// http://opensource.org/licenses/bsd-license.php
-+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+//
-+// **/
-+
-+
-+#string STR_MODULE_ABSTRACT             #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen."
-+
-+#string STR_MODULE_DESCRIPTION          #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
-+
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 5b885590b2..249b1d8dc0 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -693,7 +693,7 @@
-       NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
- !endif
-   }
--  MdeModulePkg/Logo/LogoDxe.inf
-+  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-   MdeModulePkg/Application/UiApp/UiApp.inf {
-     <LibraryClasses>
-       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index 4999403ad7..be3d3b4d14 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -293,7 +293,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
- 
--INF MdeModulePkg/Logo/LogoDxe.inf
-+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
- #
- # Network modules
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index bbf0853ee6..5ec186df4b 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -702,7 +702,7 @@
-       NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
- !endif
-   }
--  MdeModulePkg/Logo/LogoDxe.inf
-+  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-   MdeModulePkg/Application/UiApp/UiApp.inf {
-     <LibraryClasses>
-       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index d0cc107928..b56160b3bf 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -294,7 +294,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
- 
--INF MdeModulePkg/Logo/LogoDxe.inf
-+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
- #
- # Network modules
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index d81460f520..29538ade4d 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -700,7 +700,7 @@
-       NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf
- !endif
-   }
--  MdeModulePkg/Logo/LogoDxe.inf
-+  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
-   MdeModulePkg/Application/UiApp/UiApp.inf {
-     <LibraryClasses>
-       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index d0cc107928..b56160b3bf 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -294,7 +294,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
- 
--INF MdeModulePkg/Logo/LogoDxe.inf
-+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
- #
- # Network modules
--- 
-2.18.1
-
diff --git a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
deleted file mode 100644
index d046525..0000000
--- a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From a1260c9122c95bcbef1efc5eebe11902767813c2 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 20 Feb 2014 22:54:45 +0100
-Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no changes
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Upstream prefers short debug messages (sometimes even limited to 80
-characters), but any line length under 512 characters is just unsuitable
-for effective debugging. (For example, config strings in HII routing,
-logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
-level, can be several hundred characters long.) 512 is an empirically good
-value.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
-(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
-(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
-(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
-(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-index 36cde54976..c0c4eaee0f 100644
---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
-@@ -27,7 +27,7 @@
- //
- // Define the maximum debug and assert message length that this library supports
- //
--#define MAX_DEBUG_MESSAGE_LENGTH  0x100
-+#define MAX_DEBUG_MESSAGE_LENGTH  0x200
- 
- /**
-   Prints a debug message to the debug output device if the specified error level is enabled.
--- 
-2.18.1
-
diff --git a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
deleted file mode 100644
index 56de229..0000000
--- a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
+++ /dev/null
@@ -1,569 +0,0 @@
-From bd264265a99c60f45cadaa4109a9db59ae218471 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Thu, 12 Jun 2014 00:17:59 +0200
-Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no changes
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- update commit message as requested in
-  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-The Int10h VBE Shim is capable of emitting short debug messages when the
-win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
-version is preferred; for us debug messages are important as a default.
-
-For this patch, the DEBUG macro is enabled in the assembly file, and then
-the header file is regenerated from the assembly, by running
-"OvmfPkg/QemuVideoDxe/VbeShim.sh".
-
-"VbeShim.h" is not auto-generated; it is manually generated. The patch
-does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the
-manually re-generated) "VbeShim.h" atomically. Doing so helps with local
-downstream builds, with bisection, and also keeps redhat/README a bit
-simpler.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
-(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
-(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
-(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
-(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/QemuVideoDxe/VbeShim.asm |   2 +-
- OvmfPkg/QemuVideoDxe/VbeShim.h   | 481 ++++++++++++++++++++-----------
- 2 files changed, 308 insertions(+), 175 deletions(-)
-
-diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
-index 18fa9209d4..f87ed5cf30 100644
---- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
-+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
-@@ -18,7 +18,7 @@
- ;------------------------------------------------------------------------------
- 
- ; enable this macro for debug messages
--;%define DEBUG
-+%define DEBUG
- 
- %macro DebugLog 1
- %ifdef DEBUG
-diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h
-index cc9b6e14cd..325d6478a1 100644
---- a/OvmfPkg/QemuVideoDxe/VbeShim.h
-+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h
-@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = {
-   /* 000001FE nop                            */  0x90,
-   /* 000001FF nop                            */  0x90,
-   /* 00000200 cmp ax,0x4f00                  */  0x3D, 0x00, 0x4F,
--  /* 00000203 jz 0x22d                       */  0x74, 0x28,
-+  /* 00000203 jz 0x235                       */  0x74, 0x30,
-   /* 00000205 cmp ax,0x4f01                  */  0x3D, 0x01, 0x4F,
--  /* 00000208 jz 0x245                       */  0x74, 0x3B,
-+  /* 00000208 jz 0x255                       */  0x74, 0x4B,
-   /* 0000020A cmp ax,0x4f02                  */  0x3D, 0x02, 0x4F,
--  /* 0000020D jz 0x269                       */  0x74, 0x5A,
-+  /* 0000020D jz 0x289                       */  0x74, 0x7A,
-   /* 0000020F cmp ax,0x4f03                  */  0x3D, 0x03, 0x4F,
--  /* 00000212 jz word 0x331                  */  0x0F, 0x84, 0x1B, 0x01,
-+  /* 00000212 jz word 0x361                  */  0x0F, 0x84, 0x4B, 0x01,
-   /* 00000216 cmp ax,0x4f10                  */  0x3D, 0x10, 0x4F,
--  /* 00000219 jz word 0x336                  */  0x0F, 0x84, 0x19, 0x01,
-+  /* 00000219 jz word 0x36e                  */  0x0F, 0x84, 0x51, 0x01,
-   /* 0000021D cmp ax,0x4f15                  */  0x3D, 0x15, 0x4F,
--  /* 00000220 jz word 0x338                  */  0x0F, 0x84, 0x14, 0x01,
-+  /* 00000220 jz word 0x378                  */  0x0F, 0x84, 0x54, 0x01,
-   /* 00000224 cmp ah,0x0                     */  0x80, 0xFC, 0x00,
--  /* 00000227 jz word 0x33a                  */  0x0F, 0x84, 0x0F, 0x01,
--  /* 0000022B jmp short 0x22b                */  0xEB, 0xFE,
--  /* 0000022D push es                        */  0x06,
--  /* 0000022E push di                        */  0x57,
--  /* 0000022F push ds                        */  0x1E,
--  /* 00000230 push si                        */  0x56,
--  /* 00000231 push cx                        */  0x51,
--  /* 00000232 push cs                        */  0x0E,
--  /* 00000233 pop ds                         */  0x1F,
--  /* 00000234 mov si,0x0                     */  0xBE, 0x00, 0x00,
--  /* 00000237 mov cx,0x100                   */  0xB9, 0x00, 0x01,
--  /* 0000023A cld                            */  0xFC,
--  /* 0000023B rep movsb                      */  0xF3, 0xA4,
--  /* 0000023D pop cx                         */  0x59,
--  /* 0000023E pop si                         */  0x5E,
--  /* 0000023F pop ds                         */  0x1F,
--  /* 00000240 pop di                         */  0x5F,
--  /* 00000241 pop es                         */  0x07,
--  /* 00000242 jmp word 0x34c                 */  0xE9, 0x07, 0x01,
--  /* 00000245 push es                        */  0x06,
--  /* 00000246 push di                        */  0x57,
--  /* 00000247 push ds                        */  0x1E,
--  /* 00000248 push si                        */  0x56,
--  /* 00000249 push cx                        */  0x51,
--  /* 0000024A and cx,0xbfff                  */  0x81, 0xE1, 0xFF, 0xBF,
--  /* 0000024E cmp cx,0xf1                    */  0x81, 0xF9, 0xF1, 0x00,
--  /* 00000252 jz 0x256                       */  0x74, 0x02,
--  /* 00000254 jmp short 0x22b                */  0xEB, 0xD5,
--  /* 00000256 push cs                        */  0x0E,
--  /* 00000257 pop ds                         */  0x1F,
--  /* 00000258 mov si,0x100                   */  0xBE, 0x00, 0x01,
--  /* 0000025B mov cx,0x100                   */  0xB9, 0x00, 0x01,
--  /* 0000025E cld                            */  0xFC,
--  /* 0000025F rep movsb                      */  0xF3, 0xA4,
--  /* 00000261 pop cx                         */  0x59,
--  /* 00000262 pop si                         */  0x5E,
--  /* 00000263 pop ds                         */  0x1F,
--  /* 00000264 pop di                         */  0x5F,
--  /* 00000265 pop es                         */  0x07,
--  /* 00000266 jmp word 0x34c                 */  0xE9, 0xE3, 0x00,
--  /* 00000269 push dx                        */  0x52,
--  /* 0000026A push ax                        */  0x50,
--  /* 0000026B cmp bx,0x40f1                  */  0x81, 0xFB, 0xF1, 0x40,
--  /* 0000026F jz 0x273                       */  0x74, 0x02,
--  /* 00000271 jmp short 0x22b                */  0xEB, 0xB8,
--  /* 00000273 mov dx,0x3c0                   */  0xBA, 0xC0, 0x03,
--  /* 00000276 mov al,0x20                    */  0xB0, 0x20,
--  /* 00000278 out dx,al                      */  0xEE,
--  /* 00000279 push dx                        */  0x52,
--  /* 0000027A push ax                        */  0x50,
--  /* 0000027B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 0000027E mov ax,0x4                     */  0xB8, 0x04, 0x00,
--  /* 00000281 out dx,ax                      */  0xEF,
--  /* 00000282 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 00000285 mov ax,0x0                     */  0xB8, 0x00, 0x00,
--  /* 00000288 out dx,ax                      */  0xEF,
--  /* 00000289 pop ax                         */  0x58,
--  /* 0000028A pop dx                         */  0x5A,
--  /* 0000028B push dx                        */  0x52,
--  /* 0000028C push ax                        */  0x50,
--  /* 0000028D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 00000290 mov ax,0x5                     */  0xB8, 0x05, 0x00,
--  /* 00000293 out dx,ax                      */  0xEF,
--  /* 00000294 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 00000297 mov ax,0x0                     */  0xB8, 0x00, 0x00,
--  /* 0000029A out dx,ax                      */  0xEF,
--  /* 0000029B pop ax                         */  0x58,
--  /* 0000029C pop dx                         */  0x5A,
--  /* 0000029D push dx                        */  0x52,
--  /* 0000029E push ax                        */  0x50,
--  /* 0000029F mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002A2 mov ax,0x8                     */  0xB8, 0x08, 0x00,
--  /* 000002A5 out dx,ax                      */  0xEF,
--  /* 000002A6 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 000002A9 mov ax,0x0                     */  0xB8, 0x00, 0x00,
--  /* 000002AC out dx,ax                      */  0xEF,
--  /* 000002AD pop ax                         */  0x58,
--  /* 000002AE pop dx                         */  0x5A,
--  /* 000002AF push dx                        */  0x52,
--  /* 000002B0 push ax                        */  0x50,
--  /* 000002B1 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002B4 mov ax,0x9                     */  0xB8, 0x09, 0x00,
--  /* 000002B7 out dx,ax                      */  0xEF,
--  /* 000002B8 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 000002BB mov ax,0x0                     */  0xB8, 0x00, 0x00,
--  /* 000002BE out dx,ax                      */  0xEF,
--  /* 000002BF pop ax                         */  0x58,
--  /* 000002C0 pop dx                         */  0x5A,
--  /* 000002C1 push dx                        */  0x52,
--  /* 000002C2 push ax                        */  0x50,
--  /* 000002C3 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002C6 mov ax,0x3                     */  0xB8, 0x03, 0x00,
--  /* 000002C9 out dx,ax                      */  0xEF,
--  /* 000002CA mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 000002CD mov ax,0x20                    */  0xB8, 0x20, 0x00,
--  /* 000002D0 out dx,ax                      */  0xEF,
--  /* 000002D1 pop ax                         */  0x58,
--  /* 000002D2 pop dx                         */  0x5A,
--  /* 000002D3 push dx                        */  0x52,
--  /* 000002D4 push ax                        */  0x50,
--  /* 000002D5 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002D8 mov ax,0x1                     */  0xB8, 0x01, 0x00,
--  /* 000002DB out dx,ax                      */  0xEF,
--  /* 000002DC mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 000002DF mov ax,0x400                   */  0xB8, 0x00, 0x04,
--  /* 000002E2 out dx,ax                      */  0xEF,
--  /* 000002E3 pop ax                         */  0x58,
--  /* 000002E4 pop dx                         */  0x5A,
--  /* 000002E5 push dx                        */  0x52,
--  /* 000002E6 push ax                        */  0x50,
--  /* 000002E7 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002EA mov ax,0x6                     */  0xB8, 0x06, 0x00,
--  /* 000002ED out dx,ax                      */  0xEF,
--  /* 000002EE mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 000002F1 mov ax,0x400                   */  0xB8, 0x00, 0x04,
--  /* 000002F4 out dx,ax                      */  0xEF,
--  /* 000002F5 pop ax                         */  0x58,
--  /* 000002F6 pop dx                         */  0x5A,
--  /* 000002F7 push dx                        */  0x52,
--  /* 000002F8 push ax                        */  0x50,
--  /* 000002F9 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 000002FC mov ax,0x2                     */  0xB8, 0x02, 0x00,
--  /* 000002FF out dx,ax                      */  0xEF,
--  /* 00000300 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 00000303 mov ax,0x300                   */  0xB8, 0x00, 0x03,
--  /* 00000306 out dx,ax                      */  0xEF,
--  /* 00000307 pop ax                         */  0x58,
--  /* 00000308 pop dx                         */  0x5A,
--  /* 00000309 push dx                        */  0x52,
--  /* 0000030A push ax                        */  0x50,
--  /* 0000030B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 0000030E mov ax,0x7                     */  0xB8, 0x07, 0x00,
--  /* 00000311 out dx,ax                      */  0xEF,
--  /* 00000312 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 00000315 mov ax,0x300                   */  0xB8, 0x00, 0x03,
--  /* 00000318 out dx,ax                      */  0xEF,
--  /* 00000319 pop ax                         */  0x58,
--  /* 0000031A pop dx                         */  0x5A,
--  /* 0000031B push dx                        */  0x52,
--  /* 0000031C push ax                        */  0x50,
--  /* 0000031D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
--  /* 00000320 mov ax,0x4                     */  0xB8, 0x04, 0x00,
--  /* 00000323 out dx,ax                      */  0xEF,
--  /* 00000324 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
--  /* 00000327 mov ax,0x41                    */  0xB8, 0x41, 0x00,
--  /* 0000032A out dx,ax                      */  0xEF,
--  /* 0000032B pop ax                         */  0x58,
--  /* 0000032C pop dx                         */  0x5A,
--  /* 0000032D pop ax                         */  0x58,
--  /* 0000032E pop dx                         */  0x5A,
--  /* 0000032F jmp short 0x34c                */  0xEB, 0x1B,
--  /* 00000331 mov bx,0x40f1                  */  0xBB, 0xF1, 0x40,
--  /* 00000334 jmp short 0x34c                */  0xEB, 0x16,
--  /* 00000336 jmp short 0x350                */  0xEB, 0x18,
--  /* 00000338 jmp short 0x350                */  0xEB, 0x16,
--  /* 0000033A cmp al,0x3                     */  0x3C, 0x03,
--  /* 0000033C jz 0x345                       */  0x74, 0x07,
--  /* 0000033E cmp al,0x12                    */  0x3C, 0x12,
--  /* 00000340 jz 0x349                       */  0x74, 0x07,
--  /* 00000342 jmp word 0x22b                 */  0xE9, 0xE6, 0xFE,
--  /* 00000345 mov al,0x30                    */  0xB0, 0x30,
--  /* 00000347 jmp short 0x34b                */  0xEB, 0x02,
--  /* 00000349 mov al,0x20                    */  0xB0, 0x20,
--  /* 0000034B iretw                          */  0xCF,
--  /* 0000034C mov ax,0x4f                    */  0xB8, 0x4F, 0x00,
--  /* 0000034F iretw                          */  0xCF,
--  /* 00000350 mov ax,0x14f                   */  0xB8, 0x4F, 0x01,
--  /* 00000353 iretw                          */  0xCF,
-+  /* 00000227 jz word 0x382                  */  0x0F, 0x84, 0x57, 0x01,
-+  /* 0000022B push si                        */  0x56,
-+  /* 0000022C mov si,0x3e9                   */  0xBE, 0xE9, 0x03,
-+  /* 0000022F call word 0x3c4                */  0xE8, 0x92, 0x01,
-+  /* 00000232 pop si                         */  0x5E,
-+  /* 00000233 jmp short 0x233                */  0xEB, 0xFE,
-+  /* 00000235 push es                        */  0x06,
-+  /* 00000236 push di                        */  0x57,
-+  /* 00000237 push ds                        */  0x1E,
-+  /* 00000238 push si                        */  0x56,
-+  /* 00000239 push cx                        */  0x51,
-+  /* 0000023A push si                        */  0x56,
-+  /* 0000023B mov si,0x3fb                   */  0xBE, 0xFB, 0x03,
-+  /* 0000023E call word 0x3c4                */  0xE8, 0x83, 0x01,
-+  /* 00000241 pop si                         */  0x5E,
-+  /* 00000242 push cs                        */  0x0E,
-+  /* 00000243 pop ds                         */  0x1F,
-+  /* 00000244 mov si,0x0                     */  0xBE, 0x00, 0x00,
-+  /* 00000247 mov cx,0x100                   */  0xB9, 0x00, 0x01,
-+  /* 0000024A cld                            */  0xFC,
-+  /* 0000024B rep movsb                      */  0xF3, 0xA4,
-+  /* 0000024D pop cx                         */  0x59,
-+  /* 0000024E pop si                         */  0x5E,
-+  /* 0000024F pop ds                         */  0x1F,
-+  /* 00000250 pop di                         */  0x5F,
-+  /* 00000251 pop es                         */  0x07,
-+  /* 00000252 jmp word 0x3ac                 */  0xE9, 0x57, 0x01,
-+  /* 00000255 push es                        */  0x06,
-+  /* 00000256 push di                        */  0x57,
-+  /* 00000257 push ds                        */  0x1E,
-+  /* 00000258 push si                        */  0x56,
-+  /* 00000259 push cx                        */  0x51,
-+  /* 0000025A push si                        */  0x56,
-+  /* 0000025B mov si,0x404                   */  0xBE, 0x04, 0x04,
-+  /* 0000025E call word 0x3c4                */  0xE8, 0x63, 0x01,
-+  /* 00000261 pop si                         */  0x5E,
-+  /* 00000262 and cx,0xbfff                  */  0x81, 0xE1, 0xFF, 0xBF,
-+  /* 00000266 cmp cx,0xf1                    */  0x81, 0xF9, 0xF1, 0x00,
-+  /* 0000026A jz 0x276                       */  0x74, 0x0A,
-+  /* 0000026C push si                        */  0x56,
-+  /* 0000026D mov si,0x432                   */  0xBE, 0x32, 0x04,
-+  /* 00000270 call word 0x3c4                */  0xE8, 0x51, 0x01,
-+  /* 00000273 pop si                         */  0x5E,
-+  /* 00000274 jmp short 0x233                */  0xEB, 0xBD,
-+  /* 00000276 push cs                        */  0x0E,
-+  /* 00000277 pop ds                         */  0x1F,
-+  /* 00000278 mov si,0x100                   */  0xBE, 0x00, 0x01,
-+  /* 0000027B mov cx,0x100                   */  0xB9, 0x00, 0x01,
-+  /* 0000027E cld                            */  0xFC,
-+  /* 0000027F rep movsb                      */  0xF3, 0xA4,
-+  /* 00000281 pop cx                         */  0x59,
-+  /* 00000282 pop si                         */  0x5E,
-+  /* 00000283 pop ds                         */  0x1F,
-+  /* 00000284 pop di                         */  0x5F,
-+  /* 00000285 pop es                         */  0x07,
-+  /* 00000286 jmp word 0x3ac                 */  0xE9, 0x23, 0x01,
-+  /* 00000289 push dx                        */  0x52,
-+  /* 0000028A push ax                        */  0x50,
-+  /* 0000028B push si                        */  0x56,
-+  /* 0000028C mov si,0x41a                   */  0xBE, 0x1A, 0x04,
-+  /* 0000028F call word 0x3c4                */  0xE8, 0x32, 0x01,
-+  /* 00000292 pop si                         */  0x5E,
-+  /* 00000293 cmp bx,0x40f1                  */  0x81, 0xFB, 0xF1, 0x40,
-+  /* 00000297 jz 0x2a3                       */  0x74, 0x0A,
-+  /* 00000299 push si                        */  0x56,
-+  /* 0000029A mov si,0x432                   */  0xBE, 0x32, 0x04,
-+  /* 0000029D call word 0x3c4                */  0xE8, 0x24, 0x01,
-+  /* 000002A0 pop si                         */  0x5E,
-+  /* 000002A1 jmp short 0x233                */  0xEB, 0x90,
-+  /* 000002A3 mov dx,0x3c0                   */  0xBA, 0xC0, 0x03,
-+  /* 000002A6 mov al,0x20                    */  0xB0, 0x20,
-+  /* 000002A8 out dx,al                      */  0xEE,
-+  /* 000002A9 push dx                        */  0x52,
-+  /* 000002AA push ax                        */  0x50,
-+  /* 000002AB mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 000002AE mov ax,0x4                     */  0xB8, 0x04, 0x00,
-+  /* 000002B1 out dx,ax                      */  0xEF,
-+  /* 000002B2 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 000002B5 mov ax,0x0                     */  0xB8, 0x00, 0x00,
-+  /* 000002B8 out dx,ax                      */  0xEF,
-+  /* 000002B9 pop ax                         */  0x58,
-+  /* 000002BA pop dx                         */  0x5A,
-+  /* 000002BB push dx                        */  0x52,
-+  /* 000002BC push ax                        */  0x50,
-+  /* 000002BD mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 000002C0 mov ax,0x5                     */  0xB8, 0x05, 0x00,
-+  /* 000002C3 out dx,ax                      */  0xEF,
-+  /* 000002C4 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 000002C7 mov ax,0x0                     */  0xB8, 0x00, 0x00,
-+  /* 000002CA out dx,ax                      */  0xEF,
-+  /* 000002CB pop ax                         */  0x58,
-+  /* 000002CC pop dx                         */  0x5A,
-+  /* 000002CD push dx                        */  0x52,
-+  /* 000002CE push ax                        */  0x50,
-+  /* 000002CF mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 000002D2 mov ax,0x8                     */  0xB8, 0x08, 0x00,
-+  /* 000002D5 out dx,ax                      */  0xEF,
-+  /* 000002D6 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 000002D9 mov ax,0x0                     */  0xB8, 0x00, 0x00,
-+  /* 000002DC out dx,ax                      */  0xEF,
-+  /* 000002DD pop ax                         */  0x58,
-+  /* 000002DE pop dx                         */  0x5A,
-+  /* 000002DF push dx                        */  0x52,
-+  /* 000002E0 push ax                        */  0x50,
-+  /* 000002E1 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 000002E4 mov ax,0x9                     */  0xB8, 0x09, 0x00,
-+  /* 000002E7 out dx,ax                      */  0xEF,
-+  /* 000002E8 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 000002EB mov ax,0x0                     */  0xB8, 0x00, 0x00,
-+  /* 000002EE out dx,ax                      */  0xEF,
-+  /* 000002EF pop ax                         */  0x58,
-+  /* 000002F0 pop dx                         */  0x5A,
-+  /* 000002F1 push dx                        */  0x52,
-+  /* 000002F2 push ax                        */  0x50,
-+  /* 000002F3 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 000002F6 mov ax,0x3                     */  0xB8, 0x03, 0x00,
-+  /* 000002F9 out dx,ax                      */  0xEF,
-+  /* 000002FA mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 000002FD mov ax,0x20                    */  0xB8, 0x20, 0x00,
-+  /* 00000300 out dx,ax                      */  0xEF,
-+  /* 00000301 pop ax                         */  0x58,
-+  /* 00000302 pop dx                         */  0x5A,
-+  /* 00000303 push dx                        */  0x52,
-+  /* 00000304 push ax                        */  0x50,
-+  /* 00000305 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 00000308 mov ax,0x1                     */  0xB8, 0x01, 0x00,
-+  /* 0000030B out dx,ax                      */  0xEF,
-+  /* 0000030C mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 0000030F mov ax,0x400                   */  0xB8, 0x00, 0x04,
-+  /* 00000312 out dx,ax                      */  0xEF,
-+  /* 00000313 pop ax                         */  0x58,
-+  /* 00000314 pop dx                         */  0x5A,
-+  /* 00000315 push dx                        */  0x52,
-+  /* 00000316 push ax                        */  0x50,
-+  /* 00000317 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 0000031A mov ax,0x6                     */  0xB8, 0x06, 0x00,
-+  /* 0000031D out dx,ax                      */  0xEF,
-+  /* 0000031E mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 00000321 mov ax,0x400                   */  0xB8, 0x00, 0x04,
-+  /* 00000324 out dx,ax                      */  0xEF,
-+  /* 00000325 pop ax                         */  0x58,
-+  /* 00000326 pop dx                         */  0x5A,
-+  /* 00000327 push dx                        */  0x52,
-+  /* 00000328 push ax                        */  0x50,
-+  /* 00000329 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 0000032C mov ax,0x2                     */  0xB8, 0x02, 0x00,
-+  /* 0000032F out dx,ax                      */  0xEF,
-+  /* 00000330 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 00000333 mov ax,0x300                   */  0xB8, 0x00, 0x03,
-+  /* 00000336 out dx,ax                      */  0xEF,
-+  /* 00000337 pop ax                         */  0x58,
-+  /* 00000338 pop dx                         */  0x5A,
-+  /* 00000339 push dx                        */  0x52,
-+  /* 0000033A push ax                        */  0x50,
-+  /* 0000033B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 0000033E mov ax,0x7                     */  0xB8, 0x07, 0x00,
-+  /* 00000341 out dx,ax                      */  0xEF,
-+  /* 00000342 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 00000345 mov ax,0x300                   */  0xB8, 0x00, 0x03,
-+  /* 00000348 out dx,ax                      */  0xEF,
-+  /* 00000349 pop ax                         */  0x58,
-+  /* 0000034A pop dx                         */  0x5A,
-+  /* 0000034B push dx                        */  0x52,
-+  /* 0000034C push ax                        */  0x50,
-+  /* 0000034D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
-+  /* 00000350 mov ax,0x4                     */  0xB8, 0x04, 0x00,
-+  /* 00000353 out dx,ax                      */  0xEF,
-+  /* 00000354 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
-+  /* 00000357 mov ax,0x41                    */  0xB8, 0x41, 0x00,
-+  /* 0000035A out dx,ax                      */  0xEF,
-+  /* 0000035B pop ax                         */  0x58,
-+  /* 0000035C pop dx                         */  0x5A,
-+  /* 0000035D pop ax                         */  0x58,
-+  /* 0000035E pop dx                         */  0x5A,
-+  /* 0000035F jmp short 0x3ac                */  0xEB, 0x4B,
-+  /* 00000361 push si                        */  0x56,
-+  /* 00000362 mov si,0x411                   */  0xBE, 0x11, 0x04,
-+  /* 00000365 call word 0x3c4                */  0xE8, 0x5C, 0x00,
-+  /* 00000368 pop si                         */  0x5E,
-+  /* 00000369 mov bx,0x40f1                  */  0xBB, 0xF1, 0x40,
-+  /* 0000036C jmp short 0x3ac                */  0xEB, 0x3E,
-+  /* 0000036E push si                        */  0x56,
-+  /* 0000036F mov si,0x43f                   */  0xBE, 0x3F, 0x04,
-+  /* 00000372 call word 0x3c4                */  0xE8, 0x4F, 0x00,
-+  /* 00000375 pop si                         */  0x5E,
-+  /* 00000376 jmp short 0x3b8                */  0xEB, 0x40,
-+  /* 00000378 push si                        */  0x56,
-+  /* 00000379 mov si,0x452                   */  0xBE, 0x52, 0x04,
-+  /* 0000037C call word 0x3c4                */  0xE8, 0x45, 0x00,
-+  /* 0000037F pop si                         */  0x5E,
-+  /* 00000380 jmp short 0x3b8                */  0xEB, 0x36,
-+  /* 00000382 push si                        */  0x56,
-+  /* 00000383 mov si,0x423                   */  0xBE, 0x23, 0x04,
-+  /* 00000386 call word 0x3c4                */  0xE8, 0x3B, 0x00,
-+  /* 00000389 pop si                         */  0x5E,
-+  /* 0000038A cmp al,0x3                     */  0x3C, 0x03,
-+  /* 0000038C jz 0x39d                       */  0x74, 0x0F,
-+  /* 0000038E cmp al,0x12                    */  0x3C, 0x12,
-+  /* 00000390 jz 0x3a1                       */  0x74, 0x0F,
-+  /* 00000392 push si                        */  0x56,
-+  /* 00000393 mov si,0x432                   */  0xBE, 0x32, 0x04,
-+  /* 00000396 call word 0x3c4                */  0xE8, 0x2B, 0x00,
-+  /* 00000399 pop si                         */  0x5E,
-+  /* 0000039A jmp word 0x233                 */  0xE9, 0x96, 0xFE,
-+  /* 0000039D mov al,0x30                    */  0xB0, 0x30,
-+  /* 0000039F jmp short 0x3a3                */  0xEB, 0x02,
-+  /* 000003A1 mov al,0x20                    */  0xB0, 0x20,
-+  /* 000003A3 push si                        */  0x56,
-+  /* 000003A4 mov si,0x3d6                   */  0xBE, 0xD6, 0x03,
-+  /* 000003A7 call word 0x3c4                */  0xE8, 0x1A, 0x00,
-+  /* 000003AA pop si                         */  0x5E,
-+  /* 000003AB iretw                          */  0xCF,
-+  /* 000003AC push si                        */  0x56,
-+  /* 000003AD mov si,0x3d6                   */  0xBE, 0xD6, 0x03,
-+  /* 000003B0 call word 0x3c4                */  0xE8, 0x11, 0x00,
-+  /* 000003B3 pop si                         */  0x5E,
-+  /* 000003B4 mov ax,0x4f                    */  0xB8, 0x4F, 0x00,
-+  /* 000003B7 iretw                          */  0xCF,
-+  /* 000003B8 push si                        */  0x56,
-+  /* 000003B9 mov si,0x3dc                   */  0xBE, 0xDC, 0x03,
-+  /* 000003BC call word 0x3c4                */  0xE8, 0x05, 0x00,
-+  /* 000003BF pop si                         */  0x5E,
-+  /* 000003C0 mov ax,0x14f                   */  0xB8, 0x4F, 0x01,
-+  /* 000003C3 iretw                          */  0xCF,
-+  /* 000003C4 pushaw                         */  0x60,
-+  /* 000003C5 push ds                        */  0x1E,
-+  /* 000003C6 push cs                        */  0x0E,
-+  /* 000003C7 pop ds                         */  0x1F,
-+  /* 000003C8 mov dx,0x402                   */  0xBA, 0x02, 0x04,
-+  /* 000003CB lodsb                          */  0xAC,
-+  /* 000003CC cmp al,0x0                     */  0x3C, 0x00,
-+  /* 000003CE jz 0x3d3                       */  0x74, 0x03,
-+  /* 000003D0 out dx,al                      */  0xEE,
-+  /* 000003D1 jmp short 0x3cb                */  0xEB, 0xF8,
-+  /* 000003D3 pop ds                         */  0x1F,
-+  /* 000003D4 popaw                          */  0x61,
-+  /* 000003D5 ret                            */  0xC3,
-+  /* 000003D6 inc bp                         */  0x45,
-+  /* 000003D7 js 0x442                       */  0x78, 0x69,
-+  /* 000003D9 jz 0x3e5                       */  0x74, 0x0A,
-+  /* 000003DB add [di+0x6e],dl               */  0x00, 0x55, 0x6E,
-+  /* 000003DE jnc 0x455                      */  0x73, 0x75,
-+  /* 000003E0 jo 0x452                       */  0x70, 0x70,
-+  /* 000003E2 outsw                          */  0x6F,
-+  /* 000003E3 jc 0x459                       */  0x72, 0x74,
-+  /* 000003E5 or al,[fs:bx+si]               */  0x65, 0x64, 0x0A, 0x00,
-+  /* 000003E9 push bp                        */  0x55,
-+  /* 000003EA outsb                          */  0x6E,
-+  /* 000003EB imul bp,[bp+0x6f],byte +0x77   */  0x6B, 0x6E, 0x6F, 0x77,
-+  /* 000003EF outsb                          */  0x6E,
-+  /* 000003F0 and [bp+0x75],al               */  0x20, 0x46, 0x75,
-+  /* 000003F3 outsb                          */  0x6E,
-+  /* 000003F4 arpl [si+0x69],si              */  0x63, 0x74, 0x69,
-+  /* 000003F7 outsw                          */  0x6F,
-+  /* 000003F8 outsb                          */  0x6E,
-+  /* 000003F9 or al,[bx+si]                  */  0x0A, 0x00,
-+  /* 000003FB inc di                         */  0x47,
-+  /* 000003FC gs jz 0x448                    */  0x65, 0x74, 0x49,
-+  /* 000003FF outsb                          */  0x6E,
-+  /* 00000400 outsd                          */  0x66, 0x6F,
-+  /* 00000402 or al,[bx+si]                  */  0x0A, 0x00,
-+  /* 00000404 inc di                         */  0x47,
-+  /* 00000405 gs jz 0x455                    */  0x65, 0x74, 0x4D,
-+  /* 00000408 outsw                          */  0x6F,
-+  /* 00000409 gs dec cx                      */  0x64, 0x65, 0x49,
-+  /* 0000040C outsb                          */  0x6E,
-+  /* 0000040D outsd                          */  0x66, 0x6F,
-+  /* 0000040F or al,[bx+si]                  */  0x0A, 0x00,
-+  /* 00000411 inc di                         */  0x47,
-+  /* 00000412 gs jz 0x462                    */  0x65, 0x74, 0x4D,
-+  /* 00000415 outsw                          */  0x6F,
-+  /* 00000416 or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
-+  /* 0000041A push bx                        */  0x53,
-+  /* 0000041B gs jz 0x46b                    */  0x65, 0x74, 0x4D,
-+  /* 0000041E outsw                          */  0x6F,
-+  /* 0000041F or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
-+  /* 00000423 push bx                        */  0x53,
-+  /* 00000424 gs jz 0x474                    */  0x65, 0x74, 0x4D,
-+  /* 00000427 outsw                          */  0x6F,
-+  /* 00000428 gs dec sp                      */  0x64, 0x65, 0x4C,
-+  /* 0000042B gs a32 popaw                   */  0x65, 0x67, 0x61,
-+  /* 0000042E arpl [bx+di+0xa],di            */  0x63, 0x79, 0x0A,
-+  /* 00000431 add [di+0x6e],dl               */  0x00, 0x55, 0x6E,
-+  /* 00000434 imul bp,[bx+0x77],byte +0x6e   */  0x6B, 0x6F, 0x77, 0x6E,
-+  /* 00000438 and [di+0x6f],cl               */  0x20, 0x4D, 0x6F,
-+  /* 0000043B or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
-+  /* 0000043F inc di                         */  0x47,
-+  /* 00000440 gs jz 0x493                    */  0x65, 0x74, 0x50,
-+  /* 00000443 insw                           */  0x6D,
-+  /* 00000444 inc bx                         */  0x43,
-+  /* 00000445 popaw                          */  0x61,
-+  /* 00000446 jo 0x4a9                       */  0x70, 0x61,
-+  /* 00000448 bound bp,[bx+di+0x6c]          */  0x62, 0x69, 0x6C,
-+  /* 0000044B imul si,[si+0x69],word 0x7365  */  0x69, 0x74, 0x69, 0x65, 0x73,
-+  /* 00000450 or al,[bx+si]                  */  0x0A, 0x00,
-+  /* 00000452 push dx                        */  0x52,
-+  /* 00000453 gs popaw                       */  0x65, 0x61,
-+  /* 00000455 fs inc bp                      */  0x64, 0x45,
-+  /* 00000457 fs                             */  0x64,
-+  /* 00000458 db 0x69                        */  0x69,
-+  /* 00000459 or al,[fs:bx+si]               */  0x64, 0x0A, 0x00,
- };
- #endif
--- 
-2.18.1
-
diff --git a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
deleted file mode 100644
index d76b4d9..0000000
--- a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 25 Feb 2014 18:40:35 +0100
-Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- update commit message as requested in
-  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
-  390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
-  InitializeTerminalConsoleTextMode", 2017-01-10).
-
-When the console output is multiplexed to several devices by
-ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
-supported by all console output devices.
-
-Two notable output devices are provided by:
-(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
-(2) MdeModulePkg/Universal/Console/TerminalDxe.
-
-GraphicsConsoleDxe supports four modes at most -- see
-InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
-
-(1a) 80x25 (required by the UEFI spec as mode 0),
-(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
-     requires the driver to provide it as mode 1),
-(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
-     spec requires from all plug-in graphics devices),
-(1d) "full screen" resolution, derived form the underlying GOP's
-     horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
-     (8) and EFI_GLYPH_HEIGHT (19), respectively.
-
-The automatic "full screen resolution" makes GraphicsConsoleDxe's
-character console very flexible. However, TerminalDxe (which runs on
-serial ports) only provides the following fixed resolutions -- see
-InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
-
-(2a) 80x25 (required by the UEFI spec as mode 0),
-(2b) 80x50 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 1),
-(2c) 100x31 (since the character resolution of a serial device cannot be
-     interrogated easily, this is added unconditionally as mode 2).
-
-When ConSplitterDxe combines (1) and (2), multiplexing console output to
-both video output and serial terminal, the list of commonly supported text
-modes (ie. the "intersection") comprises:
-
-(3a) 80x25, unconditionally, from (1a) and (2a),
-(3b) 80x50, if the graphics console provides at least 640x950 pixel
-     resolution, from (1b) and (2b)
-(3c) 100x31, if the graphics device is a plug-in one (because in that case
-     800x600 is a mandated pixel resolution), from (1c) and (2c).
-
-Unfortunately, the "full screen resolution" (1d) of the GOP-based text
-console is not available in general.
-
-Mitigate this problem by extending "mTerminalConsoleModeData" with a
-handful of text resolutions that are derived from widespread maximal pixel
-resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
-the most frequent (1d) values from the intersection, and eg. the MODE
-command in the UEFI shell will offer the "best" (ie. full screen)
-resolution too.
-
-Upstreaming efforts for this patch have been discontinued; it was clear
-from the off-list thread that consensus was impossible to reach.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
-(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
-(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
-(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- .../Universal/Console/TerminalDxe/Terminal.c  | 41 +++++++++++++++++--
- 1 file changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-index 66dd3ad550..78a198379a 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
-@@ -113,9 +113,44 @@ TERMINAL_DEV  mTerminalDevTemplate = {
- };
- 
- TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
--  {80,  25},
--  {80,  50},
--  {100, 31},
-+  {   80,  25 }, // from graphics resolution  640 x  480
-+  {   80,  50 }, // from graphics resolution  640 x  960
-+  {  100,  25 }, // from graphics resolution  800 x  480
-+  {  100,  31 }, // from graphics resolution  800 x  600
-+  {  104,  32 }, // from graphics resolution  832 x  624
-+  {  120,  33 }, // from graphics resolution  960 x  640
-+  {  128,  31 }, // from graphics resolution 1024 x  600
-+  {  128,  40 }, // from graphics resolution 1024 x  768
-+  {  144,  45 }, // from graphics resolution 1152 x  864
-+  {  144,  45 }, // from graphics resolution 1152 x  870
-+  {  160,  37 }, // from graphics resolution 1280 x  720
-+  {  160,  40 }, // from graphics resolution 1280 x  760
-+  {  160,  40 }, // from graphics resolution 1280 x  768
-+  {  160,  42 }, // from graphics resolution 1280 x  800
-+  {  160,  50 }, // from graphics resolution 1280 x  960
-+  {  160,  53 }, // from graphics resolution 1280 x 1024
-+  {  170,  40 }, // from graphics resolution 1360 x  768
-+  {  170,  40 }, // from graphics resolution 1366 x  768
-+  {  175,  55 }, // from graphics resolution 1400 x 1050
-+  {  180,  47 }, // from graphics resolution 1440 x  900
-+  {  200,  47 }, // from graphics resolution 1600 x  900
-+  {  200,  63 }, // from graphics resolution 1600 x 1200
-+  {  210,  55 }, // from graphics resolution 1680 x 1050
-+  {  240,  56 }, // from graphics resolution 1920 x 1080
-+  {  240,  63 }, // from graphics resolution 1920 x 1200
-+  {  240,  75 }, // from graphics resolution 1920 x 1440
-+  {  250, 105 }, // from graphics resolution 2000 x 2000
-+  {  256,  80 }, // from graphics resolution 2048 x 1536
-+  {  256, 107 }, // from graphics resolution 2048 x 2048
-+  {  320,  75 }, // from graphics resolution 2560 x 1440
-+  {  320,  84 }, // from graphics resolution 2560 x 1600
-+  {  320, 107 }, // from graphics resolution 2560 x 2048
-+  {  350, 110 }, // from graphics resolution 2800 x 2100
-+  {  400, 126 }, // from graphics resolution 3200 x 2400
-+  {  480, 113 }, // from graphics resolution 3840 x 2160
-+  {  512, 113 }, // from graphics resolution 4096 x 2160
-+  {  960, 227 }, // from graphics resolution 7680 x 4320
-+  { 1024, 227 }, // from graphics resolution 8192 x 4320
-   //
-   // New modes can be added here.
-   //
--- 
-2.18.1
-
diff --git a/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
new file mode 100644
index 0000000..5d691f5
--- /dev/null
+++ b/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
@@ -0,0 +1,613 @@
+From 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 11 Jun 2014 23:33:33 +0200
+Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- trivial context update (performed silently by git-cherry-pick) for
+  upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume
+  CSM components in OvmfPkg", 2019-06-14)
+
+- A note for the future: the logo could change completely in a subsequent
+  rebase. See <https://bugzilla.tianocore.org/show_bug.cgi?id=2050> (in
+  CONFIRMED status at the time of writing).
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The
+  OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace
+  obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The
+  ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg:
+  Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14).
+
+  Consequently, because the NetworkPkg iSCSI driver requires OpenSSL
+  unconditionally, as explained in
+  <https://bugzilla.tianocore.org/show_bug.cgi?id=1278#c3>, this patch now
+  builds LogoOpenSSLDxe unconditionally, squashing and updating previous
+  downstream commits
+
+  - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo
+                 (RHEL only)
+  - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only)
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove
+  incorrect comments.", 2018-02-28)
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- After picking previous downstream-only commit 32192c62e289, carry new
+  upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing
+  dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to
+  "LogoOpenSSLDxe.inf".
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- For more fun, upstream completely changed the way logo bitmaps are
+  embedded in the firmware binary (see for example commit ab970515d2c6,
+  "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this
+  rebase, we reimplement the previous downstream-only commit e775fb20c999,
+  as described below.
+
+- Beyond the new bitmap file (which we preserve intact from the last
+  downstream branch), we introduce:
+
+  - a new IDF (image description file) referencing the new BMP,
+
+  - a new driver INF file, referencing the new BMP and new IDF (same C
+    source code though),
+
+  - a new UNI (~description) file for the new driver INF file.
+
+- In the OVMF DSC and FDF files, we select the new driver INF for
+  inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they
+  both make use of OpenSSL (although different subsets of it).
+
+- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE,
+  because the ArmVirtQemu platform does not support TLS_ENABLE yet.
+
+- This patch is best displayed with "git show --find-copies-harder".
+
+Notes about the d7c0dfa -> 90bb4c5 rebase:
+
+- squash in the following downstream-only commits (made originally for
+  <https://bugzilla.redhat.com/show_bug.cgi?id=1308678>):
+
+  - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment
+            (RHEL only)
+
+  - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure
+            Boot (RH only)
+
+  The reason is that ideas keep changing when and where to include the
+  Secure Boot feature, so the logo must be controllable directly on the
+  build command line, from the RPM spec file. See the following
+  references:
+
+  - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html
+  - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html
+  - https://bugzilla.redhat.com/show_bug.cgi?id=1323363
+
+- This squashed variant should remain the final version of this patch.
+
+Notes about the c9e5618 -> b9ffeab rebase:
+- AAVMF gained Secure Boot support, therefore the logo is again modified
+  in the common location, and no FDF changes are necessary.
+
+Notes about the 9ece15a -> c9e5618 rebase:
+- Logo.bmp is no longer modified in-place; instead a modified copy is
+  created. That's because AAVMF includes the logo too, but it doesn't
+  include OpenSSL / Secure Boot, so we need the original copy too.
+
+Because we may include the OpenSSL library in our OVMF and AAVMF builds
+now, we should advertise it as required by its license. This patch takes
+the original TianoCore logo, shifts it up by 20 pixels, and adds the
+horizontally centered message
+
+  This product includes software developed by the OpenSSL Project
+  for use in the OpenSSL Toolkit (http://www.openssl.org/)
+
+below.
+
+Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24
+Logo.bmp:         PC bitmap, Windows 3.x format, 193 x 58 x 8
+
+Downstream only because upstream edk2 does not intend to release a
+secure-boot-enabled OVMF build. (However the advertising requirement in
+the OpenSSL license,
+"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed
+nonetheless, which is why I'm changing the logo.)
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b)
+(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be)
+(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3)
+(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d)
+(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849)
+---
+ ArmVirtPkg/ArmVirtQemu.dsc           |   2 +-
+ ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc |   2 +-
+ ArmVirtPkg/ArmVirtQemuKernel.dsc     |   2 +-
+ MdeModulePkg/Logo/Logo-OpenSSL.bmp   | Bin 0 -> 156342 bytes
+ MdeModulePkg/Logo/Logo-OpenSSL.idf   |  15 +++++++
+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf |  61 +++++++++++++++++++++++++++
+ MdeModulePkg/Logo/LogoOpenSSLDxe.uni |  22 ++++++++++
+ OvmfPkg/OvmfPkgIa32.dsc              |   2 +-
+ OvmfPkg/OvmfPkgIa32.fdf              |   2 +-
+ OvmfPkg/OvmfPkgIa32X64.dsc           |   2 +-
+ OvmfPkg/OvmfPkgIa32X64.fdf           |   2 +-
+ OvmfPkg/OvmfPkgX64.dsc               |   2 +-
+ OvmfPkg/OvmfPkgX64.fdf               |   2 +-
+ 13 files changed, 107 insertions(+), 9 deletions(-)
+ create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp
+ create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf
+ create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 7ae6702ac1..a3cc3f26ec 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -364,7 +364,7 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
+   MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+-  MdeModulePkg/Logo/LogoDxe.inf
++  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+   MdeModulePkg/Application/UiApp/UiApp.inf {
+     <LibraryClasses>
+       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+index 31f615a9d0..57f2f625fe 100644
+--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
+@@ -176,7 +176,7 @@ READ_LOCK_STATUS   = TRUE
+   #
+   # TianoCore logo (splash screen)
+   #
+-  INF MdeModulePkg/Logo/LogoDxe.inf
++  INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+   #
+   # Ramdisk support
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index 3b0f04967a..27e65b7638 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -348,7 +348,7 @@
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf
+   MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
+-  MdeModulePkg/Logo/LogoDxe.inf
++  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+   MdeModulePkg/Application/UiApp/UiApp.inf {
+     <LibraryClasses>
+       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp
+new file mode 100644
+index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29
+GIT binary patch
+literal 156342
+zcmeI5d(>~$xW~&aw_M64<QfWz7#dP?t3($>NYZ7LkVerMIgB$pYT%5)88Oa?KguvP
+zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY
+zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l
+zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12
+zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo*
+z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t
+z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw
+z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8
+zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&n<tedLa%?xslom<X-FfGo
+z|N7Uz;zQR$QEQ9?GD3Gi=7I|@pfCK+KmYs#4?Hjq5uDk6`|VNq*T4RC_0?DJzyJQK
+zsC})Wq6;y((@r~m>s#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a?
+zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE
+z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb
+zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK
+zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI
+zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W)
+ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN
+z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5&
+z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc
+z(W5B_Snb5D<<krM8Rdr0QJ*T%G?&$9Kl|Aaedt5q{N^`bbkRjt=pxTd#b-YA8EUQl
+zKchfbq0T+_*u#B>LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2`
+zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC
+z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr
+zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O
+ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_<AJw{W#8P-F
+zCZ+ter#+36>Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm
+zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y
+z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn<x8h_IHKi^H{SS?OD<7Pl&u5c1iZic)vw55
+zPYCS8DxE<E)W+zbHi&JlM^g+iInTa(VydW{U!X0uhR=omt+(FFeX!eo+~Xc+g)Z`x
+zdj8N=)=t4F&^=~kG;gb}a*}(FCaQITC`z4#i;q6~=*up<jJqdTY_rWab6qT>7Jr_#
+zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT
+zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL
+z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7
+zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9
+zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO
+zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44<v6$8atncWoEpM%TfyD5
+zOKl<QH-<r@2>UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ
+zZ)HZA9HQN?fBowS=bd-nQAZucL<BNN<e-BNlK!B=7$Y*peh}MQkER%4wG*?Jk9!5$
+za=YO(`jIg>9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT
+zMP`<n_i+x3u2}-%qy?KI2ieQE8H)@%t3@GJQLXK^+fEA9!X?Qg9Y7gIU_L>$;+{w6
+zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts
+zL;~R<E6L(oPAf#^!mHl--`*n_trZ3-svVA^Ip*035tJEaa=!3|FC2E*VF<?^cN{an
+zpZw$}k$H$uzVrtb#u$+)_Ji2gdNjoVtDTs&eB3M0mfH=V(T|M5>A-VBcb3QU(O`l6
+zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e
+zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3<H!}
+zOgDezBOgJQ@<<0zX6g9rU;p~pgk<J_zx&<qN?y8jDNh()@{*U}8|xq9T7^bKwH~n|
+zXWMPJ?Y8KgL4^VYSF8z9zcvi0+bE*cMlA5;4GMOE>HMf%xC9#(>mO=IFj^}NHV#Lj
+z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt
+zeC{#^7{V<qOo9rSOuO{bOX-pOULeo<hfja{(=J^*1?~;O)IW6+y5!tu#Iq31@hO~3
+zI7SRYrl&O{C>ZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb
+zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y
+z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A
+zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH
+z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q
+z#U5^JZ4<b$t--qHc9p*$iO#Qj2f3KD%!onr@|V9{>wkHy#0}}mC!ZV}nnU^RZ+|=Y
+zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg|
+zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz
+z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~<Y{if>z)>P3#
+z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+<gohY|!t!t&VqcB%E2zeG7{rS&-E|$&A
+zRTB%*&a<BNEN1AqDOiZk)nlLW-p=>98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3
+z<ZvD3hF6+V9#ePS(OC^gfeB*%0MAbg)*WoKr-?u!kO(9Ki9jNd2qXfDKq8O`Bm#**
+zB9I8o3j*^!p))T|r_psDfqQG*va*mB>-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq
+zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1
+zxc%S<KgjCC1qR8yFA-U2{Vn`qvGClFie8IFrjr)%tnm{2=r>hrZ`6<0RHgQodrAoh
+zSgFbiHWu-)l-PgPQu`<dRrqrq-s8s$rTEic{^Z79@#o0g;&op=SNPLN_FA@n!=*+?
+zDB|xddq34N2I_`R4OKfVWC~c?-(29YpLt&li<Eg&*GVUx#G5Nv*-lcX3d@bIN#Fb0
+zQEpq{?RT^o-vc0nH9Vtx4RC7Xw(U%#3-Zc;X2wY7mi8}y`3rA*P?7iitvoODi?70Q
+zk%V}#Vs|Jlk~I(tgDi;yipIBBWO)iq3V&j<{dE;uY%5@@`z!i|LXlG>y9%`-LB*)t
+z0JfJO;vrk<L$v7JBGX9=Xf|GAZ#xK$H|j@gXg1z*&)??qN4GEne;CG_Rv;<Nsuk96
+z_I?zDn>hX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgB<FFE9q`noa{%J1h_i
+zSlZuQ;BSZcQxUM`opT8MStqY4@S8si%Z;u@{HFs43mj<vnAm^aAe)Uw?Op?%#<*=*
+zZge5`RIgdkcTBiiGoIu7gV5yN6#O|1L=bC5IUX!`M+!07a5Y*(9{lzSI@4hi{lSQn
+zgI`w}RIsU{FEKf&Qz$fsM0CCZY>gk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD
+zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Q<b
+zsMA2z4y$63Y=3is8xgLBZjr+pt4A4~kzJb(99~t!i$vfrZfN2kST-89du?!P<F;YB
+z(FJ3LfCF)Qm&l!0GDZd7tn~i(zn}Ni#LOtW3$j)#YPcG!jQRG88kz!==xX$q36^+L
+z%bz*_{7TV!?6u@Vp)n+)^9^7J`C-C`qWNB*tYaaX=)S~0mQp3Yku!d>p|I9?%YE^}
+zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc
+z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$
+zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG
+zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ
+z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY
+zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf
+z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;<eqg*5#u10HPzP%#L
+zQ()3?FZ#e_HxmwX{`r-n_1L21LZLAvgn()_faOs3GEdRa-JbO3k~#P-fW}Mg?>4>S
+zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl>
+z7^rJH4OAO`j``+-dZ#@M60IS}<JIU|G%^J^y!n^Qxjym7CvR!UZ{lw>YFFFf)W&VY
+za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R)
+zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y
+zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp
+zKFQt>Vbm<Ux`o0el8ugF)~`ZFGk&UL4AeE92C5A|$9!|axFPVI(;w*|iRE~_8eNM<
+zrT~ZUZ!%$LBfO}dN6$(&8g<9p;MB%#!*Zhwb`k*x;#3L49-C4iKYl>=t6%*pub_){
+zCA$l<)_b;6)NnQ0<R*s6gqR~aetU%+8l3_YYW1E+jF8pv`IQJ1UEuzkm!JLHil6$3
+zLL94&At3}*s{t%Uz06a1B0K&3O9+jX?$;cmiN;Ip?>4>SzuFu1i70ta6~A`DdXC=j
+zVqk`4D7>weC&k1#JZWL!jy<uUMxErF8jNEmD0xQD`W_yP*emNer>LuB?XwXz%QkDF
+zYqrr5PP5vlI>ta<(`lgE@N@8+3#<j?Z?p*F7|=WcW9@+^Vd--B$Tqqrh_s&q9InuO
+zW86ldW8TECWTR1cya7&a++w_8xzPnXiGXpYZWzgo=PkF~lEpbpo=D*v-}naPU}ath
+z`n9ip%}ERH0y(v_m7<2LHia<e+bgI|he_=`8vMG-ph5&8b|=ccI>4^wr`@sI7!sJZ
+zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6
+zsm0{}`|r=14;<iOB^)7z_z461*{#cMAoJ+84`K9LcGDKRX342_gd$=$o^&x@i%)fo
+zfx4m7MYa1;k_gL~?<w$<@03$cA?9VM@TCT(EHw#0FM5w`t!skF`&og*3*%t~F0rnT
+z%*32u>04_w9-uBbSZj=1wN<lBX`>7F69<S`8Ogv7dVc3J@g`)t#THvwlN$?i$afAx
+zJXj=aXRE3-T(wQ^$8m-+?;He<BY}?J(>NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+
+zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV
+zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B
+zp7K{7GJLB2)HbE_<iuQ=T@??f{)9o>`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE
+z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K%
+zc<qSR@(0Y#L-BlgvWhmRt3F+=IYD%Rf0Tqi&J#HEWVZL9^tRQT*;{=~=G<Bv)8aa-
+zlTfd-hdw)=2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q
+z0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**
+zB9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`
+zBm#**B9I6q0*OE(kO(9Ki9jNd2qXfDKq8O`Bm#**B9I6q0*OE(P$0lJ{_>XytO^3f
+zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW
+zvK_w54ib*s{pCdx<x~Ir<7gg#)M1ScwTsR@`}C7e)OOZs|6@4{OP4Oa_R1?RyYPbc
+zhT5$+--ssL_19djJ;F`bU&mfKWG-E@<gUew?^tx3wma{*BMKyygEe<Kg*icB>`+U+
+zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK
+zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_ga<bby^J7Q&qT
+ziV>B`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g
+zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5<Ha3eBxHw&!B4z<)v
+z1QLM)0iT5MDWR^&*Mw_9`6v_rt|I?JzT#r&a#s9HMa_-C-Eb}>vhUWL{rld#LnSaW
+zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgM<J9r<8$mhZ!wxSe=iM!dP
+zzkCI2L+;e2U4coXRAG-AITXSB)TL3G;*tQ2m?D!L>ChaRR3Q`NWYVa52T-<54&6jk
+z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi<G
+zWFn9Vj77jF60B<e?S{bSU(U&q{LA^w#`!Fv*kech3sXP=jSV&Ui*ud{5GV=#y*A$j
+zvyce<i&^&Mvqy)y5fs=%A~XR{5f?98wv-~c+nt4X=mq2}@}lGDV-}V{P2@#gQ830K
+zBkEFwpR`C37D!^5e5jDtMSLW2OzyEKiCOqmb;+SojL;%7MOelZT~i0i#4&Q%C{<sO
+zvBQtLY`Dt)1AFdl9jaiHq|Cza)Wsk=>}i57aDByd`it`*14L?zOuC7O<Up?iP>`Zb
+zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6
+zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=|
+zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQ<UNc
+zq=^DVi8ELrX`aOnKQTK3U7)Af!E<nsaazP}?9h<%k<Gs}ho2N-AG0)s9rUS=Sv*96
+z_!m<&jbpGj)#WgIoYW<RDl@KxUooOGnFu5TV-fIq#CawDHQN>fr!>mb@vk@wzKEOR
+zUl^giiGN`YjEEEA6vzVN5F<bqVl?a^Ll%l0QNY`odEuoq@h?SKfKwE5sxH(+5nY2{
+zsD*v<v4DLjTlypc2QFrh49#JLQZ$7gyoPZ~$su3Ni)9?ZAjWY_b@7wdQAUl6oOEaf
+zfgE&@+2fLZkg^&=4GWSXN@RS-INqwFWa_FG{*aFwvPP*Kzz$u2<*BFxs_wHVM_92(
+z2Ytwz9^sxaVb3K^K4?F7sHI*akO&kA_(bBgcjW8%*TU5E51hc-AOg!0X2rkI1QZON
+z5veIE#2{P%(ZCK+344-o4Q$9B>LCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6
+zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc<P_9y!4YSy!AzGmqSi?Ouu_F?MQZXVQs7^1?
+zN6mbPH8o0qb+telC(*%4O7RD5vB{o%TBIQupGHN^7^JRyhcznV8_KB3Np2~~CkKD%
+z8p`T5nV97wjVTWsgknTxG7(4w#v<SoiF3^J4@KnbB+6n65lU^38YeuO;#u}Ob+uO}
+zrL*E+g=R1UG$8_os-P0`B|uVe4L9c8M6*YRJ0v^)g{QCpPsth%u%V2@=z{<P_MslA
+z8G}?OhaW*Stb_oYlSwTlR}?O%A?O&ogbnE(eTM<9jDRu~RhMM3en3gwpcNTJUtv3$
+zw53e;Vq5k!M?=a-hiPbx$j*#)o(e9TnWGSK!@{_PGG=3sP(Y0z_^3Pbb0#ZPpHaA{
+zzu*RdGYa81cBrLZB9I6a2>3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox
+z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`<Kx(5PUL1d36lzLD0@c(#-S!%H%
+zU>V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@
+z;@R>q?8C{=X3m9KyurT&nC9F<fP!Zt$|Xw*&UN=wm>PkxLoM|ZfkdD{z-Jwk38Gqf
+zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZs<UH63%W?JlP<
+zCkPZHDwByoA}|(#IXMHTH!?F*IkZi0J!`HG1jY`v)Jp^sfdT=apgiX0!48uK+ALcj
+zA7!FcG}(x7wMX!#9Mp(UiE6tWu_~F`6WF@-6xLh>iV>B`L?96ui-1pi)&}t0pQmuO
+zjkyJsVOUM<GMP{aPNG(uQqU7BO*JrM;MP-Ea}gLj)KV`INCXN5eA>gmwe@7qN10I9
+zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q
+z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{
+zrxeR<HJ#WhYSF8<OT~!FWFn9Vj77j_9rFxCzNXr)5Ff0Wd3yzHPQkx~%q;BHCK9)A
+zQGn}t5{MdWV43A`5d=ytLU>A9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH
+zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$
+zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW)
+z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw
+z3l@f;rKYP((H5Gr$(|rLmcp<mdN*WceBjS9dShygKx7c5d9x5qeCYIYCG^^;jy34A
+z;7VB4trSJ>6r6t4$t%^Y9|aV;zhXpXG7(4w#v<U;Y0l%{IMwSp2Md%I^AE(oS^x)&
+zwfPq{Ht5g%E27k2izosmhpPf4NTz7fi|S}dy@r3`Ww9rJBxWcq*ep6R{-qbRE;lH`
+z2v;wBhQ!sJ_Sh`?h-Iiy3~Qc6fKRnKQ>;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_
