!338 [openEuler-24.03-LTS]Confidential Computing Full Disk Encryption: Support build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption

From: @hanliyang 
Reviewed-by: @caojinhuahw 
Signed-off-by: @caojinhuahw

0086-Check-DSA-parameters-for-excessive-sizes-before-vali.patch

@@ -0,0 +1,198 @@
+From 9b551e31226d345984bc4dd64b0f8c8f768b9d0b Mon Sep 17 00:00:00 2001
+From: hy <12444214+dhjgty@user.noreply.gitee.com>
+Date: Sun, 16 Mar 2025 16:30:29 +0800
+Subject: [PATCH] Check DSA parameters for excessive sizes before validating
+ This avoids overly long computation of various validation checks.
+
+Fixes CVE-2024-4603
+
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+---
+ .../Library/OpensslLib/openssl/CHANGES.md     | 17 ++++++
+ .../OpensslLib/openssl/crypto/dsa/dsa_check.c | 44 ++++++++++++--
+ .../invalid/p10240_q256_too_big.pem           | 57 +++++++++++++++++++
+ 3 files changed, 114 insertions(+), 4 deletions(-)
+ create mode 100644 CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
+index 0fb1eb1f..2209e0ce 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
++++ b/CryptoPkg/Library/OpensslLib/openssl/CHANGES.md
+@@ -30,6 +30,23 @@ breaking changes, and mappings for the large list of deprecated functions.
+ 
+ ### Changes between 3.0.8 and 3.0.9 [30 May 2023]
+ 
++ * Fixed an issue where checking excessively long DSA keys or parameters may
++    be very slow.
++ 
++    Applications that use the functions EVP_PKEY_param_check() or
++    EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
++    experience long delays. Where the key or parameters that are being checked
++    have been obtained from an untrusted source this may lead to a Denial of
++    Service.
++ 
++    To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
++    will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
++    reason.
++ 
++    ([CVE-2024-4603])
++ 
++    *Tomáš Mráz*
++
+  * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
+    OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
+ 
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
+index 7ee914a4..ed01ea8f 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dsa/dsa_check.c
+@@ -19,8 +19,34 @@
+ #include "dsa_local.h"
+ #include "crypto/dsa.h"
+ 
++static int dsa_precheck_params(const DSA *dsa, int *ret)
++ {
++     if (dsa->params.p == NULL || dsa->params.q == NULL) {
++         ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
++         *ret = FFC_CHECK_INVALID_PQ;
++         return 0;
++     }
++ 
++     if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
++         ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
++         *ret = FFC_CHECK_INVALID_PQ;
++         return 0;
++     }
++ 
++     if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
++         ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
++         *ret = FFC_CHECK_INVALID_PQ;
++         return 0;
++     }
++ 
++     return 1;
++ }
++ 
+ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+ {
++   if (!dsa_precheck_params(dsa, ret))
++         return 0;
++
+     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
+         return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
+                                                FFC_PARAM_TYPE_DSA, ret);
+@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
+  */
+ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
++    if (!dsa_precheck_params(dsa, ret))
++         return 0;
++
+     return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
+ }
+ 
+@@ -49,6 +78,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+  */
+ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
+ {
++    if (!dsa_precheck_params(dsa, ret))
++         return 0;
++
+     return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
+ }
+ 
+@@ -56,8 +88,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
+ {
+     *ret = 0;
+ 
+-    return (dsa->params.q != NULL
+-            && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
++    if (!dsa_precheck_params(dsa, ret))
++         return 0;
++ 
++     return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
+ }
+ 
+ /*
+@@ -70,8 +104,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa)
+     BN_CTX *ctx = NULL;
+     BIGNUM *pub_key = NULL;
+ 
+-    if (dsa->params.p == NULL
+-        || dsa->params.g == NULL
++    if (!dsa_precheck_params(dsa, &ret))
++         return 0;
++
++    if (dsa->params.g == NULL
+         || dsa->priv_key == NULL
+         || dsa->pub_key == NULL)
+         return 0;
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
+new file mode 100644
+index 00000000..162be8a8
+--- /dev/null
++++ b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem
+@@ -0,0 +1,57 @@
++-----BEGIN DSA PARAMETERS-----
++ MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja
++ p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil
++ XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF
++ x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk
++ oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW
++ dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb
++ Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O
++ pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ
++ P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5
++ hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2
++ UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB
++ koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN
++ TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl
++ RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ
++ 4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg
++ c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG
++ cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE
++ DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN
++ Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2
++ rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8
++ PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd
++ UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW
++ 5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9
++ wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7
++ R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s
++ xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs
++ 0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN
++ uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy
++ 9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx
++ TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36
++ gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2
++ ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B
++ R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8
++ F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W
++ SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl
++ +3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX
++ UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq
++ fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX
++ qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot
++ B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK
++ hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco
++ 4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD
++ vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3
++ k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy
++ i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct
++ 9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+
++ ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd
++ Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG
++ KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E
++ x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk
++ XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF
++ YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d
++ ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa
++ 4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D
++ vKuje86bePD6kD/LH3wmkA==
++ -----END DSA PARAMETERS-----
+-- 
+2.33.0
+

