diff --git a/.edk2.metadata b/.edk2.metadata index 7618d45..aba6cf1 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ -87a87bbfca0e751b2840f74b0612e2f0dad70535 SOURCES/edk2-89910a39dcfd.tar.xz -f0655dec5d8d815956bab417fcdb25e6da7e21b8 SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +c7ca6a13a5f9e7fe8071010c26a11ba41548308b SOURCES/edk2-37eef91017ad.tar.xz +cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz diff --git a/.gitignore b/.gitignore index 549c44d..ee17a8c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/edk2-89910a39dcfd.tar.xz -SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +SOURCES/edk2-37eef91017ad.tar.xz +SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz diff --git a/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch b/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch new file mode 100644 index 0000000..f7ece09 --- /dev/null +++ b/SOURCES/0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch @@ -0,0 +1,668 @@ +From ac1a0b44df858e53be9e8af499e80a459f0cef16 Mon Sep 17 00:00:00 2001 +From: Shenglei Zhang +Date: Tue, 29 Oct 2019 15:43:11 +0000 +Subject: CryptoPkg/OpensslLib: Update process_files.pl to generate .h files + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- New patch (cherry-picked from upstream, to be dropped at the next + downstream rebase). + +- Upstream moved to OpenSSL_1.1.1b (for TianoCore#1089) in release + edk2-stable201905. As part of that OpenSSL update, "OpensslLib.inf" and + "OpensslLibCrypto.inf" failed to list some new header files. + +- As a part of edk2-stable201908, commit 8906f076de35 + ("CryptoPkg/OpensslLib: Add missing header files in INF file", + 2019-08-16) fixed up "OpensslLib.inf" and "OpensslLibCrypto.inf" with + the missing header files, but did so manually. + +- The present patch (which is going to be released in edk2-stable201911) + updates "process_files.pl" to list the subject header files + automatically. + +- This patch is being backported primarily in order to keep further + backports for the modified files conflict-free. It might also come in + handy once we adopt RHEL8's own OpenSSL version (in case we have to + re-run "process_files.pl" ourselves). + +There are missing headers added into INF files at 8906f076de35b222a.. +They are now manually added but not auto-generated. So we update the +perl script to enable this feature. +Meanwhile, update the order of the .h files in INF files, which are +auto-generated now. +https://bugzilla.tianocore.org/show_bug.cgi?id=2085 + +Cc: Jian J Wang +Cc: Xiaoyu Lu +Signed-off-by: Shenglei Zhang +Reviewed-by: Jian J Wang +Reviewed-by: Xiaoyu Lu +(cherry picked from commit 9f4fbd56d43054cc73d722c1643659f9741c0fcf) +Signed-off-by: Laszlo Ersek +--- + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 103 +++++++++--------- + .../Library/OpensslLib/OpensslLibCrypto.inf | 96 ++++++++-------- + CryptoPkg/Library/OpensslLib/process_files.pl | 28 +++++ + 3 files changed, 129 insertions(+), 98 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index 7432321fd4..dd873a0dcd 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -34,9 +34,7 @@ + $(OPENSSL_PATH)/crypto/aes/aes_misc.c + $(OPENSSL_PATH)/crypto/aes/aes_ofb.c + $(OPENSSL_PATH)/crypto/aes/aes_wrap.c +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h + $(OPENSSL_PATH)/crypto/aria/aria.c +- $(OPENSSL_PATH)/crypto/arm_arch.h + $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c + $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_digest.c +@@ -101,21 +99,12 @@ + $(OPENSSL_PATH)/crypto/asn1/x_sig.c + $(OPENSSL_PATH)/crypto/asn1/x_spki.c + $(OPENSSL_PATH)/crypto/asn1/x_val.c +- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h +- $(OPENSSL_PATH)/crypto/asn1/charmap.h +- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.c + $(OPENSSL_PATH)/crypto/async/arch/async_posix.c + $(OPENSSL_PATH)/crypto/async/arch/async_win.c + $(OPENSSL_PATH)/crypto/async/async.c + $(OPENSSL_PATH)/crypto/async/async_err.c + $(OPENSSL_PATH)/crypto/async/async_wait.c +- $(OPENSSL_PATH)/crypto/async/arch/async_win.h +- $(OPENSSL_PATH)/crypto/async/async_locl.h +- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h +- $(OPENSSL_PATH)/crypto/async/arch/async_null.h + $(OPENSSL_PATH)/crypto/bio/b_addr.c + $(OPENSSL_PATH)/crypto/bio/b_dump.c + $(OPENSSL_PATH)/crypto/bio/b_sock.c +@@ -138,7 +127,6 @@ + $(OPENSSL_PATH)/crypto/bio/bss_mem.c + $(OPENSSL_PATH)/crypto/bio/bss_null.c + $(OPENSSL_PATH)/crypto/bio/bss_sock.c +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_add.c + $(OPENSSL_PATH)/crypto/bn/bn_asm.c + $(OPENSSL_PATH)/crypto/bn/bn_blind.c +@@ -170,9 +158,6 @@ + $(OPENSSL_PATH)/crypto/bn/bn_srp.c + $(OPENSSL_PATH)/crypto/bn/bn_word.c + $(OPENSSL_PATH)/crypto/bn/bn_x931p.c +- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/bn/bn_prime.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h + $(OPENSSL_PATH)/crypto/buffer/buf_err.c + $(OPENSSL_PATH)/crypto/buffer/buffer.c + $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c +@@ -181,7 +166,6 @@ + $(OPENSSL_PATH)/crypto/comp/c_zlib.c + $(OPENSSL_PATH)/crypto/comp/comp_err.c + $(OPENSSL_PATH)/crypto/comp/comp_lib.c +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h + $(OPENSSL_PATH)/crypto/conf/conf_api.c + $(OPENSSL_PATH)/crypto/conf/conf_def.c + $(OPENSSL_PATH)/crypto/conf/conf_err.c +@@ -190,8 +174,6 @@ + $(OPENSSL_PATH)/crypto/conf/conf_mod.c + $(OPENSSL_PATH)/crypto/conf/conf_sap.c + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/conf/conf_def.h + $(OPENSSL_PATH)/crypto/cpt_err.c + $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/ctype.c +@@ -215,8 +197,6 @@ + $(OPENSSL_PATH)/crypto/des/set_key.c + $(OPENSSL_PATH)/crypto/des/str2key.c + $(OPENSSL_PATH)/crypto/des/xcbc_enc.c +- $(OPENSSL_PATH)/crypto/des/spr.h +- $(OPENSSL_PATH)/crypto/des/des_locl.h + $(OPENSSL_PATH)/crypto/dh/dh_ameth.c + $(OPENSSL_PATH)/crypto/dh/dh_asn1.c + $(OPENSSL_PATH)/crypto/dh/dh_check.c +@@ -231,7 +211,6 @@ + $(OPENSSL_PATH)/crypto/dh/dh_prn.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h + $(OPENSSL_PATH)/crypto/dso/dso_dl.c + $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c + $(OPENSSL_PATH)/crypto/dso/dso_err.c +@@ -239,7 +218,6 @@ + $(OPENSSL_PATH)/crypto/dso/dso_openssl.c + $(OPENSSL_PATH)/crypto/dso/dso_vms.c + $(OPENSSL_PATH)/crypto/dso/dso_win32.c +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h + $(OPENSSL_PATH)/crypto/ebcdic.c + $(OPENSSL_PATH)/crypto/err/err.c + $(OPENSSL_PATH)/crypto/err/err_prn.c +@@ -304,13 +282,11 @@ + $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c + $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c + $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h + $(OPENSSL_PATH)/crypto/ex_data.c + $(OPENSSL_PATH)/crypto/getenv.c + $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c + $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c + $(OPENSSL_PATH)/crypto/hmac/hmac.c +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h + $(OPENSSL_PATH)/crypto/init.c + $(OPENSSL_PATH)/crypto/kdf/hkdf.c + $(OPENSSL_PATH)/crypto/kdf/kdf_err.c +@@ -318,13 +294,10 @@ + $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c + $(OPENSSL_PATH)/crypto/lhash/lh_stats.c + $(OPENSSL_PATH)/crypto/lhash/lhash.c +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h + $(OPENSSL_PATH)/crypto/md4/md4_dgst.c + $(OPENSSL_PATH)/crypto/md4/md4_one.c +- $(OPENSSL_PATH)/crypto/md4/md4_locl.h + $(OPENSSL_PATH)/crypto/md5/md5_dgst.c + $(OPENSSL_PATH)/crypto/md5/md5_one.c +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h + $(OPENSSL_PATH)/crypto/mem.c + $(OPENSSL_PATH)/crypto/mem_clr.c + $(OPENSSL_PATH)/crypto/mem_dbg.c +@@ -339,7 +312,6 @@ + $(OPENSSL_PATH)/crypto/modes/ofb128.c + $(OPENSSL_PATH)/crypto/modes/wrap128.c + $(OPENSSL_PATH)/crypto/modes/xts128.c +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h + $(OPENSSL_PATH)/crypto/o_dir.c + $(OPENSSL_PATH)/crypto/o_fips.c + $(OPENSSL_PATH)/crypto/o_fopen.c +@@ -351,9 +323,6 @@ + $(OPENSSL_PATH)/crypto/objects/obj_err.c + $(OPENSSL_PATH)/crypto/objects/obj_lib.c + $(OPENSSL_PATH)/crypto/objects/obj_xref.c +- $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c +@@ -364,7 +333,6 @@ + $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c + $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h + $(OPENSSL_PATH)/crypto/pem/pem_all.c + $(OPENSSL_PATH)/crypto/pem/pem_err.c + $(OPENSSL_PATH)/crypto/pem/pem_info.c +@@ -392,7 +360,6 @@ + $(OPENSSL_PATH)/crypto/pkcs12/p12_sbag.c + $(OPENSSL_PATH)/crypto/pkcs12/p12_utl.c + $(OPENSSL_PATH)/crypto/pkcs12/pk12err.c +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h + $(OPENSSL_PATH)/crypto/pkcs7/bio_pk7.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_asn1.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_attr.c +@@ -401,7 +368,6 @@ + $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c + $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c +- $(OPENSSL_PATH)/crypto/ppc_arch.h + $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c + $(OPENSSL_PATH)/crypto/rand/drbg_lib.c + $(OPENSSL_PATH)/crypto/rand/rand_egd.c +@@ -410,10 +376,8 @@ + $(OPENSSL_PATH)/crypto/rand/rand_unix.c + $(OPENSSL_PATH)/crypto/rand/rand_vms.c + $(OPENSSL_PATH)/crypto/rand/rand_win.c +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h + $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c + $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c +- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c + $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c + $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c +@@ -436,24 +400,18 @@ + $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h +- $(OPENSSL_PATH)/crypto/s390x_arch.h + $(OPENSSL_PATH)/crypto/sha/keccak1600.c + $(OPENSSL_PATH)/crypto/sha/sha1_one.c + $(OPENSSL_PATH)/crypto/sha/sha1dgst.c + $(OPENSSL_PATH)/crypto/sha/sha256.c + $(OPENSSL_PATH)/crypto/sha/sha512.c +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h + $(OPENSSL_PATH)/crypto/siphash/siphash.c + $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c + $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c +- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h + $(OPENSSL_PATH)/crypto/sm3/m_sm3.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/sm4/sm4.c + $(OPENSSL_PATH)/crypto/stack/stack.c +- $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/threads_none.c + $(OPENSSL_PATH)/crypto/threads_pthread.c + $(OPENSSL_PATH)/crypto/threads_win.c +@@ -463,8 +421,6 @@ + $(OPENSSL_PATH)/crypto/ui/ui_null.c + $(OPENSSL_PATH)/crypto/ui/ui_openssl.c + $(OPENSSL_PATH)/crypto/ui/ui_util.c +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h +- $(OPENSSL_PATH)/crypto/vms_rms.h + $(OPENSSL_PATH)/crypto/uid.c + $(OPENSSL_PATH)/crypto/x509/by_dir.c + $(OPENSSL_PATH)/crypto/x509/by_file.c +@@ -502,7 +458,6 @@ + $(OPENSSL_PATH)/crypto/x509/x_req.c + $(OPENSSL_PATH)/crypto/x509/x_x509.c + $(OPENSSL_PATH)/crypto/x509/x_x509a.c +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h + $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c +@@ -540,11 +495,57 @@ + $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c + $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c + $(OPENSSL_PATH)/crypto/x509v3/v3err.c ++ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h ++ $(OPENSSL_PATH)/crypto/dh/dh_locl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_def.h ++ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h ++ $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/md5/md5_locl.h ++ $(OPENSSL_PATH)/crypto/store/store_locl.h ++ $(OPENSSL_PATH)/crypto/dso/dso_locl.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h ++ $(OPENSSL_PATH)/crypto/arm_arch.h ++ $(OPENSSL_PATH)/crypto/mips_arch.h ++ $(OPENSSL_PATH)/crypto/ppc_arch.h ++ $(OPENSSL_PATH)/crypto/s390x_arch.h ++ $(OPENSSL_PATH)/crypto/sparc_arch.h ++ $(OPENSSL_PATH)/crypto/vms_rms.h ++ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bn/bn_prime.h ++ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h ++ $(OPENSSL_PATH)/crypto/ui/ui_locl.h ++ $(OPENSSL_PATH)/crypto/md4/md4_locl.h ++ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/charmap.h ++ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h ++ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h ++ $(OPENSSL_PATH)/crypto/evp/evp_locl.h ++ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h ++ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h ++ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_null.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_win.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h ++ $(OPENSSL_PATH)/crypto/des/des_locl.h ++ $(OPENSSL_PATH)/crypto/des/spr.h ++ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h ++ $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h + $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h +- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h +- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h +- $(OPENSSL_PATH)/ms/uplink.h ++ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h ++ $(OPENSSL_PATH)/crypto/objects/obj_dat.h ++ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_xref.h + $(OPENSSL_PATH)/ssl/bio_ssl.c + $(OPENSSL_PATH)/ssl/d1_lib.c + $(OPENSSL_PATH)/ssl/d1_msg.c +@@ -589,13 +590,13 @@ + $(OPENSSL_PATH)/ssl/t1_trce.c + $(OPENSSL_PATH)/ssl/tls13_enc.c + $(OPENSSL_PATH)/ssl/tls_srp.c +- $(OPENSSL_PATH)/ssl/record/record_locl.h + $(OPENSSL_PATH)/ssl/statem/statem.h + $(OPENSSL_PATH)/ssl/statem/statem_locl.h ++ $(OPENSSL_PATH)/ssl/packet_locl.h ++ $(OPENSSL_PATH)/ssl/ssl_cert_table.h + $(OPENSSL_PATH)/ssl/ssl_locl.h + $(OPENSSL_PATH)/ssl/record/record.h +- $(OPENSSL_PATH)/ssl/ssl_cert_table.h +- $(OPENSSL_PATH)/ssl/packet_locl.h ++ $(OPENSSL_PATH)/ssl/record/record_locl.h + # Autogenerated files list ends here + + ossl_store.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index 8134b45eda..a1bb560255 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -33,9 +33,7 @@ + $(OPENSSL_PATH)/crypto/aes/aes_misc.c + $(OPENSSL_PATH)/crypto/aes/aes_ofb.c + $(OPENSSL_PATH)/crypto/aes/aes_wrap.c +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h + $(OPENSSL_PATH)/crypto/aria/aria.c +- $(OPENSSL_PATH)/crypto/arm_arch.h + $(OPENSSL_PATH)/crypto/asn1/a_bitstr.c + $(OPENSSL_PATH)/crypto/asn1/a_d2i_fp.c + $(OPENSSL_PATH)/crypto/asn1/a_digest.c +@@ -100,21 +98,12 @@ + $(OPENSSL_PATH)/crypto/asn1/x_sig.c + $(OPENSSL_PATH)/crypto/asn1/x_spki.c + $(OPENSSL_PATH)/crypto/asn1/x_val.c +- $(OPENSSL_PATH)/crypto/asn1/standard_methods.h +- $(OPENSSL_PATH)/crypto/asn1/charmap.h +- $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.c + $(OPENSSL_PATH)/crypto/async/arch/async_posix.c + $(OPENSSL_PATH)/crypto/async/arch/async_win.c +- $(OPENSSL_PATH)/crypto/async/arch/async_posix.h +- $(OPENSSL_PATH)/crypto/async/arch/async_null.h +- $(OPENSSL_PATH)/crypto/async/arch/async_win.h + $(OPENSSL_PATH)/crypto/async/async.c + $(OPENSSL_PATH)/crypto/async/async_err.c + $(OPENSSL_PATH)/crypto/async/async_wait.c +- $(OPENSSL_PATH)/crypto/async/async_locl.h + $(OPENSSL_PATH)/crypto/bio/b_addr.c + $(OPENSSL_PATH)/crypto/bio/b_dump.c + $(OPENSSL_PATH)/crypto/bio/b_sock.c +@@ -137,7 +126,6 @@ + $(OPENSSL_PATH)/crypto/bio/bss_mem.c + $(OPENSSL_PATH)/crypto/bio/bss_null.c + $(OPENSSL_PATH)/crypto/bio/bss_sock.c +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h + $(OPENSSL_PATH)/crypto/bn/bn_add.c + $(OPENSSL_PATH)/crypto/bn/bn_asm.c + $(OPENSSL_PATH)/crypto/bn/bn_blind.c +@@ -169,9 +157,6 @@ + $(OPENSSL_PATH)/crypto/bn/bn_srp.c + $(OPENSSL_PATH)/crypto/bn/bn_word.c + $(OPENSSL_PATH)/crypto/bn/bn_x931p.c +- $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/bn/bn_prime.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h + $(OPENSSL_PATH)/crypto/buffer/buf_err.c + $(OPENSSL_PATH)/crypto/buffer/buffer.c + $(OPENSSL_PATH)/crypto/cmac/cm_ameth.c +@@ -180,7 +165,6 @@ + $(OPENSSL_PATH)/crypto/comp/c_zlib.c + $(OPENSSL_PATH)/crypto/comp/comp_err.c + $(OPENSSL_PATH)/crypto/comp/comp_lib.c +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h + $(OPENSSL_PATH)/crypto/conf/conf_api.c + $(OPENSSL_PATH)/crypto/conf/conf_def.c + $(OPENSSL_PATH)/crypto/conf/conf_err.c +@@ -189,8 +173,6 @@ + $(OPENSSL_PATH)/crypto/conf/conf_mod.c + $(OPENSSL_PATH)/crypto/conf/conf_sap.c + $(OPENSSL_PATH)/crypto/conf/conf_ssl.c +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/conf/conf_def.h + $(OPENSSL_PATH)/crypto/cpt_err.c + $(OPENSSL_PATH)/crypto/cryptlib.c + $(OPENSSL_PATH)/crypto/ctype.c +@@ -214,8 +196,6 @@ + $(OPENSSL_PATH)/crypto/des/set_key.c + $(OPENSSL_PATH)/crypto/des/str2key.c + $(OPENSSL_PATH)/crypto/des/xcbc_enc.c +- $(OPENSSL_PATH)/crypto/des/spr.h +- $(OPENSSL_PATH)/crypto/des/des_locl.h + $(OPENSSL_PATH)/crypto/dh/dh_ameth.c + $(OPENSSL_PATH)/crypto/dh/dh_asn1.c + $(OPENSSL_PATH)/crypto/dh/dh_check.c +@@ -230,7 +210,6 @@ + $(OPENSSL_PATH)/crypto/dh/dh_prn.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc5114.c + $(OPENSSL_PATH)/crypto/dh/dh_rfc7919.c +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h + $(OPENSSL_PATH)/crypto/dso/dso_dl.c + $(OPENSSL_PATH)/crypto/dso/dso_dlfcn.c + $(OPENSSL_PATH)/crypto/dso/dso_err.c +@@ -238,7 +217,6 @@ + $(OPENSSL_PATH)/crypto/dso/dso_openssl.c + $(OPENSSL_PATH)/crypto/dso/dso_vms.c + $(OPENSSL_PATH)/crypto/dso/dso_win32.c +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h + $(OPENSSL_PATH)/crypto/ebcdic.c + $(OPENSSL_PATH)/crypto/err/err.c + $(OPENSSL_PATH)/crypto/err/err_prn.c +@@ -280,7 +258,6 @@ + $(OPENSSL_PATH)/crypto/evp/evp_pkey.c + $(OPENSSL_PATH)/crypto/evp/m_md2.c + $(OPENSSL_PATH)/crypto/evp/m_md4.c +- $(OPENSSL_PATH)/crypto/md4/md4_locl.h + $(OPENSSL_PATH)/crypto/evp/m_md5.c + $(OPENSSL_PATH)/crypto/evp/m_md5_sha1.c + $(OPENSSL_PATH)/crypto/evp/m_mdc2.c +@@ -304,13 +281,11 @@ + $(OPENSSL_PATH)/crypto/evp/pmeth_fn.c + $(OPENSSL_PATH)/crypto/evp/pmeth_gn.c + $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h + $(OPENSSL_PATH)/crypto/ex_data.c + $(OPENSSL_PATH)/crypto/getenv.c + $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c + $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c + $(OPENSSL_PATH)/crypto/hmac/hmac.c +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h + $(OPENSSL_PATH)/crypto/init.c + $(OPENSSL_PATH)/crypto/kdf/hkdf.c + $(OPENSSL_PATH)/crypto/kdf/kdf_err.c +@@ -318,12 +293,10 @@ + $(OPENSSL_PATH)/crypto/kdf/tls1_prf.c + $(OPENSSL_PATH)/crypto/lhash/lh_stats.c + $(OPENSSL_PATH)/crypto/lhash/lhash.c +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h + $(OPENSSL_PATH)/crypto/md4/md4_dgst.c + $(OPENSSL_PATH)/crypto/md4/md4_one.c + $(OPENSSL_PATH)/crypto/md5/md5_dgst.c + $(OPENSSL_PATH)/crypto/md5/md5_one.c +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h + $(OPENSSL_PATH)/crypto/mem.c + $(OPENSSL_PATH)/crypto/mem_clr.c + $(OPENSSL_PATH)/crypto/mem_dbg.c +@@ -338,7 +311,6 @@ + $(OPENSSL_PATH)/crypto/modes/ofb128.c + $(OPENSSL_PATH)/crypto/modes/wrap128.c + $(OPENSSL_PATH)/crypto/modes/xts128.c +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h + $(OPENSSL_PATH)/crypto/o_dir.c + $(OPENSSL_PATH)/crypto/o_fips.c + $(OPENSSL_PATH)/crypto/o_fopen.c +@@ -350,9 +322,6 @@ + $(OPENSSL_PATH)/crypto/objects/obj_err.c + $(OPENSSL_PATH)/crypto/objects/obj_lib.c + $(OPENSSL_PATH)/crypto/objects/obj_xref.c +- $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/ocsp/ocsp_asn.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_cl.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_err.c +@@ -363,7 +332,6 @@ + $(OPENSSL_PATH)/crypto/ocsp/ocsp_srv.c + $(OPENSSL_PATH)/crypto/ocsp/ocsp_vfy.c + $(OPENSSL_PATH)/crypto/ocsp/v3_ocsp.c +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h + $(OPENSSL_PATH)/crypto/pem/pem_all.c + $(OPENSSL_PATH)/crypto/pem/pem_err.c + $(OPENSSL_PATH)/crypto/pem/pem_info.c +@@ -399,8 +367,6 @@ + $(OPENSSL_PATH)/crypto/pkcs7/pk7_mime.c + $(OPENSSL_PATH)/crypto/pkcs7/pk7_smime.c + $(OPENSSL_PATH)/crypto/pkcs7/pkcs7err.c +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h +- $(OPENSSL_PATH)/crypto/ppc_arch.h + $(OPENSSL_PATH)/crypto/rand/drbg_ctr.c + $(OPENSSL_PATH)/crypto/rand/drbg_lib.c + $(OPENSSL_PATH)/crypto/rand/rand_egd.c +@@ -409,10 +375,8 @@ + $(OPENSSL_PATH)/crypto/rand/rand_unix.c + $(OPENSSL_PATH)/crypto/rand/rand_vms.c + $(OPENSSL_PATH)/crypto/rand/rand_win.c +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h + $(OPENSSL_PATH)/crypto/rc4/rc4_enc.c + $(OPENSSL_PATH)/crypto/rc4/rc4_skey.c +- $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h + $(OPENSSL_PATH)/crypto/rsa/rsa_ameth.c + $(OPENSSL_PATH)/crypto/rsa/rsa_asn1.c + $(OPENSSL_PATH)/crypto/rsa/rsa_chk.c +@@ -435,24 +399,18 @@ + $(OPENSSL_PATH)/crypto/rsa/rsa_ssl.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931.c + $(OPENSSL_PATH)/crypto/rsa/rsa_x931g.c +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h + $(OPENSSL_PATH)/crypto/sha/keccak1600.c + $(OPENSSL_PATH)/crypto/sha/sha1_one.c + $(OPENSSL_PATH)/crypto/sha/sha1dgst.c + $(OPENSSL_PATH)/crypto/sha/sha256.c + $(OPENSSL_PATH)/crypto/sha/sha512.c +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h + $(OPENSSL_PATH)/crypto/siphash/siphash.c + $(OPENSSL_PATH)/crypto/siphash/siphash_ameth.c + $(OPENSSL_PATH)/crypto/siphash/siphash_pmeth.c +- $(OPENSSL_PATH)/crypto/siphash/siphash_local.h + $(OPENSSL_PATH)/crypto/sm3/m_sm3.c + $(OPENSSL_PATH)/crypto/sm3/sm3.c +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h + $(OPENSSL_PATH)/crypto/sm4/sm4.c + $(OPENSSL_PATH)/crypto/stack/stack.c +- $(OPENSSL_PATH)/crypto/s390x_arch.h +- $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/threads_none.c + $(OPENSSL_PATH)/crypto/threads_pthread.c + $(OPENSSL_PATH)/crypto/threads_win.c +@@ -462,9 +420,7 @@ + $(OPENSSL_PATH)/crypto/ui/ui_null.c + $(OPENSSL_PATH)/crypto/ui/ui_openssl.c + $(OPENSSL_PATH)/crypto/ui/ui_util.c +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h + $(OPENSSL_PATH)/crypto/uid.c +- $(OPENSSL_PATH)/crypto/vms_rms.h + $(OPENSSL_PATH)/crypto/x509/by_dir.c + $(OPENSSL_PATH)/crypto/x509/by_file.c + $(OPENSSL_PATH)/crypto/x509/t_crl.c +@@ -501,7 +457,6 @@ + $(OPENSSL_PATH)/crypto/x509/x_req.c + $(OPENSSL_PATH)/crypto/x509/x_x509.c + $(OPENSSL_PATH)/crypto/x509/x_x509a.c +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h + $(OPENSSL_PATH)/crypto/x509v3/pcy_cache.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_data.c + $(OPENSSL_PATH)/crypto/x509v3/pcy_lib.c +@@ -539,10 +494,57 @@ + $(OPENSSL_PATH)/crypto/x509v3/v3_tlsf.c + $(OPENSSL_PATH)/crypto/x509v3/v3_utl.c + $(OPENSSL_PATH)/crypto/x509v3/v3err.c ++ $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h ++ $(OPENSSL_PATH)/crypto/dh/dh_locl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_def.h ++ $(OPENSSL_PATH)/crypto/conf/conf_lcl.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h ++ $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/md5/md5_locl.h ++ $(OPENSSL_PATH)/crypto/store/store_locl.h ++ $(OPENSSL_PATH)/crypto/dso/dso_locl.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h ++ $(OPENSSL_PATH)/crypto/arm_arch.h ++ $(OPENSSL_PATH)/crypto/mips_arch.h ++ $(OPENSSL_PATH)/crypto/ppc_arch.h ++ $(OPENSSL_PATH)/crypto/s390x_arch.h ++ $(OPENSSL_PATH)/crypto/sparc_arch.h ++ $(OPENSSL_PATH)/crypto/vms_rms.h ++ $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bn/bn_prime.h ++ $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h ++ $(OPENSSL_PATH)/crypto/ui/ui_locl.h ++ $(OPENSSL_PATH)/crypto/md4/md4_locl.h ++ $(OPENSSL_PATH)/crypto/rc4/rc4_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/charmap.h ++ $(OPENSSL_PATH)/crypto/asn1/standard_methods.h ++ $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h ++ $(OPENSSL_PATH)/crypto/evp/evp_locl.h ++ $(OPENSSL_PATH)/crypto/rand/rand_lcl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h ++ $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h ++ $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_null.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_posix.h ++ $(OPENSSL_PATH)/crypto/async/arch/async_win.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h ++ $(OPENSSL_PATH)/crypto/des/des_locl.h ++ $(OPENSSL_PATH)/crypto/des/spr.h ++ $(OPENSSL_PATH)/crypto/siphash/siphash_local.h ++ $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h + $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h +- $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h +- $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h ++ $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h ++ $(OPENSSL_PATH)/crypto/objects/obj_dat.h ++ $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_xref.h + # Autogenerated files list ends here + buildinf.h + rand_pool_noise.h +diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl +index e13c0acb4d..4fe54cd808 100755 +--- a/CryptoPkg/Library/OpensslLib/process_files.pl ++++ b/CryptoPkg/Library/OpensslLib/process_files.pl +@@ -144,6 +144,34 @@ foreach my $product ((@{$unified_info{libraries}}, + } + } + ++ ++# ++# Update the perl script to generate the missing header files ++# ++my @dir_list = (); ++for (keys %{$unified_info{dirinfo}}){ ++ push @dir_list,$_; ++} ++ ++my $dir = getcwd(); ++my @files = (); ++my @headers = (); ++chdir ("openssl"); ++foreach(@dir_list){ ++ @files = glob($_."/*.h"); ++ push @headers, @files; ++} ++chdir ($dir); ++ ++foreach (@headers){ ++ if(/ssl/){ ++ push @sslfilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; ++ next; ++ } ++ push @cryptofilelist, ' $(OPENSSL_PATH)/' . $_ . "\r\n"; ++} ++ ++ + # + # Update OpensslLib.inf with autogenerated file list + # +-- +2.18.1 + diff --git a/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch b/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch new file mode 100644 index 0000000..3838c15 --- /dev/null +++ b/SOURCES/0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch @@ -0,0 +1,159 @@ +From bbda3f776bfcdbcb77b82f1f7fd5dafd798d9784 Mon Sep 17 00:00:00 2001 +From: Shenglei Zhang +Date: Mon, 21 Oct 2019 15:53:42 +0800 +Subject: CryptoPkg: Upgrade OpenSSL to 1.1.1d + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- New patch (cherry-picked from upstream, to be dropped at the next + downstream rebase). + +- Upstream OpenSSL-1.1.1c contains commit 5fba3afad017 ("Rework DSO API + conditions and configuration option", 2019-04-10). This upstream OpenSSL + change requires edk2 to #define DSO_NONE explicitly. + +- The present patch (which is going to be released in edk2-stable201911) + updates "process_files.pl" to generate "dso_conf.h" with the above + macro, and captures the result (i.e. the actual definition of the macro) + in the git tree. + +- This patch is being backported primarily for the DSO_NONE macro (OpenSSL + in RHEL-8.2.0 is based on OpenSSL-1.1.1c). The patch could also come in + handy in case we have to re-run "process_files.pl" ourselves. + +Upgrade openssl from 1.1.1b to 1.1.1d. +Something needs to be noticed is that, there is a bug existing in the +released 1_1_1d version(894da2fb7ed5d314ee5c2fc9fd2d9b8b74111596), +which causes build failure. So we switch the code base to a usable +version, which is 2 commits later than the stable tag. +Now we use the version c3656cc594daac8167721dde7220f0e59ae146fc. +This log is to fix the build failure. +https://bugzilla.tianocore.org/show_bug.cgi?id=2226 + +Besides, the absense of "DSO_NONE" in dso_conf.h causes build failure +in OvmfPkg. So update process_files.pl to generate information from +"crypto/include/internal/dso_conf.h.in". + +shm.h and utsname.h are added to avoid GCC build failure. + +Cc: Jian J Wang +Cc: Xiaoyu Lu +Cc: Liming Gao +Signed-off-by: Shenglei Zhang +Reviewed-by: Jian J Wang +Reviewed-by: Laszlo Ersek +Tested-by: Laszlo Ersek +(cherry picked from commit 1bcc65b9a1408cf445b7b3f9499b27d9c235db71) +Signed-off-by: Laszlo Ersek +--- + CryptoPkg/Library/Include/internal/dso_conf.h | 16 ++++++++++++++++ + CryptoPkg/Library/Include/sys/shm.h | 9 +++++++++ + CryptoPkg/Library/Include/sys/utsname.h | 9 +++++++++ + CryptoPkg/Library/OpensslLib/openssl | 2 +- + CryptoPkg/Library/OpensslLib/process_files.pl | 17 +++++++++++++++-- + 5 files changed, 50 insertions(+), 3 deletions(-) + create mode 100644 CryptoPkg/Library/Include/sys/shm.h + create mode 100644 CryptoPkg/Library/Include/sys/utsname.h + +diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/internal/dso_conf.h +index e69de29bb2..43c891588b 100644 +--- a/CryptoPkg/Library/Include/internal/dso_conf.h ++++ b/CryptoPkg/Library/Include/internal/dso_conf.h +@@ -0,0 +1,16 @@ ++/* WARNING: do not edit! */ ++/* Generated from crypto/include/internal/dso_conf.h.in */ ++/* ++ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef HEADER_DSO_CONF_H ++# define HEADER_DSO_CONF_H ++# define DSO_NONE ++# define DSO_EXTENSION ".so" ++#endif +diff --git a/CryptoPkg/Library/Include/sys/shm.h b/CryptoPkg/Library/Include/sys/shm.h +new file mode 100644 +index 0000000000..dc0b8e81c8 +--- /dev/null ++++ b/CryptoPkg/Library/Include/sys/shm.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building the third-party cryptographic library. ++ ++Copyright (c) 2019, Intel Corporation. All rights reserved.
++SPDX-License-Identifier: BSD-2-Clause-Patent ++ ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/Include/sys/utsname.h b/CryptoPkg/Library/Include/sys/utsname.h +new file mode 100644 +index 0000000000..dc0b8e81c8 +--- /dev/null ++++ b/CryptoPkg/Library/Include/sys/utsname.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building the third-party cryptographic library. ++ ++Copyright (c) 2019, Intel Corporation. All rights reserved.
++SPDX-License-Identifier: BSD-2-Clause-Patent ++ ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl +index 4fe54cd808..bbcfa0d0e7 100755 +--- a/CryptoPkg/Library/OpensslLib/process_files.pl ++++ b/CryptoPkg/Library/OpensslLib/process_files.pl +@@ -2,7 +2,7 @@ + # + # This script runs the OpenSSL Configure script, then processes the + # resulting file list into our local OpensslLib[Crypto].inf and also +-# takes a copy of opensslconf.h. ++# takes copies of opensslconf.h and dso_conf.h. + # + # This only needs to be done once by a developer when updating to a + # new version of OpenSSL (or changing options, etc.). Normal users +@@ -106,6 +106,14 @@ BEGIN { + ) == 0 || + die "Failed to generate opensslconf.h!\n"; + ++ # Generate dso_conf.h per config data ++ system( ++ "perl -I. -Mconfigdata util/dofile.pl " . ++ "crypto/include/internal/dso_conf.h.in " . ++ "> include/internal/dso_conf.h" ++ ) == 0 || ++ die "Failed to generate dso_conf.h!\n"; ++ + chdir($basedir) || + die "Cannot change to base directory \"" . $basedir . "\""; + +@@ -249,12 +257,17 @@ rename( $new_inf_file, $inf_file ) || + print "Done!"; + + # +-# Copy opensslconf.h generated from OpenSSL Configuration ++# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration + # + print "\n--> Duplicating opensslconf.h into Include/openssl ... "; + copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", + $OPENSSL_PATH . "/../../Include/openssl/") || + die "Cannot copy opensslconf.h!"; ++print "Done!"; ++print "\n--> Duplicating dso_conf.h into Include/internal ... "; ++copy($OPENSSL_PATH . "/include/internal/dso_conf.h", ++ $OPENSSL_PATH . "/../../Include/internal/") || ++ die "Cannot copy dso_conf.h!"; + print "Done!\n"; + + print "\nProcessing Files Done!\n"; +-- +2.18.1 + diff --git a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch deleted file mode 100644 index cf06037..0000000 --- a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ /dev/null @@ -1,602 +0,0 @@ -From 727c11ecd9f34990312e14f239e6238693619849 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 11 Jun 2014 23:33:33 +0200 -Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The - OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace - obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The - ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg: - Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14). - - Consequently, because the NetworkPkg iSCSI driver requires OpenSSL - unconditionally, as explained in - , this patch now - builds LogoOpenSSLDxe unconditionally, squashing and updating previous - downstream commits - - - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo - (RHEL only) - - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove - incorrect comments.", 2018-02-28) - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- After picking previous downstream-only commit 32192c62e289, carry new - upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing - dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to - "LogoOpenSSLDxe.inf". - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- For more fun, upstream completely changed the way logo bitmaps are - embedded in the firmware binary (see for example commit ab970515d2c6, - "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this - rebase, we reimplement the previous downstream-only commit e775fb20c999, - as described below. - -- Beyond the new bitmap file (which we preserve intact from the last - downstream branch), we introduce: - - - a new IDF (image description file) referencing the new BMP, - - - a new driver INF file, referencing the new BMP and new IDF (same C - source code though), - - - a new UNI (~description) file for the new driver INF file. - -- In the OVMF DSC and FDF files, we select the new driver INF for - inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they - both make use of OpenSSL (although different subsets of it). - -- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE, - because the ArmVirtQemu platform does not support TLS_ENABLE yet. - -- This patch is best displayed with "git show --find-copies-harder". - -Notes about the d7c0dfa -> 90bb4c5 rebase: - -- squash in the following downstream-only commits (made originally for - ): - - - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment - (RHEL only) - - - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure - Boot (RH only) - - The reason is that ideas keep changing when and where to include the - Secure Boot feature, so the logo must be controllable directly on the - build command line, from the RPM spec file. See the following - references: - - - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html - - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html - - https://bugzilla.redhat.com/show_bug.cgi?id=1323363 - -- This squashed variant should remain the final version of this patch. - -Notes about the c9e5618 -> b9ffeab rebase: -- AAVMF gained Secure Boot support, therefore the logo is again modified - in the common location, and no FDF changes are necessary. - -Notes about the 9ece15a -> c9e5618 rebase: -- Logo.bmp is no longer modified in-place; instead a modified copy is - created. That's because AAVMF includes the logo too, but it doesn't - include OpenSSL / Secure Boot, so we need the original copy too. - -Because we may include the OpenSSL library in our OVMF and AAVMF builds -now, we should advertise it as required by its license. This patch takes -the original TianoCore logo, shifts it up by 20 pixels, and adds the -horizontally centered message - - This product includes software developed by the OpenSSL Project - for use in the OpenSSL Toolkit (http://www.openssl.org/) - -below. - -Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24 -Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8 - -Downstream only because upstream edk2 does not intend to release a -secure-boot-enabled OVMF build. (However the advertising requirement in -the OpenSSL license, -"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed -nonetheless, which is why I'm changing the logo.) - -Signed-off-by: Laszlo Ersek -(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) -(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be) -(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3) -(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) -Signed-off-by: Danilo C. L. de Paula ---- - ArmVirtPkg/ArmVirtQemu.dsc | 2 +- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- - MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes - MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 ++++++++++ - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 13 files changed, 107 insertions(+), 9 deletions(-) - create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp - create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf - create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf - create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index a77d71bcea..f2e5125494 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -347,7 +347,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 098d40b61b..ab799ca67f 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -203,7 +203,7 @@ READ_LOCK_STATUS = TRUE - # - # TianoCore logo (splash screen) - # -- INF MdeModulePkg/Logo/LogoDxe.inf -+ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Ramdisk support -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 1e5388ae70..d2b3f24394 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -331,7 +331,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp -new file mode 100644 -index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29 -GIT binary patch -literal 156342 -zcmeI5d(>~$xW~&aw_M64NYZ7LkVerMIgB$pYT%5)88Oa?KguvP -zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY -zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l -zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12 -zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo* -z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t -z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw -z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8 -zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&ns#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a? -zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE -z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb -zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK -zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI -zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W) -ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN -z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5& -z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc -z(W5B_Snb5D<LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2` -zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC -z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr -zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O -ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm -zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y -z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn7Jr_# -zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT -zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL -z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7 -zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9 -zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO -zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ -zZ)HZA9HQN?fBowS=bd-nQAZucL9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT -zMP`$;+{w6 -zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts -zL;~RA-VBcb3QU(O`l6 -zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e -zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3HMf%xC9#(>mO=IFj^}NHV#Lj -z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt -zeC{#^7{VZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb -zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y -z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A -zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH -z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q -z#U5^JZ4wkHy#0}}mC!ZV}nnU^RZ+|=Y -zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg| -zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz -z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~z)>P3# -z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3 -z-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq -zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1 -zxc%ShrZ`6<0RHgQodrAoh -zSgFbiHWu-)l-PgPQu`y9%`-LB*)t -z0JfJO;vrkhX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgBgk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD -zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Qp|I9?%YE^} -zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc -z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$ -zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG -zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ -z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY -zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf -z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;4>S -zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl> -z7^rJH4OAO`j``+-dZ#@M60IS}YFFFf)W&VY -za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R) -zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y -zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp -zKFQt>Vbm=t6%*pub_){ -zCA$l<)_b;6)NnQ04>SzuFu1i70ta6~A`DdXC=j -zVqk`4D7>weC&k1#JZWL!jyLuB?XwXz%QkDF -zYqrr5PP5vlI>ta<(`lgE@N@8+3#4^wr`@sI7!sJZ -zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6 -zsm0{}`|r=14;04_w9-uBbSZj=1wN7F69NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+ -zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV -zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B -zp7K{7GJLB2)HbE_`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE -z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K% -zcXytO^3f -zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW -zvK_w54ib*s{pCdx`+U+ -zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK -zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_gaB`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g -zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5vhUWL{rld#LnSaW -zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgMChaRR3Q`NWYVa52T-<54&6jk -z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi}i57aDByd`it`*14L?zOuC7O`Zb -zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6 -zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=| -zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQfr!>mb@vk@wzKEOR -zUl^giiGN`YjEEEA6vzVN5FLCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6 -zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox -z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@ -z;@R>q?8C{=X3m9KyurT&nC9FPkxLoM|ZfkdD{z-Jwk38Gqf -zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZsiV>B`L?96ui-1pi)&}t0pQmuO -zjkyJsVOUMgmwe@7qN10I9 -zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q -z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{ -zrxeRA9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH -zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$ -zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW) -z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw -z3l@f;rKYP((H5Gr$(|rLmcp6r6t4$t%^Y9|aV;zhXpXG7(4w#v;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_ -z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C -zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk -zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y -zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA -zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr= -zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W -z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_ -zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO -z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPTzaT>uOf~q|a}+cx{*6-y -z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB -zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9 -zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^ -zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095 -zOig9PT5`Z>N@_#zD%)aez~YZ -z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{ -z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r -zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^ -zgdamB9JKZss5qfIuEVafQ{8IFHZ(DOQ1 -zL2xbpxXzOgb_Q=@TibUgI`Lgj(=e> -zMU)Nx~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo -zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh -z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{RlEdP#0v4%e#ImMtXlgq`3qxe(=XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE -zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr -zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?Dc?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7> -zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a -z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q -zf7)`qfCKTHn1cVw*|W7Di!H#8j2>&Lm&Lm -z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K -zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@ -z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33Wf`WzQnLf`< -zN(2&t(Fph~a{Oz~wUF}&Lm -+// -+// This program and the accompanying materials -+// are licensed and made available under the terms and conditions of the BSD License -+// which accompanies this distribution. The full text of the license may be found at -+// http://opensource.org/licenses/bsd-license.php -+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+// -+// **/ -+ -+#image IMG_LOGO Logo-OpenSSL.bmp -diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf -new file mode 100644 -index 0000000000..2f79d873e2 ---- /dev/null -+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf -@@ -0,0 +1,61 @@ -+## @file -+# The default logo bitmap picture shown on setup screen. -+# -+# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
-+# -+# This program and the accompanying materials -+# are licensed and made available under the terms and conditions of the BSD License -+# which accompanies this distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license.php -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+# -+# -+## -+ -+[Defines] -+ INF_VERSION = 0x00010005 -+ BASE_NAME = LogoOpenSSLDxe -+ MODULE_UNI_FILE = LogoOpenSSLDxe.uni -+ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF -+ MODULE_TYPE = DXE_DRIVER -+ VERSION_STRING = 1.0 -+ -+ ENTRY_POINT = InitializeLogo -+# -+# This flag specifies whether HII resource section is generated into PE image. -+# -+ UEFI_HII_RESOURCE_SECTION = TRUE -+ -+# -+# The following information is for reference only and not required by the build tools. -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ Logo-OpenSSL.bmp -+ Logo.c -+ Logo-OpenSSL.idf -+ -+[Packages] -+ MdeModulePkg/MdeModulePkg.dec -+ MdePkg/MdePkg.dec -+ -+[LibraryClasses] -+ UefiBootServicesTableLib -+ UefiDriverEntryPoint -+ DebugLib -+ -+[Protocols] -+ gEfiHiiDatabaseProtocolGuid ## CONSUMES -+ gEfiHiiImageExProtocolGuid ## CONSUMES -+ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES -+ gEdkiiPlatformLogoProtocolGuid ## PRODUCES -+ -+[Depex] -+ gEfiHiiDatabaseProtocolGuid AND -+ gEfiHiiImageExProtocolGuid -+ -+[UserExtensions.TianoCore."ExtraFiles"] -+ LogoDxeExtra.uni -diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni -new file mode 100644 -index 0000000000..7227ac3910 ---- /dev/null -+++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni -@@ -0,0 +1,22 @@ -+// /** @file -+// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen. -+// -+// This module provides the logo bitmap picture (with OpenSSL advertisment) -+// shown on setup screen, through EDKII Platform Logo protocol. -+// -+// Copyright (c) 2016, Intel Corporation. All rights reserved.