+z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C
+zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk
+zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y
+zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA
+zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr=
+zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W
+z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK<i8w#Q2)WYbaoUR{YBqMYY&_
+z{sGQaTM#;z83Pyv*j#-<$HWcsnd6{B!qvtvM#?B_A~;&;Wl0Q5M^x*%f*9U*`8UpK
+zK;OMT)>>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_
+zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO
+z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPT<Xx3#lMaCx0rvJ
+zZTvfO{=qRROzP)v^a7gm!!+@u_b@UX%GMkIN^NldLGdq>zaT>uOf~q|a}+cx{*6-y
+z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB
+zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<<Tq+<(2pX33R^wk3;8R^)jD`d{
+zsOl&<)EyuHs;>AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9
+zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^
+zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095
+zOig9PT5<lDYXhyY;js1yY?1nHRz@ZVRHhPvL|`-mJ`b5LAhvC9DC@;KB0KgL#C=NY
+ztH8EAQWzQkcGo{(ABKfk;X8<uj&xfjD5eO7?)o$FGDSF0RP>`Z>N@_#zD%)aez~YZ
+z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{
+z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r
+zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^
+zg<d)aMb=iH4Z;=UP{pbyQ<{k68(BWqf<q~SL)l<esF@#iBeSCqmFow~6Yx6jritP=
+zIiNC?2qXfd5%9SLahPzS+PG<L1ACOAHi)vlnfq*fjDTgx4pM`*@T67+$HcRcBeZKZ
+zswiJZ{4NW)QZy>damB9JKZs<hjwS?6U22J5DI!1CqD8uoCi$`nJFB_K%aq1m#K&U2
+zp{qO67NAAg(`<+U3zGvann1}cnuzlcu`V(di-&tsz$`^<zHD^O%GJ?hEfo`iL|_sD
+zpY8DvD<b(u8RhxoU&X(o!pL0qP=a_?+!y(m*;^(VM3>s5qfIuEVafQ{8IFHZ(DOQ1
+zL2xbpxXzOgb_Q=@TibU<H4QI=o0TO*-c;0CC=^M8Py$ah2~Hi2qC@N)X9Eg86{Qwa
+z6XsudInuQ1dOiWQZmI1n+%B9XIXR#*l?WsPqY?1wr1)2%Zsgo3qYUM>gI`Lgj(=e>
+zMU)Nx<vO9YaXjPljlX-r<pCB}%u85Gl**>~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo
+zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh
+z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{<Xtx0jlLuAq36V
+zUD(j5%f*8#)Gf$*unM)>RlEdP#0v4%e#ImMtXlgq`3qxe(=<X&v&d&Ygj$U%Qb4Ch
+zyEZsEpfZ&RBm$!m@L5#M|MmvLD9=g!OGL>XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE
+zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr
+zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?D<v+=r8c!<bcXlB9I7-
+zM!@H`<KN!M7si~!`3J&VJ>c?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7>
+zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a
+z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q
+zf7)`qfCKTHn1c<ucMDcvF&WReh=>Vw*|W7Di!H#8j2>&Lm<S{SlL+{H9vT16-}+yB
+zlERvWz~q3+R3eZFj7GqxI<X{ws@vXB9;s%tDXjGfj2>&Lm<S{SlL(j{SPiDtvf8t>
+z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K
+zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@
+z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33W<Ob
+zm>f`<N(2&t(Fph~>WzQnL<F*xQ%D4i!054-iitoXFo}TAq9XoPvdFY@3W<Obm>f`<
+zN(2&t(Fph~a{Oz~wUF}<Mk$3Z0;9)TDkcJnz$5}bog&*t+2l*6l~YIrjKJi8%2Xnd
+z2#iL+XOZJy6K+?qateun5g0wzQZW%o1SS#iS(Go<F%&7x3W3Q1m8nD^5g3iYtj@Gl
+zP6WCLj2>&Lm<S{SlL&NAr_4zNW`)4yfXY-NkO+)MU{+^ZDklP61V)dwRJ=D3_<z$H
+BLUI5A
+
+literal 0
+HcmV?d00001
+
+diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf
+new file mode 100644
+index 0000000000..a80de29a63
+--- /dev/null
++++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf
+@@ -0,0 +1,15 @@
++// /** @file
++// Platform Logo image definition file.
++//
++// Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
++//
++// This program and the accompanying materials
++// are licensed and made available under the terms and conditions of the BSD License
++// which accompanies this distribution. The full text of the license may be found at
++// http://opensource.org/licenses/bsd-license.php
++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++//
++// **/
++
++#image IMG_LOGO Logo-OpenSSL.bmp
+diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+new file mode 100644
+index 0000000000..2f79d873e2
+--- /dev/null
++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+@@ -0,0 +1,61 @@
++## @file
++#  The default logo bitmap picture shown on setup screen.
++#
++#  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
++#
++#  This program and the accompanying materials
++#  are licensed and made available under the terms and conditions of the BSD License
++#  which accompanies this distribution. The full text of the license may be found at
++#  http://opensource.org/licenses/bsd-license.php
++#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++#
++#
++##
++
++[Defines]
++  INF_VERSION                    = 0x00010005
++  BASE_NAME                      = LogoOpenSSLDxe
++  MODULE_UNI_FILE                = LogoOpenSSLDxe.uni
++  FILE_GUID                      = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF
++  MODULE_TYPE                    = DXE_DRIVER
++  VERSION_STRING                 = 1.0
++
++  ENTRY_POINT                    = InitializeLogo
++#
++#  This flag specifies whether HII resource section is generated into PE image.
++#
++  UEFI_HII_RESOURCE_SECTION      = TRUE
++
++#
++# The following information is for reference only and not required by the build tools.
++#
++#  VALID_ARCHITECTURES           = IA32 X64
++#
++
++[Sources]
++  Logo-OpenSSL.bmp
++  Logo.c
++  Logo-OpenSSL.idf
++
++[Packages]
++  MdeModulePkg/MdeModulePkg.dec
++  MdePkg/MdePkg.dec
++
++[LibraryClasses]
++  UefiBootServicesTableLib
++  UefiDriverEntryPoint
++  DebugLib
++
++[Protocols]
++  gEfiHiiDatabaseProtocolGuid        ## CONSUMES
++  gEfiHiiImageExProtocolGuid         ## CONSUMES
++  gEfiHiiPackageListProtocolGuid     ## PRODUCES CONSUMES
++  gEdkiiPlatformLogoProtocolGuid     ## PRODUCES
++
++[Depex]
++  gEfiHiiDatabaseProtocolGuid AND
++  gEfiHiiImageExProtocolGuid
++
++[UserExtensions.TianoCore."ExtraFiles"]
++  LogoDxeExtra.uni
+diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
+new file mode 100644
+index 0000000000..7227ac3910
+--- /dev/null
++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni
+@@ -0,0 +1,22 @@
++// /** @file
++// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen.
++//
++// This module provides the logo bitmap picture (with OpenSSL advertisment)
++// shown on setup screen, through EDKII Platform Logo protocol.
++//
++// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
++//
++// This program and the accompanying materials
++// are licensed and made available under the terms and conditions of the BSD License
++// which accompanies this distribution. The full text of the license may be found at
++// http://opensource.org/licenses/bsd-license.php
++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
++//
++// **/
++
++
++#string STR_MODULE_ABSTRACT             #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen."
++
++#string STR_MODULE_DESCRIPTION          #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol."
++
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 66e944436a..044379e1ed 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -688,7 +688,7 @@
+       NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
+ !endif
+   }
+-  MdeModulePkg/Logo/LogoDxe.inf
++  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+   MdeModulePkg/Application/UiApp/UiApp.inf {
+     <LibraryClasses>
+       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 785affeb90..326f82384e 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -283,7 +283,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+-INF MdeModulePkg/Logo/LogoDxe.inf
++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+ #
+ # Network modules
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 51c2bfb44f..2ff68102d3 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -701,7 +701,7 @@
+       NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
+ !endif
+   }
+-  MdeModulePkg/Logo/LogoDxe.inf
++  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+   MdeModulePkg/Application/UiApp/UiApp.inf {
+     <LibraryClasses>
+       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index 7440707256..aefb6614ad 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -284,7 +284,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+-INF MdeModulePkg/Logo/LogoDxe.inf
++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+ #
+ # Network modules
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index ba7a758844..3a66d4d424 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -699,7 +699,7 @@
+       NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf
+ !endif
+   }
+-  MdeModulePkg/Logo/LogoDxe.inf
++  MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+   MdeModulePkg/Application/UiApp/UiApp.inf {
+     <LibraryClasses>
+       NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 7440707256..aefb6614ad 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -284,7 +284,7 @@ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
+ 
+-INF MdeModulePkg/Logo/LogoDxe.inf
++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+ #
+ # Network modules
+-- 
+2.18.1
+
diff --git a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
deleted file mode 100644
index 39ea933..0000000
--- a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From cfccb98d13e955beb0b93b4a75a973f30c273ffc Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 25 Feb 2014 22:40:01 +0100
-Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
- only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
-  context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
-  PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
-  ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- refresh commit 519b9751573e against various context changes
-
-The
-
-  CSI Ps ; Ps ; Ps t
-
-escape sequence serves for window manipulation. We can use the
-
-  CSI 8 ; <rows> ; <columns> t
-
-sequence to adapt eg. the xterm window size to the selected console mode.
-
-Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
-(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
-(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
-(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- MdeModulePkg/MdeModulePkg.dec                 |  4 +++
- .../Console/TerminalDxe/TerminalConOut.c      | 30 +++++++++++++++++++
- .../Console/TerminalDxe/TerminalDxe.inf       |  2 ++
- 3 files changed, 36 insertions(+)
-
-diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index a2130bc439..dcd118ba62 100644
---- a/MdeModulePkg/MdeModulePkg.dec
-+++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -1968,6 +1968,10 @@
-   # @Prompt The address mask when memory encryption is enabled.
-   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047
- 
-+  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
-+  #  mode change.
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
-+
- [PcdsPatchableInModule]
-   ## Specify memory size with page number for PEI code when
-   #  Loading Module at Fixed Address feature is enabled.
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-index 4d7218e415..295e7641a5 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
-@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- 
- **/
- 
-+#include <Library/PrintLib.h>
-+
- #include "Terminal.h"
- 
- //
-@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[]  = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
- CHAR16 mCursorForwardString[]      = { ESC, '[', '0', '0', 'C', 0 };
- CHAR16 mCursorBackwardString[]     = { ESC, '[', '0', '0', 'D', 0 };
- 
-+//
-+// Note that this is an ASCII format string, taking two INT32 arguments:
-+// rows, columns.
-+//
-+// A %d (INT32) format specification can expand to at most 11 characters.
-+//
-+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
-+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
-+
-+
- //
- // Body of the ConOut functions
- //
-@@ -508,6 +520,24 @@ TerminalConOutSetMode (
-     return EFI_DEVICE_ERROR;
-   }
- 
-+  if (PcdGetBool (PcdResizeXterm)) {
-+    CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
-+
-+    UnicodeSPrintAsciiFormat (
-+      ResizeSequence,
-+      sizeof ResizeSequence,
-+      mResizeTextAreaFormatString,
-+      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
-+      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
-+      );
-+    TerminalDevice->OutputEscChar = TRUE;
-+    Status                        = This->OutputString (This, ResizeSequence);
-+    TerminalDevice->OutputEscChar = FALSE;
-+    if (EFI_ERROR (Status)) {
-+      return EFI_DEVICE_ERROR;
-+    }
-+  }
-+
-   This->Mode->Mode  = (INT32) ModeNumber;
- 
-   Status            = This->ClearScreen (This);
-diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-index 15b4ac1c33..a704bc17e5 100644
---- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-@@ -60,6 +60,7 @@
-   DebugLib
-   PcdLib
-   BaseLib
-+  PrintLib
- 
- [Guids]
-   ## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
-@@ -88,6 +89,7 @@
- [Pcd]
-   gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType           ## SOMETIMES_CONSUMES
-   gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable    ## CONSUMES
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm             ## CONSUMES
- 
- # [Event]
- # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
--- 
-2.18.1
-
diff --git a/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
new file mode 100644
index 0000000..d7ce5a8
--- /dev/null
+++ b/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
@@ -0,0 +1,70 @@
+From e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Thu, 20 Feb 2014 22:54:45 +0100
+Subject: OvmfPkg: increase max debug message length to 512 (RHEL only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- trivial context difference due to upstream commit 2fe5f2f52918
+  ("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved
+  by git-cherry-pick automatically
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no changes
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Upstream prefers short debug messages (sometimes even limited to 80
+characters), but any line length under 512 characters is just unsuitable
+for effective debugging. (For example, config strings in HII routing,
+logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE
+level, can be several hundred characters long.) 512 is an empirically good
+value.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb)
+(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6)
+(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a)
+(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a)
+(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a)
+(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2)
+---
+ OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+index 3dfa3126c3..9451c50c70 100644
+--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c
+@@ -21,7 +21,7 @@
+ //
+ // Define the maximum debug and assert message length that this library supports
+ //
+-#define MAX_DEBUG_MESSAGE_LENGTH  0x100
++#define MAX_DEBUG_MESSAGE_LENGTH  0x200
+ 
+ //
+ // VA_LIST can not initialize to NULL for all compiler, so we use this to
+-- 
+2.18.1
+
diff --git a/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
new file mode 100644
index 0000000..3e3dc79
--- /dev/null
+++ b/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
@@ -0,0 +1,574 @@
+From 3aa0316ea1db5416cb528179a3ba5ce37c1279b7 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Thu, 12 Jun 2014 00:17:59 +0200
+Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no changes
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no changes
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- update commit message as requested in
+  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+The Int10h VBE Shim is capable of emitting short debug messages when the
+win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet
+version is preferred; for us debug messages are important as a default.
+
+For this patch, the DEBUG macro is enabled in the assembly file, and then
+the header file is regenerated from the assembly, by running
+"OvmfPkg/QemuVideoDxe/VbeShim.sh".
+
+"VbeShim.h" is not auto-generated; it is manually generated. The patch
+does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the
+manually re-generated) "VbeShim.h" atomically. Doing so helps with local
+downstream builds, with bisection, and also keeps redhat/README a bit
+simpler.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f)
+(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2)
+(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c)
+(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba)
+(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e)
+(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471)
+---
+ OvmfPkg/QemuVideoDxe/VbeShim.asm |   2 +-
+ OvmfPkg/QemuVideoDxe/VbeShim.h   | 481 ++++++++++++++++++++-----------
+ 2 files changed, 308 insertions(+), 175 deletions(-)
+
+diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm
+index cb2a60d827..26fe1bcc32 100644
+--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm
++++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm
+@@ -12,7 +12,7 @@
+ ;------------------------------------------------------------------------------
+ 
+ ; enable this macro for debug messages
+-;%define DEBUG
++%define DEBUG
+ 
+ %macro DebugLog 1
+ %ifdef DEBUG
+diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h
+index cc9b6e14cd..325d6478a1 100644
+--- a/OvmfPkg/QemuVideoDxe/VbeShim.h
++++ b/OvmfPkg/QemuVideoDxe/VbeShim.h
+@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = {
+   /* 000001FE nop                            */  0x90,
+   /* 000001FF nop                            */  0x90,
+   /* 00000200 cmp ax,0x4f00                  */  0x3D, 0x00, 0x4F,
+-  /* 00000203 jz 0x22d                       */  0x74, 0x28,
++  /* 00000203 jz 0x235                       */  0x74, 0x30,
+   /* 00000205 cmp ax,0x4f01                  */  0x3D, 0x01, 0x4F,
+-  /* 00000208 jz 0x245                       */  0x74, 0x3B,
++  /* 00000208 jz 0x255                       */  0x74, 0x4B,
+   /* 0000020A cmp ax,0x4f02                  */  0x3D, 0x02, 0x4F,
+-  /* 0000020D jz 0x269                       */  0x74, 0x5A,
++  /* 0000020D jz 0x289                       */  0x74, 0x7A,
+   /* 0000020F cmp ax,0x4f03                  */  0x3D, 0x03, 0x4F,
+-  /* 00000212 jz word 0x331                  */  0x0F, 0x84, 0x1B, 0x01,
++  /* 00000212 jz word 0x361                  */  0x0F, 0x84, 0x4B, 0x01,
+   /* 00000216 cmp ax,0x4f10                  */  0x3D, 0x10, 0x4F,
+-  /* 00000219 jz word 0x336                  */  0x0F, 0x84, 0x19, 0x01,
++  /* 00000219 jz word 0x36e                  */  0x0F, 0x84, 0x51, 0x01,
+   /* 0000021D cmp ax,0x4f15                  */  0x3D, 0x15, 0x4F,
+-  /* 00000220 jz word 0x338                  */  0x0F, 0x84, 0x14, 0x01,
++  /* 00000220 jz word 0x378                  */  0x0F, 0x84, 0x54, 0x01,
+   /* 00000224 cmp ah,0x0                     */  0x80, 0xFC, 0x00,
+-  /* 00000227 jz word 0x33a                  */  0x0F, 0x84, 0x0F, 0x01,
+-  /* 0000022B jmp short 0x22b                */  0xEB, 0xFE,
+-  /* 0000022D push es                        */  0x06,
+-  /* 0000022E push di                        */  0x57,
+-  /* 0000022F push ds                        */  0x1E,
+-  /* 00000230 push si                        */  0x56,
+-  /* 00000231 push cx                        */  0x51,
+-  /* 00000232 push cs                        */  0x0E,
+-  /* 00000233 pop ds                         */  0x1F,
+-  /* 00000234 mov si,0x0                     */  0xBE, 0x00, 0x00,
+-  /* 00000237 mov cx,0x100                   */  0xB9, 0x00, 0x01,
+-  /* 0000023A cld                            */  0xFC,
+-  /* 0000023B rep movsb                      */  0xF3, 0xA4,
+-  /* 0000023D pop cx                         */  0x59,
+-  /* 0000023E pop si                         */  0x5E,
+-  /* 0000023F pop ds                         */  0x1F,
+-  /* 00000240 pop di                         */  0x5F,
+-  /* 00000241 pop es                         */  0x07,
+-  /* 00000242 jmp word 0x34c                 */  0xE9, 0x07, 0x01,
+-  /* 00000245 push es                        */  0x06,
+-  /* 00000246 push di                        */  0x57,
+-  /* 00000247 push ds                        */  0x1E,
+-  /* 00000248 push si                        */  0x56,
+-  /* 00000249 push cx                        */  0x51,
+-  /* 0000024A and cx,0xbfff                  */  0x81, 0xE1, 0xFF, 0xBF,
+-  /* 0000024E cmp cx,0xf1                    */  0x81, 0xF9, 0xF1, 0x00,
+-  /* 00000252 jz 0x256                       */  0x74, 0x02,
+-  /* 00000254 jmp short 0x22b                */  0xEB, 0xD5,
+-  /* 00000256 push cs                        */  0x0E,
+-  /* 00000257 pop ds                         */  0x1F,
+-  /* 00000258 mov si,0x100                   */  0xBE, 0x00, 0x01,
+-  /* 0000025B mov cx,0x100                   */  0xB9, 0x00, 0x01,
+-  /* 0000025E cld                            */  0xFC,
+-  /* 0000025F rep movsb                      */  0xF3, 0xA4,
+-  /* 00000261 pop cx                         */  0x59,
+-  /* 00000262 pop si                         */  0x5E,
+-  /* 00000263 pop ds                         */  0x1F,
+-  /* 00000264 pop di                         */  0x5F,
+-  /* 00000265 pop es                         */  0x07,
+-  /* 00000266 jmp word 0x34c                 */  0xE9, 0xE3, 0x00,
+-  /* 00000269 push dx                        */  0x52,
+-  /* 0000026A push ax                        */  0x50,
+-  /* 0000026B cmp bx,0x40f1                  */  0x81, 0xFB, 0xF1, 0x40,
+-  /* 0000026F jz 0x273                       */  0x74, 0x02,
+-  /* 00000271 jmp short 0x22b                */  0xEB, 0xB8,
+-  /* 00000273 mov dx,0x3c0                   */  0xBA, 0xC0, 0x03,
+-  /* 00000276 mov al,0x20                    */  0xB0, 0x20,
+-  /* 00000278 out dx,al                      */  0xEE,
+-  /* 00000279 push dx                        */  0x52,
+-  /* 0000027A push ax                        */  0x50,
+-  /* 0000027B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 0000027E mov ax,0x4                     */  0xB8, 0x04, 0x00,
+-  /* 00000281 out dx,ax                      */  0xEF,
+-  /* 00000282 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 00000285 mov ax,0x0                     */  0xB8, 0x00, 0x00,
+-  /* 00000288 out dx,ax                      */  0xEF,
+-  /* 00000289 pop ax                         */  0x58,
+-  /* 0000028A pop dx                         */  0x5A,
+-  /* 0000028B push dx                        */  0x52,
+-  /* 0000028C push ax                        */  0x50,
+-  /* 0000028D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 00000290 mov ax,0x5                     */  0xB8, 0x05, 0x00,
+-  /* 00000293 out dx,ax                      */  0xEF,
+-  /* 00000294 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 00000297 mov ax,0x0                     */  0xB8, 0x00, 0x00,
+-  /* 0000029A out dx,ax                      */  0xEF,
+-  /* 0000029B pop ax                         */  0x58,
+-  /* 0000029C pop dx                         */  0x5A,
+-  /* 0000029D push dx                        */  0x52,
+-  /* 0000029E push ax                        */  0x50,
+-  /* 0000029F mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002A2 mov ax,0x8                     */  0xB8, 0x08, 0x00,
+-  /* 000002A5 out dx,ax                      */  0xEF,
+-  /* 000002A6 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 000002A9 mov ax,0x0                     */  0xB8, 0x00, 0x00,
+-  /* 000002AC out dx,ax                      */  0xEF,
+-  /* 000002AD pop ax                         */  0x58,
+-  /* 000002AE pop dx                         */  0x5A,
+-  /* 000002AF push dx                        */  0x52,
+-  /* 000002B0 push ax                        */  0x50,
+-  /* 000002B1 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002B4 mov ax,0x9                     */  0xB8, 0x09, 0x00,
+-  /* 000002B7 out dx,ax                      */  0xEF,
+-  /* 000002B8 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 000002BB mov ax,0x0                     */  0xB8, 0x00, 0x00,
+-  /* 000002BE out dx,ax                      */  0xEF,
+-  /* 000002BF pop ax                         */  0x58,
+-  /* 000002C0 pop dx                         */  0x5A,
+-  /* 000002C1 push dx                        */  0x52,
+-  /* 000002C2 push ax                        */  0x50,
+-  /* 000002C3 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002C6 mov ax,0x3                     */  0xB8, 0x03, 0x00,
+-  /* 000002C9 out dx,ax                      */  0xEF,
+-  /* 000002CA mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 000002CD mov ax,0x20                    */  0xB8, 0x20, 0x00,
+-  /* 000002D0 out dx,ax                      */  0xEF,
+-  /* 000002D1 pop ax                         */  0x58,
+-  /* 000002D2 pop dx                         */  0x5A,
+-  /* 000002D3 push dx                        */  0x52,
+-  /* 000002D4 push ax                        */  0x50,
+-  /* 000002D5 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002D8 mov ax,0x1                     */  0xB8, 0x01, 0x00,
+-  /* 000002DB out dx,ax                      */  0xEF,
+-  /* 000002DC mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 000002DF mov ax,0x400                   */  0xB8, 0x00, 0x04,
+-  /* 000002E2 out dx,ax                      */  0xEF,
+-  /* 000002E3 pop ax                         */  0x58,
+-  /* 000002E4 pop dx                         */  0x5A,
+-  /* 000002E5 push dx                        */  0x52,
+-  /* 000002E6 push ax                        */  0x50,
+-  /* 000002E7 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002EA mov ax,0x6                     */  0xB8, 0x06, 0x00,
+-  /* 000002ED out dx,ax                      */  0xEF,
+-  /* 000002EE mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 000002F1 mov ax,0x400                   */  0xB8, 0x00, 0x04,
+-  /* 000002F4 out dx,ax                      */  0xEF,
+-  /* 000002F5 pop ax                         */  0x58,
+-  /* 000002F6 pop dx                         */  0x5A,
+-  /* 000002F7 push dx                        */  0x52,
+-  /* 000002F8 push ax                        */  0x50,
+-  /* 000002F9 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 000002FC mov ax,0x2                     */  0xB8, 0x02, 0x00,
+-  /* 000002FF out dx,ax                      */  0xEF,
+-  /* 00000300 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 00000303 mov ax,0x300                   */  0xB8, 0x00, 0x03,
+-  /* 00000306 out dx,ax                      */  0xEF,
+-  /* 00000307 pop ax                         */  0x58,
+-  /* 00000308 pop dx                         */  0x5A,
+-  /* 00000309 push dx                        */  0x52,
+-  /* 0000030A push ax                        */  0x50,
+-  /* 0000030B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 0000030E mov ax,0x7                     */  0xB8, 0x07, 0x00,
+-  /* 00000311 out dx,ax                      */  0xEF,
+-  /* 00000312 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 00000315 mov ax,0x300                   */  0xB8, 0x00, 0x03,
+-  /* 00000318 out dx,ax                      */  0xEF,
+-  /* 00000319 pop ax                         */  0x58,
+-  /* 0000031A pop dx                         */  0x5A,
+-  /* 0000031B push dx                        */  0x52,
+-  /* 0000031C push ax                        */  0x50,
+-  /* 0000031D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
+-  /* 00000320 mov ax,0x4                     */  0xB8, 0x04, 0x00,
+-  /* 00000323 out dx,ax                      */  0xEF,
+-  /* 00000324 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
+-  /* 00000327 mov ax,0x41                    */  0xB8, 0x41, 0x00,
+-  /* 0000032A out dx,ax                      */  0xEF,
+-  /* 0000032B pop ax                         */  0x58,
+-  /* 0000032C pop dx                         */  0x5A,
+-  /* 0000032D pop ax                         */  0x58,
+-  /* 0000032E pop dx                         */  0x5A,
+-  /* 0000032F jmp short 0x34c                */  0xEB, 0x1B,
+-  /* 00000331 mov bx,0x40f1                  */  0xBB, 0xF1, 0x40,
+-  /* 00000334 jmp short 0x34c                */  0xEB, 0x16,
+-  /* 00000336 jmp short 0x350                */  0xEB, 0x18,
+-  /* 00000338 jmp short 0x350                */  0xEB, 0x16,
+-  /* 0000033A cmp al,0x3                     */  0x3C, 0x03,
+-  /* 0000033C jz 0x345                       */  0x74, 0x07,
+-  /* 0000033E cmp al,0x12                    */  0x3C, 0x12,
+-  /* 00000340 jz 0x349                       */  0x74, 0x07,
+-  /* 00000342 jmp word 0x22b                 */  0xE9, 0xE6, 0xFE,
+-  /* 00000345 mov al,0x30                    */  0xB0, 0x30,
+-  /* 00000347 jmp short 0x34b                */  0xEB, 0x02,
+-  /* 00000349 mov al,0x20                    */  0xB0, 0x20,
+-  /* 0000034B iretw                          */  0xCF,
+-  /* 0000034C mov ax,0x4f                    */  0xB8, 0x4F, 0x00,
+-  /* 0000034F iretw                          */  0xCF,
+-  /* 00000350 mov ax,0x14f                   */  0xB8, 0x4F, 0x01,
+-  /* 00000353 iretw                          */  0xCF,
++  /* 00000227 jz word 0x382                  */  0x0F, 0x84, 0x57, 0x01,
++  /* 0000022B push si                        */  0x56,
++  /* 0000022C mov si,0x3e9                   */  0xBE, 0xE9, 0x03,
++  /* 0000022F call word 0x3c4                */  0xE8, 0x92, 0x01,
++  /* 00000232 pop si                         */  0x5E,
++  /* 00000233 jmp short 0x233                */  0xEB, 0xFE,
++  /* 00000235 push es                        */  0x06,
++  /* 00000236 push di                        */  0x57,
++  /* 00000237 push ds                        */  0x1E,
++  /* 00000238 push si                        */  0x56,
++  /* 00000239 push cx                        */  0x51,
++  /* 0000023A push si                        */  0x56,
++  /* 0000023B mov si,0x3fb                   */  0xBE, 0xFB, 0x03,
++  /* 0000023E call word 0x3c4                */  0xE8, 0x83, 0x01,
++  /* 00000241 pop si                         */  0x5E,
++  /* 00000242 push cs                        */  0x0E,
++  /* 00000243 pop ds                         */  0x1F,
++  /* 00000244 mov si,0x0                     */  0xBE, 0x00, 0x00,
++  /* 00000247 mov cx,0x100                   */  0xB9, 0x00, 0x01,
++  /* 0000024A cld                            */  0xFC,
++  /* 0000024B rep movsb                      */  0xF3, 0xA4,
++  /* 0000024D pop cx                         */  0x59,
++  /* 0000024E pop si                         */  0x5E,
++  /* 0000024F pop ds                         */  0x1F,
++  /* 00000250 pop di                         */  0x5F,
++  /* 00000251 pop es                         */  0x07,
++  /* 00000252 jmp word 0x3ac                 */  0xE9, 0x57, 0x01,
++  /* 00000255 push es                        */  0x06,
++  /* 00000256 push di                        */  0x57,
++  /* 00000257 push ds                        */  0x1E,
++  /* 00000258 push si                        */  0x56,
++  /* 00000259 push cx                        */  0x51,
++  /* 0000025A push si                        */  0x56,
++  /* 0000025B mov si,0x404                   */  0xBE, 0x04, 0x04,
++  /* 0000025E call word 0x3c4                */  0xE8, 0x63, 0x01,
++  /* 00000261 pop si                         */  0x5E,
++  /* 00000262 and cx,0xbfff                  */  0x81, 0xE1, 0xFF, 0xBF,
++  /* 00000266 cmp cx,0xf1                    */  0x81, 0xF9, 0xF1, 0x00,
++  /* 0000026A jz 0x276                       */  0x74, 0x0A,
++  /* 0000026C push si                        */  0x56,
++  /* 0000026D mov si,0x432                   */  0xBE, 0x32, 0x04,
++  /* 00000270 call word 0x3c4                */  0xE8, 0x51, 0x01,
++  /* 00000273 pop si                         */  0x5E,
++  /* 00000274 jmp short 0x233                */  0xEB, 0xBD,
++  /* 00000276 push cs                        */  0x0E,
++  /* 00000277 pop ds                         */  0x1F,
++  /* 00000278 mov si,0x100                   */  0xBE, 0x00, 0x01,
++  /* 0000027B mov cx,0x100                   */  0xB9, 0x00, 0x01,
++  /* 0000027E cld                            */  0xFC,
++  /* 0000027F rep movsb                      */  0xF3, 0xA4,
++  /* 00000281 pop cx                         */  0x59,
++  /* 00000282 pop si                         */  0x5E,
++  /* 00000283 pop ds                         */  0x1F,
++  /* 00000284 pop di                         */  0x5F,
++  /* 00000285 pop es                         */  0x07,
++  /* 00000286 jmp word 0x3ac                 */  0xE9, 0x23, 0x01,
++  /* 00000289 push dx                        */  0x52,
++  /* 0000028A push ax                        */  0x50,
++  /* 0000028B push si                        */  0x56,
++  /* 0000028C mov si,0x41a                   */  0xBE, 0x1A, 0x04,
++  /* 0000028F call word 0x3c4                */  0xE8, 0x32, 0x01,
++  /* 00000292 pop si                         */  0x5E,
++  /* 00000293 cmp bx,0x40f1                  */  0x81, 0xFB, 0xF1, 0x40,
++  /* 00000297 jz 0x2a3                       */  0x74, 0x0A,
++  /* 00000299 push si                        */  0x56,
++  /* 0000029A mov si,0x432                   */  0xBE, 0x32, 0x04,
++  /* 0000029D call word 0x3c4                */  0xE8, 0x24, 0x01,
++  /* 000002A0 pop si                         */  0x5E,
++  /* 000002A1 jmp short 0x233                */  0xEB, 0x90,
++  /* 000002A3 mov dx,0x3c0                   */  0xBA, 0xC0, 0x03,
++  /* 000002A6 mov al,0x20                    */  0xB0, 0x20,
++  /* 000002A8 out dx,al                      */  0xEE,
++  /* 000002A9 push dx                        */  0x52,
++  /* 000002AA push ax                        */  0x50,
++  /* 000002AB mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 000002AE mov ax,0x4                     */  0xB8, 0x04, 0x00,
++  /* 000002B1 out dx,ax                      */  0xEF,
++  /* 000002B2 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 000002B5 mov ax,0x0                     */  0xB8, 0x00, 0x00,
++  /* 000002B8 out dx,ax                      */  0xEF,
++  /* 000002B9 pop ax                         */  0x58,
++  /* 000002BA pop dx                         */  0x5A,
++  /* 000002BB push dx                        */  0x52,
++  /* 000002BC push ax                        */  0x50,
++  /* 000002BD mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 000002C0 mov ax,0x5                     */  0xB8, 0x05, 0x00,
++  /* 000002C3 out dx,ax                      */  0xEF,
++  /* 000002C4 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 000002C7 mov ax,0x0                     */  0xB8, 0x00, 0x00,
++  /* 000002CA out dx,ax                      */  0xEF,
++  /* 000002CB pop ax                         */  0x58,
++  /* 000002CC pop dx                         */  0x5A,
++  /* 000002CD push dx                        */  0x52,
++  /* 000002CE push ax                        */  0x50,
++  /* 000002CF mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 000002D2 mov ax,0x8                     */  0xB8, 0x08, 0x00,
++  /* 000002D5 out dx,ax                      */  0xEF,
++  /* 000002D6 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 000002D9 mov ax,0x0                     */  0xB8, 0x00, 0x00,
++  /* 000002DC out dx,ax                      */  0xEF,
++  /* 000002DD pop ax                         */  0x58,
++  /* 000002DE pop dx                         */  0x5A,
++  /* 000002DF push dx                        */  0x52,
++  /* 000002E0 push ax                        */  0x50,
++  /* 000002E1 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 000002E4 mov ax,0x9                     */  0xB8, 0x09, 0x00,
++  /* 000002E7 out dx,ax                      */  0xEF,
++  /* 000002E8 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 000002EB mov ax,0x0                     */  0xB8, 0x00, 0x00,
++  /* 000002EE out dx,ax                      */  0xEF,
++  /* 000002EF pop ax                         */  0x58,
++  /* 000002F0 pop dx                         */  0x5A,
++  /* 000002F1 push dx                        */  0x52,
++  /* 000002F2 push ax                        */  0x50,
++  /* 000002F3 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 000002F6 mov ax,0x3                     */  0xB8, 0x03, 0x00,
++  /* 000002F9 out dx,ax                      */  0xEF,
++  /* 000002FA mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 000002FD mov ax,0x20                    */  0xB8, 0x20, 0x00,
++  /* 00000300 out dx,ax                      */  0xEF,
++  /* 00000301 pop ax                         */  0x58,
++  /* 00000302 pop dx                         */  0x5A,
++  /* 00000303 push dx                        */  0x52,
++  /* 00000304 push ax                        */  0x50,
++  /* 00000305 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 00000308 mov ax,0x1                     */  0xB8, 0x01, 0x00,
++  /* 0000030B out dx,ax                      */  0xEF,
++  /* 0000030C mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 0000030F mov ax,0x400                   */  0xB8, 0x00, 0x04,
++  /* 00000312 out dx,ax                      */  0xEF,
++  /* 00000313 pop ax                         */  0x58,
++  /* 00000314 pop dx                         */  0x5A,
++  /* 00000315 push dx                        */  0x52,
++  /* 00000316 push ax                        */  0x50,
++  /* 00000317 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 0000031A mov ax,0x6                     */  0xB8, 0x06, 0x00,
++  /* 0000031D out dx,ax                      */  0xEF,
++  /* 0000031E mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 00000321 mov ax,0x400                   */  0xB8, 0x00, 0x04,
++  /* 00000324 out dx,ax                      */  0xEF,
++  /* 00000325 pop ax                         */  0x58,
++  /* 00000326 pop dx                         */  0x5A,
++  /* 00000327 push dx                        */  0x52,
++  /* 00000328 push ax                        */  0x50,
++  /* 00000329 mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 0000032C mov ax,0x2                     */  0xB8, 0x02, 0x00,
++  /* 0000032F out dx,ax                      */  0xEF,
++  /* 00000330 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 00000333 mov ax,0x300                   */  0xB8, 0x00, 0x03,
++  /* 00000336 out dx,ax                      */  0xEF,
++  /* 00000337 pop ax                         */  0x58,
++  /* 00000338 pop dx                         */  0x5A,
++  /* 00000339 push dx                        */  0x52,
++  /* 0000033A push ax                        */  0x50,
++  /* 0000033B mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 0000033E mov ax,0x7                     */  0xB8, 0x07, 0x00,
++  /* 00000341 out dx,ax                      */  0xEF,
++  /* 00000342 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 00000345 mov ax,0x300                   */  0xB8, 0x00, 0x03,
++  /* 00000348 out dx,ax                      */  0xEF,
++  /* 00000349 pop ax                         */  0x58,
++  /* 0000034A pop dx                         */  0x5A,
++  /* 0000034B push dx                        */  0x52,
++  /* 0000034C push ax                        */  0x50,
++  /* 0000034D mov dx,0x1ce                   */  0xBA, 0xCE, 0x01,
++  /* 00000350 mov ax,0x4                     */  0xB8, 0x04, 0x00,
++  /* 00000353 out dx,ax                      */  0xEF,
++  /* 00000354 mov dx,0x1d0                   */  0xBA, 0xD0, 0x01,
++  /* 00000357 mov ax,0x41                    */  0xB8, 0x41, 0x00,
++  /* 0000035A out dx,ax                      */  0xEF,
++  /* 0000035B pop ax                         */  0x58,
++  /* 0000035C pop dx                         */  0x5A,
++  /* 0000035D pop ax                         */  0x58,
++  /* 0000035E pop dx                         */  0x5A,
++  /* 0000035F jmp short 0x3ac                */  0xEB, 0x4B,
++  /* 00000361 push si                        */  0x56,
++  /* 00000362 mov si,0x411                   */  0xBE, 0x11, 0x04,
++  /* 00000365 call word 0x3c4                */  0xE8, 0x5C, 0x00,
++  /* 00000368 pop si                         */  0x5E,
++  /* 00000369 mov bx,0x40f1                  */  0xBB, 0xF1, 0x40,
++  /* 0000036C jmp short 0x3ac                */  0xEB, 0x3E,
++  /* 0000036E push si                        */  0x56,
++  /* 0000036F mov si,0x43f                   */  0xBE, 0x3F, 0x04,
++  /* 00000372 call word 0x3c4                */  0xE8, 0x4F, 0x00,
++  /* 00000375 pop si                         */  0x5E,
++  /* 00000376 jmp short 0x3b8                */  0xEB, 0x40,
++  /* 00000378 push si                        */  0x56,
++  /* 00000379 mov si,0x452                   */  0xBE, 0x52, 0x04,
++  /* 0000037C call word 0x3c4                */  0xE8, 0x45, 0x00,
++  /* 0000037F pop si                         */  0x5E,
++  /* 00000380 jmp short 0x3b8                */  0xEB, 0x36,
++  /* 00000382 push si                        */  0x56,
++  /* 00000383 mov si,0x423                   */  0xBE, 0x23, 0x04,
++  /* 00000386 call word 0x3c4                */  0xE8, 0x3B, 0x00,
++  /* 00000389 pop si                         */  0x5E,
++  /* 0000038A cmp al,0x3                     */  0x3C, 0x03,
++  /* 0000038C jz 0x39d                       */  0x74, 0x0F,
++  /* 0000038E cmp al,0x12                    */  0x3C, 0x12,
++  /* 00000390 jz 0x3a1                       */  0x74, 0x0F,
++  /* 00000392 push si                        */  0x56,
++  /* 00000393 mov si,0x432                   */  0xBE, 0x32, 0x04,
++  /* 00000396 call word 0x3c4                */  0xE8, 0x2B, 0x00,
++  /* 00000399 pop si                         */  0x5E,
++  /* 0000039A jmp word 0x233                 */  0xE9, 0x96, 0xFE,
++  /* 0000039D mov al,0x30                    */  0xB0, 0x30,
++  /* 0000039F jmp short 0x3a3                */  0xEB, 0x02,
++  /* 000003A1 mov al,0x20                    */  0xB0, 0x20,
++  /* 000003A3 push si                        */  0x56,
++  /* 000003A4 mov si,0x3d6                   */  0xBE, 0xD6, 0x03,
++  /* 000003A7 call word 0x3c4                */  0xE8, 0x1A, 0x00,
++  /* 000003AA pop si                         */  0x5E,
++  /* 000003AB iretw                          */  0xCF,
++  /* 000003AC push si                        */  0x56,
++  /* 000003AD mov si,0x3d6                   */  0xBE, 0xD6, 0x03,
++  /* 000003B0 call word 0x3c4                */  0xE8, 0x11, 0x00,
++  /* 000003B3 pop si                         */  0x5E,
++  /* 000003B4 mov ax,0x4f                    */  0xB8, 0x4F, 0x00,
++  /* 000003B7 iretw                          */  0xCF,
++  /* 000003B8 push si                        */  0x56,
++  /* 000003B9 mov si,0x3dc                   */  0xBE, 0xDC, 0x03,
++  /* 000003BC call word 0x3c4                */  0xE8, 0x05, 0x00,
++  /* 000003BF pop si                         */  0x5E,
++  /* 000003C0 mov ax,0x14f                   */  0xB8, 0x4F, 0x01,
++  /* 000003C3 iretw                          */  0xCF,
++  /* 000003C4 pushaw                         */  0x60,
++  /* 000003C5 push ds                        */  0x1E,
++  /* 000003C6 push cs                        */  0x0E,
++  /* 000003C7 pop ds                         */  0x1F,
++  /* 000003C8 mov dx,0x402                   */  0xBA, 0x02, 0x04,
++  /* 000003CB lodsb                          */  0xAC,
++  /* 000003CC cmp al,0x0                     */  0x3C, 0x00,
++  /* 000003CE jz 0x3d3                       */  0x74, 0x03,
++  /* 000003D0 out dx,al                      */  0xEE,
++  /* 000003D1 jmp short 0x3cb                */  0xEB, 0xF8,
++  /* 000003D3 pop ds                         */  0x1F,
++  /* 000003D4 popaw                          */  0x61,
++  /* 000003D5 ret                            */  0xC3,
++  /* 000003D6 inc bp                         */  0x45,
++  /* 000003D7 js 0x442                       */  0x78, 0x69,
++  /* 000003D9 jz 0x3e5                       */  0x74, 0x0A,
++  /* 000003DB add [di+0x6e],dl               */  0x00, 0x55, 0x6E,
++  /* 000003DE jnc 0x455                      */  0x73, 0x75,
++  /* 000003E0 jo 0x452                       */  0x70, 0x70,
++  /* 000003E2 outsw                          */  0x6F,
++  /* 000003E3 jc 0x459                       */  0x72, 0x74,
++  /* 000003E5 or al,[fs:bx+si]               */  0x65, 0x64, 0x0A, 0x00,
++  /* 000003E9 push bp                        */  0x55,
++  /* 000003EA outsb                          */  0x6E,
++  /* 000003EB imul bp,[bp+0x6f],byte +0x77   */  0x6B, 0x6E, 0x6F, 0x77,
++  /* 000003EF outsb                          */  0x6E,
++  /* 000003F0 and [bp+0x75],al               */  0x20, 0x46, 0x75,
++  /* 000003F3 outsb                          */  0x6E,
++  /* 000003F4 arpl [si+0x69],si              */  0x63, 0x74, 0x69,
++  /* 000003F7 outsw                          */  0x6F,
++  /* 000003F8 outsb                          */  0x6E,
++  /* 000003F9 or al,[bx+si]                  */  0x0A, 0x00,
++  /* 000003FB inc di                         */  0x47,
++  /* 000003FC gs jz 0x448                    */  0x65, 0x74, 0x49,
++  /* 000003FF outsb                          */  0x6E,
++  /* 00000400 outsd                          */  0x66, 0x6F,
++  /* 00000402 or al,[bx+si]                  */  0x0A, 0x00,
++  /* 00000404 inc di                         */  0x47,
++  /* 00000405 gs jz 0x455                    */  0x65, 0x74, 0x4D,
++  /* 00000408 outsw                          */  0x6F,
++  /* 00000409 gs dec cx                      */  0x64, 0x65, 0x49,
++  /* 0000040C outsb                          */  0x6E,
++  /* 0000040D outsd                          */  0x66, 0x6F,
++  /* 0000040F or al,[bx+si]                  */  0x0A, 0x00,
++  /* 00000411 inc di                         */  0x47,
++  /* 00000412 gs jz 0x462                    */  0x65, 0x74, 0x4D,
++  /* 00000415 outsw                          */  0x6F,
++  /* 00000416 or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
++  /* 0000041A push bx                        */  0x53,
++  /* 0000041B gs jz 0x46b                    */  0x65, 0x74, 0x4D,
++  /* 0000041E outsw                          */  0x6F,
++  /* 0000041F or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
++  /* 00000423 push bx                        */  0x53,
++  /* 00000424 gs jz 0x474                    */  0x65, 0x74, 0x4D,
++  /* 00000427 outsw                          */  0x6F,
++  /* 00000428 gs dec sp                      */  0x64, 0x65, 0x4C,
++  /* 0000042B gs a32 popaw                   */  0x65, 0x67, 0x61,
++  /* 0000042E arpl [bx+di+0xa],di            */  0x63, 0x79, 0x0A,
++  /* 00000431 add [di+0x6e],dl               */  0x00, 0x55, 0x6E,
++  /* 00000434 imul bp,[bx+0x77],byte +0x6e   */  0x6B, 0x6F, 0x77, 0x6E,
++  /* 00000438 and [di+0x6f],cl               */  0x20, 0x4D, 0x6F,
++  /* 0000043B or al,[gs:bx+si]               */  0x64, 0x65, 0x0A, 0x00,
++  /* 0000043F inc di                         */  0x47,
++  /* 00000440 gs jz 0x493                    */  0x65, 0x74, 0x50,
++  /* 00000443 insw                           */  0x6D,
++  /* 00000444 inc bx                         */  0x43,
++  /* 00000445 popaw                          */  0x61,
++  /* 00000446 jo 0x4a9                       */  0x70, 0x61,
++  /* 00000448 bound bp,[bx+di+0x6c]          */  0x62, 0x69, 0x6C,
++  /* 0000044B imul si,[si+0x69],word 0x7365  */  0x69, 0x74, 0x69, 0x65, 0x73,
++  /* 00000450 or al,[bx+si]                  */  0x0A, 0x00,
++  /* 00000452 push dx                        */  0x52,
++  /* 00000453 gs popaw                       */  0x65, 0x61,
++  /* 00000455 fs inc bp                      */  0x64, 0x45,
++  /* 00000457 fs                             */  0x64,
++  /* 00000458 db 0x69                        */  0x69,
++  /* 00000459 or al,[fs:bx+si]               */  0x64, 0x0A, 0x00,
+ };
+ #endif
+-- 
+2.18.1
+
diff --git a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
deleted file mode 100644
index 4e62b6d..0000000
--- a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From f9b73437b9b231773c1a20e0c516168817a930a2 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 15:59:06 +0200
-Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- refresh downstream-only commit 8abc2a6ddad2 against context differences
-  in the DSC files from upstream commit 5e167d7e784c
-  ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
-  SMM_REQUIRE", 2017-03-12).
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
-(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
-(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
-(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
-(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc             | 1 +
- OvmfPkg/OvmfPkgIa32X64.dsc          | 1 +
- OvmfPkg/OvmfPkgX64.dsc              | 1 +
- OvmfPkg/PlatformPei/Platform.c      | 1 +
- OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
- 5 files changed, 5 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 249b1d8dc0..3f1da66aab 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -531,6 +531,7 @@
-   #   ($(SMM_REQUIRE) == FALSE)
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
- 
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 5ec186df4b..9bb0a4cede 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -537,6 +537,7 @@
-   #   ($(SMM_REQUIRE) == FALSE)
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
- 
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 29538ade4d..3b7fc5328c 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -536,6 +536,7 @@
-   #   ($(SMM_REQUIRE) == FALSE)
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
- 
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
-diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index 22139a64cb..64b8034117 100644
---- a/OvmfPkg/PlatformPei/Platform.c
-+++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -670,6 +670,7 @@ InitializePlatform (
-     PeiFvInitialization ();
-     MemMapInitialization ();
-     NoexecDxeInitialization ();
-+    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
-   }
- 
-   InstallClearCacheCallback ();
-diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
-index 5c8dd0fe6d..035ce249fe 100644
---- a/OvmfPkg/PlatformPei/PlatformPei.inf
-+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
-@@ -96,6 +96,7 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
-   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
-   gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
-   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
-   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
-   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
--- 
-2.18.1
-
diff --git a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
deleted file mode 100644
index c346ac8..0000000
--- a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From f372886be5f1c41677f168be77c484bae5841361 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 12 Apr 2016 20:50:25 +0200
-Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8)
-(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd)
-(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03)
-(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9)
-(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
-index eff4a21650..adf1ff6c6a 100644
---- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
-+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
-@@ -22,7 +22,7 @@
-   FILE_GUID                      = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
-   MODULE_TYPE                    = BASE
-   VERSION_STRING                 = 1.0
--  LIBRARY_CLASS                  = QemuFwCfgLib|DXE_DRIVER
-+  LIBRARY_CLASS                  = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER
- 
-   CONSTRUCTOR                    = QemuFwCfgInitialize
- 
--- 
-2.18.1
-
diff --git a/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
new file mode 100644
index 0000000..5b008bb
--- /dev/null
+++ b/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
@@ -0,0 +1,156 @@
+From 12cb13a1da913912bd9148ce8f2353a75be77f18 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 25 Feb 2014 18:40:35 +0100
+Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no changes
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- update commit message as requested in
+  <https://bugzilla.redhat.com/show_bug.cgi?id=1503316#c0>
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- adapt commit 0bc77c63de03 (code and commit message) to upstream commit
+  390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine
+  InitializeTerminalConsoleTextMode", 2017-01-10).
+
+When the console output is multiplexed to several devices by
+ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes
+supported by all console output devices.
+
+Two notable output devices are provided by:
+(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe,
+(2) MdeModulePkg/Universal/Console/TerminalDxe.
+
+GraphicsConsoleDxe supports four modes at most -- see
+InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData":
+
+(1a) 80x25 (required by the UEFI spec as mode 0),
+(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec
+     requires the driver to provide it as mode 1),
+(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI
+     spec requires from all plug-in graphics devices),
+(1d) "full screen" resolution, derived form the underlying GOP's
+     horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH
+     (8) and EFI_GLYPH_HEIGHT (19), respectively.
+
+The automatic "full screen resolution" makes GraphicsConsoleDxe's
+character console very flexible. However, TerminalDxe (which runs on
+serial ports) only provides the following fixed resolutions -- see
+InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData":
+
+(2a) 80x25 (required by the UEFI spec as mode 0),
+(2b) 80x50 (since the character resolution of a serial device cannot be
+     interrogated easily, this is added unconditionally as mode 1),
+(2c) 100x31 (since the character resolution of a serial device cannot be
+     interrogated easily, this is added unconditionally as mode 2).
+
+When ConSplitterDxe combines (1) and (2), multiplexing console output to
+both video output and serial terminal, the list of commonly supported text
+modes (ie. the "intersection") comprises:
+
+(3a) 80x25, unconditionally, from (1a) and (2a),
+(3b) 80x50, if the graphics console provides at least 640x950 pixel
+     resolution, from (1b) and (2b)
+(3c) 100x31, if the graphics device is a plug-in one (because in that case
+     800x600 is a mandated pixel resolution), from (1c) and (2c).
+
+Unfortunately, the "full screen resolution" (1d) of the GOP-based text
+console is not available in general.
+
+Mitigate this problem by extending "mTerminalConsoleModeData" with a
+handful of text resolutions that are derived from widespread maximal pixel
+resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out
+the most frequent (1d) values from the intersection, and eg. the MODE
+command in the UEFI shell will offer the "best" (ie. full screen)
+resolution too.
+
+Upstreaming efforts for this patch have been discontinued; it was clear
+from the off-list thread that consensus was impossible to reach.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e)
+(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f)
+(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621)
+(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37)
+(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51)
+---
+ .../Universal/Console/TerminalDxe/Terminal.c  | 41 +++++++++++++++++--
+ 1 file changed, 38 insertions(+), 3 deletions(-)
+
+diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+index c76b2c5100..eff9d9787f 100644
+--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c
+@@ -107,9 +107,44 @@ TERMINAL_DEV  mTerminalDevTemplate = {
+ };
+ 
+ TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = {
+-  {80,  25},
+-  {80,  50},
+-  {100, 31},
++  {   80,  25 }, // from graphics resolution  640 x  480
++  {   80,  50 }, // from graphics resolution  640 x  960
++  {  100,  25 }, // from graphics resolution  800 x  480
++  {  100,  31 }, // from graphics resolution  800 x  600
++  {  104,  32 }, // from graphics resolution  832 x  624
++  {  120,  33 }, // from graphics resolution  960 x  640
++  {  128,  31 }, // from graphics resolution 1024 x  600
++  {  128,  40 }, // from graphics resolution 1024 x  768
++  {  144,  45 }, // from graphics resolution 1152 x  864
++  {  144,  45 }, // from graphics resolution 1152 x  870
++  {  160,  37 }, // from graphics resolution 1280 x  720
++  {  160,  40 }, // from graphics resolution 1280 x  760
++  {  160,  40 }, // from graphics resolution 1280 x  768
++  {  160,  42 }, // from graphics resolution 1280 x  800
++  {  160,  50 }, // from graphics resolution 1280 x  960
++  {  160,  53 }, // from graphics resolution 1280 x 1024
++  {  170,  40 }, // from graphics resolution 1360 x  768
++  {  170,  40 }, // from graphics resolution 1366 x  768
++  {  175,  55 }, // from graphics resolution 1400 x 1050
++  {  180,  47 }, // from graphics resolution 1440 x  900
++  {  200,  47 }, // from graphics resolution 1600 x  900
++  {  200,  63 }, // from graphics resolution 1600 x 1200
++  {  210,  55 }, // from graphics resolution 1680 x 1050
++  {  240,  56 }, // from graphics resolution 1920 x 1080
++  {  240,  63 }, // from graphics resolution 1920 x 1200
++  {  240,  75 }, // from graphics resolution 1920 x 1440
++  {  250, 105 }, // from graphics resolution 2000 x 2000
++  {  256,  80 }, // from graphics resolution 2048 x 1536
++  {  256, 107 }, // from graphics resolution 2048 x 2048
++  {  320,  75 }, // from graphics resolution 2560 x 1440
++  {  320,  84 }, // from graphics resolution 2560 x 1600
++  {  320, 107 }, // from graphics resolution 2560 x 2048
++  {  350, 110 }, // from graphics resolution 2800 x 2100
++  {  400, 126 }, // from graphics resolution 3200 x 2400
++  {  480, 113 }, // from graphics resolution 3840 x 2160
++  {  512, 113 }, // from graphics resolution 4096 x 2160
++  {  960, 227 }, // from graphics resolution 7680 x 4320
++  { 1024, 227 }, // from graphics resolution 8192 x 4320
+   //
+   // New modes can be added here.
+   //
+-- 
+2.18.1
+
diff --git a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
deleted file mode 100644
index 15a01b3..0000000
--- a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-From 232fcf06f6b3048b7c2ebd6931f23186b3852f04 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Sun, 26 Jul 2015 08:02:50 +0000
-Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- Refresh downstream-only commit d4564d39dfdb against context changes in
-  "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870
-  ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
-  override", 2017-03-29).
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
-  setter functions for dynamic PCDs that don't return a status code (such
-  as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
-  there's really no circumstance in this case when it could fail.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
-(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
-(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
-(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmVirtPkg/ArmVirtQemu.dsc                    |  7 +-
- .../TerminalPcdProducerLib.c                  | 87 +++++++++++++++++++
- .../TerminalPcdProducerLib.inf                | 41 +++++++++
- 3 files changed, 134 insertions(+), 1 deletion(-)
- create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
- create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index f2e5125494..9fc78d4e0a 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -221,6 +221,8 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
-   gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
- 
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
-+
- [PcdsDynamicHii]
-   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
- 
-@@ -297,7 +299,10 @@
-   MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
-   MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
-   MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
--  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
-+  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
-+    <LibraryClasses>
-+      NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
-+  }
-   MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
- 
-   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
-diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
-new file mode 100644