0087-Harden-BN_GF2m_poly2arr-against-misuse.patch

@@ -0,0 +1,187 @@
+From 2a0fa58af18f2ab5435ee2cefa6a02cacfb18818 Mon Sep 17 00:00:00 2001
+From: hy <941973499@qq.com>
+Date: Fri, 28 Mar 2025 22:48:57 +0800
+Subject: [PATCH] Harden BN_GF2m_poly2arr against misuse. The
+ BN_GF2m_poly2arr() function converts characteristic-2 field (GF_{2^m}) Galois
+ polynomials from a representation as a BIGNUM bitmask, to a compact array
+ with just the exponents of the non-zero terms.
+
+These polynomials are then used in BN_GF2m_mod_arr() to perform modular
+reduction.  A precondition of calling BN_GF2m_mod_arr() is that the
+polynomial must have a non-zero constant term (i.e. the array has `0` as
+its final element).
+
+Internally, callers of BN_GF2m_poly2arr() did not verify that
+precondition, and binary EC curve parameters with an invalid polynomial
+could lead to out of bounds memory reads and writes in BN_GF2m_mod_arr().
+
+The precondition is always true for polynomials that arise from the
+standard form of EC parameters for characteristic-two fields (X9.62).
+See the "Finite Field Identification" section of:
+
+    https://www.itu.int/ITU-T/formal-language/itu-t/x/x894/2018-cor1/ANSI-X9-62.html
+
+The OpenSSL GF(2^m) code supports only the trinomial and pentanomial
+basis X9.62 forms.
+
+This commit updates BN_GF2m_poly2arr() to return `0` (failure) when
+the constant term is zero (i.e. the input bitmask BIGNUM is not odd).
+
+Additionally, the return value is made unambiguous when there is not
+enough space to also pad the array with a final `-1` sentinel value.
+The return value is now always the number of elements (including the
+final `-1`) that would be filled when the output array is sufficiently
+large.  Previously the same count was returned both when the array has
+just enough room for the final `-1` and when it had only enough space
+for non-sentinel values.
+
+Finally, BN_GF2m_poly2arr() is updated to reject polynomials whose
+degree exceeds `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against
+CPU exhausition attacks via excessively large inputs.
+
+The above issues do not arise in processing X.509 certificates.  These
+generally have EC keys from "named curves", and RFC5840 (Section 2.1.1)
+disallows explicit EC parameters.  The TLS code in OpenSSL enforces this
+constraint only after the certificate is decoded, but, even if explicit
+parameters are specified, they are in X9.62 form, which cannot represent
+problem values as noted above.
+
+Initially reported as oss-fuzz issue 71623.
+---
+ .../OpensslLib/openssl/crypto/bn/bn_gf2m.c    | 28 +++++++---
+ .../openssl/test/ec_internal_test.c           | 51 +++++++++++++++++++
+ 2 files changed, 71 insertions(+), 8 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
+index 304c2ea0..65e9958c 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/bn/bn_gf2m.c
+@@ -15,6 +15,7 @@
+ #include "bn_local.h"
+ 
+ #ifndef OPENSSL_NO_EC2M
++# include <openssl/ec.h>
+ 
+ /*
+  * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+@@ -1134,16 +1135,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ /*
+  * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+  * x^i) into an array of integers corresponding to the bits with non-zero
+- * coefficient.  Array is terminated with -1. Up to max elements of the array
+- * will be filled.  Return value is total number of array elements that would
+- * be filled if array was large enough.
++ * coefficient.  The array is intended to be suitable for use with
++ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