-+// -+// This program and the accompanying materials -+// are licensed and made available under the terms and conditions of the BSD License -+// which accompanies this distribution. The full text of the license may be found at -+// http://opensource.org/licenses/bsd-license.php -+// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+// -+// **/ -+ -+ -+#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen." -+ -+#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." -+ -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 5b885590b2..249b1d8dc0 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -693,7 +693,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 4999403ad7..be3d3b4d14 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -293,7 +293,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index bbf0853ee6..5ec186df4b 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -702,7 +702,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index d0cc107928..b56160b3bf 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d81460f520..29538ade4d 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -700,7 +700,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } -- MdeModulePkg/Logo/LogoDxe.inf -+ MdeModulePkg/Logo/LogoOpenSSLDxe.inf - MdeModulePkg/Application/UiApp/UiApp.inf { - - NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index d0cc107928..b56160b3bf 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf - --INF MdeModulePkg/Logo/LogoDxe.inf -+INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - - # - # Network modules --- -2.18.1 - diff --git a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch deleted file mode 100644 index d046525..0000000 --- a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +++ /dev/null @@ -1,63 +0,0 @@ -From a1260c9122c95bcbef1efc5eebe11902767813c2 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 20 Feb 2014 22:54:45 +0100 -Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no changes - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Upstream prefers short debug messages (sometimes even limited to 80 -characters), but any line length under 512 characters is just unsuitable -for effective debugging. (For example, config strings in HII routing, -logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE -level, can be several hundred characters long.) 512 is an empirically good -value. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb) -(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6) -(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a) -(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a) -(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -index 36cde54976..c0c4eaee0f 100644 ---- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -+++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -@@ -27,7 +27,7 @@ - // - // Define the maximum debug and assert message length that this library supports - // --#define MAX_DEBUG_MESSAGE_LENGTH 0x100 -+#define MAX_DEBUG_MESSAGE_LENGTH 0x200 - - /** - Prints a debug message to the debug output device if the specified error level is enabled. --- -2.18.1 - diff --git a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch deleted file mode 100644 index 56de229..0000000 --- a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +++ /dev/null @@ -1,569 +0,0 @@ -From bd264265a99c60f45cadaa4109a9db59ae218471 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Thu, 12 Jun 2014 00:17:59 +0200 -Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no changes - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- update commit message as requested in - - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -The Int10h VBE Shim is capable of emitting short debug messages when the -win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet -version is preferred; for us debug messages are important as a default. - -For this patch, the DEBUG macro is enabled in the assembly file, and then -the header file is regenerated from the assembly, by running -"OvmfPkg/QemuVideoDxe/VbeShim.sh". - -"VbeShim.h" is not auto-generated; it is manually generated. The patch -does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the -manually re-generated) "VbeShim.h" atomically. Doing so helps with local -downstream builds, with bisection, and also keeps redhat/README a bit -simpler. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) -(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) -(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) -(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba) -(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- - OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- - 2 files changed, 308 insertions(+), 175 deletions(-) - -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm -index 18fa9209d4..f87ed5cf30 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.asm -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm -@@ -18,7 +18,7 @@ - ;------------------------------------------------------------------------------ - - ; enable this macro for debug messages --;%define DEBUG -+%define DEBUG - - %macro DebugLog 1 - %ifdef DEBUG -diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h -index cc9b6e14cd..325d6478a1 100644 ---- a/OvmfPkg/QemuVideoDxe/VbeShim.h -+++ b/OvmfPkg/QemuVideoDxe/VbeShim.h -@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { - /* 000001FE nop */ 0x90, - /* 000001FF nop */ 0x90, - /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, -- /* 00000203 jz 0x22d */ 0x74, 0x28, -+ /* 00000203 jz 0x235 */ 0x74, 0x30, - /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, -- /* 00000208 jz 0x245 */ 0x74, 0x3B, -+ /* 00000208 jz 0x255 */ 0x74, 0x4B, - /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, -- /* 0000020D jz 0x269 */ 0x74, 0x5A, -+ /* 0000020D jz 0x289 */ 0x74, 0x7A, - /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, -- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, -+ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, - /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, -- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, -+ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, - /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, -- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, -+ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, - /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, -- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, -- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, -- /* 0000022D push es */ 0x06, -- /* 0000022E push di */ 0x57, -- /* 0000022F push ds */ 0x1E, -- /* 00000230 push si */ 0x56, -- /* 00000231 push cx */ 0x51, -- /* 00000232 push cs */ 0x0E, -- /* 00000233 pop ds */ 0x1F, -- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, -- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000023A cld */ 0xFC, -- /* 0000023B rep movsb */ 0xF3, 0xA4, -- /* 0000023D pop cx */ 0x59, -- /* 0000023E pop si */ 0x5E, -- /* 0000023F pop ds */ 0x1F, -- /* 00000240 pop di */ 0x5F, -- /* 00000241 pop es */ 0x07, -- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, -- /* 00000245 push es */ 0x06, -- /* 00000246 push di */ 0x57, -- /* 00000247 push ds */ 0x1E, -- /* 00000248 push si */ 0x56, -- /* 00000249 push cx */ 0x51, -- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -- /* 00000252 jz 0x256 */ 0x74, 0x02, -- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, -- /* 00000256 push cs */ 0x0E, -- /* 00000257 pop ds */ 0x1F, -- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, -- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, -- /* 0000025E cld */ 0xFC, -- /* 0000025F rep movsb */ 0xF3, 0xA4, -- /* 00000261 pop cx */ 0x59, -- /* 00000262 pop si */ 0x5E, -- /* 00000263 pop ds */ 0x1F, -- /* 00000264 pop di */ 0x5F, -- /* 00000265 pop es */ 0x07, -- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, -- /* 00000269 push dx */ 0x52, -- /* 0000026A push ax */ 0x50, -- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -- /* 0000026F jz 0x273 */ 0x74, 0x02, -- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, -- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -- /* 00000276 mov al,0x20 */ 0xB0, 0x20, -- /* 00000278 out dx,al */ 0xEE, -- /* 00000279 push dx */ 0x52, -- /* 0000027A push ax */ 0x50, -- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000281 out dx,ax */ 0xEF, -- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 00000288 out dx,ax */ 0xEF, -- /* 00000289 pop ax */ 0x58, -- /* 0000028A pop dx */ 0x5A, -- /* 0000028B push dx */ 0x52, -- /* 0000028C push ax */ 0x50, -- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, -- /* 00000293 out dx,ax */ 0xEF, -- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 0000029A out dx,ax */ 0xEF, -- /* 0000029B pop ax */ 0x58, -- /* 0000029C pop dx */ 0x5A, -- /* 0000029D push dx */ 0x52, -- /* 0000029E push ax */ 0x50, -- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -- /* 000002A5 out dx,ax */ 0xEF, -- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002AC out dx,ax */ 0xEF, -- /* 000002AD pop ax */ 0x58, -- /* 000002AE pop dx */ 0x5A, -- /* 000002AF push dx */ 0x52, -- /* 000002B0 push ax */ 0x50, -- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -- /* 000002B7 out dx,ax */ 0xEF, -- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, -- /* 000002BE out dx,ax */ 0xEF, -- /* 000002BF pop ax */ 0x58, -- /* 000002C0 pop dx */ 0x5A, -- /* 000002C1 push dx */ 0x52, -- /* 000002C2 push ax */ 0x50, -- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -- /* 000002C9 out dx,ax */ 0xEF, -- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, -- /* 000002D0 out dx,ax */ 0xEF, -- /* 000002D1 pop ax */ 0x58, -- /* 000002D2 pop dx */ 0x5A, -- /* 000002D3 push dx */ 0x52, -- /* 000002D4 push ax */ 0x50, -- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, -- /* 000002DB out dx,ax */ 0xEF, -- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002E2 out dx,ax */ 0xEF, -- /* 000002E3 pop ax */ 0x58, -- /* 000002E4 pop dx */ 0x5A, -- /* 000002E5 push dx */ 0x52, -- /* 000002E6 push ax */ 0x50, -- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, -- /* 000002ED out dx,ax */ 0xEF, -- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, -- /* 000002F4 out dx,ax */ 0xEF, -- /* 000002F5 pop ax */ 0x58, -- /* 000002F6 pop dx */ 0x5A, -- /* 000002F7 push dx */ 0x52, -- /* 000002F8 push ax */ 0x50, -- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, -- /* 000002FF out dx,ax */ 0xEF, -- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000306 out dx,ax */ 0xEF, -- /* 00000307 pop ax */ 0x58, -- /* 00000308 pop dx */ 0x5A, -- /* 00000309 push dx */ 0x52, -- /* 0000030A push ax */ 0x50, -- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, -- /* 00000311 out dx,ax */ 0xEF, -- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, -- /* 00000318 out dx,ax */ 0xEF, -- /* 00000319 pop ax */ 0x58, -- /* 0000031A pop dx */ 0x5A, -- /* 0000031B push dx */ 0x52, -- /* 0000031C push ax */ 0x50, -- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, -- /* 00000323 out dx,ax */ 0xEF, -- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, -- /* 0000032A out dx,ax */ 0xEF, -- /* 0000032B pop ax */ 0x58, -- /* 0000032C pop dx */ 0x5A, -- /* 0000032D pop ax */ 0x58, -- /* 0000032E pop dx */ 0x5A, -- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, -- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, -- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, -- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, -- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, -- /* 0000033C jz 0x345 */ 0x74, 0x07, -- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, -- /* 00000340 jz 0x349 */ 0x74, 0x07, -- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, -- /* 00000345 mov al,0x30 */ 0xB0, 0x30, -- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, -- /* 00000349 mov al,0x20 */ 0xB0, 0x20, -- /* 0000034B iretw */ 0xCF, -- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, -- /* 0000034F iretw */ 0xCF, -- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -- /* 00000353 iretw */ 0xCF, -+ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, -+ /* 0000022B push si */ 0x56, -+ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, -+ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, -+ /* 00000232 pop si */ 0x5E, -+ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, -+ /* 00000235 push es */ 0x06, -+ /* 00000236 push di */ 0x57, -+ /* 00000237 push ds */ 0x1E, -+ /* 00000238 push si */ 0x56, -+ /* 00000239 push cx */ 0x51, -+ /* 0000023A push si */ 0x56, -+ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, -+ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, -+ /* 00000241 pop si */ 0x5E, -+ /* 00000242 push cs */ 0x0E, -+ /* 00000243 pop ds */ 0x1F, -+ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, -+ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000024A cld */ 0xFC, -+ /* 0000024B rep movsb */ 0xF3, 0xA4, -+ /* 0000024D pop cx */ 0x59, -+ /* 0000024E pop si */ 0x5E, -+ /* 0000024F pop ds */ 0x1F, -+ /* 00000250 pop di */ 0x5F, -+ /* 00000251 pop es */ 0x07, -+ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, -+ /* 00000255 push es */ 0x06, -+ /* 00000256 push di */ 0x57, -+ /* 00000257 push ds */ 0x1E, -+ /* 00000258 push si */ 0x56, -+ /* 00000259 push cx */ 0x51, -+ /* 0000025A push si */ 0x56, -+ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, -+ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, -+ /* 00000261 pop si */ 0x5E, -+ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, -+ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, -+ /* 0000026A jz 0x276 */ 0x74, 0x0A, -+ /* 0000026C push si */ 0x56, -+ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, -+ /* 00000273 pop si */ 0x5E, -+ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, -+ /* 00000276 push cs */ 0x0E, -+ /* 00000277 pop ds */ 0x1F, -+ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, -+ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, -+ /* 0000027E cld */ 0xFC, -+ /* 0000027F rep movsb */ 0xF3, 0xA4, -+ /* 00000281 pop cx */ 0x59, -+ /* 00000282 pop si */ 0x5E, -+ /* 00000283 pop ds */ 0x1F, -+ /* 00000284 pop di */ 0x5F, -+ /* 00000285 pop es */ 0x07, -+ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, -+ /* 00000289 push dx */ 0x52, -+ /* 0000028A push ax */ 0x50, -+ /* 0000028B push si */ 0x56, -+ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, -+ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, -+ /* 00000292 pop si */ 0x5E, -+ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, -+ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, -+ /* 00000299 push si */ 0x56, -+ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, -+ /* 000002A0 pop si */ 0x5E, -+ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, -+ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, -+ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, -+ /* 000002A8 out dx,al */ 0xEE, -+ /* 000002A9 push dx */ 0x52, -+ /* 000002AA push ax */ 0x50, -+ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 000002B1 out dx,ax */ 0xEF, -+ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002B8 out dx,ax */ 0xEF, -+ /* 000002B9 pop ax */ 0x58, -+ /* 000002BA pop dx */ 0x5A, -+ /* 000002BB push dx */ 0x52, -+ /* 000002BC push ax */ 0x50, -+ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, -+ /* 000002C3 out dx,ax */ 0xEF, -+ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002CA out dx,ax */ 0xEF, -+ /* 000002CB pop ax */ 0x58, -+ /* 000002CC pop dx */ 0x5A, -+ /* 000002CD push dx */ 0x52, -+ /* 000002CE push ax */ 0x50, -+ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, -+ /* 000002D5 out dx,ax */ 0xEF, -+ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002DC out dx,ax */ 0xEF, -+ /* 000002DD pop ax */ 0x58, -+ /* 000002DE pop dx */ 0x5A, -+ /* 000002DF push dx */ 0x52, -+ /* 000002E0 push ax */ 0x50, -+ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, -+ /* 000002E7 out dx,ax */ 0xEF, -+ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, -+ /* 000002EE out dx,ax */ 0xEF, -+ /* 000002EF pop ax */ 0x58, -+ /* 000002F0 pop dx */ 0x5A, -+ /* 000002F1 push dx */ 0x52, -+ /* 000002F2 push ax */ 0x50, -+ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, -+ /* 000002F9 out dx,ax */ 0xEF, -+ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, -+ /* 00000300 out dx,ax */ 0xEF, -+ /* 00000301 pop ax */ 0x58, -+ /* 00000302 pop dx */ 0x5A, -+ /* 00000303 push dx */ 0x52, -+ /* 00000304 push ax */ 0x50, -+ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, -+ /* 0000030B out dx,ax */ 0xEF, -+ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000312 out dx,ax */ 0xEF, -+ /* 00000313 pop ax */ 0x58, -+ /* 00000314 pop dx */ 0x5A, -+ /* 00000315 push dx */ 0x52, -+ /* 00000316 push ax */ 0x50, -+ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, -+ /* 0000031D out dx,ax */ 0xEF, -+ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, -+ /* 00000324 out dx,ax */ 0xEF, -+ /* 00000325 pop ax */ 0x58, -+ /* 00000326 pop dx */ 0x5A, -+ /* 00000327 push dx */ 0x52, -+ /* 00000328 push ax */ 0x50, -+ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, -+ /* 0000032F out dx,ax */ 0xEF, -+ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000336 out dx,ax */ 0xEF, -+ /* 00000337 pop ax */ 0x58, -+ /* 00000338 pop dx */ 0x5A, -+ /* 00000339 push dx */ 0x52, -+ /* 0000033A push ax */ 0x50, -+ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, -+ /* 00000341 out dx,ax */ 0xEF, -+ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, -+ /* 00000348 out dx,ax */ 0xEF, -+ /* 00000349 pop ax */ 0x58, -+ /* 0000034A pop dx */ 0x5A, -+ /* 0000034B push dx */ 0x52, -+ /* 0000034C push ax */ 0x50, -+ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, -+ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, -+ /* 00000353 out dx,ax */ 0xEF, -+ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, -+ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, -+ /* 0000035A out dx,ax */ 0xEF, -+ /* 0000035B pop ax */ 0x58, -+ /* 0000035C pop dx */ 0x5A, -+ /* 0000035D pop ax */ 0x58, -+ /* 0000035E pop dx */ 0x5A, -+ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, -+ /* 00000361 push si */ 0x56, -+ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, -+ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, -+ /* 00000368 pop si */ 0x5E, -+ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, -+ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, -+ /* 0000036E push si */ 0x56, -+ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, -+ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, -+ /* 00000375 pop si */ 0x5E, -+ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, -+ /* 00000378 push si */ 0x56, -+ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, -+ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, -+ /* 0000037F pop si */ 0x5E, -+ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, -+ /* 00000382 push si */ 0x56, -+ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, -+ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, -+ /* 00000389 pop si */ 0x5E, -+ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, -+ /* 0000038C jz 0x39d */ 0x74, 0x0F, -+ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, -+ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, -+ /* 00000392 push si */ 0x56, -+ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, -+ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, -+ /* 00000399 pop si */ 0x5E, -+ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, -+ /* 0000039D mov al,0x30 */ 0xB0, 0x30, -+ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, -+ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, -+ /* 000003A3 push si */ 0x56, -+ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, -+ /* 000003AA pop si */ 0x5E, -+ /* 000003AB iretw */ 0xCF, -+ /* 000003AC push si */ 0x56, -+ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, -+ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, -+ /* 000003B3 pop si */ 0x5E, -+ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, -+ /* 000003B7 iretw */ 0xCF, -+ /* 000003B8 push si */ 0x56, -+ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, -+ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, -+ /* 000003BF pop si */ 0x5E, -+ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, -+ /* 000003C3 iretw */ 0xCF, -+ /* 000003C4 pushaw */ 0x60, -+ /* 000003C5 push ds */ 0x1E, -+ /* 000003C6 push cs */ 0x0E, -+ /* 000003C7 pop ds */ 0x1F, -+ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, -+ /* 000003CB lodsb */ 0xAC, -+ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, -+ /* 000003CE jz 0x3d3 */ 0x74, 0x03, -+ /* 000003D0 out dx,al */ 0xEE, -+ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, -+ /* 000003D3 pop ds */ 0x1F, -+ /* 000003D4 popaw */ 0x61, -+ /* 000003D5 ret */ 0xC3, -+ /* 000003D6 inc bp */ 0x45, -+ /* 000003D7 js 0x442 */ 0x78, 0x69, -+ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, -+ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 000003DE jnc 0x455 */ 0x73, 0x75, -+ /* 000003E0 jo 0x452 */ 0x70, 0x70, -+ /* 000003E2 outsw */ 0x6F, -+ /* 000003E3 jc 0x459 */ 0x72, 0x74, -+ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, -+ /* 000003E9 push bp */ 0x55, -+ /* 000003EA outsb */ 0x6E, -+ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, -+ /* 000003EF outsb */ 0x6E, -+ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, -+ /* 000003F3 outsb */ 0x6E, -+ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, -+ /* 000003F7 outsw */ 0x6F, -+ /* 000003F8 outsb */ 0x6E, -+ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, -+ /* 000003FB inc di */ 0x47, -+ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, -+ /* 000003FF outsb */ 0x6E, -+ /* 00000400 outsd */ 0x66, 0x6F, -+ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000404 inc di */ 0x47, -+ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, -+ /* 00000408 outsw */ 0x6F, -+ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, -+ /* 0000040C outsb */ 0x6E, -+ /* 0000040D outsd */ 0x66, 0x6F, -+ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000411 inc di */ 0x47, -+ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, -+ /* 00000415 outsw */ 0x6F, -+ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000041A push bx */ 0x53, -+ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, -+ /* 0000041E outsw */ 0x6F, -+ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 00000423 push bx */ 0x53, -+ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, -+ /* 00000427 outsw */ 0x6F, -+ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, -+ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, -+ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, -+ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, -+ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, -+ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, -+ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, -+ /* 0000043F inc di */ 0x47, -+ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, -+ /* 00000443 insw */ 0x6D, -+ /* 00000444 inc bx */ 0x43, -+ /* 00000445 popaw */ 0x61, -+ /* 00000446 jo 0x4a9 */ 0x70, 0x61, -+ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, -+ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, -+ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, -+ /* 00000452 push dx */ 0x52, -+ /* 00000453 gs popaw */ 0x65, 0x61, -+ /* 00000455 fs inc bp */ 0x64, 0x45, -+ /* 00000457 fs */ 0x64, -+ /* 00000458 db 0x69 */ 0x69, -+ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, - }; - #endif --- -2.18.1 - diff --git a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch deleted file mode 100644 index d76b4d9..0000000 --- a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +++ /dev/null @@ -1,151 +0,0 @@ -From 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 25 Feb 2014 18:40:35 +0100 -Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- update commit message as requested in - - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- adapt commit 0bc77c63de03 (code and commit message) to upstream commit - 390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine - InitializeTerminalConsoleTextMode", 2017-01-10). - -When the console output is multiplexed to several devices by -ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes -supported by all console output devices. - -Two notable output devices are provided by: -(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, -(2) MdeModulePkg/Universal/Console/TerminalDxe. - -GraphicsConsoleDxe supports four modes at most -- see -InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData": - -(1a) 80x25 (required by the UEFI spec as mode 0), -(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec - requires the driver to provide it as mode 1), -(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI - spec requires from all plug-in graphics devices), -(1d) "full screen" resolution, derived form the underlying GOP's - horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH - (8) and EFI_GLYPH_HEIGHT (19), respectively. - -The automatic "full screen resolution" makes GraphicsConsoleDxe's -character console very flexible. However, TerminalDxe (which runs on -serial ports) only provides the following fixed resolutions -- see -InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData": - -(2a) 80x25 (required by the UEFI spec as mode 0), -(2b) 80x50 (since the character resolution of a serial device cannot be - interrogated easily, this is added unconditionally as mode 1), -(2c) 100x31 (since the character resolution of a serial device cannot be - interrogated easily, this is added unconditionally as mode 2). - -When ConSplitterDxe combines (1) and (2), multiplexing console output to -both video output and serial terminal, the list of commonly supported text -modes (ie. the "intersection") comprises: - -(3a) 80x25, unconditionally, from (1a) and (2a), -(3b) 80x50, if the graphics console provides at least 640x950 pixel - resolution, from (1b) and (2b) -(3c) 100x31, if the graphics device is a plug-in one (because in that case - 800x600 is a mandated pixel resolution), from (1c) and (2c). - -Unfortunately, the "full screen resolution" (1d) of the GOP-based text -console is not available in general. - -Mitigate this problem by extending "mTerminalConsoleModeData" with a -handful of text resolutions that are derived from widespread maximal pixel -resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out -the most frequent (1d) values from the intersection, and eg. the MODE -command in the UEFI shell will offer the "best" (ie. full screen) -resolution too. - -Upstreaming efforts for this patch have been discontinued; it was clear -from the off-list thread that consensus was impossible to reach. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e) -(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f) -(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621) -(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37) -Signed-off-by: Danilo C. L. de Paula ---- - .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- - 1 file changed, 38 insertions(+), 3 deletions(-) - -diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -index 66dd3ad550..78a198379a 100644 ---- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -+++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -@@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = { - }; - - TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { -- {80, 25}, -- {80, 50}, -- {100, 31}, -+ { 80, 25 }, // from graphics resolution 640 x 480 -+ { 80, 50 }, // from graphics resolution 640 x 960 -+ { 100, 25 }, // from graphics resolution 800 x 480 -+ { 100, 31 }, // from graphics resolution 800 x 600 -+ { 104, 32 }, // from graphics resolution 832 x 624 -+ { 120, 33 }, // from graphics resolution 960 x 640 -+ { 128, 31 }, // from graphics resolution 1024 x 600 -+ { 128, 40 }, // from graphics resolution 1024 x 768 -+ { 144, 45 }, // from graphics resolution 1152 x 864 -+ { 144, 45 }, // from graphics resolution 1152 x 870 -+ { 160, 37 }, // from graphics resolution 1280 x 720 -+ { 160, 40 }, // from graphics resolution 1280 x 760 -+ { 160, 40 }, // from graphics resolution 1280 x 768 -+ { 160, 42 }, // from graphics resolution 1280 x 800 -+ { 160, 50 }, // from graphics resolution 1280 x 960 -+ { 160, 53 }, // from graphics resolution 1280 x 1024 -+ { 170, 40 }, // from graphics resolution 1360 x 768 -+ { 170, 40 }, // from graphics resolution 1366 x 768 -+ { 175, 55 }, // from graphics resolution 1400 x 1050 -+ { 180, 47 }, // from graphics resolution 1440 x 900 -+ { 200, 47 }, // from graphics resolution 1600 x 900 -+ { 200, 63 }, // from graphics resolution 1600 x 1200 -+ { 210, 55 }, // from graphics resolution 1680 x 1050 -+ { 240, 56 }, // from graphics resolution 1920 x 1080 -+ { 240, 63 }, // from graphics resolution 1920 x 1200 -+ { 240, 75 }, // from graphics resolution 1920 x 1440 -+ { 250, 105 }, // from graphics resolution 2000 x 2000 -+ { 256, 80 }, // from graphics resolution 2048 x 1536 -+ { 256, 107 }, // from graphics resolution 2048 x 2048 -+ { 320, 75 }, // from graphics resolution 2560 x 1440 -+ { 320, 84 }, // from graphics resolution 2560 x 1600 -+ { 320, 107 }, // from graphics resolution 2560 x 2048 -+ { 350, 110 }, // from graphics resolution 2800 x 2100 -+ { 400, 126 }, // from graphics resolution 3200 x 2400 -+ { 480, 113 }, // from graphics resolution 3840 x 2160 -+ { 512, 113 }, // from graphics resolution 4096 x 2160 -+ { 960, 227 }, // from graphics resolution 7680 x 4320 -+ { 1024, 227 }, // from graphics resolution 8192 x 4320 - // - // New modes can be added here. - // --- -2.18.1 - diff --git a/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch new file mode 100644 index 0000000..5d691f5 --- /dev/null +++ b/SOURCES/0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -0,0 +1,613 @@ +From 740d239222c2656ae8eeb2d1cc4802ce5b07f3d2 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 11 Jun 2014 23:33:33 +0200 +Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- trivial context update (performed silently by git-cherry-pick) for + upstream commit 3207a872a405 ("OvmfPkg: Update DSC/FDF files to consume + CSM components in OvmfPkg", 2019-06-14) + +- A note for the future: the logo could change completely in a subsequent + rebase. See (in + CONFIRMED status at the time of writing). + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The + OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace + obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The + ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg: + Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14). + + Consequently, because the NetworkPkg iSCSI driver requires OpenSSL + unconditionally, as explained in + , this patch now + builds LogoOpenSSLDxe unconditionally, squashing and updating previous + downstream commits + + - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo + (RHEL only) + - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only) + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- Adapted to upstream 25184ec33c36 ("MdeModulePkg/Logo.idf: Remove + incorrect comments.", 2018-02-28) + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- After picking previous downstream-only commit 32192c62e289, carry new + upstream commit e01e9ae28250 ("MdeModulePkg/LogoDxe: Add missing + dependency gEfiHiiImageExProtocolGuid", 2017-03-16) over to + "LogoOpenSSLDxe.inf". + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- For more fun, upstream completely changed the way logo bitmaps are + embedded in the firmware binary (see for example commit ab970515d2c6, + "OvmfPkg: Use the new LogoDxe driver", 2016-09-26). Therefore in this + rebase, we reimplement the previous downstream-only commit e775fb20c999, + as described below. + +- Beyond the new bitmap file (which we preserve intact from the last + downstream branch), we introduce: + + - a new IDF (image description file) referencing the new BMP, + + - a new driver INF file, referencing the new BMP and new IDF (same C + source code though), + + - a new UNI (~description) file for the new driver INF file. + +- In the OVMF DSC and FDF files, we select the new driver INF for + inclusion if either SECURE_BOOT_ENABLE or TLS_ENABLE is set, as they + both make use of OpenSSL (although different subsets of it). + +- In the AAVMF DSC and FDF files, we only look at SECURE_BOOT_ENABLE, + because the ArmVirtQemu platform does not support TLS_ENABLE yet. + +- This patch is best displayed with "git show --find-copies-harder". + +Notes about the d7c0dfa -> 90bb4c5 rebase: + +- squash in the following downstream-only commits (made originally for + ): + + - eef9eb0 restore TianoCore splash logo without OpenSSL advertisment + (RHEL only) + + - 25842f0 OvmfPkg, ArmVirtPkg: show OpenSSL-less logo without Secure + Boot (RH only) + + The reason is that ideas keep changing when and where to include the + Secure Boot feature, so the logo must be controllable directly on the + build command line, from the RPM spec file. See the following + references: + + - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-March/msg00253.html + - https://post-office.corp.redhat.com/mailman/private/virt-devel/2016-April/msg00118.html + - https://bugzilla.redhat.com/show_bug.cgi?id=1323363 + +- This squashed variant should remain the final version of this patch. + +Notes about the c9e5618 -> b9ffeab rebase: +- AAVMF gained Secure Boot support, therefore the logo is again modified + in the common location, and no FDF changes are necessary. + +Notes about the 9ece15a -> c9e5618 rebase: +- Logo.bmp is no longer modified in-place; instead a modified copy is + created. That's because AAVMF includes the logo too, but it doesn't + include OpenSSL / Secure Boot, so we need the original copy too. + +Because we may include the OpenSSL library in our OVMF and AAVMF builds +now, we should advertise it as required by its license. This patch takes +the original TianoCore logo, shifts it up by 20 pixels, and adds the +horizontally centered message + + This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/) + +below. + +Logo-OpenSSL.bmp: PC bitmap, Windows 3.x format, 469 x 111 x 24 +Logo.bmp: PC bitmap, Windows 3.x format, 193 x 58 x 8 + +Downstream only because upstream edk2 does not intend to release a +secure-boot-enabled OVMF build. (However the advertising requirement in +the OpenSSL license, +"CryptoPkg/Library/OpensslLib/openssl-1.0.2*/LICENSE", has been discussed +nonetheless, which is why I'm changing the logo.) + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) +(cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be) +(cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3) +(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) +(cherry picked from commit 727c11ecd9f34990312e14f239e6238693619849) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 2 +- + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- + MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes + MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 ++++++++++ + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32.fdf | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.fdf | 2 +- + 13 files changed, 107 insertions(+), 9 deletions(-) + create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp + create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf + create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf + create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 7ae6702ac1..a3cc3f26ec 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -364,7 +364,7 @@ + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +index 31f615a9d0..57f2f625fe 100644 +--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc ++++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +@@ -176,7 +176,7 @@ READ_LOCK_STATUS = TRUE + # + # TianoCore logo (splash screen) + # +- INF MdeModulePkg/Logo/LogoDxe.inf ++ INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Ramdisk support +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 3b0f04967a..27e65b7638 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -348,7 +348,7 @@ + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf + MdeModulePkg/Universal/BdsDxe/BdsDxe.inf +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.bmp b/MdeModulePkg/Logo/Logo-OpenSSL.bmp +new file mode 100644 +index 0000000000000000000000000000000000000000..4af5740232ce484a939a5852604e35711ea88a29 +GIT binary patch +literal 156342 +zcmeI5d(>~$xW~&aw_M64NYZ7LkVerMIgB$pYT%5)88Oa?KguvP +zI4QXdhfYMHh=?MQLQ0BCrP`(4zMRjyzxCbEZ>}}xTJLYa@9y1uKfkf|+RvQxna_OY +zcg^)(&zft#YrS&!|2yzL>&^VO;olbgyJY?K);pa4*I#cF_W4_@5Lmu^`C8SVd%H7l +zd)wQ-|NZYj=s^#f&XKk6aIEP)deoyH_4&_#{_lVP`%O39^p&rC<)truY4^x-xPS12 +zA8_cqMVXTbv=CU+PmfmLR(siwJMQ?$KmPI2kAC#jEw6otV@>bT_rCYN4}IuEk9fo* +z9`Jw%JnwnW`{56N_@4K?r+a)K^O(n6am5v{dey7CMVXTbR1sLyPmgNHR(rvH?sK2t +z{N^`rdefU$rRBBnaIEP)+Is7)?{~lZ`Iv68#THy*os7a;-tv}T|N7VKug`SBI`Auw +z>$~3du0Q?hPm32XzWnmb4?g%{15l_rUji4jU;gr!cieHu#TQ?^!wx%KcinZIMHId8 +zg)jW^kAJ*q(W0AgzWJNq{N|IN{Nz{>pwXu-Zb?o%?X;&ns#NVBjEGTfBy4FKl;%d-}uI8v#o%s?k`p^WRzo0Z5W`_D6$a? +zvU$J(2b_EExet8c17m)1nB4m7UiZ3R{Nfi*BE(uTSy+fksx%IV4gTQ|e{hr?Ww-vE +z=R5~xhBrCvk;!o>!l1&Sj-5fXjcubxvmIcy6SJ0&Z_&>v*L;pTROffdA%`%YZ@cZb +zGtWE|{#~+UiSoP1LngcKx~odp@_mG9&pr2qcDLDP8zy2n62JT1?|jZjwJsve+I;xK +zAAazIAN<_sKKHD%&VqxabIv*Ey!XBD-EhMVIrk1f{P45SKHGJ7*<}|lfG>O5%V_KI +zkAM6}Kl)MV#-$cwyHQ4=NV*F2hx0h2oI=gXkq*en7r*#LxRv|jhdksVSmqi7p`3W) +ziEeb+vSmN}+0U5OqLfQL(CxO{ZYpgwWM>Lj-}=_KUVr`d?|kPwH`!#9``-7y%$@DN +z`|iK}?Qi$mYcFXIDioIOXHAIujbYFz!m^E6AoC4xcmv_gBOm$5sDNA?CUW!x)en5& +z1NWq6{*TsTvak@7jl&TwoN&SkhBV4Et*-cSkBlh=BJ7dh{qA?)Q#kYgpu(Vzd)LOc +z(W5B_Snb5D<LCly@%?cI>&^Fp=BPF>?_bNldT>4z)+u#27YhLpjCu>496=n2` +zq%9Qrwd6<#Fw4C#mkJZQ8rook4H!=ZYf93}YhU|X`v8nwlay>URP*iUKmR$=oUKWC +z#xtIA)m2wX9#kkS7pA(&sNWa{jUsH?hy^C{fbL08dXidnepD`;;WG1r7rY>5##*sr +zEnhmd!x1e*1U}EBY@Jh2J@qF)`H3#H?75jc<&;xgiZG}!QU|p`Y->H5Vt~ai6ep&O +ziu?j?sWp5q^a*LXW3%!1z3+Wi=ps)D$Ti!_YqMY!=;Vzz-e?*niA;_Zd>bsq6mZAOCpR!ye{jO^BwVjDC@{g(AO}9O(dN&p6|Zcf8{rwr>Gm +zcFayIJX>%P5$iSAT%%;8p_*^Ryf$TlM-$gxd##d#3Wa4GsR>cPF$@|-Shf*_BaS%Y +z#V>v_F)6o1Zqy1<*`*SIi=M{JSSwbn7Jr_# +zunqzWPDZ&XvQ9U@R%@gK7-TBov5$RhY(g?)l=U={X(e*v{qKMOJMX+xMU94Pz7=gT +zK$&oWDS9shD0dYK%Z0&iGV0@SZ5T9)uxTR*oS96Nzv30Ih;3ORDn|w6yY9LR^kQbL +z6)V>ArBgc`(K0eOF`Vtnj50aTeC9KGGQs>99pRF|-5VhxgMk|n=?^N5F(Om!2eGa7 +zXo>+=J27kdxL2Spw;Mhe`W)6csCX6^6$<28Bf(=2BeOOO5d}tDyv8E)+)SNE?coo9 +zcnyeX1RW>8{N*n*xx=HXCqD6sMO`e%SeuE?E3dq=(21rbGd`rlvoE(&)GG2xa@ttO +zr6V1nB10!Wy0xh|N-zrvx`?j*?Qefmve6K=YCQscrpy44UjIu+>&u@o@F|&wqYw*9uWNDj@g9zr9B=S}P1vR686+b07cs$M@cQ +zZ)HZA9HQN?fBowS=bd-nQAZucL9U`|p;R#QO1`FiZ(fF4s%Qz?d>Q}#-r%VDGuz30;xx0^0QtBkc5pOzT +zMP`$;+{w6 +zH{5W8a%j}gD#>B0jui_kYBW^q5l}N;zx1Uqap~gzJqA9qIjB&8pjwT6)Nc%fMiIts +zL;~RA-VBcb3QU(O`l6 +zIy(Q$Di$8xzvx9TA}Aw%VZuw#mk2g_!UjJ+^{G$gxsyS(5TPW~N!DpGeTFqynDq~e +zAXJM7`Yc8PcUBaz3W6s~uYBbzZP0>Ek#qa)w{yJVBdQ#G?6LfPl+~gTtB}u)3HMf%xC9#(>mO=IFj^}NHV#Lj +z$@Btox_pQ-IgClIHe-zhH`?@_%%?y7>Aq1LR2XAKO|x%f+vw301FUvp*79+$KwECt +zeC{#^7{VZHYZoc{E-}%mW2voVQLYHuQRNHUA{h)X_hzVlkSY+9jx!LDA1`EGb +zg#`eGHC15}Sv~sHr#__|W)Fy(d7O&p)Q#&m$2fqIefHUh=5WAXA%F>lD`sK7lE(`y +z{J8MK3u%RiPAnaZ%DoLWdPG>wn!IQMnYBB|AAh_u2NjH4VWgHU^m~Va>NbjO!~#{A +zSpxPWk316D`Q5{0$CzeeHqc3g-XmC8h{?gjVK>wY5AiqMbkjm6)bI=vrBw0ib@-RH +z>Vpax9HXOlwXb12*rVAFu-b`P%g4O}G`rpFb1!2Mze6DWl>m3uET-nfk2AvYC~#)Q +z#U5^JZ4wkHy#0}}mC!ZV}nnU^RZ+|=Y +zYqY`)8dJ|u7}r83g1LuKD}xHN?e%Q+dpm0*7JAi`SsW&7f;JaRFUuvrX05PLByDg| +zAllk@-+iSP<-v;UltS$&%oPYmp6Hm>!3=}Bvb><}5SbEG_RcCSXus>u@z*u6a8AYz +z7izBaM8PwE{kCWk0uRUH)jPI0Co(scOxLgqhv<*VAC~SFF?CyEOs~z)>P3# +z!%lISq9!v@kf~Rp)vOg3iexm{mYHq*+~+98SlwjuW6_)6kV?67iuJ#*kP`pX+h-iwYql3 +z-vj~g?13`Eld^&4y-;r^w2{Wh%;l|SjUgq +zSeR08fgx~jjawGs@)w~j^p1arwm`7Cw=h{C-RF%Qyl-TII5XCbb^Mr(g(>wG7y|e1 +zxc%ShrZ`6<0RHgQodrAoh +zSgFbiHWu-)l-PgPQu`y9%`-LB*)t +z0JfJO;vrkhX;mA~d>btkWqVqn>;_z44NA{74Ak~PcLuen4MjgBgk{AzSHT(Yy+ZOeZa@tiM7kUSc0hsS^LlI)1XD +zu-16XJ)ss?51ZxhVqLfPQ4C%L5#O@rx(KctGrRePnv*rlR;al|6OE2EzAq5{Y(Qp|I9?%YE^} +zI*hok1sdfQXioAP9eoWfIwRRSMNyGoOV%t~-$LOM$wo&S-xsi-ZK$PI=rmA`ep0tc +z(oF(eLQ9I+7awKdm9>0KkF$k?%PW5P#p+R}`k1bvHXS&GicEk|{j;C_EWrzcevL-$ +zUK^a+xNTT&bm1PqX8y;4XdIcl2P^Puz~BG=_e@jpx6Zr{$@x)m7i6tg)NnOc8T0KG +zH5A>B=W?T==xX$~`@U03=lt_4MeDKGk_&~#kciGV`a8%E6FwBp_xfZV3#dVMwXaUZ +z2B;E&W>opzX3-i|8gIELz=^Lxh%fXhj5tY^-q)GakaeP;-TXq$$(m&=SdjggY;>gY +zeStAh*K``FM#qZo4}NojNb{Iuj$sypfk>ygGmX}wjO9kx1d;aBfx`z$^%@;M!5Lrf +z+-TJ9wZW;4+lJ*v7h+FwAdY8bDq4Z}&uQj?7ma@66Q6K?6x;4>S +zKTO5P2=S8*6vcPfH{Np3Gm5CmMc8gzP@_&Vq*guth16s=KKiU#cGDILmq<1`()hl> +z7^rJH4OAO`j``+-dZ#@M60IS}YFFFf)W&VY +za-$2er#KLe<3FBAfjbEXm_Akn+3^P3!IK$ly=N;18?Huw#(aAP{le{dE;kyYR_}R) +zK~7|@Gz{JO`}_*6#~(K+ykd}PdUv1FI93}&LI|j0qrZdv;HGB;nx9CoNRT=BEr8-y +zt7}9#n2J+f%pdua4HU&^);zX~Gqy})`@0yYpMHAO+;!Jo?Y0FsCxJJh*WPbbRI%qp +zKFQt>Vbm=t6%*pub_){ +zCA$l<)_b;6)NnQ04>SzuFu1i70ta6~A`DdXC=j +zVqk`4D7>weC&k1#JZWL!jyLuB?XwXz%QkDF +zYqrr5PP5vlI>ta<(`lgE@N@8+3#4^wr`@sI7!sJZ +zwFa<*{1Dw+X))&ZehVNrkKA~Py-jg));`(L`|f%k_;kOEA#2R>F-&>v&SO*N#SDZ6 +zsm0{}`|r=14;04_w9-uBbSZj=1wN7F69NU_jq_;m>nei^@i<1$qui^bsVeoc`^}x+ +zAt9U5S_9ZFKNN>-rH9d?b9*ygx)6j_@o?%-7_>V+olDczYI`!KG(N+W{yf1l#+jPV +zJb^P$W_x?l+g5L8Z}nPcJXou4jWBREe|v>~4Sro^P+?5R3mxu;`Kr^$KK3!bc3Q)B +zp7K{7GJLB2)HbE_`RQDmu2$QVk)=!-$B&ZC6D%X0=~bI2aOTPE +z_%5uv1My(3x-~rK2`X_PQSi){S60inS7?;G_|^RR6>cv1OD?_>7#DK%9=JKrjE8K% +zcXytO^3f +zh{|LlkO+)LU{y}MteXgcz}TUddWk?HP#};Dk_fCK0>y~RWFn9Vj77lb-f>49a@bDW +zvK_w54ib*s{pCdx`+U+ +zL?96;5bzlY?QXxpdau}UJ@!$syxXQ5q73aGyxmqJXzi(}&18)loO{B59Cgxv9?fRK +zGC6E8Cd>;{dpqxp|BbSes6n+?U4Ch?snnTE?z(I7op-|2i*CK8u_gaB`L?96ui-6BS*c0;IaijISoAXhIH_;?CZfvMU{uK+yJwdei7xpya)&%n}p|03g +zVec{f?S)OK87d(k{zVgdCG2(Zi!3fyChT0}-(|~|8H%-D_{5vhUWL{rld#LnSaW +zdl(rV7+DHj1K8kV;$k8`8bucWQk^8VFrw)cWOAsE9fgMChaRR3Q`NWYVa52T-<54&6jk +z&Cv=uR6zkZFhVQH*dZSr$fT4W(VQxhqq!!O$+t`R2|g(6prEYk>W&aoU2^1)_Qi}i57aDByd`it`*14L?zOuC7O`Zb +zMM~LYoFcX8D~-GwJJeDy5l93I1au0qhakki#Jok=YdS`4B>zGjXmW1XHcBB@&gTa6 +zs!05+XpS?VO~e5&U>wSTeIObr16HCJ=3h$T8Xn3K^O7k}fl8n!+7)NPDOiU7AT<=| +zAg0iv6iR|pQJ^_2tB8suu`CO^6X)`P8r~{yrBQUWrxs@M8M7#08Fr>RnN-mpQfr!>mb@vk@wzKEOR +zUl^giiGN`YjEEEA6vzVN5FLCf^F!?L~r8=F3M#awb7i(l9P#3zPvj~*JI}jH6 +zvH&a53YyTC%;Eq!I3V;C|9bv`y0Dc3iAGIIQD!bNZhJgfN!PI&Qb?_NaASq*^_Otm-EAV*Ox +z71_`i=aOjw!h&w#6gGH-O)`5(2Q@emuc)h1sN`V1TtIb}6UZ^3OpwW>AaE8mtNaaDbuBl=~Wik;+1jZuZ^Q{*DihtS9mVXuh#+bL@ +z;@R>q?8C{=X3m9KyurT&nC9FPkxLoM|ZfkdD{z-Jwk38Gqf +zHpah7vXA`BO=$0i5#66E{x$h3ZiRo9qrLf;XpXS1wxOo@H_~pDMZsiV>B`L?96ui-1pi)&}t0pQmuO +zjkyJsVOUMgmwe@7qN10I9 +zJnQFaaaNa1)QE6v^SRD1_?K{4D-+mj;go%g0uR}&)}73yl*wXNFR*9xaw{yTA~}>Q +z^yXO{Nm+}UZVorxR_(zZI&Klm=)3wD;a`iFUw_NQw&>0=^=5RKxw+-`m35JqR3^8{ +zrxeRA9$jrv$M08l~3*$q$_%GvhQ_IVEC`YEO>5ms|O#*GH +zA@<#MSL75e(kPl-$q4fcQ$-RIJm=Eod;Hh(Est8h-d+>i#s@Dy=!E5`oxgl>eR>8$ +zM1krkyE^g?$1Xqq%o*w|ezZlY+Pe6vqHrRKSz1RkS|&+b80r0u9crnU2qXdp0zRW) +z4VIvFX*cGe+#CNEER5O|{0mEpG}#kk+p$8R2n9A4Y0!#FVNzIC)uCM}cn`xyUWQdw +z3l@f;rKYP((H5Gr$(|rLmcp6r6t4$t%^Y9|aV;zhXpXG7(4w#v;g_pi8C^6vkSC$P`*s&}yzMDvEz)yfEm_ +z7UYXRGFxzcmx9L*wbV-l5`h8%pMLP~9LB%3=Wpg;go2x>0+)%o8vF~Zq89m=8Cd=C +zh%$?Ne>j>DUY1daGYOG@d*ffVC6^rkGL@mInS2bQ<2aW&VtOG?S1le_8es(DS&^Xk +zFeC9Su_qJ3Y**b-5;U4*`X`oDb(k?0LCujvDP6ka&x@(cq=c!tmw#h`jB%3jM^Y`y +zNMWHEQJG8x5`nP@_%s{jUojMf0^?{?jOnBWY)-+yFfw#D$iGlCYHW^wp+8SPz>LgA +zxKk3KPLxHL@UNLv{EI2rc`*KUEoNYRognNj+EU-$99$e9+{IXuxV83N3s#LmE}Hr= +zBkX(#u{+O;T5Q5ZDS8!$I`eL$EB>Pi6EtMq{Y3^R){eiiLoM|ZfkdD{z$en+`~y)W +z%9{V}WnN{nM~$enJ^#=f|B6^)w^_x%G{;MG9N{wOK>c$Hz0j310?+`MpPyffka>|0zQid`L~FF3kr@&Y_87uSIrS}iWU{m5(sm_ +zfR~|it^|;>m=rY=;$ZwM{#8isTHt^wHkxpzVUz$GcE%h%7-JSj2s6#sVp|2F;#SzO +z_ebn31?oCbZO6anda6(t)}~_IlT?l}i>Aj8wbV-l5`h8%pTqEPTzaT>uOf~q|a}+cx{*6-y +z&|I9i^&uz(0##TKvO`&G(L4zNOLoIpRVO~J@vqptTM_#z8o4J%4&iUU|F<}$GMNaB +zM!@I%$oLm#G0)ZnY{HE2X?u(F15{Z>{>1_l!5E<AqhNaBmwkID7H=H#8LX<@iYMn@?(6@eye;fR3%8nG=%~X!f%J}H9 +zmWqi$A~1=7&)c~bc<96*r?r1Yi|~}mZnpEk%p}10SYXp?1Oiq4EgX!@GebgS887A^ +zplJoOD0mrz9rH8-I^FqS42oN=Z$b0F3c5wy+~Y%S;x9i>v;Ihd(AE6tx!s~}q+095 +zOig9PT5`Z>N@_#zD%)aez~YZ +z5<7N=$qFe%>YSQ?x$AdKia@Aa{8+&j*FV6U`iXy47lw^b&!j*|>&ruzpwW?n*q^?{ +z-{`THiitoXFo}RqBw{_Njg6ab36h;eKpBSh#I6J<;T_3@y*4{uSQY-oD<}^_giK*r +zE(Z32Kp3w?h?ElWdfvn9e<5ELp{eC-=x`~bme@J2n&9f9Xj--4Xoto`+_4t^U{DA^ +zgdamB9JKZss5qfIuEVafQ{8IFHZ(DOQ1 +zL2xbpxXzOgb_Q=@TibUgI`Lgj(=e> +zMU)Nx~l!_3pH4%7MB!8D7Ym`!#`P^=;NZCbo +zYOx$bt!NLA<3PMHxQa+n1P7P-kAtlc1qjqsh;qTF)Ya?(MW}frTqQq}wQSO~Vq}Qh +z(-f*jPBe}T?|02&p|)mY^jJ&9L?98EM8M}fR1&GSE3cmU2gQ#K{RlEdP#0v4%e#ImMtXlgq`3qxe(=XJ#6JYIXtR@d=>u^LP`e(>mc9&@wKiE +zc&HqAVc`n|ry^h7)I+R9qY#{9VVIYkI8%WpISctWdaR{lB9I77BH$Byb;iFCsAmRr +zzpp*yt4)&zWELCVdj1!(?!C=-j~1rjIaU)fH~SDS;V>JF?Dc?VD+y4lwj$q2yfy#A(Q6|A(gmX6F3%RUOA>-!_~c7> +zMvt{rOau~vNd(NlgYhpEjPjh!KVV9MEl;c1khOQTTV%Qv2e=GKpUn9EA$Mer5cK^a +z0$zgOF7uMf$_Hj(*NETbfXY-NkO+)Mz-Ku8OK1r*D%6!w>``Ws028(CB@lz_AM`0q +zf7)`qfCKTHn1cVw*|W7Di!H#8j2>&Lm&Lm +z3nA`FS~-P8zz9qZs7xgSiNI(Cd=~L6i)U-?&B`ex0!Co;SWCr3AQ6~Ez-LjxzeQ5K +zY~>UZ0V6OupfZ&RBm$!m@L9z4LO1x0ER1aB6cPa=FnX+|Vj_?TOd{a3C{nG6SUEA@ +z$|)oQMqqM4WhxO!1V$s^v#1gOnu4vILLy)UMvt{rOau~vNd$ZrnPj`O5YDl33Wf`WzQnLf`< +zN(2&t(Fph~a{Oz~wUF}&Lm ++// ++// This program and the accompanying materials ++// are licensed and made available under the terms and conditions of the BSD License ++// which accompanies this distribution. The full text of the license may be found at ++// http://opensource.org/licenses/bsd-license.php ++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++// ++// **/ ++ ++#image IMG_LOGO Logo-OpenSSL.bmp +diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf +new file mode 100644 +index 0000000000..2f79d873e2 +--- /dev/null ++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf +@@ -0,0 +1,61 @@ ++## @file ++# The default logo bitmap picture shown on setup screen. ++# ++# Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
++# ++# This program and the accompanying materials ++# are licensed and made available under the terms and conditions of the BSD License ++# which accompanies this distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license.php ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++# ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = LogoOpenSSLDxe ++ MODULE_UNI_FILE = LogoOpenSSLDxe.uni ++ FILE_GUID = 9CAE7B89-D48D-4D68-BBC4-4C0F1D48CDFF ++ MODULE_TYPE = DXE_DRIVER ++ VERSION_STRING = 1.0 ++ ++ ENTRY_POINT = InitializeLogo ++# ++# This flag specifies whether HII resource section is generated into PE image. ++# ++ UEFI_HII_RESOURCE_SECTION = TRUE ++ ++# ++# The following information is for reference only and not required by the build tools. ++# ++# VALID_ARCHITECTURES = IA32 X64 ++# ++ ++[Sources] ++ Logo-OpenSSL.bmp ++ Logo.c ++ Logo-OpenSSL.idf ++ ++[Packages] ++ MdeModulePkg/MdeModulePkg.dec ++ MdePkg/MdePkg.dec ++ ++[LibraryClasses] ++ UefiBootServicesTableLib ++ UefiDriverEntryPoint ++ DebugLib ++ ++[Protocols] ++ gEfiHiiDatabaseProtocolGuid ## CONSUMES ++ gEfiHiiImageExProtocolGuid ## CONSUMES ++ gEfiHiiPackageListProtocolGuid ## PRODUCES CONSUMES ++ gEdkiiPlatformLogoProtocolGuid ## PRODUCES ++ ++[Depex] ++ gEfiHiiDatabaseProtocolGuid AND ++ gEfiHiiImageExProtocolGuid ++ ++[UserExtensions.TianoCore."ExtraFiles"] ++ LogoDxeExtra.uni +diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni +new file mode 100644 +index 0000000000..7227ac3910 +--- /dev/null ++++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni +@@ -0,0 +1,22 @@ ++// /** @file ++// The logo bitmap picture (with OpenSSL advertisment) shown on setup screen. ++// ++// This module provides the logo bitmap picture (with OpenSSL advertisment) ++// shown on setup screen, through EDKII Platform Logo protocol. ++// ++// Copyright (c) 2016, Intel Corporation. All rights reserved.
