diff --git a/.edk2.metadata b/.edk2.metadata index abc14ec..7618d45 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ -b44cc7e0fda9dd4121d935975520b7cbd26ee4d0 SOURCES/edk2-ee3198e672e2.tar.xz -906190b6a6a794da4c1ccb7fc1c05bf97ddde77a SOURCES/openssl-fedora-264133c642cdb6fc916f1d9bba9db4cb4cd4a17c.tar.xz +87a87bbfca0e751b2840f74b0612e2f0dad70535 SOURCES/edk2-89910a39dcfd.tar.xz +f0655dec5d8d815956bab417fcdb25e6da7e21b8 SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz diff --git a/.gitignore b/.gitignore index 21c5827..549c44d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/edk2-ee3198e672e2.tar.xz -SOURCES/openssl-fedora-264133c642cdb6fc916f1d9bba9db4cb4cd4a17c.tar.xz +SOURCES/edk2-89910a39dcfd.tar.xz +SOURCES/openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz diff --git a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch index d9d971b..cf06037 100644 --- a/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch +++ b/SOURCES/0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch @@ -1,8 +1,27 @@ -From 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d Mon Sep 17 00:00:00 2001 +From 727c11ecd9f34990312e14f239e6238693619849 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 11 Jun 2014 23:33:33 +0200 Subject: advertise OpenSSL on TianoCore splash screen / boot logo (RHEL only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- Upstream edk2 removed the obsoleted network drivers in MdeModulePkg. The + OvmfPkg platforms were adapted in commit d2f1f6423bd1 ("OvmfPkg: Replace + obsoleted network drivers from platform DSC/FDF.", 2018-11-06). The + ArmVirtPkg platforms were adapted in commit 9a67ba261fe9 ("ArmVirtPkg: + Replace obsoleted network drivers from platform DSC/FDF.", 2018-12-14). + + Consequently, because the NetworkPkg iSCSI driver requires OpenSSL + unconditionally, as explained in + , this patch now + builds LogoOpenSSLDxe unconditionally, squashing and updating previous + downstream commits + + - 8e8ea8811e26 advertise OpenSSL on TianoCore splash screen / boot logo + (RHEL only) + - 02ed2c501cdd advertise OpenSSL due to IPv6 enablement too (RHEL only) + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -103,71 +122,64 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 32192c62e289f261f5ce74acee48e5a94561f10b) (cherry picked from commit 33a710cd613c2ca7d534b8401e2f9f2178af05be) (cherry picked from commit 0b2d90347cb016cc71c2de62e941a2a4ab0f35a3) +(cherry picked from commit 8e8ea8811e269cdb31103c70fcd91d2dcfb1755d) +Signed-off-by: Danilo C. L. de Paula --- - ArmVirtPkg/ArmVirtQemu.dsc | 4 +++ - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 4 +++ - ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 +++ + ArmVirtPkg/ArmVirtQemu.dsc | 2 +- + ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- MdeModulePkg/Logo/Logo-OpenSSL.bmp | Bin 0 -> 156342 bytes - MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++++++++++ - MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 +++++++++++++ - OvmfPkg/OvmfPkgIa32.dsc | 4 +++ - OvmfPkg/OvmfPkgIa32.fdf | 4 +++ - OvmfPkg/OvmfPkgIa32X64.dsc | 4 +++ - OvmfPkg/OvmfPkgIa32X64.fdf | 4 +++ - OvmfPkg/OvmfPkgX64.dsc | 4 +++ - OvmfPkg/OvmfPkgX64.fdf | 4 +++ - 13 files changed, 134 insertions(+) + MdeModulePkg/Logo/Logo-OpenSSL.idf | 15 +++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.inf | 61 +++++++++++++++++++++++++++ + MdeModulePkg/Logo/LogoOpenSSLDxe.uni | 22 ++++++++++ + OvmfPkg/OvmfPkgIa32.dsc | 2 +- + OvmfPkg/OvmfPkgIa32.fdf | 2 +- + OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- + OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- + OvmfPkg/OvmfPkgX64.dsc | 2 +- + OvmfPkg/OvmfPkgX64.fdf | 2 +- + 13 files changed, 107 insertions(+), 9 deletions(-) create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.bmp create mode 100644 MdeModulePkg/Logo/Logo-OpenSSL.idf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.inf create mode 100644 MdeModulePkg/Logo/LogoOpenSSLDxe.uni diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index d74feb7..7331597 100644 +index a77d71bcea..f2e5125494 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -329,7 +329,11 @@ +@@ -347,7 +347,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -+!if $(SECURE_BOOT_ENABLE) == TRUE +- MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - MdeModulePkg/Logo/LogoDxe.inf -+!endif MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 89f95b2..8941b7f 100644 +index 098d40b61b..ab799ca67f 100644 --- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc +++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -191,7 +191,11 @@ READ_LOCK_STATUS = TRUE +@@ -203,7 +203,7 @@ READ_LOCK_STATUS = TRUE # # TianoCore logo (splash screen) # -+!if $(SECURE_BOOT_ENABLE) == TRUE +- INF MdeModulePkg/Logo/LogoDxe.inf + INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - INF MdeModulePkg/Logo/LogoDxe.inf -+!endif # # Ramdisk support diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 1e823ae..1981aae 100644 +index 1e5388ae70..d2b3f24394 100644 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -318,7 +318,11 @@ +@@ -331,7 +331,7 @@ MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf MdeModulePkg/Universal/BdsDxe/BdsDxe.inf -+!if $(SECURE_BOOT_ENABLE) == TRUE +- MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - MdeModulePkg/Logo/LogoDxe.inf -+!endif MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf @@ -393,7 +405,7 @@ HcmV?d00001 diff --git a/MdeModulePkg/Logo/Logo-OpenSSL.idf b/MdeModulePkg/Logo/Logo-OpenSSL.idf new file mode 100644 -index 0000000..a80de29 +index 0000000000..a80de29a63 --- /dev/null +++ b/MdeModulePkg/Logo/Logo-OpenSSL.idf @@ -0,0 +1,15 @@ @@ -414,7 +426,7 @@ index 0000000..a80de29 +#image IMG_LOGO Logo-OpenSSL.bmp diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.inf b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf new file mode 100644 -index 0000000..2f79d87 +index 0000000000..2f79d873e2 --- /dev/null +++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.inf @@ -0,0 +1,61 @@ @@ -481,7 +493,7 @@ index 0000000..2f79d87 + LogoDxeExtra.uni diff --git a/MdeModulePkg/Logo/LogoOpenSSLDxe.uni b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni new file mode 100644 -index 0000000..7227ac3 +index 0000000000..7227ac3910 --- /dev/null +++ b/MdeModulePkg/Logo/LogoOpenSSLDxe.uni @@ -0,0 +1,22 @@ @@ -508,101 +520,83 @@ index 0000000..7227ac3 +#string STR_MODULE_DESCRIPTION #language en-US "This module provides the logo bitmap picture (with OpenSSL advertisment) shown on setup screen, through EDKII Platform Logo protocol." + diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 2d6c4c4..a5bb2b0 100644 +index 5b885590b2..249b1d8dc0 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -687,7 +687,11 @@ +@@ -693,7 +693,7 @@ NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +- MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - MdeModulePkg/Logo/LogoDxe.inf -+!endif MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 0427ded..f552bc9 100644 +index 4999403ad7..be3d3b4d14 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -295,7 +295,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf +@@ -293,7 +293,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +-INF MdeModulePkg/Logo/LogoDxe.inf +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - INF MdeModulePkg/Logo/LogoDxe.inf -+!endif # # Network modules diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 43158c5..be8fee9 100644 +index bbf0853ee6..5ec186df4b 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -696,7 +696,11 @@ +@@ -702,7 +702,7 @@ NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +- MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - MdeModulePkg/Logo/LogoDxe.inf -+!endif MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 6df47f4..ee77ae1 100644 +index d0cc107928..b56160b3bf 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -296,7 +296,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf +@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +-INF MdeModulePkg/Logo/LogoDxe.inf +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - INF MdeModulePkg/Logo/LogoDxe.inf -+!endif # # Network modules diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index d1fdf7c..e224b0e 100644 +index d81460f520..29538ade4d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -694,7 +694,11 @@ +@@ -700,7 +700,7 @@ NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf !endif } -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +- MdeModulePkg/Logo/LogoDxe.inf + MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - MdeModulePkg/Logo/LogoDxe.inf -+!endif MdeModulePkg/Application/UiApp/UiApp.inf { NULL|MdeModulePkg/Library/DeviceManagerUiLib/DeviceManagerUiLib.inf diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 2e2a174..505d25d 100644 +index d0cc107928..b56160b3bf 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -296,7 +296,11 @@ INF ShellPkg/Application/Shell/Shell.inf - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf +@@ -294,7 +294,7 @@ INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf !endif + INF ShellPkg/Application/Shell/Shell.inf -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) +-INF MdeModulePkg/Logo/LogoDxe.inf +INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf -+!else - INF MdeModulePkg/Logo/LogoDxe.inf -+!endif # # Network modules -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch index 3b642b2..d046525 100644 --- a/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch +++ b/SOURCES/0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch @@ -1,8 +1,13 @@ -From 22c9b4e971c70c69b4adf8eb93133824ccb6426a Mon Sep 17 00:00:00 2001 +From a1260c9122c95bcbef1efc5eebe11902767813c2 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 20 Feb 2014 22:54:45 +0100 Subject: OvmfPkg: increase max debug message length to 512 (RHEL only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no changes + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -34,12 +39,14 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 29435a32ec9428720c74c454ce9817662e601fb6) (cherry picked from commit 58e1d1ebb78bfdaf05f4c6e8abf8d4908dfa038a) (cherry picked from commit 1df2c822c996ad767f2f45570ab2686458f7604a) +(cherry picked from commit 22c9b4e971c70c69b4adf8eb93133824ccb6426a) +Signed-off-by: Danilo C. L. de Paula --- OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c -index 36cde54..c0c4eae 100644 +index 36cde54976..c0c4eaee0f 100644 --- a/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c +++ b/OvmfPkg/Library/PlatformDebugLibIoPort/DebugLib.c @@ -27,7 +27,7 @@ @@ -52,5 +59,5 @@ index 36cde54..c0c4eae 100644 /** Prints a debug message to the debug output device if the specified error level is enabled. -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch index 8b95726..56de229 100644 --- a/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch +++ b/SOURCES/0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -1,8 +1,13 @@ -From 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e Mon Sep 17 00:00:00 2001 +From bd264265a99c60f45cadaa4109a9db59ae218471 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 12 Jun 2014 00:17:59 +0200 Subject: OvmfPkg: QemuVideoDxe: enable debug messages in VbeShim (RHEL only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no changes + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -42,13 +47,15 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit ed45b26dbeadd63dd8f2edf627290957d8bbb3b2) (cherry picked from commit 9a8a034ebc082f86fdbb54dc1303a5059508e14c) (cherry picked from commit 7046d6040181bb0f76a5ebd680e0dc701c895dba) +(cherry picked from commit 4dd1cc745bc9a8c8b32b5810b40743fed1e36d7e) +Signed-off-by: Danilo C. L. de Paula --- OvmfPkg/QemuVideoDxe/VbeShim.asm | 2 +- - OvmfPkg/QemuVideoDxe/VbeShim.h | 481 +++++++++++++++++++++++++-------------- + OvmfPkg/QemuVideoDxe/VbeShim.h | 481 ++++++++++++++++++++----------- 2 files changed, 308 insertions(+), 175 deletions(-) diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.asm b/OvmfPkg/QemuVideoDxe/VbeShim.asm -index 18fa920..f87ed5c 100644 +index 18fa9209d4..f87ed5cf30 100644 --- a/OvmfPkg/QemuVideoDxe/VbeShim.asm +++ b/OvmfPkg/QemuVideoDxe/VbeShim.asm @@ -18,7 +18,7 @@ @@ -61,7 +68,7 @@ index 18fa920..f87ed5c 100644 %macro DebugLog 1 %ifdef DEBUG diff --git a/OvmfPkg/QemuVideoDxe/VbeShim.h b/OvmfPkg/QemuVideoDxe/VbeShim.h -index cc9b6e1..325d647 100644 +index cc9b6e14cd..325d6478a1 100644 --- a/OvmfPkg/QemuVideoDxe/VbeShim.h +++ b/OvmfPkg/QemuVideoDxe/VbeShim.h @@ -517,185 +517,318 @@ STATIC CONST UINT8 mVbeShim[] = { @@ -558,5 +565,5 @@ index cc9b6e1..325d647 100644 }; #endif -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch index ab6086a..d76b4d9 100644 --- a/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch +++ b/SOURCES/0006-MdeModulePkg-TerminalDxe-add-other-text-resolutions-.patch @@ -1,8 +1,13 @@ -From 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37 Mon Sep 17 00:00:00 2001 +From 4e4e15b80a5b2103eadd495ef4a830d46dd4ed51 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 18:40:35 +0100 Subject: MdeModulePkg: TerminalDxe: add other text resolutions (RHEL only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -83,12 +88,14 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 99dc3720ac86059f60156197328cc433603c536e) (cherry picked from commit d2066c1748f885043026c51dec1bc8d6d406ae8f) (cherry picked from commit 1facdd58e946c584a3dc1e5be8f2f837b5a7c621) +(cherry picked from commit 28faeb5f94b4866b9da16cf2a1e4e0fc09a26e37) +Signed-off-by: Danilo C. L. de Paula --- - .../Universal/Console/TerminalDxe/Terminal.c | 41 ++++++++++++++++++++-- + .../Universal/Console/TerminalDxe/Terminal.c | 41 +++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c -index 66dd3ad..78a1983 100644 +index 66dd3ad550..78a198379a 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c +++ b/MdeModulePkg/Universal/Console/TerminalDxe/Terminal.c @@ -113,9 +113,44 @@ TERMINAL_DEV mTerminalDevTemplate = { @@ -140,5 +147,5 @@ index 66dd3ad..78a1983 100644 // New modes can be added here. // -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch index 1ba3a2e..39ea933 100644 --- a/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch +++ b/SOURCES/0007-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch @@ -1,9 +1,14 @@ -From 67415982afdc77922aa37496c981adeb4351acdb Mon Sep 17 00:00:00 2001 +From cfccb98d13e955beb0b93b4a75a973f30c273ffc Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 25 Feb 2014 22:40:01 +0100 Subject: MdeModulePkg: TerminalDxe: set xterm resolution on mode change (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -42,17 +47,19 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 2909e025db6878723b49644a8a0cf160d07e6444) (cherry picked from commit b9c5c901f25e48d68eef6e78a4abca00e153f574) (cherry picked from commit b7f6115b745de8cbc5214b6ede33c9a8558beb90) +(cherry picked from commit 67415982afdc77922aa37496c981adeb4351acdb) +Signed-off-by: Danilo C. L. de Paula --- - MdeModulePkg/MdeModulePkg.dec | 4 +++ - .../Universal/Console/TerminalDxe/TerminalConOut.c | 30 ++++++++++++++++++++++ - .../Universal/Console/TerminalDxe/TerminalDxe.inf | 2 ++ + MdeModulePkg/MdeModulePkg.dec | 4 +++ + .../Console/TerminalDxe/TerminalConOut.c | 30 +++++++++++++++++++ + .../Console/TerminalDxe/TerminalDxe.inf | 2 ++ 3 files changed, 36 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec -index cc39718..384d901 100644 +index a2130bc439..dcd118ba62 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec -@@ -1914,6 +1914,10 @@ +@@ -1968,6 +1968,10 @@ # @Prompt The address mask when memory encryption is enabled. gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask|0x0|UINT64|0x30001047 @@ -64,7 +71,7 @@ index cc39718..384d901 100644 ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c -index 5a83431..fbc1e0a 100644 +index 4d7218e415..295e7641a5 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalConOut.c @@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. @@ -76,10 +83,11 @@ index 5a83431..fbc1e0a 100644 #include "Terminal.h" // -@@ -87,6 +89,16 @@ CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; +@@ -86,6 +88,16 @@ CHAR16 mSetCursorPositionString[] = { ESC, '[', '0', '0', ';', '0', '0', 'H', 0 + CHAR16 mCursorForwardString[] = { ESC, '[', '0', '0', 'C', 0 }; CHAR16 mCursorBackwardString[] = { ESC, '[', '0', '0', 'D', 0 }; - // ++// +// Note that this is an ASCII format string, taking two INT32 arguments: +// rows, columns. +// @@ -89,10 +97,9 @@ index 5a83431..fbc1e0a 100644 +#define RESIZE_SEQ_SIZE (sizeof mResizeTextAreaFormatString + 2 * (11 - 2)) + + -+// + // // Body of the ConOut functions // - @@ -508,6 +520,24 @@ TerminalConOutSetMode ( return EFI_DEVICE_ERROR; } @@ -119,7 +126,7 @@ index 5a83431..fbc1e0a 100644 Status = This->ClearScreen (This); diff --git a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf -index 0780296..bd2ba82 100644 +index 15b4ac1c33..a704bc17e5 100644 --- a/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf +++ b/MdeModulePkg/Universal/Console/TerminalDxe/TerminalDxe.inf @@ -60,6 +60,7 @@ @@ -139,5 +146,5 @@ index 0780296..bd2ba82 100644 # [Event] # # Relative timer event set by UnicodeToEfiKey(), used to be one 2 seconds input timeout. -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch index a168378..4e62b6d 100644 --- a/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch +++ b/SOURCES/0008-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch @@ -1,8 +1,13 @@ -From 2ebf3cc2ae99275d63bb6efd3c22dec76251a853 Mon Sep 17 00:00:00 2001 +From f9b73437b9b231773c1a20e0c516168817a930a2 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 15:59:06 +0200 Subject: OvmfPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -31,6 +36,8 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 8abc2a6ddad25af7e88dc0cf57d55dfb75fbf92d) (cherry picked from commit b311932d3841c017a0f0fec553edcac365cc2038) (cherry picked from commit 61914fb81cf624c9028d015533b400b2794e52d3) +(cherry picked from commit 2ebf3cc2ae99275d63bb6efd3c22dec76251a853) +Signed-off-by: Danilo C. L. de Paula --- OvmfPkg/OvmfPkgIa32.dsc | 1 + OvmfPkg/OvmfPkgIa32X64.dsc | 1 + @@ -40,10 +47,10 @@ Signed-off-by: Laszlo Ersek 5 files changed, 5 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index a5bb2b0..b577767 100644 +index 249b1d8dc0..3f1da66aab 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -530,6 +530,7 @@ +@@ -531,6 +531,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -52,10 +59,10 @@ index a5bb2b0..b577767 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index be8fee9..a6a40be 100644 +index 5ec186df4b..9bb0a4cede 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -536,6 +536,7 @@ +@@ -537,6 +537,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -64,10 +71,10 @@ index be8fee9..a6a40be 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e224b0e..8bd3754 100644 +index 29538ade4d..3b7fc5328c 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -535,6 +535,7 @@ +@@ -536,6 +536,7 @@ # ($(SMM_REQUIRE) == FALSE) gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0 @@ -76,7 +83,7 @@ index e224b0e..8bd3754 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0 gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c -index 5a78668..544ac54 100644 +index 22139a64cb..64b8034117 100644 --- a/OvmfPkg/PlatformPei/Platform.c +++ b/OvmfPkg/PlatformPei/Platform.c @@ -670,6 +670,7 @@ InitializePlatform ( @@ -86,12 +93,12 @@ index 5a78668..544ac54 100644 + UPDATE_BOOLEAN_PCD_FROM_FW_CFG (PcdResizeXterm); } - AmdSevInitialize (); + InstallClearCacheCallback (); diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf -index 30ceb4b..016c067 100644 +index 5c8dd0fe6d..035ce249fe 100644 --- a/OvmfPkg/PlatformPei/PlatformPei.inf +++ b/OvmfPkg/PlatformPei/PlatformPei.inf -@@ -94,6 +94,7 @@ +@@ -96,6 +96,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableSize gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved gEfiMdeModulePkgTokenSpaceGuid.PcdPciDisableBusEnumeration @@ -100,5 +107,5 @@ index 30ceb4b..016c067 100644 gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch index e527385..c346ac8 100644 --- a/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch +++ b/SOURCES/0009-ArmVirtPkg-QemuFwCfgLib-allow-UEFI_DRIVER-client-mod.patch @@ -1,8 +1,13 @@ -From 762595334aa7ce88412cc77e136db9b41577a699 Mon Sep 17 00:00:00 2001 +From f372886be5f1c41677f168be77c484bae5841361 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 12 Apr 2016 20:50:25 +0200 Subject: ArmVirtPkg: QemuFwCfgLib: allow UEFI_DRIVER client modules (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -28,12 +33,14 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 5af259a93f4bbee5515ae18638068125e170f2cd) (cherry picked from commit 22b073005af491eef177ef5f80ffe71c1ebabb03) (cherry picked from commit f77f1e7dd6013f918c70e089c95b8f4166085fb9) +(cherry picked from commit 762595334aa7ce88412cc77e136db9b41577a699) +Signed-off-by: Danilo C. L. de Paula --- ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf -index eff4a21..adf1ff6 100644 +index eff4a21650..adf1ff6c6a 100644 --- a/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf +++ b/ArmVirtPkg/Library/QemuFwCfgLib/QemuFwCfgLib.inf @@ -22,7 +22,7 @@ @@ -46,5 +53,5 @@ index eff4a21..adf1ff6 100644 CONSTRUCTOR = QemuFwCfgInitialize -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch index 2d3ab45..15a01b3 100644 --- a/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch +++ b/SOURCES/0010-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch @@ -1,8 +1,13 @@ -From 9448b6b46267d8d807fac0c648e693171bb34806 Mon Sep 17 00:00:00 2001 +From 232fcf06f6b3048b7c2ebd6931f23186b3852f04 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Sun, 26 Jul 2015 08:02:50 +0000 Subject: ArmVirtPkg: take PcdResizeXterm from the QEMU command line (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -33,19 +38,21 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit d4564d39dfdbf74e762af43314005a2c026cb262) (cherry picked from commit c9081ebe3bcd28e5cce4bf58bd8d4fca12f9af7c) (cherry picked from commit 8e92730c8e1cdb642b3b3e680e643ff774a90c65) +(cherry picked from commit 9448b6b46267d8d807fac0c648e693171bb34806) +Signed-off-by: Danilo C. L. de Paula --- - ArmVirtPkg/ArmVirtQemu.dsc | 7 +- - .../TerminalPcdProducerLib.c | 87 ++++++++++++++++++++++ - .../TerminalPcdProducerLib.inf | 41 ++++++++++ + ArmVirtPkg/ArmVirtQemu.dsc | 7 +- + .../TerminalPcdProducerLib.c | 87 +++++++++++++++++++ + .../TerminalPcdProducerLib.inf | 41 +++++++++ 3 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 7331597..4bf94ce 100644 +index f2e5125494..9fc78d4e0a 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -208,6 +208,8 @@ +@@ -221,6 +221,8 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0 gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE @@ -54,7 +61,7 @@ index 7331597..4bf94ce 100644 [PcdsDynamicHii] gArmVirtTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gArmVirtVariableGuid|0x0|FALSE|NV,BS -@@ -284,7 +286,10 @@ +@@ -297,7 +299,10 @@ MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf @@ -68,7 +75,7 @@ index 7331597..4bf94ce 100644 MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c new file mode 100644 -index 0000000..814ad48 +index 0000000000..814ad48199 --- /dev/null +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c @@ -0,0 +1,87 @@ @@ -161,7 +168,7 @@ index 0000000..814ad48 +} diff --git a/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf new file mode 100644 -index 0000000..fecb37b +index 0000000000..fecb37bcdf --- /dev/null +++ b/ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.inf @@ -0,0 +1,41 @@ @@ -207,5 +214,5 @@ index 0000000..fecb37b +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdResizeXterm -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch index 14b18d3..b1ada3a 100644 --- a/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch +++ b/SOURCES/0011-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch @@ -1,9 +1,17 @@ -From bbd64eb8658e9a33eab4227d9f4e51ad78d9f687 Mon Sep 17 00:00:00 2001 +From 8628ef1b8d675ebec39d83834abbe3c8c8c42cf4 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:53 +0100 Subject: OvmfPkg: allow exclusion of the shell from the firmware image (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- update the patch against the following upstream commits: + - 4b888334d234 ("OvmfPkg: Remove EdkShellBinPkg in FDF", 2018-11-19) + - 277a3958d93a ("OvmfPkg: Don't include TftpDynamicCommand in XCODE5 + tool chain", 2018-11-27) + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -70,6 +78,8 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit d9dd9ee42937b2611fe37183cc9ec7f62d946933) (cherry picked from commit 23df46ebbe7b09451d3a05034acd4d3a25e7177b) (cherry picked from commit f0303f71d576c51b01c4ff961b429d0e0e707245) +(cherry picked from commit bbd64eb8658e9a33eab4227d9f4e51ad78d9f687) +Signed-off-by: Danilo C. L. de Paula --- OvmfPkg/OvmfPkgIa32.fdf | 2 ++ OvmfPkg/OvmfPkgIa32X64.fdf | 2 ++ @@ -77,62 +87,56 @@ Signed-off-by: Laszlo Ersek 3 files changed, 6 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index f552bc9..73007dd 100644 +index be3d3b4d14..a545f7c2a6 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -288,12 +288,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -288,10 +288,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) + !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index ee77ae1..116b3c6 100644 +index b56160b3bf..fe24e86b92 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) + !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 505d25d..84d5845 100644 +index b56160b3bf..fe24e86b92 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -289,12 +289,14 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour +@@ -289,10 +289,12 @@ INF MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResour INF FatPkg/EnhancedFatDxe/Fat.inf INF MdeModulePkg/Universal/Disk/UdfDxe/UdfDxe.inf +!ifndef $(EXCLUDE_SHELL_FROM_FD) - !ifndef $(USE_OLD_SHELL) + !if $(TOOL_CHAIN_TAG) != "XCODE5" INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf - INF ShellPkg/Application/Shell/Shell.inf - !else - INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf !endif + INF ShellPkg/Application/Shell/Shell.inf +!endif - !if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf + -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch index 496c697..94613a8 100644 --- a/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch +++ b/SOURCES/0012-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch @@ -1,9 +1,14 @@ -From b59ee7769814e207c917615af78c7428bdf3b450 Mon Sep 17 00:00:00 2001 +From 60737ccca40e6b4f11da438892c862b254dbfac9 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 4 Nov 2014 23:02:55 +0100 Subject: OvmfPkg: EnrollDefaultKeys: application for enrolling default keys (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -214,19 +219,21 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit c0b2615a9c0b4a4be1bffe45681a32915449279d) (cherry picked from commit 92424de98ffaf1fa81e6346949b1d2b5f9a637ca) (cherry picked from commit 98c91b36997e3afc4192449263182fbdcc771a1a) +(cherry picked from commit b59ee7769814e207c917615af78c7428bdf3b450) +Signed-off-by: Danilo C. L. de Paula --- - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++++++++ - OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 ++ - OvmfPkg/OvmfPkgIa32.dsc | 4 + - OvmfPkg/OvmfPkgIa32X64.dsc | 4 + - OvmfPkg/OvmfPkgX64.dsc | 4 + + OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c | 1015 +++++++++++++++++ + .../EnrollDefaultKeys/EnrollDefaultKeys.inf | 52 + + OvmfPkg/OvmfPkgIa32.dsc | 4 + + OvmfPkg/OvmfPkgIa32X64.dsc | 4 + + OvmfPkg/OvmfPkgX64.dsc | 4 + 5 files changed, 1079 insertions(+) create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c create mode 100644 OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c new file mode 100644 -index 0000000..dd413df +index 0000000000..dd413df12d --- /dev/null +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.c @@ -0,0 +1,1015 @@ @@ -1247,7 +1254,7 @@ index 0000000..dd413df +} diff --git a/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf new file mode 100644 -index 0000000..0ad86a2 +index 0000000000..0ad86a2843 --- /dev/null +++ b/OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf @@ -0,0 +1,52 @@ @@ -1304,10 +1311,10 @@ index 0000000..0ad86a2 + UefiLib + UefiRuntimeServicesTableLib diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index b577767..4d268c9 100644 +index 3f1da66aab..bc75e03d47 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -865,6 +865,10 @@ +@@ -864,6 +864,10 @@ !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -1319,10 +1326,10 @@ index b577767..4d268c9 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index a6a40be..6836622 100644 +index 9bb0a4cede..f630737662 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -874,6 +874,10 @@ +@@ -873,6 +873,10 @@ !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -1334,10 +1341,10 @@ index a6a40be..6836622 100644 OvmfPkg/PlatformDxe/Platform.inf diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 8bd3754..0b3008f 100644 +index 3b7fc5328c..ac70a0cac1 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -872,6 +872,10 @@ +@@ -871,6 +871,10 @@ !if $(SECURE_BOOT_ENABLE) == TRUE SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -1349,5 +1356,5 @@ index 8bd3754..0b3008f 100644 OvmfPkg/PlatformDxe/Platform.inf -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch index fd6d5fa..c85291d 100644 --- a/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch +++ b/SOURCES/0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch @@ -1,8 +1,13 @@ -From 58755c51d3252312d80cbcb97928d71199c2f5e1 Mon Sep 17 00:00:00 2001 +From c3f07e323e76856f1b42ea7b8c598ba3201c28a2 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:49:43 +0200 Subject: ArmPlatformPkg: introduce fixed PCD for early hello message (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -42,15 +47,17 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 20b1f1cbd0590aa71c6d99d35e23cf08e0707750) (cherry picked from commit 6734b88cf7abcaf42632e3d2fc469b2169dd2f16) (cherry picked from commit ef77da632559e9baa1c69869e4cbea377068ef27) +(cherry picked from commit 58755c51d3252312d80cbcb97928d71199c2f5e1) +Signed-off-by: Danilo C. L. de Paula --- ArmPlatformPkg/ArmPlatformPkg.dec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ArmPlatformPkg/ArmPlatformPkg.dec b/ArmPlatformPkg/ArmPlatformPkg.dec -index dff4598..3c5c6c7 100644 +index 44c00bd0c1..40c8ec3251 100644 --- a/ArmPlatformPkg/ArmPlatformPkg.dec +++ b/ArmPlatformPkg/ArmPlatformPkg.dec -@@ -112,6 +112,13 @@ +@@ -114,6 +114,13 @@ ## If set, this will swap settings for HDLCD RED_SELECT and BLUE_SELECT registers gArmPlatformTokenSpaceGuid.PcdArmHdLcdSwapBlueRedSelect|FALSE|BOOLEAN|0x00000045 @@ -65,5 +72,5 @@ index dff4598..3c5c6c7 100644 ## PL031 RealTimeClock gArmPlatformTokenSpaceGuid.PcdPL031RtcBase|0x0|UINT32|0x00000024 -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch index 9ee5345..fae39ec 100644 --- a/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch +++ b/SOURCES/0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch @@ -1,9 +1,14 @@ -From f4b7aae411d88b2b83f85d20ef06a4032a57e7de Mon Sep 17 00:00:00 2001 +From bb71490fdda3b38fa9f071d281b863f9b64363bf Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 13:59:20 +0200 Subject: ArmPlatformPkg: PrePeiCore: write early hello message to the serial port (RH) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -40,6 +45,8 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 742e5bf6d5ce5a1e73879d6e5c0dd00feda7a9ac) (cherry picked from commit 93d69eb9393cf05af90676253875c59c1bec67fd) (cherry picked from commit 638594083b191f84f5d9333eb6147a31570f5a5a) +(cherry picked from commit f4b7aae411d88b2b83f85d20ef06a4032a57e7de) +Signed-off-by: Danilo C. L. de Paula --- ArmPlatformPkg/PrePeiCore/MainMPCore.c | 5 +++++ ArmPlatformPkg/PrePeiCore/MainUniCore.c | 5 +++++ @@ -49,7 +56,7 @@ Signed-off-by: Laszlo Ersek 5 files changed, 15 insertions(+) diff --git a/ArmPlatformPkg/PrePeiCore/MainMPCore.c b/ArmPlatformPkg/PrePeiCore/MainMPCore.c -index dc47adb..cbd7223 100644 +index dc47adbaff..cbd72232c7 100644 --- a/ArmPlatformPkg/PrePeiCore/MainMPCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainMPCore.c @@ -117,6 +117,11 @@ PrimaryMain ( @@ -65,7 +72,7 @@ index dc47adb..cbd7223 100644 // Enable the GIC Distributor diff --git a/ArmPlatformPkg/PrePeiCore/MainUniCore.c b/ArmPlatformPkg/PrePeiCore/MainUniCore.c -index 134a469..af39fc0 100644 +index 134a469427..af39fc017c 100644 --- a/ArmPlatformPkg/PrePeiCore/MainUniCore.c +++ b/ArmPlatformPkg/PrePeiCore/MainUniCore.c @@ -35,6 +35,11 @@ PrimaryMain ( @@ -81,7 +88,7 @@ index 134a469..af39fc0 100644 // Adjust the Temporary Ram as the new Ppi List (Common + Platform Ppi Lists) is created at diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h -index 1608946..bf843d7 100644 +index 160894620c..bf843d7768 100644 --- a/ArmPlatformPkg/PrePeiCore/PrePeiCore.h +++ b/ArmPlatformPkg/PrePeiCore/PrePeiCore.h @@ -21,6 +21,7 @@ @@ -93,7 +100,7 @@ index 1608946..bf843d7 100644 #include #include diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf -index e3a31fa..1bc0c45 100644 +index e3a31fa7c6..1bc0c45420 100644 --- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf +++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreMPCore.inf @@ -72,6 +72,8 @@ @@ -106,7 +113,7 @@ index e3a31fa..1bc0c45 100644 gArmTokenSpaceGuid.PcdGicInterruptInterfaceBase gArmTokenSpaceGuid.PcdGicSgiIntId diff --git a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf -index ec83cec..b100820 100644 +index ec83cec2d8..b100820491 100644 --- a/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf +++ b/ArmPlatformPkg/PrePeiCore/PrePeiCoreUniCore.inf @@ -70,4 +70,6 @@ @@ -117,5 +124,5 @@ index ec83cec..b100820 100644 + gEfiMdeModulePkgTokenSpaceGuid.PcdInitValueInTempStack -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch index 7b1268c..849fadc 100644 --- a/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch +++ b/SOURCES/0015-ArmVirtPkg-set-early-hello-message-RH-only.patch @@ -1,8 +1,14 @@ -From 2d4db6ec70e004cd9ac147615d17033bee5d3b18 Mon Sep 17 00:00:00 2001 +From fb2032bbea7e02c426855cf86a323556d493fd8a Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 14 Oct 2015 14:07:17 +0200 Subject: ArmVirtPkg: set early hello message (RH only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- resolve context conflict with upstream commit eaa1e98ae31d ("ArmVirtPkg: + don't set PcdCoreCount", 2019-02-13) + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -34,22 +40,24 @@ Signed-off-by: Laszlo Ersek (cherry picked from commit 179df76dbb0d199bd905236e98775b4059c6502a) (cherry picked from commit ce3f59d0710c24c162d5222bbf5cd7e36180c80c) (cherry picked from commit c201a8e6ae28d75f7ba581828b533c3b26fa7f18) +(cherry picked from commit 2d4db6ec70e004cd9ac147615d17033bee5d3b18) +Signed-off-by: Danilo C. L. de Paula --- ArmVirtPkg/ArmVirtQemu.dsc | 1 + 1 file changed, 1 insertion(+) diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 4bf94ce..035b729 100644 +index 9fc78d4e0a..a4cd66b846 100644 --- a/ArmVirtPkg/ArmVirtQemu.dsc +++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -89,6 +89,7 @@ - gEfiMdeModulePkgTokenSpaceGuid.PcdConOutUgaSupport|FALSE +@@ -94,6 +94,7 @@ + gEfiMdeModulePkgTokenSpaceGuid.PcdTurnOffUsbLegacySupport|TRUE [PcdsFixedAtBuild.common] + gArmPlatformTokenSpaceGuid.PcdEarlyHelloMessage|"UEFI firmware starting.\r\n" - gArmPlatformTokenSpaceGuid.PcdCoreCount|1 !if $(ARCH) == AARCH64 gArmTokenSpaceGuid.PcdVFPEnabled|1 + !endif -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch b/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch index 14d4635..d492ddb 100644 --- a/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch +++ b/SOURCES/0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch @@ -1,8 +1,13 @@ -From 759bd3f591e2db699bdef4c7ea4e97c908e7f027 Mon Sep 17 00:00:00 2001 +From 7e6d5dc4078c64be6d55d8fc3317c59a91507a50 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 21 Nov 2017 00:57:45 +0100 Subject: OvmfPkg: enable DEBUG_VERBOSE (RHEL only) +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> RHEL-8.0/20180508-ee3198e672e2 rebase: @@ -32,6 +37,8 @@ Signed-off-by: Paolo Bonzini (this patch was previously applied as commit 78d3ed73172b5738e32d2b0bc03f7984b9584117) (cherry picked from commit 7aeeaabc9871f657e65d2b99d81011b4964a1ce9) (cherry picked from commit a0617a6be1a80966099ddceb010f89202a79ee76) +(cherry picked from commit 759bd3f591e2db699bdef4c7ea4e97c908e7f027) +Signed-off-by: Danilo C. L. de Paula --- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- @@ -39,10 +46,10 @@ Signed-off-by: Paolo Bonzini 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 4d268c9..57bf021 100644 +index bc75e03d47..8093e6f000 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -481,7 +481,7 @@ +@@ -484,7 +484,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -52,10 +59,10 @@ index 4d268c9..57bf021 100644 !ifdef $(SOURCE_DEBUG_ENABLE) gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 6836622..0e87c8f 100644 +index f630737662..eca9b4e6db 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -486,7 +486,7 @@ +@@ -489,7 +489,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -65,10 +72,10 @@ index 6836622..0e87c8f 100644 !ifdef $(SOURCE_DEBUG_ENABLE) gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 0b3008f..38ba204 100644 +index ac70a0cac1..3ff9a3181e 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -486,7 +486,7 @@ +@@ -489,7 +489,7 @@ # DEBUG_VERBOSE 0x00400000 // Detailed debug messages that may # // significantly impact boot performance # DEBUG_ERROR 0x80000000 // Error @@ -78,5 +85,5 @@ index 0b3008f..38ba204 100644 !ifdef $(SOURCE_DEBUG_ENABLE) gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17 -- -1.8.3.1 +2.18.1 diff --git a/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch new file mode 100644 index 0000000..777fb22 --- /dev/null +++ b/SOURCES/0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch @@ -0,0 +1,130 @@ +From b06b87f8ffd4fed4ef7eacb13689a9b6d111f850 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:46 +0100 +Subject: OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in + QemuVideoDxe/QemuRamfbDxe (RH) + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- Upstream commit 1d25ff51af5c ("OvmfPkg: add QemuRamfbDxe", 2018-06-14) + introduced another GOP driver that consumes FrameBufferBltLib, and + thereby produces a large number of (mostly useless) debug messages at + the DEBUG_VERBOSE level. Extend the patch to suppress those messages in + both QemuVideoDxe and QemuRamfbDxe; update the subject accordingly. + QemuRamfbDxe itself doesn't log anything at the VERBOSE level (see also + the original commit message at the bottom of this downstream patch). + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Message-id: <20171120235748.29669-6-pbonzini@redhat.com> +Patchwork-id: 77761 +O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + QemuVideoDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses +MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to +FrameBufferBltLib. + +The FrameBufferBltLib instance added in commit b1ca386074bd +("MdeModulePkg: Add FrameBufferBltLib library instance") logs many +messages on the VERBOSE level; for example, a normal boot with OVMF can +produce 500+ "VideoFill" messages, dependent on the progress bar, when the +VERBOSE bit is set in PcdDebugPrintErrorLevel. + +QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose +none of its messages this way. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52) +(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3) +(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0) +(cherry picked from commit bd650684712fb840dbcda5d6eaee065bd9e91fa1) +Signed-off-by: Danilo C. L. de Paula +--- + OvmfPkg/OvmfPkgIa32.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgIa32X64.dsc | 10 ++++++++-- + OvmfPkg/OvmfPkgX64.dsc | 10 ++++++++-- + 3 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 8093e6f000..8f1cf80fe6 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -746,8 +746,14 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index eca9b4e6db..62d6d6c406 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -755,8 +755,14 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 3ff9a3181e..992b141113 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -753,8 +753,14 @@ + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf + MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf + +- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + + # +-- +2.18.1 + diff --git a/SOURCES/0017-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch b/SOURCES/0017-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch deleted file mode 100644 index 1fe8371..0000000 --- a/SOURCES/0017-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch +++ /dev/null @@ -1,101 +0,0 @@ -From bd650684712fb840dbcda5d6eaee065bd9e91fa1 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 21 Nov 2017 00:57:46 +0100 -Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in QemuVideoDxe (RH only) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Message-id: <20171120235748.29669-6-pbonzini@redhat.com> -Patchwork-id: 77761 -O-Subject: [PATCH 5/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - QemuVideoDxe (RH only) -Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek - -In commit 5b2291f9567a ("OvmfPkg: QemuVideoDxe uses -MdeModulePkg/FrameBufferLib"), QemuVideoDxe was rebased to -FrameBufferBltLib. - -The FrameBufferBltLib instance added in commit b1ca386074bd -("MdeModulePkg: Add FrameBufferBltLib library instance") logs many -messages on the VERBOSE level; for example, a normal boot with OVMF can -produce 500+ "VideoFill" messages, dependent on the progress bar, when the -VERBOSE bit is set in PcdDebugPrintErrorLevel. - -QemuVideoDxe itself doesn't log anything at the VERBOSE level, so we lose -none of its messages this way. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Paolo Bonzini -(this patch was previously applied as commit 9b0d031dee7e823f6717bab73e422fbc6f0a6c52) -(cherry picked from commit 9122d5f2e8d8d289064d1e1700cb61964d9931f3) -(cherry picked from commit 7eb3be1d4ccafc26c11fe5afb95cc12b250ce6f0) ---- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- - OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 57bf021..2b2e874 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -744,7 +744,10 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 0e87c8f..892cc5e 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -753,7 +753,10 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index 38ba204..e7cb582 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -751,7 +751,10 @@ - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf - MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf - -- OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf -+ OvmfPkg/QemuVideoDxe/QemuVideoDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - OvmfPkg/VirtioGpuDxe/VirtioGpu.inf - - # --- -1.8.3.1 - diff --git a/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch b/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch new file mode 100644 index 0000000..b7d7973 --- /dev/null +++ b/SOURCES/0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch @@ -0,0 +1,64 @@ +From 76b4ac28e975bd63c25db903a1d42c47b38cc756 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 27 Jan 2016 03:05:18 +0100 +Subject: ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in QemuRamfbDxe (RH + only) + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- new patch, due to upstream commit c64688f36a8b ("ArmVirtPkg: add + QemuRamfbDxe", 2018-06-14) + +QemuRamfbDxe uses FrameBufferLib. The FrameBufferBltLib instance added in +commit b1ca386074bd ("MdeModulePkg: Add FrameBufferBltLib library +instance") logs many messages on the VERBOSE level; for example, a normal +boot with ArmVirtQemu[Kernel] can produce 500+ "VideoFill" messages, +dependent on the progress bar, when the VERBOSE bit is set in +PcdDebugPrintErrorLevel. + +QemuRamfbDxe itself doesn't log anything at the VERBOSE level, so we lose +none of its messages this way. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Danilo C. L. de Paula +--- + ArmVirtPkg/ArmVirtQemu.dsc | 5 ++++- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 5 ++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index a4cd66b846..aac4094665 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -421,7 +421,10 @@ + # + # Video support + # +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf + +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index d2b3f24394..c9a635e80b 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -399,7 +399,10 @@ + # + # Video support + # +- OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++ OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf + +-- +2.18.1 + diff --git a/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch deleted file mode 100644 index 3bea094..0000000 --- a/SOURCES/0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 5a27af700f49e00608f232f618dedd7bf5e9b3e6 Mon Sep 17 00:00:00 2001 -From: Paolo Bonzini -Date: Tue, 21 Nov 2017 00:57:47 +0100 -Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH - only) - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: - -- no changes - -Message-id: <20171120235748.29669-7-pbonzini@redhat.com> -Patchwork-id: 77759 -O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in - NvmExpressDxe (RH only) -Bugzilla: 1488247 -Acked-by: Laszlo Ersek -Acked-by: Thomas Huth - -From: Laszlo Ersek - -NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE -level. - -Signed-off-by: Laszlo Ersek -Signed-off-by: Paolo Bonzini -(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f) -(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4) -(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8) ---- - OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- - OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- - OvmfPkg/OvmfPkgX64.dsc | 5 ++++- - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index 2b2e874..f6d7833 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -738,7 +738,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index 892cc5e..d6e628b 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -747,7 +747,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index e7cb582..a9fe89c 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -745,7 +745,10 @@ - OvmfPkg/SataControllerDxe/SataControllerDxe.inf - MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf - MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf -- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf -+ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { -+ -+ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F -+ } - MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf --- -1.8.3.1 - diff --git a/SOURCES/0019-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch b/SOURCES/0019-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch deleted file mode 100644 index aef16e3..0000000 --- a/SOURCES/0019-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch +++ /dev/null @@ -1,222 +0,0 @@ -From fca819227b23a4d0597e3da42d7edce1da8fb0f4 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Tue, 15 May 2018 12:40:05 +0200 -Subject: OvmfPkg/PlatformBootManagerLib: connect consoles unconditionally - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Message-id: <20180515104005.12265-2-lersek@redhat.com> -Patchwork-id: 80268 -O-Subject: [RHEL-7.6 ovmf PATCH 1/1] OvmfPkg/PlatformBootManagerLib: connect - consoles unconditionally -Bugzilla: 1577546 -Acked-by: Stefan Hajnoczi -Acked-by: Vitaly Kuznetsov - -If both ConIn and ConOut exist, but ConIn references none of the PS/2 -keyboard, the USB wild-card keyboard, and any serial ports, then -PlatformInitializeConsole() currently allows the boot to proceed without -any input devices at all. This makes for a bad user experience -- the -firmware menu could only be entered through OsIndications, set by a guest -OS. - -Do what ArmVirtQemu does already, namely connect the consoles, and add -them to ConIn / ConOut / ErrOut, unconditionally. (The underlying -EfiBootManagerUpdateConsoleVariable() function checks for duplicates.) - -The issue used to be masked by the EfiBootManagerConnectAll() call that -got conditionalized in commit 245c643cc8b7. - -This patch is best viewed with "git show -b -W". - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Fixes: 245c643cc8b73240c3b88cb55b2911b285a8c10d -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1577546 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -(cherry picked from commit f803c03cc2e0b6b0b0bed447a97ea2c61b04ed82) -(cherry picked from commit 3e05bfc48cd7b2cf4c1cbfc1d0cd2572338fad1e) ---- - .../Library/PlatformBootManagerLib/BdsPlatform.c | 127 +++++++-------------- - 1 file changed, 44 insertions(+), 83 deletions(-) - -diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -index 862fa6eb..004b753 100644 ---- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -@@ -26,7 +26,6 @@ VOID *mEfiDevPathNotifyReg; - EFI_EVENT mEfiDevPathEvent; - VOID *mEmuVariableEventReg; - EFI_EVENT mEmuVariableEvent; --BOOLEAN mDetectVgaOnly; - UINT16 mHostBridgeDevId; - - // -@@ -830,35 +829,33 @@ DetectAndPreparePlatformPciDevicePath ( - ); - ASSERT_EFI_ERROR (Status); - -- if (!mDetectVgaOnly) { -+ // -+ // Here we decide whether it is LPC Bridge -+ // -+ if ((IS_PCI_LPC (Pci)) || -+ ((IS_PCI_ISA_PDECODE (Pci)) && -+ (Pci->Hdr.VendorId == 0x8086) && -+ (Pci->Hdr.DeviceId == 0x7000) -+ ) -+ ) { - // -- // Here we decide whether it is LPC Bridge -+ // Add IsaKeyboard to ConIn, -+ // add IsaSerial to ConOut, ConIn, ErrOut - // -- if ((IS_PCI_LPC (Pci)) || -- ((IS_PCI_ISA_PDECODE (Pci)) && -- (Pci->Hdr.VendorId == 0x8086) && -- (Pci->Hdr.DeviceId == 0x7000) -- ) -- ) { -- // -- // Add IsaKeyboard to ConIn, -- // add IsaSerial to ConOut, ConIn, ErrOut -- // -- DEBUG ((EFI_D_INFO, "Found LPC Bridge device\n")); -- PrepareLpcBridgeDevicePath (Handle); -- return EFI_SUCCESS; -- } -+ DEBUG ((EFI_D_INFO, "Found LPC Bridge device\n")); -+ PrepareLpcBridgeDevicePath (Handle); -+ return EFI_SUCCESS; -+ } -+ // -+ // Here we decide which Serial device to enable in PCI bus -+ // -+ if (IS_PCI_16550SERIAL (Pci)) { - // -- // Here we decide which Serial device to enable in PCI bus -+ // Add them to ConOut, ConIn, ErrOut. - // -- if (IS_PCI_16550SERIAL (Pci)) { -- // -- // Add them to ConOut, ConIn, ErrOut. -- // -- DEBUG ((EFI_D_INFO, "Found PCI 16550 SERIAL device\n")); -- PreparePciSerialDevicePath (Handle); -- return EFI_SUCCESS; -- } -+ DEBUG ((EFI_D_INFO, "Found PCI 16550 SERIAL device\n")); -+ PreparePciSerialDevicePath (Handle); -+ return EFI_SUCCESS; - } - - // -@@ -878,26 +875,6 @@ DetectAndPreparePlatformPciDevicePath ( - - - /** -- Do platform specific PCI Device check and add them to ConOut, ConIn, ErrOut -- -- @param[in] DetectVgaOnly - Only detect VGA device if it's TRUE. -- -- @retval EFI_SUCCESS - PCI Device check and Console variable update -- successfully. -- @retval EFI_STATUS - PCI Device check or Console variable update fail. -- --**/ --EFI_STATUS --DetectAndPreparePlatformPciDevicePaths ( -- BOOLEAN DetectVgaOnly -- ) --{ -- mDetectVgaOnly = DetectVgaOnly; -- return VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); --} -- -- --/** - Connect the predefined platform default console device. - - Always try to find and enable PCI display devices. -@@ -910,50 +887,34 @@ PlatformInitializeConsole ( - ) - { - UINTN Index; -- EFI_DEVICE_PATH_PROTOCOL *VarConout; -- EFI_DEVICE_PATH_PROTOCOL *VarConin; - - // -- // Connect RootBridge -+ // Do platform specific PCI Device check and add them to ConOut, ConIn, -+ // ErrOut - // -- GetEfiGlobalVariable2 (EFI_CON_OUT_VARIABLE_NAME, (VOID **) &VarConout, -- NULL); -- GetEfiGlobalVariable2 (EFI_CON_IN_VARIABLE_NAME, (VOID **) &VarConin, NULL); -- -- if (VarConout == NULL || VarConin == NULL) { -- // -- // Do platform specific PCI Device check and add them to ConOut, ConIn, -- // ErrOut -- // -- DetectAndPreparePlatformPciDevicePaths (FALSE); -+ VisitAllPciInstances (DetectAndPreparePlatformPciDevicePath); - -+ // -+ // Have chance to connect the platform default console, -+ // the platform default console is the minimum device group -+ // the platform should support -+ // -+ for (Index = 0; PlatformConsole[Index].DevicePath != NULL; ++Index) { - // -- // Have chance to connect the platform default console, -- // the platform default console is the minimum device group -- // the platform should support -+ // Update the console variable with the connect type - // -- for (Index = 0; PlatformConsole[Index].DevicePath != NULL; ++Index) { -- // -- // Update the console variable with the connect type -- // -- if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) == CONSOLE_IN) { -- EfiBootManagerUpdateConsoleVariable (ConIn, -- PlatformConsole[Index].DevicePath, NULL); -- } -- if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) == CONSOLE_OUT) { -- EfiBootManagerUpdateConsoleVariable (ConOut, -- PlatformConsole[Index].DevicePath, NULL); -- } -- if ((PlatformConsole[Index].ConnectType & STD_ERROR) == STD_ERROR) { -- EfiBootManagerUpdateConsoleVariable (ErrOut, -- PlatformConsole[Index].DevicePath, NULL); -- } -+ if ((PlatformConsole[Index].ConnectType & CONSOLE_IN) == CONSOLE_IN) { -+ EfiBootManagerUpdateConsoleVariable (ConIn, -+ PlatformConsole[Index].DevicePath, NULL); -+ } -+ if ((PlatformConsole[Index].ConnectType & CONSOLE_OUT) == CONSOLE_OUT) { -+ EfiBootManagerUpdateConsoleVariable (ConOut, -+ PlatformConsole[Index].DevicePath, NULL); -+ } -+ if ((PlatformConsole[Index].ConnectType & STD_ERROR) == STD_ERROR) { -+ EfiBootManagerUpdateConsoleVariable (ErrOut, -+ PlatformConsole[Index].DevicePath, NULL); - } -- } else { -- // -- // Only detect VGA device and add them to ConOut -- // -- DetectAndPreparePlatformPciDevicePaths (TRUE); - } - } - --- -1.8.3.1 - diff --git a/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch new file mode 100644 index 0000000..b61d745 --- /dev/null +++ b/SOURCES/0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch @@ -0,0 +1,99 @@ +From 58bba429b9ec7b78109940ef945d0dc93f3cd958 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 21 Nov 2017 00:57:47 +0100 +Subject: OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in NvmExpressDxe (RH + only) + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- no change + +Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> +RHEL-8.0/20180508-ee3198e672e2 rebase: + +- reorder the rebase changelog in the commit message so that it reads like + a blog: place more recent entries near the top +- no changes to the patch body + +Notes about the 20171011-92d07e48907f -> 20180508-ee3198e672e2 rebase: + +- no changes + +Message-id: <20171120235748.29669-7-pbonzini@redhat.com> +Patchwork-id: 77759 +O-Subject: [PATCH 6/7] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in + NvmExpressDxe (RH only) +Bugzilla: 1488247 +Acked-by: Laszlo Ersek +Acked-by: Thomas Huth + +From: Laszlo Ersek + +NvmExpressDxe logs all BlockIo read & write calls on the EFI_D_VERBOSE +level. + +Signed-off-by: Laszlo Ersek +Signed-off-by: Paolo Bonzini +(this patch was previously applied as commit 5f432837b9c60c2929b13dda1a1b488d5c3a6d2f) +(cherry picked from commit 33e00146eb878588ad1395d7b1ae38f401729da4) +(cherry picked from commit bd10cabcfcb1bc9a32b05062f4ee3792e27bc2d8) +(cherry picked from commit 5a27af700f49e00608f232f618dedd7bf5e9b3e6) +Signed-off-by: Danilo C. L. de Paula +--- + OvmfPkg/OvmfPkgIa32.dsc | 5 ++++- + OvmfPkg/OvmfPkgIa32X64.dsc | 5 ++++- + OvmfPkg/OvmfPkgX64.dsc | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index 8f1cf80fe6..bbf5e38274 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -740,7 +740,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 62d6d6c406..3ec1b916e7 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -749,7 +749,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index 992b141113..ea54b4b8e8 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -747,7 +747,10 @@ + OvmfPkg/SataControllerDxe/SataControllerDxe.inf + MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf + MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf +- MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf ++ MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf { ++ ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ } + MdeModulePkg/Universal/HiiDatabaseDxe/HiiDatabaseDxe.inf + MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf + MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf +-- +2.18.1 + diff --git a/SOURCES/0020-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch b/SOURCES/0020-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch deleted file mode 100644 index 7a4eb0f..0000000 --- a/SOURCES/0020-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch +++ /dev/null @@ -1,215 +0,0 @@ -From 402cfd944f9a6764daec96aef9eec4d2393c3a90 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 18 May 2018 21:40:23 +0200 -Subject: ArmVirtPkg/PlatformBootManagerLib: connect Virtio RNG devices again - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Message-id: <20180518194024.30614-2-lersek@redhat.com> -Patchwork-id: 80426 -O-Subject: [RHEL-7.6 ovmf PATCH 1/2] ArmVirtPkg/PlatformBootManagerLib: connect - Virtio RNG devices again -Bugzilla: 1579518 -Acked-by: Thomas Huth -Acked-by: Stefan Hajnoczi - -Virtio RNG devices are never boot devices, so in commit ff1d0fbfbaec we -stopped connecting them. This is a problem because an OS boot loader may -depend on EFI_RNG_PROTOCOL to seed the OS's RNG. - -Connect Virtio RNG devices again. And, while commit ff1d0fbfbaec removed -that from PlatformBootManagerAfterConsole(), reintroduce it now to -PlatformBootManagerBeforeConsole() -- this way Driver#### options launched -between both functions may access EFI_RNG_PROTOCOL too. - -Cc: Ard Biesheuvel -Fixes: ff1d0fbfbaec55038ccf888759588fa4e21516f4 -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -(cherry picked from commit c4add6b6e971e0bb3f276ed3636a083e782e96cc) -(cherry picked from commit 1d33f4bb28e1aa2c4d62979596140c22677a2e9f) ---- - .../Library/PlatformBootManagerLib/PlatformBm.c | 129 +++++++++++++++++++++ - .../PlatformBootManagerLib.inf | 1 + - 2 files changed, 130 insertions(+) - -diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c -index 5d5e51d..62cce6a 100644 ---- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c -+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c -@@ -16,6 +16,7 @@ - **/ - - #include -+#include - #include - #include - #include -@@ -27,6 +28,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -261,6 +263,121 @@ IsPciDisplay ( - - - /** -+ This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at -+ the VIRTIO_DEVICE_PROTOCOL level. -+**/ -+STATIC -+BOOLEAN -+EFIAPI -+IsVirtioRng ( -+ IN EFI_HANDLE Handle, -+ IN CONST CHAR16 *ReportText -+ ) -+{ -+ EFI_STATUS Status; -+ VIRTIO_DEVICE_PROTOCOL *VirtIo; -+ -+ Status = gBS->HandleProtocol (Handle, &gVirtioDeviceProtocolGuid, -+ (VOID**)&VirtIo); -+ if (EFI_ERROR (Status)) { -+ return FALSE; -+ } -+ return (BOOLEAN)(VirtIo->SubSystemDeviceId == -+ VIRTIO_SUBSYSTEM_ENTROPY_SOURCE); -+} -+ -+ -+/** -+ This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at -+ the EFI_PCI_IO_PROTOCOL level. -+**/ -+STATIC -+BOOLEAN -+EFIAPI -+IsVirtioPciRng ( -+ IN EFI_HANDLE Handle, -+ IN CONST CHAR16 *ReportText -+ ) -+{ -+ EFI_STATUS Status; -+ EFI_PCI_IO_PROTOCOL *PciIo; -+ UINT16 VendorId; -+ UINT16 DeviceId; -+ UINT8 RevisionId; -+ BOOLEAN Virtio10; -+ UINT16 SubsystemId; -+ -+ Status = gBS->HandleProtocol (Handle, &gEfiPciIoProtocolGuid, -+ (VOID**)&PciIo); -+ if (EFI_ERROR (Status)) { -+ return FALSE; -+ } -+ -+ // -+ // Read and check VendorId. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, -+ 1, &VendorId); -+ if (EFI_ERROR (Status)) { -+ goto PciError; -+ } -+ if (VendorId != VIRTIO_VENDOR_ID) { -+ return FALSE; -+ } -+ -+ // -+ // Read DeviceId and RevisionId. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, -+ 1, &DeviceId); -+ if (EFI_ERROR (Status)) { -+ goto PciError; -+ } -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_OFFSET, -+ 1, &RevisionId); -+ if (EFI_ERROR (Status)) { -+ goto PciError; -+ } -+ -+ // -+ // From DeviceId and RevisionId, determine whether the device is a -+ // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can -+ // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and -+ // SubsystemId will only play a sanity-check role. Otherwise, DeviceId can -+ // only be sanity-checked, and SubsystemId will decide. -+ // -+ if (DeviceId == 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE && -+ RevisionId >= 0x01) { -+ Virtio10 = TRUE; -+ } else if (DeviceId >= 0x1000 && DeviceId <= 0x103F && RevisionId == 0x00) { -+ Virtio10 = FALSE; -+ } else { -+ return FALSE; -+ } -+ -+ // -+ // Read and check SubsystemId as dictated by Virtio10. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, -+ PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId); -+ if (EFI_ERROR (Status)) { -+ goto PciError; -+ } -+ if (Virtio10 && SubsystemId >= 0x40) { -+ return TRUE; -+ } -+ if (!Virtio10 && SubsystemId == VIRTIO_SUBSYSTEM_ENTROPY_SOURCE) { -+ return TRUE; -+ } -+ return FALSE; -+ -+PciError: -+ DEBUG ((DEBUG_ERROR, "%a: %s: %r\n", __FUNCTION__, ReportText, Status)); -+ return FALSE; -+} -+ -+ -+/** - This CALLBACK_FUNCTION attempts to connect a handle non-recursively, asking - the matching driver to produce all first-level child handles. - **/ -@@ -644,6 +761,18 @@ PlatformBootManagerBeforeConsole ( - // Register platform-specific boot options and keyboard shortcuts. - // - PlatformRegisterOptionsAndKeys (); -+ -+ // -+ // At this point, VIRTIO_DEVICE_PROTOCOL instances exist only for Virtio MMIO -+ // transports. Install EFI_RNG_PROTOCOL instances on Virtio MMIO RNG devices. -+ // -+ FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioRng, Connect); -+ -+ // -+ // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL -+ // instances on Virtio PCI RNG devices. -+ // -+ FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciRng, Connect); - } - - /** -diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf -index 1e22f8b..d6c1ef9 100644 ---- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf -+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf -@@ -83,3 +83,4 @@ - gEfiLoadedImageProtocolGuid - gEfiPciRootBridgeIoProtocolGuid - gEfiSimpleFileSystemProtocolGuid -+ gVirtioDeviceProtocolGuid --- -1.8.3.1 - diff --git a/SOURCES/0021-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch b/SOURCES/0021-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch deleted file mode 100644 index 6918750..0000000 --- a/SOURCES/0021-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 3f2be5f30bbd996473e7336b29ac43795d999676 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 18 May 2018 21:40:24 +0200 -Subject: OvmfPkg/PlatformBootManagerLib: connect Virtio RNG devices again - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top -- no changes to the patch body - -Message-id: <20180518194024.30614-3-lersek@redhat.com> -Patchwork-id: 80427 -O-Subject: [RHEL-7.6 ovmf PATCH 2/2] OvmfPkg/PlatformBootManagerLib: connect - Virtio RNG devices again -Bugzilla: 1579518 -Acked-by: Thomas Huth -Acked-by: Stefan Hajnoczi - -Virtio RNG devices are never boot devices, so in commit 245c643cc8b7 we -stopped connecting them. This is a problem because an OS boot loader may -depend on EFI_RNG_PROTOCOL to seed the OS's RNG. - -Connect Virtio RNG devices again. And, while commit 245c643cc8b7 removed -that from PlatformBootManagerAfterConsole(), reintroduce it now to -PlatformBootManagerBeforeConsole() -- this way Driver#### options launched -between both functions may access EFI_RNG_PROTOCOL too. - -Cc: Ard Biesheuvel -Cc: Jordan Justen -Fixes: 245c643cc8b73240c3b88cb55b2911b285a8c10d -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1579518 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -(cherry picked from commit 7ebad830d6ab61f0395f6f4bae4156664bbd8086) -(cherry picked from commit 4c7e315ccb97dd7c3dc7f38e22b84ffbc4df90e3) ---- - .../Library/PlatformBootManagerLib/BdsPlatform.c | 105 +++++++++++++++++++++ - .../Library/PlatformBootManagerLib/BdsPlatform.h | 1 + - 2 files changed, 106 insertions(+) - -diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -index 004b753..5d4d323 100644 ---- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c -@@ -319,6 +319,15 @@ ConnectRootBridge ( - ); - - STATIC -+EFI_STATUS -+EFIAPI -+ConnectVirtioPciRng ( -+ IN EFI_HANDLE Handle, -+ IN VOID *Instance, -+ IN VOID *Context -+ ); -+ -+STATIC - VOID - SaveS3BootScript ( - VOID -@@ -399,6 +408,13 @@ PlatformBootManagerBeforeConsole ( - ASSERT_RETURN_ERROR (PcdStatus); - - PlatformRegisterOptionsAndKeys (); -+ -+ // -+ // Install both VIRTIO_DEVICE_PROTOCOL and (dependent) EFI_RNG_PROTOCOL -+ // instances on Virtio PCI RNG devices. -+ // -+ VisitAllInstancesOfProtocol (&gEfiPciIoProtocolGuid, ConnectVirtioPciRng, -+ NULL); - } - - -@@ -427,6 +443,95 @@ ConnectRootBridge ( - } - - -+STATIC -+EFI_STATUS -+EFIAPI -+ConnectVirtioPciRng ( -+ IN EFI_HANDLE Handle, -+ IN VOID *Instance, -+ IN VOID *Context -+ ) -+{ -+ EFI_PCI_IO_PROTOCOL *PciIo; -+ EFI_STATUS Status; -+ UINT16 VendorId; -+ UINT16 DeviceId; -+ UINT8 RevisionId; -+ BOOLEAN Virtio10; -+ UINT16 SubsystemId; -+ -+ PciIo = Instance; -+ -+ // -+ // Read and check VendorId. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_VENDOR_ID_OFFSET, -+ 1, &VendorId); -+ if (EFI_ERROR (Status)) { -+ goto Error; -+ } -+ if (VendorId != VIRTIO_VENDOR_ID) { -+ return EFI_SUCCESS; -+ } -+ -+ // -+ // Read DeviceId and RevisionId. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, PCI_DEVICE_ID_OFFSET, -+ 1, &DeviceId); -+ if (EFI_ERROR (Status)) { -+ goto Error; -+ } -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, PCI_REVISION_ID_OFFSET, -+ 1, &RevisionId); -+ if (EFI_ERROR (Status)) { -+ goto Error; -+ } -+ -+ // -+ // From DeviceId and RevisionId, determine whether the device is a -+ // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can -+ // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and -+ // SubsystemId will only play a sanity-check role. Otherwise, DeviceId can -+ // only be sanity-checked, and SubsystemId will decide. -+ // -+ if (DeviceId == 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE && -+ RevisionId >= 0x01) { -+ Virtio10 = TRUE; -+ } else if (DeviceId >= 0x1000 && DeviceId <= 0x103F && RevisionId == 0x00) { -+ Virtio10 = FALSE; -+ } else { -+ return EFI_SUCCESS; -+ } -+ -+ // -+ // Read and check SubsystemId as dictated by Virtio10. -+ // -+ Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint16, -+ PCI_SUBSYSTEM_ID_OFFSET, 1, &SubsystemId); -+ if (EFI_ERROR (Status)) { -+ goto Error; -+ } -+ if ((Virtio10 && SubsystemId >= 0x40) || -+ (!Virtio10 && SubsystemId == VIRTIO_SUBSYSTEM_ENTROPY_SOURCE)) { -+ Status = gBS->ConnectController ( -+ Handle, // ControllerHandle -+ NULL, // DriverImageHandle -- connect all drivers -+ NULL, // RemainingDevicePath -- produce all child handles -+ FALSE // Recursive -- don't follow child handles -+ ); -+ if (EFI_ERROR (Status)) { -+ goto Error; -+ } -+ } -+ return EFI_SUCCESS; -+ -+Error: -+ DEBUG ((DEBUG_ERROR, "%a: %r\n", __FUNCTION__, Status)); -+ return Status; -+} -+ -+ - /** - Add IsaKeyboard to ConIn; add IsaSerial to ConOut, ConIn, ErrOut. - -diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h -index 97ffbb5..4948ca6 100644 ---- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h -+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.h -@@ -30,6 +30,7 @@ Abstract: - #include - #include - #include -+#include - - #include - #include --- -1.8.3.1 - diff --git a/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch b/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch new file mode 100644 index 0000000..85ce534 --- /dev/null +++ b/SOURCES/0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch @@ -0,0 +1,59 @@ +From d382b66affafe06c7e470e0a2dffbd3634b363f1 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 19 Mar 2019 15:48:34 +0100 +Subject: Downgrade CryptoPkg INF files to OpenSSL 1.1.0i (RH only) + +Notes about the RHEL-8.0/20180508-ee3198e672e2 -> +RHEL-8.1/20190308-89910a39dcfd rebase: + +- new patch, due to upstream commit a18f784cfdbe ("Upgrade OpenSSL to + 1.1.0j", 2018-12-21) + +Upstream commit a18f784cfdbe (see above) advanced the OpenSSL git +submodule from upstream OpenSSL commit d4e4bd2a8163 ("Prepare for 1.1.0h +release", 2018-03-27) to upstream OpenSSL commit 74f2d9c1ec5f ("Prepare +for 1.1.0j release", 2018-11-20). Meaning, upstream edk2 skipped 1.1.0i. + +However, Fedora 28 only offers 1.1.0i at this point (and it will not be +rebased again until 1.1.0k is released). Therefore hunks in the upstream +CryptoPkg commit that relate specifically to 1.1.0j have to be backed out. + +The only such hunks are the "crypto/getenv.c" additions to the INF files. +The related upstream OpenSSL change was commit 1abdf08284af ("Use +secure_getenv(3) when available.", 2018-09-24), part of tag +"OpenSSL_1_1_0j". + +Signed-off-by: Laszlo Ersek +Signed-off-by: Danilo C. L. de Paula +--- + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 1 - + CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index 6162d29143..fcb8bfddde 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -282,7 +282,6 @@ + $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c + $(OPENSSL_PATH)/crypto/evp/scrypt.c + $(OPENSSL_PATH)/crypto/ex_data.c +- $(OPENSSL_PATH)/crypto/getenv.c + $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c + $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c + $(OPENSSL_PATH)/crypto/hmac/hmac.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index b04bf62b4e..99ff89da0e 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -282,7 +282,6 @@ + $(OPENSSL_PATH)/crypto/evp/pmeth_lib.c + $(OPENSSL_PATH)/crypto/evp/scrypt.c + $(OPENSSL_PATH)/crypto/ex_data.c +- $(OPENSSL_PATH)/crypto/getenv.c + $(OPENSSL_PATH)/crypto/hmac/hm_ameth.c + $(OPENSSL_PATH)/crypto/hmac/hm_pmeth.c + $(OPENSSL_PATH)/crypto/hmac/hmac.c +-- +2.18.1 + diff --git a/SOURCES/0027-BaseTools-tools_def-add-fno-unwind-tables-to-GCC_AAR.patch b/SOURCES/0027-BaseTools-tools_def-add-fno-unwind-tables-to-GCC_AAR.patch deleted file mode 100644 index 080f995..0000000 --- a/SOURCES/0027-BaseTools-tools_def-add-fno-unwind-tables-to-GCC_AAR.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 7ef29963526aa451b1101e4b92e47d3028c9035a Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 18 May 2018 19:20:32 +0200 -Subject: BaseTools/tools_def: add "-fno-unwind-tables" to GCC_AARCH64_CC_FLAGS - -Notes about the RHEL-7.6/ovmf-20180508-2.gitee3198e672e2.el7 -> -RHEL-8.0/20180508-ee3198e672e2 rebase: - -- reorder the rebase changelog in the commit message so that it reads like - a blog: place more recent entries near the top - -- in RHEL-8.0 Alpha, this patch was applied downstream-only, for fixing - RHBZ#1579525. Since then, the patch has been upstreamed, and now it is - cherry-picked from upstream. - -The ElfConvert routines in GenFw don't handle the ".eh_frame" ELF section -emitted by gcc. For this reason, Leif disabled the generation of that -section for AARCH64 with "-fno-asynchronous-unwind-tables" in commit -28e80befa4fe [1], and Ard did the same for IA32 and X64 in commit -26ecc55c027d [2]. (The CLANG38 toolchain received the same flag at its -inception, in commit 6f756db5ea05 [3].) - -However, ".eh_frame" is back now; in upstream gcc commit 9cbee213b579 [4] -(part of tag "gcc-8_1_0-release"), both "-fasynchronous-unwind-tables" and -"-funwind-tables" were made the default for AARCH64. (The patch author -described the effects on the gcc mailing list [5].) We have to counter the -latter flag with "-fno-unwind-tables", otherwise GenFw chokes on -".eh_frame" again (triggered for example on Fedora 28). - -"-f[no-]unwind-tables" goes back to at least gcc-4.4 [6], so it's safe to -add to GCC_AARCH64_CC_FLAGS. - -[1] https://github.com/tianocore/edk2/commit/28e80befa4fe -[2] https://github.com/tianocore/edk2/commit/26ecc55c027d -[3] https://github.com/tianocore/edk2/commit/6f756db5ea05 -[4] https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=9cbee213b579 -[5] http://mid.mail-archive.com/7b28c03a-c032-6cec-c127-1c12cbe98eeb@foss.arm.com -[6] https://gcc.gnu.org/onlinedocs/gcc-4.4.7/gcc/Code-Gen-Options.html - -Cc: "Danilo C. L. de Paula" -Cc: Ard Biesheuvel -Cc: Cole Robinson -Cc: Gerd Hoffmann -Cc: Leif Lindholm -Cc: Liming Gao -Cc: Paolo Bonzini -Cc: Yonghong Zhu -Reported-by: "Danilo C. L. de Paula" -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -Reviewed-by: Liming Gao -(cherry picked from commit cbf00651eda6818ca3c76115b8a18e3f6b23eef4) ---- - BaseTools/Conf/tools_def.template | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template -index 03d7000..9429033 100755 ---- a/BaseTools/Conf/tools_def.template -+++ b/BaseTools/Conf/tools_def.template -@@ -4537,7 +4537,7 @@ DEFINE GCC_X64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mno-red-zone -Wno-ad - DEFINE GCC_IPF_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -minline-int-divide-min-latency - DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -mfloat-abi=soft -fno-pic -fno-pie - DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access --DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-pic -fno-pie -ffixed-x18 -+DEFINE GCC_AARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18 - DEFINE GCC_AARCH64_CC_XIPFLAGS = -mstrict-align -mgeneral-regs-only - DEFINE GCC_DLINK_FLAGS_COMMON = -nostdlib --pie - DEFINE GCC_DLINK2_FLAGS_COMMON = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds --- -1.8.3.1 - diff --git a/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch b/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch new file mode 100644 index 0000000..2cef6f5 --- /dev/null +++ b/SOURCES/edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch @@ -0,0 +1,63 @@ +From 11a1c8085b0edccd3a304f704f47ec5d8ee6255d Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Thu, 1 Aug 2019 20:43:49 +0200 +Subject: [PATCH 3/3] ArmPkg: DebugPeCoffExtraActionLib: debugger commands are + not errors + +Message-id: <20190801184349.28512-4-philmd@redhat.com> +Patchwork-id: 89860 +O-Subject: [RHEL-8.1.0 edk2 PATCH v4 3/3] ArmPkg: DebugPeCoffExtraActionLib: + debugger commands are not errors +Bugzilla: 1714446 +Acked-by: Andrew Jones +Acked-by: Laszlo Ersek + +In commit 1fce963d89f3e we reduced the level of information printed +by PeCoffLoaderRelocateImageExtraAction() but we did not update the +similar PeCoffLoaderUnloadImageExtraAction() function. + +PeCoffLoaderUnloadImageExtraAction() prints helpful debugger commands +for source level debugging. These messages should not be printed on the +EFI_D_ERROR level; they don't report errors. Change the debug level +(bitmask, actually) to DEBUG_LOAD | DEBUG_INFO, because the messages are +printed in relation to image loading, and they are informative. + +Cc: Leif Lindholm +Cc: Ard Biesheuvel +Reported-by: Andrew Jones +Suggested-by: Laszlo Ersek +Signed-off-by: Philippe Mathieu-Daude +Reviewed-by: Laszlo Ersek +Reviewed-by: Leif Lindholm +(cherry picked from commit a6cd7fbac494ed3b2386db1f2a8b1a73f399e940) +Signed-off-by: Philippe Mathieu-Daude +--- + .../Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c +index f298e58..895198f 100644 +--- a/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c ++++ b/ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.c +@@ -128,14 +128,14 @@ PeCoffLoaderUnloadImageExtraAction ( + if (ImageContext->PdbPointer) { + #ifdef __CC_ARM + // Print out the command for the RVD debugger to load symbols for this image +- DEBUG ((EFI_D_ERROR, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); ++ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "unload symbols_only %a\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)))); + #elif __GNUC__ + // This may not work correctly if you generate PE/COFF directlyas then the Offset would not be required +- DEBUG ((EFI_D_ERROR, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); ++ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "remove-symbol-file %a 0x%08x\n", DeCygwinPathIfNeeded (ImageContext->PdbPointer, Temp, sizeof (Temp)), (UINTN)(ImageContext->ImageAddress + ImageContext->SizeOfHeaders))); + #else +- DEBUG ((EFI_D_ERROR, "Unloading %a\n", ImageContext->PdbPointer)); ++ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Unloading %a\n", ImageContext->PdbPointer)); + #endif + } else { +- DEBUG ((EFI_D_ERROR, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); ++ DEBUG ((DEBUG_LOAD | DEBUG_INFO, "Unloading driver at 0x%11p\n", (VOID *)(UINTN) ImageContext->ImageAddress)); + } + } +-- +1.8.3.1 + diff --git a/SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-enable-the-IPv6-stack.patch b/SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-enable-the-IPv6-stack.patch deleted file mode 100644 index aba9574..0000000 --- a/SOURCES/edk2-ArmVirtPkg-ArmVirtQemu-enable-the-IPv6-stack.patch +++ /dev/null @@ -1,197 +0,0 @@ -From eff60320e87dcda19a50de4f1ac05af4a5e1b133 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 18 Jul 2018 00:18:19 +0200 -Subject: [PATCH 3/6] ArmVirtPkg/ArmVirtQemu: enable the IPv6 stack - -Message-id: <20180717221822.13110-3-lersek@redhat.com> -Patchwork-id: 81375 -O-Subject: [RHEL8/virt212 edk2 PATCH 2/5] ArmVirtPkg/ArmVirtQemu: enable the - IPv6 stack -Bugzilla: 1536627 -Acked-by: Paolo Bonzini -Acked-by: Wei Huang - -Add the IPv6 stack to ArmVirtQemu with a cumulative port of the following -OvmfPkg commits: - -* 36c6413f76e5 "OvmfPkg: enable the IPv6 support", 2014-12-19 - -* 96302b80d90e "OvmfPkg: Enable Network2 Shell Commands for IPv6", - 2016-03-08 - -* 6d0f8941bdc2 "OvmfPkg: always resolve OpenSslLib, IntrinsicLib and - BaseCryptLib", 2017-01-17 - -* 32e22f20c985 "OvmfPkg: correct the IScsiDxe module included for the IPv6 - stack", 2017-01-17 - -The IPv6-enabled IScsiDxe driver depends on BaseCryptLib, and the -"CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf" instance depends on -IntrinsicLib and OpensslLib. This is why commit 6d0f8941bdc2 is relevant. - -However, unlike in OvmfPkg, in ArmVirtPkg we'll precisely track the -firmware features that require these library classes. (The OvmfPkg -discussion was quite complex, and the OvmfPkg solution was a compromise: -.) - -The ArmVirtXen platform is not extended with the relevant drivers because -currently it doesn't include any networking support. - -Cc: Julien Grall -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1007 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -(cherry picked from commit ae08ea246fe9b4a4e05b7ee6cdbd5b0fa38f3f69) ---- - ArmVirtPkg/ArmVirt.dsc.inc | 18 +++++++++++++++--- - ArmVirtPkg/ArmVirtQemu.dsc | 13 ++++++++++++- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 12 +++++++++++- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 13 ++++++++++++- - 4 files changed, 50 insertions(+), 6 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 2bb8860..f031e81 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -80,6 +80,9 @@ - DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf - UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf - IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf -+!if $(NETWORK_IP6_ENABLE) == TRUE -+ TcpIoLib|MdeModulePkg/Library/DxeTcpIoLib/DxeTcpIoLib.inf -+!endif - !if $(HTTP_BOOT_ENABLE) == TRUE - HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf - !endif -@@ -141,14 +144,20 @@ - XenIoMmioLib|OvmfPkg/Library/XenIoMmioLib/XenIoMmioLib.inf - - # -- # Secure Boot dependencies -+ # CryptoPkg libraries needed by multiple firmware features - # --!if $(SECURE_BOOT_ENABLE) == TRUE -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) - IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf - OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf -+ BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf -+!endif -+ -+ # -+ # Secure Boot dependencies -+ # -+!if $(SECURE_BOOT_ENABLE) == TRUE - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf - AuthVariableLib|SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf -- BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf - - # re-use the UserPhysicalPresent() dummy implementation from the ovmf tree - PlatformSecureLib|OvmfPkg/Library/PlatformSecureLib/PlatformSecureLib.inf -@@ -403,6 +412,9 @@ - NULL|ShellPkg/Library/UefiShellDebug1CommandsLib/UefiShellDebug1CommandsLib.inf - NULL|ShellPkg/Library/UefiShellInstall1CommandsLib/UefiShellInstall1CommandsLib.inf - NULL|ShellPkg/Library/UefiShellNetwork1CommandsLib/UefiShellNetwork1CommandsLib.inf -+!if $(NETWORK_IP6_ENABLE) == TRUE -+ NULL|ShellPkg/Library/UefiShellNetwork2CommandsLib/UefiShellNetwork2CommandsLib.inf -+!endif - HandleParsingLib|ShellPkg/Library/UefiHandleParsingLib/UefiHandleParsingLib.inf - PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf - BcfgCommandLib|ShellPkg/Library/UefiShellBcfgCommandLib/UefiShellBcfgCommandLib.inf -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index bb9d7c8..41ff17d 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -34,6 +34,7 @@ - # -D FLAG=VALUE - # - DEFINE SECURE_BOOT_ENABLE = FALSE -+ DEFINE NETWORK_IP6_ENABLE = FALSE - DEFINE HTTP_BOOT_ENABLE = FALSE - - !include ArmVirtPkg/ArmVirt.dsc.inc -@@ -353,10 +354,20 @@ - MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf - MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf - MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf -- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf -+!if $(NETWORK_IP6_ENABLE) == TRUE -+ NetworkPkg/Ip6Dxe/Ip6Dxe.inf -+ NetworkPkg/TcpDxe/TcpDxe.inf -+ NetworkPkg/Udp6Dxe/Udp6Dxe.inf -+ NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf -+ NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf -+ NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf -+ NetworkPkg/IScsiDxe/IScsiDxe.inf -+!else -+ MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf - MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf -+!endif - !if $(HTTP_BOOT_ENABLE) == TRUE - NetworkPkg/DnsDxe/DnsDxe.inf - NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 8941b7f..82d9cbd 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -125,10 +125,20 @@ READ_LOCK_STATUS = TRUE - INF MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf - INF MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf - INF MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf -- INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - INF MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf -+!if $(NETWORK_IP6_ENABLE) == TRUE -+ INF NetworkPkg/Ip6Dxe/Ip6Dxe.inf -+ INF NetworkPkg/TcpDxe/TcpDxe.inf -+ INF NetworkPkg/Udp6Dxe/Udp6Dxe.inf -+ INF NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf -+ INF NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf -+ INF NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf -+ INF NetworkPkg/IScsiDxe/IScsiDxe.inf -+!else -+ INF MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - INF MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf - INF MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf -+!endif - !if $(HTTP_BOOT_ENABLE) == TRUE - INF NetworkPkg/DnsDxe/DnsDxe.inf - INF NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 9027805..83fc12f 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -34,6 +34,7 @@ - # -D FLAG=VALUE - # - DEFINE SECURE_BOOT_ENABLE = FALSE -+ DEFINE NETWORK_IP6_ENABLE = FALSE - DEFINE HTTP_BOOT_ENABLE = FALSE - - !include ArmVirtPkg/ArmVirt.dsc.inc -@@ -336,10 +337,20 @@ - MdeModulePkg/Universal/Network/MnpDxe/MnpDxe.inf - MdeModulePkg/Universal/Network/VlanConfigDxe/VlanConfigDxe.inf - MdeModulePkg/Universal/Network/Mtftp4Dxe/Mtftp4Dxe.inf -- MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - MdeModulePkg/Universal/Network/Udp4Dxe/Udp4Dxe.inf -+!if $(NETWORK_IP6_ENABLE) == TRUE -+ NetworkPkg/Ip6Dxe/Ip6Dxe.inf -+ NetworkPkg/TcpDxe/TcpDxe.inf -+ NetworkPkg/Udp6Dxe/Udp6Dxe.inf -+ NetworkPkg/Dhcp6Dxe/Dhcp6Dxe.inf -+ NetworkPkg/Mtftp6Dxe/Mtftp6Dxe.inf -+ NetworkPkg/UefiPxeBcDxe/UefiPxeBcDxe.inf -+ NetworkPkg/IScsiDxe/IScsiDxe.inf -+!else -+ MdeModulePkg/Universal/Network/Tcp4Dxe/Tcp4Dxe.inf - MdeModulePkg/Universal/Network/UefiPxeBcDxe/UefiPxeBcDxe.inf - MdeModulePkg/Universal/Network/IScsiDxe/IScsiDxe.inf -+!endif - !if $(HTTP_BOOT_ENABLE) == TRUE - NetworkPkg/DnsDxe/DnsDxe.inf - NetworkPkg/HttpUtilitiesDxe/HttpUtilitiesDxe.inf --- -1.8.3.1 - diff --git a/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch b/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch new file mode 100644 index 0000000..064bcd2 --- /dev/null +++ b/SOURCES/edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch @@ -0,0 +1,57 @@ +From 5a216abaa737195327235e37563b18a6bf2a74dc Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Thu, 1 Aug 2019 20:43:47 +0200 +Subject: [PATCH 1/3] ArmVirtPkg: silence DEBUG_VERBOSE masking ~0x00400000 in + QemuRamfbDxe (RH only) + +Message-id: <20190801184349.28512-2-philmd@redhat.com> +Patchwork-id: 89859 +O-Subject: [RHEL-8.1.0 edk2 PATCH v4 1/3] ArmVirtPkg: silence DEBUG_VERBOSE + masking ~0x00400000 in QemuRamfbDxe (RH only) +Bugzilla: 1714446 +Acked-by: Andrew Jones +Acked-by: Laszlo Ersek + +Commit 76b4ac28e975 introduced a regression, while trying to only clear +the DEBUG_VERBOSE bit, it also unconditionally sets other bits, normally +kept clear in the "silent" build. + +Fix the macro by masking the cleared bits out. + +Reported-by: Andrew Jones +Suggested-by: Laszlo Ersek +Signed-off-by: Philippe Mathieu-Daude +--- + ArmVirtPkg/ArmVirtQemu.dsc | 2 +- + ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc +index aac4094..a44477f 100644 +--- a/ArmVirtPkg/ArmVirtQemu.dsc ++++ b/ArmVirtPkg/ArmVirtQemu.dsc +@@ -423,7 +423,7 @@ + # + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { + +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF + } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf +diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc +index c9a635e..d28ac52 100644 +--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc ++++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc +@@ -401,7 +401,7 @@ + # + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf { + +- gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x8000004F ++ gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|($(DEBUG_PRINT_ERROR_LEVEL)) & 0xFFBFFFFF + } + OvmfPkg/VirtioGpuDxe/VirtioGpu.inf + OvmfPkg/PlatformDxe/Platform.inf +-- +1.8.3.1 + diff --git a/SOURCES/edk2-ArmVirtPkg-unify-HttpLib-resolutions-in-ArmVirt.dsc..patch b/SOURCES/edk2-ArmVirtPkg-unify-HttpLib-resolutions-in-ArmVirt.dsc..patch deleted file mode 100644 index bf902a8..0000000 --- a/SOURCES/edk2-ArmVirtPkg-unify-HttpLib-resolutions-in-ArmVirt.dsc..patch +++ /dev/null @@ -1,76 +0,0 @@ -From c51468996553e70659b85a24cbdad61a27dac952 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 18 Jul 2018 00:18:18 +0200 -Subject: [PATCH 2/6] ArmVirtPkg: unify HttpLib resolutions in - "ArmVirt.dsc.inc" - -Message-id: <20180717221822.13110-2-lersek@redhat.com> -Patchwork-id: 81376 -O-Subject: [RHEL8/virt212 edk2 PATCH 1/5] ArmVirtPkg: unify HttpLib resolutions - in "ArmVirt.dsc.inc" -Bugzilla: 1536627 -Acked-by: Paolo Bonzini -Acked-by: Wei Huang - -We already resolve a number of networking-related library classes in -ArmVirt.dsc.inc; follow suit with HttpLib. - -Cc: Julien Grall -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1007 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Ard Biesheuvel -(cherry picked from commit 77b702bfa4947caaa6b4b04730820d91bdf07b03) ---- - ArmVirtPkg/ArmVirt.dsc.inc | 3 +++ - ArmVirtPkg/ArmVirtQemu.dsc | 4 ---- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 4 ---- - 3 files changed, 3 insertions(+), 8 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc -index 35bccb3d..2bb8860 100644 ---- a/ArmVirtPkg/ArmVirt.dsc.inc -+++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -80,6 +80,9 @@ - DpcLib|MdeModulePkg/Library/DxeDpcLib/DxeDpcLib.inf - UdpIoLib|MdeModulePkg/Library/DxeUdpIoLib/DxeUdpIoLib.inf - IpIoLib|MdeModulePkg/Library/DxeIpIoLib/DxeIpIoLib.inf -+!if $(HTTP_BOOT_ENABLE) == TRUE -+ HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf -+!endif - - # - # It is not possible to prevent the ARM compiler from inserting calls to intrinsic functions. -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 035b729..bb9d7c8 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -63,10 +63,6 @@ - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf - --!if $(HTTP_BOOT_ENABLE) == TRUE -- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf --!endif -- - [LibraryClasses.common.PEIM] - ArmVirtMemInfoLib|ArmVirtPkg/Library/QemuVirtMemInfoLib/QemuVirtMemInfoPeiLib.inf - -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 1981aae..9027805 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -63,10 +63,6 @@ - PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf - PciHostBridgeLib|ArmVirtPkg/Library/FdtPciHostBridgeLib/FdtPciHostBridgeLib.inf - --!if $(HTTP_BOOT_ENABLE) == TRUE -- HttpLib|MdeModulePkg/Library/DxeHttpLib/DxeHttpLib.inf --!endif -- - [LibraryClasses.common.UEFI_DRIVER] - UefiScsiLib|MdePkg/Library/UefiScsiLib/UefiScsiLib.inf - --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch b/SOURCES/edk2-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch deleted file mode 100644 index 2cd5f00..0000000 --- a/SOURCES/edk2-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch +++ /dev/null @@ -1,273 +0,0 @@ -From 29c394f110b1f769e629e8775874261e33d4abd9 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Oct 2018 21:03:45 +0200 -Subject: [PATCH 4/4] BaseTools: Add more checker in Decompress algorithm to - access the valid buffer (CVE FIX) - -Message-id: <20181024190345.15288-5-lersek@redhat.com> -Patchwork-id: 82886 -O-Subject: [RHEL8 edk2 PATCH 4/4] BaseTools: Add more checker in Decompress - algorithm to access the valid buffer (CVE FIX) -Bugzilla: 1641445 -1641453 -1641464 -1641469 -Acked-by: Vitaly Kuznetsov -Acked-by: Thomas Huth - -From: Liming Gao - ---v-- RHEL8 note start --v-- - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641445 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641453 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641464 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641469 - -Unfortunately, the upstream patch series was not structured according to -the CVE reports. This patch contributes to fixing: - -- CVE-2017-5731 -- CVE-2017-5733 -- CVE-2017-5734 -- CVE-2017-5735 - -but not CVE-2017-5732 (contrarily to the upstream commit message). The -best I could achieve up-stream was to get the "CVE FIX" expression into -the subject, and a whole-sale dump of the CVEs into the body. I had not -been invited to the original (off-list, embargoed) analysis and review. - -The differences that "git-backport-diff" reports as "functional" for this -backport aren't actually functional differences. They are due to -downstream lacking two upstream commits: - -- f7496d717357 ("BaseTools: Clean up source files", 2018-07-09), with the - "usual" diffstat "289 files changed, 10645 insertions(+), 10645 - deletions(-)"; - -- more importantly, 472eb3b89682 ("BaseTools: Add --uefi option to enable - UefiCompress method", 2018-10-13). - -(Side note: in upstream, commit 472eb3b89682 was incorrectly reverted as -part of 1ccc4d895dd8 ("Revert BaseTools: PYTHON3 migration", 2018-10-15), -but then it was re-applied in f1400101a732.) - -In commit 472eb3b89682, the "UEFI" compression/decompression method was -added to BaseTools, beyond the original "Tiano" method. This caused the -Tiano method to be indented more deeply, in the main() function of -"TianoCompress.c". (Also the original Decompress() function was renamed to -TDecompress().) The CVE fix applies to the "Tiano" method, which RHEL8 -does have, but at a different nesting level. Therefore the changes have -been backported manually, and the difference in indentation is also why -"git-backport-diff" thinks the changes are functional. - -This backport, once applied, can be diffed against the upstream tree more -easily as follows: - - git diff -b HEAD..041d89bc0f01 -- \ - BaseTools/Source/C/Common/Decompress.c \ - BaseTools/Source/C/TianoCompress/TianoCompress.c - ---^-- RHEL8 note end --^-- - -Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 -https://bugzilla.tianocore.org/show_bug.cgi?id=686 - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Holtsclaw Brent -Signed-off-by: Liming Gao -Reviewed-by: Star Zeng -Acked-by: Laszlo Ersek -(cherry picked from commit 041d89bc0f0119df37a5fce1d0f16495ff905089) ---- - BaseTools/Source/C/Common/Decompress.c | 23 +++++++++++++++++++-- - BaseTools/Source/C/TianoCompress/TianoCompress.c | 26 +++++++++++++++++++++++- - 2 files changed, 46 insertions(+), 3 deletions(-) - -diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c -index 8f1afb4..bdc10f5 100644 ---- a/BaseTools/Source/C/Common/Decompress.c -+++ b/BaseTools/Source/C/Common/Decompress.c -@@ -194,12 +194,16 @@ Returns: - UINT16 Avail; - UINT16 NextCode; - UINT16 Mask; -+ UINT16 MaxTableLength; - - for (Index = 1; Index <= 16; Index++) { - Count[Index] = 0; - } - - for (Index = 0; Index < NumOfChar; Index++) { -+ if (BitLen[Index] > 16) { -+ return (UINT16) BAD_TABLE; -+ } - Count[BitLen[Index]]++; - } - -@@ -237,6 +241,7 @@ Returns: - - Avail = NumOfChar; - Mask = (UINT16) (1U << (15 - TableBits)); -+ MaxTableLength = (UINT16) (1U << TableBits); - - for (Char = 0; Char < NumOfChar; Char++) { - -@@ -250,6 +255,9 @@ Returns: - if (Len <= TableBits) { - - for (Index = Start[Len]; Index < NextCode; Index++) { -+ if (Index >= MaxTableLength) { -+ return (UINT16) BAD_TABLE; -+ } - Table[Index] = Char; - } - -@@ -643,10 +651,14 @@ Returns: (VOID) - - BytesRemain--; - while ((INT16) (BytesRemain) >= 0) { -- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - if (Sd->mOutBuf >= Sd->mOrigSize) { - return ; - } -+ if (DataIdx >= Sd->mOrigSize) { -+ Sd->mBadTableFlag = (UINT16) BAD_TABLE; -+ return ; -+ } -+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - - BytesRemain--; - } -@@ -684,6 +696,7 @@ Returns: - --*/ - { - UINT8 *Src; -+ UINT32 CompSize; - - *ScratchSize = sizeof (SCRATCH_DATA); - -@@ -692,7 +705,13 @@ Returns: - return EFI_INVALID_PARAMETER; - } - -+ CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24); - *DstSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); -+ -+ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) { -+ return EFI_INVALID_PARAMETER; -+ } -+ - return EFI_SUCCESS; - } - -@@ -752,7 +771,7 @@ Returns: - CompSize = Src[0] + (Src[1] << 8) + (Src[2] << 16) + (Src[3] << 24); - OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); - -- if (SrcSize < CompSize + 8) { -+ if (SrcSize < CompSize + 8 || (CompSize + 8) < 8) { - return EFI_INVALID_PARAMETER; - } - -diff --git a/BaseTools/Source/C/TianoCompress/TianoCompress.c b/BaseTools/Source/C/TianoCompress/TianoCompress.c -index 046fb36..d07fd9e 100644 ---- a/BaseTools/Source/C/TianoCompress/TianoCompress.c -+++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c -@@ -1753,6 +1753,7 @@ Returns: - SCRATCH_DATA *Scratch; - UINT8 *Src; - UINT32 OrigSize; -+ UINT32 CompSize; - - SetUtilityName(UTILITY_NAME); - -@@ -1761,6 +1762,7 @@ Returns: - OutBuffer = NULL; - Scratch = NULL; - OrigSize = 0; -+ CompSize = 0; - InputLength = 0; - InputFileName = NULL; - OutputFileName = NULL; -@@ -1979,15 +1981,24 @@ Returns: - if (DebugMode) { - DebugMsg(UTILITY_NAME, 0, DebugLevel, "Decoding\n", NULL); - } -+ if (InputLength < 8){ -+ Error (NULL, 0, 3000, "Invalid", "The input file %s is too small.", InputFileName); -+ goto ERROR; -+ } - // - // Get Compressed file original size - // - Src = (UINT8 *)FileBuffer; - OrigSize = Src[4] + (Src[5] << 8) + (Src[6] << 16) + (Src[7] << 24); -+ CompSize = Src[0] + (Src[1] << 8) + (Src[2] <<16) + (Src[3] <<24); - - // - // Allocate OutputBuffer - // -+ if (InputLength < CompSize + 8 || (CompSize + 8) < 8) { -+ Error (NULL, 0, 3000, "Invalid", "The input file %s data is invalid.", InputFileName); -+ goto ERROR; -+ } - OutBuffer = (UINT8 *)malloc(OrigSize); - if (OutBuffer == NULL) { - Error (NULL, 0, 4001, "Resource:", "Memory cannot be allocated!"); -@@ -2171,12 +2182,16 @@ Returns: - UINT16 Mask; - UINT16 WordOfStart; - UINT16 WordOfCount; -+ UINT16 MaxTableLength; - - for (Index = 0; Index <= 16; Index++) { - Count[Index] = 0; - } - - for (Index = 0; Index < NumOfChar; Index++) { -+ if (BitLen[Index] > 16) { -+ return (UINT16) BAD_TABLE; -+ } - Count[BitLen[Index]]++; - } - -@@ -2220,6 +2235,7 @@ Returns: - - Avail = NumOfChar; - Mask = (UINT16) (1U << (15 - TableBits)); -+ MaxTableLength = (UINT16) (1U << TableBits); - - for (Char = 0; Char < NumOfChar; Char++) { - -@@ -2233,6 +2249,9 @@ Returns: - if (Len <= TableBits) { - - for (Index = Start[Len]; Index < NextCode; Index++) { -+ if (Index >= MaxTableLength) { -+ return (UINT16) BAD_TABLE; -+ } - Table[Index] = Char; - } - -@@ -2617,11 +2636,16 @@ Returns: (VOID) - DataIdx = Sd->mOutBuf - DecodeP (Sd) - 1; - - BytesRemain--; -+ - while ((INT16) (BytesRemain) >= 0) { -- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - if (Sd->mOutBuf >= Sd->mOrigSize) { - goto Done ; - } -+ if (DataIdx >= Sd->mOrigSize) { -+ Sd->mBadTableFlag = (UINT16) BAD_TABLE; -+ goto Done ; -+ } -+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - - BytesRemain--; - } --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch b/SOURCES/edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch deleted file mode 100644 index cf09fe5..0000000 --- a/SOURCES/edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 115cf260ac54a6793a184227d6ae6bfe3da74a56 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 9 Jan 2019 17:10:05 +0100 -Subject: [PATCH 1/4] BaseTools: Fix UEFI and Tiano Decompression logic issue -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20190109161007.3471-2-philmd@redhat.com> -Patchwork-id: 83924 -O-Subject: [RHEL8 edk2 PATCH 1/3] BaseTools: Fix UEFI and Tiano Decompression - logic issue -Bugzilla: 1662184 -Acked-by: Laszlo Ersek -Acked-by: Vitaly Kuznetsov - -From: Liming Gao - -https://bugzilla.tianocore.org/show_bug.cgi?id=1317 - -This is a regression issue caused by 041d89bc0f0119df37a5fce1d0f16495ff905089. -In Decode() function, once mOutBuf is fully filled, Decode() should return. -Current logic misses the checker of mOutBuf after while() loop. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Liming Gao -Cc: Yonghong Zhu -Reviewed-by: Yonghong Zhu -(cherry picked from commit 5e45a1fdcfbf9b2b389122eb97475148594625f8) -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Danilo C. L. de Paula ---- - BaseTools/Source/C/Common/Decompress.c | 6 ++++++ - BaseTools/Source/C/TianoCompress/TianoCompress.c | 6 ++++++ - 2 files changed, 12 insertions(+) - -diff --git a/BaseTools/Source/C/Common/Decompress.c b/BaseTools/Source/C/Common/Decompress.c -index bdc10f5..af76f67 100644 ---- a/BaseTools/Source/C/Common/Decompress.c -+++ b/BaseTools/Source/C/Common/Decompress.c -@@ -662,6 +662,12 @@ Returns: (VOID) - - BytesRemain--; - } -+ // -+ // Once mOutBuf is fully filled, directly return -+ // -+ if (Sd->mOutBuf >= Sd->mOrigSize) { -+ return ; -+ } - } - } - -diff --git a/BaseTools/Source/C/TianoCompress/TianoCompress.c b/BaseTools/Source/C/TianoCompress/TianoCompress.c -index d07fd9e..369f7b3 100644 ---- a/BaseTools/Source/C/TianoCompress/TianoCompress.c -+++ b/BaseTools/Source/C/TianoCompress/TianoCompress.c -@@ -2649,6 +2649,12 @@ Returns: (VOID) - - BytesRemain--; - } -+ // -+ // Once mOutBuf is fully filled, directly return -+ // -+ if (Sd->mOutBuf >= Sd->mOrigSize) { -+ goto Done ; -+ } - } - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch b/SOURCES/edk2-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch deleted file mode 100644 index feeb709..0000000 --- a/SOURCES/edk2-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch +++ /dev/null @@ -1,98 +0,0 @@ -From bd8f7996e759b1aa2549efc6062dbed8ac9b8dcb Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:12:00 +0200 -Subject: [PATCH 3/7] BaseTools/Source/C: split "-O2" to BUILD_OPTFLAGS - -Message-id: <20180829151204.26958-4-lersek@redhat.com> -Patchwork-id: 81961 -O-Subject: [RHEL8/virt212 edk2 PATCH 3/7] BaseTools/Source/C: split "-O2" to - BUILD_OPTFLAGS -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -The option "-O2" is not a preprocessor flag, but a code generation -(compilation) flag. Move it from BUILD_CPPFLAGS to BUILD_CFLAGS and -BUILD_CXXFLAGS. - -Because "VfrCompile/GNUmakefile" uses "-O2" through BUILD_CPPFLAGS, and -because it doesn't use BUILD_CXXFLAGS, we have to introduce BUILD_OPTFLAGS -separately, so that "VfrCompile/GNUmakefile" can continue using just this -flag. - -This patch doesn't change behavior. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit b8a66170264395edeaa61e6d22930a58e576a685) ---- - BaseTools/Source/C/Makefiles/header.makefile | 6 +++++- - BaseTools/Source/C/VfrCompile/GNUmakefile | 11 +++++++---- - 2 files changed, 12 insertions(+), 5 deletions(-) - -diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 08421ba..498c6cf 100644 ---- a/BaseTools/Source/C/Makefiles/header.makefile -+++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -68,7 +68,8 @@ $(error Bad HOST_ARCH) - endif - - INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE) --BUILD_CPPFLAGS = $(INCLUDE) -O2 -+BUILD_CPPFLAGS = $(INCLUDE) -+BUILD_OPTFLAGS = -O2 - ifeq ($(DARWIN),Darwin) - # assume clang or clang compatible flags on OS X - BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g -@@ -91,6 +92,9 @@ ifeq ($(DARWIN),Darwin) - endif - endif - -+# keep BUILD_OPTFLAGS last -+BUILD_CFLAGS += $(BUILD_OPTFLAGS) -+BUILD_CXXFLAGS += $(BUILD_OPTFLAGS) - - .PHONY: all - .PHONY: install -diff --git a/BaseTools/Source/C/VfrCompile/GNUmakefile b/BaseTools/Source/C/VfrCompile/GNUmakefile -index c4ec61a..bbe562c 100644 ---- a/BaseTools/Source/C/VfrCompile/GNUmakefile -+++ b/BaseTools/Source/C/VfrCompile/GNUmakefile -@@ -25,6 +25,9 @@ OBJECTS = AParser.o DLexerBase.o ATokenBuffer.o EfiVfrParser.o VfrLexer.o VfrSyn - - VFR_CPPFLAGS = -DPCCTS_USE_NAMESPACE_STD $(BUILD_CPPFLAGS) - -+# keep BUILD_OPTFLAGS last -+VFR_CXXFLAGS = $(BUILD_OPTFLAGS) -+ - LINKER = $(BUILD_CXX) - - EXTRA_CLEAN_OBJECTS = EfiVfrParser.cpp EfiVfrParser.h VfrParser.dlg VfrTokens.h VfrLexer.cpp VfrLexer.h VfrSyntax.cpp tokens.h -@@ -58,16 +61,16 @@ Pccts/dlg/dlg: - BIN_DIR='.' $(MAKE) -C Pccts/dlg - - ATokenBuffer.o: Pccts/h/ATokenBuffer.cpp -- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@ -+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@ - - DLexerBase.o: Pccts/h/DLexerBase.cpp -- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@ -+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@ - - AParser.o: Pccts/h/AParser.cpp -- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@ -+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@ - - VfrSyntax.o: VfrSyntax.cpp -- $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $? -o $@ -+ $(BUILD_CXX) -c $(VFR_CPPFLAGS) $(INC) $(VFR_CXXFLAGS) $? -o $@ - - clean: localClean - --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch b/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch deleted file mode 100644 index 334d001..0000000 --- a/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7ad1348d09a32c467229ee8bef98a09e47b5a708 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:12:02 +0200 -Subject: [PATCH 5/7] BaseTools/Source/C: take EXTRA_LDFLAGS from the caller - -Message-id: <20180829151204.26958-6-lersek@redhat.com> -Patchwork-id: 81965 -O-Subject: [RHEL8/virt212 edk2 PATCH 5/7] BaseTools/Source/C: take EXTRA_LDFLAGS - from the caller -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -Allow the caller of the top-level makefile either to set EXTRA_LDFLAGS in -the environment or to pass EXTRA_LDFLAGS as a macro definition on the -command line. EXTRA_LDFLAGS extends (and potentially overrides) default -link-editing flags set in the makefiles. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit 81502cee20ac4046f08bb4aec754c7091c8808dc) ---- - BaseTools/Source/C/Makefiles/header.makefile | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 1b4cad5..7f283d6 100644 ---- a/BaseTools/Source/C/Makefiles/header.makefile -+++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -99,6 +99,9 @@ endif - BUILD_CFLAGS += $(BUILD_OPTFLAGS) - BUILD_CXXFLAGS += $(BUILD_OPTFLAGS) - -+# keep EXTRA_LDFLAGS last -+BUILD_LFLAGS += $(EXTRA_LDFLAGS) -+ - .PHONY: all - .PHONY: install - .PHONY: clean --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch b/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch deleted file mode 100644 index 6a97cc4..0000000 --- a/SOURCES/edk2-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch +++ /dev/null @@ -1,48 +0,0 @@ -From c8f78f5ef3463ffb63d26879d858327aba934d12 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:12:01 +0200 -Subject: [PATCH 4/7] BaseTools/Source/C: take EXTRA_OPTFLAGS from the caller - -Message-id: <20180829151204.26958-5-lersek@redhat.com> -Patchwork-id: 81966 -O-Subject: [RHEL8/virt212 edk2 PATCH 4/7] BaseTools/Source/C: take - EXTRA_OPTFLAGS from the caller -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -Allow the caller of the top-level makefile either to set EXTRA_OPTFLAGS in -the environment or to pass EXTRA_OPTFLAGS as a macro definition on the -command line. EXTRA_OPTFLAGS extends (and potentially overrides) default C -compilation flags set in the makefiles. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit b0ca5dae78ff71397a8ef568f1914da7668ff5a9) ---- - BaseTools/Source/C/Makefiles/header.makefile | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index 498c6cf..1b4cad5 100644 ---- a/BaseTools/Source/C/Makefiles/header.makefile -+++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -69,7 +69,10 @@ endif - - INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKEROOT)/Include/ -I $(MAKEROOT)/Include/IndustryStandard -I $(MAKEROOT)/Common/ -I .. -I . $(ARCH_INCLUDE) - BUILD_CPPFLAGS = $(INCLUDE) --BUILD_OPTFLAGS = -O2 -+ -+# keep EXTRA_OPTFLAGS last -+BUILD_OPTFLAGS = -O2 $(EXTRA_OPTFLAGS) -+ - ifeq ($(DARWIN),Darwin) - # assume clang or clang compatible flags on OS X - BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch b/SOURCES/edk2-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch deleted file mode 100644 index 0571886..0000000 --- a/SOURCES/edk2-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 5825a1b2507e195c40a8655e18c5485c00513445 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:12:03 +0200 -Subject: [PATCH 6/7] BaseTools/VfrCompile: honor EXTRA_LDFLAGS - -Message-id: <20180829151204.26958-7-lersek@redhat.com> -Patchwork-id: 81963 -O-Subject: [RHEL8/virt212 edk2 PATCH 6/7] BaseTools/VfrCompile: honor - EXTRA_LDFLAGS -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -In commit 81502cee20ac ("BaseTools/Source/C: take EXTRA_LDFLAGS from the -caller", 2018-08-16), I missed that "VfrCompile/GNUmakefile" does not use -BUILD_LFLAGS in the APPLICATION linking rule, unlike "app.makefile" does. -Instead, "VfrCompile/GNUmakefile" uses the (undefined) LFLAGS macro. -Therefore commit 81502cee20ac did not cover the linking step of -VfrCompile. - -Thankfully, the structure of the linking rules is the same, between -"app.makefile" and "VfrCompile/GNUmakefile". Rename the undefined LFLAGS -macro in "VfrCompile/GNUmakefile" to VFR_LFLAGS (for consistency with -VFR_CXXFLAGS), and set it to EXTRA_LDFLAGS. - -As a result, we have: - - | compilation | linking - -----------+--------------------------------+---------------------- - VfrCompile | VFR_CXXFLAGS = | VFR_LFLAGS = - | BUILD_OPTFLAGS = | EXTRA_LDFLAGS - | '-O2' + EXTRA_OPTFLAGS | - -----------+--------------------------------+---------------------- - other apps | BUILD_CFLAGS/BUILD_CXXFLAGS = | BUILD_LFLAGS = - | [...] + BUILD_OPTFLAGS = | [...] + EXTRA_LDFLAGS - | [...] + '-O2' + EXTRA_OPTFLAGS | - -This table shows -- that the VfrCompile compilation and linking flags are always a subset of - the corresponding flags used by the other apps, -- and that the EXTRA flags are always at the end. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Fixes: 81502cee20ac4046f08bb4aec754c7091c8808dc -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit aa4e0df1f0c7ffdff07d7e382c9da89cbe207cdb) ---- - BaseTools/Source/C/VfrCompile/GNUmakefile | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/BaseTools/Source/C/VfrCompile/GNUmakefile b/BaseTools/Source/C/VfrCompile/GNUmakefile -index bbe562c..9273589 100644 ---- a/BaseTools/Source/C/VfrCompile/GNUmakefile -+++ b/BaseTools/Source/C/VfrCompile/GNUmakefile -@@ -28,6 +28,9 @@ VFR_CPPFLAGS = -DPCCTS_USE_NAMESPACE_STD $(BUILD_CPPFLAGS) - # keep BUILD_OPTFLAGS last - VFR_CXXFLAGS = $(BUILD_OPTFLAGS) - -+# keep EXTRA_LDFLAGS last -+VFR_LFLAGS = $(EXTRA_LDFLAGS) -+ - LINKER = $(BUILD_CXX) - - EXTRA_CLEAN_OBJECTS = EfiVfrParser.cpp EfiVfrParser.h VfrParser.dlg VfrTokens.h VfrLexer.cpp VfrLexer.h VfrSyntax.cpp tokens.h -@@ -42,7 +45,7 @@ APPLICATION = $(MAKEROOT)/bin/$(APPNAME) - all: $(MAKEROOT)/bin $(APPLICATION) - - $(APPLICATION): $(OBJECTS) -- $(LINKER) -o $(APPLICATION) $(LFLAGS) $(OBJECTS) -L$(MAKEROOT)/libs $(LIBS) -+ $(LINKER) -o $(APPLICATION) $(VFR_LFLAGS) $(OBJECTS) -L$(MAKEROOT)/libs $(LIBS) - - VfrCompiler.o: ../Include/Common/BuildVersion.h - --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch b/SOURCES/edk2-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch deleted file mode 100644 index 377b88c..0000000 --- a/SOURCES/edk2-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5898a7a6403bb5ff73fc27a39f9c64b746089cb1 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:11:58 +0200 -Subject: [PATCH 1/7] BaseTools/footer.makefile: expand BUILD_CFLAGS last for C - files too - -Message-id: <20180829151204.26958-2-lersek@redhat.com> -Patchwork-id: 81962 -O-Subject: [RHEL8/virt212 edk2 PATCH 1/7] BaseTools/footer.makefile: expand - BUILD_CFLAGS last for C files too -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -BUILD_CPPFLAGS should be expanded before BUILD_CFLAGS. (The rule for C++ -source files already does this, with BUILD_CPPFLAGS and BUILD_CXXFLAGS.) - -This patch doesn't change behavior. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit 67983484a4430c5f82bb5f1397e010c759136321) ---- - BaseTools/Source/C/Makefiles/footer.makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/BaseTools/Source/C/Makefiles/footer.makefile b/BaseTools/Source/C/Makefiles/footer.makefile -index 0926aa9..5bda9e4 100644 ---- a/BaseTools/Source/C/Makefiles/footer.makefile -+++ b/BaseTools/Source/C/Makefiles/footer.makefile -@@ -24,7 +24,7 @@ $(LIBRARY): $(OBJECTS) - $(BUILD_AR) crs $@ $^ - - %.o : %.c -- $(BUILD_CC) -c $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $< -o $@ -+ $(BUILD_CC) -c $(BUILD_CPPFLAGS) $(BUILD_CFLAGS) $< -o $@ - - %.o : %.cpp - $(BUILD_CXX) -c $(BUILD_CPPFLAGS) $(BUILD_CXXFLAGS) $< -o $@ --- -1.8.3.1 - diff --git a/SOURCES/edk2-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch b/SOURCES/edk2-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch deleted file mode 100644 index b32d6a9..0000000 --- a/SOURCES/edk2-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch +++ /dev/null @@ -1,51 +0,0 @@ -From e7091299a079fd0405f01276f35838884b4c06b5 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 29 Aug 2018 17:11:59 +0200 -Subject: [PATCH 2/7] BaseTools/header.makefile: remove "-c" from BUILD_CFLAGS - -Message-id: <20180829151204.26958-3-lersek@redhat.com> -Patchwork-id: 81964 -O-Subject: [RHEL8/virt212 edk2 PATCH 2/7] BaseTools/header.makefile: remove "-c" - from BUILD_CFLAGS -Bugzilla: 1607906 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -Option "-c" is a mode selection flag (choosing between compiling and -linking); it should not be in BUILD_CFLAGS, which applies only to -compiling anyway. The compilation rule for C source files, in -"footer.makefile", already includes "-c" -- currently we have double "-c" -options. - -This patch doesn't change behavior. - -Cc: Liming Gao -Cc: Yonghong Zhu -Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1540244 -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Laszlo Ersek -Reviewed-by: Liming Gao -(cherry picked from commit 03252ae287c4a61983b3793ff71baeabe2ff3df7) ---- - BaseTools/Source/C/Makefiles/header.makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/BaseTools/Source/C/Makefiles/header.makefile b/BaseTools/Source/C/Makefiles/header.makefile -index db43677..08421ba 100644 ---- a/BaseTools/Source/C/Makefiles/header.makefile -+++ b/BaseTools/Source/C/Makefiles/header.makefile -@@ -71,9 +71,9 @@ INCLUDE = $(TOOL_INCLUDE) -I $(MAKEROOT) -I $(MAKEROOT)/Include/Common -I $(MAKE - BUILD_CPPFLAGS = $(INCLUDE) -O2 - ifeq ($(DARWIN),Darwin) - # assume clang or clang compatible flags on OS X --BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -c -g -+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-self-assign -Wno-unused-result -nostdlib -g - else --BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -c -g -+BUILD_CFLAGS = -MD -fshort-wchar -fno-strict-aliasing -Wall -Werror -Wno-deprecated-declarations -Wno-stringop-truncation -Wno-restrict -Wno-unused-result -nostdlib -g - endif - BUILD_LFLAGS = - BUILD_CXXFLAGS = -Wno-unused-result --- -1.8.3.1 - diff --git a/SOURCES/edk2-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch b/SOURCES/edk2-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch deleted file mode 100644 index f316c12..0000000 --- a/SOURCES/edk2-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 8358e53013fc62c9556598ad842d233906de00ef Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Oct 2018 21:03:44 +0200 -Subject: [PATCH 3/4] IntelFrameworkModulePkg: Add more checker in - UefiTianoDecompressLib (CVE FIX) - -Message-id: <20181024190345.15288-4-lersek@redhat.com> -Patchwork-id: 82885 -O-Subject: [RHEL8 edk2 PATCH 3/4] IntelFrameworkModulePkg: Add more checker in - UefiTianoDecompressLib (CVE FIX) -Bugzilla: 1641453 -1641464 -1641469 -Acked-by: Vitaly Kuznetsov -Acked-by: Thomas Huth - -From: Liming Gao - ---v-- RHEL8 note start --v-- - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641453 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641464 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641469 - -Unfortunately, the upstream patch series was not structured according to -the CVE reports. This patch contributes to fixing: - -- CVE-2017-5733 -- CVE-2017-5734 -- CVE-2017-5735 - -but not CVE-2017-5731 or CVE-2017-5732 (contrarily to the upstream commit -message). The best I could achieve up-stream was to get the "CVE FIX" -expression into the subject, and a whole-sale dump of the CVEs into the -body. I had not been invited to the original (off-list, embargoed) -analysis and review. - -The trivial context difference (whitespace) is due to RHEL8 lacking -upstream commit 0a6f48249a60 ("IntelFrameworkModulePkg: Clean up source -files", 2018-06-28). I've considered backporting that (since it only -cleans up whitespace). However, the diffstat on that commit convinced me -otherwise: "246 files changed, 4067 insertions(+), 4067 deletions(-)". -I've decided not to do a partial backport of that (i.e. just for -"BaseUefiTianoCustomDecompressLib.c"). - ---^-- RHEL8 note end --^-- - -Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 -https://bugzilla.tianocore.org/show_bug.cgi?id=686 -To make sure the valid buffer be accessed only. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Holtsclaw Brent -Signed-off-by: Liming Gao -Reviewed-by: Star Zeng -Acked-by: Laszlo Ersek -(cherry picked from commit 684db6da64bc7b5faee4e1174e801c245f563b5c) -Signed-off-by: Laszlo Ersek ---- - .../BaseUefiTianoCustomDecompressLib.c | 16 ++++++++++++++-- - 1 file changed, 14 insertions(+), 2 deletions(-) - -diff --git a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -index cb009e7..9b00166 100644 ---- a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -+++ b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -@@ -143,6 +143,7 @@ MakeTable ( - UINT16 Mask; - UINT16 WordOfStart; - UINT16 WordOfCount; -+ UINT16 MaxTableLength; - - // - // The maximum mapping table width supported by this internal -@@ -155,6 +156,9 @@ MakeTable ( - } - - for (Index = 0; Index < NumOfChar; Index++) { -+ if (BitLen[Index] > 16) { -+ return (UINT16) BAD_TABLE; -+ } - Count[BitLen[Index]]++; - } - -@@ -196,6 +200,7 @@ MakeTable ( - - Avail = NumOfChar; - Mask = (UINT16) (1U << (15 - TableBits)); -+ MaxTableLength = (UINT16) (1U << TableBits); - - for (Char = 0; Char < NumOfChar; Char++) { - -@@ -209,6 +214,9 @@ MakeTable ( - if (Len <= TableBits) { - - for (Index = Start[Len]; Index < NextCode; Index++) { -+ if (Index >= MaxTableLength) { -+ return (UINT16) BAD_TABLE; -+ } - Table[Index] = Char; - } - -@@ -615,10 +623,14 @@ Decode ( - // - BytesRemain--; - while ((INT16) (BytesRemain) >= 0) { -- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - if (Sd->mOutBuf >= Sd->mOrigSize) { - goto Done ; - } -+ if (DataIdx >= Sd->mOrigSize) { -+ Sd->mBadTableFlag = (UINT16) BAD_TABLE; -+ goto Done ; -+ } -+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - - BytesRemain--; - } -@@ -688,7 +700,7 @@ UefiDecompressGetInfo ( - } - - CompressedSize = ReadUnaligned32 ((UINT32 *)Source); -- if (SourceSize < (CompressedSize + 8)) { -+ if (SourceSize < (CompressedSize + 8) || (CompressedSize + 8) < 8) { - return RETURN_INVALID_PARAMETER; - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch b/SOURCES/edk2-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch deleted file mode 100644 index e35c99b..0000000 --- a/SOURCES/edk2-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 601458a0a87bf4169d1f0c81c0bb454d22abe8f0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 9 Jan 2019 17:10:07 +0100 -Subject: [PATCH 3/4] IntelFrameworkModulePkg: Fix UEFI and Tiano Decompression - logic issue -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20190109161007.3471-4-philmd@redhat.com> -Patchwork-id: 83926 -O-Subject: [RHEL8 edk2 PATCH 3/3] IntelFrameworkModulePkg: Fix UEFI and Tiano - Decompression logic issue -Bugzilla: 1662184 -Acked-by: Laszlo Ersek -Acked-by: Vitaly Kuznetsov - -From: Liming Gao - -https://bugzilla.tianocore.org/show_bug.cgi?id=1317 - -This is a regression issue caused by 684db6da64bc7b5faee4e1174e801c245f563b5c. -In Decode() function, once mOutBuf is fully filled, Decode() should return. -Current logic misses the checker of mOutBuf after while() loop. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Liming Gao -Reviewed-by: Yonghong Zhu -(cherry picked from commit ade71c52a49d659b20c0b433fb11ddb4f4f543c4) -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Danilo C. L. de Paula ---- - .../BaseUefiTianoCustomDecompressLib.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -index 9b00166..e34bf4b 100644 ---- a/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -+++ b/IntelFrameworkModulePkg/Library/BaseUefiTianoCustomDecompressLib/BaseUefiTianoCustomDecompressLib.c -@@ -634,6 +634,12 @@ Decode ( - - BytesRemain--; - } -+ // -+ // Once mOutBuf is fully filled, directly return -+ // -+ if (Sd->mOutBuf >= Sd->mOrigSize) { -+ goto Done ; -+ } - } - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch b/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch deleted file mode 100644 index 1d83568..0000000 --- a/SOURCES/edk2-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch +++ /dev/null @@ -1,102 +0,0 @@ -From b045711f96003a53493cd334fe867981fb3cae2b Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 1 Mar 2019 13:45:07 +0100 -Subject: [PATCH 1/2] MdeModulePkg/PartitionDxe: Ensure blocksize holds MBR - (CVE-2018-12180) - -Message-id: <20190301124508.18497-2-lersek@redhat.com> -Patchwork-id: 84759 -O-Subject: [RHEL-8.0 edk2 PATCH 1/2] MdeModulePkg/PartitionDxe: Ensure blocksize - holds MBR (CVE-2018-12180) -Bugzilla: 1690501 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -From: Hao Wu - ---v-- RHEL-8.0 note --v-- - -Trivial conflicts resolved in "Gpt.c" and "Mbr.c": up-stream, the Intel -copyright notice got meanwhile extended to 2018, in commit d1102dba7210 -("MdeModulePkg: Clean up source files", 2018-06-28). - ---^-- RHEL-8.0 note --^-- - -REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134 - -The commit adds checks for detecting GPT and MBR partitions. - -These checks will ensure that the device block size is big enough to hold -an MBR (512 bytes). - -Cc: Jian J Wang -Cc: Star Zeng -Cc: Laszlo Ersek -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Hao Wu -Reviewed-by: Ray Ni -(cherry picked from commit fccdb88022c1f6d85c773fce506b10c879063f1d) -Signed-off-by: Laszlo Ersek -Signed-off-by: Danilo C. L. de Paula ---- - MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c | 9 ++++++++- - MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c | 9 ++++++++- - 2 files changed, 16 insertions(+), 2 deletions(-) - -diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -index fe26a64..141dca0 100644 ---- a/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Gpt.c -@@ -14,7 +14,7 @@ - partition content and validate the GPT table and GPT entry. - - Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. --Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -237,6 +237,13 @@ PartitionInstallGptChildHandles ( - GptValidStatus = EFI_NOT_FOUND; - - // -+ // Ensure the block size can hold the MBR -+ // -+ if (BlockSize < sizeof (MASTER_BOOT_RECORD)) { -+ return EFI_NOT_FOUND; -+ } -+ -+ // - // Allocate a buffer for the Protective MBR - // - ProtectiveMbr = AllocatePool (BlockSize); -diff --git a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c -index 479745b..d7a15b4 100644 ---- a/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c -+++ b/MdeModulePkg/Universal/Disk/PartitionDxe/Mbr.c -@@ -13,7 +13,7 @@ - - Copyright (c) 2018 Qualcomm Datacenter Technologies, Inc. - Copyright (c) 2014, Hewlett-Packard Development Company, L.P.
--Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.
-+Copyright (c) 2006 - 2019, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -150,6 +150,13 @@ PartitionInstallMbrChildHandles ( - MediaId = BlockIo->Media->MediaId; - LastBlock = BlockIo->Media->LastBlock; - -+ // -+ // Ensure the block size can hold the MBR -+ // -+ if (BlockSize < sizeof (MASTER_BOOT_RECORD)) { -+ return EFI_NOT_FOUND; -+ } -+ - Mbr = AllocatePool (BlockSize); - if (Mbr == NULL) { - return Found; --- -1.8.3.1 - diff --git a/SOURCES/edk2-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch b/SOURCES/edk2-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch deleted file mode 100644 index 82d285b..0000000 --- a/SOURCES/edk2-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch +++ /dev/null @@ -1,137 +0,0 @@ -From 1fab0b299bc4c5b3f5106f718692f8f9bad5e635 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Fri, 1 Mar 2019 13:45:08 +0100 -Subject: [PATCH 2/2] MdeModulePkg/RamDiskDxe: Restrict on RAM disk size - (CVE-2018-12180) - -Message-id: <20190301124508.18497-3-lersek@redhat.com> -Patchwork-id: 84760 -O-Subject: [RHEL-8.0 edk2 PATCH 2/2] MdeModulePkg/RamDiskDxe: Restrict on RAM - disk size (CVE-2018-12180) -Bugzilla: 1690501 -Acked-by: Thomas Huth -Acked-by: Vitaly Kuznetsov - -From: Hao Wu - -REF:https://bugzilla.tianocore.org/show_bug.cgi?id=1134 - -Originally, the block size of created Ram disks is hard-coded to 512 -bytes. However, if the total size of the Ram disk is not a multiple of 512 -bytes, there will be potential memory access issues when dealing with the -last block of the Ram disk. - -This commit will adjust the block size of the Ram disks to ensure that the -total size is a multiple of the block size. - -Cc: Jian J Wang -Cc: Star Zeng -Cc: Laszlo Ersek -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Hao Wu -Reviewed-by: Ray Ni -(cherry picked from commit 38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f) -Signed-off-by: Laszlo Ersek -Signed-off-by: Danilo C. L. de Paula ---- - .../Universal/Disk/RamDiskDxe/RamDiskBlockIo.c | 20 ++++++++++++++------ - MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h | 6 +++--- - .../Universal/Disk/RamDiskDxe/RamDiskProtocol.c | 5 +++-- - 3 files changed, 20 insertions(+), 11 deletions(-) - -diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c -index 4f74b5e..8926ad7 100644 ---- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c -+++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskBlockIo.c -@@ -1,7 +1,7 @@ - /** @file - Produce EFI_BLOCK_IO_PROTOCOL on a RAM disk device. - -- Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
-+ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -54,6 +54,7 @@ RamDiskInitBlockIo ( - EFI_BLOCK_IO_PROTOCOL *BlockIo; - EFI_BLOCK_IO2_PROTOCOL *BlockIo2; - EFI_BLOCK_IO_MEDIA *Media; -+ UINT32 Remainder; - - BlockIo = &PrivateData->BlockIo; - BlockIo2 = &PrivateData->BlockIo2; -@@ -69,11 +70,18 @@ RamDiskInitBlockIo ( - Media->LogicalPartition = FALSE; - Media->ReadOnly = FALSE; - Media->WriteCaching = FALSE; -- Media->BlockSize = RAM_DISK_BLOCK_SIZE; -- Media->LastBlock = DivU64x32 ( -- PrivateData->Size + RAM_DISK_BLOCK_SIZE - 1, -- RAM_DISK_BLOCK_SIZE -- ) - 1; -+ -+ for (Media->BlockSize = RAM_DISK_DEFAULT_BLOCK_SIZE; -+ Media->BlockSize >= 1; -+ Media->BlockSize = Media->BlockSize >> 1) { -+ Media->LastBlock = DivU64x32Remainder (PrivateData->Size, Media->BlockSize, &Remainder) - 1; -+ if (Remainder == 0) { -+ break; -+ } -+ } -+ ASSERT (Media->BlockSize != 0); -+ -+ return; - } - - -diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h -index 077bb77..18c7bb2 100644 ---- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h -+++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskImpl.h -@@ -1,7 +1,7 @@ - /** @file - The header file of RamDiskDxe driver. - -- Copyright (c) 2016, Intel Corporation. All rights reserved.
-+ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License - which accompanies this distribution. The full text of the license may be found at -@@ -49,9 +49,9 @@ - /// - - // --// Block size for RAM disk -+// Default block size for RAM disk - // --#define RAM_DISK_BLOCK_SIZE 512 -+#define RAM_DISK_DEFAULT_BLOCK_SIZE 512 - - // - // Iterate through the double linked list. NOT delete safe -diff --git a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c -index 6784e2b..e8250d5 100644 ---- a/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c -+++ b/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskProtocol.c -@@ -1,7 +1,7 @@ - /** @file - The realization of EFI_RAM_DISK_PROTOCOL. - -- Copyright (c) 2016, Intel Corporation. All rights reserved.
-+ Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.
