mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-21 21:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

omvf: update from edk2-stable202402 to edk2-stable202408

Browse Source 
Includes patches for CVE-2023-45236, CVE-2023-45237 and
CVE-2024-25742. Refreshed patches with devtool.

Changes:

https://github.com/tianocore/edk2/releases

edk2-stable202408
Release Date 2024-08-23
New Features & Bug Fixes

    CryptoPkg:Add more crypto APIs (AESGCM/PEM/X509/RSA/PKCS5/PKCS7/Authenticode) based on Mbedtls
    CryptoPkg: Enable Openssl native instruction support for AARCH64
    CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher
    UefiCpuPkg: S3 cleanup
    MdePkg/BaseLib: Add CRC16 CCITT False Implementation
    DynamicTablesPkg: ACPI TPM2 generator
    DynamicTablesPkg: Prepare for supporting other archs
    BaseTools: Add VS2022 support
    OvmfPkg: Add LoongArchVirt instance to OvmfPkg and enable it

edk2-stable202405

Release Date 2024-05-24
New Features & Bug Fixes

    SecurityPkg:Add EFI Device Authentication Signature Database and SPDM
    CryptoPkg:add additional RSAES-OAEP crypto functions
    OvmfPkg:Add 5-level paging support
    OvmfPkg:SEV-SNP Support for running under an SVSM
    OvmfPkg:RBP register shall be cleared in TDVMCALL
    OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742)
    Add SPI bus driver stack
    NetworkPkg: Predictable TCP ISNs
    NetworkPkg: Use of a Weak PseudoRandom Number Generator
    UefiCpuPkg: Add new SmmRelocationLib library

Bugzilla List
Update Notes

    NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL
    (i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot.

(From OE-Core rev: 50ae1d4afe436498b157f19e085532a6f0525d85)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Mikko Rapeli
2024-09-10 15:21:28 +03:00
committed by Richard Purdie
parent c66e272cd8
commit 5eacd34f89
5 changed files with 28 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
meta/recipes-core/ovmf/ovmf/0001-ovmf-update-path-to-native-BaseTools.patch
View File

@@ -1,7 +1,7 @@
From d8df6b6433351763e1db791dd84d432983d2b249 Mon Sep 17 00:00:00 2001
From 5f52c2582ae2226ef324332e352bb4c51b597656 Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Thu, 9 Jun 2016 02:23:01 -0700
Subject: [PATCH 1/4] ovmf: update path to native BaseTools
Subject: [PATCH] ovmf: update path to native BaseTools
BaseTools is a set of utilities to build EDK-based firmware. These utilities
are used during the build process. Thus, they need to be built natively.
@@ -16,7 +16,7 @@ Upstream-Status: Inappropriate [oe-core cross compile specific]
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/OvmfPkg/build.sh b/OvmfPkg/build.sh
index b0334fb76e..094f86f096 100755
index 279f0d099a..285f061bf4 100755
--- a/OvmfPkg/build.sh
+++ b/OvmfPkg/build.sh
@@ -24,7 +24,7 @@ then
@@ -28,6 +28,3 @@ index b0334fb76e..094f86f096 100755
echo $EDK_TOOLS_PATH
source edksetup.sh BaseTools
else
--
2.30.2

5
meta/recipes-core/ovmf/ovmf/0002-BaseTools-makefile-adjust-to-build-in-under-bitbake.patch
View File

@@ -1,4 +1,4 @@
From ac9df4fb92965f1f95a5bdbde5f2f86d0c569711 Mon Sep 17 00:00:00 2001
From 7cf91acf8a19a8052d05e272fad9f7e2f5b9597e Mon Sep 17 00:00:00 2001
From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
Date: Fri, 26 Jul 2019 17:34:26 -0400
Subject: [PATCH] BaseTools: makefile: adjust to build in under bitbake
@@ -64,6 +64,3 @@ index d369908a09..22c670f316 100644
ifeq ($(HOST_ARCH), IA32)
#
# Snow Leopard is a 32-bit and 64-bit environment. uname -m returns i386, but gcc defaults
--
2.30.2