-index 0000000000..814ad48199
---- /dev/null
-+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
-@@ -0,0 +1,87 @@
-+/** @file
-+*  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
-+*
-+*  Copyright (C) 2015-2016, Red Hat, Inc.
-+*  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
-+*
-+*  This program and the accompanying materials are licensed and made available
-+*  under the terms and conditions of the BSD License which accompanies this
-+*  distribution.  The full text of the license may be found at
-+*  http://opensource.org/licenses/bsd-license.php
-+*
-+*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+*  IMPLIED.
-+*
-+**/
-+
-+#include <Library/DebugLib.h>
-+#include <Library/PcdLib.h>
-+#include <Library/QemuFwCfgLib.h>
-+
-+STATIC
-+RETURN_STATUS
-+GetNamedFwCfgBoolean (
-+  IN  CONST CHAR8 *FwCfgFileName,
-+  OUT BOOLEAN     *Setting
-+  )
-+{
-+  RETURN_STATUS        Status;
-+  FIRMWARE_CONFIG_ITEM FwCfgItem;
-+  UINTN                FwCfgSize;
-+  UINT8                Value[3];
-+
-+  Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize);
-+  if (RETURN_ERROR (Status)) {
-+    return Status;
-+  }
-+  if (FwCfgSize > sizeof Value) {
-+    return RETURN_BAD_BUFFER_SIZE;
-+  }
-+  QemuFwCfgSelectItem (FwCfgItem);
-+  QemuFwCfgReadBytes (FwCfgSize, Value);
-+
-+  if ((FwCfgSize == 1) ||
-+      (FwCfgSize == 2 && Value[1] == '\n') ||
-+      (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) {
-+    switch (Value[0]) {
-+      case '0':
-+      case 'n':
-+      case 'N':
-+        *Setting = FALSE;
-+        return RETURN_SUCCESS;
-+
-+      case '1':
-+      case 'y':
-+      case 'Y':
-+        *Setting = TRUE;
-+        return RETURN_SUCCESS;
-+
-+      default:
-+        break;
-+    }
-+  }
-+  return RETURN_PROTOCOL_ERROR;
-+}
-+
-+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                             \
-+          do {                                                                \
-+            BOOLEAN       Setting;                                            \
-+            RETURN_STATUS PcdStatus;                                          \
-+                                                                              \
-+            if (!RETURN_ERROR (GetNamedFwCfgBoolean (                         \
-+                    "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
-+              PcdStatus = PcdSetBoolS (TokenName, Setting);                   \
-+              ASSERT_RETURN_ERROR (PcdStatus);                                \
-+            }                                                                 \
-+          } while (0)
-+
-+RETURN_STATUS
-+EFIAPI
-+TerminalPcdProducerLibConstructor (
-+  VOID
-+  )
-+{
-+  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
-+  return RETURN_SUCCESS;
-+}
-diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
-new file mode 100644
-index 0000000000..fecb37bcdf
---- /dev/null
-+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
-@@ -0,0 +1,41 @@
-+## @file
-+#  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
-+#
-+#  Copyright (C) 2015-2016, Red Hat, Inc.
-+#  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
-+#
-+#  This program and the accompanying materials are licensed and made available
-+#  under the terms and conditions of the BSD License which accompanies this
-+#  distribution.  The full text of the license may be found at
-+#  http://opensource.org/licenses/bsd-license.php
-+#
-+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+#  IMPLIED.
-+#
-+##
-+
-+[Defines]
-+  INF_VERSION                    = 0x00010005
-+  BASE_NAME                      = TerminalPcdProducerLib
-+  FILE_GUID                      = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
-+  MODULE_TYPE                    = BASE
-+  VERSION_STRING                 = 1.0
-+  LIBRARY_CLASS                  = TerminalPcdProducerLib|DXE_DRIVER
-+  CONSTRUCTOR                    = TerminalPcdProducerLibConstructor
-+
-+[Sources]
-+  TerminalPcdProducerLib.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  OvmfPkg/OvmfPkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+
-+[LibraryClasses]
-+  DebugLib
-+  PcdLib
-+  QemuFwCfgLib
-+
-+[Pcd]
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
--- 
-2.18.1
-
diff --git a/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
new file mode 100644
index 0000000..3edba86
--- /dev/null
+++ b/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@@ -0,0 +1,160 @@
+From a11602f5e2ef930be5b693ddfd0c789a1bd4c60c Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 25 Feb 2014 22:40:01 +0100
+Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH
+ only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits
+  - 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.",
+    2019-06-26),
+  - 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD
+    PcdUse5LevelPageTable", 2019-08-09),
+  with easy manual resolution.
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no change
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec"
+  context change from upstream commits e043f7895b83 ("MdeModulePkg: Add
+  PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2
+  ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03).
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- refresh commit 519b9751573e against various context changes
+
+The
+
+  CSI Ps ; Ps ; Ps t
+
+escape sequence serves for window manipulation. We can use the
+
+  CSI 8 ; <rows> ; <columns> t
+
+sequence to adapt eg. the xterm window size to the selected console mode.
+
+Reference: <http://rtfm.etla.org/xterm/ctlseq.html>
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444)
+(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574)
+(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90)
+(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb)
+(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc)
+---
+ MdeModulePkg/MdeModulePkg.dec                 |  4 +++
+ .../Console/TerminalDxe/TerminalConOut.c      | 30 +++++++++++++++++++
+ .../Console/TerminalDxe/TerminalDxe.inf       |  2 ++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
+index 19935c88fa..5690bbd8b3 100644
+--- a/MdeModulePkg/MdeModulePkg.dec
++++ b/MdeModulePkg/MdeModulePkg.dec
+@@ -2002,6 +2002,10 @@
+   # @Prompt Capsule On Disk relocation device path.
+   gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x0000002f
+ 
++  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
++  #  mode change.
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080
++
+ [PcdsPatchableInModule]
+   ## Specify memory size with page number for PEI code when
+   #  Loading Module at Fixed Address feature is enabled.
+diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+index 7ef655cca5..1113252df2 100644
+--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c
+@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ 
+ **/
+ 
++#include <Library/PrintLib.h>
++
+ #include "Terminal.h"
+ 
+ //
+@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[]  = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0
+ CHAR16 mCursorForwardString[]      = { ESC, '[', '0', '0', 'C', 0 };
+ CHAR16 mCursorBackwardString[]     = { ESC, '[', '0', '0', 'D', 0 };
+ 
++//
++// Note that this is an ASCII format string, taking two INT32 arguments:
++// rows, columns.
++//
++// A %d (INT32) format specification can expand to at most 11 characters.
++//
++CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt";
++#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2))
++
++
+ //
+ // Body of the ConOut functions
+ //
+@@ -502,6 +514,24 @@ TerminalConOutSetMode (
+     return EFI_DEVICE_ERROR;
+   }
+ 
++  if (PcdGetBool (PcdResizeXterm)) {
++    CHAR16 ResizeSequence[RESIZE_SEQ_SIZE];
++
++    UnicodeSPrintAsciiFormat (
++      ResizeSequence,
++      sizeof ResizeSequence,
++      mResizeTextAreaFormatString,
++      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows,
++      (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns
++      );
++    TerminalDevice->OutputEscChar = TRUE;
++    Status                        = This->OutputString (This, ResizeSequence);
++    TerminalDevice->OutputEscChar = FALSE;
++    if (EFI_ERROR (Status)) {
++      return EFI_DEVICE_ERROR;
++    }
++  }
++
+   This->Mode->Mode  = (INT32) ModeNumber;
+ 
+   Status            = This->ClearScreen (This);
+diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+index 24e164ef4d..d1160ed1c7 100644
+--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
+@@ -55,6 +55,7 @@
+   DebugLib
+   PcdLib
+   BaseLib
++  PrintLib
+ 
+ [Guids]
+   ## SOMETIMES_PRODUCES ## Variable:L"ConInDev"
+@@ -83,6 +84,7 @@
+ [Pcd]
+   gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType           ## SOMETIMES_CONSUMES
+   gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable    ## CONSUMES
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm             ## CONSUMES
+ 
+ # [Event]
+ # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout.
+-- 
+2.18.1
+
diff --git a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
deleted file mode 100644
index b1ada3a..0000000
--- a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
+++ /dev/null
@@ -1,142 +0,0 @@
-From 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Nov 2014 23:02:53 +0100
-Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
- only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- update the patch against the following upstream commits:
-  - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
-  - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
-                  tool chain", 2018-11-27)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no change
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
-Patchwork-id: 62119
-O-Subject:  [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
-	from the firmware image (RH only)
-Bugzilla: 1147592
-Acked-by: Andrew Jones <drjones@redhat.com>
-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-
-When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
-binary from the firmware image.
-
-Peter Jones advised us that firmware vendors for physical systems disable
-the memory-mapped, firmware image-contained UEFI shell in
-SecureBoot-enabled builds. The reason being that the memory-mapped shell
-can always load, it may have direct access to various hardware in the
-system, and it can run UEFI shell scripts (which cannot be signed at all).
-
-Intended use of the new build option:
-
-- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
-  firmware image will contain a shell binary, independently of SecureBoot
-  enablement, which is flexible for interactive development. (Ie. no
-  change for in-tree builds.)
-
-- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
-  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
-
-  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
-
-  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
-
-  - UefiShell.iso: a bootable ISO image with the shell on it as default
-    boot loader. The shell binary will load when SecureBoot is turned off,
-    and won't load when SecureBoot is turned on (because it is not
-    signed).
-
-    UefiShell.iso is the reason we're not excluding the shell from the DSC
-    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
-    is specified, the shell binary needs to be built the same, only it
-    will be included in UefiShell.iso.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
-(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
-(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
-(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
-(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
- OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
- OvmfPkg/OvmfPkgX64.fdf     | 2 ++
- 3 files changed, 6 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
-index be3d3b4d14..a545f7c2a6 100644
---- a/OvmfPkg/OvmfPkgIa32.fdf
-+++ b/OvmfPkg/OvmfPkgIa32.fdf
-@@ -288,10 +288,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
- INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
-index b56160b3bf..fe24e86b92 100644
---- a/OvmfPkg/OvmfPkgIa32X64.fdf
-+++ b/OvmfPkg/OvmfPkgIa32X64.fdf
-@@ -289,10 +289,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
- INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
-diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
-index b56160b3bf..fe24e86b92 100644
---- a/OvmfPkg/OvmfPkgX64.fdf
-+++ b/OvmfPkg/OvmfPkgX64.fdf
-@@ -289,10 +289,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
- INF  FatPkg/EnhancedFatDxe/Fat.inf
- INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
- 
-+!ifndef $(EXCLUDE_SHELL_FROM_FD)
- !if $(TOOL_CHAIN_TAG) != "XCODE5"
- INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
- !endif
- INF  ShellPkg/Application/Shell/Shell.inf
-+!endif
- 
- INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
- 
--- 
-2.18.1
-
diff --git a/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
new file mode 100644
index 0000000..b42de25
--- /dev/null
+++ b/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@@ -0,0 +1,116 @@
+From 2cc462ee963d0be119bc97bfc9c70d292a40516f Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 14 Oct 2015 15:59:06 +0200
+Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no change
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- refresh downstream-only commit 8abc2a6ddad2 against context differences
+  in the DSC files from upstream commit 5e167d7e784c
+  ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if
+  SMM_REQUIRE", 2017-03-12).
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721)
+(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d)
+(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038)
+(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3)
+(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853)
+(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2)
+---
+ OvmfPkg/OvmfPkgIa32.dsc             | 1 +
+ OvmfPkg/OvmfPkgIa32X64.dsc          | 1 +
+ OvmfPkg/OvmfPkgX64.dsc              | 1 +
+ OvmfPkg/PlatformPei/Platform.c      | 1 +
+ OvmfPkg/PlatformPei/PlatformPei.inf | 1 +
+ 5 files changed, 5 insertions(+)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 044379e1ed..accf5c0211 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -525,6 +525,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 2ff68102d3..8812da9943 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -531,6 +531,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 3a66d4d424..73e1b7824f 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -530,6 +530,7 @@
+   #   ($(SMM_REQUIRE) == FALSE)
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
+diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
+index 3ba2459872..bbbf1ac2a8 100644
+--- a/OvmfPkg/PlatformPei/Platform.c
++++ b/OvmfPkg/PlatformPei/Platform.c
+@@ -667,6 +667,7 @@ InitializePlatform (
+     PeiFvInitialization ();
+     MemMapInitialization ();
+     NoexecDxeInitialization ();
++    UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
+   }
+ 
+   InstallClearCacheCallback ();
+diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
+index d9fd9c8f05..666803916c 100644
+--- a/OvmfPkg/PlatformPei/PlatformPei.inf
++++ b/OvmfPkg/PlatformPei/PlatformPei.inf
+@@ -89,6 +89,7 @@
+   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize
+   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved
+   gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
+   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
+-- 
+2.18.1
+
diff --git a/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
new file mode 100644
index 0000000..4972df3
--- /dev/null
+++ b/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
@@ -0,0 +1,62 @@
+From 0dd0ad0dcdfd1189ed8aa880765403d1f587cc59 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 12 Apr 2016 20:50:25 +0200
+Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no change
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8)
+(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd)
+(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03)
+(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9)
+(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699)
+(cherry picked from commit f372886be5f1c41677f168be77c484bae5841361)
+---
+ ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
+index 4d27d7d30b..feceed5f93 100644
+--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
++++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf
+@@ -15,7 +15,7 @@
+   FILE_GUID                      = B271F41F-B841-48A9-BA8D-545B4BC2E2BF
+   MODULE_TYPE                    = BASE
+   VERSION_STRING                 = 1.0
+-  LIBRARY_CLASS                  = QemuFwCfgLib|DXE_DRIVER
++  LIBRARY_CLASS                  = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER
+ 
+   CONSTRUCTOR                    = QemuFwCfgInitialize
+ 
+-- 
+2.18.1
+
diff --git a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
deleted file mode 100644
index 94613a8..0000000
--- a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
+++ /dev/null
@@ -1,1360 +0,0 @@
-From 60737ccca40e6b4f11da438892c862b254dbfac9 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Nov 2014 23:02:55 +0100
-Subject: OvmfPkg: EnrollDefaultKeys: application for enrolling default keys
- (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- This patch now squashes the following commits:
-  - c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling
-                 default keys (RH only)
-  - 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for
-                 Windows HCK (RH)
-  - ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of
-                 EnrollListOfCerts (RH)
-  - aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx
-                 for Windows HCK (RH)
-
-- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same
-  directory at the "RHEL-7.4" tag (49d06d386736).
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- This patch now squashes the following commits:
-  - 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling
-                 default keys (RH only)
-  - 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading
-                 it (RH only)
-  - ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH
-                 only)
-
-Notes about the c9e5618 -> b9ffeab rebase:
-- Guid/VariableFormat.h now lives under MdeModulePkg.
-
-Notes about the 9ece15a -> c9e5618 rebase:
-- resolved conflicts in:
-    OvmfPkg/OvmfPkgIa32.dsc
-    OvmfPkg/OvmfPkgIa32X64.dsc
-    OvmfPkg/OvmfPkgX64.dsc
-  due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having
-  disappeared in upstream (commit 57446bb9).
-
-Message-id: <1415138578-27173-16-git-send-email-lersek@redhat.com>
-Patchwork-id: 62121
-O-Subject:  [RHEL-7.1 ovmf PATCH v2 15/18] OvmfPkg: EnrollDefaultKeys:
-	application for enrolling default keys (RH only)
-Bugzilla: 1148296
-1160400
-Acked-by: Andrew Jones <drjones@redhat.com>
-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
-
-This application is meant to be invoked by the management layer, after
-booting the UEFI shell and getting a shell prompt on the serial console.
-The app enrolls a number of certificates (see below), and then reports
-status to the serial console as well. The expected output is "info:
-success":
-
-> Shell> EnrollDefaultKeys.efi
-> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
-> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
-> info: success
-> Shell>
-
-In case of success, the management layer can force off or reboot the VM
-(for example with the "reset -s" or "reset -c" UEFI shell commands,
-respectively), and start the guest installation with SecureBoot enabled.
-
-PK:
-- A unique, static, ad-hoc certificate whose private half has been
-  destroyed (more precisely, never saved) and is therefore unusable for
-  signing. (The command for creating this certificate is saved in the
-  source code.) Background:
-
-On 09/30/14 20:00, Peter Jones wrote:
-> We should generate a special key that's not in our normal signing chains
-> for PK and KEK.  The reason for this is that [in practice] PK gets
-> treated as part of DB (*).
->
-> [Shipping a key in our normal signing chains] as PK means you can run
-> grub directly, in which case it won't have access to the shim protocol.
-> When grub is run without the shim protocol registered, it assumes SB is
-> disabled and boots without verifying the kernel.  We don't want that to
-> be a thing you can do, but allowing that is the inevitable result of
-> shipping with any of our normal signing chain in PK or KEK.
->
-> (* USRT has actually agreed that since you can escalate to this behavior
-> if you have the secret half of a key in KEK or PK anyway, and many
-> vendors had already shipped it this way, that it is fine and I think
-> even *expected* at this point, even though it wasn't formally in the
-> UEFI 2.3.1 Spec that introduced Secure Boot.  I'll try and make sure the
-> language reflects that in an upcoming spec revision.)
->
-> So let me get SRT to issue a special key to use for PK and KEK.  We can
-> use it just for those operations, and make sure it's protected with the
-> same processes and controls as our other signing keys.
-
-  Until SRT generates such a key for us, this ad-hoc key should be a good
-  placeholder.
-
-KEK:
-- same ad-hoc certificate as used for the PK,
-- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool
-  package is signed (indirectly, through a chain) with this; enrolling
-  such a KEK should allow guests to install those updates.
-
-DB:
-- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows
-  Server 2012 R2,
-- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI
-  oproms.
-
-*UPDATE*
-
-OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only)
-
-Replace the placeholder ExampleCert with a certificate generated and
-managed by the Red Hat Security Response Team.
-
-> Certificate:
->     Data:
->         Version: 3 (0x2)
->         Serial Number: 18371740789028339953 (0xfef588e8f396c0f1)
->     Signature Algorithm: sha256WithRSAEncryption
->         Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
->         Validity
->             Not Before: Oct 31 11:15:37 2014 GMT
->             Not After : Oct 25 11:15:37 2037 GMT
->         Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com
->         Subject Public Key Info:
->             Public Key Algorithm: rsaEncryption
->                 Public-Key: (2048 bit)
->                 Modulus:
->                     00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a:
->                     c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67:
->                     68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38:
->                     8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14:
->                     50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea:
->                     8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e:
->                     99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba:
->                     06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf:
->                     3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc:
->                     ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9:
->                     36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49:
->                     05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66:
->                     03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf:
->                     99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e:
->                     f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3:
->                     c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58:
->                     56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40:
->                     70:f3
->                 Exponent: 65537 (0x10001)
->         X509v3 extensions:
->             X509v3 Basic Constraints:
->                 CA:FALSE
->             Netscape Comment:
->                 OpenSSL Generated Certificate
->             X509v3 Subject Key Identifier:
->                 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
->             X509v3 Authority Key Identifier:
->                 keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC
->
->     Signature Algorithm: sha256WithRSAEncryption
->          5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b:
->          9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06:
->          9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea:
->          b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe:
->          c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0:
->          3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5:
->          1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34:
->          3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e:
->          9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae:
->          8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34:
->          11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3:
->          f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b:
->          76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7:
->          1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11:
->          3d:78:9b:69
-> -----BEGIN CERTIFICATE-----
-> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
-> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
-> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
-> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
-> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
-> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
-> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
-> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
-> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
-> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
-> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
-> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
-> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
-> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
-> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
-> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
-> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
-> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
-> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
-> R+SqIs/vdWGA40O3SFdzET14m2k=
-> -----END CERTIFICATE-----
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d)
-(cherry picked from commit 92424de98ffaf1fa81e6346949b1d2b5f9a637ca)
-(cherry picked from commit 98c91b36997e3afc4192449263182fbdcc771a1a)
-(cherry picked from commit b59ee7769814e207c917615af78c7428bdf3b450)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++
- .../EnrollDefaultKeys/EnrollDefaultKeys.inf   |   52 +
- OvmfPkg/OvmfPkgIa32.dsc                       |    4 +
- OvmfPkg/OvmfPkgIa32X64.dsc                    |    4 +
- OvmfPkg/OvmfPkgX64.dsc                        |    4 +
- 5 files changed, 1079 insertions(+)
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
- create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-new file mode 100644
-index 0000000000..dd413df12d
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c
-@@ -0,0 +1,1015 @@
-+/** @file
-+  Enroll default PK, KEK, DB.
-+
-+  Copyright (C) 2014, Red Hat, Inc.
-+
-+  This program and the accompanying materials are licensed and made available
-+  under the terms and conditions of the BSD License which accompanies this
-+  distribution. The full text of the license may be found at
-+  http://opensource.org/licenses/bsd-license.
-+
-+  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT
-+  WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-+**/
-+#include <Guid/AuthenticatedVariableFormat.h>    // gEfiCustomModeEnableGuid
-+#include <Guid/GlobalVariable.h>                 // EFI_SETUP_MODE_NAME
-+#include <Guid/ImageAuthentication.h>            // EFI_IMAGE_SECURITY_DATABASE
-+#include <Library/BaseMemoryLib.h>               // CopyGuid()
-+#include <Library/DebugLib.h>                    // ASSERT()
-+#include <Library/MemoryAllocationLib.h>         // FreePool()
-+#include <Library/ShellCEntryLib.h>              // ShellAppMain()
-+#include <Library/UefiLib.h>                     // AsciiPrint()
-+#include <Library/UefiRuntimeServicesTableLib.h> // gRT
-+
-+//
-+// We'll use the certificate below as both Platform Key and as first Key
-+// Exchange Key.
-+//
-+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com"
-+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97
-+//
-+STATIC CONST UINT8 RedHatPkKek1[] = {
-+  0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+  0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d,
-+  0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
-+  0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22,
-+  0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72,
-+  0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45,
-+  0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06,
-+  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73,
-+  0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61,
-+  0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30,
-+  0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37,
-+  0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51,
-+  0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65,
-+  0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20,
-+  0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20,
-+  0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a,
-+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63,
-+  0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e,
-+  0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
-+  0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f,
-+  0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84,
-+  0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c,
-+  0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67,
-+  0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41,
-+  0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98,
-+  0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6,
-+  0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37,
-+  0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c,
-+  0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6,
-+  0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a,
-+  0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68,
-+  0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04,
-+  0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82,
-+  0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c,
-+  0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7,
-+  0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa,
-+  0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb,
-+  0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3,
-+  0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9,
-+  0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2,
-+  0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b,
-+  0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
-+  0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d,
-+  0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47,
-+  0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74,
-+  0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d,
-+  0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a,
-+  0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30,
-+  0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c,
-+  0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42,
-+  0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
-+  0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
-+  0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf,
-+  0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00,
-+  0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78,
-+  0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13,
-+  0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0,
-+  0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6,
-+  0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f,
-+  0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60,
-+  0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc,
-+  0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26,
-+  0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36,
-+  0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d,
-+  0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde,
-+  0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85,
-+  0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90,
-+  0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf,
-+  0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37,
-+  0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7,
-+  0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43,
-+  0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69
-+};
-+
-+//
-+// Second KEK: "Microsoft Corporation KEK CA 2011".
-+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30
-+//
-+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK.
-+//
-+STATIC CONST UINT8 MicrosoftKEK[] = {
-+  0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+  0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30,
-+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+  0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+  0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+  0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+  0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+  0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+  0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32,
-+  0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30,
-+  0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+  0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+  0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+  0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+  0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+  0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+  0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06,
-+  0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+  0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+  0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31,
-+  0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
-+  0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
-+  0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad,
-+  0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d,
-+  0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb,
-+  0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3,
-+  0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b,
-+  0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac,
-+  0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8,
-+  0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0,
-+  0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2,
-+  0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89,
-+  0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2,
-+  0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03,
-+  0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e,
-+  0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb,
-+  0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f,
-+  0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa,
-+  0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f,
-+  0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6,
-+  0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf,
-+  0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07,
-+  0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30,
-+  0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82,
-+  0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55,
-+  0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4,
-+  0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f,
-+  0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02,
-+  0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00,
-+  0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01,
-+  0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05,
-+  0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
-+  0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11,
-+  0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30,
-+  0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0,
-+  0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63,
-+  0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e,
-+  0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70,
-+  0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f,
-+  0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f,
-+  0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63,
-+  0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
-+  0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
-+  0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+  0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74,
-+  0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61,
-+  0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d,
-+  0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09,
-+  0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82,
-+  0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a,
-+  0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66,
-+  0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a,
-+  0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64,
-+  0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58,
-+  0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0,
-+  0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5,
-+  0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec,
-+  0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7,
-+  0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28,
-+  0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79,
-+  0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b,
-+  0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8,
-+  0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19,
-+  0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58,
-+  0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d,
-+  0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d,
-+  0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8,
-+  0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60,
-+  0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac,
-+  0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87,
-+  0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd,
-+  0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81,
-+  0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92,
-+  0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0,
-+  0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf,
-+  0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb,
-+  0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68,
-+  0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad,
-+  0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82,
-+  0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14,
-+  0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f,
-+  0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b,
-+  0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0,
-+  0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d,
-+  0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38,
-+  0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c,
-+  0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14,
-+  0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5,
-+  0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e
-+};
-+
-+//
-+// First DB entry: "Microsoft Windows Production PCA 2011"
-+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
-+//
-+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain
-+// rooted in this certificate.
-+//
-+STATIC CONST UINT8 MicrosoftPCA[] = {
-+  0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+  0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30,
-+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+  0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30,
-+  0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72,
-+  0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68,
-+  0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17,
-+  0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32,
-+  0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31,
-+  0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
-+  0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
-+  0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f,
-+  0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52,
-+  0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55,
-+  0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+  0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31,
-+  0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63,
-+  0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77,
-+  0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20,
-+  0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30,
-+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
-+  0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01,
-+  0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7,
-+  0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb,
-+  0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b,
-+  0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3,
-+  0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0,
-+  0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74,
-+  0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67,
-+  0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53,
-+  0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23,
-+  0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3,
-+  0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff,
-+  0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2,
-+  0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22,
-+  0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3,
-+  0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b,
-+  0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc,
-+  0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6,
-+  0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8,
-+  0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8,
-+  0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03,
-+  0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10,
-+  0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03,
-+  0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
-+  0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9,
-+  0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b,
-+  0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00,
-+  0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03,
-+  0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03,
-+  0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff,
-+  0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
-+  0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94,
-+  0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d,
-+  0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45,
-+  0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69,
-+  0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70,
-+  0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
-+  0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41,
-+  0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33,
-+  0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
-+  0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06,
-+  0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a,
-+  0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+  0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65,
-+  0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72,
-+  0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32,
-+  0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+  0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14,
-+  0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc,
-+  0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0,
-+  0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61,
-+  0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda,
-+  0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a,
-+  0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2,
-+  0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea,
-+  0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30,
-+  0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86,
-+  0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8,
-+  0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae,
-+  0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8,
-+  0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac,
-+  0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84,
-+  0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73,
-+  0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73,
-+  0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60,
-+  0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6,
-+  0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a,
-+  0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba,
-+  0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce,
-+  0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f,
-+  0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e,
-+  0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3,
-+  0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45,
-+  0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0,
-+  0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24,
-+  0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c,
-+  0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf,
-+  0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c,
-+  0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2,
-+  0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c,
-+  0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47,
-+  0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a,
-+  0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21,
-+  0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86,
-+  0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6,
-+  0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9,
-+  0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4,
-+  0x62, 0x1c, 0x59, 0x7e
-+};
-+
-+//
-+// Second DB entry: "Microsoft Corporation UEFI CA 2011"
-+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
-+//
-+// To verify the "shim" binary and PCI expansion ROMs with.
-+//
-+STATIC CONST UINT8 MicrosoftUefiCA[] = {
-+  0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02,
-+  0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30,
-+  0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
-+  0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
-+  0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
-+  0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31,
-+  0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64,
-+  0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a,
-+  0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43,
-+  0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30,
-+  0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f,
-+  0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74,
-+  0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72,
-+  0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63,
-+  0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30,
-+  0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32,
-+  0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30,
-+  0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-+  0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
-+  0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30,
-+  0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f,
-+  0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15,
-+  0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
-+  0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06,
-+  0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
-+  0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f,
-+  0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31,
-+  0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
-+  0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
-+  0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7,
-+  0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43,
-+  0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73,
-+  0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3,
-+  0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54,
-+  0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c,
-+  0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f,
-+  0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae,
-+  0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d,
-+  0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa,
-+  0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff,
-+  0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b,
-+  0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6,
-+  0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62,
-+  0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08,
-+  0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7,
-+  0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2,
-+  0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f,
-+  0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b,
-+  0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a,
-+  0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76,
-+  0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01,
-+  0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23,
-+  0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16,
-+  0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37,
-+  0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03,
-+  0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd,
-+  0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b,
-+  0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14,
-+  0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43,
-+  0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02,
-+  0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
-+  0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
-+  0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58,
-+  0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8,
-+  0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51,
-+  0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
-+  0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74,
-+  0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f,
-+  0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43,
-+  0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f,
-+  0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e,
-+  0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
-+  0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01,
-+  0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
-+  0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66,
-+  0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72,
-+  0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50,
-+  0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30,
-+  0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06,
-+  0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03,
-+  0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76,
-+  0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef,
-+  0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13,
-+  0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82,
-+  0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a,
-+  0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20,
-+  0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90,
-+  0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52,
-+  0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d,
-+  0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf,
-+  0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49,
-+  0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34,
-+  0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75,
-+  0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9,
-+  0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f,
-+  0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c,
-+  0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56,
-+  0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae,
-+  0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a,
-+  0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c,
-+  0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59,
-+  0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d,
-+  0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53,
-+  0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b,
-+  0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98,
-+  0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85,
-+  0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2,
-+  0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2,
-+  0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c,
-+  0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b,
-+  0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27,
-+  0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6,
-+  0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f,
-+  0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55,
-+  0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e,
-+  0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62,
-+  0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8,
-+  0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6,
-+  0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75,
-+  0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58
-+};
-+
-+//
-+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case
-+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit
-+// expects that the "dbx" variable exist.
-+//
-+// The article at <https://technet.microsoft.com/en-us/library/dn747883.aspx>
-+// writes (excerpt):
-+//
-+//    Windows 8.1 Secure Boot Key Creation and Management Guidance
-+//    1. Secure Boot, Windows 8.1 and Key Management
-+//    1.4 Signature Databases (Db and Dbx)
-+//    1.4.3 Forbidden Signature Database (dbx)
-+//
-+//    The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when
-+//    verifying images before checking db and any matches must prevent the
-+//    image from executing. The database may contain multiple certificates,
-+//    keys, and hashes in order to identify forbidden images. The Windows
-+//    Hardware Certification Requirements state that a dbx must be present, so
-+//    any dummy value, such as the SHA-256 hash of 0, may be used as a safe
-+//    placeholder until such time as Microsoft begins delivering dbx updates.
-+//
-+// The byte array below captures the SHA256 checksum of the empty file,
-+// blacklisting it for loading & execution. This qualifies as a dummy, since
-+// the empty file is not a valid UEFI binary anyway.
-+//
-+// Technically speaking, we could also capture an official (although soon to be
-+// obsolete) dbx update from <http://www.uefi.org/revocationlistfile>. However,
-+// the terms and conditions on distributing that binary aren't exactly light
-+// reading, so let's best steer clear of it, and follow the "dummy entry"
-+// practice recommended -- in natural English langauge -- in the
-+// above-referenced TechNet article.
-+//
-+STATIC CONST UINT8 mSha256OfDevNull[] = {
-+  0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99,
-+  0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95,
-+  0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
-+};
-+
-+//
-+// The following test cases of the Secure Boot Logo Test in the Microsoft
-+// Hardware Certification Kit:
-+//
-+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent
-+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB
-+//
-+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be
-+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the
-+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509
-+// certificates:
-+//
-+// - "Microsoft Corporation KEK CA 2011" (in KEK)
-+// - "Microsoft Windows Production PCA 2011" (in db)
-+// - "Microsoft Corporation UEFI CA 2011" (in db)
-+//
-+// This is despite the fact that the UEFI specification requires
-+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS,
-+// application or driver) that enrolled and therefore owns
-+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued
-+// EFI_SIGNATURE_DATA.SignatureData.
-+//
-+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = {
-+  0x77fa9abd, 0x0359, 0x4d32,
-+  { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b },
-+};
-+
-+//
-+// The most important thing about the variable payload is that it is a list of
-+// lists, where the element size of any given *inner* list is constant.
-+//
-+// Since X509 certificates vary in size, each of our *inner* lists will contain
-+// one element only (one X.509 certificate). This is explicitly mentioned in
-+// the UEFI specification, in "28.4.1 Signature Database", in a Note.
-+//
-+// The list structure looks as follows:
-+//
-+// struct EFI_VARIABLE_AUTHENTICATION_2 {                           |
-+//   struct EFI_TIME {                                              |
-+//     UINT16 Year;                                                 |
-+//     UINT8  Month;                                                |
-+//     UINT8  Day;                                                  |
-+//     UINT8  Hour;                                                 |
-+//     UINT8  Minute;                                               |
-+//     UINT8  Second;                                               |
-+//     UINT8  Pad1;                                                 |
-+//     UINT32 Nanosecond;                                           |
-+//     INT16  TimeZone;                                             |
-+//     UINT8  Daylight;                                             |
-+//     UINT8  Pad2;                                                 |
-+//   } TimeStamp;                                                   |
-+//                                                                  |
-+//   struct WIN_CERTIFICATE_UEFI_GUID {                           | |
-+//     struct WIN_CERTIFICATE {                                   | |
-+//       UINT32 dwLength; ----------------------------------------+ |
-+//       UINT16 wRevision;                                        | |
-+//       UINT16 wCertificateType;                                 | |
-+//     } Hdr;                                                     | +- DataSize
-+//                                                                | |
-+//     EFI_GUID CertType;                                         | |
-+//     UINT8    CertData[1] = { <--- "struct hack"                | |
-+//       struct EFI_SIGNATURE_LIST {                            | | |
-+//         EFI_GUID SignatureType;                              | | |
-+//         UINT32   SignatureListSize; -------------------------+ | |
-+//         UINT32   SignatureHeaderSize;                        | | |
-+//         UINT32   SignatureSize; ---------------------------+ | | |
-+//         UINT8    SignatureHeader[SignatureHeaderSize];     | | | |
-+//                                                            v | | |
-+//         struct EFI_SIGNATURE_DATA {                        | | | |
-+//           EFI_GUID SignatureOwner;                         | | | |
-+//           UINT8    SignatureData[1] = { <--- "struct hack" | | | |
-+//             X.509 payload                                  | | | |
-+//           }                                                | | | |