++ * zero.  This translates to a requirement that the input BIGNUM `a` is odd.
++ *
++ * Given sufficient room, the array is terminated with -1.  Up to max elements
++ * of the array will be filled.
++ *
++ * The return value is total number of array elements that would be filled if
++ * array was large enough, including the terminating `-1`.  It is `0` when `a`
++ * is not odd or the constant term is zero contrary to requirement.
++ *
++ * The return value is also `0` when the leading exponent exceeds
++ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
+  */
+ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+ {
+     int i, j, k = 0;
+     BN_ULONG mask;
+ 
+-    if (BN_is_zero(a))
++    if (!BN_is_odd(a))
+         return 0;
+ 
+     for (i = a->top - 1; i >= 0; i--) {
+@@ -1161,12 +1172,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+         }
+     }
+ 
+-    if (k < max) {
++    if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
++        return 0;
++
++    if (k < max)
+         p[k] = -1;
+-        k++;
+-    }
+ 
+-    return k;
++    return k + 1;
+ }
+ 
+ /*
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c b/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
+index 8c2cd056..484cbb2a 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/test/ec_internal_test.c
+@@ -155,6 +155,56 @@ static int field_tests_ecp_mont(void)
+ }
+ 
+ #ifndef OPENSSL_NO_EC2M
++/* Test that decoding of invalid GF2m field parameters fails. */
++ static int ec2m_field_sanity(void)
++ {
++     int ret = 0;
++     BN_CTX *ctx = BN_CTX_new();
++     BIGNUM *p, *a, *b;
++     EC_GROUP *group1 = NULL, *group2 = NULL, *group3 = NULL;
++
++     TEST_info("Testing GF2m hardening\n");
++
++     BN_CTX_start(ctx);
++     p = BN_CTX_get(ctx);
++     a = BN_CTX_get(ctx);
++     if (!TEST_ptr(b = BN_CTX_get(ctx))
++         || !TEST_true(BN_one(a))
++         || !TEST_true(BN_one(b)))
++         goto out;
++
++     /* Even pentanomial value should be rejected */
++     if (!TEST_true(BN_set_word(p, 0xf2)))
++         goto out;
++     if (!TEST_ptr_null(group1 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++         TEST_error("Zero constant term accepted in GF2m polynomial");
++
++     /* Odd hexanomial should also be rejected */
++     if (!TEST_true(BN_set_word(p, 0xf3)))
++         goto out;
++     if (!TEST_ptr_null(group2 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++         TEST_error("Hexanomial accepted as GF2m polynomial");
++
++     /* Excessive polynomial degree should also be rejected */
++     if (!TEST_true(BN_set_word(p, 0x71))
++         || !TEST_true(BN_set_bit(p, OPENSSL_ECC_MAX_FIELD_BITS + 1)))
++         goto out;
++     if (!TEST_ptr_null(group3 = EC_GROUP_new_curve_GF2m(p, a, b, ctx)))
++         TEST_error("GF2m polynomial degree > %d accepted",
++                    OPENSSL_ECC_MAX_FIELD_BITS);
++
++     ret = group1 == NULL && group2 == NULL && group3 == NULL;
++
++  out:
++     EC_GROUP_free(group1);
++     EC_GROUP_free(group2);
++     EC_GROUP_free(group3);
++     BN_CTX_end(ctx);
++     BN_CTX_free(ctx);
++
++     return ret;
++ }
++
+ /* test EC_GF2m_simple_method directly */
+ static int field_tests_ec2_simple(void)
+ {
+@@ -443,6 +493,7 @@ int setup_tests(void)
+     ADD_TEST(field_tests_ecp_simple);
+     ADD_TEST(field_tests_ecp_mont);
+ #ifndef OPENSSL_NO_EC2M
++    ADD_TEST(ec2m_field_sanity);
+     ADD_TEST(field_tests_ec2_simple);
+ #endif
+     ADD_ALL_TESTS(field_tests_default, crv_len);
+-- 
+2.33.0
+