++// ++// This program and the accompanying materials ++// are licensed and made available under the terms and conditions of the BSD License ++// which accompanies this distribution. The full text of the license may be found at ++// http://opensource.org/licenses/bsd-license.php ++// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++// ++// **/ ++ ++ ++#string STR_MODULE_ABSTRACT #language en-US "Provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen." ++ ++#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." ++ +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 66e944436a..044379e1ed 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -688,7 +688,7 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 785affeb90..326f82384e 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -283,7 +283,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf + +-INF MdeModulePkg/Logo/LogoDxe.inf ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Network modules +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 51c2bfb44f..2ff68102d3 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -701,7 +701,7 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index 7440707256..aefb6614ad 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf + +-INF MdeModulePkg/Logo/LogoDxe.inf ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Network modules +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index ba7a758844..3a66d4d424 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -699,7 +699,7 @@ + NULL|OvmfPkg/Csm/LegacyBootManagerLib/LegacyBootManagerLib.inf + !endif + } +- MdeModulePkg/Logo/LogoDxe.inf ++ MdeModulePkg/Logo/LogoOpenSSLDxe.inf + MdeModulePkg/Application/UiApp/UiApp.inf { + + NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index 7440707256..aefb6614ad 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -284,7 +284,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf + +-INF MdeModulePkg/Logo/LogoDxe.inf ++INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + + # + # Network modules +-- +2.18.1 + diff --git a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch deleted file mode 100644 index 39ea933..0000000 --- a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ /dev/null @@ -1,150 +0,0 @@ -From cfccb98d13e955beb0b93b4a75a973f30c273ffc Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 25 Feb 2014 22:40:01 +0100 -Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH - only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no change - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec" - context change from upstream commits e043f7895b83 ("MdeModulePkg: Add - PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2 - ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03). - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- refresh commit 519b9751573e against various context changes - -The - - CSI Ps ; Ps ; Ps t - -escape sequence serves for window manipulation. We can use the - - CSI 8 ; ; t - -sequence to adapt eg. the xterm window size to the selected console mode. - -Reference: -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444) -(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574) -(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90) -(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb) -Signed-off-by: Danilo C. L. de Paula ---- - MdeModulePkg/MdeModulePkg.dec | 4 +++ - .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ - .../Console/TerminalDxe/TerminalDxe.inf | 2 ++ - 3 files changed, 36 insertions(+) - -diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index a2130bc439..dcd118ba62 100644 ---- a/MdeModulePkg/MdeModulePkg.dec -+++ b/MdeModulePkg/MdeModulePkg.dec -@@ -1968,6 +1968,10 @@ - # @Prompt The address mask when memory encryption is enabled. - gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047 - -+ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal -+ # mode change. -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 -+ - [PcdsPatchableInModule] - ## Specify memory size with page number for PEI code when - # Loading Module at Fixed Address feature is enabled. -diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -index 4d7218e415..295e7641a5 100644 ---- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -@@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - - **/ - -+#include -+ - #include "Terminal.h" - - // -@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0 - CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; - CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; - -+// -+// Note that this is an ASCII format string, taking two INT32 arguments: -+// rows, columns. -+// -+// A %d (INT32) format specification can expand to at most 11 characters. -+// -+CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt"; -+#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2)) -+ -+ - // - // Body of the ConOut functions - // -@@ -508,6 +520,24 @@ TerminalConOutSetMode ( - return EFI_DEVICE_ERROR; - } - -+ if (PcdGetBool (PcdResizeXterm)) { -+ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE]; -+ -+ UnicodeSPrintAsciiFormat ( -+ ResizeSequence, -+ sizeof ResizeSequence, -+ mResizeTextAreaFormatString, -+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows, -+ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns -+ ); -+ TerminalDevice->OutputEscChar = TRUE; -+ Status = This->OutputString (This, ResizeSequence); -+ TerminalDevice->OutputEscChar = FALSE; -+ if (EFI_ERROR (Status)) { -+ return EFI_DEVICE_ERROR; -+ } -+ } -+ - This->Mode->Mode = (INT32) ModeNumber; - - Status = This->ClearScreen (This); -diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -index 15b4ac1c33..a704bc17e5 100644 ---- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -+++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -@@ -60,6 +60,7 @@ - DebugLib - PcdLib - BaseLib -+ PrintLib - - [Guids] - ## SOMETIMES_PRODUCES ## Variable:L"ConInDev" -@@ -88,6 +89,7 @@ - [Pcd] - gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES - - # [Event] - # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. --- -2.18.1 - diff --git a/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch new file mode 100644 index 0000000..d7ce5a8 --- /dev/null +++ b/SOURCES/0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -0,0 +1,70 @@ +From e949bab1268f83f0f5815a96cd1cb9dd3b21bfb5 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 20 Feb 2014 22:54:45 +0100 +Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- trivial context difference due to upstream commit 2fe5f2f52918 + ("OvmfPkg/PlatformDebugLibIoPort: Add new APIs", 2019-04-02), resolved + by git-cherry-pick automatically + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no changes + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Upstream prefers short debug messages (sometimes even limited to 80 +characters), but any line length under 512 characters is just unsuitable +for effective debugging. (For example, config strings in HII routing, +logged by the platform driver "OvmfPkg/PlatformDxe" on DEBUG_VERBOSE +level, can be several hundred characters long.) 512 is an empirically good +value. + +Signed-off-by: Laszlo Ersek +(cherry picked from commit bfe568d18dba15602604f155982e3b73add63dfb) +(cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6) +(cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a) +(cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a) +(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a) +(cherry picked from commit a1260c9122c95bcbef1efc5eebe11902767813c2) +--- + OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +index 3dfa3126c3..9451c50c70 100644 +--- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c ++++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +@@ -21,7 +21,7 @@ + // + // Define the maximum debug and assert message length that this library supports + // +-#define MAX_DEBUG_MESSAGE_LENGTH 0x100 ++#define MAX_DEBUG_MESSAGE_LENGTH 0x200 + + // + // VA_LIST can not initialize to NULL for all compiler, so we use this to +-- +2.18.1 + diff --git a/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch new file mode 100644 index 0000000..3e3dc79 --- /dev/null +++ b/SOURCES/0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -0,0 +1,574 @@ +From 3aa0316ea1db5416cb528179a3ba5ce37c1279b7 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 12 Jun 2014 00:17:59 +0200 +Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no changes + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no changes + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- update commit message as requested in + + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +The Int10h VBE Shim is capable of emitting short debug messages when the +win2k8r2 UEFI guest uses (emulates) the Video BIOS. In upstream the quiet +version is preferred; for us debug messages are important as a default. + +For this patch, the DEBUG macro is enabled in the assembly file, and then +the header file is regenerated from the assembly, by running +"OvmfPkg/QemuVideoDxe/VbeShim.sh". + +"VbeShim.h" is not auto-generated; it is manually generated. The patch +does not add "VbeShim.h", it just updates both "VbeShim.asm" and (the +manually re-generated) "VbeShim.h" atomically. Doing so helps with local +downstream builds, with bisection, and also keeps redhat/README a bit +simpler. + +Signed-off-by: Laszlo Ersek +(cherry picked from commit ccda46526bb2e573d9b54f0db75d27e442b4566f) +(cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) +(cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) +(cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba) +(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e) +(cherry picked from commit bd264265a99c60f45cadaa4109a9db59ae218471) +--- + OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- + OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- + 2 files changed, 308 insertions(+), 175 deletions(-) + +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm +index cb2a60d827..26fe1bcc32 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.asm ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm +@@ -12,7 +12,7 @@ + ;------------------------------------------------------------------------------ + + ; enable this macro for debug messages +-;%define DEBUG ++%define DEBUG + + %macro DebugLog 1 + %ifdef DEBUG +diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h +index cc9b6e14cd..325d6478a1 100644 +--- a/OvmfPkg/QemuVideoDxe/VbeShim.h ++++ b/OvmfPkg/QemuVideoDxe/VbeShim.h +@@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { + /* 000001FE nop */ 0x90, + /* 000001FF nop */ 0x90, + /* 00000200 cmp ax,0x4f00 */ 0x3D, 0x00, 0x4F, +- /* 00000203 jz 0x22d */ 0x74, 0x28, ++ /* 00000203 jz 0x235 */ 0x74, 0x30, + /* 00000205 cmp ax,0x4f01 */ 0x3D, 0x01, 0x4F, +- /* 00000208 jz 0x245 */ 0x74, 0x3B, ++ /* 00000208 jz 0x255 */ 0x74, 0x4B, + /* 0000020A cmp ax,0x4f02 */ 0x3D, 0x02, 0x4F, +- /* 0000020D jz 0x269 */ 0x74, 0x5A, ++ /* 0000020D jz 0x289 */ 0x74, 0x7A, + /* 0000020F cmp ax,0x4f03 */ 0x3D, 0x03, 0x4F, +- /* 00000212 jz word 0x331 */ 0x0F, 0x84, 0x1B, 0x01, ++ /* 00000212 jz word 0x361 */ 0x0F, 0x84, 0x4B, 0x01, + /* 00000216 cmp ax,0x4f10 */ 0x3D, 0x10, 0x4F, +- /* 00000219 jz word 0x336 */ 0x0F, 0x84, 0x19, 0x01, ++ /* 00000219 jz word 0x36e */ 0x0F, 0x84, 0x51, 0x01, + /* 0000021D cmp ax,0x4f15 */ 0x3D, 0x15, 0x4F, +- /* 00000220 jz word 0x338 */ 0x0F, 0x84, 0x14, 0x01, ++ /* 00000220 jz word 0x378 */ 0x0F, 0x84, 0x54, 0x01, + /* 00000224 cmp ah,0x0 */ 0x80, 0xFC, 0x00, +- /* 00000227 jz word 0x33a */ 0x0F, 0x84, 0x0F, 0x01, +- /* 0000022B jmp short 0x22b */ 0xEB, 0xFE, +- /* 0000022D push es */ 0x06, +- /* 0000022E push di */ 0x57, +- /* 0000022F push ds */ 0x1E, +- /* 00000230 push si */ 0x56, +- /* 00000231 push cx */ 0x51, +- /* 00000232 push cs */ 0x0E, +- /* 00000233 pop ds */ 0x1F, +- /* 00000234 mov si,0x0 */ 0xBE, 0x00, 0x00, +- /* 00000237 mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000023A cld */ 0xFC, +- /* 0000023B rep movsb */ 0xF3, 0xA4, +- /* 0000023D pop cx */ 0x59, +- /* 0000023E pop si */ 0x5E, +- /* 0000023F pop ds */ 0x1F, +- /* 00000240 pop di */ 0x5F, +- /* 00000241 pop es */ 0x07, +- /* 00000242 jmp word 0x34c */ 0xE9, 0x07, 0x01, +- /* 00000245 push es */ 0x06, +- /* 00000246 push di */ 0x57, +- /* 00000247 push ds */ 0x1E, +- /* 00000248 push si */ 0x56, +- /* 00000249 push cx */ 0x51, +- /* 0000024A and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, +- /* 0000024E cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, +- /* 00000252 jz 0x256 */ 0x74, 0x02, +- /* 00000254 jmp short 0x22b */ 0xEB, 0xD5, +- /* 00000256 push cs */ 0x0E, +- /* 00000257 pop ds */ 0x1F, +- /* 00000258 mov si,0x100 */ 0xBE, 0x00, 0x01, +- /* 0000025B mov cx,0x100 */ 0xB9, 0x00, 0x01, +- /* 0000025E cld */ 0xFC, +- /* 0000025F rep movsb */ 0xF3, 0xA4, +- /* 00000261 pop cx */ 0x59, +- /* 00000262 pop si */ 0x5E, +- /* 00000263 pop ds */ 0x1F, +- /* 00000264 pop di */ 0x5F, +- /* 00000265 pop es */ 0x07, +- /* 00000266 jmp word 0x34c */ 0xE9, 0xE3, 0x00, +- /* 00000269 push dx */ 0x52, +- /* 0000026A push ax */ 0x50, +- /* 0000026B cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, +- /* 0000026F jz 0x273 */ 0x74, 0x02, +- /* 00000271 jmp short 0x22b */ 0xEB, 0xB8, +- /* 00000273 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, +- /* 00000276 mov al,0x20 */ 0xB0, 0x20, +- /* 00000278 out dx,al */ 0xEE, +- /* 00000279 push dx */ 0x52, +- /* 0000027A push ax */ 0x50, +- /* 0000027B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000027E mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000281 out dx,ax */ 0xEF, +- /* 00000282 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000285 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 00000288 out dx,ax */ 0xEF, +- /* 00000289 pop ax */ 0x58, +- /* 0000028A pop dx */ 0x5A, +- /* 0000028B push dx */ 0x52, +- /* 0000028C push ax */ 0x50, +- /* 0000028D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000290 mov ax,0x5 */ 0xB8, 0x05, 0x00, +- /* 00000293 out dx,ax */ 0xEF, +- /* 00000294 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000297 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 0000029A out dx,ax */ 0xEF, +- /* 0000029B pop ax */ 0x58, +- /* 0000029C pop dx */ 0x5A, +- /* 0000029D push dx */ 0x52, +- /* 0000029E push ax */ 0x50, +- /* 0000029F mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002A2 mov ax,0x8 */ 0xB8, 0x08, 0x00, +- /* 000002A5 out dx,ax */ 0xEF, +- /* 000002A6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002A9 mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002AC out dx,ax */ 0xEF, +- /* 000002AD pop ax */ 0x58, +- /* 000002AE pop dx */ 0x5A, +- /* 000002AF push dx */ 0x52, +- /* 000002B0 push ax */ 0x50, +- /* 000002B1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002B4 mov ax,0x9 */ 0xB8, 0x09, 0x00, +- /* 000002B7 out dx,ax */ 0xEF, +- /* 000002B8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002BB mov ax,0x0 */ 0xB8, 0x00, 0x00, +- /* 000002BE out dx,ax */ 0xEF, +- /* 000002BF pop ax */ 0x58, +- /* 000002C0 pop dx */ 0x5A, +- /* 000002C1 push dx */ 0x52, +- /* 000002C2 push ax */ 0x50, +- /* 000002C3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002C6 mov ax,0x3 */ 0xB8, 0x03, 0x00, +- /* 000002C9 out dx,ax */ 0xEF, +- /* 000002CA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002CD mov ax,0x20 */ 0xB8, 0x20, 0x00, +- /* 000002D0 out dx,ax */ 0xEF, +- /* 000002D1 pop ax */ 0x58, +- /* 000002D2 pop dx */ 0x5A, +- /* 000002D3 push dx */ 0x52, +- /* 000002D4 push ax */ 0x50, +- /* 000002D5 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002D8 mov ax,0x1 */ 0xB8, 0x01, 0x00, +- /* 000002DB out dx,ax */ 0xEF, +- /* 000002DC mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002DF mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002E2 out dx,ax */ 0xEF, +- /* 000002E3 pop ax */ 0x58, +- /* 000002E4 pop dx */ 0x5A, +- /* 000002E5 push dx */ 0x52, +- /* 000002E6 push ax */ 0x50, +- /* 000002E7 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002EA mov ax,0x6 */ 0xB8, 0x06, 0x00, +- /* 000002ED out dx,ax */ 0xEF, +- /* 000002EE mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 000002F1 mov ax,0x400 */ 0xB8, 0x00, 0x04, +- /* 000002F4 out dx,ax */ 0xEF, +- /* 000002F5 pop ax */ 0x58, +- /* 000002F6 pop dx */ 0x5A, +- /* 000002F7 push dx */ 0x52, +- /* 000002F8 push ax */ 0x50, +- /* 000002F9 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 000002FC mov ax,0x2 */ 0xB8, 0x02, 0x00, +- /* 000002FF out dx,ax */ 0xEF, +- /* 00000300 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000303 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000306 out dx,ax */ 0xEF, +- /* 00000307 pop ax */ 0x58, +- /* 00000308 pop dx */ 0x5A, +- /* 00000309 push dx */ 0x52, +- /* 0000030A push ax */ 0x50, +- /* 0000030B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 0000030E mov ax,0x7 */ 0xB8, 0x07, 0x00, +- /* 00000311 out dx,ax */ 0xEF, +- /* 00000312 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000315 mov ax,0x300 */ 0xB8, 0x00, 0x03, +- /* 00000318 out dx,ax */ 0xEF, +- /* 00000319 pop ax */ 0x58, +- /* 0000031A pop dx */ 0x5A, +- /* 0000031B push dx */ 0x52, +- /* 0000031C push ax */ 0x50, +- /* 0000031D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, +- /* 00000320 mov ax,0x4 */ 0xB8, 0x04, 0x00, +- /* 00000323 out dx,ax */ 0xEF, +- /* 00000324 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, +- /* 00000327 mov ax,0x41 */ 0xB8, 0x41, 0x00, +- /* 0000032A out dx,ax */ 0xEF, +- /* 0000032B pop ax */ 0x58, +- /* 0000032C pop dx */ 0x5A, +- /* 0000032D pop ax */ 0x58, +- /* 0000032E pop dx */ 0x5A, +- /* 0000032F jmp short 0x34c */ 0xEB, 0x1B, +- /* 00000331 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, +- /* 00000334 jmp short 0x34c */ 0xEB, 0x16, +- /* 00000336 jmp short 0x350 */ 0xEB, 0x18, +- /* 00000338 jmp short 0x350 */ 0xEB, 0x16, +- /* 0000033A cmp al,0x3 */ 0x3C, 0x03, +- /* 0000033C jz 0x345 */ 0x74, 0x07, +- /* 0000033E cmp al,0x12 */ 0x3C, 0x12, +- /* 00000340 jz 0x349 */ 0x74, 0x07, +- /* 00000342 jmp word 0x22b */ 0xE9, 0xE6, 0xFE, +- /* 00000345 mov al,0x30 */ 0xB0, 0x30, +- /* 00000347 jmp short 0x34b */ 0xEB, 0x02, +- /* 00000349 mov al,0x20 */ 0xB0, 0x20, +- /* 0000034B iretw */ 0xCF, +- /* 0000034C mov ax,0x4f */ 0xB8, 0x4F, 0x00, +- /* 0000034F iretw */ 0xCF, +- /* 00000350 mov ax,0x14f */ 0xB8, 0x4F, 0x01, +- /* 00000353 iretw */ 0xCF, ++ /* 00000227 jz word 0x382 */ 0x0F, 0x84, 0x57, 0x01, ++ /* 0000022B push si */ 0x56, ++ /* 0000022C mov si,0x3e9 */ 0xBE, 0xE9, 0x03, ++ /* 0000022F call word 0x3c4 */ 0xE8, 0x92, 0x01, ++ /* 00000232 pop si */ 0x5E, ++ /* 00000233 jmp short 0x233 */ 0xEB, 0xFE, ++ /* 00000235 push es */ 0x06, ++ /* 00000236 push di */ 0x57, ++ /* 00000237 push ds */ 0x1E, ++ /* 00000238 push si */ 0x56, ++ /* 00000239 push cx */ 0x51, ++ /* 0000023A push si */ 0x56, ++ /* 0000023B mov si,0x3fb */ 0xBE, 0xFB, 0x03, ++ /* 0000023E call word 0x3c4 */ 0xE8, 0x83, 0x01, ++ /* 00000241 pop si */ 0x5E, ++ /* 00000242 push cs */ 0x0E, ++ /* 00000243 pop ds */ 0x1F, ++ /* 00000244 mov si,0x0 */ 0xBE, 0x00, 0x00, ++ /* 00000247 mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000024A cld */ 0xFC, ++ /* 0000024B rep movsb */ 0xF3, 0xA4, ++ /* 0000024D pop cx */ 0x59, ++ /* 0000024E pop si */ 0x5E, ++ /* 0000024F pop ds */ 0x1F, ++ /* 00000250 pop di */ 0x5F, ++ /* 00000251 pop es */ 0x07, ++ /* 00000252 jmp word 0x3ac */ 0xE9, 0x57, 0x01, ++ /* 00000255 push es */ 0x06, ++ /* 00000256 push di */ 0x57, ++ /* 00000257 push ds */ 0x1E, ++ /* 00000258 push si */ 0x56, ++ /* 00000259 push cx */ 0x51, ++ /* 0000025A push si */ 0x56, ++ /* 0000025B mov si,0x404 */ 0xBE, 0x04, 0x04, ++ /* 0000025E call word 0x3c4 */ 0xE8, 0x63, 0x01, ++ /* 00000261 pop si */ 0x5E, ++ /* 00000262 and cx,0xbfff */ 0x81, 0xE1, 0xFF, 0xBF, ++ /* 00000266 cmp cx,0xf1 */ 0x81, 0xF9, 0xF1, 0x00, ++ /* 0000026A jz 0x276 */ 0x74, 0x0A, ++ /* 0000026C push si */ 0x56, ++ /* 0000026D mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000270 call word 0x3c4 */ 0xE8, 0x51, 0x01, ++ /* 00000273 pop si */ 0x5E, ++ /* 00000274 jmp short 0x233 */ 0xEB, 0xBD, ++ /* 00000276 push cs */ 0x0E, ++ /* 00000277 pop ds */ 0x1F, ++ /* 00000278 mov si,0x100 */ 0xBE, 0x00, 0x01, ++ /* 0000027B mov cx,0x100 */ 0xB9, 0x00, 0x01, ++ /* 0000027E cld */ 0xFC, ++ /* 0000027F rep movsb */ 0xF3, 0xA4, ++ /* 00000281 pop cx */ 0x59, ++ /* 00000282 pop si */ 0x5E, ++ /* 00000283 pop ds */ 0x1F, ++ /* 00000284 pop di */ 0x5F, ++ /* 00000285 pop es */ 0x07, ++ /* 00000286 jmp word 0x3ac */ 0xE9, 0x23, 0x01, ++ /* 00000289 push dx */ 0x52, ++ /* 0000028A push ax */ 0x50, ++ /* 0000028B push si */ 0x56, ++ /* 0000028C mov si,0x41a */ 0xBE, 0x1A, 0x04, ++ /* 0000028F call word 0x3c4 */ 0xE8, 0x32, 0x01, ++ /* 00000292 pop si */ 0x5E, ++ /* 00000293 cmp bx,0x40f1 */ 0x81, 0xFB, 0xF1, 0x40, ++ /* 00000297 jz 0x2a3 */ 0x74, 0x0A, ++ /* 00000299 push si */ 0x56, ++ /* 0000029A mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 0000029D call word 0x3c4 */ 0xE8, 0x24, 0x01, ++ /* 000002A0 pop si */ 0x5E, ++ /* 000002A1 jmp short 0x233 */ 0xEB, 0x90, ++ /* 000002A3 mov dx,0x3c0 */ 0xBA, 0xC0, 0x03, ++ /* 000002A6 mov al,0x20 */ 0xB0, 0x20, ++ /* 000002A8 out dx,al */ 0xEE, ++ /* 000002A9 push dx */ 0x52, ++ /* 000002AA push ax */ 0x50, ++ /* 000002AB mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002AE mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 000002B1 out dx,ax */ 0xEF, ++ /* 000002B2 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002B5 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002B8 out dx,ax */ 0xEF, ++ /* 000002B9 pop ax */ 0x58, ++ /* 000002BA pop dx */ 0x5A, ++ /* 000002BB push dx */ 0x52, ++ /* 000002BC push ax */ 0x50, ++ /* 000002BD mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002C0 mov ax,0x5 */ 0xB8, 0x05, 0x00, ++ /* 000002C3 out dx,ax */ 0xEF, ++ /* 000002C4 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002C7 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002CA out dx,ax */ 0xEF, ++ /* 000002CB pop ax */ 0x58, ++ /* 000002CC pop dx */ 0x5A, ++ /* 000002CD push dx */ 0x52, ++ /* 000002CE push ax */ 0x50, ++ /* 000002CF mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002D2 mov ax,0x8 */ 0xB8, 0x08, 0x00, ++ /* 000002D5 out dx,ax */ 0xEF, ++ /* 000002D6 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002D9 mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002DC out dx,ax */ 0xEF, ++ /* 000002DD pop ax */ 0x58, ++ /* 000002DE pop dx */ 0x5A, ++ /* 000002DF push dx */ 0x52, ++ /* 000002E0 push ax */ 0x50, ++ /* 000002E1 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002E4 mov ax,0x9 */ 0xB8, 0x09, 0x00, ++ /* 000002E7 out dx,ax */ 0xEF, ++ /* 000002E8 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002EB mov ax,0x0 */ 0xB8, 0x00, 0x00, ++ /* 000002EE out dx,ax */ 0xEF, ++ /* 000002EF pop ax */ 0x58, ++ /* 000002F0 pop dx */ 0x5A, ++ /* 000002F1 push dx */ 0x52, ++ /* 000002F2 push ax */ 0x50, ++ /* 000002F3 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 000002F6 mov ax,0x3 */ 0xB8, 0x03, 0x00, ++ /* 000002F9 out dx,ax */ 0xEF, ++ /* 000002FA mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 000002FD mov ax,0x20 */ 0xB8, 0x20, 0x00, ++ /* 00000300 out dx,ax */ 0xEF, ++ /* 00000301 pop ax */ 0x58, ++ /* 00000302 pop dx */ 0x5A, ++ /* 00000303 push dx */ 0x52, ++ /* 00000304 push ax */ 0x50, ++ /* 00000305 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000308 mov ax,0x1 */ 0xB8, 0x01, 0x00, ++ /* 0000030B out dx,ax */ 0xEF, ++ /* 0000030C mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 0000030F mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000312 out dx,ax */ 0xEF, ++ /* 00000313 pop ax */ 0x58, ++ /* 00000314 pop dx */ 0x5A, ++ /* 00000315 push dx */ 0x52, ++ /* 00000316 push ax */ 0x50, ++ /* 00000317 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000031A mov ax,0x6 */ 0xB8, 0x06, 0x00, ++ /* 0000031D out dx,ax */ 0xEF, ++ /* 0000031E mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000321 mov ax,0x400 */ 0xB8, 0x00, 0x04, ++ /* 00000324 out dx,ax */ 0xEF, ++ /* 00000325 pop ax */ 0x58, ++ /* 00000326 pop dx */ 0x5A, ++ /* 00000327 push dx */ 0x52, ++ /* 00000328 push ax */ 0x50, ++ /* 00000329 mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000032C mov ax,0x2 */ 0xB8, 0x02, 0x00, ++ /* 0000032F out dx,ax */ 0xEF, ++ /* 00000330 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000333 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000336 out dx,ax */ 0xEF, ++ /* 00000337 pop ax */ 0x58, ++ /* 00000338 pop dx */ 0x5A, ++ /* 00000339 push dx */ 0x52, ++ /* 0000033A push ax */ 0x50, ++ /* 0000033B mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 0000033E mov ax,0x7 */ 0xB8, 0x07, 0x00, ++ /* 00000341 out dx,ax */ 0xEF, ++ /* 00000342 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000345 mov ax,0x300 */ 0xB8, 0x00, 0x03, ++ /* 00000348 out dx,ax */ 0xEF, ++ /* 00000349 pop ax */ 0x58, ++ /* 0000034A pop dx */ 0x5A, ++ /* 0000034B push dx */ 0x52, ++ /* 0000034C push ax */ 0x50, ++ /* 0000034D mov dx,0x1ce */ 0xBA, 0xCE, 0x01, ++ /* 00000350 mov ax,0x4 */ 0xB8, 0x04, 0x00, ++ /* 00000353 out dx,ax */ 0xEF, ++ /* 00000354 mov dx,0x1d0 */ 0xBA, 0xD0, 0x01, ++ /* 00000357 mov ax,0x41 */ 0xB8, 0x41, 0x00, ++ /* 0000035A out dx,ax */ 0xEF, ++ /* 0000035B pop ax */ 0x58, ++ /* 0000035C pop dx */ 0x5A, ++ /* 0000035D pop ax */ 0x58, ++ /* 0000035E pop dx */ 0x5A, ++ /* 0000035F jmp short 0x3ac */ 0xEB, 0x4B, ++ /* 00000361 push si */ 0x56, ++ /* 00000362 mov si,0x411 */ 0xBE, 0x11, 0x04, ++ /* 00000365 call word 0x3c4 */ 0xE8, 0x5C, 0x00, ++ /* 00000368 pop si */ 0x5E, ++ /* 00000369 mov bx,0x40f1 */ 0xBB, 0xF1, 0x40, ++ /* 0000036C jmp short 0x3ac */ 0xEB, 0x3E, ++ /* 0000036E push si */ 0x56, ++ /* 0000036F mov si,0x43f */ 0xBE, 0x3F, 0x04, ++ /* 00000372 call word 0x3c4 */ 0xE8, 0x4F, 0x00, ++ /* 00000375 pop si */ 0x5E, ++ /* 00000376 jmp short 0x3b8 */ 0xEB, 0x40, ++ /* 00000378 push si */ 0x56, ++ /* 00000379 mov si,0x452 */ 0xBE, 0x52, 0x04, ++ /* 0000037C call word 0x3c4 */ 0xE8, 0x45, 0x00, ++ /* 0000037F pop si */ 0x5E, ++ /* 00000380 jmp short 0x3b8 */ 0xEB, 0x36, ++ /* 00000382 push si */ 0x56, ++ /* 00000383 mov si,0x423 */ 0xBE, 0x23, 0x04, ++ /* 00000386 call word 0x3c4 */ 0xE8, 0x3B, 0x00, ++ /* 00000389 pop si */ 0x5E, ++ /* 0000038A cmp al,0x3 */ 0x3C, 0x03, ++ /* 0000038C jz 0x39d */ 0x74, 0x0F, ++ /* 0000038E cmp al,0x12 */ 0x3C, 0x12, ++ /* 00000390 jz 0x3a1 */ 0x74, 0x0F, ++ /* 00000392 push si */ 0x56, ++ /* 00000393 mov si,0x432 */ 0xBE, 0x32, 0x04, ++ /* 00000396 call word 0x3c4 */ 0xE8, 0x2B, 0x00, ++ /* 00000399 pop si */ 0x5E, ++ /* 0000039A jmp word 0x233 */ 0xE9, 0x96, 0xFE, ++ /* 0000039D mov al,0x30 */ 0xB0, 0x30, ++ /* 0000039F jmp short 0x3a3 */ 0xEB, 0x02, ++ /* 000003A1 mov al,0x20 */ 0xB0, 0x20, ++ /* 000003A3 push si */ 0x56, ++ /* 000003A4 mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003A7 call word 0x3c4 */ 0xE8, 0x1A, 0x00, ++ /* 000003AA pop si */ 0x5E, ++ /* 000003AB iretw */ 0xCF, ++ /* 000003AC push si */ 0x56, ++ /* 000003AD mov si,0x3d6 */ 0xBE, 0xD6, 0x03, ++ /* 000003B0 call word 0x3c4 */ 0xE8, 0x11, 0x00, ++ /* 000003B3 pop si */ 0x5E, ++ /* 000003B4 mov ax,0x4f */ 0xB8, 0x4F, 0x00, ++ /* 000003B7 iretw */ 0xCF, ++ /* 000003B8 push si */ 0x56, ++ /* 000003B9 mov si,0x3dc */ 0xBE, 0xDC, 0x03, ++ /* 000003BC call word 0x3c4 */ 0xE8, 0x05, 0x00, ++ /* 000003BF pop si */ 0x5E, ++ /* 000003C0 mov ax,0x14f */ 0xB8, 0x4F, 0x01, ++ /* 000003C3 iretw */ 0xCF, ++ /* 000003C4 pushaw */ 0x60, ++ /* 000003C5 push ds */ 0x1E, ++ /* 000003C6 push cs */ 0x0E, ++ /* 000003C7 pop ds */ 0x1F, ++ /* 000003C8 mov dx,0x402 */ 0xBA, 0x02, 0x04, ++ /* 000003CB lodsb */ 0xAC, ++ /* 000003CC cmp al,0x0 */ 0x3C, 0x00, ++ /* 000003CE jz 0x3d3 */ 0x74, 0x03, ++ /* 000003D0 out dx,al */ 0xEE, ++ /* 000003D1 jmp short 0x3cb */ 0xEB, 0xF8, ++ /* 000003D3 pop ds */ 0x1F, ++ /* 000003D4 popaw */ 0x61, ++ /* 000003D5 ret */ 0xC3, ++ /* 000003D6 inc bp */ 0x45, ++ /* 000003D7 js 0x442 */ 0x78, 0x69, ++ /* 000003D9 jz 0x3e5 */ 0x74, 0x0A, ++ /* 000003DB add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 000003DE jnc 0x455 */ 0x73, 0x75, ++ /* 000003E0 jo 0x452 */ 0x70, 0x70, ++ /* 000003E2 outsw */ 0x6F, ++ /* 000003E3 jc 0x459 */ 0x72, 0x74, ++ /* 000003E5 or al,[fs:bx+si] */ 0x65, 0x64, 0x0A, 0x00, ++ /* 000003E9 push bp */ 0x55, ++ /* 000003EA outsb */ 0x6E, ++ /* 000003EB imul bp,[bp+0x6f],byte +0x77 */ 0x6B, 0x6E, 0x6F, 0x77, ++ /* 000003EF outsb */ 0x6E, ++ /* 000003F0 and [bp+0x75],al */ 0x20, 0x46, 0x75, ++ /* 000003F3 outsb */ 0x6E, ++ /* 000003F4 arpl [si+0x69],si */ 0x63, 0x74, 0x69, ++ /* 000003F7 outsw */ 0x6F, ++ /* 000003F8 outsb */ 0x6E, ++ /* 000003F9 or al,[bx+si] */ 0x0A, 0x00, ++ /* 000003FB inc di */ 0x47, ++ /* 000003FC gs jz 0x448 */ 0x65, 0x74, 0x49, ++ /* 000003FF outsb */ 0x6E, ++ /* 00000400 outsd */ 0x66, 0x6F, ++ /* 00000402 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000404 inc di */ 0x47, ++ /* 00000405 gs jz 0x455 */ 0x65, 0x74, 0x4D, ++ /* 00000408 outsw */ 0x6F, ++ /* 00000409 gs dec cx */ 0x64, 0x65, 0x49, ++ /* 0000040C outsb */ 0x6E, ++ /* 0000040D outsd */ 0x66, 0x6F, ++ /* 0000040F or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000411 inc di */ 0x47, ++ /* 00000412 gs jz 0x462 */ 0x65, 0x74, 0x4D, ++ /* 00000415 outsw */ 0x6F, ++ /* 00000416 or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000041A push bx */ 0x53, ++ /* 0000041B gs jz 0x46b */ 0x65, 0x74, 0x4D, ++ /* 0000041E outsw */ 0x6F, ++ /* 0000041F or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 00000423 push bx */ 0x53, ++ /* 00000424 gs jz 0x474 */ 0x65, 0x74, 0x4D, ++ /* 00000427 outsw */ 0x6F, ++ /* 00000428 gs dec sp */ 0x64, 0x65, 0x4C, ++ /* 0000042B gs a32 popaw */ 0x65, 0x67, 0x61, ++ /* 0000042E arpl [bx+di+0xa],di */ 0x63, 0x79, 0x0A, ++ /* 00000431 add [di+0x6e],dl */ 0x00, 0x55, 0x6E, ++ /* 00000434 imul bp,[bx+0x77],byte +0x6e */ 0x6B, 0x6F, 0x77, 0x6E, ++ /* 00000438 and [di+0x6f],cl */ 0x20, 0x4D, 0x6F, ++ /* 0000043B or al,[gs:bx+si] */ 0x64, 0x65, 0x0A, 0x00, ++ /* 0000043F inc di */ 0x47, ++ /* 00000440 gs jz 0x493 */ 0x65, 0x74, 0x50, ++ /* 00000443 insw */ 0x6D, ++ /* 00000444 inc bx */ 0x43, ++ /* 00000445 popaw */ 0x61, ++ /* 00000446 jo 0x4a9 */ 0x70, 0x61, ++ /* 00000448 bound bp,[bx+di+0x6c] */ 0x62, 0x69, 0x6C, ++ /* 0000044B imul si,[si+0x69],word 0x7365 */ 0x69, 0x74, 0x69, 0x65, 0x73, ++ /* 00000450 or al,[bx+si] */ 0x0A, 0x00, ++ /* 00000452 push dx */ 0x52, ++ /* 00000453 gs popaw */ 0x65, 0x61, ++ /* 00000455 fs inc bp */ 0x64, 0x45, ++ /* 00000457 fs */ 0x64, ++ /* 00000458 db 0x69 */ 0x69, ++ /* 00000459 or al,[fs:bx+si] */ 0x64, 0x0A, 0x00, + }; + #endif +-- +2.18.1 + diff --git a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch deleted file mode 100644 index 4e62b6d..0000000 --- a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ /dev/null @@ -1,111 +0,0 @@ -From f9b73437b9b231773c1a20e0c516168817a930a2 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 14 Oct 2015 15:59:06 +0200 -Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no change - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- refresh downstream-only commit 8abc2a6ddad2 against context differences - in the DSC files from upstream commit 5e167d7e784c - ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if - SMM_REQUIRE", 2017-03-12). - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721) -(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d) -(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038) -(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3) -(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/OvmfPkgIa32.dsc | 1 + - OvmfPkg/OvmfPkgIa32X64.dsc | 1 + - OvmfPkg/OvmfPkgX64.dsc | 1 + - OvmfPkg/PlatformPei/Platform.c | 1 + - OvmfPkg/PlatformPei/PlatformPei.inf | 1 + - 5 files changed, 5 insertions(+) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 249b1d8dc0..3f1da66aab 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -531,6 +531,7 @@ - # ($(SMM_REQUIRE) == FALSE) - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 - -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 5ec186df4b..9bb0a4cede 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -537,6 +537,7 @@ - # ($(SMM_REQUIRE) == FALSE) - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 - -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 29538ade4d..3b7fc5328c 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -536,6 +536,7 @@ - # ($(SMM_REQUIRE) == FALSE) - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 - -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 -diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index 22139a64cb..64b8034117 100644 ---- a/OvmfPkg/PlatformPei/Platform.c -+++ b/OvmfPkg/PlatformPei/Platform.c -@@ -670,6 +670,7 @@ InitializePlatform ( - PeiFvInitialization (); - MemMapInitialization (); - NoexecDxeInitialization (); -+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); - } - - InstallClearCacheCallback (); -diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index 5c8dd0fe6d..035ce249fe 100644 ---- a/OvmfPkg/PlatformPei/PlatformPei.inf -+++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -96,6 +96,7 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize - gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved - gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode - gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable - gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack --- -2.18.1 - diff --git a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch deleted file mode 100644 index c346ac8..0000000 --- a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch +++ /dev/null @@ -1,57 +0,0 @@ -From f372886be5f1c41677f168be77c484bae5841361 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 12 Apr 2016 20:50:25 +0200 -Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no change - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8) -(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd) -(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03) -(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9) -(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699) -Signed-off-by: Danilo C. L. de Paula ---- - ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf -index eff4a21650..adf1ff6c6a 100644 ---- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf -+++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf -@@ -22,7 +22,7 @@ - FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF - MODULE_TYPE = BASE - VERSION_STRING = 1.0 -- LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER -+ LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER - - CONSTRUCTOR = QemuFwCfgInitialize - --- -2.18.1 - diff --git a/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch new file mode 100644 index 0000000..5b008bb --- /dev/null +++ b/SOURCES/0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -0,0 +1,156 @@ +From 12cb13a1da913912bd9148ce8f2353a75be77f18 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 18:40:35 +0100 +Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no changes + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- update commit message as requested in + + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- adapt commit 0bc77c63de03 (code and commit message) to upstream commit + 390b95a49c14 ("MdeModulePkg/TerminalDxe: Refine + InitializeTerminalConsoleTextMode", 2017-01-10). + +When the console output is multiplexed to several devices by +ConSplitterDxe, then ConSplitterDxe builds an intersection of text modes +supported by all console output devices. + +Two notable output devices are provided by: +(1) MdeModulePkg/Universal/Console/GraphicsConsoleDxe, +(2) MdeModulePkg/Universal/Console/TerminalDxe. + +GraphicsConsoleDxe supports four modes at most -- see +InitializeGraphicsConsoleTextMode() and "mGraphicsConsoleModeData": + +(1a) 80x25 (required by the UEFI spec as mode 0), +(1b) 80x50 (not necessarily supported, but if it is, then the UEFI spec + requires the driver to provide it as mode 1), +(1c) 100x31 (corresponding to graphics resolution 800x600, which the UEFI + spec requires from all plug-in graphics devices), +(1d) "full screen" resolution, derived form the underlying GOP's + horizontal and vertical resolutions with division by EFI_GLYPH_WIDTH + (8) and EFI_GLYPH_HEIGHT (19), respectively. + +The automatic "full screen resolution" makes GraphicsConsoleDxe's +character console very flexible. However, TerminalDxe (which runs on +serial ports) only provides the following fixed resolutions -- see +InitializeTerminalConsoleTextMode() and "mTerminalConsoleModeData": + +(2a) 80x25 (required by the UEFI spec as mode 0), +(2b) 80x50 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 1), +(2c) 100x31 (since the character resolution of a serial device cannot be + interrogated easily, this is added unconditionally as mode 2). + +When ConSplitterDxe combines (1) and (2), multiplexing console output to +both video output and serial terminal, the list of commonly supported text +modes (ie. the "intersection") comprises: + +(3a) 80x25, unconditionally, from (1a) and (2a), +(3b) 80x50, if the graphics console provides at least 640x950 pixel + resolution, from (1b) and (2b) +(3c) 100x31, if the graphics device is a plug-in one (because in that case + 800x600 is a mandated pixel resolution), from (1c) and (2c). + +Unfortunately, the "full screen resolution" (1d) of the GOP-based text +console is not available in general. + +Mitigate this problem by extending "mTerminalConsoleModeData" with a +handful of text resolutions that are derived from widespread maximal pixel +resolutions. This way TerminalDxe won't cause ConSplitterDxe to filter out +the most frequent (1d) values from the intersection, and eg. the MODE +command in the UEFI shell will offer the "best" (ie. full screen) +resolution too. + +Upstreaming efforts for this patch have been discontinued; it was clear +from the off-list thread that consensus was impossible to reach. + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e) +(cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f) +(cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621) +(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37) +(cherry picked from commit 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51) +--- + .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- + 1 file changed, 38 insertions(+), 3 deletions(-) + +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +index c76b2c5100..eff9d9787f 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +@@ -107,9 +107,44 @@ TERMINAL_DEV mTerminalDevTemplate = { + }; + + TERMINAL_CONSOLE_MODE_DATA mTerminalConsoleModeData[] = { +- {80, 25}, +- {80, 50}, +- {100, 31}, ++ { 80, 25 }, // from graphics resolution 640 x 480 ++ { 80, 50 }, // from graphics resolution 640 x 960 ++ { 100, 25 }, // from graphics resolution 800 x 480 ++ { 100, 31 }, // from graphics resolution 800 x 600 ++ { 104, 32 }, // from graphics resolution 832 x 624 ++ { 120, 33 }, // from graphics resolution 960 x 640 ++ { 128, 31 }, // from graphics resolution 1024 x 600 ++ { 128, 40 }, // from graphics resolution 1024 x 768 ++ { 144, 45 }, // from graphics resolution 1152 x 864 ++ { 144, 45 }, // from graphics resolution 1152 x 870 ++ { 160, 37 }, // from graphics resolution 1280 x 720 ++ { 160, 40 }, // from graphics resolution 1280 x 760 ++ { 160, 40 }, // from graphics resolution 1280 x 768 ++ { 160, 42 }, // from graphics resolution 1280 x 800 ++ { 160, 50 }, // from graphics resolution 1280 x 960 ++ { 160, 53 }, // from graphics resolution 1280 x 1024 ++ { 170, 40 }, // from graphics resolution 1360 x 768 ++ { 170, 40 }, // from graphics resolution 1366 x 768 ++ { 175, 55 }, // from graphics resolution 1400 x 1050 ++ { 180, 47 }, // from graphics resolution 1440 x 900 ++ { 200, 47 }, // from graphics resolution 1600 x 900 ++ { 200, 63 }, // from graphics resolution 1600 x 1200 ++ { 210, 55 }, // from graphics resolution 1680 x 1050 ++ { 240, 56 }, // from graphics resolution 1920 x 1080 ++ { 240, 63 }, // from graphics resolution 1920 x 1200 ++ { 240, 75 }, // from graphics resolution 1920 x 1440 ++ { 250, 105 }, // from graphics resolution 2000 x 2000 ++ { 256, 80 }, // from graphics resolution 2048 x 1536 ++ { 256, 107 }, // from graphics resolution 2048 x 2048 ++ { 320, 75 }, // from graphics resolution 2560 x 1440 ++ { 320, 84 }, // from graphics resolution 2560 x 1600 ++ { 320, 107 }, // from graphics resolution 2560 x 2048 ++ { 350, 110 }, // from graphics resolution 2800 x 2100 ++ { 400, 126 }, // from graphics resolution 3200 x 2400 ++ { 480, 113 }, // from graphics resolution 3840 x 2160 ++ { 512, 113 }, // from graphics resolution 4096 x 2160 ++ { 960, 227 }, // from graphics resolution 7680 x 4320 ++ { 1024, 227 }, // from graphics resolution 8192 x 4320 + // + // New modes can be added here. + // +-- +2.18.1 + diff --git a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch deleted file mode 100644 index 15a01b3..0000000 --- a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ /dev/null @@ -1,218 +0,0 @@ -From 232fcf06f6b3048b7c2ebd6931f23186b3852f04 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Sun, 26 Jul 2015 08:02:50 +0000 -Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no change - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- Refresh downstream-only commit d4564d39dfdb against context changes in - "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870 - ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable - override", 2017-03-29). - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such - setter functions for dynamic PCDs that don't return a status code (such - as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds -- - there's really no circumstance in this case when it could fail. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262) -(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c) -(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65) -(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806) -Signed-off-by: Danilo C. L. de Paula ---- - ArmVirtPkg/ArmVirtQemu.dsc | 7 +- - .../TerminalPcdProducerLib.c | 87 +++++++++++++++++++ - .../TerminalPcdProducerLib.inf | 41 +++++++++ - 3 files changed, 134 insertions(+), 1 deletion(-) - create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c - create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index f2e5125494..9fc78d4e0a 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -221,6 +221,8 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 - gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE - -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE -+ - [PcdsDynamicHii] - gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS - -@@ -297,7 +299,10 @@ - MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf - MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf - MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf -- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -+ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf { -+ -+ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf -+ } - MdeModulePkg/Universal/SerialDxe/SerialDxe.inf - - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf -diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c -new file mode 100644 -index 0000000000..814ad48199 ---- /dev/null -+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c -@@ -0,0 +1,87 @@ -+/** @file -+* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg -+* -+* Copyright (C) 2015-2016, Red Hat, Inc. -+* Copyright (c) 2014, Linaro Ltd. All rights reserved.
-+* -+* This program and the accompanying materials are licensed and made available -+* under the terms and conditions of the BSD License which accompanies this -+* distribution. The full text of the license may be found at -+* http://opensource.org/licenses/bsd-license.php -+* -+* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+* IMPLIED. -+* -+**/ -+ -+#include -+#include -+#include -+ -+STATIC -+RETURN_STATUS -+GetNamedFwCfgBoolean ( -+ IN CONST CHAR8 *FwCfgFileName, -+ OUT BOOLEAN *Setting -+ ) -+{ -+ RETURN_STATUS Status; -+ FIRMWARE_CONFIG_ITEM FwCfgItem; -+ UINTN FwCfgSize; -+ UINT8 Value[3]; -+ -+ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize); -+ if (RETURN_ERROR (Status)) { -+ return Status; -+ } -+ if (FwCfgSize > sizeof Value) { -+ return RETURN_BAD_BUFFER_SIZE; -+ } -+ QemuFwCfgSelectItem (FwCfgItem); -+ QemuFwCfgReadBytes (FwCfgSize, Value); -+ -+ if ((FwCfgSize == 1) || -+ (FwCfgSize == 2 && Value[1] == '\n') || -+ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) { -+ switch (Value[0]) { -+ case '0': -+ case 'n': -+ case 'N': -+ *Setting = FALSE; -+ return RETURN_SUCCESS; -+ -+ case '1': -+ case 'y': -+ case 'Y': -+ *Setting = TRUE; -+ return RETURN_SUCCESS; -+ -+ default: -+ break; -+ } -+ } -+ return RETURN_PROTOCOL_ERROR; -+} -+ -+#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ -+ do { \ -+ BOOLEAN Setting; \ -+ RETURN_STATUS PcdStatus; \ -+ \ -+ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \ -+ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \ -+ PcdStatus = PcdSetBoolS (TokenName, Setting); \ -+ ASSERT_RETURN_ERROR (PcdStatus); \ -+ } \ -+ } while (0) -+ -+RETURN_STATUS -+EFIAPI -+TerminalPcdProducerLibConstructor ( -+ VOID -+ ) -+{ -+ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); -+ return RETURN_SUCCESS; -+} -diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf -new file mode 100644 -index 0000000000..fecb37bcdf ---- /dev/null -+++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf -@@ -0,0 +1,41 @@ -+## @file -+# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg -+# -+# Copyright (C) 2015-2016, Red Hat, Inc. -+# Copyright (c) 2014, Linaro Ltd. All rights reserved.