-+//         } Signatures[];                                      | | |
-+//       } SigLists[];                                            | |
-+//     };                                                         | |
-+//   } AuthInfo;                                                  | |
-+// };                                                               |
-+//
-+// Given that the "struct hack" invokes undefined behavior (which is why C99
-+// introduced the flexible array member), and because subtracting those pesky
-+// sizes of 1 is annoying, and because the format is fully specified in the
-+// UEFI specification, we'll introduce two matching convenience structures that
-+// are customized for our X.509 purposes.
-+//
-+#pragma pack(1)
-+typedef struct {
-+  EFI_TIME TimeStamp;
-+
-+  //
-+  // dwLength covers data below
-+  //
-+  UINT32   dwLength;
-+  UINT16   wRevision;
-+  UINT16   wCertificateType;
-+  EFI_GUID CertType;
-+} SINGLE_HEADER;
-+
-+typedef struct {
-+  //
-+  // SignatureListSize covers data below
-+  //
-+  EFI_GUID SignatureType;
-+  UINT32   SignatureListSize;
-+  UINT32   SignatureHeaderSize; // constant 0
-+  UINT32   SignatureSize;
-+
-+  //
-+  // SignatureSize covers data below
-+  //
-+  EFI_GUID SignatureOwner;
-+
-+  //
-+  // X.509 certificate follows
-+  //
-+} REPEATING_HEADER;
-+#pragma pack()
-+
-+/**
-+  Enroll a set of certificates in a global variable, overwriting it.
-+
-+  The variable will be rewritten with NV+BS+RT+AT attributes.
-+
-+  @param[in] VariableName  The name of the variable to overwrite.
-+
-+  @param[in] VendorGuid    The namespace (ie. vendor GUID) of the variable to
-+                           overwrite.
-+
-+  @param[in] CertType      The GUID determining the type of all the
-+                           certificates in the set that is passed in. For
-+                           example, gEfiCertX509Guid stands for DER-encoded
-+                           X.509 certificates, while gEfiCertSha256Guid stands
-+                           for SHA256 image hashes.
-+
-+  @param[in] ...           A list of
-+
-+                             IN CONST UINT8    *Cert,
-+                             IN UINTN          CertSize,
-+                             IN CONST EFI_GUID *OwnerGuid
-+
-+                           triplets. If the first component of a triplet is
-+                           NULL, then the other two components are not
-+                           accessed, and processing is terminated. The list of
-+                           certificates is enrolled in the variable specified,
-+                           overwriting it. The OwnerGuid component identifies
-+                           the agent installing the certificate.
-+
-+  @retval EFI_INVALID_PARAMETER  The triplet list is empty (ie. the first Cert
-+                                 value is NULL), or one of the CertSize values
-+                                 is 0, or one of the CertSize values would
-+                                 overflow the accumulated UINT32 data size.
-+
-+  @retval EFI_OUT_OF_RESOURCES   Out of memory while formatting variable
-+                                 payload.
-+
-+  @retval EFI_SUCCESS            Enrollment successful; the variable has been
-+                                 overwritten (or created).
-+
-+  @return                        Error codes from gRT->GetTime() and
-+                                 gRT->SetVariable().
-+**/
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+EnrollListOfCerts (
-+  IN CHAR16   *VariableName,
-+  IN EFI_GUID *VendorGuid,
-+  IN EFI_GUID *CertType,
-+  ...
-+  )
-+{
-+  UINTN            DataSize;
-+  SINGLE_HEADER    *SingleHeader;
-+  REPEATING_HEADER *RepeatingHeader;
-+  VA_LIST          Marker;
-+  CONST UINT8      *Cert;
-+  EFI_STATUS       Status;
-+  UINT8            *Data;
-+  UINT8            *Position;
-+
-+  Status = EFI_SUCCESS;
-+
-+  //
-+  // compute total size first, for UINT32 range check, and allocation
-+  //
-+  DataSize = sizeof *SingleHeader;
-+  VA_START (Marker, CertType);
-+  for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+       Cert != NULL;
-+       Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+    UINTN          CertSize;
-+
-+    CertSize = VA_ARG (Marker, UINTN);
-+    (VOID)VA_ARG (Marker, CONST EFI_GUID *);
-+
-+    if (CertSize == 0 ||
-+        CertSize > MAX_UINT32 - sizeof *RepeatingHeader ||
-+        DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) {
-+      Status = EFI_INVALID_PARAMETER;
-+      break;
-+    }
-+    DataSize += sizeof *RepeatingHeader + CertSize;
-+  }
-+  VA_END (Marker);
-+
-+  if (DataSize == sizeof *SingleHeader) {
-+    Status = EFI_INVALID_PARAMETER;
-+  }
-+  if (EFI_ERROR (Status)) {
-+    goto Out;
-+  }
-+
-+  Data = AllocatePool (DataSize);
-+  if (Data == NULL) {
-+    Status = EFI_OUT_OF_RESOURCES;
-+    goto Out;
-+  }
-+
-+  Position = Data;
-+
-+  SingleHeader = (SINGLE_HEADER *)Position;
-+  Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL);
-+  if (EFI_ERROR (Status)) {
-+    goto FreeData;
-+  }
-+  SingleHeader->TimeStamp.Pad1       = 0;
-+  SingleHeader->TimeStamp.Nanosecond = 0;
-+  SingleHeader->TimeStamp.TimeZone   = 0;
-+  SingleHeader->TimeStamp.Daylight   = 0;
-+  SingleHeader->TimeStamp.Pad2       = 0;
-+#if 0
-+  SingleHeader->dwLength         = DataSize - sizeof SingleHeader->TimeStamp;
-+#else
-+  //
-+  // This looks like a bug in edk2. According to the UEFI specification,
-+  // dwLength is "The length of the entire certificate, including the length of
-+  // the header, in bytes". That shouldn't stop right after CertType -- it
-+  // should include everything below it.
-+  //
-+  SingleHeader->dwLength         = sizeof *SingleHeader
-+                                     - sizeof SingleHeader->TimeStamp;
-+#endif
-+  SingleHeader->wRevision        = 0x0200;
-+  SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID;
-+  CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid);
-+  Position += sizeof *SingleHeader;
-+
-+  VA_START (Marker, CertType);
-+  for (Cert = VA_ARG (Marker, CONST UINT8 *);
-+       Cert != NULL;
-+       Cert = VA_ARG (Marker, CONST UINT8 *)) {
-+    UINTN            CertSize;
-+    CONST EFI_GUID   *OwnerGuid;
-+
-+    CertSize  = VA_ARG (Marker, UINTN);
-+    OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *);
-+
-+    RepeatingHeader = (REPEATING_HEADER *)Position;
-+    CopyGuid (&RepeatingHeader->SignatureType, CertType);
-+    RepeatingHeader->SignatureListSize   =
-+      (UINT32)(sizeof *RepeatingHeader + CertSize);
-+    RepeatingHeader->SignatureHeaderSize = 0;
-+    RepeatingHeader->SignatureSize       =
-+      (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize);
-+    CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid);
-+    Position += sizeof *RepeatingHeader;
-+
-+    CopyMem (Position, Cert, CertSize);
-+    Position += CertSize;
-+  }
-+  VA_END (Marker);
-+
-+  ASSERT (Data + DataSize == Position);
-+
-+  Status = gRT->SetVariable (VariableName, VendorGuid,
-+                  (EFI_VARIABLE_NON_VOLATILE |
-+                   EFI_VARIABLE_BOOTSERVICE_ACCESS |
-+                   EFI_VARIABLE_RUNTIME_ACCESS |
-+                   EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS),
-+                  DataSize, Data);
-+
-+FreeData:
-+  FreePool (Data);
-+
-+Out:
-+  if (EFI_ERROR (Status)) {
-+    AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName,
-+      VendorGuid, Status);
-+  }
-+  return Status;
-+}
-+
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetExact (
-+  IN CHAR16   *VariableName,
-+  IN EFI_GUID *VendorGuid,
-+  OUT VOID    *Data,
-+  IN UINTN    DataSize,
-+  IN BOOLEAN  AllowMissing
-+  )
-+{
-+  UINTN      Size;
-+  EFI_STATUS Status;
-+
-+  Size = DataSize;
-+  Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data);
-+  if (EFI_ERROR (Status)) {
-+    if (Status == EFI_NOT_FOUND && AllowMissing) {
-+      ZeroMem (Data, DataSize);
-+      return EFI_SUCCESS;
-+    }
-+
-+    AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName,
-+      VendorGuid, Status);
-+    return Status;
-+  }
-+
-+  if (Size != DataSize) {
-+    AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, "
-+      "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size);
-+    return EFI_PROTOCOL_ERROR;
-+  }
-+
-+  return EFI_SUCCESS;
-+}
-+
-+typedef struct {
-+  UINT8 SetupMode;
-+  UINT8 SecureBoot;
-+  UINT8 SecureBootEnable;
-+  UINT8 CustomMode;
-+  UINT8 VendorKeys;
-+} SETTINGS;
-+
-+STATIC
-+EFI_STATUS
-+EFIAPI
-+GetSettings (
-+  OUT SETTINGS *Settings
-+  )
-+{
-+  EFI_STATUS Status;
-+
-+  Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid,
-+             &Settings->SetupMode, sizeof Settings->SetupMode, FALSE);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid,
-+             &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME,
-+             &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable,
-+             sizeof Settings->SecureBootEnable, TRUE);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+             &Settings->CustomMode, sizeof Settings->CustomMode, FALSE);
-+  if (EFI_ERROR (Status)) {
-+    return Status;
-+  }
-+
-+  Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid,
-+             &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE);
-+  return Status;
-+}
-+
-+STATIC
-+VOID
-+EFIAPI
-+PrintSettings (
-+  IN CONST SETTINGS *Settings
-+  )
-+{
-+  AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d "
-+    "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot,
-+    Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys);
-+}
-+
-+
-+INTN
-+EFIAPI
-+ShellAppMain (
-+  IN UINTN  Argc,
-+  IN CHAR16 **Argv
-+  )
-+{
-+  EFI_STATUS Status;
-+  SETTINGS   Settings;
-+
-+  Status = GetSettings (&Settings);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+  PrintSettings (&Settings);
-+
-+  if (Settings.SetupMode != 1) {
-+    AsciiPrint ("error: already in User Mode\n");
-+    return 1;
-+  }
-+
-+  if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) {
-+    Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE;
-+    Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+                    (EFI_VARIABLE_NON_VOLATILE |
-+                     EFI_VARIABLE_BOOTSERVICE_ACCESS),
-+                    sizeof Settings.CustomMode, &Settings.CustomMode);
-+    if (EFI_ERROR (Status)) {
-+      AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+        &gEfiCustomModeEnableGuid, Status);
-+      return 1;
-+    }
-+  }
-+
-+  Status = EnrollListOfCerts (
-+             EFI_IMAGE_SECURITY_DATABASE,
-+             &gEfiImageSecurityDatabaseGuid,
-+             &gEfiCertX509Guid,
-+             MicrosoftPCA,    sizeof MicrosoftPCA,    &mMicrosoftOwnerGuid,
-+             MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid,
-+             NULL);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+
-+  Status = EnrollListOfCerts (
-+             EFI_IMAGE_SECURITY_DATABASE1,
-+             &gEfiImageSecurityDatabaseGuid,
-+             &gEfiCertSha256Guid,
-+             mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid,
-+             NULL);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+
-+  Status = EnrollListOfCerts (
-+             EFI_KEY_EXCHANGE_KEY_NAME,
-+             &gEfiGlobalVariableGuid,
-+             &gEfiCertX509Guid,
-+             RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid,
-+             MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid,
-+             NULL);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+
-+  Status = EnrollListOfCerts (
-+             EFI_PLATFORM_KEY_NAME,
-+             &gEfiGlobalVariableGuid,
-+             &gEfiCertX509Guid,
-+             RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid,
-+             NULL);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+
-+  Settings.CustomMode = STANDARD_SECURE_BOOT_MODE;
-+  Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid,
-+                  EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
-+                  sizeof Settings.CustomMode, &Settings.CustomMode);
-+  if (EFI_ERROR (Status)) {
-+    AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME,
-+      &gEfiCustomModeEnableGuid, Status);
-+    return 1;
-+  }
-+
-+  Status = GetSettings (&Settings);
-+  if (EFI_ERROR (Status)) {
-+    return 1;
-+  }
-+  PrintSettings (&Settings);
-+
-+  if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 ||
-+      Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 ||
-+      Settings.VendorKeys != 0) {
-+    AsciiPrint ("error: unexpected\n");
-+    return 1;
-+  }
-+
-+  AsciiPrint ("info: success\n");
-+  return 0;
-+}
-diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-new file mode 100644
-index 0000000000..0ad86a2843
---- /dev/null
-+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
-@@ -0,0 +1,52 @@
-+## @file
-+#  Enroll default PK, KEK, DB.
-+#
-+#  Copyright (C) 2014, Red Hat, Inc.
-+#
-+#  This program and the accompanying materials are licensed and made available
-+#  under the terms and conditions of the BSD License which accompanies this
-+#  distribution. The full text of the license may be found at
-+#  http://opensource.org/licenses/bsd-license.
-+#
-+#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-+#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
-+#  IMPLIED.
-+##
-+
-+[Defines]
-+  INF_VERSION                    = 0x00010006
-+  BASE_NAME                      = EnrollDefaultKeys
-+  FILE_GUID                      = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A
-+  MODULE_TYPE                    = UEFI_APPLICATION
-+  VERSION_STRING                 = 0.1
-+  ENTRY_POINT                    = ShellCEntryLib
-+
-+#
-+#  VALID_ARCHITECTURES           = IA32 X64
-+#
-+
-+[Sources]
-+  EnrollDefaultKeys.c
-+
-+[Packages]
-+  MdePkg/MdePkg.dec
-+  MdeModulePkg/MdeModulePkg.dec
-+  SecurityPkg/SecurityPkg.dec
-+  ShellPkg/ShellPkg.dec
-+
-+[Guids]
-+  gEfiCertPkcs7Guid
-+  gEfiCertSha256Guid
-+  gEfiCertX509Guid
-+  gEfiCustomModeEnableGuid
-+  gEfiGlobalVariableGuid
-+  gEfiImageSecurityDatabaseGuid
-+  gEfiSecureBootEnableDisableGuid
-+
-+[LibraryClasses]
-+  BaseMemoryLib
-+  DebugLib
-+  MemoryAllocationLib
-+  ShellCEntryLib
-+  UefiLib
-+  UefiRuntimeServicesTableLib
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 3f1da66aab..bc75e03d47 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -864,6 +864,10 @@
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+    <LibraryClasses>
-+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+  }
- !endif
- 
-   OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 9bb0a4cede..f630737662 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -873,6 +873,10 @@
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+    <LibraryClasses>
-+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+  }
- !endif
- 
-   OvmfPkg/PlatformDxe/Platform.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 3b7fc5328c..ac70a0cac1 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -871,6 +871,10 @@
- 
- !if $(SECURE_BOOT_ENABLE) == TRUE
-   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
-+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf {
-+    <LibraryClasses>
-+      ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
-+  }
- !endif
- 
-   OvmfPkg/PlatformDxe/Platform.inf
--- 
-2.18.1
-
diff --git a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
deleted file mode 100644
index c85291d..0000000
--- a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From c3f07e323e76856f1b42ea7b8c598ba3201c28a2 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:49:43 +0200
-Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
-machine firmware) print a reasonably early, simple hello message to the
-serial port, regardless of debug mask settings. This should inform
-interactive users, and provide some rough help in localizing boot
-problems, even with restrictive debug masks.
-
-If a platform doesn't want this feature, it should stick with the default
-empty string.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Suggested-by: Drew Jones <drjones@redhat.com>
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
-(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
-(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
-(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
-(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
-index 44c00bd0c1..40c8ec3251 100644
---- a/ArmPlatformPkg/ArmPlatformPkg.dec
-+++ b/ArmPlatformPkg/ArmPlatformPkg.dec
-@@ -114,6 +114,13 @@
-   ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
-   gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
- 
-+  #
-+  # Early hello message (ASCII string), printed to the serial port.
-+  # If set to the empty string, nothing is printed.
-+  # Otherwise, a trailing CRLF should be specified explicitly.
-+  #
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
-+
- [PcdsFixedAtBuild.common,PcdsDynamic.common]
-   ## PL031 RealTimeClock
-   gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
--- 
-2.18.1
-
diff --git a/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
new file mode 100644
index 0000000..8600508
--- /dev/null
+++ b/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
@@ -0,0 +1,223 @@
+From 8338545260fbb423f796d5196faaaf8ff6e1ed99 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Sun, 26 Jul 2015 08:02:50 +0000
+Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no change
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- Refresh downstream-only commit d4564d39dfdb against context changes in
+  "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870
+  ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable
+  override", 2017-03-29).
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such
+  setter functions for dynamic PCDs that don't return a status code (such
+  as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds --
+  there's really no circumstance in this case when it could fail.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262)
+(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c)
+(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65)
+(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806)
+(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04)
+---
+ ArmVirtPkg/ArmVirtQemu.dsc                    |  7 +-
+ .../TerminalPcdProducerLib.c                  | 87 +++++++++++++++++++
+ .../TerminalPcdProducerLib.inf                | 41 +++++++++
+ 3 files changed, 134 insertions(+), 1 deletion(-)
+ create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
+ create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index a3cc3f26ec..696b0b5bcd 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -237,6 +237,8 @@
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
+   gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
+ 
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE
++
+ [PcdsDynamicHii]
+   gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS
+ 
+@@ -314,7 +316,10 @@
+   MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
+   MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
+   MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
+-  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf
++  MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf {
++    <LibraryClasses>
++      NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
++  }
+   MdeModulePkg/Universal/SerialDxe/SerialDxe.inf
+ 
+   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
+new file mode 100644
+index 0000000000..814ad48199
+--- /dev/null
++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c
+@@ -0,0 +1,87 @@
++/** @file
++*  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
++*
++*  Copyright (C) 2015-2016, Red Hat, Inc.
++*  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
++*
++*  This program and the accompanying materials are licensed and made available
++*  under the terms and conditions of the BSD License which accompanies this
++*  distribution.  The full text of the license may be found at
++*  http://opensource.org/licenses/bsd-license.php
++*
++*  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++*  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
++*  IMPLIED.
++*
++**/
++
++#include <Library/DebugLib.h>
++#include <Library/PcdLib.h>
++#include <Library/QemuFwCfgLib.h>
++
++STATIC
++RETURN_STATUS
++GetNamedFwCfgBoolean (
++  IN  CONST CHAR8 *FwCfgFileName,
++  OUT BOOLEAN     *Setting
++  )
++{
++  RETURN_STATUS        Status;
++  FIRMWARE_CONFIG_ITEM FwCfgItem;
++  UINTN                FwCfgSize;
++  UINT8                Value[3];
++
++  Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize);
++  if (RETURN_ERROR (Status)) {
++    return Status;
++  }
++  if (FwCfgSize > sizeof Value) {
++    return RETURN_BAD_BUFFER_SIZE;
++  }
++  QemuFwCfgSelectItem (FwCfgItem);
++  QemuFwCfgReadBytes (FwCfgSize, Value);
++
++  if ((FwCfgSize == 1) ||
++      (FwCfgSize == 2 && Value[1] == '\n') ||
++      (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) {
++    switch (Value[0]) {
++      case '0':
++      case 'n':
++      case 'N':
++        *Setting = FALSE;
++        return RETURN_SUCCESS;
++
++      case '1':
++      case 'y':
++      case 'Y':
++        *Setting = TRUE;
++        return RETURN_SUCCESS;
++
++      default:
++        break;
++    }
++  }
++  return RETURN_PROTOCOL_ERROR;
++}
++
++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName)                             \
++          do {                                                                \
++            BOOLEAN       Setting;                                            \
++            RETURN_STATUS PcdStatus;                                          \
++                                                                              \
++            if (!RETURN_ERROR (GetNamedFwCfgBoolean (                         \
++                    "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \
++              PcdStatus = PcdSetBoolS (TokenName, Setting);                   \
++              ASSERT_RETURN_ERROR (PcdStatus);                                \
++            }                                                                 \
++          } while (0)
++
++RETURN_STATUS
++EFIAPI
++TerminalPcdProducerLibConstructor (
++  VOID
++  )
++{
++  UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm);
++  return RETURN_SUCCESS;
++}
+diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
+new file mode 100644
+index 0000000000..fecb37bcdf
+--- /dev/null
++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf
+@@ -0,0 +1,41 @@
++## @file
++#  Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg
++#
++#  Copyright (C) 2015-2016, Red Hat, Inc.
++#  Copyright (c) 2014, Linaro Ltd. All rights reserved.<BR>
++#
++#  This program and the accompanying materials are licensed and made available
++#  under the terms and conditions of the BSD License which accompanies this
++#  distribution.  The full text of the license may be found at
++#  http://opensource.org/licenses/bsd-license.php
++#
++#  THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
++#  WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR
++#  IMPLIED.
++#
++##
++
++[Defines]
++  INF_VERSION                    = 0x00010005
++  BASE_NAME                      = TerminalPcdProducerLib
++  FILE_GUID                      = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96
++  MODULE_TYPE                    = BASE
++  VERSION_STRING                 = 1.0
++  LIBRARY_CLASS                  = TerminalPcdProducerLib|DXE_DRIVER
++  CONSTRUCTOR                    = TerminalPcdProducerLibConstructor
++
++[Sources]
++  TerminalPcdProducerLib.c
++
++[Packages]
++  MdePkg/MdePkg.dec
++  OvmfPkg/OvmfPkg.dec
++  MdeModulePkg/MdeModulePkg.dec
++
++[LibraryClasses]
++  DebugLib
++  PcdLib
++  QemuFwCfgLib
++
++[Pcd]
++  gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm
+-- 
+2.18.1
+
diff --git a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
deleted file mode 100644
index fae39ec..0000000
--- a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From bb71490fdda3b38fa9f071d281b863f9b64363bf Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 13:59:20 +0200
-Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
- port (RH)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
-  temporary stack before entering PEI core", 2017-11-09) -- conflict
-  resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-The FixedPcdGetSize() macro expands to an integer constant, therefore an
-optimizing compiler can eliminate the new code, if the platform DSC
-doesn't override the empty string (size=1) default of
-PcdEarlyHelloMessage.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
-(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
-(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
-(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
-(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmPlatformPkg/PrePeiCore/MainMPCore.c          | 5 +++++
- ArmPlatformPkg/PrePeiCore/MainUniCore.c         | 5 +++++
- ArmPlatformPkg/PrePeiCore/PrePeiCore.h          | 1 +
- ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf  | 2 ++
- ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
- 5 files changed, 15 insertions(+)
-
-diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-index dc47adbaff..cbd72232c7 100644
---- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
-@@ -117,6 +117,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Enable the GIC Distributor
-diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-index 134a469427..af39fc017c 100644
---- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
-@@ -35,6 +35,11 @@ PrimaryMain (
-   UINTN                       TemporaryRamBase;
-   UINTN                       TemporaryRamSize;
- 
-+  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
-+    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
-+      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
-+  }
-+
-   CreatePpiList (&PpiListSize, &PpiList);
- 
-   // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-index 160894620c..bf843d7768 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
-@@ -21,6 +21,7 @@
- #include <Library/DebugLib.h>
- #include <Library/IoLib.h>
- #include <Library/PcdLib.h>
-+#include <Library/SerialPortLib.h>
- 
- #include <PiPei.h>
- #include <Ppi/TemporaryRamSupport.h>
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-index e3a31fa7c6..1bc0c45420 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
-@@ -72,6 +72,8 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gArmTokenSpaceGuid.PcdGicDistributorBase
-   gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
-   gArmTokenSpaceGuid.PcdGicSgiIntId
-diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-index ec83cec2d8..b100820491 100644
---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
-@@ -70,4 +70,6 @@
-   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
-   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
- 
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
-+
-   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
--- 
-2.18.1
-
diff --git a/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
new file mode 100644
index 0000000..0023ba2
--- /dev/null
+++ b/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
@@ -0,0 +1,147 @@
+From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Tue, 4 Nov 2014 23:02:53 +0100
+Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH
+ only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- update the patch against the following upstream commits:
+  - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19)
+  - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5
+                  tool chain", 2018-11-27)
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no change
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com>
+Patchwork-id: 62119
+O-Subject:  [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell
+	from the firmware image (RH only)
+Bugzilla: 1147592
+Acked-by: Andrew Jones <drjones@redhat.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell
+binary from the firmware image.
+
+Peter Jones advised us that firmware vendors for physical systems disable
+the memory-mapped, firmware image-contained UEFI shell in
+SecureBoot-enabled builds. The reason being that the memory-mapped shell
+can always load, it may have direct access to various hardware in the
+system, and it can run UEFI shell scripts (which cannot be signed at all).
+
+Intended use of the new build option:
+
+- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant
+  firmware image will contain a shell binary, independently of SecureBoot
+  enablement, which is flexible for interactive development. (Ie. no
+  change for in-tree builds.)
+
+- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and
+  '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide:
+
+  - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell,
+
+  - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd,
+
+  - UefiShell.iso: a bootable ISO image with the shell on it as default
+    boot loader. The shell binary will load when SecureBoot is turned off,
+    and won't load when SecureBoot is turned on (because it is not
+    signed).
+
+    UefiShell.iso is the reason we're not excluding the shell from the DSC
+    files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD'
+    is specified, the shell binary needs to be built the same, only it
+    will be included in UefiShell.iso.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd)
+(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933)
+(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b)
+(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245)
+(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687)
+(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4)
+---
+ OvmfPkg/OvmfPkgIa32.fdf    | 2 ++
+ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++
+ OvmfPkg/OvmfPkgX64.fdf     | 2 ++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
+index 326f82384e..dff2fcd9f6 100644
+--- a/OvmfPkg/OvmfPkgIa32.fdf
++++ b/OvmfPkg/OvmfPkgIa32.fdf
+@@ -278,10 +278,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
++!endif
+ 
+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
+index aefb6614ad..6684a2e799 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.fdf
++++ b/OvmfPkg/OvmfPkgIa32X64.fdf
+@@ -279,10 +279,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
++!endif
+ 
+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index aefb6614ad..6684a2e799 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -279,10 +279,12 @@ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+ INF  MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf
+ 
++!ifndef $(EXCLUDE_SHELL_FROM_FD)
+ !if $(TOOL_CHAIN_TAG) != "XCODE5"
+ INF  ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
+ !endif
+ INF  ShellPkg/Application/Shell/Shell.inf
++!endif
+ 
+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf
+ 
+-- 
+2.18.1
+
diff --git a/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
new file mode 100644
index 0000000..7bdb27e
--- /dev/null
+++ b/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
@@ -0,0 +1,81 @@
+From 9f756c1ad83cc81f7d892cd036d59a2b567b02dc Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 14 Oct 2015 13:49:43 +0200
+Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Drew has proposed that ARM|AARCH64 platform firmware (especially virtual
+machine firmware) print a reasonably early, simple hello message to the
+serial port, regardless of debug mask settings. This should inform
+interactive users, and provide some rough help in localizing boot
+problems, even with restrictive debug masks.
+
+If a platform doesn't want this feature, it should stick with the default
+empty string.
+
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
+Downstream only:
+<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
+
+Suggested-by: Drew Jones <drjones@redhat.com>
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30)
+(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750)
+(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16)
+(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27)
+(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1)
+(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2)
+---
+ ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec
+index c8ea183313..bab4804a17 100644
+--- a/ArmPlatformPkg/ArmPlatformPkg.dec
++++ b/ArmPlatformPkg/ArmPlatformPkg.dec
+@@ -108,6 +108,13 @@
+   ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers
+   gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045
+ 
++  #
++  # Early hello message (ASCII string), printed to the serial port.
++  # If set to the empty string, nothing is printed.
++  # Otherwise, a trailing CRLF should be specified explicitly.
++  #
++  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100
++
+ [PcdsFixedAtBuild.common,PcdsDynamic.common]
+   ## PL031 RealTimeClock
+   gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024
+-- 
+2.18.1
+
diff --git a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
deleted file mode 100644
index 849fadc..0000000
--- a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From fb2032bbea7e02c426855cf86a323556d493fd8a Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 14 Oct 2015 14:07:17 +0200
-Subject: ArmVirtPkg: set early hello message (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
-  don't set PcdCoreCount", 2019-02-13)
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
-
-- no changes
-
-Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
-
-- no changes
-
-Print a friendly banner on QEMU, regardless of debug mask settings.
-
-RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
-Downstream only:
-<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
-
-Contributed-under: TianoCore Contribution Agreement 1.0
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
-(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
-(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
-(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
-(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmVirtPkg/ArmVirtQemu.dsc | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 9fc78d4e0a..a4cd66b846 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -94,6 +94,7 @@
-   gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
- 
- [PcdsFixedAtBuild.common]
-+  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
- !if $(ARCH) == AARCH64
-   gArmTokenSpaceGuid.PcdVFPEnabled|1
- !endif
--- 
-2.18.1
-
diff --git a/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
new file mode 100644
index 0000000..ed0b97b
--- /dev/null
+++ b/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
@@ -0,0 +1,133 @@
+From 8d5a8827aabc67cb2a046697e1a750ca8d9cc453 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 14 Oct 2015 13:59:20 +0200
+Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial
+ port (RH)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed
+  temporary stack before entering PEI core", 2017-11-09) -- conflict
+  resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf"
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+The FixedPcdGetSize() macro expands to an integer constant, therefore an
+optimizing compiler can eliminate the new code, if the platform DSC
+doesn't override the empty string (size=1) default of
+PcdEarlyHelloMessage.
+
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
+Downstream only:
+<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e)
+(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac)
+(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd)
+(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a)
+(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de)
+(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf)
+---
+ ArmPlatformPkg/PrePeiCore/MainMPCore.c          | 5 +++++
+ ArmPlatformPkg/PrePeiCore/MainUniCore.c         | 5 +++++
+ ArmPlatformPkg/PrePeiCore/PrePeiCore.h          | 1 +
+ ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf  | 2 ++
+ ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++
+ 5 files changed, 15 insertions(+)
+
+diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
+index d379ad8b7a..ff1672f94d 100644
+--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c
++++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c
+@@ -111,6 +111,11 @@ PrimaryMain (
+   UINTN                       TemporaryRamBase;
+   UINTN                       TemporaryRamSize;
+ 
++  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
++    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
++      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
++  }
++
+   CreatePpiList (&PpiListSize, &PpiList);
+ 
+   // Enable the GIC Distributor
+diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
+index 1500d2bd51..5b0790beac 100644
+--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c
++++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c
+@@ -29,6 +29,11 @@ PrimaryMain (
+   UINTN                       TemporaryRamBase;
+   UINTN                       TemporaryRamSize;
+ 
++  if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) {
++    SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage),
++      FixedPcdGetSize (PcdEarlyHelloMessage) - 1);
++  }
++
+   CreatePpiList (&PpiListSize, &PpiList);
+ 
+   // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at
+diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
+index 7140c7f5b5..1d69a2b468 100644
+--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h
+@@ -15,6 +15,7 @@
+ #include <Library/DebugLib.h>
+ #include <Library/IoLib.h>
+ #include <Library/PcdLib.h>
++#include <Library/SerialPortLib.h>
+ 
+ #include <PiPei.h>
+ #include <Ppi/TemporaryRamSupport.h>
+diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
+index f2ac45d171..fc93fda965 100644
+--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf
+@@ -67,6 +67,8 @@
+   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
+   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
+ 
++  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
++
+   gArmTokenSpaceGuid.PcdGicDistributorBase
+   gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase
+   gArmTokenSpaceGuid.PcdGicSgiIntId
+diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+index 84c319c367..46d1b30978 100644
+--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf
+@@ -65,4 +65,6 @@
+   gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize
+   gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize
+ 
++  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage
++
+   gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack
+-- 
+2.18.1
+
diff --git a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
deleted file mode 100644
index d492ddb..0000000
--- a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-From 7e6d5dc4078c64be6d55d8fc3317c59a91507a50 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 21 Nov 2017 00:57:45 +0100
-Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Message-id: <20171120235748.29669-5-pbonzini@redhat.com>
-Patchwork-id: 77760
-O-Subject:  [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
-Bugzilla: 1488247
-Acked-by: Laszlo Ersek <lersek@redhat.com>
-Acked-by: Thomas Huth <thuth@redhat.com>
-
-From: Laszlo Ersek <lersek@redhat.com>
-
-Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
-debug messages, and code in OvmfPkg logs many messages on the
-DEBUG_VERBOSE level.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117)
-(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
-(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
-(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc    | 2 +-
- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
- OvmfPkg/OvmfPkgX64.dsc     | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index bc75e03d47..8093e6f000 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -484,7 +484,7 @@
-   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
-   #                             // significantly impact boot performance
-   # DEBUG_ERROR     0x80000000  // Error
--  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index f630737662..eca9b4e6db 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -489,7 +489,7 @@
-   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
-   #                             // significantly impact boot performance
-   # DEBUG_ERROR     0x80000000  // Error
--  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index ac70a0cac1..3ff9a3181e 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -489,7 +489,7 @@
-   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
-   #                             // significantly impact boot performance
-   # DEBUG_ERROR     0x80000000  // Error
--  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
--- 
-2.18.1
-
diff --git a/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
new file mode 100644
index 0000000..9330386
--- /dev/null
+++ b/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
@@ -0,0 +1,68 @@
+From ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 14 Oct 2015 14:07:17 +0200
+Subject: ArmVirtPkg: set early hello message (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg:
+  don't set PcdCoreCount", 2019-02-13)
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase:
+
+- no changes
+
+Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase:
+
+- no changes
+
+Print a friendly banner on QEMU, regardless of debug mask settings.
+
+RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279
+Downstream only:
+<http://thread.gmane.org/gmane.comp.bios.edk2.devel/2996/focus=3433>.
+
+Contributed-under: TianoCore Contribution Agreement 1.0
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925)
+(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a)
+(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c)
+(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18)
+(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18)
+(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a)
+---
+ ArmVirtPkg/ArmVirtQemu.dsc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 696b0b5bcd..08c7a36339 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -101,6 +101,7 @@
+   gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE
+ 
+ [PcdsFixedAtBuild.common]
++  gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n"
+ !if $(ARCH) == AARCH64
+   gArmTokenSpaceGuid.PcdVFPEnabled|1
+ !endif
+-- 
+2.18.1
+
diff --git a/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
deleted file mode 100644
index 777fb22..0000000
--- a/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From b06b87f8ffd4fed4ef7eacb13689a9b6d111f850 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 21 Nov 2017 00:57:46 +0100
-Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
- QemuVideoDxe/QemuRamfbDxe (RH)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14)
-  introduced another GOP driver that consumes FrameBufferBltLib, and
-  thereby produces a large number of (mostly useless) debug messages at
-  the DEBUG_VERBOSE level. Extend the patch to suppress those messages in
-  both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly.
-  QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also
-  the original commit message at the bottom of this downstream patch).
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Message-id: <20171120235748.29669-6-pbonzini@redhat.com>
-Patchwork-id: 77761
-O-Subject:  [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
-	QemuVideoDxe (RH only)
-Bugzilla: 1488247
-Acked-by: Laszlo Ersek <lersek@redhat.com>
-Acked-by: Thomas Huth <thuth@redhat.com>
-
-From: Laszlo Ersek <lersek@redhat.com>
-
-In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
-MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
-FrameBufferBltLib.
-
-The FrameBufferBltLib instance added in commit b1ca386074bd
-("MdeModulePkg: Add FrameBufferBltLib library instance") logs many
-messages on the VERBOSE level; for example, a normal boot with OVMF can
-produce 500+ "VideoFill" messages, dependent on the progress bar, when the
-VERBOSE bit is set in PcdDebugPrintErrorLevel.
-
-QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose
-none of its messages this way.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52)
-(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
-(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
-(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc    | 10 ++++++++--
- OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
- OvmfPkg/OvmfPkgX64.dsc     | 10 ++++++++--
- 3 files changed, 24 insertions(+), 6 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 8093e6f000..8f1cf80fe6 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -746,8 +746,14 @@
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
- 
--  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
- 
-   #
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index eca9b4e6db..62d6d6c406 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -755,8 +755,14 @@
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
- 
--  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
- 
-   #
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 3ff9a3181e..992b141113 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -753,8 +753,14 @@
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
- 
--  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
- 
-   #
--- 
-2.18.1
-
diff --git a/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
deleted file mode 100644
index b7d7973..0000000
--- a/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 76b4ac28e975bd63c25db903a1d42c47b38cc756 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Wed, 27 Jan 2016 03:05:18 +0100
-Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
- only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add
-  QemuRamfbDxe", 2018-06-14)
-
-QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in
-commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library
-instance") logs many messages on the VERBOSE level; for example, a normal
-boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
-dependent on the progress bar, when the VERBOSE bit is set in
-PcdDebugPrintErrorLevel.
-
-QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
-none of its messages this way.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- ArmVirtPkg/ArmVirtQemu.dsc       | 5 ++++-
- ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
- 2 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index a4cd66b846..aac4094665 100644
---- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -421,7 +421,10 @@
-   #
-   # Video support
-   #
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
-   OvmfPkg/PlatformDxe/Platform.inf
- 
-diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index d2b3f24394..c9a635e80b 100644
---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
-+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -399,7 +399,10 @@
-   #
-   # Video support
-   #
--  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
-+  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
-   OvmfPkg/PlatformDxe/Platform.inf
- 
--- 
-2.18.1
-
diff --git a/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
new file mode 100644
index 0000000..ed65592
--- /dev/null
+++ b/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
@@ -0,0 +1,94 @@
+From 3cb92f9ba18ac79911bd5258ff4f949cc617ae89 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 21 Nov 2017 00:57:45 +0100
+Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Message-id: <20171120235748.29669-5-pbonzini@redhat.com>
+Patchwork-id: 77760
+O-Subject:  [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
+Bugzilla: 1488247
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Laszlo Ersek <lersek@redhat.com>
+
+Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed
+debug messages, and code in OvmfPkg logs many messages on the
+DEBUG_VERBOSE level.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117)
+(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9)
+(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76)
+(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027)
+(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50)
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 2 +-
+ OvmfPkg/OvmfPkgIa32X64.dsc | 2 +-
+ OvmfPkg/OvmfPkgX64.dsc     | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index accf5c0211..759075a815 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -479,7 +479,7 @@
+   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
+   #                             // significantly impact boot performance
+   # DEBUG_ERROR     0x80000000  // Error
+-  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
+ 
+ !ifdef $(SOURCE_DEBUG_ENABLE)
+   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 8812da9943..634e20f09c 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -484,7 +484,7 @@
+   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
+   #                             // significantly impact boot performance
+   # DEBUG_ERROR     0x80000000  // Error
+-  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
+ 
+ !ifdef $(SOURCE_DEBUG_ENABLE)
+   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 73e1b7824f..bc5a345a37 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -484,7 +484,7 @@
+   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
+   #                             // significantly impact boot performance
+   # DEBUG_ERROR     0x80000000  // Error
+-  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F
+ 
+ !ifdef $(SOURCE_DEBUG_ENABLE)
+   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
+-- 
+2.18.1
+
diff --git a/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
new file mode 100644
index 0000000..ca0d4d0
--- /dev/null
+++ b/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
@@ -0,0 +1,141 @@
+From c8c3f893e7c3710afe45c46839e97954871536e4 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 21 Nov 2017 00:57:46 +0100
+Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
+ QemuVideoDxe/QemuRamfbDxe (RH)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in
+  QemuVideoDxe when we have CSM", 2019-06-26), the contexts of
+  "QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files.
+  Resolve the conflict manually.
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14)
+  introduced another GOP driver that consumes FrameBufferBltLib, and
+  thereby produces a large number of (mostly useless) debug messages at
+  the DEBUG_VERBOSE level. Extend the patch to suppress those messages in
+  both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly.
+  QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also
+  the original commit message at the bottom of this downstream patch).
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Message-id: <20171120235748.29669-6-pbonzini@redhat.com>
+Patchwork-id: 77761
+O-Subject:  [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
+	QemuVideoDxe (RH only)
+Bugzilla: 1488247
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Laszlo Ersek <lersek@redhat.com>
+
+In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses
+MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to
+FrameBufferBltLib.
+
+The FrameBufferBltLib instance added in commit b1ca386074bd
+("MdeModulePkg: Add FrameBufferBltLib library instance") logs many
+messages on the VERBOSE level; for example, a normal boot with OVMF can
+produce 500+ "VideoFill" messages, dependent on the progress bar, when the
+VERBOSE bit is set in PcdDebugPrintErrorLevel.
+
+QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose
+none of its messages this way.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52)
+(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3)
+(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0)
+(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1)
+(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850)
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 10 ++++++++--
+ OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++--
+ OvmfPkg/OvmfPkgX64.dsc     | 10 ++++++++--
+ 3 files changed, 24 insertions(+), 6 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 759075a815..6a07a6af81 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -742,9 +742,15 @@
+   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+ 
+ !ifndef $(CSM_ENABLE)
+-  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
++  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+ !endif
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index 634e20f09c..c7f52992e9 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -755,9 +755,15 @@
+   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+ 
+ !ifndef $(CSM_ENABLE)
+-  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
++  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+ !endif
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index bc5a345a37..594ecb5362 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -753,9 +753,15 @@
+   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
+ 
+ !ifndef $(CSM_ENABLE)
+-  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf
++  OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+ !endif
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ 
+   #
+-- 
+2.18.1
+
diff --git a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
deleted file mode 100644
index b61d745..0000000
--- a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 58bba429b9ec7b78109940ef945d0dc93f3cd958 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Tue, 21 Nov 2017 00:57:47 +0100
-Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
- only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- no change
-
-Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
-RHEL-8.0/20180508-ee3198e672e2 rebase:
-
-- reorder the rebase changelog in the commit message so that it reads like
-  a blog: place more recent entries near the top
-- no changes to the patch body
-
-Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
-
-- no changes
-
-Message-id: <20171120235748.29669-7-pbonzini@redhat.com>
-Patchwork-id: 77759
-O-Subject:  [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
-	NvmExpressDxe (RH only)
-Bugzilla: 1488247
-Acked-by: Laszlo Ersek <lersek@redhat.com>
-Acked-by: Thomas Huth <thuth@redhat.com>
-
-From: Laszlo Ersek <lersek@redhat.com>
-
-NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
-level.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f)
-(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
-(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
-(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc    | 5 ++++-
- OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
- OvmfPkg/OvmfPkgX64.dsc     | 5 ++++-
- 3 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 8f1cf80fe6..bbf5e38274 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -740,7 +740,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
-   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
-   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
--  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
-+  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
-   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 62d6d6c406..3ec1b916e7 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -749,7 +749,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
-   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
-   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
--  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
-+  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
-   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 992b141113..ea54b4b8e8 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -747,7 +747,10 @@
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
-   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
-   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
--  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
-+  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
-+    <PcdsFixedAtBuild>
-+      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
-+  }
-   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
-   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
-   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
--- 
-2.18.1
-
diff --git a/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
new file mode 100644
index 0000000..efee09b
--- /dev/null
+++ b/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
@@ -0,0 +1,85 @@
+From e5b8152bced2364a1ded0926dbba4d65e23e3f84 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Wed, 27 Jan 2016 03:05:18 +0100
+Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH
+ only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- The previous version of this patch (downstream commit 76b4ac28e975)
+  caused a regression (RHBZ#1714446), which was fixed up in downstream
+  commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking
+  ~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05).
+
+  Squash the fixup into the original patch. Fuse the commit messages.
+  (Acked-by tags are not preserved, lest we confuse ourselves while
+  reviewing this rebase.)
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add
+  QemuRamfbDxe", 2018-06-14)
+
+QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in
+commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library
+instance") logs many messages on the VERBOSE level; for example, a normal
+boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages,
+dependent on the progress bar, when the VERBOSE bit is set in
+PcdDebugPrintErrorLevel.
+
+Clear the VERBOSE bit without touching other bits -- those other bits
+differ between the "silent" and "verbose" builds, so we can't set them as
+constants.
+
+QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose
+none of its messages, with the VERBOSE bit clear.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756)
+Reported-by: Andrew Jones <drjones@redhat.com>
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
+(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc)
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ ArmVirtPkg/ArmVirtQemu.dsc       | 5 ++++-
+ ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
+index 08c7a36339..b3dcdd747b 100644
+--- a/ArmVirtPkg/ArmVirtQemu.dsc
++++ b/ArmVirtPkg/ArmVirtQemu.dsc
+@@ -422,7 +422,10 @@
+   #
+   # Video support
+   #
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
++  }
+   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/PlatformDxe/Platform.inf
+ 
+diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+index 27e65b7638..008181055a 100644
+--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
+@@ -400,7 +400,10 @@
+   #
+   # Video support
+   #
+-  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++  OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF
++  }
+   OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+   OvmfPkg/PlatformDxe/Platform.inf
+ 
+-- 
+2.18.1
+
diff --git a/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
new file mode 100644
index 0000000..da55568
--- /dev/null
+++ b/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
@@ -0,0 +1,83 @@
+From aa2b66b18a62d652bdbefae7b5732297294306ca Mon Sep 17 00:00:00 2001
+From: Philippe Mathieu-Daude <philmd@redhat.com>
+Date: Thu, 1 Aug 2019 20:43:48 +0200
+Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent
+ builds (RH only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- We have to carry this downstream-only patch -- committed originally as
+  aaaedc1e2cfd -- indefinitely.
+
+- To avoid confusion, remove the tags from the commit message that had
+  been added by the downstream maintainer scripts, such as: Message-id,
+  Patchwork-id, O-Subject, Acked-by. These remain available on the
+  original downstream commit. The Bugzilla line is preserved, as it
+  doesn't relate to a specific posting, but to the problem.
+
+Bugzilla: 1714446
+
+To suppress an error message on the silent build when ramfb is
+not configured, change QemuRamfbDxe to return EFI_SUCCESS even