0088-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch

@@ -0,0 +1,185 @@
+From 6460d06c6f028154088ea7db4a44821ffabfe9e6 Mon Sep 17 00:00:00 2001
+From: hy <941973499@qq.com>
+Date: Sat, 26 Apr 2025 23:38:23 +0800
+Subject: [PATCH] SecurityPkg: Out of bound read in HashPeImageByType() In
+ HashPeImageByType(), the hash of PE/COFF image is calculated. This function
+ may get untrusted input.
+
+Inside this function, the following code verifies the loaded image has
+the correct format, by reading the second byte of the buffer.
+
+```c
+  if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
+  	...
+  }
+```
+
+The input image is not trusted and that may not have the second byte to
+read. So this poses an out of bound read error.
+
+With below fix we are assuring that we don't do out of bound read. i.e,
+we make sure that AuthDataSize is greater than 1.
+
+```c
+  if (AuthDataSize > 1
+      && (*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE){
+    ...
+  }
+```
+
+AuthDataSize size is verified before reading the second byte.
+So if AuthDataSize is less than 2, the second byte will not be read, and
+the out of bound read situation won't occur.
+
+Tested the patch on real platform with and without TPM connected and
+verified image is booting fine.
+
+Authored-by: Raj AlwinX Selvaraj <Alw...@intel.com>
+Signed-off-by: Doug Flick <DougFlick@microsoft.com>
+---
+ .../DxeImageVerificationLib.c                 | 37 ++++++++++---------
+ SecurityPkg/SecurityFixes.yaml                | 15 ++++++++
+ .../SecureBootConfigImpl.c                    | 37 +++++++++++--------
+ 3 files changed, 55 insertions(+), 34 deletions(-)
+
+diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+index 5d8dbd54..157318b1 100644
+--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
++++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+@@ -618,6 +618,7 @@ Done:
+   @param[in]  AuthDataSize        Size of the Authenticode Signature in bytes.
+ 
+   @retval EFI_UNSUPPORTED             Hash algorithm is not supported.
++  @retval EFI_BAD_BUFFER_SIZE         AuthData provided is invalid size.
+   @retval EFI_SUCCESS                 Hash successfully.
+ 
+ **/
+@@ -629,28 +630,28 @@ HashPeImageByType (
+ {
+   UINT8  Index;
+ 
+-  for (Index = 0; Index < HASHALG_MAX; Index++) {
++  //
++  // Check the Hash algorithm in PE/COFF Authenticode.
++  //    According to PKCS#7 Definition:
++  //        SignedData ::= SEQUENCE {
++  //            version Version,
++  //            digestAlgorithms DigestAlgorithmIdentifiers,
++  //            contentInfo ContentInfo,
++  //            .... }
++  //    The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
++  //    This field has the fixed offset (+32) in final Authenticode ASN.1 data.
++  //    Fixed offset (+32) is calculated based on two bytes of length encoding.
++  //
++  if ((AuthDataSize > 1) && ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE)) {
+     //
+-    // Check the Hash algorithm in PE/COFF Authenticode.
+-    //    According to PKCS#7 Definition:
+-    //        SignedData ::= SEQUENCE {
+-    //            version Version,
+-    //            digestAlgorithms DigestAlgorithmIdentifiers,
+-    //            contentInfo ContentInfo,
+-    //            .... }
+-    //    The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
+-    //    This field has the fixed offset (+32) in final Authenticode ASN.1 data.
+-    //    Fixed offset (+32) is calculated based on two bytes of length encoding.
++    // Only support two bytes of Long Form of Length Encoding.
+     //
+-    if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
+-      //
+-      // Only support two bytes of Long Form of Length Encoding.
