packages/edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
107 Commits 1 Branch 0 Tags
Commit Graph

107 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
openeuler-ci-bot
4361ba1158
!321 [openEuler-24.03-LTS]Fix boot failure on OvmfPkg/AmdSev 
From: @hanliyang 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2025-03-17 01:26:30 +00:00
hanliyang
ca2a749250 Fix boot failure on OvmfPkg/AmdSev 
This PR backports 3 commits:

  020cc9e2e705 OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
  8b66f9df1bb0 OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
  f008890ae559 OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure during boot

from upstream to fix the regression of boot failure on OvmfPkg/AmdSev

Signed-off-by: hanliyang <hanliyang@hygon.cn>
 2025-03-13 17:44:44 +08:00
openeuler-ci-bot
175a6834c0
!318 fix some bugs for CVE-2023-45236、CVE-2023-45237 
From: @jacob1996 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2025-03-12 08:43:45 +00:00
ShenYage
16940cf319
Merge branch 'openEuler-24.03-LTS' of gitee.com:src-openeuler/edk2 into openEuler-24.03-LTS 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2025-03-10 13:35:45 +00:00
openeuler-ci-bot
981d3b037f
!300 [openEuler-24.03-LTS]Add build process for OVMF binary without option '-D SECURE_BOOT_ENABLE=TRUE' to edk2.spec 
From: @hanliyang 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2025-03-10 09:23:44 +00:00
ShenYage
47faa28f95 fix some bugs for CVE-2023-45236、CVE-2023-45237 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2025-02-28 22:15:51 +08:00
hanliyang
1ffbd1357e Hygon: support build OvmfX64 without option -D SECURE_BOOT_ENABLE=TRUE 
When building OVMF{_CODE}.fd using OvmfPkgX64.dsc and define
SECURE_BOOT_ENABLE=TRUE, the OVMF{_CODE}.fd will failure to boot the
AMD SEV/SEV-ES/SEV-SNP and Hygon CSV/CSV2/CSV3 VMs. The root cause
is that the upstream commit 4f173db8b45b ("OvmfPkg/PlatformInitLib:
Add functions for EmuVariableNvStore") rename the function from
TdxValidateCfv to PlatformValidateNvVarStore, and place the function
PlatformValidateNvVarStore to the common lib PlatformInitLib.

I have submitted a bugzilla to the community:

    https://bugzilla.tianocore.org/show_bug.cgi?id=4807

and sent partial fix patches to the mailing lists:

    https://edk2.groups.io/g/devel/message/119921?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Acreated%2C%2COvmfPkg%2FPlatformInitLib%3A+Detect+FlashNvVarStore+before+validate+it%2C20%2C2%2C0%2C107212891

I don't have a machine that supports SEV-SNP, so I ultimately can't
fully fix the issue, and the patches I sent couldn't be accepted.

In order to support boot AMD SEV... and Hygon CSV... VMs using the OVMF
from the RPM package, I modified the edk2.spec to build OVMF.fd,
OVMF_CODE.fd and OVMF_VARS.fd without the build option
' -D SECURE_BOOT_ENABLE=TRUE'.

Signed-off-by: hanliyang <hanliyang@hygon.cn>
 2025-02-28 19:30:24 +08:00
openeuler-ci-bot
ba24d73577
!306 openEuler-24.03-LTS: Fix CVE-2024-13176, CVE-2024-4741, CVE-2023-5363 
From: @dhjgty 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2025-02-26 02:58:31 +00:00
hy
3dace7f7b0 Fixes CVE-2024-13176、CVE-2024-4741、CVE-2023-5363 2025-02-25 23:44:47 +08:00
openeuler-ci-bot
14b9b01076
!293 vdpa: support vdpa blk/scsi device boot 
From: @adttil 
Reviewed-by: @hwlibai, @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-11-30 01:27:29 +00:00
openeuler-ci-bot
e84a091d67
!286 [openEuler-24.03-LTS]Hygon: Support live migration for Hygon CSV/CSV2/CSV3 guest 
From: @hanliyang 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-11-29 09:22:07 +00:00
Adttil
996e638320 vdpa: support vdpa blk/scsi device boot 2024-11-29 11:09:52 +08:00
hanliyang
8f8a38d6e0 Support live migration for Hygon CSV1/2/3 guests, fix nesting #VC 
The live migration of Hygon CSV1/2/3 guest depends on the KVM
hypercall KVM_HC_MAP_GPA_RANGE, add code to sync page enc/dec
status to KVM.