27
meta/recipes-core/ovmf/ovmf/0003-debug-prefix-map.patch
View File

@@ -1,7 +1,7 @@
From 03e536b20d0b72cf078052f6748de8df3836625c Mon Sep 17 00:00:00 2001
From 415beee5adacae425f725cf9910784a0cdfa17dc Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:56:28 +0200
Subject: [PATCH 3/4] debug prefix map
Subject: [PATCH] debug prefix map
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
@@ -22,19 +22,19 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index 503a6687c1..10ac38ef9e 100755
index 76aaae7261..4829d5cd5d 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -739,7 +739,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
@@ -894,7 +894,7 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
*_*_*_DTCPP_PATH = DEF(DTCPP_BIN)
*_*_*_DTC_PATH = DEF(DTC_BIN)
-DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
+DEFINE GCC_ALL_CC_FLAGS = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common ENV(GCC_PREFIX_MAP)
DEFINE GCC_ARM_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -fno-plt -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_LOONGARCH64_CC_FLAGS = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
DEFINE GCC_ARM_CC_XIPFLAGS = -mno-unaligned-access
@@ -759,8 +759,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
@@ -915,8 +915,8 @@ DEFINE GCC_ARM_ASLDLINK_FLAGS = DEF(GCC_ARM_DLINK_FLAGS) -Wl,--entry,Refere
DEFINE GCC_AARCH64_ASLDLINK_FLAGS = DEF(GCC_AARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT) DEF(GCC_ARM_AARCH64_ASLDLINK_FLAGS)
DEFINE GCC_LOONGARCH64_ASLDLINK_FLAGS = DEF(GCC_LOONGARCH64_DLINK_FLAGS) -Wl,--entry,ReferenceAcpiTable -u $(IMAGE_ENTRY_POINT)
DEFINE GCC_IA32_X64_DLINK_FLAGS = DEF(GCC_IA32_X64_DLINK_COMMON) --entry _$(IMAGE_ENTRY_POINT) --file-alignment 0x20 --section-alignment 0x20 -Map $(DEST_DIR_DEBUG)/$(BASE_NAME).map
@@ -45,7 +45,7 @@ index 503a6687c1..10ac38ef9e 100755
DEFINE GCC_VFRPP_FLAGS = -x c -E -P -DVFRCOMPILE --include $(MODULE_NAME)StrDefs.h
DEFINE GCC_ASLPP_FLAGS = -x c -E -include AutoGen.h
DEFINE GCC_ASLCC_FLAGS = -x c
@@ -913,7 +913,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
@@ -1069,7 +1069,7 @@ DEFINE GCC5_LOONGARCH64_PP_FLAGS = -mabi=lp64d -march=loongarch64 DEF(
*_GCC48_IA32_DLINK2_FLAGS = DEF(GCC48_IA32_DLINK2_FLAGS)
*_GCC48_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC48_IA32_OBJCOPY_FLAGS =
@@ -54,7 +54,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS)
RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set-variable
@@ -941,7 +941,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
@@ -1097,7 +1097,7 @@ RELEASE_GCC48_IA32_CC_FLAGS = DEF(GCC48_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC48_X64_DLINK2_FLAGS = DEF(GCC48_X64_DLINK2_FLAGS)
*_GCC48_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC48_X64_OBJCOPY_FLAGS =
@@ -63,7 +63,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS)
RELEASE_GCC48_X64_CC_FLAGS = DEF(GCC48_X64_CC_FLAGS) -Wno-unused-but-set-variable
@@ -1050,7 +1050,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
@@ -1206,7 +1206,7 @@ RELEASE_GCC48_AARCH64_CC_FLAGS = DEF(GCC48_AARCH64_CC_FLAGS) -Wno-unused-but-s
*_GCC49_IA32_DLINK2_FLAGS = DEF(GCC49_IA32_DLINK2_FLAGS)
*_GCC49_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC49_IA32_OBJCOPY_FLAGS =
@@ -72,7 +72,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS)
RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
@@ -1078,7 +1078,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
@@ -1234,7 +1234,7 @@ RELEASE_GCC49_IA32_CC_FLAGS = DEF(GCC49_IA32_CC_FLAGS) -Wno-unused-but-set
*_GCC49_X64_DLINK2_FLAGS = DEF(GCC49_X64_DLINK2_FLAGS)
*_GCC49_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC49_X64_OBJCOPY_FLAGS =
@@ -81,7 +81,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS)
RELEASE_GCC49_X64_CC_FLAGS = DEF(GCC49_X64_CC_FLAGS) -Wno-unused-but-set-variable -Wno-unused-const-variable
@@ -1337,7 +1337,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
@@ -1493,7 +1493,7 @@ RELEASE_GCCNOLTO_AARCH64_DLINK_XIPFLAGS = -z common-page-size=0x20
*_GCC5_IA32_DLINK2_FLAGS = DEF(GCC5_IA32_DLINK2_FLAGS) -no-pie
*_GCC5_IA32_RC_FLAGS = DEF(GCC_IA32_RC_FLAGS)
*_GCC5_IA32_OBJCOPY_FLAGS =
@@ -90,7 +90,7 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC5_IA32_CC_FLAGS = DEF(GCC5_IA32_CC_FLAGS) -flto
DEBUG_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,-m,elf_i386,--oformat=elf32-i386
@@ -1369,7 +1369,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
@@ -1525,7 +1525,7 @@ RELEASE_GCC5_IA32_DLINK_FLAGS = DEF(GCC5_IA32_X64_DLINK_FLAGS) -flto -Os -Wl,
*_GCC5_X64_DLINK2_FLAGS = DEF(GCC5_X64_DLINK2_FLAGS)
*_GCC5_X64_RC_FLAGS = DEF(GCC_X64_RC_FLAGS)
*_GCC5_X64_OBJCOPY_FLAGS =
@@ -99,6 +99,3 @@ index 503a6687c1..10ac38ef9e 100755
DEBUG_GCC5_X64_CC_FLAGS = DEF(GCC5_X64_CC_FLAGS) -flto -DUSING_LTO
DEBUG_GCC5_X64_DLINK_FLAGS = DEF(GCC5_X64_DLINK_FLAGS) -flto -Os
--
2.30.2