-+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license.php -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+# -+## -+ -+[Defines] -+ INF_VERSION = 0x00010005 -+ BASE_NAME = TerminalPcdProducerLib -+ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96 -+ MODULE_TYPE = BASE -+ VERSION_STRING = 1.0 -+ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER -+ CONSTRUCTOR = TerminalPcdProducerLibConstructor -+ -+[Sources] -+ TerminalPcdProducerLib.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ OvmfPkg/OvmfPkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ -+[LibraryClasses] -+ DebugLib -+ PcdLib -+ QemuFwCfgLib -+ -+[Pcd] -+ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm --- -2.18.1 - diff --git a/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch new file mode 100644 index 0000000..3edba86 --- /dev/null +++ b/SOURCES/0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -0,0 +1,160 @@ +From a11602f5e2ef930be5b693ddfd0c789a1bd4c60c Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 25 Feb 2014 22:40:01 +0100 +Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH + only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- Conflict in "MdeModulePkg/MdeModulePkg.dec" due to upstream commits + - 1103ba946aee ("MdeModulePkg: Add Capsule On Disk related definition.", + 2019-06-26), + - 1c7b3eb84631 ("MdeModulePkg/DxeIpl: Introduce PCD + PcdUse5LevelPageTable", 2019-08-09), + with easy manual resolution. + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit 2909e025db68 against "MdeModulePkg.dec" + context change from upstream commits e043f7895b83 ("MdeModulePkg: Add + PCD PcdPteMemoryEncryptionAddressOrMask", 2017-02-27) and 76081dfcc5b2 + ("MdeModulePkg: Add PROMPT&HELP string of pcd to UNI file", 2017-03-03). + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- refresh commit 519b9751573e against various context changes + +The + + CSI Ps ; Ps ; Ps t + +escape sequence serves for window manipulation. We can use the + + CSI 8 ; ; t + +sequence to adapt eg. the xterm window size to the selected console mode. + +Reference: +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444) +(cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574) +(cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90) +(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb) +(cherry picked from commit cfccb98d13e955beb0b93b4a75a973f30c273ffc) +--- + MdeModulePkg/MdeModulePkg.dec | 4 +++ + .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ + .../Console/TerminalDxe/TerminalDxe.inf | 2 ++ + 3 files changed, 36 insertions(+) + +diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec +index 19935c88fa..5690bbd8b3 100644 +--- a/MdeModulePkg/MdeModulePkg.dec ++++ b/MdeModulePkg/MdeModulePkg.dec +@@ -2002,6 +2002,10 @@ + # @Prompt Capsule On Disk relocation device path. + gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x0000002f + ++ ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal ++ # mode change. ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE|BOOLEAN|0x00010080 ++ + [PcdsPatchableInModule] + ## Specify memory size with page number for PEI code when + # Loading Module at Fixed Address feature is enabled. +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +index 7ef655cca5..1113252df2 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +@@ -7,6 +7,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ + ++#include ++ + #include "Terminal.h" + + // +@@ -80,6 +82,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0 + CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; + CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; + ++// ++// Note that this is an ASCII format string, taking two INT32 arguments: ++// rows, columns. ++// ++// A %d (INT32) format specification can expand to at most 11 characters. ++// ++CHAR8 mResizeTextAreaFormatString[] = "\x1B[8;%d;%dt"; ++#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2)) ++ ++ + // + // Body of the ConOut functions + // +@@ -502,6 +514,24 @@ TerminalConOutSetMode ( + return EFI_DEVICE_ERROR; + } + ++ if (PcdGetBool (PcdResizeXterm)) { ++ CHAR16 ResizeSequence[RESIZE_SEQ_SIZE]; ++ ++ UnicodeSPrintAsciiFormat ( ++ ResizeSequence, ++ sizeof ResizeSequence, ++ mResizeTextAreaFormatString, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Rows, ++ (INT32) TerminalDevice->TerminalConsoleModeData[ModeNumber].Columns ++ ); ++ TerminalDevice->OutputEscChar = TRUE; ++ Status = This->OutputString (This, ResizeSequence); ++ TerminalDevice->OutputEscChar = FALSE; ++ if (EFI_ERROR (Status)) { ++ return EFI_DEVICE_ERROR; ++ } ++ } ++ + This->Mode->Mode = (INT32) ModeNumber; + + Status = This->ClearScreen (This); +diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +index 24e164ef4d..d1160ed1c7 100644 +--- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +@@ -55,6 +55,7 @@ + DebugLib + PcdLib + BaseLib ++ PrintLib + + [Guids] + ## SOMETIMES_PRODUCES ## Variable:L"ConInDev" +@@ -83,6 +84,7 @@ + [Pcd] + gEfiMdePkgTokenSpaceGuid.PcdDefaultTerminalType ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdErrorCodeSetVariable ## CONSUMES ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm ## CONSUMES + + # [Event] + # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. +-- +2.18.1 + diff --git a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch deleted file mode 100644 index b1ada3a..0000000 --- a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 4 Nov 2014 23:02:53 +0100 -Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH - only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- update the patch against the following upstream commits: - - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19) - - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5 - tool chain", 2018-11-27) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no change - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com> -Patchwork-id: 62119 -O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell - from the firmware image (RH only) -Bugzilla: 1147592 -Acked-by: Andrew Jones -Acked-by: Gerd Hoffmann -Acked-by: Vitaly Kuznetsov - -When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell -binary from the firmware image. - -Peter Jones advised us that firmware vendors for physical systems disable -the memory-mapped, firmware image-contained UEFI shell in -SecureBoot-enabled builds. The reason being that the memory-mapped shell -can always load, it may have direct access to various hardware in the -system, and it can run UEFI shell scripts (which cannot be signed at all). - -Intended use of the new build option: - -- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant - firmware image will contain a shell binary, independently of SecureBoot - enablement, which is flexible for interactive development. (Ie. no - change for in-tree builds.) - -- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and - '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide: - - - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell, - - - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd, - - - UefiShell.iso: a bootable ISO image with the shell on it as default - boot loader. The shell binary will load when SecureBoot is turned off, - and won't load when SecureBoot is turned on (because it is not - signed). - - UefiShell.iso is the reason we're not excluding the shell from the DSC - files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD' - is specified, the shell binary needs to be built the same, only it - will be included in UefiShell.iso. - -Signed-off-by: Laszlo Ersek -(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd) -(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933) -(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b) -(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245) -(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/OvmfPkgIa32.fdf | 2 ++ - OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ - OvmfPkg/OvmfPkgX64.fdf | 2 ++ - 3 files changed, 6 insertions(+) - -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index be3d3b4d14..a545f7c2a6 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf - INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !if $(TOOL_CHAIN_TAG) != "XCODE5" - INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf -+!endif - - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index b56160b3bf..fe24e86b92 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf - INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !if $(TOOL_CHAIN_TAG) != "XCODE5" - INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf -+!endif - - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index b56160b3bf..fe24e86b92 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour - INF FatPkg/EnhancedFatDxe/Fat.inf - INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf - -+!ifndef $(EXCLUDE_SHELL_FROM_FD) - !if $(TOOL_CHAIN_TAG) != "XCODE5" - INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - !endif - INF ShellPkg/Application/Shell/Shell.inf -+!endif - - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - --- -2.18.1 - diff --git a/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch new file mode 100644 index 0000000..b42de25 --- /dev/null +++ b/SOURCES/0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -0,0 +1,116 @@ +From 2cc462ee963d0be119bc97bfc9c70d292a40516f Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 15:59:06 +0200 +Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- refresh downstream-only commit 8abc2a6ddad2 against context differences + in the DSC files from upstream commit 5e167d7e784c + ("OvmfPkg/PlatformPei: don't allocate reserved mem varstore if + SMM_REQUIRE", 2017-03-12). + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 6fa0c4d67c0bb8bde2ddd6db41c19eb0c40b2721) +(cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d) +(cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038) +(cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3) +(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853) +(cherry picked from commit f9b73437b9b231773c1a20e0c516168817a930a2) +--- + OvmfPkg/OvmfPkgIa32.dsc | 1 + + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + + OvmfPkg/OvmfPkgX64.dsc | 1 + + OvmfPkg/PlatformPei/Platform.c | 1 + + OvmfPkg/PlatformPei/PlatformPei.inf | 1 + + 5 files changed, 5 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 044379e1ed..accf5c0211 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -525,6 +525,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 2ff68102d3..8812da9943 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -531,6 +531,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 3a66d4d424..73e1b7824f 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -530,6 +530,7 @@ + # ($(SMM_REQUIRE) == FALSE) + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 3ba2459872..bbbf1ac2a8 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -667,6 +667,7 @@ InitializePlatform ( + PeiFvInitialization (); + MemMapInitialization (); + NoexecDxeInitialization (); ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); + } + + InstallClearCacheCallback (); +diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf +index d9fd9c8f05..666803916c 100644 +--- a/OvmfPkg/PlatformPei/PlatformPei.inf ++++ b/OvmfPkg/PlatformPei/PlatformPei.inf +@@ -89,6 +89,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize + gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved + gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeIplSwitchToLongMode + gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable + gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack +-- +2.18.1 + diff --git a/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch new file mode 100644 index 0000000..4972df3 --- /dev/null +++ b/SOURCES/0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch @@ -0,0 +1,62 @@ +From 0dd0ad0dcdfd1189ed8aa880765403d1f587cc59 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 12 Apr 2016 20:50:25 +0200 +Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 8e2153358aa2bba2c91faa87a70beadcaae03fd8) +(cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd) +(cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03) +(cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9) +(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699) +(cherry picked from commit f372886be5f1c41677f168be77c484bae5841361) +--- + ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +index 4d27d7d30b..feceed5f93 100644 +--- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf ++++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +@@ -15,7 +15,7 @@ + FILE_GUID = B271F41F-B841-48A9-BA8D-545B4BC2E2BF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 +- LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER ++ LIBRARY_CLASS = QemuFwCfgLib|DXE_DRIVER UEFI_DRIVER + + CONSTRUCTOR = QemuFwCfgInitialize + +-- +2.18.1 + diff --git a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch deleted file mode 100644 index 94613a8..0000000 --- a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ /dev/null @@ -1,1360 +0,0 @@ -From 60737ccca40e6b4f11da438892c862b254dbfac9 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 4 Nov 2014 23:02:55 +0100 -Subject: OvmfPkg: EnrollDefaultKeys: application for enrolling default keys - (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- This patch now squashes the following commits: - - c0b2615a9c0b OvmfPkg: EnrollDefaultKeys: application for enrolling - default keys (RH only) - - 22f4d33d0168 OvmfPkg/EnrollDefaultKeys: update SignatureOwner GUID for - Windows HCK (RH) - - ff7f2c1d870d OvmfPkg/EnrollDefaultKeys: expose CertType parameter of - EnrollListOfCerts (RH) - - aee7b5ba60b4 OvmfPkg/EnrollDefaultKeys: blacklist empty file in dbx - for Windows HCK (RH) - -- Consequently, OvmfPkg/EnrollDefaultKeys/ is identical to the same - directory at the "RHEL-7.4" tag (49d06d386736). - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- This patch now squashes the following commits: - - 014f459c197b OvmfPkg: EnrollDefaultKeys: application for enrolling - default keys (RH only) - - 18422a18d0e9 OvmfPkg/EnrollDefaultKeys: assign Status before reading - it (RH only) - - ddb90568e874 OvmfPkg/EnrollDefaultKeys: silence VS2015x86 warning (RH - only) - -Notes about the c9e5618 -> b9ffeab rebase: -- Guid/VariableFormat.h now lives under MdeModulePkg. - -Notes about the 9ece15a -> c9e5618 rebase: -- resolved conflicts in: - OvmfPkg/OvmfPkgIa32.dsc - OvmfPkg/OvmfPkgIa32X64.dsc - OvmfPkg/OvmfPkgX64.dsc - due to OvmfPkg/SecureBootConfigDxe/SecureBootConfigDxe.inf having - disappeared in upstream (commit 57446bb9). - -Message-id: <1415138578-27173-16-git-send-email-lersek@redhat.com> -Patchwork-id: 62121 -O-Subject: [RHEL-7.1 ovmf PATCH v2 15/18] OvmfPkg: EnrollDefaultKeys: - application for enrolling default keys (RH only) -Bugzilla: 1148296 -1160400 -Acked-by: Andrew Jones -Acked-by: Vitaly Kuznetsov -Acked-by: Gerd Hoffmann - -This application is meant to be invoked by the management layer, after -booting the UEFI shell and getting a shell prompt on the serial console. -The app enrolls a number of certificates (see below), and then reports -status to the serial console as well. The expected output is "info: -success": - -> Shell> EnrollDefaultKeys.efi -> info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 -> info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 -> info: success -> Shell> - -In case of success, the management layer can force off or reboot the VM -(for example with the "reset -s" or "reset -c" UEFI shell commands, -respectively), and start the guest installation with SecureBoot enabled. - -PK: -- A unique, static, ad-hoc certificate whose private half has been - destroyed (more precisely, never saved) and is therefore unusable for - signing. (The command for creating this certificate is saved in the - source code.) Background: - -On 09/30/14 20:00, Peter Jones wrote: -> We should generate a special key that's not in our normal signing chains -> for PK and KEK. The reason for this is that [in practice] PK gets -> treated as part of DB (*). -> -> [Shipping a key in our normal signing chains] as PK means you can run -> grub directly, in which case it won't have access to the shim protocol. -> When grub is run without the shim protocol registered, it assumes SB is -> disabled and boots without verifying the kernel. We don't want that to -> be a thing you can do, but allowing that is the inevitable result of -> shipping with any of our normal signing chain in PK or KEK. -> -> (* USRT has actually agreed that since you can escalate to this behavior -> if you have the secret half of a key in KEK or PK anyway, and many -> vendors had already shipped it this way, that it is fine and I think -> even *expected* at this point, even though it wasn't formally in the -> UEFI 2.3.1 Spec that introduced Secure Boot. I'll try and make sure the -> language reflects that in an upcoming spec revision.) -> -> So let me get SRT to issue a special key to use for PK and KEK. We can -> use it just for those operations, and make sure it's protected with the -> same processes and controls as our other signing keys. - - Until SRT generates such a key for us, this ad-hoc key should be a good - placeholder. - -KEK: -- same ad-hoc certificate as used for the PK, -- "Microsoft Corporation KEK CA 2011" -- the dbx data in Fedora's dbxtool - package is signed (indirectly, through a chain) with this; enrolling - such a KEK should allow guests to install those updates. - -DB: -- "Microsoft Windows Production PCA 2011" -- to load Windows 8 and Windows - Server 2012 R2, -- "Microsoft Corporation UEFI CA 2011" -- to load Linux and signed PCI - oproms. - -*UPDATE* - -OvmfPkg: EnrollDefaultKeys: pick up official Red Hat PK/KEK (RHEL only) - -Replace the placeholder ExampleCert with a certificate generated and -managed by the Red Hat Security Response Team. - -> Certificate: -> Data: -> Version: 3 (0x2) -> Serial Number: 18371740789028339953 (0xfef588e8f396c0f1) -> Signature Algorithm: sha256WithRSAEncryption -> Issuer: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com -> Validity -> Not Before: Oct 31 11:15:37 2014 GMT -> Not After : Oct 25 11:15:37 2037 GMT -> Subject: CN=Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com -> Subject Public Key Info: -> Public Key Algorithm: rsaEncryption -> Public-Key: (2048 bit) -> Modulus: -> 00:90:1f:84:7b:8d:bc:eb:97:26:82:6d:88:ab:8a: -> c9:8c:68:70:f9:df:4b:07:b2:37:83:0b:02:c8:67: -> 68:30:9e:e3:f0:f0:99:4a:b8:59:57:c6:41:f6:38: -> 8b:fe:66:4c:49:e9:37:37:92:2e:98:01:1e:5b:14: -> 50:e6:a8:8d:25:0d:f5:86:e6:ab:30:cb:40:16:ea: -> 8d:8b:16:86:70:43:37:f2:ce:c0:91:df:71:14:8e: -> 99:0e:89:b6:4c:6d:24:1e:8c:e4:2f:4f:25:d0:ba: -> 06:f8:c6:e8:19:18:76:73:1d:81:6d:a8:d8:05:cf: -> 3a:c8:7b:28:c8:36:a3:16:0d:29:8c:99:9a:68:dc: -> ab:c0:4d:8d:bf:5a:bb:2b:a9:39:4b:04:97:1c:f9: -> 36:bb:c5:3a:86:04:ae:af:d4:82:7b:e0:ab:de:49: -> 05:68:fc:f6:ae:68:1a:6c:90:4d:57:19:3c:64:66: -> 03:f6:c7:52:9b:f7:94:cf:93:6a:a1:68:c9:aa:cf: -> 99:6b:bc:aa:5e:08:e7:39:1c:f7:f8:0f:ba:06:7e: -> f1:cb:e8:76:dd:fe:22:da:ad:3a:5e:5b:34:ea:b3: -> c9:e0:4d:04:29:7e:b8:60:b9:05:ef:b5:d9:17:58: -> 56:16:60:b9:30:32:f0:36:4a:c3:f2:79:8d:12:40: -> 70:f3 -> Exponent: 65537 (0x10001) -> X509v3 extensions: -> X509v3 Basic Constraints: -> CA:FALSE -> Netscape Comment: -> OpenSSL Generated Certificate -> X509v3 Subject Key Identifier: -> 3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC -> X509v3 Authority Key Identifier: -> keyid:3C:E9:60:E3:FF:19:A1:0A:7B:A3:42:F4:8D:42:2E:B4:D5:9C:72:EC -> -> Signature Algorithm: sha256WithRSAEncryption -> 5c:4d:92:88:b4:82:5f:1d:ad:8b:11:ec:df:06:a6:7a:a5:2b: -> 9f:37:55:0c:8d:6e:05:00:ad:b7:0c:41:89:69:cf:d6:65:06: -> 9b:51:78:d2:ad:c7:bf:9c:dc:05:73:7f:e7:1e:39:13:b4:ea: -> b6:30:7d:40:75:ab:9c:43:0b:df:b0:c2:1b:bf:30:e0:f4:fe: -> c0:db:62:21:98:f6:c5:af:de:3b:4f:49:0a:e6:1e:f9:86:b0: -> 3f:0d:d6:d4:46:37:db:54:74:5e:ff:11:c2:60:c6:70:58:c5: -> 1c:6f:ec:b2:d8:6e:6f:c3:bc:33:87:38:a4:f3:44:64:9c:34: -> 3b:28:94:26:78:27:9f:16:17:e8:3b:69:0a:25:a9:73:36:7e: -> 9e:37:5c:ec:e8:3f:db:91:f9:12:b3:3d:ce:e7:dd:15:c3:ae: -> 8c:05:20:61:9b:95:de:9b:af:fa:b1:5c:1c:e5:97:e7:c3:34: -> 11:85:f5:8a:27:26:a4:70:36:ec:0c:f6:83:3d:90:f7:36:f3: -> f9:f3:15:d4:90:62:be:53:b4:af:d3:49:af:ef:f4:73:e8:7b: -> 76:e4:44:2a:37:ba:81:a4:99:0c:3a:31:24:71:a0:e4:e4:b7: -> 1a:cb:47:e4:aa:22:cf:ef:75:61:80:e3:43:b7:48:57:73:11: -> 3d:78:9b:69 -> -----BEGIN CERTIFICATE----- -> MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV -> BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG -> 9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx -> MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L -> RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB -> IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw -> +d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31 -> huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B -> bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr -> 3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x -> y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID -> AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy -> YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww -> HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD -> ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c -> 3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N -> 1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol -> qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw -> NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL -> R+SqIs/vdWGA40O3SFdzET14m2k= -> -----END CERTIFICATE----- - -Signed-off-by: Laszlo Ersek -(cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d) -(cherry picked from commit 92424de98ffaf1fa81e6346949b1d2b5f9a637ca) -(cherry picked from commit 98c91b36997e3afc4192449263182fbdcc771a1a) -(cherry picked from commit b59ee7769814e207c917615af78c7428bdf3b450) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++ - .../EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 + - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + - 5 files changed, 1079 insertions(+) - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c - create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf - -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -new file mode 100644 -index 0000000000..dd413df12d ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c -@@ -0,0 +1,1015 @@ -+/** @file -+ Enroll default PK, KEK, DB. -+ -+ Copyright (C) 2014, Red Hat, Inc. -+ -+ This program and the accompanying materials are licensed and made available -+ under the terms and conditions of the BSD License which accompanies this -+ distribution. The full text of the license may be found at -+ http://opensource.org/licenses/bsd-license. -+ -+ THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT -+ WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -+**/ -+#include // gEfiCustomModeEnableGuid -+#include // EFI_SETUP_MODE_NAME -+#include // EFI_IMAGE_SECURITY_DATABASE -+#include // CopyGuid() -+#include // ASSERT() -+#include // FreePool() -+#include // ShellAppMain() -+#include // AsciiPrint() -+#include // gRT -+ -+// -+// We'll use the certificate below as both Platform Key and as first Key -+// Exchange Key. -+// -+// "Red Hat Secure Boot (PK/KEK key 1)/emailAddress=secalert@redhat.com" -+// SHA1: fd:fc:7f:3c:7e:f3:e0:57:76:ad:d7:98:78:21:6c:9b:e0:e1:95:97 -+// -+STATIC CONST UINT8 RedHatPkKek1[] = { -+ 0x30, 0x82, 0x03, 0xa0, 0x30, 0x82, 0x02, 0x88, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x09, 0x00, 0xfe, 0xf5, 0x88, 0xe8, 0xf3, 0x96, 0xc0, 0xf1, 0x30, 0x0d, -+ 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, -+ 0x30, 0x51, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, -+ 0x52, 0x65, 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, -+ 0x65, 0x20, 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, -+ 0x4b, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, -+ 0x65, 0x63, 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x31, 0x30, -+ 0x33, 0x31, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x17, 0x0d, 0x33, 0x37, -+ 0x31, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x35, 0x33, 0x37, 0x5a, 0x30, 0x51, -+ 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x52, 0x65, -+ 0x64, 0x20, 0x48, 0x61, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, -+ 0x42, 0x6f, 0x6f, 0x74, 0x20, 0x28, 0x50, 0x4b, 0x2f, 0x4b, 0x45, 0x4b, 0x20, -+ 0x6b, 0x65, 0x79, 0x20, 0x31, 0x29, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, -+ 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x73, 0x65, 0x63, -+ 0x61, 0x6c, 0x65, 0x72, 0x74, 0x40, 0x72, 0x65, 0x64, 0x68, 0x61, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, -+ 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, -+ 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0x90, 0x1f, 0x84, -+ 0x7b, 0x8d, 0xbc, 0xeb, 0x97, 0x26, 0x82, 0x6d, 0x88, 0xab, 0x8a, 0xc9, 0x8c, -+ 0x68, 0x70, 0xf9, 0xdf, 0x4b, 0x07, 0xb2, 0x37, 0x83, 0x0b, 0x02, 0xc8, 0x67, -+ 0x68, 0x30, 0x9e, 0xe3, 0xf0, 0xf0, 0x99, 0x4a, 0xb8, 0x59, 0x57, 0xc6, 0x41, -+ 0xf6, 0x38, 0x8b, 0xfe, 0x66, 0x4c, 0x49, 0xe9, 0x37, 0x37, 0x92, 0x2e, 0x98, -+ 0x01, 0x1e, 0x5b, 0x14, 0x50, 0xe6, 0xa8, 0x8d, 0x25, 0x0d, 0xf5, 0x86, 0xe6, -+ 0xab, 0x30, 0xcb, 0x40, 0x16, 0xea, 0x8d, 0x8b, 0x16, 0x86, 0x70, 0x43, 0x37, -+ 0xf2, 0xce, 0xc0, 0x91, 0xdf, 0x71, 0x14, 0x8e, 0x99, 0x0e, 0x89, 0xb6, 0x4c, -+ 0x6d, 0x24, 0x1e, 0x8c, 0xe4, 0x2f, 0x4f, 0x25, 0xd0, 0xba, 0x06, 0xf8, 0xc6, -+ 0xe8, 0x19, 0x18, 0x76, 0x73, 0x1d, 0x81, 0x6d, 0xa8, 0xd8, 0x05, 0xcf, 0x3a, -+ 0xc8, 0x7b, 0x28, 0xc8, 0x36, 0xa3, 0x16, 0x0d, 0x29, 0x8c, 0x99, 0x9a, 0x68, -+ 0xdc, 0xab, 0xc0, 0x4d, 0x8d, 0xbf, 0x5a, 0xbb, 0x2b, 0xa9, 0x39, 0x4b, 0x04, -+ 0x97, 0x1c, 0xf9, 0x36, 0xbb, 0xc5, 0x3a, 0x86, 0x04, 0xae, 0xaf, 0xd4, 0x82, -+ 0x7b, 0xe0, 0xab, 0xde, 0x49, 0x05, 0x68, 0xfc, 0xf6, 0xae, 0x68, 0x1a, 0x6c, -+ 0x90, 0x4d, 0x57, 0x19, 0x3c, 0x64, 0x66, 0x03, 0xf6, 0xc7, 0x52, 0x9b, 0xf7, -+ 0x94, 0xcf, 0x93, 0x6a, 0xa1, 0x68, 0xc9, 0xaa, 0xcf, 0x99, 0x6b, 0xbc, 0xaa, -+ 0x5e, 0x08, 0xe7, 0x39, 0x1c, 0xf7, 0xf8, 0x0f, 0xba, 0x06, 0x7e, 0xf1, 0xcb, -+ 0xe8, 0x76, 0xdd, 0xfe, 0x22, 0xda, 0xad, 0x3a, 0x5e, 0x5b, 0x34, 0xea, 0xb3, -+ 0xc9, 0xe0, 0x4d, 0x04, 0x29, 0x7e, 0xb8, 0x60, 0xb9, 0x05, 0xef, 0xb5, 0xd9, -+ 0x17, 0x58, 0x56, 0x16, 0x60, 0xb9, 0x30, 0x32, 0xf0, 0x36, 0x4a, 0xc3, 0xf2, -+ 0x79, 0x8d, 0x12, 0x40, 0x70, 0xf3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x7b, -+ 0x30, 0x79, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, -+ 0x30, 0x2c, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x0d, -+ 0x04, 0x1f, 0x16, 0x1d, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53, 0x4c, 0x20, 0x47, -+ 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x20, 0x43, 0x65, 0x72, 0x74, -+ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, -+ 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3c, 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, -+ 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, -+ 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x3c, -+ 0xe9, 0x60, 0xe3, 0xff, 0x19, 0xa1, 0x0a, 0x7b, 0xa3, 0x42, 0xf4, 0x8d, 0x42, -+ 0x2e, 0xb4, 0xd5, 0x9c, 0x72, 0xec, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, -+ 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, -+ 0x5c, 0x4d, 0x92, 0x88, 0xb4, 0x82, 0x5f, 0x1d, 0xad, 0x8b, 0x11, 0xec, 0xdf, -+ 0x06, 0xa6, 0x7a, 0xa5, 0x2b, 0x9f, 0x37, 0x55, 0x0c, 0x8d, 0x6e, 0x05, 0x00, -+ 0xad, 0xb7, 0x0c, 0x41, 0x89, 0x69, 0xcf, 0xd6, 0x65, 0x06, 0x9b, 0x51, 0x78, -+ 0xd2, 0xad, 0xc7, 0xbf, 0x9c, 0xdc, 0x05, 0x73, 0x7f, 0xe7, 0x1e, 0x39, 0x13, -+ 0xb4, 0xea, 0xb6, 0x30, 0x7d, 0x40, 0x75, 0xab, 0x9c, 0x43, 0x0b, 0xdf, 0xb0, -+ 0xc2, 0x1b, 0xbf, 0x30, 0xe0, 0xf4, 0xfe, 0xc0, 0xdb, 0x62, 0x21, 0x98, 0xf6, -+ 0xc5, 0xaf, 0xde, 0x3b, 0x4f, 0x49, 0x0a, 0xe6, 0x1e, 0xf9, 0x86, 0xb0, 0x3f, -+ 0x0d, 0xd6, 0xd4, 0x46, 0x37, 0xdb, 0x54, 0x74, 0x5e, 0xff, 0x11, 0xc2, 0x60, -+ 0xc6, 0x70, 0x58, 0xc5, 0x1c, 0x6f, 0xec, 0xb2, 0xd8, 0x6e, 0x6f, 0xc3, 0xbc, -+ 0x33, 0x87, 0x38, 0xa4, 0xf3, 0x44, 0x64, 0x9c, 0x34, 0x3b, 0x28, 0x94, 0x26, -+ 0x78, 0x27, 0x9f, 0x16, 0x17, 0xe8, 0x3b, 0x69, 0x0a, 0x25, 0xa9, 0x73, 0x36, -+ 0x7e, 0x9e, 0x37, 0x5c, 0xec, 0xe8, 0x3f, 0xdb, 0x91, 0xf9, 0x12, 0xb3, 0x3d, -+ 0xce, 0xe7, 0xdd, 0x15, 0xc3, 0xae, 0x8c, 0x05, 0x20, 0x61, 0x9b, 0x95, 0xde, -+ 0x9b, 0xaf, 0xfa, 0xb1, 0x5c, 0x1c, 0xe5, 0x97, 0xe7, 0xc3, 0x34, 0x11, 0x85, -+ 0xf5, 0x8a, 0x27, 0x26, 0xa4, 0x70, 0x36, 0xec, 0x0c, 0xf6, 0x83, 0x3d, 0x90, -+ 0xf7, 0x36, 0xf3, 0xf9, 0xf3, 0x15, 0xd4, 0x90, 0x62, 0xbe, 0x53, 0xb4, 0xaf, -+ 0xd3, 0x49, 0xaf, 0xef, 0xf4, 0x73, 0xe8, 0x7b, 0x76, 0xe4, 0x44, 0x2a, 0x37, -+ 0xba, 0x81, 0xa4, 0x99, 0x0c, 0x3a, 0x31, 0x24, 0x71, 0xa0, 0xe4, 0xe4, 0xb7, -+ 0x1a, 0xcb, 0x47, 0xe4, 0xaa, 0x22, 0xcf, 0xef, 0x75, 0x61, 0x80, 0xe3, 0x43, -+ 0xb7, 0x48, 0x57, 0x73, 0x11, 0x3d, 0x78, 0x9b, 0x69 -+}; -+ -+// -+// Second KEK: "Microsoft Corporation KEK CA 2011". -+// SHA1: 31:59:0b:fd:89:c9:d7:4e:d0:87:df:ac:66:33:4b:39:31:25:4b:30 -+// -+// "dbx" updates in "dbxtool" are signed with a key derived from this KEK. -+// -+STATIC CONST UINT8 MicrosoftKEK[] = { -+ 0x30, 0x82, 0x05, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x0a, 0xd1, 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x34, 0x32, 0x30, 0x34, 0x31, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x34, 0x32, 0x30, 0x35, 0x31, 0x32, 0x39, 0x5a, 0x30, -+ 0x81, 0x80, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2a, 0x30, 0x28, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x4b, 0x45, 0x4b, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, -+ 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, -+ 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, -+ 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc4, 0xe8, 0xb5, 0x8a, 0xbf, 0xad, -+ 0x57, 0x26, 0xb0, 0x26, 0xc3, 0xea, 0xe7, 0xfb, 0x57, 0x7a, 0x44, 0x02, 0x5d, -+ 0x07, 0x0d, 0xda, 0x4a, 0xe5, 0x74, 0x2a, 0xe6, 0xb0, 0x0f, 0xec, 0x6d, 0xeb, -+ 0xec, 0x7f, 0xb9, 0xe3, 0x5a, 0x63, 0x32, 0x7c, 0x11, 0x17, 0x4f, 0x0e, 0xe3, -+ 0x0b, 0xa7, 0x38, 0x15, 0x93, 0x8e, 0xc6, 0xf5, 0xe0, 0x84, 0xb1, 0x9a, 0x9b, -+ 0x2c, 0xe7, 0xf5, 0xb7, 0x91, 0xd6, 0x09, 0xe1, 0xe2, 0xc0, 0x04, 0xa8, 0xac, -+ 0x30, 0x1c, 0xdf, 0x48, 0xf3, 0x06, 0x50, 0x9a, 0x64, 0xa7, 0x51, 0x7f, 0xc8, -+ 0x85, 0x4f, 0x8f, 0x20, 0x86, 0xce, 0xfe, 0x2f, 0xe1, 0x9f, 0xff, 0x82, 0xc0, -+ 0xed, 0xe9, 0xcd, 0xce, 0xf4, 0x53, 0x6a, 0x62, 0x3a, 0x0b, 0x43, 0xb9, 0xe2, -+ 0x25, 0xfd, 0xfe, 0x05, 0xf9, 0xd4, 0xc4, 0x14, 0xab, 0x11, 0xe2, 0x23, 0x89, -+ 0x8d, 0x70, 0xb7, 0xa4, 0x1d, 0x4d, 0xec, 0xae, 0xe5, 0x9c, 0xfa, 0x16, 0xc2, -+ 0xd7, 0xc1, 0xcb, 0xd4, 0xe8, 0xc4, 0x2f, 0xe5, 0x99, 0xee, 0x24, 0x8b, 0x03, -+ 0xec, 0x8d, 0xf2, 0x8b, 0xea, 0xc3, 0x4a, 0xfb, 0x43, 0x11, 0x12, 0x0b, 0x7e, -+ 0xb5, 0x47, 0x92, 0x6c, 0xdc, 0xe6, 0x04, 0x89, 0xeb, 0xf5, 0x33, 0x04, 0xeb, -+ 0x10, 0x01, 0x2a, 0x71, 0xe5, 0xf9, 0x83, 0x13, 0x3c, 0xff, 0x25, 0x09, 0x2f, -+ 0x68, 0x76, 0x46, 0xff, 0xba, 0x4f, 0xbe, 0xdc, 0xad, 0x71, 0x2a, 0x58, 0xaa, -+ 0xfb, 0x0e, 0xd2, 0x79, 0x3d, 0xe4, 0x9b, 0x65, 0x3b, 0xcc, 0x29, 0x2a, 0x9f, -+ 0xfc, 0x72, 0x59, 0xa2, 0xeb, 0xae, 0x92, 0xef, 0xf6, 0x35, 0x13, 0x80, 0xc6, -+ 0x02, 0xec, 0xe4, 0x5f, 0xcc, 0x9d, 0x76, 0xcd, 0xef, 0x63, 0x92, 0xc1, 0xaf, -+ 0x79, 0x40, 0x84, 0x79, 0x87, 0x7f, 0xe3, 0x52, 0xa8, 0xe8, 0x9d, 0x7b, 0x07, -+ 0x69, 0x8f, 0x15, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, 0x30, -+ 0x82, 0x01, 0x4b, 0x30, 0x10, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, -+ 0x37, 0x15, 0x01, 0x04, 0x03, 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, -+ 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x62, 0xfc, 0x43, 0xcd, 0xa0, 0x3e, 0xa4, -+ 0xcb, 0x67, 0x12, 0xd2, 0x5b, 0xd9, 0x55, 0xac, 0x7b, 0xcc, 0xb6, 0x8a, 0x5f, -+ 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, -+ 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, -+ 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, -+ 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, -+ 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, -+ 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, 0x11, -+ 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, 0x30, -+ 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, 0xa0, -+ 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, -+ 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, -+ 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, -+ 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, -+ 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, -+ 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, -+ 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, -+ 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, -+ 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, -+ 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, -+ 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, -+ 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, -+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, -+ 0x02, 0x01, 0x00, 0xd4, 0x84, 0x88, 0xf5, 0x14, 0x94, 0x18, 0x02, 0xca, 0x2a, -+ 0x3c, 0xfb, 0x2a, 0x92, 0x1c, 0x0c, 0xd7, 0xa0, 0xd1, 0xf1, 0xe8, 0x52, 0x66, -+ 0xa8, 0xee, 0xa2, 0xb5, 0x75, 0x7a, 0x90, 0x00, 0xaa, 0x2d, 0xa4, 0x76, 0x5a, -+ 0xea, 0x79, 0xb7, 0xb9, 0x37, 0x6a, 0x51, 0x7b, 0x10, 0x64, 0xf6, 0xe1, 0x64, -+ 0xf2, 0x02, 0x67, 0xbe, 0xf7, 0xa8, 0x1b, 0x78, 0xbd, 0xba, 0xce, 0x88, 0x58, -+ 0x64, 0x0c, 0xd6, 0x57, 0xc8, 0x19, 0xa3, 0x5f, 0x05, 0xd6, 0xdb, 0xc6, 0xd0, -+ 0x69, 0xce, 0x48, 0x4b, 0x32, 0xb7, 0xeb, 0x5d, 0xd2, 0x30, 0xf5, 0xc0, 0xf5, -+ 0xb8, 0xba, 0x78, 0x07, 0xa3, 0x2b, 0xfe, 0x9b, 0xdb, 0x34, 0x56, 0x84, 0xec, -+ 0x82, 0xca, 0xae, 0x41, 0x25, 0x70, 0x9c, 0x6b, 0xe9, 0xfe, 0x90, 0x0f, 0xd7, -+ 0x96, 0x1f, 0xe5, 0xe7, 0x94, 0x1f, 0xb2, 0x2a, 0x0c, 0x8d, 0x4b, 0xff, 0x28, -+ 0x29, 0x10, 0x7b, 0xf7, 0xd7, 0x7c, 0xa5, 0xd1, 0x76, 0xb9, 0x05, 0xc8, 0x79, -+ 0xed, 0x0f, 0x90, 0x92, 0x9c, 0xc2, 0xfe, 0xdf, 0x6f, 0x7e, 0x6c, 0x0f, 0x7b, -+ 0xd4, 0xc1, 0x45, 0xdd, 0x34, 0x51, 0x96, 0x39, 0x0f, 0xe5, 0x5e, 0x56, 0xd8, -+ 0x18, 0x05, 0x96, 0xf4, 0x07, 0xa6, 0x42, 0xb3, 0xa0, 0x77, 0xfd, 0x08, 0x19, -+ 0xf2, 0x71, 0x56, 0xcc, 0x9f, 0x86, 0x23, 0xa4, 0x87, 0xcb, 0xa6, 0xfd, 0x58, -+ 0x7e, 0xd4, 0x69, 0x67, 0x15, 0x91, 0x7e, 0x81, 0xf2, 0x7f, 0x13, 0xe5, 0x0d, -+ 0x8b, 0x8a, 0x3c, 0x87, 0x84, 0xeb, 0xe3, 0xce, 0xbd, 0x43, 0xe5, 0xad, 0x2d, -+ 0x84, 0x93, 0x8e, 0x6a, 0x2b, 0x5a, 0x7c, 0x44, 0xfa, 0x52, 0xaa, 0x81, 0xc8, -+ 0x2d, 0x1c, 0xbb, 0xe0, 0x52, 0xdf, 0x00, 0x11, 0xf8, 0x9a, 0x3d, 0xc1, 0x60, -+ 0xb0, 0xe1, 0x33, 0xb5, 0xa3, 0x88, 0xd1, 0x65, 0x19, 0x0a, 0x1a, 0xe7, 0xac, -+ 0x7c, 0xa4, 0xc1, 0x82, 0x87, 0x4e, 0x38, 0xb1, 0x2f, 0x0d, 0xc5, 0x14, 0x87, -+ 0x6f, 0xfd, 0x8d, 0x2e, 0xbc, 0x39, 0xb6, 0xe7, 0xe6, 0xc3, 0xe0, 0xe4, 0xcd, -+ 0x27, 0x84, 0xef, 0x94, 0x42, 0xef, 0x29, 0x8b, 0x90, 0x46, 0x41, 0x3b, 0x81, -+ 0x1b, 0x67, 0xd8, 0xf9, 0x43, 0x59, 0x65, 0xcb, 0x0d, 0xbc, 0xfd, 0x00, 0x92, -+ 0x4f, 0xf4, 0x75, 0x3b, 0xa7, 0xa9, 0x24, 0xfc, 0x50, 0x41, 0x40, 0x79, 0xe0, -+ 0x2d, 0x4f, 0x0a, 0x6a, 0x27, 0x76, 0x6e, 0x52, 0xed, 0x96, 0x69, 0x7b, 0xaf, -+ 0x0f, 0xf7, 0x87, 0x05, 0xd0, 0x45, 0xc2, 0xad, 0x53, 0x14, 0x81, 0x1f, 0xfb, -+ 0x30, 0x04, 0xaa, 0x37, 0x36, 0x61, 0xda, 0x4a, 0x69, 0x1b, 0x34, 0xd8, 0x68, -+ 0xed, 0xd6, 0x02, 0xcf, 0x6c, 0x94, 0x0c, 0xd3, 0xcf, 0x6c, 0x22, 0x79, 0xad, -+ 0xb1, 0xf0, 0xbc, 0x03, 0xa2, 0x46, 0x60, 0xa9, 0xc4, 0x07, 0xc2, 0x21, 0x82, -+ 0xf1, 0xfd, 0xf2, 0xe8, 0x79, 0x32, 0x60, 0xbf, 0xd8, 0xac, 0xa5, 0x22, 0x14, -+ 0x4b, 0xca, 0xc1, 0xd8, 0x4b, 0xeb, 0x7d, 0x3f, 0x57, 0x35, 0xb2, 0xe6, 0x4f, -+ 0x75, 0xb4, 0xb0, 0x60, 0x03, 0x22, 0x53, 0xae, 0x91, 0x79, 0x1d, 0xd6, 0x9b, -+ 0x41, 0x1f, 0x15, 0x86, 0x54, 0x70, 0xb2, 0xde, 0x0d, 0x35, 0x0f, 0x7c, 0xb0, -+ 0x34, 0x72, 0xba, 0x97, 0x60, 0x3b, 0xf0, 0x79, 0xeb, 0xa2, 0xb2, 0x1c, 0x5d, -+ 0xa2, 0x16, 0xb8, 0x87, 0xc5, 0xe9, 0x1b, 0xf6, 0xb5, 0x97, 0x25, 0x6f, 0x38, -+ 0x9f, 0xe3, 0x91, 0xfa, 0x8a, 0x79, 0x98, 0xc3, 0x69, 0x0e, 0xb7, 0xa3, 0x1c, -+ 0x20, 0x05, 0x97, 0xf8, 0xca, 0x14, 0xae, 0x00, 0xd7, 0xc4, 0xf3, 0xc0, 0x14, -+ 0x10, 0x75, 0x6b, 0x34, 0xa0, 0x1b, 0xb5, 0x99, 0x60, 0xf3, 0x5c, 0xb0, 0xc5, -+ 0x57, 0x4e, 0x36, 0xd2, 0x32, 0x84, 0xbf, 0x9e -+}; -+ -+// -+// First DB entry: "Microsoft Windows Production PCA 2011" -+// SHA1: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d -+// -+// Windows 8 and Windows Server 2012 R2 boot loaders are signed with a chain -+// rooted in this certificate. -+// -+STATIC CONST UINT8 MicrosoftPCA[] = { -+ 0x30, 0x82, 0x05, 0xd7, 0x30, 0x82, 0x03, 0xbf, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x07, 0x76, 0x56, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x32, 0x30, -+ 0x30, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x29, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, -+ 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, -+ 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x32, 0x30, 0x31, 0x30, 0x30, 0x1e, 0x17, -+ 0x0d, 0x31, 0x31, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x34, 0x31, 0x34, 0x32, -+ 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x31, 0x30, 0x31, 0x39, 0x31, 0x38, 0x35, 0x31, -+ 0x34, 0x32, 0x5a, 0x30, 0x81, 0x84, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, -+ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, -+ 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, -+ 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, -+ 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, -+ 0x04, 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, -+ 0x2e, 0x30, 0x2c, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x25, 0x4d, 0x69, 0x63, -+ 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x57, 0x69, 0x6e, 0x64, 0x6f, 0x77, -+ 0x73, 0x20, 0x50, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, -+ 0x50, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, -+ 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, -+ 0x01, 0x00, 0xdd, 0x0c, 0xbb, 0xa2, 0xe4, 0x2e, 0x09, 0xe3, 0xe7, 0xc5, 0xf7, -+ 0x96, 0x69, 0xbc, 0x00, 0x21, 0xbd, 0x69, 0x33, 0x33, 0xef, 0xad, 0x04, 0xcb, -+ 0x54, 0x80, 0xee, 0x06, 0x83, 0xbb, 0xc5, 0x20, 0x84, 0xd9, 0xf7, 0xd2, 0x8b, -+ 0xf3, 0x38, 0xb0, 0xab, 0xa4, 0xad, 0x2d, 0x7c, 0x62, 0x79, 0x05, 0xff, 0xe3, -+ 0x4a, 0x3f, 0x04, 0x35, 0x20, 0x70, 0xe3, 0xc4, 0xe7, 0x6b, 0xe0, 0x9c, 0xc0, -+ 0x36, 0x75, 0xe9, 0x8a, 0x31, 0xdd, 0x8d, 0x70, 0xe5, 0xdc, 0x37, 0xb5, 0x74, -+ 0x46, 0x96, 0x28, 0x5b, 0x87, 0x60, 0x23, 0x2c, 0xbf, 0xdc, 0x47, 0xa5, 0x67, -+ 0xf7, 0x51, 0x27, 0x9e, 0x72, 0xeb, 0x07, 0xa6, 0xc9, 0xb9, 0x1e, 0x3b, 0x53, -+ 0x35, 0x7c, 0xe5, 0xd3, 0xec, 0x27, 0xb9, 0x87, 0x1c, 0xfe, 0xb9, 0xc9, 0x23, -+ 0x09, 0x6f, 0xa8, 0x46, 0x91, 0xc1, 0x6e, 0x96, 0x3c, 0x41, 0xd3, 0xcb, 0xa3, -+ 0x3f, 0x5d, 0x02, 0x6a, 0x4d, 0xec, 0x69, 0x1f, 0x25, 0x28, 0x5c, 0x36, 0xff, -+ 0xfd, 0x43, 0x15, 0x0a, 0x94, 0xe0, 0x19, 0xb4, 