The MMIO routine of VC handler will get memory encrypt status to
validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
interrupt while interrupt must be disabled during VC. During DXE
stage, VC routine as below:
  CcExitHandleVc
    -> MemEncryptSevGetAddressRangeState
      -> MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)

Signed-off-by: hanliyang <hanliyang@hygon.cn>
 2024-10-23 18:02:32 +08:00
openeuler-ci-bot
770290b1c6
!283 Fix CVE-2023-45236、CVE-2023-45237 
From: @jacob1996 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-10-22 14:02:09 +00:00
openeuler-ci-bot
bb9d002ad8
!261 [openEuler-24.03-LTS]Hygon: Add support to run in the Hygon CSV3 guest 
From: @hanliyang 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-10-21 06:48:24 +00:00
hanliyang
42da937f6e Add support for Hygon CSV3 guest 
Signed-off-by: hanliyang <hanliyang@hygon.cn>
 2024-10-20 18:06:07 +08:00
ShenYage
d95c0c9f0f Fix CVE-2023-45236、CVE-2023-45237 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2024-10-15 23:04:06 +08:00
openeuler-ci-bot
da77f9b87e
!271 fix CVE-2024-38796 
From: @zhangxianting 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-10-14 01:17:08 +00:00
zhangxianting
e90700e1bb fix CVE-2024-38796 2024-10-09 16:00:51 +08:00
openeuler-ci-bot
9d4cbab540
!223 增加龙架构支持 
From: @yetist 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-09-18 10:08:48 +00:00
Xiaotian Wu
ec60765a8e add LoongArch support 
backport edk2-platform to build with edk2-2308

Signed-off-by: Xiaotian Wu <wuxiaotian@loongson.cn>
 2024-09-13 10:57:43 +08:00
openeuler-ci-bot
35ca8c063d
!259 fix CVE-2024-6119 
From: @jacob1996 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-09-09 14:01:14 +00:00
ShenYage
442bc876f4 Fix CVE-2024-6119 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2024-09-05 15:24:44 +08:00
openeuler-ci-bot
5dd35987e3
!242 Fix CVE-2024-5535 
From: @jacob1996 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-07-11 12:50:54 +00:00
ShenYage
f14a124daa Fix CVE-2024-5535 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2024-07-11 19:49:46 +08:00
openeuler-ci-bot
17252e229f
!232 Fix CVE-2024-1298 
From: @jacob1996 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-06-13 01:20:29 +00:00
ShenYage
3e468ca7b5 Fix CVE-2024-1298 
Signed-off-by: ShenYage <shenyage1@huawei.com>
 2024-06-11 17:48:09 +08:00
openeuler-ci-bot
2fccc7f97e
!222 make EFI_LOADER_DATA executable again 
From: @jiangdongxu1 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-04-24 08:05:45 +00:00
jiangdongxu
31c4073175 edk2.spec: make EFI_LOADER_DATA executable again 
As commit(2997ae387397) make EFI_LOADER_DATA non-executable, old
operation system using old GRUB cannot boot. As we need to support
these operation systems, make EFI_LOADER_DATA executable again.

Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
 2024-04-24 14:19:56 +08:00
openeuler-ci-bot
b25c0ec031
!216 [sync] PR-206: master分支: Fix CVE-2023-6237、CVE-2024-2511 
From: @openeuler-sync-bot 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-04-22 12:22:45 +00:00
ShenYage
d411de33f5 Fix CVE-2023-6237、CVE-2024-2511 
Signed-off-by: ShenYage <shenyage1@huawei.com>
(cherry picked from commit 591443e21eac71b083d7910220c4102648987009)
 2024-04-17 16:02:11 +08:00
openeuler-ci-bot
d82d34597a
!204 [sync] PR-191: master分支 修复CVE: CVE-2023-45229、CVE-2023-45230、CVE-2023-45231、CVE-2023-45232、CVE-2023-45233、CVE-2023-45234、CVE-2023-45235 
From: @openeuler-sync-bot 
Reviewed-by: @caojinhuajy, @caojinhuahw 
Signed-off-by: @caojinhuajy, @caojinhuahw
 2024-03-19 12:55:19 +00:00
yexiao
e237463fd2 Fix som CVE 
Fix CVE-2023-45229、CVE-2023-45230、CVE-2023-45231、CVE-2023-45232、CVE-2023-45233、CVE-2023-45234、CVE-2023-45235