+when it fails.
+Some memory is wasted (driver stays resident without
+any good use), but it is mostly harmless, as the memory
+is released by the OS after ExitBootServices().
+
+Suggested-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Philippe Mathieu-Daude <philmd@redhat.com>
+(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7)
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ OvmfPkg/QemuRamfbDxe/QemuRamfb.c      | 14 ++++++++++++++
+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf |  1 +
+ 2 files changed, 15 insertions(+)
+
+diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
+index 0d49d8bbab..dbf9bcbe16 100644
+--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c
+@@ -13,6 +13,7 @@
+ #include <Library/BaseLib.h>
+ #include <Library/BaseMemoryLib.h>
+ #include <Library/DebugLib.h>
++#include <Library/DebugPrintErrorLevelLib.h>
+ #include <Library/DevicePathLib.h>
+ #include <Library/FrameBufferBltLib.h>
+ #include <Library/MemoryAllocationLib.h>
+@@ -242,6 +243,19 @@ InitializeQemuRamfb (
+ 
+   Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize);
+   if (EFI_ERROR (Status)) {
++#if defined (MDE_CPU_AARCH64)
++    //
++    // RHBZ#1714446
++    // If no ramfb device was configured, this platform DXE driver should
++    // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even
++    // using a silent build, an error message is issued to the guest console.
++    // Since this confuse users, return success and stay resident. The wasted
++    // guest RAM still gets freed later after ExitBootServices().
++    //
++    if (GetDebugPrintErrorLevel () == DEBUG_ERROR) {
++      return EFI_SUCCESS;
++    }
++#endif
+     return EFI_NOT_FOUND;
+   }
+   if (FwCfgSize != sizeof (RAMFB_CONFIG)) {
+diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+index e3890b8c20..6ffee5acb2 100644
+--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf
+@@ -29,6 +29,7 @@
+   BaseLib
+   BaseMemoryLib
+   DebugLib
++  DebugPrintErrorLevelLib
+   DevicePathLib
+   FrameBufferBltLib
+   MemoryAllocationLib
+-- 
+2.18.1
+
diff --git a/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
new file mode 100644
index 0000000..fd79c90
--- /dev/null
+++ b/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
@@ -0,0 +1,104 @@
+From b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Tue, 21 Nov 2017 00:57:47 +0100
+Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH
+ only)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- no change
+
+Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
+RHEL-8.1/20190308-89910a39dcfd rebase:
+
+- no change
+
+Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 ->
+RHEL-8.0/20180508-ee3198e672e2 rebase:
+
+- reorder the rebase changelog in the commit message so that it reads like
+  a blog: place more recent entries near the top
+- no changes to the patch body
+
+Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase:
+
+- no changes
+
+Message-id: <20171120235748.29669-7-pbonzini@redhat.com>
+Patchwork-id: 77759
+O-Subject:  [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
+	NvmExpressDxe (RH only)
+Bugzilla: 1488247
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Acked-by: Thomas Huth <thuth@redhat.com>
+
+From: Laszlo Ersek <lersek@redhat.com>
+
+NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE
+level.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f)
+(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4)
+(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8)
+(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6)
+(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958)
+---
+ OvmfPkg/OvmfPkgIa32.dsc    | 5 ++++-
+ OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++-
+ OvmfPkg/OvmfPkgX64.dsc     | 5 ++++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
+index 6a07a6af81..1c56e0948a 100644
+--- a/OvmfPkg/OvmfPkgIa32.dsc
++++ b/OvmfPkg/OvmfPkgIa32.dsc
+@@ -735,7 +735,10 @@
+   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+-  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
++  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
+index c7f52992e9..29e12c9dff 100644
+--- a/OvmfPkg/OvmfPkgIa32X64.dsc
++++ b/OvmfPkg/OvmfPkgIa32X64.dsc
+@@ -748,7 +748,10 @@
+   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+-  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
++  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
+index 594ecb5362..11fe9f6050 100644
+--- a/OvmfPkg/OvmfPkgX64.dsc
++++ b/OvmfPkg/OvmfPkgX64.dsc
+@@ -746,7 +746,10 @@
+   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
+   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
+-  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
++  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf {
++    <PcdsFixedAtBuild>
++      gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F
++  }
+   MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf
+   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
+-- 
+2.18.1
+
diff --git a/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch b/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
deleted file mode 100644
index 85ce534..0000000
--- a/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d382b66affafe06c7e470e0a2dffbd3634b363f1 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 19 Mar 2019 15:48:34 +0100
-Subject: Downgrade CryptoPkg INF files to OpenSSL 1.1.0i (RH only)
-
-Notes about the RHEL-8.0/20180508-ee3198e672e2 ->
-RHEL-8.1/20190308-89910a39dcfd rebase:
-
-- new patch, due to upstream commit a18f784cfdbe ("Upgrade OpenSSL to
-  1.1.0j", 2018-12-21)
-
-Upstream commit a18f784cfdbe (see above) advanced the OpenSSL git
-submodule from upstream OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h
-release", 2018-03-27) to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare
-for 1.1.0j release", 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i.
-
-However, Fedora 28 only offers 1.1.0i at this point (and it will not be
-rebased again until 1.1.0k is released). Therefore hunks in the upstream
-CryptoPkg commit that relate specifically to 1.1.0j have to be backed out.
-
-The only such hunks are the "crypto/getenv.c" additions to the INF files.
-The related upstream OpenSSL change was commit 1abdf08284af ("Use
-secure_getenv(3) when available.", 2018-09-24), part of tag
-"OpenSSL_1_1_0j".
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
----
- CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 1 -
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-index 6162d29143..fcb8bfddde 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-@@ -282,7 +282,6 @@
-   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-   $(OPENSSL_PATH)/crypto/evp/scrypt.c
-   $(OPENSSL_PATH)/crypto/ex_data.c
--  $(OPENSSL_PATH)/crypto/getenv.c
-   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
-   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
-   $(OPENSSL_PATH)/crypto/hmac/hmac.c
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-index b04bf62b4e..99ff89da0e 100644
---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-@@ -282,7 +282,6 @@
-   $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c
-   $(OPENSSL_PATH)/crypto/evp/scrypt.c
-   $(OPENSSL_PATH)/crypto/ex_data.c
--  $(OPENSSL_PATH)/crypto/getenv.c
-   $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c
-   $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c
-   $(OPENSSL_PATH)/crypto/hmac/hmac.c
--- 
-2.18.1
-
diff --git a/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch b/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
new file mode 100644
index 0000000..da424bc
--- /dev/null
+++ b/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
@@ -0,0 +1,79 @@
+From 57bd3f146590df8757865d8f2cdd1db3cf3f4d40 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Sat, 16 Nov 2019 17:11:27 +0100
+Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs
+ (RH)
+
+Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
+RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
+
+- new patch
+
+The downstream changes in RHEL8's OpenSSL package, for example in
+"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
+preexistent code into those new files. In order to avoid undefined
+references in link editing, we have to list the new files.
+
+Note: "process_files.pl" is not re-run at this time manually, because
+
+(a) "process_files.pl" would pollute the file list (and some of the
+    auto-generated header files) with RHEL8-specific FIPS artifacts, which
+    are explicitly unwanted in edk2,
+
+(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
+    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
+    and will help with future changes too.
+
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+---
+ CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 11 +++++++++++
+ CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+index dd873a0dcd..d1c7602b87 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
+@@ -598,6 +598,17 @@
+   $(OPENSSL_PATH)/ssl/record/record.h
+   $(OPENSSL_PATH)/ssl/record/record_locl.h
+ # Autogenerated files list ends here
++# RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
++  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
++  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
++  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
++  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
++  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
++  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
++  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
++  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
++# RHEL8-specific OpenSSL file list ends here
+ 
+   ossl_store.c
+   rand_pool.c
+diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+index a1bb560255..0785a421dd 100644
+--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
+@@ -546,6 +546,17 @@
+   $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
+   $(OPENSSL_PATH)/crypto/objects/obj_xref.h
+ # Autogenerated files list ends here
++# RHEL8-specific OpenSSL file list starts here
++  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
++  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
++  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
++  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
++  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
++  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
++  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
++  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
++  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
++# RHEL8-specific OpenSSL file list ends here
+   buildinf.h
+   rand_pool_noise.h
+   ossl_store.c
+-- 
+2.18.1
+
diff --git a/SOURCES/RedHatSecureBootPkKek1.pem b/SOURCES/RedHatSecureBootPkKek1.pem
new file mode 100644
index 0000000..d302362
--- /dev/null
+++ b/SOURCES/RedHatSecureBootPkKek1.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
+BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
+9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
+MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
+RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
++d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
+huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
+bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
+3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
+y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
+AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
+YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
+HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
+ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
+3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
+1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
+qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
+NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
+R+SqIs/vdWGA40O3SFdzET14m2k=
+-----END CERTIFICATE-----
diff --git a/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch b/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch
new file mode 100644
index 0000000..fba10c3
--- /dev/null
+++ b/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch
@@ -0,0 +1,338 @@
+From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:53 +0100
+Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-6-lersek@redhat.com>
+Patchwork-id: 92461
+O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
+edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib,
+StdLibPrivateInternalFiles", 2019-04-29).
+
+We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
+"inet_pton.c" file from just before the StdLib removal, as follows:
+
+  $ git show \
+      964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
+      > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
+
+The inet_pton() function is only intended for the DXE phase at this time,
+therefore only the "BaseCryptLib" instance INF file receives the new file.
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
+(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3)
+---
+ CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf    |   1 +
+ CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++
+ CryptoPkg/Library/Include/CrtLibSupport.h          |   1 +
+ 3 files changed, 259 insertions(+)
+ create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
+
+diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+index 8d4988e..b5cfd8b 100644
+--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
++++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
+@@ -58,6 +58,7 @@
+   SysCall/CrtWrapper.c
+   SysCall/TimerWrapper.c
+   SysCall/BaseMemAllocation.c
++  SysCall/inet_pton.c
+ 
+ [Sources.Ia32]
+   Rand/CryptRandTsc.c
+diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
+new file mode 100644
+index 0000000..32e1ab8
+--- /dev/null
++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
+@@ -0,0 +1,257 @@
++/* Copyright (c) 1996 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++/*
++ * Portions copyright (c) 1999, 2000
++ * Intel Corporation.
++ * All rights reserved.
++ * 
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 
++ * 3. All advertising materials mentioning features or use of this software
++ *    must display the following acknowledgement:
++ * 
++ *    This product includes software developed by Intel Corporation and
++ *    its contributors.
++ * 
++ * 4. Neither the name of Intel Corporation or its contributors may be
++ *    used to endorse or promote products derived from this software
++ *    without specific prior written permission.
++ * 
++ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE
++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
++ * THE POSSIBILITY OF SUCH DAMAGE.
++ * 
++ */
++
++#if defined(LIBC_SCCS) && !defined(lint)
++static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
++#endif /* LIBC_SCCS and not lint */
++
++#include <sys/param.h>
++#include <sys/types.h>
++#include <sys/socket.h>
++#include <netinet/in.h>
++#include <arpa/inet.h>
++#include <arpa/nameser.h>
++#include <string.h>
++#include <errno.h>
++
++/*
++ * WARNING: Don't even consider trying to compile this on a system where
++ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
++ */
++
++static int	inet_pton4 (const char *src, u_char *dst);
++static int	inet_pton6 (const char *src, u_char *dst);
++
++/* int
++ * inet_pton(af, src, dst)
++ *	convert from presentation format (which usually means ASCII printable)
++ *	to network format (which is usually some kind of binary format).
++ * return:
++ *	1 if the address was valid for the specified address family
++ *	0 if the address wasn't valid (`dst' is untouched in this case)
++ *	-1 if some other error occurred (`dst' is untouched in this case, too)
++ * author:
++ *	Paul Vixie, 1996.
++ */
++int
++inet_pton(
++	int af,
++	const char *src,
++	void *dst
++	)
++{
++	switch (af) {
++	case AF_INET:
++		return (inet_pton4(src, dst));
++	case AF_INET6:
++		return (inet_pton6(src, dst));
++	default:
++		errno = EAFNOSUPPORT;
++		return (-1);
++	}
++	/* NOTREACHED */
++}
++
++/* int
++ * inet_pton4(src, dst)
++ *	like inet_aton() but without all the hexadecimal and shorthand.
++ * return:
++ *	1 if `src' is a valid dotted quad, else 0.
++ * notice:
++ *	does not touch `dst' unless it's returning 1.
++ * author:
++ *	Paul Vixie, 1996.
++ */
++static int
++inet_pton4(
++	const char *src,
++	u_char *dst
++	)
++{
++	static const char digits[] = "0123456789";
++	int saw_digit, octets, ch;
++	u_char tmp[NS_INADDRSZ], *tp;
++
++	saw_digit = 0;
++	octets = 0;
++	*(tp = tmp) = 0;
++	while ((ch = *src++) != '\0') {
++		const char *pch;
++
++		if ((pch = strchr(digits, ch)) != NULL) {
++			u_int new = *tp * 10 + (u_int)(pch - digits);
++
++			if (new > 255)
++				return (0);
++			*tp = (u_char)new;
++			if (! saw_digit) {
++				if (++octets > 4)
++					return (0);
++				saw_digit = 1;
++			}
++		} else if (ch == '.' && saw_digit) {
++			if (octets == 4)
++				return (0);
++			*++tp = 0;
++			saw_digit = 0;
++		} else
++			return (0);
++	}
++	if (octets < 4)
++		return (0);
++
++	memcpy(dst, tmp, NS_INADDRSZ);
++	return (1);
++}
++
++/* int
++ * inet_pton6(src, dst)
++ *	convert presentation level address to network order binary form.
++ * return:
++ *	1 if `src' is a valid [RFC1884 2.2] address, else 0.
++ * notice:
++ *	(1) does not touch `dst' unless it's returning 1.
++ *	(2) :: in a full address is silently ignored.
++ * credit:
++ *	inspired by Mark Andrews.
++ * author:
++ *	Paul Vixie, 1996.
++ */
++static int
++inet_pton6(
++	const char *src,
++	u_char *dst
++	)
++{
++	static const char xdigits_l[] = "0123456789abcdef",
++			  xdigits_u[] = "0123456789ABCDEF";
++	u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
++	const char *xdigits, *curtok;
++	int ch, saw_xdigit;
++	u_int val;
++
++	memset((tp = tmp), '\0', NS_IN6ADDRSZ);
++	endp = tp + NS_IN6ADDRSZ;
++	colonp = NULL;
++	/* Leading :: requires some special handling. */
++	if (*src == ':')
++		if (*++src != ':')
++			return (0);
++	curtok = src;
++	saw_xdigit = 0;
++	val = 0;
++	while ((ch = *src++) != '\0') {
++		const char *pch;
++
++		if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
++			pch = strchr((xdigits = xdigits_u), ch);
++		if (pch != NULL) {
++			val <<= 4;
++			val |= (pch - xdigits);
++			if (val > 0xffff)
++				return (0);
++			saw_xdigit = 1;
++			continue;
++		}
++		if (ch == ':') {
++			curtok = src;
++			if (!saw_xdigit) {
++				if (colonp)
++					return (0);
++				colonp = tp;
++				continue;
++			}
++			if (tp + NS_INT16SZ > endp)
++				return (0);
++			*tp++ = (u_char) (val >> 8) & 0xff;
++			*tp++ = (u_char) val & 0xff;
++			saw_xdigit = 0;
++			val = 0;
++			continue;
++		}
++		if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
++		    inet_pton4(curtok, tp) > 0) {
++			tp += NS_INADDRSZ;
++			saw_xdigit = 0;
++			break;	/* '\0' was seen by inet_pton4(). */
++		}
++		return (0);
++	}
++	if (saw_xdigit) {
++		if (tp + NS_INT16SZ > endp)
++			return (0);
++		*tp++ = (u_char) (val >> 8) & 0xff;
++		*tp++ = (u_char) val & 0xff;
++	}
++	if (colonp != NULL) {
++		/*
++		 * Since some memmove()'s erroneously fail to handle
++		 * overlapping regions, we'll do the shift by hand.
++		 */
++		const int n = (int)(tp - colonp);
++		int i;
++
++		for (i = 1; i <= n; i++) {
++			endp[- i] = colonp[n - i];
++			colonp[n - i] = 0;
++		}
++		tp = endp;
++	}
++	if (tp != endp)
++		return (0);
++	memcpy(dst, tmp, NS_IN6ADDRSZ);
++	return (1);
++}
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index e603fad..5a20ba6 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
++++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -192,6 +192,7 @@ void           abort       (void) __attribute__((__noreturn__));
+ #else
+ void           abort       (void);
+ #endif
++int            inet_pton   (int, const char *, void *);
+ 
+ //
+ // Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch b/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch
new file mode 100644
index 0000000..e38a454
--- /dev/null
+++ b/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch
@@ -0,0 +1,188 @@
+From 1ab1024f94401300fe9a1d5cdce6c15a2b091e02 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:50 +0100
+Subject: [PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies
+ (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-5-lersek@redhat.com>
+Patchwork-id: 92453
+O-Subject: [RHEL-8.2.0 edk2 PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+In a later patch in this series, we're going to resurrect "inet_pton.c"
+(originally from the StdLib package). That source file has a number of
+standard C and BSD socket dependencies. Provide those dependencies here:
+
+- The header files below will simply #include <CrtLibSupport.h>:
+
+  - arpa/inet.h
+  - arpa/nameser.h
+  - netinet/in.h
+  - sys/param.h
+  - sys/socket.h
+
+- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
+  e2d3a25f1a31; which is the commit immediately preceding the removal of
+  StdLib from edk2 (964f432b9b0a).
+
+  Note that the other error macro, which we alread #define, namely EINVAL,
+  has a value (22) that also matches "StdLib/Include/errno.h".
+
+- The AF_INET and AF_INET6 address family macros come from
+  "StdLib/Include/sys/socket.h".
+
+- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
+  "StdLib/Include/arpa/nameser.h".
+
+- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
+(cherry picked from commit 2ac41c12c0d4b3d3ee8f905ab80da019e784de00)
+---
+ CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
+ CryptoPkg/Library/Include/arpa/inet.h     |  9 +++++++++
+ CryptoPkg/Library/Include/arpa/nameser.h  |  9 +++++++++
+ CryptoPkg/Library/Include/netinet/in.h    |  9 +++++++++
+ CryptoPkg/Library/Include/sys/param.h     |  9 +++++++++
+ CryptoPkg/Library/Include/sys/socket.h    |  9 +++++++++
+ 6 files changed, 61 insertions(+)
+ create mode 100644 CryptoPkg/Library/Include/arpa/inet.h
+ create mode 100644 CryptoPkg/Library/Include/arpa/nameser.h
+ create mode 100644 CryptoPkg/Library/Include/netinet/in.h
+ create mode 100644 CryptoPkg/Library/Include/sys/param.h
+ create mode 100644 CryptoPkg/Library/Include/sys/socket.h
+
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index b90da20..e603fad 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
++++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -74,6 +74,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ // Definitions for global constants used by CRT library routines
+ //
+ #define EINVAL       22               /* Invalid argument */
++#define EAFNOSUPPORT 47               /* Address family not supported by protocol family */
+ #define INT_MAX      0x7FFFFFFF       /* Maximum (signed) int value */
+ #define LONG_MAX     0X7FFFFFFFL      /* max value for a long */
+ #define LONG_MIN     (-LONG_MAX-1)    /* min value for a long */
+@@ -81,13 +82,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ #define CHAR_BIT     8                /* Number of bits in a char */
+ 
+ //
++// Address families.
++//
++#define AF_INET   2     /* internetwork: UDP, TCP, etc. */
++#define AF_INET6  24    /* IP version 6 */
++
++//
++// Define constants based on RFC0883, RFC1034, RFC 1035
++//
++#define NS_INT16SZ    2   /*%< #/bytes of data in a u_int16_t */
++#define NS_INADDRSZ   4   /*%< IPv4 T_A */
++#define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
++
++//
+ // Basic types mapping
+ //
+ typedef UINTN          size_t;
++typedef UINTN          u_int;
+ typedef INTN           ssize_t;
+ typedef INT32          time_t;
+ typedef UINT8          __uint8_t;
+ typedef UINT8          sa_family_t;
++typedef UINT8          u_char;
+ typedef UINT32         uid_t;
+ typedef UINT32         gid_t;
+ 
+diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h
+new file mode 100644
+index 0000000..988e4e0
+--- /dev/null
++++ b/CryptoPkg/Library/Include/arpa/inet.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building third-party standard C / BSD sockets code.
++
++  Copyright (C) 2019, Red Hat, Inc.
++
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h
+new file mode 100644
+index 0000000..988e4e0
+--- /dev/null
++++ b/CryptoPkg/Library/Include/arpa/nameser.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building third-party standard C / BSD sockets code.
++
++  Copyright (C) 2019, Red Hat, Inc.
++
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h
+new file mode 100644
+index 0000000..988e4e0
+--- /dev/null
++++ b/CryptoPkg/Library/Include/netinet/in.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building third-party standard C / BSD sockets code.
++
++  Copyright (C) 2019, Red Hat, Inc.
++
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h
+new file mode 100644
+index 0000000..988e4e0
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/param.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building third-party standard C / BSD sockets code.
++
++  Copyright (C) 2019, Red Hat, Inc.
++
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <CrtLibSupport.h>
+diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h
+new file mode 100644
+index 0000000..988e4e0
+--- /dev/null
++++ b/CryptoPkg/Library/Include/sys/socket.h
+@@ -0,0 +1,9 @@
++/** @file
++  Include file to support building third-party standard C / BSD sockets code.
++
++  Copyright (C) 2019, Red Hat, Inc.
++
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#include <CrtLibSupport.h>
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch b/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch
new file mode 100644
index 0000000..3f4fd02
--- /dev/null
+++ b/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch
@@ -0,0 +1,86 @@
+From 697cb1880b624f83bc9e926c3614d070eb365f06 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:47 +0100
+Subject: [PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function
+ (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-4-lersek@redhat.com>
+Patchwork-id: 92458
+O-Subject: [RHEL-8.2.0 edk2 PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+According to the ISO C standard, strchr() is a function. We #define it as
+a macro. Unfortunately, our macro evaluates the first argument ("str")
+twice. If the expression passed for "str" has side effects, the behavior
+may be undefined.
+
+In a later patch in this series, we're going to resurrect "inet_pton.c"
+(originally from the StdLib package), which calls strchr() just like that:
+
+  strchr((xdigits = xdigits_l), ch)
+  strchr((xdigits = xdigits_u), ch)
+
+To enable this kind of function call, turn strchr() into a function.
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
+(cherry picked from commit eb520d94dba7369d1886cd5522d5a2c36fb02209)
+---
+ CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++
+ CryptoPkg/Library/Include/CrtLibSupport.h           | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+index 71a2ef3..42235ab 100644
+--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+@@ -115,6 +115,11 @@ QuickSortWorker (
+ // -- String Manipulation Routines --
+ //
+ 
++char *strchr(const char *str, int ch)
++{
++  return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch);
++}
++
+ /* Scan a string for the last occurrence of a character */
+ char *strrchr (const char *str, int c)
+ {
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index 5806f50..b90da20 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
++++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -147,6 +147,7 @@ int            isupper     (int);
+ int            tolower     (int);
+ int            strcmp      (const char *, const char *);
+ int            strncasecmp (const char *, const char *, size_t);
++char           *strchr     (const char *, int);
+ char           *strrchr    (const char *, int);
+ unsigned long  strtoul     (const char *, char **, int);
+ long           strtol      (const char *, char **, int);
+@@ -188,7 +189,6 @@ void           abort       (void);
+ #define strcpy(strDest,strSource)         AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
+ #define strncpy(strDest,strSource,count)  AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
+ #define strcat(strDest,strSource)         AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource)
+-#define strchr(str,ch)                    ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
+ #define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
+ #define strcasecmp(str1,str2)             (int)AsciiStriCmp(str1,str2)
+ #define sprintf(buf,...)                  AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__)
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch b/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch
new file mode 100644
index 0000000..bdaff30
--- /dev/null
+++ b/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch
@@ -0,0 +1,134 @@
+From 3885ce313d1d06359aa76b085668c1391d8a5f50 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:43 +0100
+Subject: [PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost"
+ (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-3-lersek@redhat.com>
+Patchwork-id: 92460
+O-Subject: [RHEL-8.2.0 edk2 PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
+
+REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+In the patch, we add the new API "TlsSetVerifyHost" for the TLS
+protocol to set the specified host name that need to be verified.
+
+Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
+Reviewed-by: Ye Ting <ting.ye@intel.com>
+Reviewed-by: Long Qin <qin.long@intel.com>
+Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
+Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
+(cherry picked from commit 2ca74e1a175232cc201798e27437700adc7fb07e)
+---
+ CryptoPkg/Include/Library/TlsLib.h   | 20 +++++++++++++++++++
+ CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++++++++++++++++++-
+ 2 files changed, 57 insertions(+), 1 deletion(-)
+
+diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h
+index 9875cb6..3af7d4b 100644
+--- a/CryptoPkg/Include/Library/TlsLib.h
++++ b/CryptoPkg/Include/Library/TlsLib.h
+@@ -397,6 +397,26 @@ TlsSetVerify (
+   );
+ 
+ /**
++  Set the specified host name to be verified.
++
++  @param[in]  Tls           Pointer to the TLS object.
++  @param[in]  Flags         The setting flags during the validation.
++  @param[in]  HostName      The specified host name to be verified.
++
++  @retval  EFI_SUCCESS           The HostName setting was set successfully.
++  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
++  @retval  EFI_ABORTED           Invalid HostName setting.
++
++**/
++EFI_STATUS
++EFIAPI
++TlsSetVerifyHost (
++  IN     VOID                     *Tls,
++  IN     UINT32                   Flags,
++  IN     CHAR8                    *HostName
++  );
++
++/**
+   Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+ 
+   This function sets a session ID to be used when the TLS/SSL connection is
+diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
+index 74b577d..2bf5aee 100644
+--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
++++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
+@@ -1,7 +1,7 @@
+ /** @file
+   SSL/TLS Configuration Library Wrapper Implementation over OpenSSL.
+ 
+-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
++Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+ 
+@@ -498,6 +498,42 @@ TlsSetVerify (
+ }
+ 
+ /**
++  Set the specified host name to be verified.
++
++  @param[in]  Tls           Pointer to the TLS object.
++  @param[in]  Flags         The setting flags during the validation.
++  @param[in]  HostName      The specified host name to be verified.
++
++  @retval  EFI_SUCCESS           The HostName setting was set successfully.
++  @retval  EFI_INVALID_PARAMETER The parameter is invalid.
++  @retval  EFI_ABORTED           Invalid HostName setting.
++
++**/
++EFI_STATUS
++EFIAPI
++TlsSetVerifyHost (
++  IN     VOID                     *Tls,
++  IN     UINT32                   Flags,
++  IN     CHAR8                    *HostName
++  )
++{
++  TLS_CONNECTION  *TlsConn;
++
++  TlsConn = (TLS_CONNECTION *) Tls;
++  if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
++     return EFI_INVALID_PARAMETER;
++  }
++
++  SSL_set_hostflags(TlsConn->Ssl, Flags);
++
++  if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
++    return EFI_ABORTED;
++  }
++
++  return EFI_SUCCESS;
++}
++
++/**
+   Sets a TLS/SSL session ID to be used during TLS/SSL connect.
+ 
+   This function sets a session ID to be used when the TLS/SSL connection is
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch b/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch
new file mode 100644
index 0000000..e9fae52
--- /dev/null
+++ b/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch
@@ -0,0 +1,100 @@
+From 970b5f67512e00fb26765a14b4a1cb8a8a04276d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:57 +0100
+Subject: [PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address
+ literals as such (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-7-lersek@redhat.com>
+Patchwork-id: 92452
+O-Subject: [RHEL-8.2.0 edk2 PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+Using the inet_pton() function that we imported in the previous patches,
+recognize if "HostName" is an IP address literal, and then parse it into
+binary representation. Passing the latter to OpenSSL for server
+certificate validation is important, per RFC-2818
+<https://tools.ietf.org/html/rfc2818#section-3.1>:
+
+> In some cases, the URI is specified as an IP address rather than a
+> hostname. In this case, the iPAddress subjectAltName must be present in
+> the certificate and must exactly match the IP in the URI.
+
+Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL
+version that is currently consumed by edk2, said function depends on
+sscanf() for parsing IPv4 literals. In
+"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an
+empty -- always failing -- stub for sscanf(), however.
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+Suggested-by: David Woodhouse <dwmw2@infradead.org>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Acked-by: Jian J Wang <jian.j.wang@intel.com>
+Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
+(cherry picked from commit 1e72b1fb2ec597caedb5170079bb213f6d67f32a)
+---
+ CryptoPkg/Library/TlsLib/TlsConfig.c | 28 ++++++++++++++++++++++++----
+ 1 file changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c
+index 2bf5aee..307eb57 100644
+--- a/CryptoPkg/Library/TlsLib/TlsConfig.c
++++ b/CryptoPkg/Library/TlsLib/TlsConfig.c
+@@ -517,7 +517,11 @@ TlsSetVerifyHost (
+   IN     CHAR8                    *HostName
+   )
+ {
+-  TLS_CONNECTION  *TlsConn;
++  TLS_CONNECTION    *TlsConn;
++  X509_VERIFY_PARAM *VerifyParam;
++  UINTN             BinaryAddressSize;
++  UINT8             BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)];
++  INTN              ParamStatus;
+ 
+   TlsConn = (TLS_CONNECTION *) Tls;
+   if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) {
+@@ -526,11 +530,27 @@ TlsSetVerifyHost (
+ 
+   SSL_set_hostflags(TlsConn->Ssl, Flags);
+ 
+-  if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) {
+-    return EFI_ABORTED;
++  VerifyParam = SSL_get0_param (TlsConn->Ssl);
++  ASSERT (VerifyParam != NULL);
++
++  BinaryAddressSize = 0;
++  if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) {
++    BinaryAddressSize = NS_IN6ADDRSZ;
++  } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) {
++    BinaryAddressSize = NS_INADDRSZ;
+   }
+ 
+-  return EFI_SUCCESS;
++  if (BinaryAddressSize > 0) {
++    DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address "
++      "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName,
++      (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4')));
++    ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress,
++                    BinaryAddressSize);
++  } else {
++    ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0);
++  }
++
++  return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED;
+ }
+ 
+ /**
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch b/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch
new file mode 100644
index 0000000..f1b88d3
--- /dev/null
+++ b/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch
@@ -0,0 +1,156 @@
+From 22ebe3ff84003e9256759e230ac68da35c6d77a2 Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:31:37 +0100
+Subject: [PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of
+ EfiTlsVerifyHost (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-2-lersek@redhat.com>
+Patchwork-id: 92457
+O-Subject: [RHEL-8.2.0 edk2 PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
+
+REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+In the patch, we add the new data type named "EfiTlsVerifyHost" and
+the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP)
+to enable the host name check so as to avoid the potential
+Man-In-The-Middle attack.
+
+Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
+Reviewed-by: Ye Ting <ting.ye@intel.com>
+Reviewed-by: Long Qin <qin.long@intel.com>
+Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+Reviewed-by: Liming Gao <liming.gao@intel.com>
+(cherry picked from commit 31efec82796cb950e99d1622aa9c0eb8380613a0)
+---
+ MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 57 insertions(+), 11 deletions(-)
+
+diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h
+index bf1b672..af524ae 100644
+--- a/MdePkg/Include/Protocol/Tls.h
++++ b/MdePkg/Include/Protocol/Tls.h
+@@ -42,10 +42,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL;
+ ///
+ typedef enum {
+   ///
+-  /// Session Configuration
+-  ///
+-
+-  ///
+   /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION.
+   ///
+   EfiTlsVersion,
+@@ -86,11 +82,6 @@ typedef enum {
+   /// The corresponding Data is of type EFI_TLS_SESSION_STATE.
+   ///
+   EfiTlsSessionState,
+-
+-  ///
+-  /// Session information
+-  ///
+-
+   ///
+   /// TLS session data client random.
+   /// The corresponding Data is of type EFI_TLS_RANDOM.
+@@ -106,9 +97,15 @@ typedef enum {
+   /// The corresponding Data is of type EFI_TLS_MASTER_SECRET.
+   ///
+   EfiTlsKeyMaterial,
++  ///
++  /// TLS session hostname for validation which is used to verify whether the name
++  /// within the peer certificate matches a given host name.
++  /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE.
++  /// The corresponding Data is of type EFI_TLS_VERIFY_HOST.
++  ///
++  EfiTlsVerifyHost,
+ 
+   EfiTlsSessionDataTypeMaximum
+-
+ } EFI_TLS_SESSION_DATA_TYPE;
+ 
+ ///
+@@ -178,7 +175,8 @@ typedef UINT32  EFI_TLS_VERIFY;
+ ///
+ #define EFI_TLS_VERIFY_PEER                  0x1
+ ///
+-/// TLS session will fail peer certificate is absent.
++/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode.
++/// TLS session will fail if client certificate is absent.
+ ///
+ #define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT  0x2
+ ///
+@@ -188,6 +186,54 @@ typedef UINT32  EFI_TLS_VERIFY;
+ #define EFI_TLS_VERIFY_CLIENT_ONCE           0x4
+ 
+ ///
++/// EFI_TLS_VERIFY_HOST_FLAG
++///
++typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG;
++///
++/// There is no additional flags set for hostname validation.
++/// Wildcards are supported and they match only in the left-most label.
++///
++#define EFI_TLS_VERIFY_FLAG_NONE                    0x00
++///
++/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the
++/// certificate contains Subject Alternative Name (SAN).
++///
++#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT    0x01
++///
++/// Disable the match of all wildcards.
++///
++#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS            0x02
++///
++/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www").
++///
++#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS    0x04
++///
++/// Allow the "*" to match more than one labels. Otherwise, only matches a single label.
++///
++#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS   0x08
++///
++/// Restrict to only match direct child sub-domains which start with ".".
++/// For example, a name of ".example.com" would match "www.example.com" with this flag,
++/// but would not match "www.sub.example.com".
++///
++#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
++///
++/// Never check the Subject Distinguished Name (DN) even there is no
++/// Subject Alternative Name (SAN) in the certificate.
++///
++#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT     0x20
++
++///
++/// EFI_TLS_VERIFY_HOST
++///
++#pragma pack (1)
++typedef struct {
++  EFI_TLS_VERIFY_HOST_FLAG Flags;
++  CHAR8                    *HostName;
++} EFI_TLS_VERIFY_HOST;
++#pragma pack ()
++
++///
+ /// EFI_TLS_RANDOM
+ /// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1.
+ ///       Hello Messages".
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch b/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch
new file mode 100644
index 0000000..06caad5
--- /dev/null
+++ b/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch
@@ -0,0 +1,99 @@
+From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:32:04 +0100
+Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification
+ (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-9-lersek@redhat.com>
+Patchwork-id: 92459
+O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+
+From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
+
+REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+Set the HostName by consuming TLS protocol to enable the host name
+check so as to avoid the potential Man-In-The-Middle attack.
+
+Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
+Reviewed-by: Ye Ting <ting.ye@intel.com>
+Reviewed-by: Long Qin <qin.long@intel.com>
+Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f)
+---
+ NetworkPkg/HttpDxe/HttpProto.h    |  1 +
+ NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++----
+ 2 files changed, 18 insertions(+), 4 deletions(-)
+
+diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h
+index 6e1f517..34308e0 100644
+--- a/NetworkPkg/HttpDxe/HttpProto.h
++++ b/NetworkPkg/HttpDxe/HttpProto.h
+@@ -82,6 +82,7 @@ typedef struct {
+   EFI_TLS_VERSION               Version;
+   EFI_TLS_CONNECTION_END        ConnectionEnd;
+   EFI_TLS_VERIFY                VerifyMethod;
++  EFI_TLS_VERIFY_HOST           VerifyHost;
+   EFI_TLS_SESSION_STATE         SessionState;
+ } TLS_CONFIG_DATA;
+ 
+diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c
+index 988bbcb..5dfb13b 100644
+--- a/NetworkPkg/HttpDxe/HttpsSupport.c
++++ b/NetworkPkg/HttpDxe/HttpsSupport.c
+@@ -623,13 +623,16 @@ TlsConfigureSession (
+   //
+   // TlsConfigData initialization
+   //
+-  HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient;
+-  HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER;
+-  HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted;
++  HttpInstance->TlsConfigData.ConnectionEnd       = EfiTlsClient;
++  HttpInstance->TlsConfigData.VerifyMethod        = EFI_TLS_VERIFY_PEER;
++  HttpInstance->TlsConfigData.VerifyHost.Flags    = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS;
++  HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost;
++  HttpInstance->TlsConfigData.SessionState        = EfiTlsSessionNotStarted;
+ 
+   //
+   // EfiTlsConnectionEnd,
+-  // EfiTlsVerifyMethod
++  // EfiTlsVerifyMethod,
++  // EfiTlsVerifyHost,
+   // EfiTlsSessionState
+   //
+   Status = HttpInstance->Tls->SetSessionData (
+@@ -654,6 +657,16 @@ TlsConfigureSession (
+ 
+   Status = HttpInstance->Tls->SetSessionData (
+                                 HttpInstance->Tls,
++                                EfiTlsVerifyHost,
++                                &HttpInstance->TlsConfigData.VerifyHost,
++                                sizeof (EFI_TLS_VERIFY_HOST)
++                                );
++  if (EFI_ERROR (Status)) {
++    return Status;
++  }
++
++  Status = HttpInstance->Tls->SetSessionData (
++                                HttpInstance->Tls,
+                                 EfiTlsSessionState,
+                                 &(HttpInstance->TlsConfigData.SessionState),
+                                 sizeof (EFI_TLS_SESSION_STATE)
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch b/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch
new file mode 100644
index 0000000..3aa8efd
--- /dev/null
+++ b/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch
@@ -0,0 +1,117 @@
+From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001
+From: Laszlo Ersek <lersek@redhat.com>
+Date: Mon, 2 Dec 2019 12:32:00 +0100
+Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to
+ TlsDxe driver (CVE-2019-14553)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RH-Author: Laszlo Ersek <lersek@redhat.com>
+Message-id: <20191117220052.15700-8-lersek@redhat.com>
+Patchwork-id: 92456
+O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553)
+Bugzilla: 1536624
+RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
+
+REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960
+CVE: CVE-2019-14553
+The new data type named "EfiTlsVerifyHost" and the
+EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol.
+
+Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
+Reviewed-by: Ye Ting <ting.ye@intel.com>
+Reviewed-by: Long Qin <qin.long@intel.com>
+Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
+Acked-by: Laszlo Ersek <lersek@redhat.com>
+Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Jian J Wang <jian.j.wang@intel.com>
+Cc: Jiaxin Wu <jiaxin.wu@intel.com>
+Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
+Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
+Signed-off-by: Laszlo Ersek <lersek@redhat.com>
+(cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947)
+---
+ NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c
+index a7a993f..001e540 100644
+--- a/NetworkPkg/TlsDxe/TlsProtocol.c
++++ b/NetworkPkg/TlsDxe/TlsProtocol.c
+@@ -1,7 +1,7 @@
+ /** @file
+   Implementation of EFI TLS Protocol Interfaces.
+ 
+-  Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR>
++  Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>
+ 
+   SPDX-License-Identifier: BSD-2-Clause-Patent
+ 
+@@ -56,12 +56,16 @@ TlsSetSessionData (
+   UINT16                    *CipherId;
+   CONST EFI_TLS_CIPHER      *TlsCipherList;
+   UINTN                     CipherCount;
++  CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost;
++  EFI_TLS_VERIFY            VerifyMethod;
++  UINTN                     VerifyMethodSize;
+   UINTN                     Index;
+ 
+   EFI_TPL                   OldTpl;
+ 
+-  Status = EFI_SUCCESS;
+-  CipherId = NULL;
++  Status           = EFI_SUCCESS;
++  CipherId         = NULL;
++  VerifyMethodSize = sizeof (EFI_TLS_VERIFY);
+ 
+   if (This == NULL || Data == NULL || DataSize == 0) {
+     return EFI_INVALID_PARAMETER;
+@@ -149,6 +153,40 @@ TlsSetSessionData (
+ 
+     TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data));
+     break;
++  case EfiTlsVerifyHost:
++    if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) {
++      Status = EFI_INVALID_PARAMETER;
++      goto ON_EXIT;
++    }
++
++    TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data;
++
++    if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 &&
++        (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) {
++      Status = EFI_INVALID_PARAMETER;
++      goto ON_EXIT;
++    }
++
++    if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 &&
++        ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 ||
++         (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) {
++      Status = EFI_INVALID_PARAMETER;
++      goto ON_EXIT;
++    }
++
++    Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize);
++    if (EFI_ERROR (Status)) {
++      goto ON_EXIT;
++    }
++
++    if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) {
++      Status = EFI_INVALID_PARAMETER;
++      goto ON_EXIT;
++    }
++
++    Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName);
++
++    break;
+   case EfiTlsSessionID:
+     if (DataSize != sizeof (EFI_TLS_SESSION_ID)) {
+       Status = EFI_INVALID_PARAMETER;
+-- 
+1.8.3.1
+
diff --git a/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch b/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
deleted file mode 100644
index 59cc788..0000000
--- a/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
+++ /dev/null
@@ -1,198 +0,0 @@
-From 71c39f0fb0b9a3e9856cebc58ef3812752fd07cc Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Jun 2019 11:06:45 +0200
-Subject: [PATCH 3/3] OvmfPkg/PlatformPei: set 32-bit UC area at PciBase /
- PciExBarBase (pc/q35)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Message-id: <20190604090645.2847-4-lersek@redhat.com>
-Patchwork-id: 88483
-O-Subject:  [RHEL-8.1.0 edk2 PATCH v2 3/3] OvmfPkg/PlatformPei: set 32-bit UC
-	area at PciBase / PciExBarBase (pc/q35)
-Bugzilla: 1666941
-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-
-(This is a replacement for commit 39b9a5ffe661 ("OvmfPkg/PlatformPei: fix
-MTRR for low-RAM sizes that have many bits clear", 2019-05-16).)
-
-Reintroduce the same logic as seen in commit 39b9a5ffe661 for the pc
-(i440fx) board type.
-
-For q35, the same approach doesn't work any longer, given that (a) we'd
-like to keep the PCIEXBAR in the platform DSC a fixed-at-build PCD, and
-(b) QEMU expects the PCIEXBAR to reside at a lower address than the 32-bit
-PCI MMIO aperture.
-
-Therefore, introduce a helper function for determining the 32-bit
-"uncacheable" (MMIO) area base address:
-
-- On q35, this function behaves statically. Furthermore, the MTRR setup
-  exploits that the range [0xB000_0000, 0xFFFF_FFFF] can be marked UC with
-  just two variable MTRRs (one at 0xB000_0000 (size 256MB), another at
-  0xC000_0000 (size 1GB)).
-
-- On pc (i440fx), the function behaves dynamically, implementing the same
-  logic as commit 39b9a5ffe661 did. The PciBase value is adjusted to the
-  value calculated, similarly to commit 39b9a5ffe661. A further
-  simplification is that we show that the UC32 area size truncation to a
-  whole power of two automatically guarantees a >=2GB base address.
-
-Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Cc: Gerd Hoffmann <kraxel@redhat.com>
-Cc: Jordan Justen <jordan.l.justen@intel.com>
-Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
-Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-(cherry picked from commit 49edde15230a5bfd6746225eb95535eaa2ec1ba4)
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/PlatformPei/MemDetect.c | 59 ++++++++++++++++++++++++++++++++++++++---
- OvmfPkg/PlatformPei/Platform.c  |  5 +++-
- OvmfPkg/PlatformPei/Platform.h  |  7 +++++
- 3 files changed, 66 insertions(+), 5 deletions(-)
-
-diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c
-index 2f9e835..0c38b70 100644
---- a/OvmfPkg/PlatformPei/MemDetect.c
-+++ b/OvmfPkg/PlatformPei/MemDetect.c
-@@ -20,6 +20,7 @@ Module Name:
- // The package level header files this module uses
- //
- #include <IndustryStandard/E820.h>
-+#include <IndustryStandard/I440FxPiix4.h>
- #include <IndustryStandard/Q35MchIch9.h>
- #include <PiPei.h>
- 
-@@ -48,6 +49,8 @@ STATIC UINT32 mS3AcpiReservedMemorySize;
- 
- STATIC UINT16 mQ35TsegMbytes;
- 
-+UINT32 mQemuUc32Base;
-+
- VOID
- Q35TsegMbytesInitialization (
-   VOID
-@@ -104,6 +107,54 @@ Q35TsegMbytesInitialization (
- }
- 
- 
-+VOID
-+QemuUc32BaseInitialization (
-+  VOID
-+  )
-+{
-+  UINT32 LowerMemorySize;
-+  UINT32 Uc32Size;
-+
-+  if (mXen) {
-+    return;
-+  }
-+
-+  if (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) {
-+    //
-+    // On q35, the 32-bit area that we'll mark as UC, through variable MTRRs,
-+    // starts at PcdPciExpressBaseAddress. The platform DSC is responsible for
-+    // setting PcdPciExpressBaseAddress such that describing the
-+    // [PcdPciExpressBaseAddress, 4GB) range require a very small number of
-+    // variable MTRRs (preferably 1 or 2).
-+    //
-+    ASSERT (FixedPcdGet64 (PcdPciExpressBaseAddress) <= MAX_UINT32);
-+    mQemuUc32Base = (UINT32)FixedPcdGet64 (PcdPciExpressBaseAddress);
-+    return;
-+  }
-+
-+  ASSERT (mHostBridgeDevId == INTEL_82441_DEVICE_ID);
-+  //
-+  // On i440fx, start with the [LowerMemorySize, 4GB) range. Make sure one
-+  // variable MTRR suffices by truncating the size to a whole power of two,
-+  // while keeping the end affixed to 4GB. This will round the base up.
-+  //
-+  LowerMemorySize = GetSystemMemorySizeBelow4gb ();
-+  Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - LowerMemorySize));
-+  mQemuUc32Base = (UINT32)(SIZE_4GB - Uc32Size);
-+  //
-+  // Assuming that LowerMemorySize is at least 1 byte, Uc32Size is at most 2GB.
-+  // Therefore mQemuUc32Base is at least 2GB.
-+  //
-+  ASSERT (mQemuUc32Base >= BASE_2GB);
-+
-+  if (mQemuUc32Base != LowerMemorySize) {
-+    DEBUG ((DEBUG_VERBOSE, "%a: rounded UC32 base from 0x%x up to 0x%x, for "
-+      "an UC32 size of 0x%x\n", __FUNCTION__, LowerMemorySize, mQemuUc32Base,
-+      Uc32Size));
-+  }
-+}
-+
-+
- /**
-   Iterate over the RAM entries in QEMU's fw_cfg E820 RAM map that start outside
-   of the 32-bit address range.
-@@ -694,11 +745,11 @@ QemuInitializeRam (
-     ASSERT_EFI_ERROR (Status);
- 
-     //
--    // Set memory range from the "top of lower RAM" (RAM below 4GB) to 4GB as
--    // uncacheable
-+    // Set the memory range from the start of the 32-bit MMIO area (32-bit PCI
-+    // MMIO aperture on i440fx, PCIEXBAR on q35) to 4GB as uncacheable.
-     //
--    Status = MtrrSetMemoryAttribute (LowerMemorySize,
--               SIZE_4GB - LowerMemorySize, CacheUncacheable);
-+    Status = MtrrSetMemoryAttribute (mQemuUc32Base, SIZE_4GB - mQemuUc32Base,
-+               CacheUncacheable);
-     ASSERT_EFI_ERROR (Status);
-   }
- }
-diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index 64b8034..de19f5c 100644
---- a/OvmfPkg/PlatformPei/Platform.c
-+++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -197,7 +197,8 @@ MemMapInitialization (
-       ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB);
-       PciBase = (UINT32)(PciExBarBase + SIZE_256MB);
-     } else {
--      PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam;
-+      ASSERT (TopOfLowRam <= mQemuUc32Base);
-+      PciBase = mQemuUc32Base;
-     }
- 
-     //
-@@ -656,6 +657,8 @@ InitializePlatform (
- 
-   PublishPeiMemory ();
- 
-+  QemuUc32BaseInitialization ();
-+
-   InitializeRamRegions ();
- 
-   if (mXen) {
-diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h
-index b12a5c1..2b486ce 100644
---- a/OvmfPkg/PlatformPei/Platform.h
-+++ b/OvmfPkg/PlatformPei/Platform.h
-@@ -69,6 +69,11 @@ GetSystemMemorySizeBelow4gb (
-   );
- 
- VOID
-+QemuUc32BaseInitialization (
-+  VOID
-+  );
-+
-+VOID
- InitializeRamRegions (
-   VOID
-   );
-@@ -120,4 +125,6 @@ extern UINT32 mMaxCpuCount;
- 
- extern UINT16 mHostBridgeDevId;
- 
-+extern UINT32 mQemuUc32Base;
-+
- #endif // _PLATFORM_PEI_H_INCLUDED_
--- 
-1.8.3.1
-
diff --git a/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch b/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
deleted file mode 100644
index 4aae125..0000000
--- a/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From d362291ada9ee22316e3c069dc788c4c801b0796 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Tue, 4 Jun 2019 11:06:44 +0200
-Subject: [PATCH 2/3] OvmfPkg: raise the PCIEXBAR base to 2816 MB on Q35
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Message-id: <20190604090645.2847-3-lersek@redhat.com>
-Patchwork-id: 88481
-O-Subject:  [RHEL-8.1.0 edk2 PATCH v2 2/3] OvmfPkg: raise the PCIEXBAR base to
-	2816 MB on Q35
-Bugzilla: 1666941
-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
-
-(This is a replacement for commit 75136b29541b, "OvmfPkg/PlatformPei:
-reorder the 32-bit PCI window vs. the PCIEXBAR on q35", 2019-05-16).
-
-Commit 7b8fe63561b4 ("OvmfPkg: PlatformPei: enable PCIEXBAR (aka MMCONFIG
-/ ECAM) on Q35", 2016-03-10) claimed that,
-
-  On Q35 machine types that QEMU intends to support in the long term, QEMU
-  never lets the RAM below 4 GB exceed 2 GB.
-
-Alas, this statement came from a misunderstanding that occurred while we
-worked out the interface contract. In fact QEMU does allow the 32-bit RAM
-extend up to 0xB000_0000 (exclusive), in case the RAM size falls in the
-range (0x8000_0000, 0xB000_0000) (i.e., the RAM size is greater than
-2048MB and smaller than 2816MB).
-
-In turn, such a RAM size (justifiedly) triggers
-
-  ASSERT (TopOfLowRam <= PciExBarBase);
-
-in MemMapInitialization(), because we placed the 256MB PCIEXBAR at
-0x8000_0000 (2GB) exactly, relying on the interface contract. (And, the
-32-bit PCI window would follow the PCIEXBAR, covering the [0x9000_0000,
-0xFC00_0000) range.)
-
-In order to fix this, place the PCIEXBAR at 2816MB (0xB000_0000), and
-start the 32-bit PCI window at 3 GB (0xC000_0000). This shrinks the 32-bit
-PCI window to
-
-  0xFC00_0000 - 0xC000_0000 = 0x3C00_0000 = 960 MB.
-
-Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Cc: Gerd Hoffmann <kraxel@redhat.com>
-Cc: Jordan Justen <jordan.l.justen@intel.com>
-Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
-Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-(cherry picked from commit b07de0974b65a6a393c2d477427d1d6c7acce002)
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
----
- OvmfPkg/OvmfPkgIa32.dsc    | 4 ++--
- OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++--
- OvmfPkg/OvmfPkgX64.dsc     | 4 ++--
- 3 files changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index bbf5e38..cf5f2ea 100644
---- a/OvmfPkg/OvmfPkgIa32.dsc
-+++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -497,8 +497,8 @@
-   # the PCIEXBAR register.
-   #
-   # On Q35 machine types that QEMU intends to support in the long term, QEMU
--  # never lets the RAM below 4 GB exceed 2 GB.
--  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
-+  # never lets the RAM below 4 GB exceed 2816 MB.
-+  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 3ec1b91..5a24065 100644
---- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -502,8 +502,8 @@
-   # the PCIEXBAR register.
-   #
-   # On Q35 machine types that QEMU intends to support in the long term, QEMU
--  # never lets the RAM below 4 GB exceed 2 GB.
--  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
-+  # never lets the RAM below 4 GB exceed 2816 MB.
-+  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
-diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index ea54b4b..6ab50c9 100644
---- a/OvmfPkg/OvmfPkgX64.dsc
-+++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -502,8 +502,8 @@
-   # the PCIEXBAR register.
-   #
-   # On Q35 machine types that QEMU intends to support in the long term, QEMU
--  # never lets the RAM below 4 GB exceed 2 GB.
--  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000
-+  # never lets the RAM below 4 GB exceed 2816 MB.
-+  gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000
- 
- !ifdef $(SOURCE_DEBUG_ENABLE)
-   gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
--- 
-1.8.3.1
-
diff --git a/SOURCES/ovmf-vars-generator b/SOURCES/ovmf-vars-generator
index 06d0396..111e438 100755
--- a/SOURCES/ovmf-vars-generator
+++ b/SOURCES/ovmf-vars-generator
@@ -1,4 +1,4 @@
-#!/bin/python
+#!/bin/python3
 # Copyright (C) 2017 Red Hat
 # Authors:
 # - Patrick Uiterwijk <puiterwijk@redhat.com>
@@ -32,13 +32,23 @@ def generate_qemu_cmd(args, readonly, *extra_args):
     else:
         machinetype = 'q35,smm=on'
     machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg')
+
+    if args.oem_string is None:
+        oemstrings = []
+    else:
+        oemstring_values = [
+            ",value=" + s.replace(",", ",,") for s in args.oem_string ]
+        oemstrings = [
+            '-smbios',
+            "type=11" + ''.join(oemstring_values) ]
+
     return [
         args.qemu_binary,
         '-machine', machinetype,
         '-display', 'none',
         '-no-user-config',
         '-nodefaults',
-        '-m', '256',
+        '-m', '768',
         '-smp', '2,sockets=2,cores=1,threads=1',
         '-chardev', 'pty,id=charserial1',
         '-device', 'isa-serial,chardev=charserial1,id=serial1',
@@ -50,7 +60,7 @@ def generate_qemu_cmd(args, readonly, *extra_args):
         '-drive',
         'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % (
             args.out_temp, 'on' if readonly else 'off'),
-        '-serial', 'stdio'] + list(extra_args)
+        '-serial', 'stdio'] + oemstrings + list(extra_args)
 
