Revert "ovmf: Fix CVE-2023-45237"

This reverts commit 6f8bdaad9d22e65108f859a695277ce1b20ef7c6. his reverts commit 4c2d3e3730. The fix for CVE-2023-45237 causes ovmf firmware not support pxe boot any more and no boot item in OVMF menu such as UEFI PXEv4 (MAC address) It has not been fixed by ovmf upstream and an issue has been created on https://github.com/tianocore/tianocore.github.io/issues/82 Revert the fixes for now. (From OE-Core rev: d3f399f54042efc6f4ca2092dd11819ae1f7c51f) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-04 05:02:21 +02:00 · 2025-02-20 06:32:32 -08:00
parent ecd87254c8
commit 4b020e6514
3 changed files with 0 additions and 1368 deletions
--- a/meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0001.patch
+++ b/meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0001.patch
@@ -1,78 +0,0 @@
-From cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c Mon Sep 17 00:00:00 2001
-From: Pierre Gondois <pierre.gondois@arm.com>
-Date: Fri, 11 Aug 2023 16:33:06 +0200
-Subject: [PATCH] MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
-
-BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
-
-The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
-implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
-To allow the RngDxe to detect when such implementation is used,
-a GetRngGuid() function is added in a following patch.
-
-Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
-to describe a Rng algorithm accessed through Arm's RNDR instruction.
-[1] states that the implementation of this algorithm should be
-compliant to NIST SP900-80. The compliance is not guaranteed.
-
-[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
-sK12.1 'Properties of the generated random number'
-
-Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
-Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
-Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
-Acked-by: Ard Biesheuvel <ardb@kernel.org>
-Tested-by: Kun Qin <kun.qin@microsoft.com>
-
-CVE: CVE-2023-45237
-
-Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c]
-
-Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
---
- MdePkg/Include/Protocol/Rng.h | 10 ++++++++++
- MdePkg/MdePkg.dec             |  1 +
- 2 files changed, 11 insertions(+)
-
-diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h
-index baf425587b..38bde53240 100644
--- a/MdePkg/Include/Protocol/Rng.h
-+++ b/MdePkg/Include/Protocol/Rng.h
-@@ -67,6 +67,15 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
-   { \
-     0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \
-   }
-+///
-+/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant
-+/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be
-+/// inclusive of different geographies.
-+///
-+#define EFI_RNG_ALGORITHM_ARM_RNDR \
-+  { \
-+    0x43d2fde3, 0x9d4e, 0x4d79,  {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \
-+  }
- 
- /**
-   Returns information about the random number generation implementation.
-@@ -146,5 +155,6 @@ extern EFI_GUID  gEfiRngAlgorithmSp80090Ctr256Guid;
- extern EFI_GUID  gEfiRngAlgorithmX9313DesGuid;
- extern EFI_GUID  gEfiRngAlgorithmX931AesGuid;
- extern EFI_GUID  gEfiRngAlgorithmRaw;
-+extern EFI_GUID  gEfiRngAlgorithmArmRndr;
- 
- #endif
-diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
-index 59b405928b..a449dbc556 100644
--- a/MdePkg/MdePkg.dec
-+++ b/MdePkg/MdePkg.dec
-@@ -594,6 +594,7 @@
-   gEfiRngAlgorithmX9313DesGuid       = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
-   gEfiRngAlgorithmX931AesGuid        = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
-   gEfiRngAlgorithmRaw                = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
-+  gEfiRngAlgorithmArmRndr            = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
- 
-   ## Include/Protocol/AdapterInformation.h
-   gEfiAdapterInfoMediaStateGuid       = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
-- 
-2.40.0
-
--- a/meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0002.patch
+++ b/meta/recipes-core/ovmf/ovmf/CVE-2023-45237-0002.patch
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -47,8 +47,6 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
           file://CVE-2023-45229-0002.patch \
           file://CVE-2023-45229-0003.patch \
           file://CVE-2023-45229-0004.patch \
-           file://CVE-2023-45237-0001.patch \
-           file://CVE-2023-45237-0002.patch \
           file://CVE-2023-45236.patch \
           file://CVE-2022-36765-0001.patch \
           file://CVE-2022-36765-0002.patch \