Signed-off-by: yexiao <yexiao7@huawei.com>
(cherry picked from commit aa6a1dc11863945714f63746d5f1159ed3ede3e7)
 2024-03-18 10:53:43 +08:00
openeuler-ci-bot
4dacfd3333
!202 [sync] PR-187: master分支 修复CVE: CVE-2022-36763、CVE-2022-36764、CVE-2022-36765 
From: @openeuler-sync-bot 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-03-16 03:02:42 +00:00
yexiao
33439c309c Fix some CVE 
fix CVE-2022-36763、CVE-2022-36764、CVE-2022-36765

Signed-off-by: yexiao <yexiao7@huawei.com>
(cherry picked from commit 45d7902c879c8a960a59b4d86c97ca7b7c1765c6)
 2024-03-11 09:58:09 +08:00
openeuler-ci-bot
bf93641b42
!182 修复CVE: CVE-2023-3446、CVE-2023-3817、CVE-2024-0727、CVE-2023-2975、CVE-2023-6129 
From: @Ye-Xiao12 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-03-04 12:54:37 +00:00
yexiao
73840139ff Fix some CVE 
CVE-2023-3446、CVE-2023-3817、CVE-2024-0727、CVE-2023-2975、CVE-2023-6129

Signed-off-by: yexiao <yexiao7@huawei.com>
 2024-03-01 11:18:10 +08:00
openeuler-ci-bot
d36cfacf44
!172 Added firmware scanning directory mapping for libvirt XML 
From: @duyiwei7w 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2024-02-08 02:11:48 +00:00
duyiwei
a0c638905f Added firmware scanning directory mapping for libvirt XML 
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
 2024-01-25 17:44:47 +08:00
openeuler-ci-bot
34e91a4d10
!164 upgrade to 202308 for support riscv64 and add a patch to fix build error on the riscv64 obs build environment. 
From: @ouuleilei 
Reviewed-by: @caojinhuajy, @yezengruan 
Signed-off-by: @yezengruan
 2023-09-13 03:24:54 +00:00
ouuleilei
d3d233a55d upgrade to 202308 for support riscv64 and add a patch to fix build error on the riscv64 obs build environment. 2023-09-12 10:08:28 +08:00
openeuler-ci-bot
2cc854a60f
!150 Fix miss of changelog 
From: @Ye-Xiao12 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2023-08-24 11:39:43 +00:00
yexiao
95521053a1 Fix miss of changelog 
Signed-off-by: yexiao <yexiao7@huawei.com>
 2023-07-27 03:49:50 +08:00
openeuler-ci-bot
6277244371
!139 solving the compilation failure problem of gcc 12.3.0 
From: @JiaboFeng 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw
 2023-07-14 06:09:36 +00:00
Jiabo Feng
b436e3c8aa solving the compilation failure problem of gcc 12.3.0 
reference:
https://github.com/google/brotli/pull/893
https://github.com/tianocore/edk2/pull/2347
https://github.com/tianocore/edk2/pull/2694

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
 2023-07-14 10:26:46 +08:00
openeuler-ci-bot
6b32063c62
!130 fix CVE-2022-4304 
From: @Ye-Xiao12 
Reviewed-by: @yezengruan, @caojinhuahw 
Signed-off-by: @caojinhuahw
 2023-07-07 01:50:37 +00:00
yexiao
f51f632f91 Fix CVE-2022-4304 
Signed-off-by: yexiao <yexiao7@huawei.com>
 2023-07-03 16:47:22 +08:00
openeuler-ci-bot
4f1df06310
!121 fix CVE-2023-0286 
From: @huiyingc 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2023-02-26 07:23:07 +00:00
chenhuiying
4515de537b fix CVE-2023-0286 
Signed-off-by: chenhuiying <chenhuiying4@huawei.com>
 2023-02-26 14:48:09 +08:00
openeuler-ci-bot
36448b1372
!117 fix CVE-2023-0215 
From: @huiyingc 
Reviewed-by: @yezengruan 
Signed-off-by: @yezengruan
 2023-02-26 05:42:26 +00:00