 
 def download(url, target, suffix, no_download):
@@ -98,6 +108,10 @@ def enroll_keys(args):
     read = p.stdout.readline()
     if b'char device redirected' in read:
         read = p.stdout.readline()
+    # Skip passed QEMU warnings, like the following one we see in Ubuntu:
+    # qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]
+    while b'qemu-system-x86_64: warning:' in read:
+        read = p.stdout.readline()
     if args.print_output:
         print(strip_special(read), end='')
         print()
@@ -213,6 +227,14 @@ def parse_args():
                               'used for testing, could undermine Secure '
                               'Boot.'),
                         action='store_true')
+    parser.add_argument('--oem-string',
+                        help=('Pass the argument to the guest as a string in '
+                              'the SMBIOS Type 11 (OEM Strings) table. '
+                              'Multiple occurrences of this option are '
+                              'collected into a single SMBIOS Type 11 table. '
+                              'A pure ASCII string argument is strongly '
+                              'suggested.'),
+                        action='append')
     args = parser.parse_args()
     args.kernel_url = args.kernel_url % {'version': args.fedora_version}
 
diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec
index 66112b3..456d602 100644
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@@ -1,16 +1,16 @@
 ExclusiveArch: x86_64 aarch64
 
-%define GITDATE        20190308
-%define GITCOMMIT      89910a39dcfd
+%define GITDATE        20190829
+%define GITCOMMIT      37eef91017ad
 %define TOOLCHAIN      GCC5
-%define OPENSSL_VER    1.1.0i
+%define OPENSSL_VER    1.1.1c
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
 Release:    4%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
-License:    BSD and OpenSSL and MIT
+License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
 