- (C) Copyright 2016 Hewlett Packard Enterprise Development LP
- This program and the accompanying materials - are licensed and made available under the terms and conditions of the BSD License -@@ -613,7 +613,8 @@ RamDiskRegister ( - // - // Add check to prevent data read across the memory boundary - // -- if (RamDiskBase + RamDiskSize > ((UINTN) -1) - RAM_DISK_BLOCK_SIZE + 1) { -+ if ((RamDiskSize > MAX_UINTN) || -+ (RamDiskBase > MAX_UINTN - RamDiskSize + 1)) { - return EFI_INVALID_PARAMETER; - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch b/SOURCES/edk2-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch deleted file mode 100644 index 0c7b2cc..0000000 --- a/SOURCES/edk2-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 3b8ff18ad4ac1af740a979ad27fb83dbbdca70ef Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Oct 2018 21:03:42 +0200 -Subject: [PATCH 1/4] MdeModulePkg Variable: Fix Timestamp zeroing issue on - APPEND_WRITE - -Message-id: <20181024190345.15288-2-lersek@redhat.com> -Patchwork-id: 82887 -O-Subject: [RHEL8 edk2 PATCH 1/4] MdeModulePkg Variable: Fix Timestamp zeroing - issue on APPEND_WRITE -Bugzilla: 1641436 -Acked-by: Vitaly Kuznetsov -Acked-by: Thomas Huth - -From: Star Zeng - ---v-- RHEL8 note start --v-- - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641436 - -This patch fixes CVE-2018-3613. Unfortunately, the upstream subject line -does not include the CVE number. I've decided to stick with the upstream -subject verbatim in the backport, so we can more easily drop this patch at -the next rebase. On the upstream list, I did complain loudly, so there's -hope the next CVE fix will advertise the CVE number in the subject. - -In practice, the vulnerability is difficult to exploit. Please refer to -the following messages in the upstream discussion: - - https://lists.01.org/pipermail/edk2-devel/2018-October/031103.html - https://lists.01.org/pipermail/edk2-devel/2018-October/031140.html - ---^-- RHEL8 note end --^-- - -REF: https://bugzilla.tianocore.org/show_bug.cgi?id=415 - -When SetVariable() to a time based auth variable with APPEND_WRITE -attribute, and if the EFI_VARIABLE_AUTHENTICATION_2.TimeStamp in -the input Data is earlier than current value, it will cause timestamp -zeroing. - -This issue may bring time based auth variable downgrade problem. -For example: -A vendor released three certs at 2014, 2015, and 2016, and system -integrated the 2016 cert. User can SetVariable() with 2015 cert and -APPEND_WRITE attribute to cause timestamp zeroing first, then -SetVariable() with 2014 cert to downgrade the cert. - -This patch fixes this issue. - -Cc: Jiewen Yao -Cc: Chao Zhang -Cc: Jian J Wang -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Star Zeng -Reviewed-by: Jiewen Yao -(cherry picked from commit b7dc8888f31402f410c53242839271ba3b94b619) -Signed-off-by: Laszlo Ersek ---- - MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -index 6caf603..60439b5 100644 ---- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c -@@ -2460,6 +2460,8 @@ UpdateVariable ( - if (Variable->CurrPtr != NULL) { - if (VariableCompareTimeStampInternal (&(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), TimeStamp)) { - CopyMem (&AuthVariable->TimeStamp, TimeStamp, sizeof (EFI_TIME)); -+ } else { -+ CopyMem (&AuthVariable->TimeStamp, &(((AUTHENTICATED_VARIABLE_HEADER *) CacheVariable->CurrPtr)->TimeStamp), sizeof (EFI_TIME)); - } - } - } --- -1.8.3.1 - diff --git a/SOURCES/edk2-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch b/SOURCES/edk2-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch deleted file mode 100644 index 6fd94c1..0000000 --- a/SOURCES/edk2-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 41129e136b621728eb5cb1c81aafcc5fedc53a12 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 24 Oct 2018 21:03:43 +0200 -Subject: [PATCH 2/4] MdePkg: Add more checker in UefiDecompressLib to access - the valid buffer only (CVE FIX) - -Message-id: <20181024190345.15288-3-lersek@redhat.com> -Patchwork-id: 82883 -O-Subject: [RHEL8 edk2 PATCH 2/4] MdePkg: Add more checker in UefiDecompressLib - to access the valid buffer only (CVE FIX) -Bugzilla: 1641449 -1641453 -1641464 -1641469 -Acked-by: Vitaly Kuznetsov -Acked-by: Thomas Huth - -From: Liming Gao - ---v-- RHEL8 note start --v-- - -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641449 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641453 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641464 -Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1641469 - -Unfortunately, the upstream patch series was not structured according to -the CVE reports. This patch contributes to fixing: - -- CVE-2017-5732 -- CVE-2017-5733 -- CVE-2017-5734 -- CVE-2017-5735 - -but not CVE-2017-5731 (contrarily to the upstream commit message). The -best I could achieve up-stream was to get the "CVE FIX" expression into -the subject, and a whole-sale dump of the CVEs into the body. I had not -been invited to the original (off-list, embargoed) analysis and review. - -The trivial context difference (whitespace) is due to RHEL8 lacking -upstream commit 9095d37b8fe5 ("MdePkg: Clean up source files", -2018-06-28). I've considered backporting that (since it only cleans up -whitespace). However, the diffstat on that commit convinced me otherwise: -"729 files changed, 15667 insertions(+), 15667 deletions(-)". I've decided -not to do a partial backport of that (i.e. just for -"BaseUefiDecompressLib.c"). - ---^-- RHEL8 note end --^-- - -Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735 -https://bugzilla.tianocore.org/show_bug.cgi?id=686 - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Holtsclaw Brent -Signed-off-by: Liming Gao -Reviewed-by: Star Zeng -Acked-by: Laszlo Ersek -(cherry picked from commit 2ec7953d49677142c5f7552e9e3d96fb406ba0c4) -Signed-off-by: Laszlo Ersek ---- - .../BaseUefiDecompressLib/BaseUefiDecompressLib.c | 17 +++++++++++++++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - -diff --git a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -index e818543..0c6b1fe 100644 ---- a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -+++ b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -@@ -152,6 +152,7 @@ MakeTable ( - UINT16 Mask; - UINT16 WordOfStart; - UINT16 WordOfCount; -+ UINT16 MaxTableLength; - - // - // The maximum mapping table width supported by this internal -@@ -164,6 +165,9 @@ MakeTable ( - } - - for (Index = 0; Index < NumOfChar; Index++) { -+ if (BitLen[Index] > 16) { -+ return (UINT16) BAD_TABLE; -+ } - Count[BitLen[Index]]++; - } - -@@ -205,6 +209,7 @@ MakeTable ( - - Avail = NumOfChar; - Mask = (UINT16) (1U << (15 - TableBits)); -+ MaxTableLength = (UINT16) (1U << TableBits); - - for (Char = 0; Char < NumOfChar; Char++) { - -@@ -218,6 +223,9 @@ MakeTable ( - if (Len <= TableBits) { - - for (Index = Start[Len]; Index < NextCode; Index++) { -+ if (Index >= MaxTableLength) { -+ return (UINT16) BAD_TABLE; -+ } - Table[Index] = Char; - } - -@@ -620,11 +628,16 @@ Decode ( - // Write BytesRemain of bytes into mDstBase - // - BytesRemain--; -+ - while ((INT16) (BytesRemain) >= 0) { -- Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - if (Sd->mOutBuf >= Sd->mOrigSize) { - goto Done; - } -+ if (DataIdx >= Sd->mOrigSize) { -+ Sd->mBadTableFlag = (UINT16) BAD_TABLE; -+ goto Done; -+ } -+ Sd->mDstBase[Sd->mOutBuf++] = Sd->mDstBase[DataIdx++]; - - BytesRemain--; - } -@@ -694,7 +707,7 @@ UefiDecompressGetInfo ( - } - - CompressedSize = ReadUnaligned32 ((UINT32 *)Source); -- if (SourceSize < (CompressedSize + 8)) { -+ if (SourceSize < (CompressedSize + 8) || (CompressedSize + 8) < 8) { - return RETURN_INVALID_PARAMETER; - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch b/SOURCES/edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch deleted file mode 100644 index 381062b..0000000 --- a/SOURCES/edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c46469847b68f6a1a5b42feaf0de7a83fd0bed85 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Wed, 9 Jan 2019 17:10:06 +0100 -Subject: [PATCH 2/4] MdePkg BaseUefiDecompressLib: Fix UEFI Decompression - logic issue -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20190109161007.3471-3-philmd@redhat.com> -Patchwork-id: 83923 -O-Subject: [RHEL8 edk2 PATCH 2/3] MdePkg BaseUefiDecompressLib: Fix UEFI - Decompression logic issue -Bugzilla: 1662184 -Acked-by: Laszlo Ersek -Acked-by: Vitaly Kuznetsov - -From: Liming Gao - -https://bugzilla.tianocore.org/show_bug.cgi?id=1317 - -This is a regression issue caused by 2ec7953d49677142c5f7552e9e3d96fb406ba0c4. -In Decode() function, once mOutBuf is fully filled, Decode() should return. -Current logic misses the checker of mOutBuf after while() loop. - -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Liming Gao -Cc: Michael Kinney -Reviewed-by: Yonghong Zhu -(cherry picked from commit 1c4cecc9fd314de0dce8125b0d4b45967637a401) -Signed-off-by: Philippe Mathieu-Daudé -Signed-off-by: Danilo C. L. de Paula ---- - MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -index 0c6b1fe..8c30e97 100644 ---- a/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -+++ b/MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.c -@@ -641,6 +641,12 @@ Decode ( - - BytesRemain--; - } -+ // -+ // Once mOutBuf is fully filled, directly return -+ // -+ if (Sd->mOutBuf >= Sd->mOrigSize) { -+ goto Done; -+ } - } - } - --- -1.8.3.1 - diff --git a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-Add-EXCLUSIVE-attribute-when.patch b/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-Add-EXCLUSIVE-attribute-when.patch deleted file mode 100644 index 5c526b2..0000000 --- a/SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-Add-EXCLUSIVE-attribute-when.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 1f2c35936d1731da26c3ed8d002785240853a742 Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 7 Nov 2018 11:25:57 +0100 -Subject: [PATCH] NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE attribute when - opening SNP protocol installed by PXE. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Message-id: <20181107102557.9106-2-lersek@redhat.com> -Patchwork-id: 82937 -O-Subject: [RHEL8 edk2 PATCH 1/1] NetworkPkg: UefiPxeBcDxe: Add EXCLUSIVE - attribute when opening SNP protocol installed by PXE. -Bugzilla: 1643377 -Acked-by: Vitaly Kuznetsov -Acked-by: Philippe Mathieu-Daudé - -From: "edk2-devel-bounces@lists.01.org" - ---v-- RHEL8 note start --v-- - -Please see the analysis for this backport in - through -. - -There was a trivial conflict to resolve while cherry-picking the upstream -commit; please refer to -. - ---^-- RHEL8 note end --^-- - -Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1152 - -v2: Sync the same logic to Ipv6 and update code comments. - -The PXE driver installs a SNP and open this SNP with attribute BY_DRIVER -to avoid it being opened by MNP driver, this SNP is also expected not to -be opened by other drivers with EXCLUSIVE attribute. In some cases, other -drivers may happen to do this by error, and thus cause a system crash. -This patch adds EXCLUSIVE attribute when opening SNP in PXE driver, and -will reject all OpenProtocol requests by EXCLUSIVE. - -Cc: Subramanian, Sriram -Cc: Ye Ting -Cc: Fu Siyuan -Cc: Wu Jiaxin -Contributed-under: TianoCore Contribution Agreement 1.1 -Signed-off-by: Wang Fan -Reviewed-by: Sriram Subramanian -Reviewed-by: Fu Siyuan -Reviewed-by: Wu Jiaxin -(cherry picked from commit cde5a72d365eff5b02b8330fef1c8d36fced08eb) -Signed-off-by: Laszlo Ersek ---- - NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c -index 8dd787b..437cd6f 100644 ---- a/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c -+++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDriver.c -@@ -814,7 +814,7 @@ PxeBcCreateIp4Children ( - } - - // -- // Open SNP on the child handle BY_DRIVER. It will prevent any additionally -+ // Open SNP on the child handle BY_DRIVER|EXCLUSIVE. It will prevent any additionally - // layering to perform the experiment. - // - Status = gBS->OpenProtocol ( -@@ -823,7 +823,7 @@ PxeBcCreateIp4Children ( - (VOID **) &Snp, - This->DriverBindingHandle, - Private->Ip4Nic->Controller, -- EFI_OPEN_PROTOCOL_BY_DRIVER -+ EFI_OPEN_PROTOCOL_BY_DRIVER|EFI_OPEN_PROTOCOL_EXCLUSIVE - ); - if (EFI_ERROR (Status)) { - goto ON_ERROR; -@@ -1157,7 +1157,7 @@ PxeBcCreateIp6Children ( - } - - // -- // Open SNP on the child handle BY_DRIVER. It will prevent any additionally -+ // Open SNP on the child handle BY_DRIVER|EXCLUSIVE. It will prevent any additionally - // layering to perform the experiment. - // - Status = gBS->OpenProtocol ( -@@ -1166,7 +1166,7 @@ PxeBcCreateIp6Children ( - (VOID **) &Snp, - This->DriverBindingHandle, - Private->Ip6Nic->Controller, -- EFI_OPEN_PROTOCOL_BY_DRIVER -+ EFI_OPEN_PROTOCOL_BY_DRIVER|EFI_OPEN_PROTOCOL_EXCLUSIVE - ); - if (EFI_ERROR (Status)) { - goto ON_ERROR; --- -1.8.3.1 - diff --git a/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch b/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch new file mode 100644 index 0000000..59cc788 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch @@ -0,0 +1,198 @@ +From 71c39f0fb0b9a3e9856cebc58ef3812752fd07cc Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 4 Jun 2019 11:06:45 +0200 +Subject: [PATCH 3/3] OvmfPkg/PlatformPei: set 32-bit UC area at PciBase / + PciExBarBase (pc/q35) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190604090645.2847-4-lersek@redhat.com> +Patchwork-id: 88483 +O-Subject: [RHEL-8.1.0 edk2 PATCH v2 3/3] OvmfPkg/PlatformPei: set 32-bit UC + area at PciBase / PciExBarBase (pc/q35) +Bugzilla: 1666941 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +(This is a replacement for commit 39b9a5ffe661 ("OvmfPkg/PlatformPei: fix +MTRR for low-RAM sizes that have many bits clear", 2019-05-16).) + +Reintroduce the same logic as seen in commit 39b9a5ffe661 for the pc +(i440fx) board type. + +For q35, the same approach doesn't work any longer, given that (a) we'd +like to keep the PCIEXBAR in the platform DSC a fixed-at-build PCD, and +(b) QEMU expects the PCIEXBAR to reside at a lower address than the 32-bit +PCI MMIO aperture. + +Therefore, introduce a helper function for determining the 32-bit +"uncacheable" (MMIO) area base address: + +- On q35, this function behaves statically. Furthermore, the MTRR setup + exploits that the range [0xB000_0000, 0xFFFF_FFFF] can be marked UC with + just two variable MTRRs (one at 0xB000_0000 (size 256MB), another at + 0xC000_0000 (size 1GB)). + +- On pc (i440fx), the function behaves dynamically, implementing the same + logic as commit 39b9a5ffe661 did. The PciBase value is adjusted to the + value calculated, similarly to commit 39b9a5ffe661. A further + simplification is that we show that the UC32 area size truncation to a + whole power of two automatically guarantees a >=2GB base address. + +Cc: Ard Biesheuvel +Cc: Gerd Hoffmann +Cc: Jordan Justen +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Acked-by: Ard Biesheuvel +(cherry picked from commit 49edde15230a5bfd6746225eb95535eaa2ec1ba4) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/PlatformPei/MemDetect.c | 59 ++++++++++++++++++++++++++++++++++++++--- + OvmfPkg/PlatformPei/Platform.c | 5 +++- + OvmfPkg/PlatformPei/Platform.h | 7 +++++ + 3 files changed, 66 insertions(+), 5 deletions(-) + +diff --git a/OvmfPkg/PlatformPei/MemDetect.c b/OvmfPkg/PlatformPei/MemDetect.c +index 2f9e835..0c38b70 100644 +--- a/OvmfPkg/PlatformPei/MemDetect.c ++++ b/OvmfPkg/PlatformPei/MemDetect.c +@@ -20,6 +20,7 @@ Module Name: + // The package level header files this module uses + // + #include ++#include + #include + #include + +@@ -48,6 +49,8 @@ STATIC UINT32 mS3AcpiReservedMemorySize; + + STATIC UINT16 mQ35TsegMbytes; + ++UINT32 mQemuUc32Base; ++ + VOID + Q35TsegMbytesInitialization ( + VOID +@@ -104,6 +107,54 @@ Q35TsegMbytesInitialization ( + } + + ++VOID ++QemuUc32BaseInitialization ( ++ VOID ++ ) ++{ ++ UINT32 LowerMemorySize; ++ UINT32 Uc32Size; ++ ++ if (mXen) { ++ return; ++ } ++ ++ if (mHostBridgeDevId == INTEL_Q35_MCH_DEVICE_ID) { ++ // ++ // On q35, the 32-bit area that we'll mark as UC, through variable MTRRs, ++ // starts at PcdPciExpressBaseAddress. The platform DSC is responsible for ++ // setting PcdPciExpressBaseAddress such that describing the ++ // [PcdPciExpressBaseAddress, 4GB) range require a very small number of ++ // variable MTRRs (preferably 1 or 2). ++ // ++ ASSERT (FixedPcdGet64 (PcdPciExpressBaseAddress) <= MAX_UINT32); ++ mQemuUc32Base = (UINT32)FixedPcdGet64 (PcdPciExpressBaseAddress); ++ return; ++ } ++ ++ ASSERT (mHostBridgeDevId == INTEL_82441_DEVICE_ID); ++ // ++ // On i440fx, start with the [LowerMemorySize, 4GB) range. Make sure one ++ // variable MTRR suffices by truncating the size to a whole power of two, ++ // while keeping the end affixed to 4GB. This will round the base up. ++ // ++ LowerMemorySize = GetSystemMemorySizeBelow4gb (); ++ Uc32Size = GetPowerOfTwo32 ((UINT32)(SIZE_4GB - LowerMemorySize)); ++ mQemuUc32Base = (UINT32)(SIZE_4GB - Uc32Size); ++ // ++ // Assuming that LowerMemorySize is at least 1 byte, Uc32Size is at most 2GB. ++ // Therefore mQemuUc32Base is at least 2GB. ++ // ++ ASSERT (mQemuUc32Base >= BASE_2GB); ++ ++ if (mQemuUc32Base != LowerMemorySize) { ++ DEBUG ((DEBUG_VERBOSE, "%a: rounded UC32 base from 0x%x up to 0x%x, for " ++ "an UC32 size of 0x%x\n", __FUNCTION__, LowerMemorySize, mQemuUc32Base, ++ Uc32Size)); ++ } ++} ++ ++ + /** + Iterate over the RAM entries in QEMU's fw_cfg E820 RAM map that start outside + of the 32-bit address range. +@@ -694,11 +745,11 @@ QemuInitializeRam ( + ASSERT_EFI_ERROR (Status); + + // +- // Set memory range from the "top of lower RAM" (RAM below 4GB) to 4GB as +- // uncacheable ++ // Set the memory range from the start of the 32-bit MMIO area (32-bit PCI ++ // MMIO aperture on i440fx, PCIEXBAR on q35) to 4GB as uncacheable. + // +- Status = MtrrSetMemoryAttribute (LowerMemorySize, +- SIZE_4GB - LowerMemorySize, CacheUncacheable); ++ Status = MtrrSetMemoryAttribute (mQemuUc32Base, SIZE_4GB - mQemuUc32Base, ++ CacheUncacheable); + ASSERT_EFI_ERROR (Status); + } + } +diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c +index 64b8034..de19f5c 100644 +--- a/OvmfPkg/PlatformPei/Platform.c ++++ b/OvmfPkg/PlatformPei/Platform.c +@@ -197,7 +197,8 @@ MemMapInitialization ( + ASSERT (PciExBarBase <= MAX_UINT32 - SIZE_256MB); + PciBase = (UINT32)(PciExBarBase + SIZE_256MB); + } else { +- PciBase = (TopOfLowRam < BASE_2GB) ? BASE_2GB : TopOfLowRam; ++ ASSERT (TopOfLowRam <= mQemuUc32Base); ++ PciBase = mQemuUc32Base; + } + + // +@@ -656,6 +657,8 @@ InitializePlatform ( + + PublishPeiMemory (); + ++ QemuUc32BaseInitialization (); ++ + InitializeRamRegions (); + + if (mXen) { +diff --git a/OvmfPkg/PlatformPei/Platform.h b/OvmfPkg/PlatformPei/Platform.h +index b12a5c1..2b486ce 100644 +--- a/OvmfPkg/PlatformPei/Platform.h ++++ b/OvmfPkg/PlatformPei/Platform.h +@@ -69,6 +69,11 @@ GetSystemMemorySizeBelow4gb ( + ); + + VOID ++QemuUc32BaseInitialization ( ++ VOID ++ ); ++ ++VOID + InitializeRamRegions ( + VOID + ); +@@ -120,4 +125,6 @@ extern UINT32 mMaxCpuCount; + + extern UINT16 mHostBridgeDevId; + ++extern UINT32 mQemuUc32Base; ++ + #endif // _PLATFORM_PEI_H_INCLUDED_ +-- +1.8.3.1 + diff --git a/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch b/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch new file mode 100644 index 0000000..7bfe17c --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch @@ -0,0 +1,75 @@ +From aaaedc1e2cfd55ef003fb1b5a37c73a196b26dc7 Mon Sep 17 00:00:00 2001 +From: Philippe Mathieu-Daude +Date: Thu, 1 Aug 2019 20:43:48 +0200 +Subject: [PATCH 2/3] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on + Aarch64 silent builds (RH only) + +Message-id: <20190801184349.28512-3-philmd@redhat.com> +Patchwork-id: 89861 +O-Subject: [RHEL-8.1.0 edk2 PATCH v4 2/3] OvmfPkg: QemuRamfbDxe: Do not report + DXE failure on Aarch64 silent builds (RH only) +Bugzilla: 1714446 +Acked-by: Andrew Jones +Acked-by: Laszlo Ersek + +To suppress an error message on the silent build when ramfb is +not configured, change QemuRamfbDxe to return EFI_SUCCESS even +when it fails. +Some memory is wasted (driver stays resident without +any good use), but it is mostly harmless, as the memory +is released by the OS after ExitBootServices(). + +Suggested-by: Laszlo Ersek +Signed-off-by: Philippe Mathieu-Daude +--- + OvmfPkg/QemuRamfbDxe/QemuRamfb.c | 14 ++++++++++++++ + OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf | 1 + + 2 files changed, 15 insertions(+) + +diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c +index b49f2ca..c27e55f 100644 +--- a/OvmfPkg/QemuRamfbDxe/QemuRamfb.c ++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfb.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -249,6 +250,19 @@ InitializeQemuRamfb ( + + Status = QemuFwCfgFindFile ("etc/ramfb", &mRamfbFwCfgItem, &FwCfgSize); + if (EFI_ERROR (Status)) { ++#if defined (MDE_CPU_AARCH64) ++ // ++ // RHBZ#1714446 ++ // If no ramfb device was configured, this platform DXE driver should ++ // returns EFI_NOT_FOUND, so the DXE Core can unload it. However, even ++ // using a silent build, an error message is issued to the guest console. ++ // Since this confuse users, return success and stay resident. The wasted ++ // guest RAM still gets freed later after ExitBootServices(). ++ // ++ if (GetDebugPrintErrorLevel () == DEBUG_ERROR) { ++ return EFI_SUCCESS; ++ } ++#endif + return EFI_NOT_FOUND; + } + if (FwCfgSize != sizeof (RAMFB_CONFIG)) { +diff --git a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +index 013edef..f9e24cb 100644 +--- a/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf ++++ b/OvmfPkg/QemuRamfbDxe/QemuRamfbDxe.inf +@@ -36,6 +36,7 @@ + BaseLib + BaseMemoryLib + DebugLib ++ DebugPrintErrorLevelLib + DevicePathLib + FrameBufferBltLib + MemoryAllocationLib +-- +1.8.3.1 + diff --git a/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch b/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch new file mode 100644 index 0000000..4aae125 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch @@ -0,0 +1,109 @@ +From d362291ada9ee22316e3c069dc788c4c801b0796 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 4 Jun 2019 11:06:44 +0200 +Subject: [PATCH 2/3] OvmfPkg: raise the PCIEXBAR base to 2816 MB on Q35 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Message-id: <20190604090645.2847-3-lersek@redhat.com> +Patchwork-id: 88481 +O-Subject: [RHEL-8.1.0 edk2 PATCH v2 2/3] OvmfPkg: raise the PCIEXBAR base to + 2816 MB on Q35 +Bugzilla: 1666941 +Acked-by: Philippe Mathieu-Daudé +Acked-by: Vitaly Kuznetsov + +(This is a replacement for commit 75136b29541b, "OvmfPkg/PlatformPei: +reorder the 32-bit PCI window vs. the PCIEXBAR on q35", 2019-05-16). + +Commit 7b8fe63561b4 ("OvmfPkg: PlatformPei: enable PCIEXBAR (aka MMCONFIG +/ ECAM) on Q35", 2016-03-10) claimed that, + + On Q35 machine types that QEMU intends to support in the long term, QEMU + never lets the RAM below 4 GB exceed 2 GB. + +Alas, this statement came from a misunderstanding that occurred while we +worked out the interface contract. In fact QEMU does allow the 32-bit RAM +extend up to 0xB000_0000 (exclusive), in case the RAM size falls in the +range (0x8000_0000, 0xB000_0000) (i.e., the RAM size is greater than +2048MB and smaller than 2816MB). + +In turn, such a RAM size (justifiedly) triggers + + ASSERT (TopOfLowRam <= PciExBarBase); + +in MemMapInitialization(), because we placed the 256MB PCIEXBAR at +0x8000_0000 (2GB) exactly, relying on the interface contract. (And, the +32-bit PCI window would follow the PCIEXBAR, covering the [0x9000_0000, +0xFC00_0000) range.) + +In order to fix this, place the PCIEXBAR at 2816MB (0xB000_0000), and +start the 32-bit PCI window at 3 GB (0xC000_0000). This shrinks the 32-bit +PCI window to + + 0xFC00_0000 - 0xC000_0000 = 0x3C00_0000 = 960 MB. + +Cc: Ard Biesheuvel +Cc: Gerd Hoffmann +Cc: Jordan Justen +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1859 +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daude +Acked-by: Ard Biesheuvel +(cherry picked from commit b07de0974b65a6a393c2d477427d1d6c7acce002) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/OvmfPkgIa32.dsc | 4 ++-- + OvmfPkg/OvmfPkgIa32X64.dsc | 4 ++-- + OvmfPkg/OvmfPkgX64.dsc | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc +index bbf5e38..cf5f2ea 100644 +--- a/OvmfPkg/OvmfPkgIa32.dsc ++++ b/OvmfPkg/OvmfPkgIa32.dsc +@@ -497,8 +497,8 @@ + # the PCIEXBAR register. + # + # On Q35 machine types that QEMU intends to support in the long term, QEMU +- # never lets the RAM below 4 GB exceed 2 GB. +- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 ++ # never lets the RAM below 4 GB exceed 2816 MB. ++ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 +diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc +index 3ec1b91..5a24065 100644 +--- a/OvmfPkg/OvmfPkgIa32X64.dsc ++++ b/OvmfPkg/OvmfPkgIa32X64.dsc +@@ -502,8 +502,8 @@ + # the PCIEXBAR register. + # + # On Q35 machine types that QEMU intends to support in the long term, QEMU +- # never lets the RAM below 4 GB exceed 2 GB. +- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 ++ # never lets the RAM below 4 GB exceed 2816 MB. ++ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 +diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc +index ea54b4b..6ab50c9 100644 +--- a/OvmfPkg/OvmfPkgX64.dsc ++++ b/OvmfPkg/OvmfPkgX64.dsc +@@ -502,8 +502,8 @@ + # the PCIEXBAR register. + # + # On Q35 machine types that QEMU intends to support in the long term, QEMU +- # never lets the RAM below 4 GB exceed 2 GB. +- gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0x80000000 ++ # never lets the RAM below 4 GB exceed 2816 MB. ++ gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xB0000000 + + !ifdef $(SOURCE_DEBUG_ENABLE) + gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2 +-- +1.8.3.1 + diff --git a/SOURCES/edk2-aarch64-verbose.json b/SOURCES/edk2-aarch64-verbose.json new file mode 100644 index 0000000..ceec878 --- /dev/null +++ b/SOURCES/edk2-aarch64-verbose.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines, verbose logs", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + "verbose-static" + ], + "tags": [ + + ] +} diff --git a/SOURCES/edk2-aarch64.json b/SOURCES/edk2-aarch64.json new file mode 100644 index 0000000..c5a73cb --- /dev/null +++ b/SOURCES/edk2-aarch64.json @@ -0,0 +1,31 @@ +{ + "description": "UEFI firmware for ARM64 virtual machines", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/aarch64/QEMU_EFI-silent-pflash.raw", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "aarch64", + "machines": [ + "virt-*" + ] + } + ], + "features": [ + + ], + "tags": [ + + ] +} diff --git a/SOURCES/edk2-advertise-OpenSSL-due-to-IPv6-enablement-too-RHEL-on.patch b/SOURCES/edk2-advertise-OpenSSL-due-to-IPv6-enablement-too-RHEL-on.patch deleted file mode 100644 index 250879f..0000000 --- a/SOURCES/edk2-advertise-OpenSSL-due-to-IPv6-enablement-too-RHEL-on.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 02ed2c501cdd56e9c404bdc8eac0abb9dfd5a04c Mon Sep 17 00:00:00 2001 -From: Laszlo Ersek -Date: Wed, 18 Jul 2018 00:18:20 +0200 -Subject: [PATCH 4/6] advertise OpenSSL due to IPv6 enablement too (RHEL only) - -Message-id: <20180717221822.13110-4-lersek@redhat.com> -Patchwork-id: 81378 -O-Subject: [RHEL8/virt212 edk2 PATCH 3/5] advertise OpenSSL due to IPv6 - enablement too (RHEL only) -Bugzilla: 1536627 -Acked-by: Paolo Bonzini -Acked-by: Wei Huang - -With "-D NETWORK_IP6_ENABLE", we pull the IPv6-enabled IScsiDxe driver -into the edk2-ovmf and edk2-aarch64 builds. That driver depends on OpenSSL -(the crypto part only, not the ssl part). Accordingly, extend our -(downstream-only) OpenSSL advertisment to NETWORK_IP6_ENABLE. - -(At the next rebase, this patch will be squashed into commit "advertise -OpenSSL on TianoCore splash screen / boot logo (RHEL only)".) - -Signed-off-by: Laszlo Ersek ---- - ArmVirtPkg/ArmVirtQemu.dsc | 2 +- - ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 2 +- - ArmVirtPkg/ArmVirtQemuKernel.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.dsc | 2 +- - OvmfPkg/OvmfPkgIa32.fdf | 2 +- - OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- - OvmfPkg/OvmfPkgIa32X64.fdf | 2 +- - OvmfPkg/OvmfPkgX64.dsc | 2 +- - OvmfPkg/OvmfPkgX64.fdf | 2 +- - 9 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc -index 41ff17d..7091b6c 100644 ---- a/ArmVirtPkg/ArmVirtQemu.dsc -+++ b/ArmVirtPkg/ArmVirtQemu.dsc -@@ -332,7 +332,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - MdeModulePkg/Logo/LogoDxe.inf -diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -index 82d9cbd..a3f5fa9 100644 ---- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc -@@ -201,7 +201,7 @@ READ_LOCK_STATUS = TRUE - # - # TianoCore logo (splash screen) - # --!if $(SECURE_BOOT_ENABLE) == TRUE -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - INF MdeModulePkg/Logo/LogoDxe.inf -diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc -index 83fc12f..5730633 100644 ---- a/ArmVirtPkg/ArmVirtQemuKernel.dsc -+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc -@@ -315,7 +315,7 @@ - MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf - MdeModulePkg/Universal/DriverHealthManagerDxe/DriverHealthManagerDxe.inf - MdeModulePkg/Universal/BdsDxe/BdsDxe.inf --!if $(SECURE_BOOT_ENABLE) == TRUE -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc -index f6d7833..bef8df9 100644 ---- a/OvmfPkg/OvmfPkgIa32.dsc -+++ b/OvmfPkg/OvmfPkgIa32.dsc -@@ -688,7 +688,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf -index 73007dd..43f80cd 100644 ---- a/OvmfPkg/OvmfPkgIa32.fdf -+++ b/OvmfPkg/OvmfPkgIa32.fdf -@@ -297,7 +297,7 @@ INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf - !endif - !endif - --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - INF MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc -index d6e628b..2085848 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.dsc -+++ b/OvmfPkg/OvmfPkgIa32X64.dsc -@@ -697,7 +697,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf -index 116b3c6..d858012 100644 ---- a/OvmfPkg/OvmfPkgIa32X64.fdf -+++ b/OvmfPkg/OvmfPkgIa32X64.fdf -@@ -298,7 +298,7 @@ INF RuleOverride = BINARY USE = X64 EdkShellBinPkg/FullShell/FullShell.inf - !endif - !endif - --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - INF MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc -index a9fe89c..7bcb9fa 100644 ---- a/OvmfPkg/OvmfPkgX64.dsc -+++ b/OvmfPkg/OvmfPkgX64.dsc -@@ -695,7 +695,7 @@ - NULL|IntelFrameworkModulePkg/Library/LegacyBootManagerLib/LegacyBootManagerLib.inf - !endif - } --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - MdeModulePkg/Logo/LogoDxe.inf -diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf -index 84d5845..41ce2d0 100644 ---- a/OvmfPkg/OvmfPkgX64.fdf -+++ b/OvmfPkg/OvmfPkgX64.fdf -@@ -298,7 +298,7 @@ INF RuleOverride = BINARY EdkShellBinPkg/FullShell/FullShell.inf - !endif - !endif - --!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) -+!if ($(SECURE_BOOT_ENABLE) == TRUE) || ($(NETWORK_IP6_ENABLE) == TRUE) || ($(TLS_ENABLE) == TRUE) - INF MdeModulePkg/Logo/LogoOpenSSLDxe.inf - !else - INF MdeModulePkg/Logo/LogoDxe.inf --- -1.8.3.1 - diff --git a/SOURCES/edk2-ovmf-sb.json b/SOURCES/edk2-ovmf-sb.json new file mode 100644 index 0000000..a0203e8 --- /dev/null +++ b/SOURCES/edk2-ovmf-sb.json @@ -0,0 +1,36 @@ +{ + "description": "OVMF with SB+SMM, SB enabled, MS certs enrolled", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "enrolled-keys", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SOURCES/edk2-ovmf.json b/SOURCES/edk2-ovmf.json new file mode 100644 index 0000000..74d00e3 --- /dev/null +++ b/SOURCES/edk2-ovmf.json @@ -0,0 +1,35 @@ +{ + "description": "OVMF with SB+SMM, empty varstore", + "interface-types": [ + "uefi" + ], + "mapping": { + "device": "flash", + "executable": { + "filename": "/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd", + "format": "raw" + }, + "nvram-template": { + "filename": "/usr/share/edk2/ovmf/OVMF_VARS.fd", + "format": "raw" + } + }, + "targets": [ + { + "architecture": "x86_64", + "machines": [ + "pc-q35-*" + ] + } + ], + "features": [ + "acpi-s3", + "amd-sev", + "requires-smm", + "secure-boot", + "verbose-dynamic" + ], + "tags": [ + + ] +} diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 7891d55..85fe4fd 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -1,13 +1,13 @@ ExclusiveArch: x86_64 aarch64 -%define GITDATE 20180508 -%define GITCOMMIT ee3198e672e2 +%define GITDATE 20190308 +%define GITCOMMIT 89910a39dcfd %define TOOLCHAIN GCC5 -%define OPENSSL_VER 1.1.0h +%define OPENSSL_VER 1.1.0i Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 9%{?dist}.1 +Release: 6%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD and OpenSSL and MIT @@ -19,10 +19,15 @@ URL: http://www.tianocore.org # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-fedora-264133c642cdb6fc916f1d9bba9db4cb4cd4a17c.tar.xz +Source2: openssl-fedora-d2ede125556ac99aa0faa7744c703af3f559094e.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb +Source10: edk2-aarch64-verbose.json +Source11: edk2-aarch64.json +Source12: edk2-ovmf-sb.json +Source13: edk2-ovmf.json + Patch0003: 0003-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch Patch0004: 0004-OvmfPkg-increase-max-debug-message-length-to-512-RHE.patch Patch0005: 0005-OvmfPkg-QemuVideoDxe-enable-debug-messages-in-VbeShi.patch @@ -37,62 +42,26 @@ Patch0013: 0013-ArmPlatformPkg-introduce-fixed-PCD-for-early-hello-m.patch Patch0014: 0014-ArmPlatformPkg-PrePeiCore-write-early-hello-message-.patch Patch0015: 0015-ArmVirtPkg-set-early-hello-message-RH-only.patch Patch0016: 0016-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch -Patch0017: 0017-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-QemuVide.patch -Patch0018: 0018-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch -Patch0019: 0019-OvmfPkg-PlatformBootManagerLib-connect-consoles-unco.patch -Patch0020: 0020-ArmVirtPkg-PlatformBootManagerLib-connect-Virtio-RNG.patch -Patch0021: 0021-OvmfPkg-PlatformBootManagerLib-connect-Virtio-RNG-de.patch -Patch0027: 0027-BaseTools-tools_def-add-fno-unwind-tables-to-GCC_AAR.patch -# For bz#1536627 - IPv6 enablement in OVMF -Patch35: edk2-ArmVirtPkg-unify-HttpLib-resolutions-in-ArmVirt.dsc..patch -# For bz#1536627 - IPv6 enablement in OVMF -Patch36: edk2-ArmVirtPkg-ArmVirtQemu-enable-the-IPv6-stack.patch -# For bz#1536627 - IPv6 enablement in OVMF -Patch37: edk2-advertise-OpenSSL-due-to-IPv6-enablement-too-RHEL-on.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch38: edk2-BaseTools-footer.makefile-expand-BUILD_CFLAGS-last-f.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch39: edk2-BaseTools-header.makefile-remove-c-from-BUILD_CFLAGS.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch40: edk2-BaseTools-Source-C-split-O2-to-BUILD_OPTFLAGS.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch41: edk2-BaseTools-Source-C-take-EXTRA_OPTFLAGS-from-the-call.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch42: edk2-BaseTools-Source-C-take-EXTRA_LDFLAGS-from-the-calle.patch -# For bz#1607906 - edk2-tools: Does not use RPM build flags -Patch43: edk2-BaseTools-VfrCompile-honor-EXTRA_LDFLAGS.patch -# For bz#1641436 - CVE-2018-3613 edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users [rhel-8] -Patch44: edk2-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch -# For bz#1641449 - CVE-2017-5732 edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c [rhel-8] -# For bz#1641453 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641464 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641469 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function [rhel-8] -Patch45: edk2-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch -# For bz#1641453 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641464 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641469 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function [rhel-8] -Patch46: edk2-IntelFrameworkModulePkg-Add-more-checker-in-UefiTian.patch -# For bz#1641445 - CVE-2017-5731 edk2: Privilege escalation via processing of malformed files in TianoCompress.c [rhel-8] -# For bz#1641453 - CVE-2017-5733 edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641464 - CVE-2017-5734 edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function [rhel-8] -# For bz#1641469 - CVE-2017-5735 edk2: Privilege escalation via heap-based buffer overflow in Decode() function [rhel-8] -Patch47: edk2-BaseTools-Add-more-checker-in-Decompress-algorithm-t.patch -# For bz#1643377 - Exception when grubx64.efi used for UEFI netboot -Patch48: edk2-NetworkPkg-UefiPxeBcDxe-Add-EXCLUSIVE-attribute-when.patch -# For bz#1662184 - backport fix for (theoretical?) regression introduced by earlier CVE fixes -Patch49: edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch -# For bz#1662184 - backport fix for (theoretical?) regression introduced by earlier CVE fixes -Patch50: edk2-MdePkg-BaseUefiDecompressLib-Fix-UEFI-Decompression-.patch -# For bz#1662184 - backport fix for (theoretical?) regression introduced by earlier CVE fixes -Patch51: edk2-IntelFrameworkModulePkg-Fix-UEFI-and-Tiano-Decompres.patch -# For bz#1690501 - CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-8.0.0.z] -Patch52: edk2-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch -# For bz#1690501 - CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-8.0.0.z] -Patch53: edk2-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch - - -# python2-devel and libuuid-devel are required for building tools -BuildRequires: python2-devel +Patch0017: 0017-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch +Patch0018: 0018-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch +Patch0019: 0019-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch +Patch0026: 0026-Downgrade-CryptoPkg-INF-files-to-OpenSSL-1.1.0i-RH-o.patch +# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size +Patch27: edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch +# For bz#1666941 - UEFI guest cannot boot into os when setting some special memory size +Patch28: edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch +# For bz#1714446 - edk2-aarch64 silent build is not silent enough +Patch29: edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch +# For bz#1714446 - edk2-aarch64 silent build is not silent enough +Patch30: edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch +# For bz#1714446 - edk2-aarch64 silent build is not silent enough +Patch31: edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch + + +# python3-devel and libuuid-devel are required for building tools. +# python3-devel is also needed for varstore template generation and +# verification with "ovmf-vars-generator". +BuildRequires: python3-devel BuildRequires: libuuid-devel BuildRequires: /usr/bin/iasl BuildRequires: binutils gcc git @@ -116,10 +85,6 @@ BuildRequires: qemu-kvm BuildRequires: kernel-core BuildRequires: rpmdevtools -# For orchestrating the above two steps (varstore generation and verification), -# we need to launch "ovmf-vars-generator" -- which we run on Python 3. -BuildRequires: python3-devel - %package ovmf Summary: UEFI firmware for x86_64 virtual machines BuildArch: noarch @@ -186,10 +151,7 @@ environment for the UEFI and PI specifications. This package contains sample %prep %setup -q -n edk2-%{GITCOMMIT} -# Ensure old shell and binary packages are not used -rm -rf EdkShellBinPkg -rm -rf EdkShellPkg -rm -rf FatBinPkg +# Ensure binary packages are not used rm -rf ShellBinPkg %{lua: @@ -228,16 +190,14 @@ echo "Applied $COUNT patches" rm -f $PATCHLIST cp -a -- %{SOURCE1} %{SOURCE3} . +cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} . tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x # Done by %setup, but we do not use it for the auxiliary tarballs chmod -Rf a+rX,u+w,g-w,o-w . %build -# For the time being, we need Python 2 for the build. See RHBZ 1593429 and -# . -export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 - +export PYTHON_COMMAND=%{__python3} source ./edksetup.sh make -C "$EDK_TOOLS_PATH" \ EXTRA_OPTFLAGS="%{optflags}" \ @@ -255,12 +215,13 @@ CC_FLAGS="$CC_FLAGS -D NETWORK_IP6_ENABLE" %ifarch x86_64 # Build with neither SB nor SMM; include UEFI shell. -build ${CC_FLAGS} -D FD_SIZE_4MB -a X64 -p OvmfPkg/OvmfPkgX64.dsc +build ${CC_FLAGS} -D TPM2_ENABLE -D FD_SIZE_4MB -a X64 \ + -p OvmfPkg/OvmfPkgX64.dsc # Build with SB and SMM; exclude UEFI shell. build -D SECURE_BOOT_ENABLE -D EXCLUDE_SHELL_FROM_FD ${CC_FLAGS} \ -a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc -D SMM_REQUIRE \ - -D FD_SIZE_4MB + -D TPM2_ENABLE -D FD_SIZE_4MB # Sanity check: the varstore templates must be identical. cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \ @@ -326,6 +287,7 @@ build ${CC_FLAGS} -a AARCH64 \ %install cp -a License.txt License.edk2.txt +mkdir -p $RPM_BUILD_ROOT%{_datadir}/qemu/firmware %ifarch x86_64 mkdir -p \ @@ -358,6 +320,11 @@ install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/Shell.efi \ install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/EnrollDefaultKeys.efi \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi +install -m 0644 edk2-ovmf-sb.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json +install -m 0644 edk2-ovmf.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/50-edk2-ovmf.json + %else mkdir -p \ $RPM_BUILD_ROOT%{_datadir}/AAVMF \ @@ -397,6 +364,11 @@ install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_EFI.fd \ install -m 0644 Build/ArmVirtQemu-AARCH64/DEBUG_%{TOOLCHAIN}/FV/QEMU_VARS.fd \ $RPM_BUILD_ROOT%{_datadir}/%{name}/aarch64/QEMU_VARS.fd +install -m 0644 edk2-aarch64.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/60-edk2-aarch64.json +install -m 0644 edk2-aarch64-verbose.json \ + $RPM_BUILD_ROOT%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json + %endif cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl @@ -427,6 +399,8 @@ install BaseTools/Scripts/GccBase.lds \ %license OvmfPkg/License.txt %license LICENSE.openssl %dir %{_datadir}/%{name}/ +%dir %{_datadir}/qemu +%dir %{_datadir}/qemu/firmware %ifarch x86_64 %doc OvmfPkg/README @@ -447,6 +421,8 @@ install BaseTools/Scripts/GccBase.lds \ %{_datadir}/OVMF/UefiShell.iso %{_datadir}/%{name}/ovmf/Shell.efi %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi +%{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json +%{_datadir}/qemu/firmware/50-edk2-ovmf.json %else %dir %{_datadir}/AAVMF/ @@ -460,23 +436,20 @@ install BaseTools/Scripts/GccBase.lds \ %{_datadir}/%{name}/aarch64/QEMU_EFI.fd %{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd %{_datadir}/%{name}/aarch64/QEMU_VARS.fd +%{_datadir}/qemu/firmware/60-edk2-aarch64.json +%{_datadir}/qemu/firmware/70-edk2-aarch64-verbose.json %endif %files tools %license License.txt -%{_bindir}/BootSectImage %{_bindir}/Brotli %{_bindir}/DevicePath -%{_bindir}/EfiLdrImage %{_bindir}/EfiRom %{_bindir}/GenCrc32 %{_bindir}/GenFfs %{_bindir}/GenFv %{_bindir}/GenFw -%{_bindir}/GenPage %{_bindir}/GenSec -%{_bindir}/GenVtf -%{_bindir}/GnuGenBootSector %{_bindir}/LzmaCompress %{_bindir}/LzmaF86Compress %{_bindir}/Split @@ -515,11 +488,31 @@ true %endif %changelog -* Tue Mar 26 2019 Danilo Cesar Lemes de Paula - 20180508gitee3198e672e2-9.el8_0 -- edk2-MdeModulePkg-PartitionDxe-Ensure-blocksize-holds-MBR.patch [bz#1690501] -- edk2-MdeModulePkg-RamDiskDxe-Restrict-on-RAM-disk-size-CV.patch [bz#1690501] -- Resolves: bz#1690501 - (CVE-2018-12180 edk2: Buffer Overflow in BlockIo service for RAM disk [rhel-8.0.0.z]) +* Mon Aug 05 2019 Miroslav Rezanina - 20190308git89910a39dcfd-6.el8 +- edk2-ArmVirtPkg-silence-DEBUG_VERBOSE-masking-0x00400000-.patch [bz#1714446] +- edk2-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch [bz#1714446] +- edk2-ArmPkg-DebugPeCoffExtraActionLib-debugger-commands-a.patch [bz#1714446] +- Resolves: bz#1714446 + (edk2-aarch64 silent build is not silent enough) + +* Tue Jul 02 2019 Miroslav Rezanina - 20190308git89910a39dcfd-5.el8 +- edk2-redhat-add-D-TPM2_ENABLE-to-the-edk2-ovmf-build-flag.patch [bz#1693205] +- Resolves: bz#1693205 + (edk2: Enable TPM2 support) + +* Tue Jun 11 2019 Miroslav Rezanina - 20190308git89910a39dcfd-4.el8 +- edk2-OvmfPkg-raise-the-PCIEXBAR-base-to-2816-MB-on-Q35.patch [bz#1666941] +- edk2-OvmfPkg-PlatformPei-set-32-bit-UC-area-at-PciBase-Pc.patch [bz#1666941] +- Resolves: bz#1666941 + (UEFI guest cannot boot into os when setting some special memory size) + +* Tue Apr 09 2019 Danilo Cesar Lemes de Paula - 20190308git89910a39dcfd-2.el8 +- edk2-redhat-provide-firmware-descriptor-meta-files.patch [bz#1600230] +- Resolves: bz#1600230 + ([RHEL 8.1] RFE: provide firmware descriptor meta-files for the edk2-ovmf and edk2-aarch64 firmware images) + +* Mon Apr 08 2019 Danilo Cesar Lemes de Paula - 20190308git89910a39dcfd-1.el8 +- Rebase to edk2-20190308git89910a39dcfd * Mon Jan 21 2019 Danilo Cesar Lemes de Paula - 20180508gitee3198e672e2-9.el8 - edk2-BaseTools-Fix-UEFI-and-Tiano-Decompression-logic-iss.patch [bz#1662184] @@ -534,11 +527,6 @@ true - Resolves: bz#1643377 (Exception when grubx64.efi used for UEFI netboot) -* Fri Nov 16 2018 Danilo Cesar Lemes de Paula - 20180508gitee3198e672e2-7.el8 -- Rebuilding edk2 outside the module branch -- Resolves: bz#1637650 - (Move ipxe and edk2 out of the virt module.) - * Tue Nov 06 2018 Danilo Cesar Lemes de Paula - 20180508gitee3198e672e2-5.el8 - edk2-MdeModulePkg-Variable-Fix-Timestamp-zeroing-issue-on.patch [bz#1641436] - edk2-MdePkg-Add-more-checker-in-UefiDecompressLib-to-acce.patch [bz#1641449 bz#1641453 bz#1641464 bz#1641469]