0xcf, 0xdf, 0xc2, 0x12, 0xe2, -+ 0xc2, 0x5b, 0x27, 0xee, 0x27, 0x78, 0x30, 0x8b, 0x5b, 0x2a, 0x09, 0x6b, 0x22, -+ 0x89, 0x53, 0x60, 0x16, 0x2c, 0xc0, 0x68, 0x1d, 0x53, 0xba, 0xec, 0x49, 0xf3, -+ 0x9d, 0x61, 0x8c, 0x85, 0x68, 0x09, 0x73, 0x44, 0x5d, 0x7d, 0xa2, 0x54, 0x2b, -+ 0xdd, 0x79, 0xf7, 0x15, 0xcf, 0x35, 0x5d, 0x6c, 0x1c, 0x2b, 0x5c, 0xce, 0xbc, -+ 0x9c, 0x23, 0x8b, 0x6f, 0x6e, 0xb5, 0x26, 0xd9, 0x36, 0x13, 0xc3, 0x4f, 0xd6, -+ 0x27, 0xae, 0xb9, 0x32, 0x3b, 0x41, 0x92, 0x2c, 0xe1, 0xc7, 0xcd, 0x77, 0xe8, -+ 0xaa, 0x54, 0x4e, 0xf7, 0x5c, 0x0b, 0x04, 0x87, 0x65, 0xb4, 0x43, 0x18, 0xa8, -+ 0xb2, 0xe0, 0x6d, 0x19, 0x77, 0xec, 0x5a, 0x24, 0xfa, 0x48, 0x03, 0x02, 0x03, -+ 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x43, 0x30, 0x82, 0x01, 0x3f, 0x30, 0x10, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01, 0x04, 0x03, -+ 0x02, 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, -+ 0x14, 0xa9, 0x29, 0x02, 0x39, 0x8e, 0x16, 0xc4, 0x97, 0x78, 0xcd, 0x90, 0xf9, -+ 0x9e, 0x4f, 0x9a, 0xe1, 0x7c, 0x55, 0xaf, 0x53, 0x30, 0x19, 0x06, 0x09, 0x2b, -+ 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, -+ 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, -+ 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, -+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, -+ 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, -+ 0xd5, 0xf6, 0x56, 0xcb, 0x8f, 0xe8, 0xa2, 0x5c, 0x62, 0x68, 0xd1, 0x3d, 0x94, -+ 0x90, 0x5b, 0xd7, 0xce, 0x9a, 0x18, 0xc4, 0x30, 0x56, 0x06, 0x03, 0x55, 0x1d, -+ 0x1f, 0x04, 0x4f, 0x30, 0x4d, 0x30, 0x4b, 0xa0, 0x49, 0xa0, 0x47, 0x86, 0x45, -+ 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, -+ 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, -+ 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, 0x41, -+ 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, 0x33, -+ 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x5a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, -+ 0x07, 0x01, 0x01, 0x04, 0x4e, 0x30, 0x4c, 0x30, 0x4a, 0x06, 0x08, 0x2b, 0x06, -+ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 0x74, 0x70, 0x3a, -+ 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, -+ 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x52, 0x6f, 0x6f, 0x43, 0x65, 0x72, -+ 0x41, 0x75, 0x74, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x30, 0x36, 0x2d, 0x32, -+ 0x33, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x14, -+ 0xfc, 0x7c, 0x71, 0x51, 0xa5, 0x79, 0xc2, 0x6e, 0xb2, 0xef, 0x39, 0x3e, 0xbc, -+ 0x3c, 0x52, 0x0f, 0x6e, 0x2b, 0x3f, 0x10, 0x13, 0x73, 0xfe, 0xa8, 0x68, 0xd0, -+ 0x48, 0xa6, 0x34, 0x4d, 0x8a, 0x96, 0x05, 0x26, 0xee, 0x31, 0x46, 0x90, 0x61, -+ 0x79, 0xd6, 0xff, 0x38, 0x2e, 0x45, 0x6b, 0xf4, 0xc0, 0xe5, 0x28, 0xb8, 0xda, -+ 0x1d, 0x8f, 0x8a, 0xdb, 0x09, 0xd7, 0x1a, 0xc7, 0x4c, 0x0a, 0x36, 0x66, 0x6a, -+ 0x8c, 0xec, 0x1b, 0xd7, 0x04, 0x90, 0xa8, 0x18, 0x17, 0xa4, 0x9b, 0xb9, 0xe2, -+ 0x40, 0x32, 0x36, 0x76, 0xc4, 0xc1, 0x5a, 0xc6, 0xbf, 0xe4, 0x04, 0xc0, 0xea, -+ 0x16, 0xd3, 0xac, 0xc3, 0x68, 0xef, 0x62, 0xac, 0xdd, 0x54, 0x6c, 0x50, 0x30, -+ 0x58, 0xa6, 0xeb, 0x7c, 0xfe, 0x94, 0xa7, 0x4e, 0x8e, 0xf4, 0xec, 0x7c, 0x86, -+ 0x73, 0x57, 0xc2, 0x52, 0x21, 0x73, 0x34, 0x5a, 0xf3, 0xa3, 0x8a, 0x56, 0xc8, -+ 0x04, 0xda, 0x07, 0x09, 0xed, 0xf8, 0x8b, 0xe3, 0xce, 0xf4, 0x7e, 0x8e, 0xae, -+ 0xf0, 0xf6, 0x0b, 0x8a, 0x08, 0xfb, 0x3f, 0xc9, 0x1d, 0x72, 0x7f, 0x53, 0xb8, -+ 0xeb, 0xbe, 0x63, 0xe0, 0xe3, 0x3d, 0x31, 0x65, 0xb0, 0x81, 0xe5, 0xf2, 0xac, -+ 0xcd, 0x16, 0xa4, 0x9f, 0x3d, 0xa8, 0xb1, 0x9b, 0xc2, 0x42, 0xd0, 0x90, 0x84, -+ 0x5f, 0x54, 0x1d, 0xff, 0x89, 0xea, 0xba, 0x1d, 0x47, 0x90, 0x6f, 0xb0, 0x73, -+ 0x4e, 0x41, 0x9f, 0x40, 0x9f, 0x5f, 0xe5, 0xa1, 0x2a, 0xb2, 0x11, 0x91, 0x73, -+ 0x8a, 0x21, 0x28, 0xf0, 0xce, 0xde, 0x73, 0x39, 0x5f, 0x3e, 0xab, 0x5c, 0x60, -+ 0xec, 0xdf, 0x03, 0x10, 0xa8, 0xd3, 0x09, 0xe9, 0xf4, 0xf6, 0x96, 0x85, 0xb6, -+ 0x7f, 0x51, 0x88, 0x66, 0x47, 0x19, 0x8d, 0xa2, 0xb0, 0x12, 0x3d, 0x81, 0x2a, -+ 0x68, 0x05, 0x77, 0xbb, 0x91, 0x4c, 0x62, 0x7b, 0xb6, 0xc1, 0x07, 0xc7, 0xba, -+ 0x7a, 0x87, 0x34, 0x03, 0x0e, 0x4b, 0x62, 0x7a, 0x99, 0xe9, 0xca, 0xfc, 0xce, -+ 0x4a, 0x37, 0xc9, 0x2d, 0xa4, 0x57, 0x7c, 0x1c, 0xfe, 0x3d, 0xdc, 0xb8, 0x0f, -+ 0x5a, 0xfa, 0xd6, 0xc4, 0xb3, 0x02, 0x85, 0x02, 0x3a, 0xea, 0xb3, 0xd9, 0x6e, -+ 0xe4, 0x69, 0x21, 0x37, 0xde, 0x81, 0xd1, 0xf6, 0x75, 0x19, 0x05, 0x67, 0xd3, -+ 0x93, 0x57, 0x5e, 0x29, 0x1b, 0x39, 0xc8, 0xee, 0x2d, 0xe1, 0xcd, 0xe4, 0x45, -+ 0x73, 0x5b, 0xd0, 0xd2, 0xce, 0x7a, 0xab, 0x16, 0x19, 0x82, 0x46, 0x58, 0xd0, -+ 0x5e, 0x9d, 0x81, 0xb3, 0x67, 0xaf, 0x6c, 0x35, 0xf2, 0xbc, 0xe5, 0x3f, 0x24, -+ 0xe2, 0x35, 0xa2, 0x0a, 0x75, 0x06, 0xf6, 0x18, 0x56, 0x99, 0xd4, 0x78, 0x2c, -+ 0xd1, 0x05, 0x1b, 0xeb, 0xd0, 0x88, 0x01, 0x9d, 0xaa, 0x10, 0xf1, 0x05, 0xdf, -+ 0xba, 0x7e, 0x2c, 0x63, 0xb7, 0x06, 0x9b, 0x23, 0x21, 0xc4, 0xf9, 0x78, 0x6c, -+ 0xe2, 0x58, 0x17, 0x06, 0x36, 0x2b, 0x91, 0x12, 0x03, 0xcc, 0xa4, 0xd9, 0xf2, -+ 0x2d, 0xba, 0xf9, 0x94, 0x9d, 0x40, 0xed, 0x18, 0x45, 0xf1, 0xce, 0x8a, 0x5c, -+ 0x6b, 0x3e, 0xab, 0x03, 0xd3, 0x70, 0x18, 0x2a, 0x0a, 0x6a, 0xe0, 0x5f, 0x47, -+ 0xd1, 0xd5, 0x63, 0x0a, 0x32, 0xf2, 0xaf, 0xd7, 0x36, 0x1f, 0x2a, 0x70, 0x5a, -+ 0xe5, 0x42, 0x59, 0x08, 0x71, 0x4b, 0x57, 0xba, 0x7e, 0x83, 0x81, 0xf0, 0x21, -+ 0x3c, 0xf4, 0x1c, 0xc1, 0xc5, 0xb9, 0x90, 0x93, 0x0e, 0x88, 0x45, 0x93, 0x86, -+ 0xe9, 0xb1, 0x20, 0x99, 0xbe, 0x98, 0xcb, 0xc5, 0x95, 0xa4, 0x5d, 0x62, 0xd6, -+ 0xa0, 0x63, 0x08, 0x20, 0xbd, 0x75, 0x10, 0x77, 0x7d, 0x3d, 0xf3, 0x45, 0xb9, -+ 0x9f, 0x97, 0x9f, 0xcb, 0x57, 0x80, 0x6f, 0x33, 0xa9, 0x04, 0xcf, 0x77, 0xa4, -+ 0x62, 0x1c, 0x59, 0x7e -+}; -+ -+// -+// Second DB entry: "Microsoft Corporation UEFI CA 2011" -+// SHA1: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3 -+// -+// To verify the "shim" binary and PCI expansion ROMs with. -+// -+STATIC CONST UINT8 MicrosoftUefiCA[] = { -+ 0x30, 0x82, 0x06, 0x10, 0x30, 0x82, 0x03, 0xf8, 0xa0, 0x03, 0x02, 0x01, 0x02, -+ 0x02, 0x0a, 0x61, 0x08, 0xd3, 0xc4, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x30, -+ 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, -+ 0x00, 0x30, 0x81, 0x91, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, -+ 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, -+ 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, -+ 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, -+ 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, -+ 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, -+ 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x3b, 0x30, -+ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, 0x4d, 0x69, 0x63, 0x72, 0x6f, -+ 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, -+ 0x69, 0x6f, 0x6e, 0x20, 0x54, 0x68, 0x69, 0x72, 0x64, 0x20, 0x50, 0x61, 0x72, -+ 0x74, 0x79, 0x20, 0x4d, 0x61, 0x72, 0x6b, 0x65, 0x74, 0x70, 0x6c, 0x61, 0x63, -+ 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x31, 0x30, -+ 0x36, 0x32, 0x37, 0x32, 0x31, 0x32, 0x32, 0x34, 0x35, 0x5a, 0x17, 0x0d, 0x32, -+ 0x36, 0x30, 0x36, 0x32, 0x37, 0x32, 0x31, 0x33, 0x32, 0x34, 0x35, 0x5a, 0x30, -+ 0x81, 0x81, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, -+ 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, -+ 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, -+ 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, -+ 0x6e, 0x64, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, -+ 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, -+ 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x2b, 0x30, 0x29, 0x06, -+ 0x03, 0x55, 0x04, 0x03, 0x13, 0x22, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, -+ 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, -+ 0x6e, 0x20, 0x55, 0x45, 0x46, 0x49, 0x20, 0x43, 0x41, 0x20, 0x32, 0x30, 0x31, -+ 0x31, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, -+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, -+ 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x08, 0x6c, 0x4c, 0xc7, -+ 0x45, 0x09, 0x6a, 0x4b, 0x0c, 0xa4, 0xc0, 0x87, 0x7f, 0x06, 0x75, 0x0c, 0x43, -+ 0x01, 0x54, 0x64, 0xe0, 0x16, 0x7f, 0x07, 0xed, 0x92, 0x7d, 0x0b, 0xb2, 0x73, -+ 0xbf, 0x0c, 0x0a, 0xc6, 0x4a, 0x45, 0x61, 0xa0, 0xc5, 0x16, 0x2d, 0x96, 0xd3, -+ 0xf5, 0x2b, 0xa0, 0xfb, 0x4d, 0x49, 0x9b, 0x41, 0x80, 0x90, 0x3c, 0xb9, 0x54, -+ 0xfd, 0xe6, 0xbc, 0xd1, 0x9d, 0xc4, 0xa4, 0x18, 0x8a, 0x7f, 0x41, 0x8a, 0x5c, -+ 0x59, 0x83, 0x68, 0x32, 0xbb, 0x8c, 0x47, 0xc9, 0xee, 0x71, 0xbc, 0x21, 0x4f, -+ 0x9a, 0x8a, 0x7c, 0xff, 0x44, 0x3f, 0x8d, 0x8f, 0x32, 0xb2, 0x26, 0x48, 0xae, -+ 0x75, 0xb5, 0xee, 0xc9, 0x4c, 0x1e, 0x4a, 0x19, 0x7e, 0xe4, 0x82, 0x9a, 0x1d, -+ 0x78, 0x77, 0x4d, 0x0c, 0xb0, 0xbd, 0xf6, 0x0f, 0xd3, 0x16, 0xd3, 0xbc, 0xfa, -+ 0x2b, 0xa5, 0x51, 0x38, 0x5d, 0xf5, 0xfb, 0xba, 0xdb, 0x78, 0x02, 0xdb, 0xff, -+ 0xec, 0x0a, 0x1b, 0x96, 0xd5, 0x83, 0xb8, 0x19, 0x13, 0xe9, 0xb6, 0xc0, 0x7b, -+ 0x40, 0x7b, 0xe1, 0x1f, 0x28, 0x27, 0xc9, 0xfa, 0xef, 0x56, 0x5e, 0x1c, 0xe6, -+ 0x7e, 0x94, 0x7e, 0xc0, 0xf0, 0x44, 0xb2, 0x79, 0x39, 0xe5, 0xda, 0xb2, 0x62, -+ 0x8b, 0x4d, 0xbf, 0x38, 0x70, 0xe2, 0x68, 0x24, 0x14, 0xc9, 0x33, 0xa4, 0x08, -+ 0x37, 0xd5, 0x58, 0x69, 0x5e, 0xd3, 0x7c, 0xed, 0xc1, 0x04, 0x53, 0x08, 0xe7, -+ 0x4e, 0xb0, 0x2a, 0x87, 0x63, 0x08, 0x61, 0x6f, 0x63, 0x15, 0x59, 0xea, 0xb2, -+ 0x2b, 0x79, 0xd7, 0x0c, 0x61, 0x67, 0x8a, 0x5b, 0xfd, 0x5e, 0xad, 0x87, 0x7f, -+ 0xba, 0x86, 0x67, 0x4f, 0x71, 0x58, 0x12, 0x22, 0x04, 0x22, 0x22, 0xce, 0x8b, -+ 0xef, 0x54, 0x71, 0x00, 0xce, 0x50, 0x35, 0x58, 0x76, 0x95, 0x08, 0xee, 0x6a, -+ 0xb1, 0xa2, 0x01, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x76, -+ 0x30, 0x82, 0x01, 0x72, 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, -+ 0x82, 0x37, 0x15, 0x01, 0x04, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x23, -+ 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x02, 0x04, 0x16, -+ 0x04, 0x14, 0xf8, 0xc1, 0x6b, 0xb7, 0x7f, 0x77, 0x53, 0x4a, 0xf3, 0x25, 0x37, -+ 0x1d, 0x4e, 0xa1, 0x26, 0x7b, 0x0f, 0x20, 0x70, 0x80, 0x30, 0x1d, 0x06, 0x03, -+ 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x13, 0xad, 0xbf, 0x43, 0x09, 0xbd, -+ 0x82, 0x70, 0x9c, 0x8c, 0xd5, 0x4f, 0x31, 0x6e, 0xd5, 0x22, 0x98, 0x8a, 0x1b, -+ 0xd4, 0x30, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, -+ 0x02, 0x04, 0x0c, 0x1e, 0x0a, 0x00, 0x53, 0x00, 0x75, 0x00, 0x62, 0x00, 0x43, -+ 0x00, 0x41, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, -+ 0x01, 0x86, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, -+ 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, -+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x45, 0x66, 0x52, 0x43, 0xe1, 0x7e, 0x58, -+ 0x11, 0xbf, 0xd6, 0x4e, 0x9e, 0x23, 0x55, 0x08, 0x3b, 0x3a, 0x22, 0x6a, 0xa8, -+ 0x30, 0x5c, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x55, 0x30, 0x53, 0x30, 0x51, -+ 0xa0, 0x4f, 0xa0, 0x4d, 0x86, 0x4b, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, -+ 0x63, 0x72, 0x6c, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, -+ 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x72, 0x6c, 0x2f, -+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, -+ 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, -+ 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, -+ 0x63, 0x72, 0x6c, 0x30, 0x60, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, -+ 0x01, 0x01, 0x04, 0x54, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, 0x06, 0x01, -+ 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, -+ 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, -+ 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x2f, 0x63, 0x65, 0x72, -+ 0x74, 0x73, 0x2f, 0x4d, 0x69, 0x63, 0x43, 0x6f, 0x72, 0x54, 0x68, 0x69, 0x50, -+ 0x61, 0x72, 0x4d, 0x61, 0x72, 0x52, 0x6f, 0x6f, 0x5f, 0x32, 0x30, 0x31, 0x30, -+ 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x0d, 0x06, -+ 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, -+ 0x82, 0x02, 0x01, 0x00, 0x35, 0x08, 0x42, 0xff, 0x30, 0xcc, 0xce, 0xf7, 0x76, -+ 0x0c, 0xad, 0x10, 0x68, 0x58, 0x35, 0x29, 0x46, 0x32, 0x76, 0x27, 0x7c, 0xef, -+ 0x12, 0x41, 0x27, 0x42, 0x1b, 0x4a, 0xaa, 0x6d, 0x81, 0x38, 0x48, 0x59, 0x13, -+ 0x55, 0xf3, 0xe9, 0x58, 0x34, 0xa6, 0x16, 0x0b, 0x82, 0xaa, 0x5d, 0xad, 0x82, -+ 0xda, 0x80, 0x83, 0x41, 0x06, 0x8f, 0xb4, 0x1d, 0xf2, 0x03, 0xb9, 0xf3, 0x1a, -+ 0x5d, 0x1b, 0xf1, 0x50, 0x90, 0xf9, 0xb3, 0x55, 0x84, 0x42, 0x28, 0x1c, 0x20, -+ 0xbd, 0xb2, 0xae, 0x51, 0x14, 0xc5, 0xc0, 0xac, 0x97, 0x95, 0x21, 0x1c, 0x90, -+ 0xdb, 0x0f, 0xfc, 0x77, 0x9e, 0x95, 0x73, 0x91, 0x88, 0xca, 0xbd, 0xbd, 0x52, -+ 0xb9, 0x05, 0x50, 0x0d, 0xdf, 0x57, 0x9e, 0xa0, 0x61, 0xed, 0x0d, 0xe5, 0x6d, -+ 0x25, 0xd9, 0x40, 0x0f, 0x17, 0x40, 0xc8, 0xce, 0xa3, 0x4a, 0xc2, 0x4d, 0xaf, -+ 0x9a, 0x12, 0x1d, 0x08, 0x54, 0x8f, 0xbd, 0xc7, 0xbc, 0xb9, 0x2b, 0x3d, 0x49, -+ 0x2b, 0x1f, 0x32, 0xfc, 0x6a, 0x21, 0x69, 0x4f, 0x9b, 0xc8, 0x7e, 0x42, 0x34, -+ 0xfc, 0x36, 0x06, 0x17, 0x8b, 0x8f, 0x20, 0x40, 0xc0, 0xb3, 0x9a, 0x25, 0x75, -+ 0x27, 0xcd, 0xc9, 0x03, 0xa3, 0xf6, 0x5d, 0xd1, 0xe7, 0x36, 0x54, 0x7a, 0xb9, -+ 0x50, 0xb5, 0xd3, 0x12, 0xd1, 0x07, 0xbf, 0xbb, 0x74, 0xdf, 0xdc, 0x1e, 0x8f, -+ 0x80, 0xd5, 0xed, 0x18, 0xf4, 0x2f, 0x14, 0x16, 0x6b, 0x2f, 0xde, 0x66, 0x8c, -+ 0xb0, 0x23, 0xe5, 0xc7, 0x84, 0xd8, 0xed, 0xea, 0xc1, 0x33, 0x82, 0xad, 0x56, -+ 0x4b, 0x18, 0x2d, 0xf1, 0x68, 0x95, 0x07, 0xcd, 0xcf, 0xf0, 0x72, 0xf0, 0xae, -+ 0xbb, 0xdd, 0x86, 0x85, 0x98, 0x2c, 0x21, 0x4c, 0x33, 0x2b, 0xf0, 0x0f, 0x4a, -+ 0xf0, 0x68, 0x87, 0xb5, 0x92, 0x55, 0x32, 0x75, 0xa1, 0x6a, 0x82, 0x6a, 0x3c, -+ 0xa3, 0x25, 0x11, 0xa4, 0xed, 0xad, 0xd7, 0x04, 0xae, 0xcb, 0xd8, 0x40, 0x59, -+ 0xa0, 0x84, 0xd1, 0x95, 0x4c, 0x62, 0x91, 0x22, 0x1a, 0x74, 0x1d, 0x8c, 0x3d, -+ 0x47, 0x0e, 0x44, 0xa6, 0xe4, 0xb0, 0x9b, 0x34, 0x35, 0xb1, 0xfa, 0xb6, 0x53, -+ 0xa8, 0x2c, 0x81, 0xec, 0xa4, 0x05, 0x71, 0xc8, 0x9d, 0xb8, 0xba, 0xe8, 0x1b, -+ 0x44, 0x66, 0xe4, 0x47, 0x54, 0x0e, 0x8e, 0x56, 0x7f, 0xb3, 0x9f, 0x16, 0x98, -+ 0xb2, 0x86, 0xd0, 0x68, 0x3e, 0x90, 0x23, 0xb5, 0x2f, 0x5e, 0x8f, 0x50, 0x85, -+ 0x8d, 0xc6, 0x8d, 0x82, 0x5f, 0x41, 0xa1, 0xf4, 0x2e, 0x0d, 0xe0, 0x99, 0xd2, -+ 0x6c, 0x75, 0xe4, 0xb6, 0x69, 0xb5, 0x21, 0x86, 0xfa, 0x07, 0xd1, 0xf6, 0xe2, -+ 0x4d, 0xd1, 0xda, 0xad, 0x2c, 0x77, 0x53, 0x1e, 0x25, 0x32, 0x37, 0xc7, 0x6c, -+ 0x52, 0x72, 0x95, 0x86, 0xb0, 0xf1, 0x35, 0x61, 0x6a, 0x19, 0xf5, 0xb2, 0x3b, -+ 0x81, 0x50, 0x56, 0xa6, 0x32, 0x2d, 0xfe, 0xa2, 0x89, 0xf9, 0x42, 0x86, 0x27, -+ 0x18, 0x55, 0xa1, 0x82, 0xca, 0x5a, 0x9b, 0xf8, 0x30, 0x98, 0x54, 0x14, 0xa6, -+ 0x47, 0x96, 0x25, 0x2f, 0xc8, 0x26, 0xe4, 0x41, 0x94, 0x1a, 0x5c, 0x02, 0x3f, -+ 0xe5, 0x96, 0xe3, 0x85, 0x5b, 0x3c, 0x3e, 0x3f, 0xbb, 0x47, 0x16, 0x72, 0x55, -+ 0xe2, 0x25, 0x22, 0xb1, 0xd9, 0x7b, 0xe7, 0x03, 0x06, 0x2a, 0xa3, 0xf7, 0x1e, -+ 0x90, 0x46, 0xc3, 0x00, 0x0d, 0xd6, 0x19, 0x89, 0xe3, 0x0e, 0x35, 0x27, 0x62, -+ 0x03, 0x71, 0x15, 0xa6, 0xef, 0xd0, 0x27, 0xa0, 0xa0, 0x59, 0x37, 0x60, 0xf8, -+ 0x38, 0x94, 0xb8, 0xe0, 0x78, 0x70, 0xf8, 0xba, 0x4c, 0x86, 0x87, 0x94, 0xf6, -+ 0xe0, 0xae, 0x02, 0x45, 0xee, 0x65, 0xc2, 0xb6, 0xa3, 0x7e, 0x69, 0x16, 0x75, -+ 0x07, 0x92, 0x9b, 0xf5, 0xa6, 0xbc, 0x59, 0x83, 0x58 -+}; -+ -+// -+// The Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmDBXisPresent test case -+// of the Secure Boot Logo Test in the Microsoft Hardware Certification Kit -+// expects that the "dbx" variable exist. -+// -+// The article at -+// writes (excerpt): -+// -+// Windows 8.1 Secure Boot Key Creation and Management Guidance -+// 1. Secure Boot, Windows 8.1 and Key Management -+// 1.4 Signature Databases (Db and Dbx) -+// 1.4.3 Forbidden Signature Database (dbx) -+// -+// The contents of EFI_IMAGE_SIGNATURE_DATABASE1 dbx must be checked when -+// verifying images before checking db and any matches must prevent the -+// image from executing. The database may contain multiple certificates, -+// keys, and hashes in order to identify forbidden images. The Windows -+// Hardware Certification Requirements state that a dbx must be present, so -+// any dummy value, such as the SHA-256 hash of 0, may be used as a safe -+// placeholder until such time as Microsoft begins delivering dbx updates. -+// -+// The byte array below captures the SHA256 checksum of the empty file, -+// blacklisting it for loading & execution. This qualifies as a dummy, since -+// the empty file is not a valid UEFI binary anyway. -+// -+// Technically speaking, we could also capture an official (although soon to be -+// obsolete) dbx update from . However, -+// the terms and conditions on distributing that binary aren't exactly light -+// reading, so let's best steer clear of it, and follow the "dummy entry" -+// practice recommended -- in natural English langauge -- in the -+// above-referenced TechNet article. -+// -+STATIC CONST UINT8 mSha256OfDevNull[] = { -+ 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, -+ 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, -+ 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 -+}; -+ -+// -+// The following test cases of the Secure Boot Logo Test in the Microsoft -+// Hardware Certification Kit: -+// -+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxVerifyMicrosoftKEKpresent -+// - Microsoft.UefiSecureBootLogo.Tests.OutOfBoxConfirmMicrosoftSignatureInDB -+// -+// expect the EFI_SIGNATURE_DATA.SignatureOwner GUID to be -+// 77FA9ABD-0359-4D32-BD60-28F4E78F784B, when the -+// EFI_SIGNATURE_DATA.SignatureData field carries any of the following X509 -+// certificates: -+// -+// - "Microsoft Corporation KEK CA 2011" (in KEK) -+// - "Microsoft Windows Production PCA 2011" (in db) -+// - "Microsoft Corporation UEFI CA 2011" (in db) -+// -+// This is despite the fact that the UEFI specification requires -+// EFI_SIGNATURE_DATA.SignatureOwner to reflect the agent (i.e., OS, -+// application or driver) that enrolled and therefore owns -+// EFI_SIGNATURE_DATA.SignatureData, and not the organization that issued -+// EFI_SIGNATURE_DATA.SignatureData. -+// -+STATIC CONST EFI_GUID mMicrosoftOwnerGuid = { -+ 0x77fa9abd, 0x0359, 0x4d32, -+ { 0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b }, -+}; -+ -+// -+// The most important thing about the variable payload is that it is a list of -+// lists, where the element size of any given *inner* list is constant. -+// -+// Since X509 certificates vary in size, each of our *inner* lists will contain -+// one element only (one X.509 certificate). This is explicitly mentioned in -+// the UEFI specification, in "28.4.1 Signature Database", in a Note. -+// -+// The list structure looks as follows: -+// -+// struct EFI_VARIABLE_AUTHENTICATION_2 { | -+// struct EFI_TIME { | -+// UINT16 Year; | -+// UINT8 Month; | -+// UINT8 Day; | -+// UINT8 Hour; | -+// UINT8 Minute; | -+// UINT8 Second; | -+// UINT8 Pad1; | -+// UINT32 Nanosecond; | -+// INT16 TimeZone; | -+// UINT8 Daylight; | -+// UINT8 Pad2; | -+// } TimeStamp; | -+// | -+// struct WIN_CERTIFICATE_UEFI_GUID { | | -+// struct WIN_CERTIFICATE { | | -+// UINT32 dwLength; ----------------------------------------+ | -+// UINT16 wRevision; | | -+// UINT16 wCertificateType; | | -+// } Hdr; | +- DataSize -+// | | -+// EFI_GUID CertType; | | -+// UINT8 CertData[1] = { <--- "struct hack" | | -+// struct EFI_SIGNATURE_LIST { | | | -+// EFI_GUID SignatureType; | | | -+// UINT32 SignatureListSize; -------------------------+ | | -+// UINT32 SignatureHeaderSize; | | | -+// UINT32 SignatureSize; ---------------------------+ | | | -+// UINT8 SignatureHeader[SignatureHeaderSize]; | | | | -+// v | | | -+// struct EFI_SIGNATURE_DATA { | | | | -+// EFI_GUID SignatureOwner; | | | | -+// UINT8 SignatureData[1] = { <--- "struct hack" | | | | -+// X.509 payload | | | | -+// } | | | | -+// } Signatures[]; | | | -+// } SigLists[]; | | -+// }; | | -+// } AuthInfo; | | -+// }; | -+// -+// Given that the "struct hack" invokes undefined behavior (which is why C99 -+// introduced the flexible array member), and because subtracting those pesky -+// sizes of 1 is annoying, and because the format is fully specified in the -+// UEFI specification, we'll introduce two matching convenience structures that -+// are customized for our X.509 purposes. -+// -+#pragma pack(1) -+typedef struct { -+ EFI_TIME TimeStamp; -+ -+ // -+ // dwLength covers data below -+ // -+ UINT32 dwLength; -+ UINT16 wRevision; -+ UINT16 wCertificateType; -+ EFI_GUID CertType; -+} SINGLE_HEADER; -+ -+typedef struct { -+ // -+ // SignatureListSize covers data below -+ // -+ EFI_GUID SignatureType; -+ UINT32 SignatureListSize; -+ UINT32 SignatureHeaderSize; // constant 0 -+ UINT32 SignatureSize; -+ -+ // -+ // SignatureSize covers data below -+ // -+ EFI_GUID SignatureOwner; -+ -+ // -+ // X.509 certificate follows -+ // -+} REPEATING_HEADER; -+#pragma pack() -+ -+/** -+ Enroll a set of certificates in a global variable, overwriting it. -+ -+ The variable will be rewritten with NV+BS+RT+AT attributes. -+ -+ @param[in] VariableName The name of the variable to overwrite. -+ -+ @param[in] VendorGuid The namespace (ie. vendor GUID) of the variable to -+ overwrite. -+ -+ @param[in] CertType The GUID determining the type of all the -+ certificates in the set that is passed in. For -+ example, gEfiCertX509Guid stands for DER-encoded -+ X.509 certificates, while gEfiCertSha256Guid stands -+ for SHA256 image hashes. -+ -+ @param[in] ... A list of -+ -+ IN CONST UINT8 *Cert, -+ IN UINTN CertSize, -+ IN CONST EFI_GUID *OwnerGuid -+ -+ triplets. If the first component of a triplet is -+ NULL, then the other two components are not -+ accessed, and processing is terminated. The list of -+ certificates is enrolled in the variable specified, -+ overwriting it. The OwnerGuid component identifies -+ the agent installing the certificate. -+ -+ @retval EFI_INVALID_PARAMETER The triplet list is empty (ie. the first Cert -+ value is NULL), or one of the CertSize values -+ is 0, or one of the CertSize values would -+ overflow the accumulated UINT32 data size. -+ -+ @retval EFI_OUT_OF_RESOURCES Out of memory while formatting variable -+ payload. -+ -+ @retval EFI_SUCCESS Enrollment successful; the variable has been -+ overwritten (or created). -+ -+ @return Error codes from gRT->GetTime() and -+ gRT->SetVariable(). -+**/ -+STATIC -+EFI_STATUS -+EFIAPI -+EnrollListOfCerts ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ IN EFI_GUID *CertType, -+ ... -+ ) -+{ -+ UINTN DataSize; -+ SINGLE_HEADER *SingleHeader; -+ REPEATING_HEADER *RepeatingHeader; -+ VA_LIST Marker; -+ CONST UINT8 *Cert; -+ EFI_STATUS Status; -+ UINT8 *Data; -+ UINT8 *Position; -+ -+ Status = EFI_SUCCESS; -+ -+ // -+ // compute total size first, for UINT32 range check, and allocation -+ // -+ DataSize = sizeof *SingleHeader; -+ VA_START (Marker, CertType); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ (VOID)VA_ARG (Marker, CONST EFI_GUID *); -+ -+ if (CertSize == 0 || -+ CertSize > MAX_UINT32 - sizeof *RepeatingHeader || -+ DataSize > MAX_UINT32 - sizeof *RepeatingHeader - CertSize) { -+ Status = EFI_INVALID_PARAMETER; -+ break; -+ } -+ DataSize += sizeof *RepeatingHeader + CertSize; -+ } -+ VA_END (Marker); -+ -+ if (DataSize == sizeof *SingleHeader) { -+ Status = EFI_INVALID_PARAMETER; -+ } -+ if (EFI_ERROR (Status)) { -+ goto Out; -+ } -+ -+ Data = AllocatePool (DataSize); -+ if (Data == NULL) { -+ Status = EFI_OUT_OF_RESOURCES; -+ goto Out; -+ } -+ -+ Position = Data; -+ -+ SingleHeader = (SINGLE_HEADER *)Position; -+ Status = gRT->GetTime (&SingleHeader->TimeStamp, NULL); -+ if (EFI_ERROR (Status)) { -+ goto FreeData; -+ } -+ SingleHeader->TimeStamp.Pad1 = 0; -+ SingleHeader->TimeStamp.Nanosecond = 0; -+ SingleHeader->TimeStamp.TimeZone = 0; -+ SingleHeader->TimeStamp.Daylight = 0; -+ SingleHeader->TimeStamp.Pad2 = 0; -+#if 0 -+ SingleHeader->dwLength = DataSize - sizeof SingleHeader->TimeStamp; -+#else -+ // -+ // This looks like a bug in edk2. According to the UEFI specification, -+ // dwLength is "The length of the entire certificate, including the length of -+ // the header, in bytes". That shouldn't stop right after CertType -- it -+ // should include everything below it. -+ // -+ SingleHeader->dwLength = sizeof *SingleHeader -+ - sizeof SingleHeader->TimeStamp; -+#endif -+ SingleHeader->wRevision = 0x0200; -+ SingleHeader->wCertificateType = WIN_CERT_TYPE_EFI_GUID; -+ CopyGuid (&SingleHeader->CertType, &gEfiCertPkcs7Guid); -+ Position += sizeof *SingleHeader; -+ -+ VA_START (Marker, CertType); -+ for (Cert = VA_ARG (Marker, CONST UINT8 *); -+ Cert != NULL; -+ Cert = VA_ARG (Marker, CONST UINT8 *)) { -+ UINTN CertSize; -+ CONST EFI_GUID *OwnerGuid; -+ -+ CertSize = VA_ARG (Marker, UINTN); -+ OwnerGuid = VA_ARG (Marker, CONST EFI_GUID *); -+ -+ RepeatingHeader = (REPEATING_HEADER *)Position; -+ CopyGuid (&RepeatingHeader->SignatureType, CertType); -+ RepeatingHeader->SignatureListSize = -+ (UINT32)(sizeof *RepeatingHeader + CertSize); -+ RepeatingHeader->SignatureHeaderSize = 0; -+ RepeatingHeader->SignatureSize = -+ (UINT32)(sizeof RepeatingHeader->SignatureOwner + CertSize); -+ CopyGuid (&RepeatingHeader->SignatureOwner, OwnerGuid); -+ Position += sizeof *RepeatingHeader; -+ -+ CopyMem (Position, Cert, CertSize); -+ Position += CertSize; -+ } -+ VA_END (Marker); -+ -+ ASSERT (Data + DataSize == Position); -+ -+ Status = gRT->SetVariable (VariableName, VendorGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS | -+ EFI_VARIABLE_RUNTIME_ACCESS | -+ EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS), -+ DataSize, Data); -+ -+FreeData: -+ FreePool (Data); -+ -+Out: -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: %a(\"%s\", %g): %r\n", __FUNCTION__, VariableName, -+ VendorGuid, Status); -+ } -+ return Status; -+} -+ -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetExact ( -+ IN CHAR16 *VariableName, -+ IN EFI_GUID *VendorGuid, -+ OUT VOID *Data, -+ IN UINTN DataSize, -+ IN BOOLEAN AllowMissing -+ ) -+{ -+ UINTN Size; -+ EFI_STATUS Status; -+ -+ Size = DataSize; -+ Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &Size, Data); -+ if (EFI_ERROR (Status)) { -+ if (Status == EFI_NOT_FOUND && AllowMissing) { -+ ZeroMem (Data, DataSize); -+ return EFI_SUCCESS; -+ } -+ -+ AsciiPrint ("error: GetVariable(\"%s\", %g): %r\n", VariableName, -+ VendorGuid, Status); -+ return Status; -+ } -+ -+ if (Size != DataSize) { -+ AsciiPrint ("error: GetVariable(\"%s\", %g): expected size 0x%Lx, " -+ "got 0x%Lx\n", VariableName, VendorGuid, (UINT64)DataSize, (UINT64)Size); -+ return EFI_PROTOCOL_ERROR; -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+typedef struct { -+ UINT8 SetupMode; -+ UINT8 SecureBoot; -+ UINT8 SecureBootEnable; -+ UINT8 CustomMode; -+ UINT8 VendorKeys; -+} SETTINGS; -+ -+STATIC -+EFI_STATUS -+EFIAPI -+GetSettings ( -+ OUT SETTINGS *Settings -+ ) -+{ -+ EFI_STATUS Status; -+ -+ Status = GetExact (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SetupMode, sizeof Settings->SetupMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->SecureBoot, sizeof Settings->SecureBoot, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_SECURE_BOOT_ENABLE_NAME, -+ &gEfiSecureBootEnableDisableGuid, &Settings->SecureBootEnable, -+ sizeof Settings->SecureBootEnable, TRUE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ &Settings->CustomMode, sizeof Settings->CustomMode, FALSE); -+ if (EFI_ERROR (Status)) { -+ return Status; -+ } -+ -+ Status = GetExact (EFI_VENDOR_KEYS_VARIABLE_NAME, &gEfiGlobalVariableGuid, -+ &Settings->VendorKeys, sizeof Settings->VendorKeys, FALSE); -+ return Status; -+} -+ -+STATIC -+VOID -+EFIAPI -+PrintSettings ( -+ IN CONST SETTINGS *Settings -+ ) -+{ -+ AsciiPrint ("info: SetupMode=%d SecureBoot=%d SecureBootEnable=%d " -+ "CustomMode=%d VendorKeys=%d\n", Settings->SetupMode, Settings->SecureBoot, -+ Settings->SecureBootEnable, Settings->CustomMode, Settings->VendorKeys); -+} -+ -+ -+INTN -+EFIAPI -+ShellAppMain ( -+ IN UINTN Argc, -+ IN CHAR16 **Argv -+ ) -+{ -+ EFI_STATUS Status; -+ SETTINGS Settings; -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 1) { -+ AsciiPrint ("error: already in User Mode\n"); -+ return 1; -+ } -+ -+ if (Settings.CustomMode != CUSTOM_SECURE_BOOT_MODE) { -+ Settings.CustomMode = CUSTOM_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ (EFI_VARIABLE_NON_VOLATILE | -+ EFI_VARIABLE_BOOTSERVICE_ACCESS), -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_IMAGE_SECURITY_DATABASE, -+ &gEfiImageSecurityDatabaseGuid, -+ &gEfiCertX509Guid, -+ MicrosoftPCA, sizeof MicrosoftPCA, &mMicrosoftOwnerGuid, -+ MicrosoftUefiCA, sizeof MicrosoftUefiCA, &mMicrosoftOwnerGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_IMAGE_SECURITY_DATABASE1, -+ &gEfiImageSecurityDatabaseGuid, -+ &gEfiCertSha256Guid, -+ mSha256OfDevNull, sizeof mSha256OfDevNull, &gEfiCallerIdGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_KEY_EXCHANGE_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ &gEfiCertX509Guid, -+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiCallerIdGuid, -+ MicrosoftKEK, sizeof MicrosoftKEK, &mMicrosoftOwnerGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Status = EnrollListOfCerts ( -+ EFI_PLATFORM_KEY_NAME, -+ &gEfiGlobalVariableGuid, -+ &gEfiCertX509Guid, -+ RedHatPkKek1, sizeof RedHatPkKek1, &gEfiGlobalVariableGuid, -+ NULL); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ -+ Settings.CustomMode = STANDARD_SECURE_BOOT_MODE; -+ Status = gRT->SetVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, -+ EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, -+ sizeof Settings.CustomMode, &Settings.CustomMode); -+ if (EFI_ERROR (Status)) { -+ AsciiPrint ("error: SetVariable(\"%s\", %g): %r\n", EFI_CUSTOM_MODE_NAME, -+ &gEfiCustomModeEnableGuid, Status); -+ return 1; -+ } -+ -+ Status = GetSettings (&Settings); -+ if (EFI_ERROR (Status)) { -+ return 1; -+ } -+ PrintSettings (&Settings); -+ -+ if (Settings.SetupMode != 0 || Settings.SecureBoot != 1 || -+ Settings.SecureBootEnable != 1 || Settings.CustomMode != 0 || -+ Settings.VendorKeys != 0) { -+ AsciiPrint ("error: unexpected\n"); -+ return 1; -+ } -+ -+ AsciiPrint ("info: success\n"); -+ return 0; -+} -diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -new file mode 100644 -index 0000000000..0ad86a2843 ---- /dev/null -+++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf -@@ -0,0 +1,52 @@ -+## @file -+# Enroll default PK, KEK, DB. -+# -+# Copyright (C) 2014, Red Hat, Inc. -+# -+# This program and the accompanying materials are licensed and made available -+# under the terms and conditions of the BSD License which accompanies this -+# distribution. The full text of the license may be found at -+# http://opensource.org/licenses/bsd-license. -+# -+# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -+# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR -+# IMPLIED. -+## -+ -+[Defines] -+ INF_VERSION = 0x00010006 -+ BASE_NAME = EnrollDefaultKeys -+ FILE_GUID = D5C1DF0B-1BAC-4EDF-BA48-08834009CA5A -+ MODULE_TYPE = UEFI_APPLICATION -+ VERSION_STRING = 0.1 -+ ENTRY_POINT = ShellCEntryLib -+ -+# -+# VALID_ARCHITECTURES = IA32 X64 -+# -+ -+[Sources] -+ EnrollDefaultKeys.c -+ -+[Packages] -+ MdePkg/MdePkg.dec -+ MdeModulePkg/MdeModulePkg.dec -+ SecurityPkg/SecurityPkg.dec -+ ShellPkg/ShellPkg.dec -+ -+[Guids] -+ gEfiCertPkcs7Guid -+ gEfiCertSha256Guid -+ gEfiCertX509Guid -+ gEfiCustomModeEnableGuid -+ gEfiGlobalVariableGuid -+ gEfiImageSecurityDatabaseGuid -+ gEfiSecureBootEnableDisableGuid -+ -+[LibraryClasses] -+ BaseMemoryLib -+ DebugLib -+ MemoryAllocationLib -+ ShellCEntryLib -+ UefiLib -+ UefiRuntimeServicesTableLib -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 3f1da66aab..bc75e03d47 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -864,6 +864,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 9bb0a4cede..f630737662 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -873,6 +873,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 3b7fc5328c..ac70a0cac1 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -871,6 +871,10 @@ - - !if $(SECURE_BOOT_ENABLE) == TRUE - SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf -+ OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf { -+ -+ ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf -+ } - !endif - - OvmfPkg/PlatformDxe/Platform.inf --- -2.18.1 - diff --git a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch deleted file mode 100644 index c85291d..0000000 --- a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +++ /dev/null @@ -1,76 +0,0 @@ -From c3f07e323e76856f1b42ea7b8c598ba3201c28a2 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 14 Oct 2015 13:49:43 +0200 -Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Drew has proposed that ARM|AARCH64 platform firmware (especially virtual -machine firmware) print a reasonably early, simple hello message to the -serial port, regardless of debug mask settings. This should inform -interactive users, and provide some rough help in localizing boot -problems, even with restrictive debug masks. - -If a platform doesn't want this feature, it should stick with the default -empty string. - -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 -Downstream only: -. - -Suggested-by: Drew Jones -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30) -(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750) -(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16) -(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27) -(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1) -Signed-off-by: Danilo C. L. de Paula ---- - ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec -index 44c00bd0c1..40c8ec3251 100644 ---- a/ArmPlatformPkg/ArmPlatformPkg.dec -+++ b/ArmPlatformPkg/ArmPlatformPkg.dec -@@ -114,6 +114,13 @@ - ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers - gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 - -+ # -+ # Early hello message (ASCII string), printed to the serial port. -+ # If set to the empty string, nothing is printed. -+ # Otherwise, a trailing CRLF should be specified explicitly. -+ # -+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100 -+ - [PcdsFixedAtBuild.common,PcdsDynamic.common] - ## PL031 RealTimeClock - gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 --- -2.18.1 - diff --git a/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch new file mode 100644 index 0000000..8600508 --- /dev/null +++ b/SOURCES/0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -0,0 +1,223 @@ +From 8338545260fbb423f796d5196faaaf8ff6e1ed99 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Sun, 26 Jul 2015 08:02:50 +0000 +Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- Refresh downstream-only commit d4564d39dfdb against context changes in + "ArmVirtPkg/ArmVirtQemu.dsc" from upstream commit 7e5f1b673870 + ("ArmVirtPkg/PlatformHasAcpiDtDxe: allow guest level ACPI disable + override", 2017-03-29). + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- Adapt commit 6b97969096a3 to the fact that upstream has deprecated such + setter functions for dynamic PCDs that don't return a status code (such + as PcdSetBool()). Employ PcdSetBoolS(), and assert that it succeeds -- + there's really no circumstance in this case when it could fail. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262) +(cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c) +(cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65) +(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806) +(cherry picked from commit 232fcf06f6b3048b7c2ebd6931f23186b3852f04) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 7 +- + .../TerminalPcdProducerLib.c | 87 +++++++++++++++++++ + .../TerminalPcdProducerLib.inf | 41 +++++++++ + 3 files changed, 134 insertions(+), 1 deletion(-) + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c + create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index a3cc3f26ec..696b0b5bcd 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -237,6 +237,8 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 + gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE + ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm|FALSE ++ + [PcdsDynamicHii] + gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS + +@@ -314,7 +316,10 @@ + MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf + MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf + MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf +- MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf ++ MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf { ++ ++ NULL|ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf ++ } + MdeModulePkg/Universal/SerialDxe/SerialDxe.inf + + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +new file mode 100644 +index 0000000000..814ad48199 +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c +@@ -0,0 +1,87 @@ ++/** @file ++* Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++* ++* Copyright (C) 2015-2016, Red Hat, Inc. ++* Copyright (c) 2014, Linaro Ltd. All rights reserved.
++* ++* This program and the accompanying materials are licensed and made available ++* under the terms and conditions of the BSD License which accompanies this ++* distribution. The full text of the license may be found at ++* http://opensource.org/licenses/bsd-license.php ++* ++* THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++* WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++* IMPLIED. ++* ++**/ ++ ++#include ++#include ++#include ++ ++STATIC ++RETURN_STATUS ++GetNamedFwCfgBoolean ( ++ IN CONST CHAR8 *FwCfgFileName, ++ OUT BOOLEAN *Setting ++ ) ++{ ++ RETURN_STATUS Status; ++ FIRMWARE_CONFIG_ITEM FwCfgItem; ++ UINTN FwCfgSize; ++ UINT8 Value[3]; ++ ++ Status = QemuFwCfgFindFile (FwCfgFileName, &FwCfgItem, &FwCfgSize); ++ if (RETURN_ERROR (Status)) { ++ return Status; ++ } ++ if (FwCfgSize > sizeof Value) { ++ return RETURN_BAD_BUFFER_SIZE; ++ } ++ QemuFwCfgSelectItem (FwCfgItem); ++ QemuFwCfgReadBytes (FwCfgSize, Value); ++ ++ if ((FwCfgSize == 1) || ++ (FwCfgSize == 2 && Value[1] == '\n') || ++ (FwCfgSize == 3 && Value[1] == '\r' && Value[2] == '\n')) { ++ switch (Value[0]) { ++ case '0': ++ case 'n': ++ case 'N': ++ *Setting = FALSE; ++ return RETURN_SUCCESS; ++ ++ case '1': ++ case 'y': ++ case 'Y': ++ *Setting = TRUE; ++ return RETURN_SUCCESS; ++ ++ default: ++ break; ++ } ++ } ++ return RETURN_PROTOCOL_ERROR; ++} ++ ++#define UPDATE_BOOLEAN_PCD_FROM_FW_CFG(TokenName) \ ++ do { \ ++ BOOLEAN Setting; \ ++ RETURN_STATUS PcdStatus; \ ++ \ ++ if (!RETURN_ERROR (GetNamedFwCfgBoolean ( \ ++ "opt/org.tianocore.edk2.aavmf/" #TokenName, &Setting))) { \ ++ PcdStatus = PcdSetBoolS (TokenName, Setting); \ ++ ASSERT_RETURN_ERROR (PcdStatus); \ ++ } \ ++ } while (0) ++ ++RETURN_STATUS ++EFIAPI ++TerminalPcdProducerLibConstructor ( ++ VOID ++ ) ++{ ++ UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); ++ return RETURN_SUCCESS; ++} +diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +new file mode 100644 +index 0000000000..fecb37bcdf +--- /dev/null ++++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf +@@ -0,0 +1,41 @@ ++## @file ++# Plugin library for setting up dynamic PCDs for TerminalDxe, from fw_cfg ++# ++# Copyright (C) 2015-2016, Red Hat, Inc. ++# Copyright (c) 2014, Linaro Ltd. All rights reserved.