 # The source tarball is created using following commands:
@@ -19,37 +19,52 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz
+Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
 Source3: ovmf-vars-generator
 Source4: LICENSE.qosb
+Source5: RedHatSecureBootPkKek1.pem
 
 Source10: edk2-aarch64-verbose.json
 Source11: edk2-aarch64.json
 Source12: edk2-ovmf-sb.json
 Source13: edk2-ovmf.json
 
-Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
-Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
-Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
-Patch0006: 0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
-Patch0007: 0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
-Patch0008: 0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
-Patch0009: 0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
-Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
-Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
-Patch0012: 0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch
-Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
-Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
-Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch
-Patch0016: 0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
-Patch0017: 0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
-Patch0018: 0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
-Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
-Patch0026: 0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch
-# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
-Patch27: edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch
-# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size
-Patch28: edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch
+Patch0001: 0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch
+Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch
+Patch0006: 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
+Patch0007: 0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch
+Patch0008: 0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch
+Patch0009: 0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch
+Patch0010: 0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
+Patch0011: 0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
+Patch0012: 0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch
+Patch0013: 0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
+Patch0014: 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
+Patch0015: 0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch
+Patch0016: 0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch
+Patch0017: 0017-ArmVirtPkg-set-early-hello-message-RH-only.patch
+Patch0018: 0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
+Patch0019: 0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
+Patch0020: 0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
+Patch0021: 0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
+Patch0022: 0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+Patch0033: 0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch34: edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch35: edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch36: edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch37: edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch38: edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch39: edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch40: edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch
+# For bz#1536624 - HTTPS enablement in OVMF
+Patch41: edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch
 