23
meta/recipes-core/ovmf/ovmf/0004-reproducible.patch
View File

@@ -1,7 +1,7 @@
From c59850367a190d70dec43e0a66f399a4d8a5ffed Mon Sep 17 00:00:00 2001
From f4ba093ea8a8a8c333c08605b3a6ff1c82712613 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 14 Jun 2021 19:57:30 +0200
Subject: [PATCH 4/4] reproducible
Subject: [PATCH] reproducible
This patch fixes various things which make the build more reproducible. Some changes
here only change intermediate artefacts but that means when you have two build trees
@@ -35,10 +35,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
4 files changed, 24 insertions(+), 16 deletions(-)
diff --git a/BaseTools/Source/C/GenFw/Elf64Convert.c b/BaseTools/Source/C/GenFw/Elf64Convert.c
index 9c17c90b16..fcc7864141 100644
index 9d04fc612e..83fd6c9c05 100644
--- a/BaseTools/Source/C/GenFw/Elf64Convert.c
+++ b/BaseTools/Source/C/GenFw/Elf64Convert.c
@@ -15,6 +15,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -13,6 +13,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __GNUC__
#include <windows.h>
#include <io.h>
@@ -47,7 +47,7 @@ index 9c17c90b16..fcc7864141 100644
#endif
#include <assert.h>
#include <stdio.h>
@@ -990,7 +992,7 @@ ScanSections64 (
@@ -988,7 +990,7 @@ ScanSections64 (
}
mCoffOffset = mDebugOffset + sizeof(EFI_IMAGE_DEBUG_DIRECTORY_ENTRY) +
sizeof(EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY) +
@@ -56,7 +56,7 @@ index 9c17c90b16..fcc7864141 100644
//
// Add more space in the .debug data region for the DllCharacteristicsEx
@@ -2261,7 +2263,7 @@ WriteDebug64 (
@@ -2299,7 +2301,7 @@ WriteDebug64 (
EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY *Nb10;
EFI_IMAGE_DEBUG_EX_DLLCHARACTERISTICS_ENTRY *DllEntry;
@@ -65,7 +65,7 @@ index 9c17c90b16..fcc7864141 100644
NtHdr = (EFI_IMAGE_OPTIONAL_HEADER_UNION *)(mCoffFile + mNtHdrOffset);
DataDir = &NtHdr->Pe32Plus.OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_DEBUG];
@@ -2294,7 +2296,7 @@ WriteDebug64 (
@@ -2332,7 +2334,7 @@ WriteDebug64 (
Nb10 = (EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY*)(Dir + 1);
Nb10->Signature = CODEVIEW_SIGNATURE_NB10;
@@ -75,7 +75,7 @@ index 9c17c90b16..fcc7864141 100644
STATIC
diff --git a/BaseTools/Source/Python/AutoGen/BuildEngine.py b/BaseTools/Source/Python/AutoGen/BuildEngine.py
index 752a1a1f6a..02054cccf8 100644
index 45b39d7878..3fed7d1736 100644
--- a/BaseTools/Source/Python/AutoGen/BuildEngine.py
+++ b/BaseTools/Source/Python/AutoGen/BuildEngine.py
@@ -70,6 +70,9 @@ class TargetDescBlock(object):
@@ -89,7 +89,7 @@ index 752a1a1f6a..02054cccf8 100644
if Input not in self.Inputs:
self.Inputs.append(Input)
diff --git a/BaseTools/Source/Python/AutoGen/GenMake.py b/BaseTools/Source/Python/AutoGen/GenMake.py
index daec9c6d54..0e8cc20efe 100755
index fbd35d4989..5ddd544d17 100755
--- a/BaseTools/Source/Python/AutoGen/GenMake.py
+++ b/BaseTools/Source/Python/AutoGen/GenMake.py
@@ -575,7 +575,7 @@ cleanlib:
@@ -153,7 +153,7 @@ index daec9c6d54..0e8cc20efe 100755
if T.GenFileListMacro and T.FileListMacro not in self.FileListMacros:
self.FileListMacros[T.FileListMacro] = []
diff --git a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
index d05410b329..99b3f64aba 100755
index 65a2176ca9..318b9611ce 100755
--- a/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
+++ b/BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
@@ -1474,6 +1474,9 @@ class ModuleAutoGen(AutoGen):
@@ -175,6 +175,3 @@ index d05410b329..99b3f64aba 100755
# Ignore generating makefile when it is a binary module
if self.IsBinaryModule:
--
2.30.2

4
meta/recipes-core/ovmf/ovmf_git.bb
View File

@@ -26,8 +26,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \
file://0004-reproducible.patch \
"
PV = "edk2-stable202402"
SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768"
PV = "edk2-stable202408"
SRCREV = "b158dad150bf02879668f72ce306445250838201"
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
CVE_PRODUCT = "edk2"