++# ++# This program and the accompanying materials are licensed and made available ++# under the terms and conditions of the BSD License which accompanies this ++# distribution. The full text of the license may be found at ++# http://opensource.org/licenses/bsd-license.php ++# ++# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR ++# IMPLIED. ++# ++## ++ ++[Defines] ++ INF_VERSION = 0x00010005 ++ BASE_NAME = TerminalPcdProducerLib ++ FILE_GUID = 4a0c5ed7-8c42-4c01-8f4c-7bf258316a96 ++ MODULE_TYPE = BASE ++ VERSION_STRING = 1.0 ++ LIBRARY_CLASS = TerminalPcdProducerLib|DXE_DRIVER ++ CONSTRUCTOR = TerminalPcdProducerLibConstructor ++ ++[Sources] ++ TerminalPcdProducerLib.c ++ ++[Packages] ++ MdePkg/MdePkg.dec ++ OvmfPkg/OvmfPkg.dec ++ MdeModulePkg/MdeModulePkg.dec ++ ++[LibraryClasses] ++ DebugLib ++ PcdLib ++ QemuFwCfgLib ++ ++[Pcd] ++ gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm +-- +2.18.1 + diff --git a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch deleted file mode 100644 index fae39ec..0000000 --- a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +++ /dev/null @@ -1,128 +0,0 @@ -From bb71490fdda3b38fa9f071d281b863f9b64363bf Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 14 Oct 2015 13:59:20 +0200 -Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial - port (RH) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed - temporary stack before entering PEI core", 2017-11-09) -- conflict - resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf" - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -The FixedPcdGetSize() macro expands to an integer constant, therefore an -optimizing compiler can eliminate the new code, if the platform DSC -doesn't override the empty string (size=1) default of -PcdEarlyHelloMessage. - -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 -Downstream only: -. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e) -(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac) -(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd) -(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a) -(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de) -Signed-off-by: Danilo C. L. de Paula ---- - ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ - ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ - ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 + - ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++ - ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++ - 5 files changed, 15 insertions(+) - -diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c -index dc47adbaff..cbd72232c7 100644 ---- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c -+++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c -@@ -117,6 +117,11 @@ PrimaryMain ( - UINTN TemporaryRamBase; - UINTN TemporaryRamSize; - -+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { -+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), -+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); -+ } -+ - CreatePpiList (&PpiListSize, &PpiList); - - // Enable the GIC Distributor -diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c -index 134a469427..af39fc017c 100644 ---- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c -+++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c -@@ -35,6 +35,11 @@ PrimaryMain ( - UINTN TemporaryRamBase; - UINTN TemporaryRamSize; - -+ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { -+ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), -+ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); -+ } -+ - CreatePpiList (&PpiListSize, &PpiList); - - // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at -diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -index 160894620c..bf843d7768 100644 ---- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - - #include - #include -diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf -index e3a31fa7c6..1bc0c45420 100644 ---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf -+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf -@@ -72,6 +72,8 @@ - gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize - gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize - -+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage -+ - gArmTokenSpaceGuid.PcdGicDistributorBase - gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase - gArmTokenSpaceGuid.PcdGicSgiIntId -diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf -index ec83cec2d8..b100820491 100644 ---- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf -+++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf -@@ -70,4 +70,6 @@ - gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize - gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize - -+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage -+ - gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack --- -2.18.1 - diff --git a/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch new file mode 100644 index 0000000..0023ba2 --- /dev/null +++ b/SOURCES/0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -0,0 +1,147 @@ +From 229c88dc3ded9baeaca8b87767dc5c41c05afd6e Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 4 Nov 2014 23:02:53 +0100 +Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH + only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- update the patch against the following upstream commits: + - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19) + - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5 + tool chain", 2018-11-27) + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no change + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Message-id: <1415138578-27173-14-git-send-email-lersek@redhat.com> +Patchwork-id: 62119 +O-Subject: [RHEL-7.1 ovmf PATCH v2 13/18] OvmfPkg: allow exclusion of the shell + from the firmware image (RH only) +Bugzilla: 1147592 +Acked-by: Andrew Jones +Acked-by: Gerd Hoffmann +Acked-by: Vitaly Kuznetsov + +When '-D EXCLUDE_SHELL_FROM_FD' is passed to 'build', exclude the shell +binary from the firmware image. + +Peter Jones advised us that firmware vendors for physical systems disable +the memory-mapped, firmware image-contained UEFI shell in +SecureBoot-enabled builds. The reason being that the memory-mapped shell +can always load, it may have direct access to various hardware in the +system, and it can run UEFI shell scripts (which cannot be signed at all). + +Intended use of the new build option: + +- In-tree builds: don't pass '-D EXCLUDE_SHELL_FROM_FD'. The resultant + firmware image will contain a shell binary, independently of SecureBoot + enablement, which is flexible for interactive development. (Ie. no + change for in-tree builds.) + +- RPM builds: pass both '-D SECURE_BOOT_ENABLE' and + '-D EXCLUDE_SHELL_FROM_FD'. The resultant RPM will provide: + + - OVMF_CODE.fd: SecureBoot-enabled firmware, without builtin UEFI shell, + + - OVMF_VARS.fd: variable store template matching OVMF_CODE.fd, + + - UefiShell.iso: a bootable ISO image with the shell on it as default + boot loader. The shell binary will load when SecureBoot is turned off, + and won't load when SecureBoot is turned on (because it is not + signed). + + UefiShell.iso is the reason we're not excluding the shell from the DSC + files as well, only the FDF files -- when '-D EXCLUDE_SHELL_FROM_FD' + is specified, the shell binary needs to be built the same, only it + will be included in UefiShell.iso. + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 9c391def70366cabae08e6008814299c3372fafd) +(cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933) +(cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b) +(cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245) +(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687) +(cherry picked from commit 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4) +--- + OvmfPkg/OvmfPkgIa32.fdf | 2 ++ + OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ + OvmfPkg/OvmfPkgX64.fdf | 2 ++ + 3 files changed, 6 insertions(+) + +diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf +index 326f82384e..dff2fcd9f6 100644 +--- a/OvmfPkg/OvmfPkgIa32.fdf ++++ b/OvmfPkg/OvmfPkgIa32.fdf +@@ -278,10 +278,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf ++!endif + + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + +diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf +index aefb6614ad..6684a2e799 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.fdf ++++ b/OvmfPkg/OvmfPkgIa32X64.fdf +@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf ++!endif + + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + +diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf +index aefb6614ad..6684a2e799 100644 +--- a/OvmfPkg/OvmfPkgX64.fdf ++++ b/OvmfPkg/OvmfPkgX64.fdf +@@ -279,10 +279,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour + INF FatPkg/EnhancedFatDxe/Fat.inf + INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf + ++!ifndef $(EXCLUDE_SHELL_FROM_FD) + !if $(TOOL_CHAIN_TAG) != "XCODE5" + INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf + !endif + INF ShellPkg/Application/Shell/Shell.inf ++!endif + + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + +-- +2.18.1 + diff --git a/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch new file mode 100644 index 0000000..7bdb27e --- /dev/null +++ b/SOURCES/0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -0,0 +1,81 @@ +From 9f756c1ad83cc81f7d892cd036d59a2b567b02dc Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:49:43 +0200 +Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Drew has proposed that ARM|AARCH64 platform firmware (especially virtual +machine firmware) print a reasonably early, simple hello message to the +serial port, regardless of debug mask settings. This should inform +interactive users, and provide some rough help in localizing boot +problems, even with restrictive debug masks. + +If a platform doesn't want this feature, it should stick with the default +empty string. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Suggested-by: Drew Jones +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 7ce97b06421434c82095f01a1753a8c9c546cc30) +(cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750) +(cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16) +(cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27) +(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1) +(cherry picked from commit c3f07e323e76856f1b42ea7b8c598ba3201c28a2) +--- + ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec +index c8ea183313..bab4804a17 100644 +--- a/ArmPlatformPkg/ArmPlatformPkg.dec ++++ b/ArmPlatformPkg/ArmPlatformPkg.dec +@@ -108,6 +108,13 @@ + ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers + gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 + ++ # ++ # Early hello message (ASCII string), printed to the serial port. ++ # If set to the empty string, nothing is printed. ++ # Otherwise, a trailing CRLF should be specified explicitly. ++ # ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|""|VOID*|0x00000100 ++ + [PcdsFixedAtBuild.common,PcdsDynamic.common] + ## PL031 RealTimeClock + gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 +-- +2.18.1 + diff --git a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch deleted file mode 100644 index 849fadc..0000000 --- a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch +++ /dev/null @@ -1,63 +0,0 @@ -From fb2032bbea7e02c426855cf86a323556d493fd8a Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 14 Oct 2015 14:07:17 +0200 -Subject: ArmVirtPkg: set early hello message (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg: - don't set PcdCoreCount", 2019-02-13) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: - -- no changes - -Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: - -- no changes - -Print a friendly banner on QEMU, regardless of debug mask settings. - -RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 -Downstream only: -. - -Contributed-under: TianoCore Contribution Agreement 1.0 -Signed-off-by: Laszlo Ersek -(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925) -(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a) -(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c) -(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18) -(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18) -Signed-off-by: Danilo C. L. de Paula ---- - ArmVirtPkg/ArmVirtQemu.dsc | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 9fc78d4e0a..a4cd66b846 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -94,6 +94,7 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE - - [PcdsFixedAtBuild.common] -+ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n" - !if $(ARCH) == AARCH64 - gArmTokenSpaceGuid.PcdVFPEnabled|1 - !endif --- -2.18.1 - diff --git a/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch new file mode 100644 index 0000000..ed0b97b --- /dev/null +++ b/SOURCES/0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -0,0 +1,133 @@ +From 8d5a8827aabc67cb2a046697e1a750ca8d9cc453 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 13:59:20 +0200 +Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial + port (RH) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- adapt to upstream commit 7e2a8dfe8a9a ("ArmPlatformPkg/PrePeiCore: seed + temporary stack before entering PEI core", 2017-11-09) -- conflict + resolution in "ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf" + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +The FixedPcdGetSize() macro expands to an integer constant, therefore an +optimizing compiler can eliminate the new code, if the platform DSC +doesn't override the empty string (size=1) default of +PcdEarlyHelloMessage. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit b16c4c505ce0e27305235533eac9236aa66f132e) +(cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac) +(cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd) +(cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a) +(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de) +(cherry picked from commit bb71490fdda3b38fa9f071d281b863f9b64363bf) +--- + ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ + ArmPlatformPkg/PrePeiCore/PrePeiCore.h | 1 + + ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf | 2 ++ + ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf | 2 ++ + 5 files changed, 15 insertions(+) + +diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +index d379ad8b7a..ff1672f94d 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c +@@ -111,6 +111,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Enable the GIC Distributor +diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +index 1500d2bd51..5b0790beac 100644 +--- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c ++++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c +@@ -29,6 +29,11 @@ PrimaryMain ( + UINTN TemporaryRamBase; + UINTN TemporaryRamSize; + ++ if (FixedPcdGetSize (PcdEarlyHelloMessage) > 1) { ++ SerialPortWrite (FixedPcdGetPtr (PcdEarlyHelloMessage), ++ FixedPcdGetSize (PcdEarlyHelloMessage) - 1); ++ } ++ + CreatePpiList (&PpiListSize, &PpiList); + + // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +index 7140c7f5b5..1d69a2b468 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include + #include +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +index f2ac45d171..fc93fda965 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +@@ -67,6 +67,8 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage ++ + gArmTokenSpaceGuid.PcdGicDistributorBase + gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase + gArmTokenSpaceGuid.PcdGicSgiIntId +diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +index 84c319c367..46d1b30978 100644 +--- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf ++++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +@@ -65,4 +65,6 @@ + gArmPlatformTokenSpaceGuid.PcdCPUCorePrimaryStackSize + gArmPlatformTokenSpaceGuid.PcdCPUCoreSecondaryStackSize + ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage ++ + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack +-- +2.18.1 + diff --git a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch deleted file mode 100644 index d492ddb..0000000 --- a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 7e6d5dc4078c64be6d55d8fc3317c59a91507a50 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 21 Nov 2017 00:57:45 +0100 -Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Message-id: <20171120235748.29669-5-pbonzini@redhat.com> -Patchwork-id: 77760 -O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) -Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek - -Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed -debug messages, and code in OvmfPkg logs many messages on the -DEBUG_VERBOSE level. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Paolo Bonzini -(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117) -(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9) -(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76) -(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index bc75e03d47..8093e6f000 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -484,7 +484,7 @@ - # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may - # // significantly impact boot performance - # DEBUG_ERROR 0x80000000 // Error -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index f630737662..eca9b4e6db 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -489,7 +489,7 @@ - # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may - # // significantly impact boot performance - # DEBUG_ERROR 0x80000000 // Error -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index ac70a0cac1..3ff9a3181e 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -489,7 +489,7 @@ - # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may - # // significantly impact boot performance - # DEBUG_ERROR 0x80000000 // Error -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 --- -2.18.1 - diff --git a/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch new file mode 100644 index 0000000..9330386 --- /dev/null +++ b/SOURCES/0017-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -0,0 +1,68 @@ +From ba73b99d5cb38f87c1a8f0936d515eaaefa3f04b Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 14 Oct 2015 14:07:17 +0200 +Subject: ArmVirtPkg: set early hello message (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg: + don't set PcdCoreCount", 2019-02-13) + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Notes about the 20170228-c325e41585e3 -> 20171011-92d07e48907f rebase: + +- no changes + +Notes about the 20160608b-988715a -> 20170228-c325e41585e3 rebase: + +- no changes + +Print a friendly banner on QEMU, regardless of debug mask settings. + +RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1270279 +Downstream only: +. + +Contributed-under: TianoCore Contribution Agreement 1.0 +Signed-off-by: Laszlo Ersek +(cherry picked from commit 5d4a15b9019728b2d96322bc679099da49916925) +(cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a) +(cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c) +(cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18) +(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18) +(cherry picked from commit fb2032bbea7e02c426855cf86a323556d493fd8a) +--- + ArmVirtPkg/ArmVirtQemu.dsc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 696b0b5bcd..08c7a36339 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -101,6 +101,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE + + [PcdsFixedAtBuild.common] ++ gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n" + !if $(ARCH) == AARCH64 + gArmTokenSpaceGuid.PcdVFPEnabled|1 + !endif +-- +2.18.1 + diff --git a/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch deleted file mode 100644 index 777fb22..0000000 --- a/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +++ /dev/null @@ -1,130 +0,0 @@ -From b06b87f8ffd4fed4ef7eacb13689a9b6d111f850 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 21 Nov 2017 00:57:46 +0100 -Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in - QemuVideoDxe/QemuRamfbDxe (RH) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14) - introduced another GOP driver that consumes FrameBufferBltLib, and - thereby produces a large number of (mostly useless) debug messages at - the DEBUG_VERBOSE level. Extend the patch to suppress those messages in - both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly. - QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also - the original commit message at the bottom of this downstream patch). - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Message-id: <20171120235748.29669-6-pbonzini@redhat.com> -Patchwork-id: 77761 -O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - QemuVideoDxe (RH only) -Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek - -In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses -MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to -FrameBufferBltLib. - -The FrameBufferBltLib instance added in commit b1ca386074bd -("MdeModulePkg: Add FrameBufferBltLib library instance") logs many -messages on the VERBOSE level; for example, a normal boot with OVMF can -produce 500+ "VideoFill" messages, dependent on the progress bar, when the -VERBOSE bit is set in PcdDebugPrintErrorLevel. - -QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose -none of its messages this way. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Paolo Bonzini -(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52) -(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3) -(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0) -(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- - OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- - 3 files changed, 24 insertions(+), 6 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 8093e6f000..8f1cf80fe6 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -746,8 +746,14 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index eca9b4e6db..62d6d6c406 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -755,8 +755,14 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 3ff9a3181e..992b141113 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -753,8 +753,14 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # --- -2.18.1 - diff --git a/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch deleted file mode 100644 index b7d7973..0000000 --- a/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 76b4ac28e975bd63c25db903a1d42c47b38cc756 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 27 Jan 2016 03:05:18 +0100 -Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH - only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add - QemuRamfbDxe", 2018-06-14) - -QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in -commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library -instance") logs many messages on the VERBOSE level; for example, a normal -boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages, -dependent on the progress bar, when the VERBOSE bit is set in -PcdDebugPrintErrorLevel. - -QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose -none of its messages this way. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Danilo C. L. de Paula ---- - ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++- - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index a4cd66b846..aac4094665 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -421,7 +421,10 @@ - # - # Video support - # -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/PlatformDxe/Platform.inf - -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index d2b3f24394..c9a635e80b 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -399,7 +399,10 @@ - # - # Video support - # -- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/PlatformDxe/Platform.inf - --- -2.18.1 - diff --git a/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch new file mode 100644 index 0000000..ed65592 --- /dev/null +++ b/SOURCES/0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -0,0 +1,94 @@ +From 3cb92f9ba18ac79911bd5258ff4f949cc617ae89 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:45 +0100 +Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Message-id: <20171120235748.29669-5-pbonzini@redhat.com> +Patchwork-id: 77760 +O-Subject: [PATCH 4/7] OvmfPkg: enable DEBUG_VERBOSE (RHEL only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +Set the DEBUG_VERBOSE bit (0x00400000) in the log mask. We want detailed +debug messages, and code in OvmfPkg logs many messages on the +DEBUG_VERBOSE level. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117) +(cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9) +(cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76) +(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027) +(cherry picked from commit 7e6d5dc4078c64be6d55d8fc3317c59a91507a50) +--- + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index accf5c0211..759075a815 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -479,7 +479,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 8812da9943..634e20f09c 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -484,7 +484,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 73e1b7824f..bc5a345a37 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -484,7 +484,7 @@ + # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may + # // significantly impact boot performance + # DEBUG_ERROR 0x80000000 // Error +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8040004F + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 +-- +2.18.1 + diff --git a/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch new file mode 100644 index 0000000..ca0d4d0 --- /dev/null +++ b/SOURCES/0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -0,0 +1,141 @@ +From c8c3f893e7c3710afe45c46839e97954871536e4 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:46 +0100 +Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in + QemuVideoDxe/QemuRamfbDxe (RH) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- Due to upstream commit 4b04d9d73604 ("OvmfPkg: Don't build in + QemuVideoDxe when we have CSM", 2019-06-26), the contexts of + "QemuVideoDxe.inf" / "QemuRamfbDxe.inf" have changed in the DSC files. + Resolve the conflict manually. + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14) + introduced another GOP driver that consumes FrameBufferBltLib, and + thereby produces a large number of (mostly useless) debug messages at + the DEBUG_VERBOSE level. Extend the patch to suppress those messages in + both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly. + QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also + the original commit message at the bottom of this downstream patch). + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Message-id: <20171120235748.29669-6-pbonzini@redhat.com> +Patchwork-id: 77761 +O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + QemuVideoDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses +MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to +FrameBufferBltLib. + +The FrameBufferBltLib instance added in commit b1ca386074bd +("MdeModulePkg: Add FrameBufferBltLib library instance") logs many +messages on the VERBOSE level; for example, a normal boot with OVMF can +produce 500+ "VideoFill" messages, dependent on the progress bar, when the +VERBOSE bit is set in PcdDebugPrintErrorLevel. + +QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose +none of its messages this way. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52) +(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3) +(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0) +(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1) +(cherry picked from commit b06b87f8ffd4fed4ef7eacb13689a9b6d111f850) +--- + OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- + 3 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 759075a815..6a07a6af81 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -742,9 +742,15 @@ + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + + !ifndef $(CSM_ENABLE) +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + !endif +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 634e20f09c..c7f52992e9 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -755,9 +755,15 @@ + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + + !ifndef $(CSM_ENABLE) +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + !endif +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index bc5a345a37..594ecb5362 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -753,9 +753,15 @@ + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + + !ifndef $(CSM_ENABLE) +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + !endif +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +-- +2.18.1 + diff --git a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch deleted file mode 100644 index b61d745..0000000 --- a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 58bba429b9ec7b78109940ef945d0dc93f3cd958 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 21 Nov 2017 00:57:47 +0100 -Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH - only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- no change - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Message-id: <20171120235748.29669-7-pbonzini@redhat.com> -Patchwork-id: 77759 -O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - NvmExpressDxe (RH only) -Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek - -NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE -level. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Paolo Bonzini -(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f) -(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4) -(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8) -(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6) -Signed-off-by: Danilo C. L. de Paula ---- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- - OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 8f1cf80fe6..bbf5e38274 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -740,7 +740,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 62d6d6c406..3ec1b916e7 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -749,7 +749,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 992b141113..ea54b4b8e8 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -747,7 +747,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf --- -2.18.1 - diff --git a/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch new file mode 100644 index 0000000..efee09b --- /dev/null +++ b/SOURCES/0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -0,0 +1,85 @@ +From e5b8152bced2364a1ded0926dbba4d65e23e3f84 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 27 Jan 2016 03:05:18 +0100 +Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH + only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- The previous version of this patch (downstream commit 76b4ac28e975) + caused a regression (RHBZ#1714446), which was fixed up in downstream + commit 5a216abaa737 ("ArmVirtPkg: silence DEBUG_VERBOSE masking + ~0x00400000 in QemuRamfbDxe (RH only)", 2019-08-05). + + Squash the fixup into the original patch. Fuse the commit messages. + (Acked-by tags are not preserved, lest we confuse ourselves while + reviewing this rebase.) + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add + QemuRamfbDxe", 2018-06-14) + +QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in +commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library +instance") logs many messages on the VERBOSE level; for example, a normal +boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages, +dependent on the progress bar, when the VERBOSE bit is set in +PcdDebugPrintErrorLevel. + +Clear the VERBOSE bit without touching other bits -- those other bits +differ between the "silent" and "verbose" builds, so we can't set them as +constants. + +QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose +none of its messages, with the VERBOSE bit clear. + +Signed-off-by: Laszlo Ersek +(cherry picked from commit 76b4ac28e975bd63c25db903a1d42c47b38cc756) +Reported-by: Andrew Jones +Suggested-by: Laszlo Ersek +Signed-off-by: Philippe Mathieu-Daude +(cherry picked from commit 5a216abaa737195327235e37563b18a6bf2a74dc) +Signed-off-by: Laszlo Ersek +--- + ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index 08c7a36339..b3dcdd747b 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -422,7 +422,10 @@ + # + # Video support + # +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf + +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index 27e65b7638..008181055a 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -400,7 +400,10 @@ + # + # Video support + # +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf + +-- +2.18.1 + diff --git a/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch new file mode 100644 index 0000000..da55568 --- /dev/null +++ b/SOURCES/0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -0,0 +1,83 @@ +From aa2b66b18a62d652bdbefae7b5732297294306ca Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Thu, 1 Aug 2019 20:43:48 +0200 +Subject: OvmfPkg: QemuRamfbDxe: Do not report DXE failure on Aarch64 silent + builds (RH only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- We have to carry this downstream-only patch -- committed originally as + aaaedc1e2cfd -- indefinitely. + +- To avoid confusion, remove the tags from the commit message that had + been added by the downstream maintainer scripts, such as: Message-id, + Patchwork-id, O-Subject, Acked-by. These remain available on the + original downstream commit. The Bugzilla line is preserved, as it + doesn't relate to a specific posting, but to the problem. + +Bugzilla: 1714446 + +To suppress an error message on the silent build when ramfb is +not configured, change QemuRamfbDxe to return EFI_SUCCESS even +when it fails. +Some memory is wasted (driver stays resident without +any good use), but it is mostly harmless, as the memory +is released by the OS after ExitBootServices(). + +Suggested-by: Laszlo Ersek +Signed-off-by: Philippe Mathieu-Daude +(cherry picked from commit aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++ + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 + + 2 files changed, 15 insertions(+) + +diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c +index 0d49d8bbab..dbf9bcbe16 100644 +--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c ++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -242,6 +243,19 @@ InitializeQemuRamfb ( + + Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize); + if (EFI_ERROR (Status)) { ++#if defined (MDE_CPU_AARCH64) ++ // ++ // RHBZ#1714446 ++ // If no ramfb device was configured, this platform DXE driver should ++ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even ++ // using a silent build, an error message is issued to the guest console. ++ // Since this confuse users, return success and stay resident. The wasted ++ // guest RAM still gets freed later after ExitBootServices(). ++ // ++ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) { ++ return EFI_SUCCESS; ++ } ++#endif + return EFI_NOT_FOUND; + } + if (FwCfgSize != sizeof (RAMFB_CONFIG)) { +diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +index e3890b8c20..6ffee5acb2 100644 +--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +@@ -29,6 +29,7 @@ + BaseLib + BaseMemoryLib + DebugLib ++ DebugPrintErrorLevelLib + DevicePathLib + FrameBufferBltLib + MemoryAllocationLib +-- +2.18.1 + diff --git a/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch new file mode 100644 index 0000000..fd79c90 --- /dev/null +++ b/SOURCES/0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -0,0 +1,104 @@ +From b8d0ebded8c2cf5b266c807519e2d8ccfd66fee6 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:47 +0100 +Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH + only) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- no change + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Message-id: <20171120235748.29669-7-pbonzini@redhat.com> +Patchwork-id: 77759 +O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + NvmExpressDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE +level. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f) +(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4) +(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8) +(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6) +(cherry picked from commit 58bba429b9ec7b78109940ef945d0dc93f3cd958) +--- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 6a07a6af81..1c56e0948a 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -735,7 +735,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index c7f52992e9..29e12c9dff 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -748,7 +748,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 594ecb5362..11fe9f6050 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -746,7 +746,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +-- +2.18.1 + diff --git a/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch b/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch deleted file mode 100644 index 85ce534..0000000 --- a/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch +++ /dev/null @@ -1,59 +0,0 @@ -From d382b66affafe06c7e470e0a2dffbd3634b363f1 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 19 Mar 2019 15:48:34 +0100 -Subject: Downgrade CryptoPkg INF files to OpenSSL 1.1.0i (RH only) - -Notes about the RHEL-8.0/20180508-ee3198e672e2 -> -RHEL-8.1/20190308-89910a39dcfd rebase: - -- new patch, due to upstream commit a18f784cfdbe ("Upgrade OpenSSL to - 1.1.0j", 2018-12-21) - -Upstream commit a18f784cfdbe (see above) advanced the OpenSSL git -submodule from upstream OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h -release", 2018-03-27) to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare -for 1.1.0j release", 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i. - -However, Fedora 28 only offers 1.1.0i at this point (and it will not be -rebased again until 1.1.0k is released). Therefore hunks in the upstream -CryptoPkg commit that relate specifically to 1.1.0j have to be backed out. - -The only such hunks are the "crypto/getenv.c" additions to the INF files. -The related upstream OpenSSL change was commit 1abdf08284af ("Use -secure_getenv(3) when available.", 2018-09-24), part of tag -"OpenSSL_1_1_0j". - -Signed-off-by: Laszlo Ersek -Signed-off-by: Danilo C. L. de Paula ---- - CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 - - 2 files changed, 2 deletions(-) - -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -index 6162d29143..fcb8bfddde 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf -@@ -282,7 +282,6 @@ - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/scrypt.c - $(OPENSSL_PATH)/crypto/ex_data.c -- $(OPENSSL_PATH)/crypto/getenv.c - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c - $(OPENSSL_PATH)/crypto/hmac/hmac.c -diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -index b04bf62b4e..99ff89da0e 100644 ---- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -@@ -282,7 +282,6 @@ - $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c - $(OPENSSL_PATH)/crypto/evp/scrypt.c - $(OPENSSL_PATH)/crypto/ex_data.c -- $(OPENSSL_PATH)/crypto/getenv.c - $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c - $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c - $(OPENSSL_PATH)/crypto/hmac/hmac.c --- -2.18.1 - diff --git a/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch b/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch new file mode 100644 index 0000000..da424bc --- /dev/null +++ b/SOURCES/0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch @@ -0,0 +1,79 @@ +From 57bd3f146590df8757865d8f2cdd1db3cf3f4d40 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Sat, 16 Nov 2019 17:11:27 +0100 +Subject: CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files in the INFs + (RH) + +Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] -> +RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase: + +- new patch + +The downstream changes in RHEL8's OpenSSL package, for example in +"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some +preexistent code into those new files. In order to avoid undefined +references in link editing, we have to list the new files. + +Note: "process_files.pl" is not re-run at this time manually, because + +(a) "process_files.pl" would pollute the file list (and some of the + auto-generated header files) with RHEL8-specific FIPS artifacts, which + are explicitly unwanted in edk2, + +(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set + of files in , + and will help with future changes too. + +Signed-off-by: Laszlo Ersek +--- + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 11 +++++++++++ + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 11 +++++++++++ + 2 files changed, 22 insertions(+) + +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index dd873a0dcd..d1c7602b87 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -598,6 +598,17 @@ + $(OPENSSL_PATH)/ssl/record/record.h + $(OPENSSL_PATH)/ssl/record/record_locl.h + # Autogenerated files list ends here ++# RHEL8-specific OpenSSL file list starts here ++ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c ++ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c ++ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c ++ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h ++ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c ++ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c ++ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c ++ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c ++ $(OPENSSL_PATH)/crypto/kdf/sskdf.c ++# RHEL8-specific OpenSSL file list ends here + + ossl_store.c + rand_pool.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index a1bb560255..0785a421dd 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -546,6 +546,17 @@ + $(OPENSSL_PATH)/crypto/objects/obj_lcl.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h + # Autogenerated files list ends here ++# RHEL8-specific OpenSSL file list starts here ++ $(OPENSSL_PATH)/crypto/evp/kdf_lib.c ++ $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c ++ $(OPENSSL_PATH)/crypto/kdf/kbkdf.c ++ $(OPENSSL_PATH)/crypto/kdf/kdf_local.h ++ $(OPENSSL_PATH)/crypto/kdf/kdf_util.c ++ $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c ++ $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c ++ $(OPENSSL_PATH)/crypto/kdf/sshkdf.c ++ $(OPENSSL_PATH)/crypto/kdf/sskdf.c ++# RHEL8-specific OpenSSL file list ends here + buildinf.h + rand_pool_noise.h + ossl_store.c +-- +2.18.1 + diff --git a/SOURCES/RedHatSecureBootPkKek1.pem b/SOURCES/RedHatSecureBootPkKek1.pem new file mode 100644 index 0000000..d302362 --- /dev/null +++ b/SOURCES/RedHatSecureBootPkKek1.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV +BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG +9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx +MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L +RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw ++d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31 +huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B +bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr +3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x +y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID +AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww +HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD +ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c +3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N +1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol +qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw +NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL +R+SqIs/vdWGA40O3SFdzET14m2k= +-----END CERTIFICATE----- diff --git a/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch b/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch deleted file mode 100644 index 2cef6f5..0000000 --- a/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 11a1c8085b0edccd3a304f704f47ec5d8ee6255d Mon Sep 17 00:00:00 2001 -From: Philippe Mathieu-Daude -Date: Thu, 1 Aug 2019 20:43:49 +0200 -Subject: [PATCH 3/3] ArmPkg: DebugPeCoffExtraActionLib: debugger commands are - not errors - -Message-id: <20190801184349.28512-4-philmd@redhat.com> -Patchwork-id: 89860 -O-Subject: [RHEL-8.1.0 edk2 PATCH v4 3/3] ArmPkg: DebugPeCoffExtraActionLib: - debugger commands are not errors -Bugzilla: 1714446 -Acked-by: Andrew Jones -Acked-by: Laszlo Ersek - -In commit 1fce963d89f3e we reduced the level of information printed -by PeCoffLoaderRelocateImageExtraAction() but we did not update the -similar PeCoffLoaderUnloadImageExtraAction() function. - -PeCoffLoaderUnloadImageExtraAction() prints helpful debugger commands -for source level debugging. These messages should not be printed on the -EFI_D_ERROR level; they don't report errors. Change the debug level -(bitmask, actually) to DEBUG_LOAD | DEBUG_INFO, because the messages are -printed in relation to image loading, and they are informative. - -Cc: Leif Lindholm -Cc: Ard Biesheuvel -Reported-by: Andrew Jones -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daude -Reviewed-by: Laszlo Ersek -Reviewed-by: Leif Lindholm -(cherry picked from commit a6cd7fbac494ed3b2386db1f2a8b1a73f399e940) -Signed-off-by: Philippe Mathieu-Daude ---- - .../Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c -index f298e58..895198f 100644 ---- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c -+++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c -@@ -128,14 +128,14 @@ PeCoffLoaderUnloadImageExtraAction ( - if (ImageContext->PdbPointer) { - #ifdef __CC_ARM - // Print out the command for the RVD debugger to load symbols for this image -- DEBUG ((EFI_D_ERROR, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); -+ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); - #elif __GNUC__ - // This may not work correctly if you generate PE/COFF directlyas then the Offset would not be required -- DEBUG ((EFI_D_ERROR, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); -+ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); - #else -- DEBUG ((EFI_D_ERROR, "Unloading %a\n", ImageContext->PdbPointer)); -+ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Unloading %a\n", ImageContext->PdbPointer)); - #endif - } else { -- DEBUG ((EFI_D_ERROR, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); -+ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); - } - } --- -1.8.3.1 - diff --git a/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch b/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch deleted file mode 100644 index 064bcd2..0000000 --- a/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 5a216abaa737195327235e37563b18a6bf2a74dc Mon Sep 17 00:00:00 2001 -From: Philippe Mathieu-Daude -Date: Thu, 1 Aug 2019 20:43:47 +0200 -Subject: [PATCH 1/3] ArmVirtPkg: silence DEBUG_VERBOSE masking ~0x00400000 in - QemuRamfbDxe (RH only) - -Message-id: <20190801184349.28512-2-philmd@redhat.com> -Patchwork-id: 89859 -O-Subject: [RHEL-8.1.0 edk2 PATCH v4 1/3] ArmVirtPkg: silence DEBUG_VERBOSE - masking ~0x00400000 in QemuRamfbDxe (RH only) -Bugzilla: 1714446 -Acked-by: Andrew Jones -Acked-by: Laszlo Ersek - -Commit 76b4ac28e975 introduced a regression, while trying to only clear -the DEBUG_VERBOSE bit, it also unconditionally sets other bits, normally -kept clear in the "silent" build. - -Fix the macro by masking the cleared bits out. - -Reported-by: Andrew Jones -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daude ---- - ArmVirtPkg/ArmVirtQemu.dsc | 2 +- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index aac4094..a44477f 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -423,7 +423,7 @@ - # - OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { - -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF - } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/PlatformDxe/Platform.inf -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index c9a635e..d28ac52 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -401,7 +401,7 @@ - # - OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { - -- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF - } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - OvmfPkg/PlatformDxe/Platform.inf --- -1.8.3.1 - diff --git a/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch b/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch new file mode 100644 index 0000000..fba10c3 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch @@ -0,0 +1,338 @@ +From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:53 +0100 +Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-6-lersek@redhat.com> +Patchwork-id: 92461 +O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the +edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib, +StdLibPrivateInternalFiles", 2019-04-29). + +We'd like to use the inet_pton() function in CryptoPkg. Resurrect the +"inet_pton.c" file from just before the StdLib removal, as follows: + + $ git show \ + 964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \ + > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c + +The inet_pton() function is only intended for the DXE phase at this time, +therefore only the "BaseCryptLib" instance INF file receives the new file. + +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +Signed-off-by: Laszlo Ersek +Reviewed-by: Jian J Wang +Reviewed-by: Jiaxin Wu +(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3) +--- + CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + + CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++ + CryptoPkg/Library/Include/CrtLibSupport.h | 1 + + 3 files changed, 259 insertions(+) + create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c + +diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +index 8d4988e..b5cfd8b 100644 +--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf ++++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +@@ -58,6 +58,7 @@ + SysCall/CrtWrapper.c + SysCall/TimerWrapper.c + SysCall/BaseMemAllocation.c ++ SysCall/inet_pton.c + + [Sources.Ia32] + Rand/CryptRandTsc.c +diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c +new file mode 100644 +index 0000000..32e1ab8 +--- /dev/null ++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c +@@ -0,0 +1,257 @@ ++/* Copyright (c) 1996 by Internet Software Consortium. ++ * ++ * Permission to use, copy, modify, and distribute this software for any ++ * purpose with or without fee is hereby granted, provided that the above ++ * copyright notice and this permission notice appear in all copies. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS ++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE ++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ * SOFTWARE. ++ */ ++ ++/* ++ * Portions copyright (c) 1999, 2000 ++ * Intel Corporation. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * ++ * This product includes software developed by Intel Corporation and ++ * its contributors. ++ * ++ * 4. Neither the name of Intel Corporation or its contributors may be ++ * used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS'' ++ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE ++ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR ++ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF ++ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS ++ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN ++ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF ++ * THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ */ ++ ++#if defined(LIBC_SCCS) && !defined(lint) ++static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $"; ++#endif /* LIBC_SCCS and not lint */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/* ++ * WARNING: Don't even consider trying to compile this on a system where ++ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. ++ */ ++ ++static int inet_pton4 (const char *src, u_char *dst); ++static int inet_pton6 (const char *src, u_char *dst); ++ ++/* int ++ * inet_pton(af, src, dst) ++ * convert from presentation format (which usually means ASCII printable) ++ * to network format (which is usually some kind of binary format). ++ * return: ++ * 1 if the address was valid for the specified address family ++ * 0 if the address wasn't valid (`dst' is untouched in this case) ++ * -1 if some other error occurred (`dst' is untouched in this case, too) ++ * author: ++ * Paul Vixie, 1996. ++ */ ++int ++inet_pton( ++ int af, ++ const char *src, ++ void *dst ++ ) ++{ ++ switch (af) { ++ case AF_INET: ++ return (inet_pton4(src, dst)); ++ case AF_INET6: ++ return (inet_pton6(src, dst)); ++ default: ++ errno = EAFNOSUPPORT; ++ return (-1); ++ } ++ /* NOTREACHED */ ++} ++ ++/* int ++ * inet_pton4(src, dst) ++ * like inet_aton() but without all the hexadecimal and shorthand. ++ * return: ++ * 1 if `src' is a valid dotted quad, else 0. ++ * notice: ++ * does not touch `dst' unless it's returning 1. ++ * author: ++ * Paul Vixie, 1996. ++ */ ++static int ++inet_pton4( ++ const char *src, ++ u_char *dst ++ ) ++{ ++ static const char digits[] = "0123456789"; ++ int saw_digit, octets, ch; ++ u_char tmp[NS_INADDRSZ], *tp; ++ ++ saw_digit = 0; ++ octets = 0; ++ *(tp = tmp) = 0; ++ while ((ch = *src++) != '\0') { ++ const char *pch; ++ ++ if ((pch = strchr(digits, ch)) != NULL) { ++ u_int new = *tp * 10 + (u_int)(pch - digits); ++ ++ if (new > 255) ++ return (0); ++ *tp = (u_char)new; ++ if (! saw_digit) { ++ if (++octets > 4) ++ return (0); ++ saw_digit = 1; ++ } ++ } else if (ch == '.' && saw_digit) { ++ if (octets == 4) ++ return (0); ++ *++tp = 0; ++ saw_digit = 0; ++ } else ++ return (0); ++ } ++ if (octets < 4) ++ return (0); ++ ++ memcpy(dst, tmp, NS_INADDRSZ); ++ return (1); ++} ++ ++/* int ++ * inet_pton6(src, dst) ++ * convert presentation level address to network order binary form. ++ * return: ++ * 1 if `src' is a valid [RFC1884 2.2] address, else 0. ++ * notice: ++ * (1) does not touch `dst' unless it's returning 1. ++ * (2) :: in a full address is silently ignored. ++ * credit: ++ * inspired by Mark Andrews. ++ * author: ++ * Paul Vixie, 1996. ++ */ ++static int ++inet_pton6( ++ const char *src, ++ u_char *dst ++ ) ++{ ++ static const char xdigits_l[] = "0123456789abcdef", ++ xdigits_u[] = "0123456789ABCDEF"; ++ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; ++ const char *xdigits, *curtok; ++ int ch, saw_xdigit; ++ u_int val; ++ ++ memset((tp = tmp), '\0', NS_IN6ADDRSZ); ++ endp = tp + NS_IN6ADDRSZ; ++ colonp = NULL; ++ /* Leading :: requires some special handling. */ ++ if (*src == ':') ++ if (*++src != ':') ++ return (0); ++ curtok = src; ++ saw_xdigit = 0; ++ val = 0; ++ while ((ch = *src++) != '\0') { ++ const char *pch; ++ ++ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) ++ pch = strchr((xdigits = xdigits_u), ch); ++ if (pch != NULL) { ++ val <<= 4; ++ val |= (pch - xdigits); ++ if (val > 0xffff) ++ return (0); ++ saw_xdigit = 1; ++ continue; ++ } ++ if (ch == ':') { ++ curtok = src; ++ if (!saw_xdigit) { ++ if (colonp) ++ return (0); ++ colonp = tp; ++ continue; ++ } ++ if (tp + NS_INT16SZ > endp) ++ return (0); ++ *tp++ = (u_char) (val >> 8) & 0xff; ++ *tp++ = (u_char) val & 0xff; ++ saw_xdigit = 0; ++ val = 0; ++ continue; ++ } ++ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && ++ inet_pton4(curtok, tp) > 0) { ++ tp += NS_INADDRSZ; ++ saw_xdigit = 0; ++ break; /* '\0' was seen by inet_pton4(). */ ++ } ++ return (0); ++ } ++ if (saw_xdigit) { ++ if (tp + NS_INT16SZ > endp) ++ return (0); ++ *tp++ = (u_char) (val >> 8) & 0xff; ++ *tp++ = (u_char) val & 0xff; ++ } ++ if (colonp != NULL) { ++ /* ++ * Since some memmove()'s erroneously fail to handle ++ * overlapping regions, we'll do the shift by hand. ++ */ ++ const int n = (int)(tp - colonp); ++ int i; ++ ++ for (i = 1; i <= n; i++) { ++ endp[- i] = colonp[n - i]; ++ colonp[n - i] = 0; ++ } ++ tp = endp; ++ } ++ if (tp != endp) ++ return (0); ++ memcpy(dst, tmp, NS_IN6ADDRSZ); ++ return (1); ++} +diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h +index e603fad..5a20ba6 100644 +--- a/CryptoPkg/Library/Include/CrtLibSupport.h ++++ b/CryptoPkg/Library/Include/CrtLibSupport.h +@@ -192,6 +192,7 @@ void abort (void) __attribute__((__noreturn__)); + #else + void abort (void); + #endif ++int inet_pton (int, const char *, void *); + + // + // Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions +-- +1.8.3.1 + diff --git a/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch b/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch new file mode 100644 index 0000000..e38a454 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch @@ -0,0 +1,188 @@ +From 1ab1024f94401300fe9a1d5cdce6c15a2b091e02 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:50 +0100 +Subject: [PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies + (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-5-lersek@redhat.com> +Patchwork-id: 92453 +O-Subject: [RHEL-8.2.0 edk2 PATCH 4/9] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +In a later patch in this series, we're going to resurrect "inet_pton.c" +(originally from the StdLib package). That source file has a number of +standard C and BSD socket dependencies. Provide those dependencies here: + +- The header files below will simply #include : + + - arpa/inet.h + - arpa/nameser.h + - netinet/in.h + - sys/param.h + - sys/socket.h + +- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit + e2d3a25f1a31; which is the commit immediately preceding the removal of + StdLib from edk2 (964f432b9b0a). + + Note that the other error macro, which we alread #define, namely EINVAL, + has a value (22) that also matches "StdLib/Include/errno.h". + +- The AF_INET and AF_INET6 address family macros come from + "StdLib/Include/sys/socket.h". + +- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from + "StdLib/Include/arpa/nameser.h". + +- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h". + +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +Signed-off-by: Laszlo Ersek +Reviewed-by: Jian J Wang +Reviewed-by: Jiaxin Wu +(cherry picked from commit 2ac41c12c0d4b3d3ee8f905ab80da019e784de00) +--- + CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++ + CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++ + CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++ + CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++ + CryptoPkg/Library/Include/sys/param.h | 9 +++++++++ + CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++ + 6 files changed, 61 insertions(+) + create mode 100644 CryptoPkg/Library/Include/arpa/inet.h + create mode 100644 CryptoPkg/Library/Include/arpa/nameser.h + create mode 100644 CryptoPkg/Library/Include/netinet/in.h + create mode 100644 CryptoPkg/Library/Include/sys/param.h + create mode 100644 CryptoPkg/Library/Include/sys/socket.h + +diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h +index b90da20..e603fad 100644 +--- a/CryptoPkg/Library/Include/CrtLibSupport.h ++++ b/CryptoPkg/Library/Include/CrtLibSupport.h +@@ -74,6 +74,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + // Definitions for global constants used by CRT library routines + // + #define EINVAL 22 /* Invalid argument */ ++#define EAFNOSUPPORT 47 /* Address family not supported by protocol family */ + #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ + #define LONG_MAX 0X7FFFFFFFL /* max value for a long */ + #define LONG_MIN (-LONG_MAX-1) /* min value for a long */ +@@ -81,13 +82,28 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + #define CHAR_BIT 8 /* Number of bits in a char */ + + // ++// Address families. ++// ++#define AF_INET 2 /* internetwork: UDP, TCP, etc. */ ++#define AF_INET6 24 /* IP version 6 */ ++ ++// ++// Define constants based on RFC0883, RFC1034, RFC 1035 ++// ++#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */ ++#define NS_INADDRSZ 4 /*%< IPv4 T_A */ ++#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ ++ ++// + // Basic types mapping + // + typedef UINTN size_t; ++typedef UINTN u_int; + typedef INTN ssize_t; + typedef INT32 time_t; + typedef UINT8 __uint8_t; + typedef UINT8 sa_family_t; ++typedef UINT8 u_char; + typedef UINT32 uid_t; + typedef UINT32 gid_t; + +diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h +new file mode 100644 +index 0000000..988e4e0 +--- /dev/null ++++ b/CryptoPkg/Library/Include/arpa/inet.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building third-party standard C / BSD sockets code. ++ ++ Copyright (C) 2019, Red Hat, Inc. ++ ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h +new file mode 100644 +index 0000000..988e4e0 +--- /dev/null ++++ b/CryptoPkg/Library/Include/arpa/nameser.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building third-party standard C / BSD sockets code. ++ ++ Copyright (C) 2019, Red Hat, Inc. ++ ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h +new file mode 100644 +index 0000000..988e4e0 +--- /dev/null ++++ b/CryptoPkg/Library/Include/netinet/in.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building third-party standard C / BSD sockets code. ++ ++ Copyright (C) 2019, Red Hat, Inc. ++ ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h +new file mode 100644 +index 0000000..988e4e0 +--- /dev/null ++++ b/CryptoPkg/Library/Include/sys/param.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building third-party standard C / BSD sockets code. ++ ++ Copyright (C) 2019, Red Hat, Inc. ++ ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include +diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h +new file mode 100644 +index 0000000..988e4e0 +--- /dev/null ++++ b/CryptoPkg/Library/Include/sys/socket.h +@@ -0,0 +1,9 @@ ++/** @file ++ Include file to support building third-party standard C / BSD sockets code. ++ ++ Copyright (C) 2019, Red Hat, Inc. ++ ++ SPDX-License-Identifier: BSD-2-Clause-Patent ++**/ ++ ++#include +-- +1.8.3.1 + diff --git a/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch b/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch new file mode 100644 index 0000000..3f4fd02 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch @@ -0,0 +1,86 @@ +From 697cb1880b624f83bc9e926c3614d070eb365f06 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:47 +0100 +Subject: [PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function + (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-4-lersek@redhat.com> +Patchwork-id: 92458 +O-Subject: [RHEL-8.2.0 edk2 PATCH 3/9] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +According to the ISO C standard, strchr() is a function. We #define it as +a macro. Unfortunately, our macro evaluates the first argument ("str") +twice. If the expression passed for "str" has side effects, the behavior +may be undefined. + +In a later patch in this series, we're going to resurrect "inet_pton.c" +(originally from the StdLib package), which calls strchr() just like that: + + strchr((xdigits = xdigits_l), ch) + strchr((xdigits = xdigits_u), ch) + +To enable this kind of function call, turn strchr() into a function. + +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Reviewed-by: Jian J Wang +Reviewed-by: Jiaxin Wu +(cherry picked from commit eb520d94dba7369d1886cd5522d5a2c36fb02209) +--- + CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c | 5 +++++ + CryptoPkg/Library/Include/CrtLibSupport.h | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +index 71a2ef3..42235ab 100644 +--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c ++++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c +@@ -115,6 +115,11 @@ QuickSortWorker ( + // -- String Manipulation Routines -- + // + ++char *strchr(const char *str, int ch) ++{ ++ return ScanMem8 (str, AsciiStrSize (str), (UINT8)ch); ++} ++ + /* Scan a string for the last occurrence of a character */ + char *strrchr (const char *str, int c) + { +diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h +index 5806f50..b90da20 100644 +--- a/CryptoPkg/Library/Include/CrtLibSupport.h ++++ b/CryptoPkg/Library/Include/CrtLibSupport.h +@@ -147,6 +147,7 @@ int isupper (int); + int tolower (int); + int strcmp (const char *, const char *); + int strncasecmp (const char *, const char *, size_t); ++char *strchr (const char *, int); + char *strrchr (const char *, int); + unsigned long strtoul (const char *, char **, int); + long strtol (const char *, char **, int); +@@ -188,7 +189,6 @@ void abort (void); + #define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource) + #define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count) + #define strcat(strDest,strSource) AsciiStrCatS(strDest,MAX_STRING_SIZE,strSource) +-#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch) + #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) + #define strcasecmp(str1,str2) (int)AsciiStriCmp(str1,str2) + #define sprintf(buf,...) AsciiSPrint(buf,MAX_STRING_SIZE,__VA_ARGS__) +-- +1.8.3.1 + diff --git a/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch b/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch new file mode 100644 index 0000000..bdaff30 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch @@ -0,0 +1,134 @@ +From 3885ce313d1d06359aa76b085668c1391d8a5f50 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:43 +0100 +Subject: [PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" + (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-3-lersek@redhat.com> +Patchwork-id: 92460 +O-Subject: [RHEL-8.2.0 edk2 PATCH 2/9] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +From: "Wu, Jiaxin" + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +In the patch, we add the new API "TlsSetVerifyHost" for the TLS +protocol to set the specified host name that need to be verified. + +Signed-off-by: Wu Jiaxin +Reviewed-by: Ye Ting +Reviewed-by: Long Qin +Reviewed-by: Fu Siyuan +Acked-by: Laszlo Ersek +Message-Id: <20190927034441.3096-3-Jiaxin.wu@intel.com> +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Reviewed-by: Jian J Wang +(cherry picked from commit 2ca74e1a175232cc201798e27437700adc7fb07e) +--- + CryptoPkg/Include/Library/TlsLib.h | 20 +++++++++++++++++++ + CryptoPkg/Library/TlsLib/TlsConfig.c | 38 +++++++++++++++++++++++++++++++++++- + 2 files changed, 57 insertions(+), 1 deletion(-) + +diff --git a/CryptoPkg/Include/Library/TlsLib.h b/CryptoPkg/Include/Library/TlsLib.h +index 9875cb6..3af7d4b 100644 +--- a/CryptoPkg/Include/Library/TlsLib.h ++++ b/CryptoPkg/Include/Library/TlsLib.h +@@ -397,6 +397,26 @@ TlsSetVerify ( + ); + + /** ++ Set the specified host name to be verified. ++ ++ @param[in] Tls Pointer to the TLS object. ++ @param[in] Flags The setting flags during the validation. ++ @param[in] HostName The specified host name to be verified. ++ ++ @retval EFI_SUCCESS The HostName setting was set successfully. ++ @retval EFI_INVALID_PARAMETER The parameter is invalid. ++ @retval EFI_ABORTED Invalid HostName setting. ++ ++**/ ++EFI_STATUS ++EFIAPI ++TlsSetVerifyHost ( ++ IN VOID *Tls, ++ IN UINT32 Flags, ++ IN CHAR8 *HostName ++ ); ++ ++/** + Sets a TLS/SSL session ID to be used during TLS/SSL connect. + + This function sets a session ID to be used when the TLS/SSL connection is +diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c +index 74b577d..2bf5aee 100644 +--- a/CryptoPkg/Library/TlsLib/TlsConfig.c ++++ b/CryptoPkg/Library/TlsLib/TlsConfig.c +@@ -1,7 +1,7 @@ + /** @file + SSL/TLS Configuration Library Wrapper Implementation over OpenSSL. + +-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+ (C) Copyright 2016 Hewlett Packard Enterprise Development LP
+ SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -498,6 +498,42 @@ TlsSetVerify ( + } + + /** ++ Set the specified host name to be verified. ++ ++ @param[in] Tls Pointer to the TLS object. ++ @param[in] Flags The setting flags during the validation. ++ @param[in] HostName The specified host name to be verified. ++ ++ @retval EFI_SUCCESS The HostName setting was set successfully. ++ @retval EFI_INVALID_PARAMETER The parameter is invalid. ++ @retval EFI_ABORTED Invalid HostName setting. ++ ++**/ ++EFI_STATUS ++EFIAPI ++TlsSetVerifyHost ( ++ IN VOID *Tls, ++ IN UINT32 Flags, ++ IN CHAR8 *HostName ++ ) ++{ ++ TLS_CONNECTION *TlsConn; ++ ++ TlsConn = (TLS_CONNECTION *) Tls; ++ if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) { ++ return EFI_INVALID_PARAMETER; ++ } ++ ++ SSL_set_hostflags(TlsConn->Ssl, Flags); ++ ++ if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) { ++ return EFI_ABORTED; ++ } ++ ++ return EFI_SUCCESS; ++} ++ ++/** + Sets a TLS/SSL session ID to be used during TLS/SSL connect. + + This function sets a session ID to be used when the TLS/SSL connection is +-- +1.8.3.1 + diff --git a/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch b/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch new file mode 100644 index 0000000..e9fae52 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch @@ -0,0 +1,100 @@ +From 970b5f67512e00fb26765a14b4a1cb8a8a04276d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:57 +0100 +Subject: [PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address + literals as such (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-7-lersek@redhat.com> +Patchwork-id: 92452 +O-Subject: [RHEL-8.2.0 edk2 PATCH 6/9] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +Using the inet_pton() function that we imported in the previous patches, +recognize if "HostName" is an IP address literal, and then parse it into +binary representation. Passing the latter to OpenSSL for server +certificate validation is important, per RFC-2818 +: + +> In some cases, the URI is specified as an IP address rather than a +> hostname. In this case, the iPAddress subjectAltName must be present in +> the certificate and must exactly match the IP in the URI. + +Note: we cannot use X509_VERIFY_PARAM_set1_ip_asc() because in the OpenSSL +version that is currently consumed by edk2, said function depends on +sscanf() for parsing IPv4 literals. In +"CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c", we only provide an +empty -- always failing -- stub for sscanf(), however. + +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +Suggested-by: David Woodhouse +Signed-off-by: Laszlo Ersek +Acked-by: Jian J Wang +Reviewed-by: Jiaxin Wu +(cherry picked from commit 1e72b1fb2ec597caedb5170079bb213f6d67f32a) +--- + CryptoPkg/Library/TlsLib/TlsConfig.c | 28 ++++++++++++++++++++++++---- + 1 file changed, 24 insertions(+), 4 deletions(-) + +diff --git a/CryptoPkg/Library/TlsLib/TlsConfig.c b/CryptoPkg/Library/TlsLib/TlsConfig.c +index 2bf5aee..307eb57 100644 +--- a/CryptoPkg/Library/TlsLib/TlsConfig.c ++++ b/CryptoPkg/Library/TlsLib/TlsConfig.c +@@ -517,7 +517,11 @@ TlsSetVerifyHost ( + IN CHAR8 *HostName + ) + { +- TLS_CONNECTION *TlsConn; ++ TLS_CONNECTION *TlsConn; ++ X509_VERIFY_PARAM *VerifyParam; ++ UINTN BinaryAddressSize; ++ UINT8 BinaryAddress[MAX (NS_INADDRSZ, NS_IN6ADDRSZ)]; ++ INTN ParamStatus; + + TlsConn = (TLS_CONNECTION *) Tls; + if (TlsConn == NULL || TlsConn->Ssl == NULL || HostName == NULL) { +@@ -526,11 +530,27 @@ TlsSetVerifyHost ( + + SSL_set_hostflags(TlsConn->Ssl, Flags); + +- if (SSL_set1_host(TlsConn->Ssl, HostName) == 0) { +- return EFI_ABORTED; ++ VerifyParam = SSL_get0_param (TlsConn->Ssl); ++ ASSERT (VerifyParam != NULL); ++ ++ BinaryAddressSize = 0; ++ if (inet_pton (AF_INET6, HostName, BinaryAddress) == 1) { ++ BinaryAddressSize = NS_IN6ADDRSZ; ++ } else if (inet_pton (AF_INET, HostName, BinaryAddress) == 1) { ++ BinaryAddressSize = NS_INADDRSZ; + } + +- return EFI_SUCCESS; ++ if (BinaryAddressSize > 0) { ++ DEBUG ((DEBUG_VERBOSE, "%a:%a: parsed \"%a\" as an IPv%c address " ++ "literal\n", gEfiCallerBaseName, __FUNCTION__, HostName, ++ (UINTN)((BinaryAddressSize == NS_IN6ADDRSZ) ? '6' : '4'))); ++ ParamStatus = X509_VERIFY_PARAM_set1_ip (VerifyParam, BinaryAddress, ++ BinaryAddressSize); ++ } else { ++ ParamStatus = X509_VERIFY_PARAM_set1_host (VerifyParam, HostName, 0); ++ } ++ ++ return (ParamStatus == 1) ? EFI_SUCCESS : EFI_ABORTED; + } + + /** +-- +1.8.3.1 + diff --git a/SOURCES/edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch b/SOURCES/edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch new file mode 100644 index 0000000..a635f82 --- /dev/null +++ b/SOURCES/edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch @@ -0,0 +1,148 @@ +From 4ef57a1e6b9411e785e00e8874bd5c67235e9134 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 11 Feb 2020 17:01:59 +0100 +Subject: [PATCH 1/2] MdeModulePkg: Enable/Disable S3BootScript dynamically. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200211170200.12389-2-lersek@redhat.com> +Patchwork-id: 93776 +O-Subject: [RHEL-8.2.0 edk2 PATCH 1/2] MdeModulePkg: Enable/Disable S3BootScript dynamically. +Bugzilla: 1801274 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Philippe Mathieu-Daudé + +From: Chasel Chiu + +--v-- RHEL8 note start --v-- + +This patch is cherry-picked from upstream as a contextual (not semantic / +functional) pre-requisite for the next patch. + +Functionally, this patch makes no difference in OVMF, for two reasons: + +- Downstream, we don't enable S3 anyway (per QEMU default). + +- The S3-related modules that are built into OVMF (S3SaveStateDxe, + BootScriptExecutorDxe) already consider PcdAcpiS3Enable, and exit their + entry point functions with EFI_UNSUPPORTED when the PCD is FALSE. As a + consequence, the DESTRUCTOR function of the PiDxeS3BootScriptLib library + instance (which is linked into those binaries) will undo whatever the + CONSTRUCTOR function did; no resources will be leaked. + + https://edk2.groups.io/g/devel/message/47996 + http://mid.mail-archive.com/e43e3f56-d2db-7989-b6f1-03e1c810d908@redhat.com + +--^-- RHEL8 note end --^-- + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2212 + +In binary model the same binary may have to support both +S3 enabled and disabled scenarios, however not all DXE +drivers linking PiDxeS3BootScriptLib can return error to +invoke library DESTRUCTOR for releasing resource. + +To support this usage model below PCD is used to skip +S3BootScript functions when PCD set to FALSE: + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable + +Test: Verified on internal platform and S3BootScript + functions can be skipped by PCD during boot time. + +Cc: Hao A Wu +Cc: Eric Dong +Cc: Nate DeSimone +Cc: Liming Gao +Cc: Laszlo Ersek +Signed-off-by: Chasel Chiu +Reviewed-by: Nate DeSimone +Reviewed-by: Eric Dong +Acked-by: Laszlo Ersek +(cherry picked from commit ed9db1b91ceba7d3a24743d4d9314c6fbe11c4b3) +Signed-off-by: Laszlo Ersek +Signed-off-by: Miroslav Rezanina +--- + .../Library/PiDxeS3BootScriptLib/BootScriptSave.c | 17 ++++++++++++++++- + .../Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf | 4 ++-- + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +index c116727..9106e7d 100644 +--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c ++++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +@@ -1,7 +1,7 @@ + /** @file + Save the S3 data to S3 boot script. + +- Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
++ Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -124,6 +124,7 @@ VOID *mRegistrationSmmReadyToLock = NULL; + BOOLEAN mS3BootScriptTableAllocated = FALSE; + BOOLEAN mS3BootScriptTableSmmAllocated = FALSE; + EFI_SMM_SYSTEM_TABLE2 *mBootScriptSmst = NULL; ++BOOLEAN mAcpiS3Enable = TRUE; + + /** + This is an internal function to add a terminate node the entry, recalculate the table +@@ -436,6 +437,12 @@ S3BootScriptLibInitialize ( + BOOLEAN InSmm; + EFI_PHYSICAL_ADDRESS Buffer; + ++ if (!PcdGetBool (PcdAcpiS3Enable)) { ++ mAcpiS3Enable = FALSE; ++ DEBUG ((DEBUG_INFO, "%a: Skip S3BootScript because ACPI S3 disabled.\n", gEfiCallerBaseName)); ++ return RETURN_SUCCESS; ++ } ++ + S3TablePtr = (SCRIPT_TABLE_PRIVATE_DATA*)(UINTN)PcdGet64(PcdS3BootScriptTablePrivateDataPtr); + // + // The Boot script private data is not be initialized. create it +@@ -562,6 +569,10 @@ S3BootScriptLibDeinitialize ( + { + EFI_STATUS Status; + ++ if (!mAcpiS3Enable) { ++ return RETURN_SUCCESS; ++ } ++ + DEBUG ((EFI_D_INFO, "%a() in %a module\n", __FUNCTION__, gEfiCallerBaseName)); + + if (mEventDxeSmmReadyToLock != NULL) { +@@ -810,6 +821,10 @@ S3BootScriptGetEntryAddAddress ( + { + UINT8* NewEntryPtr; + ++ if (!mAcpiS3Enable) { ++ return NULL; ++ } ++ + if (mS3BootScriptTablePtr->SmmLocked) { + // + // We need check InSmm, because after SmmReadyToLock, only SMM driver is allowed to write boot script. +diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf +index 517ea69..2b894c9 100644 +--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf ++++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf +@@ -1,7 +1,7 @@ + ## @file + # DXE S3 boot script Library. + # +-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.
++# Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
+ # + # SPDX-License-Identifier: BSD-2-Clause-Patent + # +@@ -65,4 +65,4 @@ + ## SOMETIMES_PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdS3BootScriptTablePrivateSmmDataPtr + gEfiMdeModulePkgTokenSpaceGuid.PcdS3BootScriptRuntimeTableReservePageNumber ## CONSUMES +- ++ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiS3Enable ## CONSUMES +-- +1.8.3.1 + diff --git a/SOURCES/edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch b/SOURCES/edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch new file mode 100644 index 0000000..4899f97 --- /dev/null +++ b/SOURCES/edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch @@ -0,0 +1,182 @@ +From 51d2956d480fef83f765013c8aec7f7ddc14b84d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 11 Feb 2020 17:02:00 +0100 +Subject: [PATCH 2/2] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric + truncation (CVE-2019-14563) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200211170200.12389-3-lersek@redhat.com> +Patchwork-id: 93777 +O-Subject: [RHEL-8.2.0 edk2 PATCH 2/2] MdeModulePkg/PiDxeS3BootScriptLib: Fix potential numeric truncation (CVE-2019-14563) +Bugzilla: 1801274 +RH-Acked-by: Paolo Bonzini +RH-Acked-by: Philippe Mathieu-Daudé + +From: Hao A Wu + +REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2001 + +For S3BootScriptLib APIs: + +S3BootScriptSaveIoWrite +S3BootScriptSaveMemWrite +S3BootScriptSavePciCfgWrite +S3BootScriptSavePciCfg2Write +S3BootScriptSaveSmbusExecute +S3BootScriptSaveInformation +S3BootScriptSaveInformationAsciiString +S3BootScriptLabel (happen in S3BootScriptLabelInternal()) + +possible numeric truncations will happen that may lead to S3 boot script +entry with improper size being returned to store the boot script data. +This commit will add checks to prevent this kind of issue. + +Please note that the remaining S3BootScriptLib APIs: + +S3BootScriptSaveIoReadWrite +S3BootScriptSaveMemReadWrite +S3BootScriptSavePciCfgReadWrite +S3BootScriptSavePciCfg2ReadWrite +S3BootScriptSaveStall +S3BootScriptSaveDispatch2 +S3BootScriptSaveDispatch +S3BootScriptSaveMemPoll +S3BootScriptSaveIoPoll +S3BootScriptSavePciPoll +S3BootScriptSavePci2Poll +S3BootScriptCloseTable +S3BootScriptExecute +S3BootScriptMoveLastOpcode +S3BootScriptCompare + +are not affected by such numeric truncation. + +Signed-off-by: Hao A Wu +Reviewed-by: Laszlo Ersek +Reviewed-by: Eric Dong +Acked-by: Jian J Wang +(cherry picked from commit 322ac05f8bbc1bce066af1dabd1b70ccdbe28891) +Signed-off-by: Laszlo Ersek +Signed-off-by: Miroslav Rezanina +--- + .../Library/PiDxeS3BootScriptLib/BootScriptSave.c | 52 +++++++++++++++++++++- + 1 file changed, 51 insertions(+), 1 deletion(-) + +diff --git a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +index 9106e7d..9315fc9 100644 +--- a/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c ++++ b/MdeModulePkg/Library/PiDxeS3BootScriptLib/BootScriptSave.c +@@ -1,7 +1,7 @@ + /** @file + Save the S3 data to S3 boot script. + +- Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
++ Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -1006,6 +1006,14 @@ S3BootScriptSaveIoWrite ( + EFI_BOOT_SCRIPT_IO_WRITE ScriptIoWrite; + + WidthInByte = (UINT8) (0x01 << (Width & 0x03)); ++ ++ // ++ // Truncation check ++ // ++ if ((Count > MAX_UINT8) || ++ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_IO_WRITE))) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_IO_WRITE) + (WidthInByte * Count)); + + Script = S3BootScriptGetEntryAddAddress (Length); +@@ -1102,6 +1110,14 @@ S3BootScriptSaveMemWrite ( + EFI_BOOT_SCRIPT_MEM_WRITE ScriptMemWrite; + + WidthInByte = (UINT8) (0x01 << (Width & 0x03)); ++ ++ // ++ // Truncation check ++ // ++ if ((Count > MAX_UINT8) || ++ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_MEM_WRITE))) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_MEM_WRITE) + (WidthInByte * Count)); + + Script = S3BootScriptGetEntryAddAddress (Length); +@@ -1206,6 +1222,14 @@ S3BootScriptSavePciCfgWrite ( + } + + WidthInByte = (UINT8) (0x01 << (Width & 0x03)); ++ ++ // ++ // Truncation check ++ // ++ if ((Count > MAX_UINT8) || ++ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE))) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG_WRITE) + (WidthInByte * Count)); + + Script = S3BootScriptGetEntryAddAddress (Length); +@@ -1324,6 +1348,14 @@ S3BootScriptSavePciCfg2Write ( + } + + WidthInByte = (UINT8) (0x01 << (Width & 0x03)); ++ ++ // ++ // Truncation check ++ // ++ if ((Count > MAX_UINT8) || ++ (WidthInByte * Count > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE))) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_PCI_CONFIG2_WRITE) + (WidthInByte * Count)); + + Script = S3BootScriptGetEntryAddAddress (Length); +@@ -1549,6 +1581,12 @@ S3BootScriptSaveSmbusExecute ( + return Status; + } + ++ // ++ // Truncation check ++ // ++ if (BufferLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE)) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + DataSize = (UINT8)(sizeof (EFI_BOOT_SCRIPT_SMBUS_EXECUTE) + BufferLength); + + Script = S3BootScriptGetEntryAddAddress (DataSize); +@@ -1736,6 +1774,12 @@ S3BootScriptSaveInformation ( + UINT8 *Script; + EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; + ++ // ++ // Truncation check ++ // ++ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength); + + Script = S3BootScriptGetEntryAddAddress (Length); +@@ -2195,6 +2239,12 @@ S3BootScriptLabelInternal ( + UINT8 *Script; + EFI_BOOT_SCRIPT_INFORMATION ScriptInformation; + ++ // ++ // Truncation check ++ // ++ if (InformationLength > MAX_UINT8 - sizeof (EFI_BOOT_SCRIPT_INFORMATION)) { ++ return RETURN_OUT_OF_RESOURCES; ++ } + Length = (UINT8)(sizeof (EFI_BOOT_SCRIPT_INFORMATION) + InformationLength); + + Script = S3BootScriptGetEntryAddAddress (Length); +-- +1.8.3.1 + diff --git a/SOURCES/edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch b/SOURCES/edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch new file mode 100644 index 0000000..92bb1d4 --- /dev/null +++ b/SOURCES/edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch @@ -0,0 +1,101 @@ +From e57f49101a66663a4f5425995e9ea97ae0858e1b Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 14 Jan 2020 12:39:05 +0100 +Subject: [PATCH 1/2] MdeModulePkg/UefiBootManagerLib: log reserved mem + allocation failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200114123906.8547-2-lersek@redhat.com> +Patchwork-id: 93339 +O-Subject: [RHEL-8.2.0 edk2 PATCH 1/2] MdeModulePkg/UefiBootManagerLib: log reserved mem allocation failure +Bugzilla: 1789797 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Philippe Mathieu-Daudé + +The LoadFile protocol can report such a large buffer size that we cannot +allocate enough reserved pages for. This particularly affects HTTP(S) +Boot, if the remote file is very large (for example, an ISO image). + +While the TianoCore wiki mentions this at +: + +> The maximum RAM disk image size depends on how much continuous reserved +> memory block the platform could provide. + +it's hard to remember; so log a DEBUG_ERROR message when the allocation +fails. + +This patch produces error messages such as: + +> UiApp:BmExpandLoadFile: failed to allocate reserved pages: +> BufferSize=4501536768 +> LoadFile="PciRoot(0x0)/Pci(0x3,0x0)/MAC(5254001B103E,0x1)/ +> IPv4(0.0.0.0,TCP,DHCP,192.168.124.106,192.168.124.1,255.255.255.0)/ +> Dns(192.168.124.1)/ +> Uri(https://ipv4-server/RHEL-7.7-20190723.1-Server-x86_64-dvd1.iso)" +> FilePath="" + +(Manually rewrapped here for keeping PatchCheck.py happy.) + +Cc: Hao A Wu +Cc: Jian J Wang +Cc: Ray Ni +Cc: Zhichao Gao +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Reviewed-by: Siyuan Fu +Acked-by: Hao A Wu +(cherry picked from commit a56af23f066e2816c67b7c6e64de7ddefcd70780) +Signed-off-by: Miroslav Rezanina +--- + MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c | 31 ++++++++++++++++++++++++ + 1 file changed, 31 insertions(+) + +diff --git a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +index 952033f..ded9ae9 100644 +--- a/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c ++++ b/MdeModulePkg/Library/UefiBootManagerLib/BmBoot.c +@@ -1386,6 +1386,37 @@ BmExpandLoadFile ( + // + FileBuffer = AllocateReservedPages (EFI_SIZE_TO_PAGES (BufferSize)); + if (FileBuffer == NULL) { ++ DEBUG_CODE ( ++ EFI_DEVICE_PATH *LoadFilePath; ++ CHAR16 *LoadFileText; ++ CHAR16 *FileText; ++ ++ LoadFilePath = DevicePathFromHandle (LoadFileHandle); ++ if (LoadFilePath == NULL) { ++ LoadFileText = NULL; ++ } else { ++ LoadFileText = ConvertDevicePathToText (LoadFilePath, FALSE, FALSE); ++ } ++ FileText = ConvertDevicePathToText (FilePath, FALSE, FALSE); ++ ++ DEBUG (( ++ DEBUG_ERROR, ++ "%a:%a: failed to allocate reserved pages: " ++ "BufferSize=%Lu LoadFile=\"%s\" FilePath=\"%s\"\n", ++ gEfiCallerBaseName, ++ __FUNCTION__, ++ (UINT64)BufferSize, ++ LoadFileText, ++ FileText ++ )); ++ ++ if (FileText != NULL) { ++ FreePool (FileText); ++ } ++ if (LoadFileText != NULL) { ++ FreePool (LoadFileText); ++ } ++ ); + return NULL; + } + +-- +1.8.3.1 + diff --git a/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch b/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch new file mode 100644 index 0000000..f1b88d3 --- /dev/null +++ b/SOURCES/edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch @@ -0,0 +1,156 @@ +From 22ebe3ff84003e9256759e230ac68da35c6d77a2 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:31:37 +0100 +Subject: [PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of + EfiTlsVerifyHost (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-2-lersek@redhat.com> +Patchwork-id: 92457 +O-Subject: [RHEL-8.2.0 edk2 PATCH 1/9] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +From: "Wu, Jiaxin" + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +In the patch, we add the new data type named "EfiTlsVerifyHost" and +the EFI_TLS_VERIFY_HOST_FLAG for the TLS protocol consumer (HTTP) +to enable the host name check so as to avoid the potential +Man-In-The-Middle attack. + +Signed-off-by: Wu Jiaxin +Reviewed-by: Ye Ting +Reviewed-by: Long Qin +Reviewed-by: Fu Siyuan +Acked-by: Laszlo Ersek +Message-Id: <20190927034441.3096-2-Jiaxin.wu@intel.com> +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Signed-off-by: Laszlo Ersek +Reviewed-by: Liming Gao +(cherry picked from commit 31efec82796cb950e99d1622aa9c0eb8380613a0) +--- + MdePkg/Include/Protocol/Tls.h | 68 ++++++++++++++++++++++++++++++++++++------- + 1 file changed, 57 insertions(+), 11 deletions(-) + +diff --git a/MdePkg/Include/Protocol/Tls.h b/MdePkg/Include/Protocol/Tls.h +index bf1b672..af524ae 100644 +--- a/MdePkg/Include/Protocol/Tls.h ++++ b/MdePkg/Include/Protocol/Tls.h +@@ -42,10 +42,6 @@ typedef struct _EFI_TLS_PROTOCOL EFI_TLS_PROTOCOL; + /// + typedef enum { + /// +- /// Session Configuration +- /// +- +- /// + /// TLS session Version. The corresponding Data is of type EFI_TLS_VERSION. + /// + EfiTlsVersion, +@@ -86,11 +82,6 @@ typedef enum { + /// The corresponding Data is of type EFI_TLS_SESSION_STATE. + /// + EfiTlsSessionState, +- +- /// +- /// Session information +- /// +- + /// + /// TLS session data client random. + /// The corresponding Data is of type EFI_TLS_RANDOM. +@@ -106,9 +97,15 @@ typedef enum { + /// The corresponding Data is of type EFI_TLS_MASTER_SECRET. + /// + EfiTlsKeyMaterial, ++ /// ++ /// TLS session hostname for validation which is used to verify whether the name ++ /// within the peer certificate matches a given host name. ++ /// This parameter is invalid when EfiTlsVerifyMethod is EFI_TLS_VERIFY_NONE. ++ /// The corresponding Data is of type EFI_TLS_VERIFY_HOST. ++ /// ++ EfiTlsVerifyHost, + + EfiTlsSessionDataTypeMaximum +- + } EFI_TLS_SESSION_DATA_TYPE; + + /// +@@ -178,7 +175,8 @@ typedef UINT32 EFI_TLS_VERIFY; + /// + #define EFI_TLS_VERIFY_PEER 0x1 + /// +-/// TLS session will fail peer certificate is absent. ++/// EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT is only meaningful in the server mode. ++/// TLS session will fail if client certificate is absent. + /// + #define EFI_TLS_VERIFY_FAIL_IF_NO_PEER_CERT 0x2 + /// +@@ -188,6 +186,54 @@ typedef UINT32 EFI_TLS_VERIFY; + #define EFI_TLS_VERIFY_CLIENT_ONCE 0x4 + + /// ++/// EFI_TLS_VERIFY_HOST_FLAG ++/// ++typedef UINT32 EFI_TLS_VERIFY_HOST_FLAG; ++/// ++/// There is no additional flags set for hostname validation. ++/// Wildcards are supported and they match only in the left-most label. ++/// ++#define EFI_TLS_VERIFY_FLAG_NONE 0x00 ++/// ++/// Always check the Subject Distinguished Name (DN) in the peer certificate even if the ++/// certificate contains Subject Alternative Name (SAN). ++/// ++#define EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT 0x01 ++/// ++/// Disable the match of all wildcards. ++/// ++#define EFI_TLS_VERIFY_FLAG_NO_WILDCARDS 0x02 ++/// ++/// Disable the "*" as wildcard in labels that have a prefix or suffix (e.g. "www*" or "*www"). ++/// ++#define EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS 0x04 ++/// ++/// Allow the "*" to match more than one labels. Otherwise, only matches a single label. ++/// ++#define EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS 0x08 ++/// ++/// Restrict to only match direct child sub-domains which start with ".". ++/// For example, a name of ".example.com" would match "www.example.com" with this flag, ++/// but would not match "www.sub.example.com". ++/// ++#define EFI_TLS_VERIFY_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 ++/// ++/// Never check the Subject Distinguished Name (DN) even there is no ++/// Subject Alternative Name (SAN) in the certificate. ++/// ++#define EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT 0x20 ++ ++/// ++/// EFI_TLS_VERIFY_HOST ++/// ++#pragma pack (1) ++typedef struct { ++ EFI_TLS_VERIFY_HOST_FLAG Flags; ++ CHAR8 *HostName; ++} EFI_TLS_VERIFY_HOST; ++#pragma pack () ++ ++/// + /// EFI_TLS_RANDOM + /// Note: The definition of EFI_TLS_RANDOM is from "RFC 5246 A.4.1. + /// Hello Messages". +-- +1.8.3.1 + diff --git a/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch b/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch new file mode 100644 index 0000000..06caad5 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch @@ -0,0 +1,99 @@ +From d28c0053e94b8e721307ac1698d86e5dfb328e6d Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:32:04 +0100 +Subject: [PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification + (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-9-lersek@redhat.com> +Patchwork-id: 92459 +O-Subject: [RHEL-8.2.0 edk2 PATCH 8/9] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Philippe Mathieu-Daudé + +From: "Wu, Jiaxin" + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +Set the HostName by consuming TLS protocol to enable the host name +check so as to avoid the potential Man-In-The-Middle attack. + +Signed-off-by: Wu Jiaxin +Reviewed-by: Ye Ting +Reviewed-by: Long Qin +Reviewed-by: Fu Siyuan +Acked-by: Laszlo Ersek +Message-Id: <20190927034441.3096-5-Jiaxin.wu@intel.com> +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Signed-off-by: Laszlo Ersek +(cherry picked from commit e2fc50812895b17e8b23f5a9c43cde29531b200f) +--- + NetworkPkg/HttpDxe/HttpProto.h | 1 + + NetworkPkg/HttpDxe/HttpsSupport.c | 21 +++++++++++++++++---- + 2 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/NetworkPkg/HttpDxe/HttpProto.h b/NetworkPkg/HttpDxe/HttpProto.h +index 6e1f517..34308e0 100644 +--- a/NetworkPkg/HttpDxe/HttpProto.h ++++ b/NetworkPkg/HttpDxe/HttpProto.h +@@ -82,6 +82,7 @@ typedef struct { + EFI_TLS_VERSION Version; + EFI_TLS_CONNECTION_END ConnectionEnd; + EFI_TLS_VERIFY VerifyMethod; ++ EFI_TLS_VERIFY_HOST VerifyHost; + EFI_TLS_SESSION_STATE SessionState; + } TLS_CONFIG_DATA; + +diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c +index 988bbcb..5dfb13b 100644 +--- a/NetworkPkg/HttpDxe/HttpsSupport.c ++++ b/NetworkPkg/HttpDxe/HttpsSupport.c +@@ -623,13 +623,16 @@ TlsConfigureSession ( + // + // TlsConfigData initialization + // +- HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; +- HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; +- HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; ++ HttpInstance->TlsConfigData.ConnectionEnd = EfiTlsClient; ++ HttpInstance->TlsConfigData.VerifyMethod = EFI_TLS_VERIFY_PEER; ++ HttpInstance->TlsConfigData.VerifyHost.Flags = EFI_TLS_VERIFY_FLAG_NO_WILDCARDS; ++ HttpInstance->TlsConfigData.VerifyHost.HostName = HttpInstance->RemoteHost; ++ HttpInstance->TlsConfigData.SessionState = EfiTlsSessionNotStarted; + + // + // EfiTlsConnectionEnd, +- // EfiTlsVerifyMethod ++ // EfiTlsVerifyMethod, ++ // EfiTlsVerifyHost, + // EfiTlsSessionState + // + Status = HttpInstance->Tls->SetSessionData ( +@@ -654,6 +657,16 @@ TlsConfigureSession ( + + Status = HttpInstance->Tls->SetSessionData ( + HttpInstance->Tls, ++ EfiTlsVerifyHost, ++ &HttpInstance->TlsConfigData.VerifyHost, ++ sizeof (EFI_TLS_VERIFY_HOST) ++ ); ++ if (EFI_ERROR (Status)) { ++ return Status; ++ } ++ ++ Status = HttpInstance->Tls->SetSessionData ( ++ HttpInstance->Tls, + EfiTlsSessionState, + &(HttpInstance->TlsConfigData.SessionState), + sizeof (EFI_TLS_SESSION_STATE) +-- +1.8.3.1 + diff --git a/SOURCES/edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch b/SOURCES/edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch new file mode 100644 index 0000000..ec51be6 --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch @@ -0,0 +1,120 @@ +From 555d93f2daa551dc2311b15210a918aa79ed18ff Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 14 Jan 2020 12:39:06 +0100 +Subject: [PATCH 2/2] NetworkPkg/HttpDxe: fix 32-bit truncation in HTTPS + download +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200114123906.8547-3-lersek@redhat.com> +Patchwork-id: 93340 +O-Subject: [RHEL-8.2.0 edk2 PATCH 2/2] NetworkPkg/HttpDxe: fix 32-bit truncation in HTTPS download +Bugzilla: 1789797 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Philippe Mathieu-Daudé + +When downloading over TLS, each TLS message ("APP packet") is returned as +a (decrypted) fragment table by EFI_TLS_PROTOCOL.ProcessPacket(). + +The TlsProcessMessage() function in "NetworkPkg/HttpDxe/HttpsSupport.c" +linearizes the fragment table into a single contiguous data block. The +resultant flat data block contains both TLS headers and data. + +The HttpsReceive() function parses the actual application data -- in this +case: decrypted HTTP data -- out of the flattened TLS data block, peeling +off the TLS headers. + +The HttpResponseWorker() function in "NetworkPkg/HttpDxe/HttpImpl.c" +propagates this HTTP data outwards, implementing the +EFI_HTTP_PROTOCOL.Response() function. + +Now consider the following documentation for EFI_HTTP_PROTOCOL.Response(), +quoted from "MdePkg/Include/Protocol/Http.h": + +> It is the responsibility of the caller to allocate a buffer for Body and +> specify the size in BodyLength. If the remote host provides a response +> that contains a content body, up to BodyLength bytes will be copied from +> the receive buffer into Body and BodyLength will be updated with the +> amount of bytes received and copied to Body. This allows the client to +> download a large file in chunks instead of into one contiguous block of +> memory. + +Note that, if the caller-allocated buffer is larger than the +server-provided chunk, then the transfer length is limited by the latter. +This is in fact the dominant case when downloading a huge file (for which +UefiBootManagerLib allocated a huge contiguous RAM Disk buffer) in small +TLS messages. + +For adjusting BodyLength as described above -- i.e., to the application +data chunk that has been extracted from the TLS message --, the +HttpResponseWorker() function employs the following assignment: + + HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength); + +The (UINT32) cast is motivated by the MIN() requirement -- in +"MdePkg/Include/Base.h" -- that both arguments be of the same type. + +"Fragment.Len" (NET_FRAGMENT.Len) has type UINT32, and +"HttpMsg->BodyLength" (EFI_HTTP_MESSAGE.BodyLength) has type UINTN. +Therefore a cast is indeed necessary. + +Unfortunately, the cast is done in the wrong direction. Consider the +following circumstances: + +- "Fragment.Len" happens to be consistently 16KiB, dictated by the HTTPS + Server's TLS stack, + +- the size of the file to download is 4GiB + N*16KiB, where N is a + positive integer. + +As the download progresses, each received 16KiB application data chunk +brings the *next* input value of BodyLength closer down to 4GiB. The cast +in MIN() always masks off the high-order bits from the input value of +BodyLength, but this is no problem because the low-order bits are nonzero, +therefore the MIN() always permits progress. + +However, once BodyLength reaches 4GiB exactly on input, the MIN() +invocation produces a zero value. HttpResponseWorker() adjusts the output +value of BodyLength to zero, and then passes it to HttpParseMessageBody(). + +HttpParseMessageBody() (in "NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c") +rejects the zero BodyLength with EFI_INVALID_PARAMETER, which is fully +propagated outwards, and aborts the HTTPS download. HttpBootDxe writes the +message "Error: Unexpected network error" to the UEFI console. + +For example, a file with size (4GiB + 197MiB) terminates after downloading +just 197MiB. + +Invert the direction of the cast: widen "Fragment.Len" to UINTN. + +Cc: Jiaxin Wu +Cc: Maciej Rabeda +Cc: Siyuan Fu +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Reviewed-by: Siyuan Fu +Reviewed-by: Maciej Rabeda +(cherry picked from commit 4cca7923992a13f6b753782f469ee944da2db796) +Signed-off-by: Miroslav Rezanina +--- + NetworkPkg/HttpDxe/HttpImpl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/NetworkPkg/HttpDxe/HttpImpl.c b/NetworkPkg/HttpDxe/HttpImpl.c +index 6b87731..1acbb60 100644 +--- a/NetworkPkg/HttpDxe/HttpImpl.c ++++ b/NetworkPkg/HttpDxe/HttpImpl.c +@@ -1348,7 +1348,7 @@ HttpResponseWorker ( + // + // Process the received the body packet. + // +- HttpMsg->BodyLength = MIN (Fragment.Len, (UINT32) HttpMsg->BodyLength); ++ HttpMsg->BodyLength = MIN ((UINTN) Fragment.Len, HttpMsg->BodyLength); + + CopyMem (HttpMsg->Body, Fragment.Bulk, HttpMsg->BodyLength); + +-- +1.8.3.1 + diff --git a/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch b/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch new file mode 100644 index 0000000..3aa8efd --- /dev/null +++ b/SOURCES/edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch @@ -0,0 +1,117 @@ +From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 2 Dec 2019 12:32:00 +0100 +Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to + TlsDxe driver (CVE-2019-14553) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20191117220052.15700-8-lersek@redhat.com> +Patchwork-id: 92456 +O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) +Bugzilla: 1536624 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +From: "Wu, Jiaxin" + +REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 +CVE: CVE-2019-14553 +The new data type named "EfiTlsVerifyHost" and the +EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol. + +Signed-off-by: Wu Jiaxin +Reviewed-by: Ye Ting +Reviewed-by: Long Qin +Reviewed-by: Fu Siyuan +Acked-by: Laszlo Ersek +Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com> +Cc: David Woodhouse +Cc: Jian J Wang +Cc: Jiaxin Wu +Cc: Sivaraman Nainar +Cc: Xiaoyu Lu +Signed-off-by: Laszlo Ersek +(cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947) +--- + NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 41 insertions(+), 3 deletions(-) + +diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c +index a7a993f..001e540 100644 +--- a/NetworkPkg/TlsDxe/TlsProtocol.c ++++ b/NetworkPkg/TlsDxe/TlsProtocol.c +@@ -1,7 +1,7 @@ + /** @file + Implementation of EFI TLS Protocol Interfaces. + +- Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
++ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
+ + SPDX-License-Identifier: BSD-2-Clause-Patent + +@@ -56,12 +56,16 @@ TlsSetSessionData ( + UINT16 *CipherId; + CONST EFI_TLS_CIPHER *TlsCipherList; + UINTN CipherCount; ++ CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost; ++ EFI_TLS_VERIFY VerifyMethod; ++ UINTN VerifyMethodSize; + UINTN Index; + + EFI_TPL OldTpl; + +- Status = EFI_SUCCESS; +- CipherId = NULL; ++ Status = EFI_SUCCESS; ++ CipherId = NULL; ++ VerifyMethodSize = sizeof (EFI_TLS_VERIFY); + + if (This == NULL || Data == NULL || DataSize == 0) { + return EFI_INVALID_PARAMETER; +@@ -149,6 +153,40 @@ TlsSetSessionData ( + + TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); + break; ++ case EfiTlsVerifyHost: ++ if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) { ++ Status = EFI_INVALID_PARAMETER; ++ goto ON_EXIT; ++ } ++ ++ TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data; ++ ++ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 && ++ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) { ++ Status = EFI_INVALID_PARAMETER; ++ goto ON_EXIT; ++ } ++ ++ if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 && ++ ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 || ++ (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) { ++ Status = EFI_INVALID_PARAMETER; ++ goto ON_EXIT; ++ } ++ ++ Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize); ++ if (EFI_ERROR (Status)) { ++ goto ON_EXIT; ++ } ++ ++ if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) { ++ Status = EFI_INVALID_PARAMETER; ++ goto ON_EXIT; ++ } ++ ++ Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName); ++ ++ break; + case EfiTlsSessionID: + if (DataSize != sizeof (EFI_TLS_SESSION_ID)) { + Status = EFI_INVALID_PARAMETER; +-- +1.8.3.1 + diff --git a/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch b/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch deleted file mode 100644 index 59cc788..0000000 --- a/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 71c39f0fb0b9a3e9856cebc58ef3812752fd07cc Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 4 Jun 2019 11:06:45 +0200 -Subject: [PATCH 3/3] OvmfPkg/PlatformPei: set 32-bit UC area at PciBase / - PciExBarBase (pc/q35) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20190604090645.2847-4-lersek@redhat.com> -Patchwork-id: 88483 -O-Subject: [RHEL-8.1.0 edk2 PATCH v2 3/3] OvmfPkg/PlatformPei: set 32-bit UC - area at PciBase / PciExBarBase (pc/q35) -Bugzilla: 1666941 -Acked-by: Philippe Mathieu-Daudé -Acked-by: Vitaly Kuznetsov - -(This is a replacement for commit 39b9a5ffe661 ("OvmfPkg/PlatformPei: fix -MTRR for low-RAM sizes that have many bits clear", 2019-05-16).) - -Reintroduce the same logic as seen in commit 39b9a5ffe661 for the pc -(i440fx) board type. - -For q35, the same approach doesn't work any longer, given that (a) we'd -like to keep the PCIEXBAR in the platform DSC a fixed-at-build PCD, and -(b) QEMU expects the PCIEXBAR to reside at a lower address than the 32-bit -PCI MMIO aperture. - -Therefore, introduce a helper function for determining the 32-bit -"uncacheable" (MMIO) area base address: - -- On q35, this function behaves statically. Furthermore, the MTRR setup - exploits that the range [0xB000_0000, 0xFFFF_FFFF] can be marked UC with - just two variable MTRRs (one at 0xB000_0000 (size 256MB), another at - 0xC000_0000 (size 1GB)). - -- On pc (i440fx), the function behaves dynamically, implementing the same - logic as commit 39b9a5ffe661 did. The PciBase value is adjusted to the - value calculated, similarly to commit 39b9a5ffe661. A further - simplification is that we show that the UC32 area size truncation to a - whole power of two automatically guarantees a >=2GB base address. - -Cc: Ard Biesheuvel -Cc: Gerd Hoffmann -Cc: Jordan Justen -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daude -Acked-by: Ard Biesheuvel -(cherry picked from commit 49edde15230a5bfd6746225eb95535eaa2ec1ba4) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/PlatformPei/MemDetect.c | 59 ++++++++++++++++++++++++++++++++++++++--- - OvmfPkg/PlatformPei/Platform.c | 5 +++- - OvmfPkg/PlatformPei/Platform.h | 7 +++++ - 3 files changed, 66 insertions(+), 5 deletions(-) - -diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c -index 2f9e835..0c38b70 100644 ---- a/OvmfPkg/PlatformPei/MemDetect.c -+++ b/OvmfPkg/PlatformPei/MemDetect.c -@@ -20,6 +20,7 @@ Module Name: - // The package level header files this module uses - // - #include -+#include - #include - #include - -@@ -48,6 +49,8 @@ STATIC UINT32 mS3AcpiReservedMemorySize; - - STATIC UINT16 mQ35TsegMbytes; - -+UINT32 mQemuUc32Base; -+ - VOID - Q35TsegMbytesInitialization ( - VOID -@@ -104,6 +107,54 @@ Q35TsegMbytesInitialization ( - } - - -+VOID -+QemuUc32BaseInitialization ( -+ VOID -+ ) -+{ -+ UINT32 LowerMemorySize; -+ UINT32 Uc32Size; -+ -+ if (mXen) { -+ return; -+ } -+ -+ if (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) { -+ // -+ // On q35, the 32-bit area that we'll mark as UC, through variable MTRRs, -+ // starts at PcdPciExpressBaseAddress. The platform DSC is responsible for -+ // setting PcdPciExpressBaseAddress such that describing the -+ // [PcdPciExpressBaseAddress, 4GB) range require a very small number of -+ // variable MTRRs (preferably 1 or 2). -+ // -+ ASSERT (FixedPcdGet64 (PcdPciExpressBaseAddress) <= MAX_UINT32); -+ mQemuUc32Base = (UINT32)FixedPcdGet64 (PcdPciExpressBaseAddress); -+ return; -+ } -+ -+ ASSERT (mHostBridgeDevId == INTEL_82441_DEVICE_ID); -+ // -+ // On i440fx, start with the [LowerMemorySize, 4GB) range. Make sure one -+ // variable MTRR suffices by truncating the size to a whole power of two, -+ // while keeping the end affixed to 4GB. This will round the base up. -+ // -+ LowerMemorySize = GetSystemMemorySizeBelow4gb (); -+ Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - LowerMemorySize)); -+ mQemuUc32Base = (UINT32)(SIZE_4GB - Uc32Size); -+ // -+ // Assuming that LowerMemorySize is at least 1 byte, Uc32Size is at most 2GB. -+ // Therefore mQemuUc32Base is at least 2GB. -+ // -+ ASSERT (mQemuUc32Base >= BASE_2GB); -+ -+ if (mQemuUc32Base != LowerMemorySize) { -+ DEBUG ((DEBUG_VERBOSE, "%a: rounded UC32 base from 0x%x up to 0x%x, for " -+ "an UC32 size of 0x%x\n", __FUNCTION__, LowerMemorySize, mQemuUc32Base, -+ Uc32Size)); -+ } -+} -+ -+ - /** - Iterate over the RAM entries in QEMU's fw_cfg E820 RAM map that start outside - of the 32-bit address range. -@@ -694,11 +745,11 @@ QemuInitializeRam ( - ASSERT_EFI_ERROR (Status); - - // -- // Set memory range from the "top of lower RAM" (RAM below 4GB) to 4GB as -- // uncacheable -+ // Set the memory range from the start of the 32-bit MMIO area (32-bit PCI -+ // MMIO aperture on i440fx, PCIEXBAR on q35) to 4GB as uncacheable. - // -- Status = MtrrSetMemoryAttribute (LowerMemorySize, -- SIZE_4GB - LowerMemorySize, CacheUncacheable); -+ Status = MtrrSetMemoryAttribute (mQemuUc32Base, SIZE_4GB - mQemuUc32Base, -+ CacheUncacheable); - ASSERT_EFI_ERROR (Status); - } - } -diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index 64b8034..de19f5c 100644 ---- a/OvmfPkg/PlatformPei/Platform.c -+++ b/OvmfPkg/PlatformPei/Platform.c -@@ -197,7 +197,8 @@ MemMapInitialization ( - ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB); - PciBase = (UINT32)(PciExBarBase + SIZE_256MB); - } else { -- PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam; -+ ASSERT (TopOfLowRam <= mQemuUc32Base); -+ PciBase = mQemuUc32Base; - } - - // -@@ -656,6 +657,8 @@ InitializePlatform ( - - PublishPeiMemory (); - -+ QemuUc32BaseInitialization (); -+ - InitializeRamRegions (); - - if (mXen) { -diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h -index b12a5c1..2b486ce 100644 ---- a/OvmfPkg/PlatformPei/Platform.h -+++ b/OvmfPkg/PlatformPei/Platform.h -@@ -69,6 +69,11 @@ GetSystemMemorySizeBelow4gb ( - ); - - VOID -+QemuUc32BaseInitialization ( -+ VOID -+ ); -+ -+VOID - InitializeRamRegions ( - VOID - ); -@@ -120,4 +125,6 @@ extern UINT32 mMaxCpuCount; - - extern UINT16 mHostBridgeDevId; - -+extern UINT32 mQemuUc32Base; -+ - #endif // _PLATFORM_PEI_H_INCLUDED_ --- -1.8.3.1 - diff --git a/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch deleted file mode 100644 index 7bfe17c..0000000 --- a/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +++ /dev/null @@ -1,75 +0,0 @@ -From aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7 Mon Sep 17 00:00:00 2001 -From: Philippe Mathieu-Daude -Date: Thu, 1 Aug 2019 20:43:48 +0200 -Subject: [PATCH 2/3] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on - Aarch64 silent builds (RH only) - -Message-id: <20190801184349.28512-3-philmd@redhat.com> -Patchwork-id: 89861 -O-Subject: [RHEL-8.1.0 edk2 PATCH v4 2/3] OvmfPkg: QemuRamfbDxe: Do not report - DXE failure on Aarch64 silent builds (RH only) -Bugzilla: 1714446 -Acked-by: Andrew Jones -Acked-by: Laszlo Ersek - -To suppress an error message on the silent build when ramfb is -not configured, change QemuRamfbDxe to return EFI_SUCCESS even -when it fails. -Some memory is wasted (driver stays resident without -any good use), but it is mostly harmless, as the memory -is released by the OS after ExitBootServices(). - -Suggested-by: Laszlo Ersek -Signed-off-by: Philippe Mathieu-Daude ---- - OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++ - OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 + - 2 files changed, 15 insertions(+) - -diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c -index b49f2ca..c27e55f 100644 ---- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c -+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -249,6 +250,19 @@ InitializeQemuRamfb ( - - Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize); - if (EFI_ERROR (Status)) { -+#if defined (MDE_CPU_AARCH64) -+ // -+ // RHBZ#1714446 -+ // If no ramfb device was configured, this platform DXE driver should -+ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even -+ // using a silent build, an error message is issued to the guest console. -+ // Since this confuse users, return success and stay resident. The wasted -+ // guest RAM still gets freed later after ExitBootServices(). -+ // -+ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) { -+ return EFI_SUCCESS; -+ } -+#endif - return EFI_NOT_FOUND; - } - if (FwCfgSize != sizeof (RAMFB_CONFIG)) { -diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -index 013edef..f9e24cb 100644 ---- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -+++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf -@@ -36,6 +36,7 @@ - BaseLib - BaseMemoryLib - DebugLib -+ DebugPrintErrorLevelLib - DevicePathLib - FrameBufferBltLib - MemoryAllocationLib --- -1.8.3.1 - diff --git a/SOURCES/edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch b/SOURCES/edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch new file mode 100644 index 0000000..e8167d6 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch @@ -0,0 +1,64 @@ +From 78cfb461bedb0e0491b267528b2ebd30adc1d87c Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 27 Mar 2020 07:01:18 +0100 +Subject: [PATCH] OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and + "bochs-display" support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20200226173820.16398-2-lersek@redhat.com> +Patchwork-id: 94054 +O-Subject: [RHEL-8.2.0 edk2 PATCH 1/1] OvmfPkg/QemuVideoDxe: unbreak "secondary-vga" and "bochs-display" support +Bugzilla: 1806359 +RH-Acked-by: Gerd Hoffmann +RH-Acked-by: Philippe Mathieu-Daudé + +In edk2 commit 333f32ec23dd, QemuVideoDxe gained support for QEMU's +"secondary-vga" device model (originally introduced in QEMU commit +63e3e24db2e9). + +In QEMU commit 765c94290863, the "bochs-display" device was introduced, +which would work with QemuVideoDxe out of the box, reusing the +"secondary-vga" logic. + +Support for both models has been broken since edk2 commit 662bd0da7fd7. +Said patch ended up requiring VGA IO Ports -- i.e., at least one of +EFI_PCI_IO_ATTRIBUTE_VGA_IO and EFI_PCI_IO_ATTRIBUTE_VGA_IO_16 -- even if +the device wasn't actually VGA compatible. + +Restrict the IO Ports requirement to VGA compatible devices. + +Cc: Ard Biesheuvel +Cc: Gerd Hoffmann +Cc: Jordan Justen +Cc: Marc W Chen +Cc: Philippe Mathieu-Daudé +Fixes: 662bd0da7fd77e4d2cf9ef4a78015af5cad7d9db +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2555 +Signed-off-by: Laszlo Ersek +Message-Id: <20200224171741.7494-1-lersek@redhat.com> +Acked-by: Ard Biesheuvel +Reviewed-by: Gerd Hoffmann +Reviewed-by: Philippe Mathieu-Daudé +(cherry picked from commit edfe16a6d9f8c6830d7ad93ee7616225fe4e9c13) +--- + OvmfPkg/QemuVideoDxe/Driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/QemuVideoDxe/Driver.c b/OvmfPkg/QemuVideoDxe/Driver.c +index 522110e..902dd1b 100644 +--- a/OvmfPkg/QemuVideoDxe/Driver.c ++++ b/OvmfPkg/QemuVideoDxe/Driver.c +@@ -292,7 +292,7 @@ QemuVideoControllerDriverStart ( + } + + SupportedVgaIo &= (UINT64)(EFI_PCI_IO_ATTRIBUTE_VGA_IO | EFI_PCI_IO_ATTRIBUTE_VGA_IO_16); +- if (SupportedVgaIo == 0) { ++ if (SupportedVgaIo == 0 && IS_PCI_VGA (&Pci)) { + Status = EFI_UNSUPPORTED; + goto ClosePciIo; + } +-- +1.8.3.1 + diff --git a/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch b/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch deleted file mode 100644 index 4aae125..0000000 --- a/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch +++ /dev/null @@ -1,109 +0,0 @@ -From d362291ada9ee22316e3c069dc788c4c801b0796 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 4 Jun 2019 11:06:44 +0200 -Subject: [PATCH 2/3] OvmfPkg: raise the PCIEXBAR base to 2816 MB on Q35 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20190604090645.2847-3-lersek@redhat.com> -Patchwork-id: 88481 -O-Subject: [RHEL-8.1.0 edk2 PATCH v2 2/3] OvmfPkg: raise the PCIEXBAR base to - 2816 MB on Q35 -Bugzilla: 1666941 -Acked-by: Philippe Mathieu-Daudé -Acked-by: Vitaly Kuznetsov - -(This is a replacement for commit 75136b29541b, "OvmfPkg/PlatformPei: -reorder the 32-bit PCI window vs. the PCIEXBAR on q35", 2019-05-16). - -Commit 7b8fe63561b4 ("OvmfPkg: PlatformPei: enable PCIEXBAR (aka MMCONFIG -/ ECAM) on Q35", 2016-03-10) claimed that, - - On Q35 machine types that QEMU intends to support in the long term, QEMU - never lets the RAM below 4 GB exceed 2 GB. - -Alas, this statement came from a misunderstanding that occurred while we -worked out the interface contract. In fact QEMU does allow the 32-bit RAM -extend up to 0xB000_0000 (exclusive), in case the RAM size falls in the -range (0x8000_0000, 0xB000_0000) (i.e., the RAM size is greater than -2048MB and smaller than 2816MB). - -In turn, such a RAM size (justifiedly) triggers - - ASSERT (TopOfLowRam <= PciExBarBase); - -in MemMapInitialization(), because we placed the 256MB PCIEXBAR at -0x8000_0000 (2GB) exactly, relying on the interface contract. (And, the -32-bit PCI window would follow the PCIEXBAR, covering the [0x9000_0000, -0xFC00_0000) range.) - -In order to fix this, place the PCIEXBAR at 2816MB (0xB000_0000), and -start the 32-bit PCI window at 3 GB (0xC000_0000). This shrinks the 32-bit -PCI window to - - 0xFC00_0000 - 0xC000_0000 = 0x3C00_0000 = 960 MB. - -Cc: Ard Biesheuvel -Cc: Gerd Hoffmann -Cc: Jordan Justen -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859 -Signed-off-by: Laszlo Ersek -Reviewed-by: Philippe Mathieu-Daude -Acked-by: Ard Biesheuvel -(cherry picked from commit b07de0974b65a6a393c2d477427d1d6c7acce002) -Signed-off-by: Laszlo Ersek ---- - OvmfPkg/OvmfPkgIa32.dsc | 4 ++-- - OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++-- - OvmfPkg/OvmfPkgX64.dsc | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index bbf5e38..cf5f2ea 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -497,8 +497,8 @@ - # the PCIEXBAR register. - # - # On Q35 machine types that QEMU intends to support in the long term, QEMU -- # never lets the RAM below 4 GB exceed 2 GB. -- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 -+ # never lets the RAM below 4 GB exceed 2816 MB. -+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 3ec1b91..5a24065 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -502,8 +502,8 @@ - # the PCIEXBAR register. - # - # On Q35 machine types that QEMU intends to support in the long term, QEMU -- # never lets the RAM below 4 GB exceed 2 GB. -- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 -+ # never lets the RAM below 4 GB exceed 2816 MB. -+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index ea54b4b..6ab50c9 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -502,8 +502,8 @@ - # the PCIEXBAR register. - # - # On Q35 machine types that QEMU intends to support in the long term, QEMU -- # never lets the RAM below 4 GB exceed 2 GB. -- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 -+ # never lets the RAM below 4 GB exceed 2816 MB. -+ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 - - !ifdef $(SOURCE_DEBUG_ENABLE) - gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 --- -1.8.3.1 - diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch new file mode 100644 index 0000000..c57efd8 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch @@ -0,0 +1,82 @@ +From b68d6a626977f48ac4d05396edcb70a73b12c66c Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:45 +0100 +Subject: [PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate + "Status" variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-10-lersek@redhat.com> +Patchwork-id: 93619 +O-Subject: [RHEL-8.2.0 edk2 PATCH 09/12] SecurityPkg/DxeImageVerificationHandler: eliminate "Status" variable +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +The "Status" variable is set to EFI_ACCESS_DENIED at the top of the +function. Then it is overwritten with EFI_SECURITY_VIOLATION under the +"Failed" (earlier: "Done") label. We finally return "Status". + +The above covers the complete usage of "Status" in +DxeImageVerificationHandler(). Remove the variable, and simply return +EFI_SECURITY_VIOLATION in the end. + +This patch is a no-op, regarding behavior. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-9-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit fb02f5b2cd0b2a2d413a4f4fc41e085be2ede089) + +Signed-off-by: Miroslav Rezanina +--- + .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 51968bd..b49fe87 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1560,7 +1560,6 @@ DxeImageVerificationHandler ( + IN BOOLEAN BootPolicy + ) + { +- EFI_STATUS Status; + EFI_IMAGE_DOS_HEADER *DosHdr; + BOOLEAN IsVerified; + EFI_SIGNATURE_LIST *SignatureList; +@@ -1588,7 +1587,6 @@ DxeImageVerificationHandler ( + SecDataDir = NULL; + PkcsCertData = NULL; + Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED; +- Status = EFI_ACCESS_DENIED; + IsVerified = FALSE; + + +@@ -1880,13 +1878,12 @@ Failed: + DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr)); + FreePool(NameStr); + } +- Status = EFI_SECURITY_VIOLATION; + + if (SignatureList != NULL) { + FreePool (SignatureList); + } + +- return Status; ++ return EFI_SECURITY_VIOLATION; + } + + /** +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch new file mode 100644 index 0000000..9c7a572 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch @@ -0,0 +1,103 @@ +From ff8b6134756fca6b0c55fedc76aeb5000f783875 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:48 +0100 +Subject: [PATCH 12/12] SecurityPkg/DxeImageVerificationHandler: fix "defer" + vs. "deny" policies +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-13-lersek@redhat.com> +Patchwork-id: 93620 +O-Subject: [RHEL-8.2.0 edk2 PATCH 12/12] SecurityPkg/DxeImageVerificationHandler: fix "defer" vs. "deny" policies +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +In DxeImageVerificationHandler(), we should return EFI_SECURITY_VIOLATION +for a rejected image only if the platform sets +DEFER_EXECUTE_ON_SECURITY_VIOLATION as the policy for the image's source. +Otherwise, EFI_ACCESS_DENIED must be returned. + +Right now, EFI_SECURITY_VIOLATION is returned for all rejected images, +which is wrong -- it causes LoadImage() to hold on to rejected images (in +untrusted state), for further platform actions. However, if a platform +already set DENY_EXECUTE_ON_SECURITY_VIOLATION, the platform will not +expect the rejected image to stick around in memory (regardless of its +untrusted state). + +Therefore, adhere to the platform policy in the return value of the +DxeImageVerificationHandler() function. + +Furthermore, according to "32.4.2 Image Execution Information Table" in +the UEFI v2.8 spec, and considering that edk2 only supports (AuditMode==0) +at the moment: + +> When AuditMode==0, if the image's signature is not found in the +> authorized database, or is found in the forbidden database, the image +> will not be started and instead, information about it will be placed in +> this table. + +we have to store an EFI_IMAGE_EXECUTION_INFO record in both the "defer" +case and the "deny" case. Thus, the AddImageExeInfo() call is not being +made conditional on (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION); the +documentation is updated instead. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Fixes: 5db28a6753d307cdfb1cfdeb2f63739a9f959837 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-12-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 8b0932c19f31cbf9da26d3b8d4e8d954bdbb5269) + +Signed-off-by: Miroslav Rezanina +--- + .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 015a5b6..dbfbfcb 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1548,7 +1548,8 @@ Done: + execution table. + @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not + authenticate, and the platform policy dictates that the DXE +- Foundation many not use File. ++ Foundation may not use File. The image has ++ been added to the file execution table. + + **/ + EFI_STATUS +@@ -1872,7 +1873,8 @@ DxeImageVerificationHandler ( + + Failed: + // +- // Policy decides to defer or reject the image; add its information in image executable information table. ++ // Policy decides to defer or reject the image; add its information in image ++ // executable information table in either case. + // + NameStr = ConvertDevicePathToText (File, FALSE, TRUE); + AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); +@@ -1885,7 +1887,10 @@ Failed: + FreePool (SignatureList); + } + +- return EFI_SECURITY_VIOLATION; ++ if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) { ++ return EFI_SECURITY_VIOLATION; ++ } ++ return EFI_ACCESS_DENIED; + } + + /** +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch new file mode 100644 index 0000000..396f1c0 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch @@ -0,0 +1,87 @@ +From d9f12d175da2d203be078d03c9127293ea6fe86b Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:47 +0100 +Subject: [PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec + info on memalloc fail +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-12-lersek@redhat.com> +Patchwork-id: 93618 +O-Subject: [RHEL-8.2.0 edk2 PATCH 11/12] SecurityPkg/DxeImageVerificationHandler: fix imgexec info on memalloc fail +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +It makes no sense to call AddImageExeInfo() with (Signature == NULL) and +(SignatureSize > 0). AddImageExeInfo() does not crash in such a case -- it +avoids the CopyMem() call --, but it creates an invalid +EFI_IMAGE_EXECUTION_INFO record. Namely, the +"EFI_IMAGE_EXECUTION_INFO.InfoSize" field includes "SignatureSize", but +the actual signature bytes are not filled in. + +Document and ASSERT() this condition in AddImageExeInfo(). + +In DxeImageVerificationHandler(), zero out "SignatureListSize" if we set +"SignatureList" to NULL due to AllocateZeroPool() failure. + +(Another approach could be to avoid calling AddImageExeInfo() completely, +in case AllocateZeroPool() fails. Unfortunately, the UEFI v2.8 spec does +not seem to state clearly whether a signature is mandatory in +EFI_IMAGE_EXECUTION_INFO, if the "Action" field is +EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED or EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND. + +For now, the EFI_IMAGE_EXECUTION_INFO addition logic is not changed; we +only make sure that the record we add is not malformed.) + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-11-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 6aa31db5ebebe18b55aa5359142223a03592416f) + +Signed-off-by: Miroslav Rezanina +--- + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index c98b9e4..015a5b6 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -704,7 +704,7 @@ GetImageExeInfoTableSize ( + @param[in] Name Input a null-terminated, user-friendly name. + @param[in] DevicePath Input device path pointer. + @param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure. +- @param[in] SignatureSize Size of signature. ++ @param[in] SignatureSize Size of signature. Must be zero if Signature is NULL. + + **/ + VOID +@@ -761,6 +761,7 @@ AddImageExeInfo ( + // + // Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align + // ++ ASSERT (Signature != NULL || SignatureSize == 0); + NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize; + + NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); +@@ -1858,6 +1859,7 @@ DxeImageVerificationHandler ( + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + if (SignatureList == NULL) { ++ SignatureListSize = 0; + goto Failed; + } + SignatureList->SignatureHeaderSize = 0; +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch new file mode 100644 index 0000000..926cc90 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch @@ -0,0 +1,64 @@ +From e2efec69c63703c324099b987204a38fdb0d9d6f Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:46 +0100 +Subject: [PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for + (FileBuffer==NULL) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-11-lersek@redhat.com> +Patchwork-id: 93613 +O-Subject: [RHEL-8.2.0 edk2 PATCH 10/12] SecurityPkg/DxeImageVerificationHandler: fix retval for (FileBuffer==NULL) +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +"FileBuffer" is a non-optional input (pointer) parameter to +DxeImageVerificationHandler(). Normally, when an edk2 function receives a +NULL argument for such a parameter, we return EFI_INVALID_PARAMETER or +RETURN_INVALID_PARAMETER. However, those don't conform to the +SECURITY2_FILE_AUTHENTICATION_HANDLER prototype. + +Return EFI_ACCESS_DENIED when "FileBuffer" is NULL; it means that no image +has been loaded. + +This patch does not change the control flow in the function, it only +changes the "Status" outcome from API-incompatible error codes to +EFI_ACCESS_DENIED, under some circumstances. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-10-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 6d57592740cdd0b6868baeef7929d6e6fef7a8e3) + +Signed-off-by: Miroslav Rezanina +--- + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index b49fe87..c98b9e4 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1655,7 +1655,7 @@ DxeImageVerificationHandler ( + // Read the Dos header. + // + if (FileBuffer == NULL) { +- return EFI_INVALID_PARAMETER; ++ return EFI_ACCESS_DENIED; + } + + mImageBase = (UINT8 *) FileBuffer; +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch new file mode 100644 index 0000000..04bcd90 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch @@ -0,0 +1,71 @@ +From 58902877128851f628fe644a5c71600866317fac Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:42 +0100 +Subject: [PATCH 06/12] SecurityPkg/DxeImageVerificationHandler: fix retval on + memalloc failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-7-lersek@redhat.com> +Patchwork-id: 93616 +O-Subject: [RHEL-8.2.0 edk2 PATCH 06/12] SecurityPkg/DxeImageVerificationHandler: fix retval on memalloc failure +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +A SECURITY2_FILE_AUTHENTICATION_HANDLER function is not expected to return +EFI_OUT_OF_RESOURCES. We should only return EFI_SUCCESS, +EFI_SECURITY_VIOLATION, or EFI_ACCESS_DENIED. + +In case we run out of memory while preparing "SignatureList" for +AddImageExeInfo(), we should simply stick with the EFI_ACCESS_DENIED value +that is already in "Status" -- from just before the "Action" condition --, +and not suppress it with EFI_OUT_OF_RESOURCES. + +This patch does not change the control flow in the function, it only +changes the "Status" outcome from API-incompatible error codes to +EFI_ACCESS_DENIED, under some circumstances. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Fixes: 570b3d1a7278df29878da87990e8366bd42d0ec5 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-6-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit f891b052c5ec13c1032fb9d340d5262ac1a7e7e1) + +Signed-off-by: Miroslav Rezanina +--- + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 5cc82c1..5f09a66 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1541,7 +1541,6 @@ Done: + and non-NULL FileBuffer did authenticate, and the platform + policy dictates that the DXE Foundation may execute the image in + FileBuffer. +- @retval EFI_OUT_RESOURCE Fail to allocate memory. + @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and + the platform policy dictates that File should be placed + in the untrusted state. The image has been added to the file +@@ -1862,7 +1861,6 @@ DxeImageVerificationHandler ( + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + if (SignatureList == NULL) { +- Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + SignatureList->SignatureHeaderSize = 0; +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch new file mode 100644 index 0000000..3719f4e --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch @@ -0,0 +1,97 @@ +From 37b5981bf7eb94314b62810da495d724873d904a Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:40 +0100 +Subject: [PATCH 04/12] SecurityPkg/DxeImageVerificationHandler: keep PE/COFF + info status internal +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-5-lersek@redhat.com> +Patchwork-id: 93609 +O-Subject: [RHEL-8.2.0 edk2 PATCH 04/12] SecurityPkg/DxeImageVerificationHandler: keep PE/COFF info status internal +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +The PeCoffLoaderGetImageInfo() function may return various error codes, +such as RETURN_INVALID_PARAMETER and RETURN_UNSUPPORTED. + +Such error values should not be assigned to our "Status" variable in the +DxeImageVerificationHandler() function, because "Status" generally stands +for the main exit value of the function. And +SECURITY2_FILE_AUTHENTICATION_HANDLER functions are expected to return one +of EFI_SUCCESS, EFI_SECURITY_VIOLATION, and EFI_ACCESS_DENIED only. + +Introduce the "PeCoffStatus" helper variable for keeping the return value +of PeCoffLoaderGetImageInfo() internal to the function. If +PeCoffLoaderGetImageInfo() fails, we'll jump to the "Done" label with +"Status" being EFI_ACCESS_DENIED, inherited from the top of the function. + +Note that this is consistent with the subsequent PE/COFF Signature check, +where we jump to the "Done" label with "Status" having been re-set to +EFI_ACCESS_DENIED. + +As a consequence, we can at once remove the + + Status = EFI_ACCESS_DENIED; + +assignment right after the "PeCoffStatus" check. + +This patch does not change the control flow in the function, it only +changes the "Status" outcome from API-incompatible error codes to +EFI_ACCESS_DENIED, under some circumstances. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-4-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 61a9fa589a15e9005bec293f9766c78b60fbc9fc) + +Signed-off-by: Miroslav Rezanina +--- + .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 8204c9c..e6c8a54 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1580,6 +1580,7 @@ DxeImageVerificationHandler ( + EFI_IMAGE_DATA_DIRECTORY *SecDataDir; + UINT32 OffSet; + CHAR16 *NameStr; ++ RETURN_STATUS PeCoffStatus; + + SignatureList = NULL; + SignatureListSize = 0; +@@ -1669,8 +1670,8 @@ DxeImageVerificationHandler ( + // + // Get information about the image being loaded + // +- Status = PeCoffLoaderGetImageInfo (&ImageContext); +- if (EFI_ERROR (Status)) { ++ PeCoffStatus = PeCoffLoaderGetImageInfo (&ImageContext); ++ if (RETURN_ERROR (PeCoffStatus)) { + // + // The information can't be got from the invalid PeImage + // +@@ -1678,8 +1679,6 @@ DxeImageVerificationHandler ( + goto Done; + } + +- Status = EFI_ACCESS_DENIED; +- + DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { + // +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch new file mode 100644 index 0000000..2365eb8 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch @@ -0,0 +1,79 @@ +From 73de814a5f30c2c6d82736082c1114a028d12115 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:41 +0100 +Subject: [PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down + PE/COFF hash status +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-6-lersek@redhat.com> +Patchwork-id: 93615 +O-Subject: [RHEL-8.2.0 edk2 PATCH 05/12] SecurityPkg/DxeImageVerificationHandler: narrow down PE/COFF hash status +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +Inside the "for" loop that scans the signatures of the image, we call +HashPeImageByType(), and assign its return value to "Status". + +Beyond the immediate retval check, this assignment is useless (never +consumed). That's because a subsequent access to "Status" may only be one +of the following: + +- the "Status" assignment when we call HashPeImageByType() in the next + iteration of the loop, + +- the "Status = EFI_ACCESS_DENIED" assignment right after the final + "IsVerified" check. + +To make it clear that the assignment is only useful for the immediate +HashPeImageByType() retval check, introduce a specific helper variable, +called "HashStatus". + +This patch is a no-op, functionally. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-5-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 47650a5cab608e07c31d66bdb9b4cc6e58bdf22f) + +Signed-off-by: Miroslav Rezanina +--- + .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index e6c8a54..5cc82c1 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1581,6 +1581,7 @@ DxeImageVerificationHandler ( + UINT32 OffSet; + CHAR16 *NameStr; + RETURN_STATUS PeCoffStatus; ++ EFI_STATUS HashStatus; + + SignatureList = NULL; + SignatureListSize = 0; +@@ -1802,8 +1803,8 @@ DxeImageVerificationHandler ( + continue; + } + +- Status = HashPeImageByType (AuthData, AuthDataSize); +- if (EFI_ERROR (Status)) { ++ HashStatus = HashPeImageByType (AuthData, AuthDataSize); ++ if (EFI_ERROR (HashStatus)) { + continue; + } + +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch new file mode 100644 index 0000000..e48ebd5 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch @@ -0,0 +1,142 @@ +From 5aa2d52451b7890480d31a3437a0024bfd9e1a57 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:39 +0100 +Subject: [PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" + after return/break +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-4-lersek@redhat.com> +Patchwork-id: 93614 +O-Subject: [RHEL-8.2.0 edk2 PATCH 03/12] SecurityPkg/DxeImageVerificationHandler: remove "else" after return/break +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +In the code structure + + if (condition) { + // + // block1 + // + return; + } else { + // + // block2 + // + } + +nesting "block2" in an "else" branch is superfluous, and harms +readability. It can be transformed to: + + if (condition) { + // + // block1 + // + return; + } + // + // block2 + // + +with identical behavior, and improved readability (less nesting). + +The same applies to "break" (instead of "return") in a loop body. + +Perform these transformations on DxeImageVerificationHandler(). + +This patch is a no-op for behavior. Use + + git show -b -W + +for reviewing it more easily. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-3-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit eccb856f013aec700234211e7371f03454ef9d52) + +Signed-off-by: Miroslav Rezanina +--- + .../DxeImageVerificationLib.c | 41 +++++++++++----------- + 1 file changed, 21 insertions(+), 20 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 5afd723..8204c9c 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1621,7 +1621,8 @@ DxeImageVerificationHandler ( + // + if (Policy == ALWAYS_EXECUTE) { + return EFI_SUCCESS; +- } else if (Policy == NEVER_EXECUTE) { ++ } ++ if (Policy == NEVER_EXECUTE) { + return EFI_ACCESS_DENIED; + } + +@@ -1833,7 +1834,8 @@ DxeImageVerificationHandler ( + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr)); + IsVerified = FALSE; + break; +- } else if (!IsVerified) { ++ } ++ if (!IsVerified) { + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) { + IsVerified = TRUE; + } else { +@@ -1851,25 +1853,24 @@ DxeImageVerificationHandler ( + + if (IsVerified) { + return EFI_SUCCESS; +- } else { +- Status = EFI_ACCESS_DENIED; +- if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { +- // +- // Get image hash value as signature of executable. +- // +- SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; +- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); +- if (SignatureList == NULL) { +- Status = EFI_OUT_OF_RESOURCES; +- goto Done; +- } +- SignatureList->SignatureHeaderSize = 0; +- SignatureList->SignatureListSize = (UINT32) SignatureListSize; +- SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); +- CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); +- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); +- CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); ++ } ++ Status = EFI_ACCESS_DENIED; ++ if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { ++ // ++ // Get image hash value as signature of executable. ++ // ++ SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; ++ SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); ++ if (SignatureList == NULL) { ++ Status = EFI_OUT_OF_RESOURCES; ++ goto Done; + } ++ SignatureList->SignatureHeaderSize = 0; ++ SignatureList->SignatureListSize = (UINT32) SignatureListSize; ++ SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); ++ CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); ++ Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); ++ CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); + } + + Done: +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch new file mode 100644 index 0000000..def2524 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch @@ -0,0 +1,55 @@ +From d25dc10aa262b33794f16b75a0ada3aad507abe7 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:43 +0100 +Subject: [PATCH 07/12] SecurityPkg/DxeImageVerificationHandler: remove + superfluous Status setting +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-8-lersek@redhat.com> +Patchwork-id: 93617 +O-Subject: [RHEL-8.2.0 edk2 PATCH 07/12] SecurityPkg/DxeImageVerificationHandler: remove superfluous Status setting +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +After the final "IsVerified" check, we set "Status" to EFI_ACCESS_DENIED. +This is superfluous, as "Status" already carries EFI_ACCESS_DENIED value +there, from the top of the function. Remove the assignment. + +Functionally, this change is a no-op. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-7-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 12a4ef58a8b1f8610f6f7cd3ffb973f924f175fb) + +Signed-off-by: Miroslav Rezanina +--- + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 5f09a66..6ccce1f 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1853,7 +1853,6 @@ DxeImageVerificationHandler ( + if (IsVerified) { + return EFI_SUCCESS; + } +- Status = EFI_ACCESS_DENIED; + if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { + // + // Get image hash value as signature of executable. +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch new file mode 100644 index 0000000..e045894 --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch @@ -0,0 +1,119 @@ +From cd4f4b384857f4295d336d66fc8693348ef08a33 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:38 +0100 +Subject: [PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify + "VerifyStatus" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-3-lersek@redhat.com> +Patchwork-id: 93611 +O-Subject: [RHEL-8.2.0 edk2 PATCH 02/12] SecurityPkg/DxeImageVerificationHandler: simplify "VerifyStatus" +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +In the DxeImageVerificationHandler() function, the "VerifyStatus" variable +can only contain one of two values: EFI_SUCCESS and EFI_ACCESS_DENIED. +Furthermore, the variable is only consumed with EFI_ERROR(). + +Therefore, using the EFI_STATUS type for the variable is unnecessary. +Worse, given the complex meanings of the function's return values, using +EFI_STATUS for "VerifyStatus" is actively confusing. + +Rename the variable to "IsVerified", and make it a simple BOOLEAN. + +This patch is a no-op, regarding behavior. + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-2-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit 1e0f973b65c34841288c25fd441a37eec8a30ac7) + +Signed-off-by: Miroslav Rezanina +--- + .../DxeImageVerificationLib.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index a0a12b5..5afd723 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1563,7 +1563,7 @@ DxeImageVerificationHandler ( + { + EFI_STATUS Status; + EFI_IMAGE_DOS_HEADER *DosHdr; +- EFI_STATUS VerifyStatus; ++ BOOLEAN IsVerified; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + EFI_SIGNATURE_DATA *Signature; +@@ -1588,7 +1588,7 @@ DxeImageVerificationHandler ( + PkcsCertData = NULL; + Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED; + Status = EFI_ACCESS_DENIED; +- VerifyStatus = EFI_ACCESS_DENIED; ++ IsVerified = FALSE; + + + // +@@ -1812,16 +1812,16 @@ DxeImageVerificationHandler ( + // + if (IsForbiddenByDbx (AuthData, AuthDataSize)) { + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED; +- VerifyStatus = EFI_ACCESS_DENIED; ++ IsVerified = FALSE; + break; + } + + // + // Check the digital signature against the valid certificate in allowed database (db). + // +- if (EFI_ERROR (VerifyStatus)) { ++ if (!IsVerified) { + if (IsAllowedByDb (AuthData, AuthDataSize)) { +- VerifyStatus = EFI_SUCCESS; ++ IsVerified = TRUE; + } + } + +@@ -1831,11 +1831,11 @@ DxeImageVerificationHandler ( + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) { + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND; + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr)); +- VerifyStatus = EFI_ACCESS_DENIED; ++ IsVerified = FALSE; + break; +- } else if (EFI_ERROR (VerifyStatus)) { ++ } else if (!IsVerified) { + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) { +- VerifyStatus = EFI_SUCCESS; ++ IsVerified = TRUE; + } else { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr)); + } +@@ -1846,10 +1846,10 @@ DxeImageVerificationHandler ( + // + // The Size in Certificate Table or the attribute certificate table is corrupted. + // +- VerifyStatus = EFI_ACCESS_DENIED; ++ IsVerified = FALSE; + } + +- if (!EFI_ERROR (VerifyStatus)) { ++ if (IsVerified) { + return EFI_SUCCESS; + } else { + Status = EFI_ACCESS_DENIED; +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch new file mode 100644 index 0000000..ef9d48e --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch @@ -0,0 +1,139 @@ +From 3e06fe42d63856e48c6457dbb7e816b82416c9ca Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:44 +0100 +Subject: [PATCH 08/12] SecurityPkg/DxeImageVerificationHandler: unnest + AddImageExeInfo() call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-9-lersek@redhat.com> +Patchwork-id: 93610 +O-Subject: [RHEL-8.2.0 edk2 PATCH 08/12] SecurityPkg/DxeImageVerificationHandler: unnest AddImageExeInfo() call +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +Before the "Done" label at the end of DxeImageVerificationHandler(), we +now have a single access to "Status": we set "Status" to EFI_ACCESS_DENIED +at the top of the function. Therefore, the (Status != EFI_SUCCESS) +condition is always true under the "Done" label. + +Accordingly, unnest the AddImageExeInfo() call dependent on that +condition, remove the condition, and also rename the "Done" label to +"Failed". + +Functionally, this patch is a no-op. It's easier to review with: + + git show -b -W + +Cc: Chao Zhang +Cc: Jian J Wang +Cc: Jiewen Yao +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2129 +Signed-off-by: Laszlo Ersek +Message-Id: <20200116190705.18816-8-lersek@redhat.com> +Reviewed-by: Michael D Kinney +[lersek@redhat.com: replace EFI_D_INFO w/ DEBUG_INFO for PatchCheck.py] +[lersek@redhat.com: push with Mike's R-b due to Chinese New Year + Holiday: ; msgid + ] +(cherry picked from commit c602e97446a8e818bf09182f5dc9f3fa409ece95) + +Signed-off-by: Miroslav Rezanina +--- + .../DxeImageVerificationLib.c | 34 ++++++++++------------ + 1 file changed, 16 insertions(+), 18 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index 6ccce1f..51968bd 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -1676,7 +1676,7 @@ DxeImageVerificationHandler ( + // The information can't be got from the invalid PeImage + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: PeImage invalid. Cannot retrieve image information.\n")); +- goto Done; ++ goto Failed; + } + + DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; +@@ -1698,7 +1698,7 @@ DxeImageVerificationHandler ( + // It is not a valid Pe/Coff file. + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Not a valid PE/COFF image.\n")); +- goto Done; ++ goto Failed; + } + + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { +@@ -1729,7 +1729,7 @@ DxeImageVerificationHandler ( + // + if (!HashPeImage (HASHALG_SHA256)) { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Failed to hash this image using %s.\n", mHashTypeStr)); +- goto Done; ++ goto Failed; + } + + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) { +@@ -1737,7 +1737,7 @@ DxeImageVerificationHandler ( + // Image Hash is in forbidden database (DBX). + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is forbidden by DBX.\n", mHashTypeStr)); +- goto Done; ++ goto Failed; + } + + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) { +@@ -1751,7 +1751,7 @@ DxeImageVerificationHandler ( + // Image Hash is not found in both forbidden and allowed database. + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is not found in DB/DBX.\n", mHashTypeStr)); +- goto Done; ++ goto Failed; + } + + // +@@ -1860,7 +1860,7 @@ DxeImageVerificationHandler ( + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + if (SignatureList == NULL) { +- goto Done; ++ goto Failed; + } + SignatureList->SignatureHeaderSize = 0; + SignatureList->SignatureListSize = (UINT32) SignatureListSize; +@@ -1870,19 +1870,17 @@ DxeImageVerificationHandler ( + CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); + } + +-Done: +- if (Status != EFI_SUCCESS) { +- // +- // Policy decides to defer or reject the image; add its information in image executable information table. +- // +- NameStr = ConvertDevicePathToText (File, FALSE, TRUE); +- AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); +- if (NameStr != NULL) { +- DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr)); +- FreePool(NameStr); +- } +- Status = EFI_SECURITY_VIOLATION; ++Failed: ++ // ++ // Policy decides to defer or reject the image; add its information in image executable information table. ++ // ++ NameStr = ConvertDevicePathToText (File, FALSE, TRUE); ++ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); ++ if (NameStr != NULL) { ++ DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr)); ++ FreePool(NameStr); + } ++ Status = EFI_SECURITY_VIOLATION; + + if (SignatureList != NULL) { + FreePool (SignatureList); +-- +1.8.3.1 + diff --git a/SOURCES/edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch b/SOURCES/edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch new file mode 100644 index 0000000..578487c --- /dev/null +++ b/SOURCES/edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch @@ -0,0 +1,103 @@ +From 7f364d9a95905efee0a8b46e4108042aaebe7849 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 31 Jan 2020 12:42:37 +0100 +Subject: [PATCH 01/12] SecurityPkg: Fix spelling errors [PARTIAL PICK] +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200131124248.22369-2-lersek@redhat.com> +Patchwork-id: 93612 +O-Subject: [RHEL-8.2.0 edk2 PATCH 01/12] SecurityPkg: Fix spelling errors [PARTIAL PICK] +Bugzilla: 1751993 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +From: Sean Brogan + +--v-- RHEL-8 note start --v-- + +This is a partial cherry-pick, restricted to +"SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c". + +The upstream patch has a super-ugly diffstat (81 files changed, 205 +insertions(+), 205 deletions(-)), fixing spelling errors all over +SecurityPkg in one go. It doesn't apply cleanly down-stream, and I don't +want to pick more (unrelated) SecurityPkg dependencies for this backport +series. + +Thus, the only alternative to this partial cherry-pick would be resolving +conflicts over the rest of this series. That's obviously worse than a +partial typo fix backport. At the next rebase, we're going to drop this +patch and the rest of the backport series alike, anyway. + +--^-- RHEL-8 note end --^-- + +https://bugzilla.tianocore.org/show_bug.cgi?id=2265 + +Cc: Jiewen Yao +Cc: Jian J Wang +Cc: Chao Zhang +Signed-off-by: Michael D Kinney +Reviewed-by: Jiewen Yao +Reviewed-by: Jian J Wang +(cherry picked from commit d6b926e76e3d639ac37610e97d33ff9e3a6281eb) +Signed-off-by: Laszlo Ersek +Signed-off-by: Miroslav Rezanina +--- + .../Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +index fe4cdcc..a0a12b5 100644 +--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c ++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +@@ -745,7 +745,7 @@ AddImageExeInfo ( + if (ImageExeInfoTable != NULL) { + // + // The table has been found! +- // We must enlarge the table to accomodate the new exe info entry. ++ // We must enlarge the table to accommodate the new exe info entry. + // + ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable); + } else { +@@ -947,7 +947,7 @@ Done: + + @param[in] VariableName Name of database variable that is searched in. + @param[in] Signature Pointer to signature that is searched for. +- @param[in] CertType Pointer to hash algrithom. ++ @param[in] CertType Pointer to hash algorithm. + @param[in] SignatureSize Size of Signature. + + @return TRUE Found the signature in the variable database. +@@ -992,7 +992,7 @@ IsSignatureFoundInDatabase ( + goto Done; + } + // +- // Enumerate all signature data in SigDB to check if executable's signature exists. ++ // Enumerate all signature data in SigDB to check if signature exists for executable. + // + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { +@@ -1844,7 +1844,7 @@ DxeImageVerificationHandler ( + + if (OffSet != (SecDataDir->VirtualAddress + SecDataDir->Size)) { + // +- // The Size in Certificate Table or the attribute certicate table is corrupted. ++ // The Size in Certificate Table or the attribute certificate table is corrupted. + // + VerifyStatus = EFI_ACCESS_DENIED; + } +@@ -1855,7 +1855,7 @@ DxeImageVerificationHandler ( + Status = EFI_ACCESS_DENIED; + if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { + // +- // Get image hash value as executable's signature. ++ // Get image hash value as signature of executable. + // + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); +-- +1.8.3.1 + diff --git a/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch b/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch new file mode 100644 index 0000000..627d458 --- /dev/null +++ b/SOURCES/edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch @@ -0,0 +1,152 @@ +From 2613601640be75f79e9dd8d2db21ad45d227d907 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Fri, 17 Jan 2020 11:33:43 +0100 +Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: fix 2M->4K page splitting + regression for PDEs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek +Message-id: <20200117113343.30392-2-lersek@redhat.com> +Patchwork-id: 93389 +O-Subject: [RHEL-8.2.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: fix 2M->4K page splitting regression for PDEs +Bugzilla: 1789335 +RH-Acked-by: Philippe Mathieu-Daudé +RH-Acked-by: Vitaly Kuznetsov + +In commit 4eee0cc7cc0d ("UefiCpuPkg/PiSmmCpu: Enable 5 level paging when +CPU supports", 2019-07-12), the Page Directory Entry setting was regressed +(corrupted) when splitting a 2MB page to 512 4KB pages, in the +InitPaging() function. + +Consider the following hunk, displayed with + +$ git show --function-context --ignore-space-change 4eee0cc7cc0db + +> // +> // If it is 2M page, check IsAddressSplit() +> // +> if (((*Pd & IA32_PG_PS) != 0) && IsAddressSplit (Address)) { +> // +> // Based on current page table, create 4KB page table for split area. +> // +> ASSERT (Address == (*Pd & PHYSICAL_ADDRESS_MASK)); +> +> Pt = AllocatePageTableMemory (1); +> ASSERT (Pt != NULL); +> +> + *Pd = (UINTN) Pt | IA32_PG_RW | IA32_PG_P; +> + +> // Split it +> - for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++) { +> - Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS); +> + for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++, Pt++) { +> + *Pt = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS); +> } // end for PT +> *Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS; +> } // end if IsAddressSplit +> } // end for PD + +First, the new assignment to the Page Directory Entry (*Pd) is +superfluous. That's because (a) we set (*Pd) after the Page Table Entry +loop anyway, and (b) here we do not attempt to access the memory starting +at "Address" (which is mapped by the original value of the Page Directory +Entry). + +Second, appending "Pt++" to the incrementing expression of the PTE loop is +a bug. It causes "Pt" to point *right past* the just-allocated Page Table, +once we finish the loop. But the PDE assignment that immediately follows +the loop assumes that "Pt" still points to the *start* of the new Page +Table. + +The result is that the originally mapped 2MB page disappears from the +processor's view. The PDE now points to a "Page Table" that is filled with +garbage. The random entries in that "Page Table" will cause some virtual +addresses in the original 2MB area to fault. Other virtual addresses in +the same range will no longer have a 1:1 physical mapping, but be +scattered over random physical page frames. + +The second phase of the InitPaging() function ("Go through page table and +set several page table entries to absent or execute-disable") already +manipulates entries in wrong Page Tables, for such PDEs that got split in +the first phase. + +This issue has been caught as follows: + +- OVMF is started with 2001 MB of guest RAM. + +- This places the main SMRAM window at 0x7C10_1000. + +- The SMRAM management in the SMM Core links this SMRAM window into + "mSmmMemoryMap", with a FREE_PAGE_LIST record placed at the start of the + area. + +- At "SMM Ready To Lock" time, PiSmmCpuDxeSmm calls InitPaging(). The + first phase (quoted above) decides to split the 2MB page at 0x7C00_0000 + into 512 4KB pages, and corrupts the PDE. The new Page Table is + allocated at 0x7CE0_D000, but the PDE is set to 0x7CE0_E000 (plus + attributes 0x67). + +- Due to the corrupted PDE, the second phase of InitPaging() already looks + up the PTE for Address=0x7C10_1000 in the wrong place. The second phase + goes on to mark bogus PTEs as "NX". + +- PiSmmCpuDxeSmm calls SetMemMapAttributes(). Address 0x7C10_1000 is at + the base of the SMRAM window, therefore it happens to be listed in the + SMRAM map as an EfiConventionalMemory region. SetMemMapAttributes() + calls SmmSetMemoryAttributes() to mark the region as XP. However, + GetPageTableEntry() in ConvertMemoryPageAttributes() fails -- address + 0x7C10_1000 is no longer mapped by anything! -- and so the attribute + setting fails with RETURN_UNSUPPORTED. This error goes unnoticed, as + SetMemMapAttributes() ignores the return value of + SmmSetMemoryAttributes(). + +- When SetMemMapAttributes() reaches another entry in the SMRAM map, + ConvertMemoryPageAttributes() decides it needs to split a 2MB page, and + calls SplitPage(). + +- SplitPage() calls AllocatePageTableMemory() for the new Page Table, + which takes us to InternalAllocMaxAddress() in the SMM Core. + +- The SMM core attempts to read the FREE_PAGE_LIST record at 0x7C10_1000. + Because this virtual address is no longer mapped, the firmware crashes + in InternalAllocMaxAddress(), when accessing (Pages->NumberOfPages). + +Remove the useless assignment to (*Pd) from before the loop. Revert the +loop incrementing and the PTE assignment to the known good version. + +Cc: Eric Dong +Cc: Ray Ni +Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1789335 +Fixes: 4eee0cc7cc0db74489b99c19eba056b53eda6358 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Reviewed-by: Ray Ni +(cherry picked from commit a5235562444021e9c5aff08f45daa6b5b7952c7a) +Signed-off-by: Miroslav Rezanina +--- + UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +index c513152..c47b557 100644 +--- a/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c ++++ b/UefiCpuPkg/PiSmmCpuDxeSmm/SmmProfile.c +@@ -657,11 +657,9 @@ InitPaging ( + Pt = AllocatePageTableMemory (1); + ASSERT (Pt != NULL); + +- *Pd = (UINTN) Pt | IA32_PG_RW | IA32_PG_P; +- + // Split it +- for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++, Pt++) { +- *Pt = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS); ++ for (PtIndex = 0; PtIndex < SIZE_4KB / sizeof(*Pt); PtIndex++) { ++ Pt[PtIndex] = Address + ((PtIndex << 12) | mAddressEncMask | PAGE_ATTRIBUTE_BITS); + } // end for PT + *Pd = (UINT64)(UINTN)Pt | mAddressEncMask | PAGE_ATTRIBUTE_BITS; + } // end if IsAddressSplit +-- +1.8.3.1 + diff --git a/SOURCES/ovmf-vars-generator b/SOURCES/ovmf-vars-generator index 06d0396..111e438 100755 --- a/SOURCES/ovmf-vars-generator +++ b/SOURCES/ovmf-vars-generator @@ -1,4 +1,4 @@ -#!/bin/python +#!/bin/python3 # Copyright (C) 2017 Red Hat # Authors: # - Patrick Uiterwijk @@ -32,13 +32,23 @@ def generate_qemu_cmd(args, readonly, *extra_args): else: machinetype = 'q35,smm=on' machinetype += ',accel=%s' % ('kvm' if args.enable_kvm else 'tcg') + + if args.oem_string is None: + oemstrings = [] + else: + oemstring_values = [ + ",value=" + s.replace(",", ",,") for s in args.oem_string ] + oemstrings = [ + '-smbios', + "type=11" + ''.join(oemstring_values) ] + return [ args.qemu_binary, '-machine', machinetype, '-display', 'none', '-no-user-config', '-nodefaults', - '-m', '256', + '-m', '768', '-smp', '2,sockets=2,cores=1,threads=1', '-chardev', 'pty,id=charserial1', '-device', 'isa-serial,chardev=charserial1,id=serial1', @@ -50,7 +60,7 @@ def generate_qemu_cmd(args, readonly, *extra_args): '-drive', 'file=%s,if=pflash,format=raw,unit=1,readonly=%s' % ( args.out_temp, 'on' if readonly else 'off'), - '-serial', 'stdio'] + list(extra_args) + '-serial', 'stdio'] + oemstrings + list(extra_args) def download(url, target, suffix, no_download): @@ -98,6 +108,10 @@ def enroll_keys(args): read = p.stdout.readline() if b'char device redirected' in read: read = p.stdout.readline() + # Skip passed QEMU warnings, like the following one we see in Ubuntu: + # qemu-system-x86_64: warning: TCG doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5] + while b'qemu-system-x86_64: warning:' in read: + read = p.stdout.readline() if args.print_output: print(strip_special(read), end='') print() @@ -213,6 +227,14 @@ def parse_args(): 'used for testing, could undermine Secure ' 'Boot.'), action='store_true') + parser.add_argument('--oem-string', + help=('Pass the argument to the guest as a string in ' + 'the SMBIOS Type 11 (OEM Strings) table. ' + 'Multiple occurrences of this option are ' + 'collected into a single SMBIOS Type 11 table. ' + 'A pure ASCII string argument is strongly ' + 'suggested.'), + action='append') args = parser.parse_args() args.kernel_url = args.kernel_url % {'version': args.fedora_version} diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 85fe4fd..562882d 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -1,16 +1,16 @@ ExclusiveArch: x86_64 aarch64 -%define GITDATE 20190308 -%define GITCOMMIT 89910a39dcfd +%define GITDATE 20190829 +%define GITCOMMIT 37eef91017ad %define TOOLCHAIN GCC5 -%define OPENSSL_VER 1.1.0i +%define OPENSSL_VER 1.1.1c Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 6%{?dist} +Release: 9%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators -License: BSD and OpenSSL and MIT +License: BSD-2-Clause-Patent and OpenSSL and MIT URL: http://www.tianocore.org # The source tarball is created using following commands: @@ -19,43 +19,88 @@ URL: http://www.tianocore.org # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz +Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb +Source5: RedHatSecureBootPkKek1.pem Source10: edk2-aarch64-verbose.json Source11: edk2-aarch64.json Source12: edk2-ovmf-sb.json Source13: edk2-ovmf.json -Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch -Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch -Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch -Patch0006: 0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch -Patch0007: 0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch -Patch0008: 0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch -Patch0009: 0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch -Patch0010: 0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch -Patch0011: 0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch -Patch0012: 0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch -Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch -Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch -Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch -Patch0016: 0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch -Patch0017: 0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch -Patch0018: 0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch -Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch -Patch0026: 0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch -# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size -Patch27: edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch -# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size -Patch28: edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch -# For bz#1714446 - edk2-aarch64 silent build is not silent enough -Patch29: edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch -# For bz#1714446 - edk2-aarch64 silent build is not silent enough -Patch30: edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch -# For bz#1714446 - edk2-aarch64 silent build is not silent enough -Patch31: edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch +Patch0001: 0001-CryptoPkg-OpensslLib-Update-process_files.pl-to-gene.patch +Patch0002: 0002-CryptoPkg-Upgrade-OpenSSL-to-1.1.1d.patch +Patch0006: 0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +Patch0007: 0007-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +Patch0008: 0008-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +Patch0009: 0009-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +Patch0010: 0010-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +Patch0011: 0011-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +Patch0012: 0012-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch +Patch0013: 0013-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +Patch0014: 0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +Patch0015: 0015-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +Patch0016: 0016-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +Patch0017: 0017-ArmVirtPkg-set-early-hello-message-RH-only.patch +Patch0018: 0018-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +Patch0019: 0019-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +Patch0020: 0020-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +Patch0021: 0021-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +Patch0022: 0022-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch0033: 0033-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch34: edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch35: edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch36: edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch37: edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch38: edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch39: edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch40: edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch +# For bz#1536624 - HTTPS enablement in OVMF +Patch41: edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch +# For bz#1789797 - Backport upstream patch series: "UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads" to improve HTTP(S) Boot experience with large (4GiB+) files +Patch42: edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch +# For bz#1789797 - Backport upstream patch series: "UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads" to improve HTTP(S) Boot experience with large (4GiB+) files +Patch43: edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch +# For bz#1789335 - VM with edk2 can't boot when setting memory with '-m 2001' +Patch44: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch45: edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch46: edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch47: edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch48: edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch49: edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch50: edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch51: edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch52: edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch53: edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch54: edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch55: edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch +# For bz#1751993 - DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8] +Patch56: edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch +# For bz#1801274 - CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8] +Patch57: edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch +# For bz#1801274 - CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8] +Patch58: edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch +# For bz#1806359 - bochs-display cannot show graphic wihout driver attach +Patch59: edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch # python3-devel and libuuid-devel are required for building tools. @@ -78,11 +123,11 @@ BuildRequires: genisoimage # For generating the variable store template with the default certificates # enrolled, we need qemu-kvm. -BuildRequires: qemu-kvm +BuildRequires: qemu-kvm >= 2.12.0-89 # For verifying SB enablement in the above variable store template, we need a # guest kernel that prints "Secure boot enabled". -BuildRequires: kernel-core +BuildRequires: kernel-core >= 4.18.0-161 BuildRequires: rpmdevtools %package ovmf @@ -94,7 +139,7 @@ Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7 # OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL # library. Provides: bundled(openssl) = %{OPENSSL_VER} -License: BSD and OpenSSL +License: BSD-2-Clause-Patent and OpenSSL # URL taken from the Maintainers.txt file. URL: http://www.tianocore.org/ovmf/ @@ -113,7 +158,7 @@ Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7 # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack. Provides: bundled(openssl) = %{OPENSSL_VER} -License: BSD and OpenSSL +License: BSD-2-Clause-Patent and OpenSSL # URL taken from the Maintainers.txt file. URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg @@ -127,7 +172,7 @@ package contains a 64-bit build. %package tools Summary: EFI Development Kit II Tools Group: Development/Tools -License: BSD +License: BSD-2-Clause-Patent URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools %description tools This package provides tools that are needed to @@ -137,7 +182,7 @@ build EFI executables and ROMs using the GNU tools. Summary: Documentation for EFI Development Kit II Tools Group: Development/Tools BuildArch: noarch -License: BSD +License: BSD-2-Clause-Patent URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools %description tools-doc This package documents the tools that are needed to @@ -151,9 +196,6 @@ environment for the UEFI and PI specifications. This package contains sample %prep %setup -q -n edk2-%{GITCOMMIT} -# Ensure binary packages are not used -rm -rf ShellBinPkg - %{lua: tmp = os.tmpname(); f = io.open(tmp, "w+"); @@ -193,6 +235,18 @@ cp -a -- %{SOURCE1} %{SOURCE3} . cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x +# Format the Red Hat-issued certificate that is to be enrolled as both Platform +# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping +# the PEM header and footer, and prepending the textual representation of the +# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi", +# plus the separator ":". For details, see +# comments 2, 7, 14. +sed \ + -e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \ + -e '/^-----END CERTIFICATE-----$/d' \ + %{SOURCE5} \ + > PkKek1.oemstr + # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . @@ -212,6 +266,7 @@ fi CC_FLAGS="$CC_FLAGS --cmd-len=65536 -t %{TOOLCHAIN} -b DEBUG --hash" CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE" +CC_FLAGS="$CC_FLAGS -D NETWORK_HTTP_BOOT_ENABLE -D NETWORK_TLS_ENABLE" %ifarch x86_64 # Build with neither SB nor SMM; include UEFI shell. @@ -267,6 +322,7 @@ cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ --ovmf-binary Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_CODE.fd \ --ovmf-template-vars Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ --uefi-shell-iso UefiShell.iso \ + --oem-string "$(< PkKek1.oemstr)" \ --skip-testing \ OVMF_VARS.secboot.fd @@ -286,7 +342,7 @@ build ${CC_FLAGS} -a AARCH64 \ %install -cp -a License.txt License.edk2.txt +cp -a OvmfPkg/License.txt License.OvmfPkg.txt mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware %ifarch x86_64 @@ -395,8 +451,9 @@ install BaseTools/Scripts/GccBase.lds \ %endif %defattr(-,root,root,-) -%license License.edk2.txt -%license OvmfPkg/License.txt +%license License.txt +%license License.OvmfPkg.txt +%license License-History.txt %license LICENSE.openssl %dir %{_datadir}/%{name}/ %dir %{_datadir}/qemu @@ -442,6 +499,7 @@ install BaseTools/Scripts/GccBase.lds \ %files tools %license License.txt +%license License-History.txt %{_bindir}/Brotli %{_bindir}/DevicePath %{_bindir}/EfiRom @@ -488,6 +546,73 @@ true %endif %changelog +* Fri Mar 27 2020 Miroslav Rezanina - 20190829git37eef91017ad-9.el8 +- edk2-OvmfPkg-QemuVideoDxe-unbreak-secondary-vga-and-bochs.patch [bz#1806359] +- Resolves: bz#1806359 + (bochs-display cannot show graphic wihout driver attach) + +* Tue Feb 18 2020 Miroslav Rezanina - 20190829git37eef91017ad-8.el8 +- edk2-MdeModulePkg-Enable-Disable-S3BootScript-dynamically.patch [bz#1801274] +- edk2-MdeModulePkg-PiDxeS3BootScriptLib-Fix-potential-nume.patch [bz#1801274] +- Resolves: bz#1801274 + (CVE-2019-14563 edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib [rhel-8]) + +* Tue Feb 11 2020 Miroslav Rezanina - 20190829git37eef91017ad-7.el8 +- edk2-SecurityPkg-Fix-spelling-errors-PARTIAL-PICK.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-simplify-Ver.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-remove-else-.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-keep-PE-COFF.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-narrow-down-.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-o.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-remove-super.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-unnest-AddIm.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-eliminate-St.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-fix-retval-f.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-fix-imgexec-.patch [bz#1751993] +- edk2-SecurityPkg-DxeImageVerificationHandler-fix-defer-vs.patch [bz#1751993] +- Resolves: bz#1751993 + (DxeImageVerificationLib handles "DENY execute on security violation" like "DEFER execute on security violation" [rhel8]) + +* Tue Jan 21 2020 Miroslav Rezanina - 20190829git37eef91017ad-6.el8 +- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-fix-2M-4K-page-splitting-r.patch [bz#1789335] +- Resolves: bz#1789335 + (VM with edk2 can't boot when setting memory with '-m 2001') + +* Thu Jan 16 2020 Miroslav Rezanina - 20190829git37eef91017ad-5.el8 +- edk2-MdeModulePkg-UefiBootManagerLib-log-reserved-mem-all.patch [bz#1789797] +- edk2-NetworkPkg-HttpDxe-fix-32-bit-truncation-in-HTTPS-do.patch [bz#1789797] +- Resolves: bz#1789797 + (Backport upstream patch series: "UefiBootManagerLib, HttpDxe: tweaks for large HTTP(S) downloads" to improve HTTP(S) Boot experience with large (4GiB+) files) + +* Wed Dec 11 2019 Miroslav Rezanina - 20190829git37eef91017ad-4.el8 +- edk2-redhat-set-guest-RAM-size-to-768M-for-SB-varstore-te.patch [bz#1778301] +- edk2-redhat-re-enable-Secure-Boot-varstore-template-verif.patch [bz#1778301] +- Resolves: bz#1778301 + (re-enable Secure Boot (varstore template) verification in %check) + +* Thu Dec 05 2019 Miroslav Rezanina - 20190829git37eef91017ad-3.el8 +- Update used openssl version [bz#1616029] +- Resolves: bz#1616029 + (rebuild edk2 against the final RHEL-8.2.0 version of OpenSSL-1.1.1) + +* Mon Dec 02 2019 Miroslav Rezanina - 20190829git37eef91017ad-2.el8 +- edk2-MdePkg-Include-Protocol-Tls.h-Add-the-data-type-of-E.patch [bz#1536624] +- edk2-CryptoPkg-TlsLib-Add-the-new-API-TlsSetVerifyHost-CV.patch [bz#1536624] +- edk2-CryptoPkg-Crt-turn-strchr-into-a-function-CVE-2019-1.patch [bz#1536624] +- edk2-CryptoPkg-Crt-satisfy-inet_pton.c-dependencies-CVE-2.patch [bz#1536624] +- edk2-CryptoPkg-Crt-import-inet_pton.c-CVE-2019-14553.patch [bz#1536624] +- edk2-CryptoPkg-TlsLib-TlsSetVerifyHost-parse-IP-address-l.patch [bz#1536624] +- edk2-NetworkPkg-TlsDxe-Add-the-support-of-host-validation.patch [bz#1536624] +- edk2-NetworkPkg-HttpDxe-Set-the-HostName-for-the-verifica.patch [bz#1536624] +- edk2-redhat-enable-HTTPS-Boot.patch [bz#1536624] +- Resolves: bz#1536624 + (HTTPS enablement in OVMF) + +* Fri Nov 29 2019 Miroslav Rezanina - 20190829git37eef91017ad-1.el8 +- Rebase to edk2-stable201908 [bz#1748180] +- Resolves: bz#1748180 + ((edk2-rebase-rhel-8.2) - rebase edk2 to upstream tag edk2-stable201908 for RHEL-8.2) + * Mon Aug 05 2019 Miroslav Rezanina - 20190308git89910a39dcfd-6.el8 - edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch [bz#1714446] - edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch [bz#1714446]