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -72,11 +87,11 @@ BuildRequires:  genisoimage
 
 # For generating the variable store template with the default certificates
 # enrolled, we need qemu-kvm.
-BuildRequires:  qemu-kvm
+BuildRequires:  qemu-kvm >= 2.12.0-89
 
 # For verifying SB enablement in the above variable store template, we need a
 # guest kernel that prints "Secure boot enabled".
-BuildRequires: kernel-core
+BuildRequires: kernel-core >= 4.18.0-161
 BuildRequires: rpmdevtools
 
 %package ovmf
@@ -88,7 +103,7 @@ Obsoletes:  OVMF < 20180508-100.gitee3198e672e2.el7
 # OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
 # library.
 Provides:   bundled(openssl) = %{OPENSSL_VER}
-License:    BSD and OpenSSL
+License:    BSD-2-Clause-Patent and OpenSSL
 
 # URL taken from the Maintainers.txt file.
 URL:        http://www.tianocore.org/ovmf/
@@ -107,7 +122,7 @@ Obsoletes:  AAVMF < 20180508-100.gitee3198e672e2.el7
 
 # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
 Provides:   bundled(openssl) = %{OPENSSL_VER}
-License:    BSD and OpenSSL
+License:    BSD-2-Clause-Patent and OpenSSL
 
 # URL taken from the Maintainers.txt file.
 URL:        https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
@@ -121,7 +136,7 @@ package contains a 64-bit build.
 %package tools
 Summary:        EFI Development Kit II Tools
 Group:          Development/Tools
-License:        BSD
+License:        BSD-2-Clause-Patent
 URL:            https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
 %description tools
 This package provides tools that are needed to
@@ -131,7 +146,7 @@ build EFI executables and ROMs using the GNU tools.
 Summary:        Documentation for EFI Development Kit II Tools
 Group:          Development/Tools
 BuildArch:      noarch
-License:        BSD
+License:        BSD-2-Clause-Patent
 URL:            https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
 %description tools-doc
 This package documents the tools that are needed to
@@ -145,9 +160,6 @@ environment for the UEFI and PI specifications. This package contains sample
 %prep
 %setup -q -n edk2-%{GITCOMMIT}
 
-# Ensure binary packages are not used
-rm -rf ShellBinPkg
-
 %{lua:
     tmp = os.tmpname();
     f = io.open(tmp, "w+");
@@ -187,6 +199,18 @@ cp -a -- %{SOURCE1} %{SOURCE3} .
 cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} .
 tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
 
+# Format the Red Hat-issued certificate that is to be enrolled as both Platform
+# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping
+# the PEM header and footer, and prepending the textual representation of the
+# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi",
+# plus the separator ":". For details, see
+# <https://bugzilla.tianocore.org/show_bug.cgi?id=1747> comments 2, 7, 14.
+sed \
+  -e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
+  -e '/^-----END CERTIFICATE-----$/d' \
+  %{SOURCE5} \
+  > PkKek1.oemstr
+
 # Done by %setup, but we do not use it for the auxiliary tarballs
 chmod -Rf a+rX,u+w,g-w,o-w .
 
@@ -206,15 +230,17 @@ fi
 
 CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash"
 CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE"
+CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE"
 
 %ifarch x86_64
 # Build with neither SB nor SMM; include UEFI shell.
-build ${CC_FLAGS} -D FD_SIZE_4MB -a X64 -p OvmfPkg/OvmfPkgX64.dsc
+build ${CC_FLAGS} -D TPM2_ENABLE -D FD_SIZE_4MB -a X64 \
+  -p OvmfPkg/OvmfPkgX64.dsc
 
 # Build with SB and SMM; exclude UEFI shell.
 build -D SECURE_BOOT_ENABLE -D EXCLUDE_SHELL_FROM_FD ${CC_FLAGS} \
   -a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc -D SMM_REQUIRE \
-  -D FD_SIZE_4MB
+  -D TPM2_ENABLE -D FD_SIZE_4MB
 
 # Sanity check: the varstore templates must be identical.
 cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
@@ -260,6 +286,7 @@ cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
   --ovmf-binary        Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \
   --ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
   --uefi-shell-iso     UefiShell.iso \
+  --oem-string         "$(< PkKek1.oemstr)" \
   --skip-testing \
   OVMF_VARS.secboot.fd
 
@@ -279,7 +306,7 @@ build ${CC_FLAGS} -a AARCH64 \
 
 %install
 
-cp -a License.txt License.edk2.txt
+cp -a OvmfPkg/License.txt License.OvmfPkg.txt
 mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware
 
 %ifarch x86_64
@@ -388,8 +415,9 @@ install BaseTools/Scripts/GccBase.lds \
 %endif
 
 %defattr(-,root,root,-)
-%license License.edk2.txt
-%license OvmfPkg/License.txt
+%license License.txt
+%license License.OvmfPkg.txt
+%license License-History.txt
 %license LICENSE.openssl
 %dir %{_datadir}/%{name}/
 %dir %{_datadir}/qemu
@@ -435,6 +463,7 @@ install BaseTools/Scripts/GccBase.lds \
 
 %files tools
 %license License.txt
+%license License-History.txt
 %{_bindir}/Brotli
 %{_bindir}/DevicePath
 %{_bindir}/EfiRom
@@ -481,6 +510,47 @@ true
 %endif
 
 %changelog
+* Wed Dec 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-4.el8
+- edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301]
+- edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301]
+- Resolves: bz#1778301
+  (re-enable Secure Boot (varstore template) verification in %check)
+
+* Thu Dec 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-3.el8
+- Update used openssl version [bz#1616029]
+- Resolves: bz#1616029
+  (rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1)
+
+* Mon Dec 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-2.el8
+- edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624]
+- edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624]
+- edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624]
+- edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624]
+- edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624]
+- edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624]
+- edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624]
+- edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624]
+- edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624]
+- Resolves: bz#1536624
+  (HTTPS enablement in OVMF)
+
+* Fri Nov 29 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190829git37eef91017ad-1.el8
+- Rebase to edk2-stable201908 [bz#1748180]
+- Resolves: bz#1748180
+  ((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2)
+
+* Mon Aug 05 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-6.el8
+- edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch [bz#1714446]
+- edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch [bz#1714446]
+- edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch [bz#1714446]
+- Resolves: bz#1714446
+  (edk2-aarch64 silent build is not silent enough)
+
+* Tue Jul 02 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-5.el8
+- edk2-redhat-add-D-TPM2_ENABLE-to-the-edk2-ovmf-build-flag.patch [bz#1693205]
+- Resolves: bz#1693205
+  (edk2: Enable TPM2 support)
+
 * Tue Jun 11 2019 Miroslav Rezanina <mrezanin@redhat.com> - 20190308git89910a39dcfd-4.el8
 - edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch [bz#1666941]
 - edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch [bz#1666941]
@@ -492,9 +562,6 @@ true
 - Resolves: bz#1600230
   ([RHEL 8.1] RFE: provide firmware descriptor meta-files for the edk2-ovmf and edk2-aarch64 firmware images)
 
-* Mon Apr 08 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20190308git89910a39dcfd-1.el8
-- Rebase to edk2-20190308git89910a39dcfd
-
 * Mon Jan 21 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 20180508gitee3198e672e2-9.el8
 - edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1662184]
 - edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch [bz#1662184]