mirror of
https://git.yoctoproject.org/poky
synced 2026-04-24 21:32:12 +02:00
5eacd34f89
Includes patches for CVE-2023-45236, CVE-2023-45237 and CVE-2024-25742. Refreshed patches with devtool. Changes: https://github.com/tianocore/edk2/releases edk2-stable202408 Release Date 2024-08-23 New Features & Bug Fixes CryptoPkg:Add more crypto APIs (AESGCM/PEM/X509/RSA/PKCS5/PKCS7/Authenticode) based on Mbedtls CryptoPkg: Enable Openssl native instruction support for AARCH64 CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher UefiCpuPkg: S3 cleanup MdePkg/BaseLib: Add CRC16 CCITT False Implementation DynamicTablesPkg: ACPI TPM2 generator DynamicTablesPkg: Prepare for supporting other archs BaseTools: Add VS2022 support OvmfPkg: Add LoongArchVirt instance to OvmfPkg and enable it edk2-stable202405 Release Date 2024-05-24 New Features & Bug Fixes SecurityPkg:Add EFI Device Authentication Signature Database and SPDM CryptoPkg:add additional RSAES-OAEP crypto functions OvmfPkg:Add 5-level paging support OvmfPkg:SEV-SNP Support for running under an SVSM OvmfPkg:RBP register shall be cleared in TDVMCALL OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742) Add SPI bus driver stack NetworkPkg: Predictable TCP ISNs NetworkPkg: Use of a Weak PseudoRandom Number Generator UefiCpuPkg: Add new SmmRelocationLib library Bugzilla List Update Notes NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL (i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot. (From OE-Core rev: 50ae1d4afe436498b157f19e085532a6f0525d85) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>