+-      //
+-      continue;
+-    }
++    return EFI_BAD_BUFFER_SIZE;
++  }
+ 
++  for (Index = 0; Index < HASHALG_MAX; Index++) {
+     if (AuthDataSize < 32 + mHash[Index].OidLength) {
+-      return EFI_UNSUPPORTED;
++      continue;
+     }
+ 
+     if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
+diff --git a/SecurityPkg/SecurityFixes.yaml b/SecurityPkg/SecurityFixes.yaml
+index ceaaa256..0b24844d 100644
+--- a/SecurityPkg/SecurityFixes.yaml
++++ b/SecurityPkg/SecurityFixes.yaml
+@@ -34,3 +34,18 @@ CVE_2022_36764:
+   - Library\DxeTpmMeasureBootLib\DxeTpmMeasureBootLib.c
+   links:
+   - https://bugzilla.tianocore.org/show_bug.cgi?id=4118
++CVE_2024_38797:
++  commit-titles:
++    - "SecurityPkg: Out of bound read in HashPeImageByType()"
++    - "SecurityPkg: Improving HashPeImageByType () logic"
++    - "SecurityPkg: Improving SecureBootConfigImpl:HashPeImageByType () logic"
++  cve: CVE-2024-38797
++  date_reported: 2024-06-04 12:00 UTC
++  description: Out of bound read in HashPeImageByType()
++  note:
++  files_impacted:
++    - SecurityPkg\Library\DxeImageVerificationLib\DxeImageVerificationLib.c
++    - SecurityPkg\VariableAuthenticated\SecureBootConfigDxe\SecureBootConfigImpl.c
++  links:
++    - https://bugzilla.tianocore.org/show_bug.cgi?id=2214
++    - https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
+diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+index 0e31502b..02aa142b 100644
+--- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
++++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
+@@ -2079,30 +2079,35 @@ HashPeImageByType (
+ {
+   UINT8                     Index;
+   WIN_CERTIFICATE_EFI_PKCS  *PkcsCertData;
++  UINT32                    PkcsCertSize;
+ 
+   PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)(mImageBase + mSecDataDir->Offset);
++  PkcsCertSize = mSecDataDir->SizeOfCert;
+ 
+-  for (Index = 0; Index < HASHALG_MAX; Index++) {
++  //
++  // Check the Hash algorithm in PE/COFF Authenticode.
++  //    According to PKCS#7 Definition:
++  //        SignedData ::= SEQUENCE {
++  //            version Version,
++  //            digestAlgorithms DigestAlgorithmIdentifiers,
++  //            contentInfo ContentInfo,
++  //            .... }
++  //    The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
++  //    This field has the fixed offset (+32) in final Authenticode ASN.1 data.
++  //    Fixed offset (+32) is calculated based on two bytes of length encoding.
++  //
++  if ((PkcsCertSize > 1) && ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE)) {
+     //
+-    // Check the Hash algorithm in PE/COFF Authenticode.
+-    //    According to PKCS#7 Definition:
+-    //        SignedData ::= SEQUENCE {
+-    //            version Version,
+-    //            digestAlgorithms DigestAlgorithmIdentifiers,
+-    //            contentInfo ContentInfo,
+-    //            .... }
+-    //    The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
+-    //    This field has the fixed offset (+32) in final Authenticode ASN.1 data.
+-    //    Fixed offset (+32) is calculated based on two bytes of length encoding.
++    // Only support two bytes of Long Form of Length Encoding.
+     //
+-    if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
+-      //
+-      // Only support two bytes of Long Form of Length Encoding.
+-      //
++    return EFI_BAD_BUFFER_SIZE;
++  }
++
++  for (Index = 0; Index < HASHALG_MAX; Index++) {
++    if (PkcsCertSize < 32 + mHash[Index].OidLength) {
+       continue;
+     }
+ 
+-    //
+     if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
+       break;
+     }
+-- 
+2.33.0
+

0089-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch

@@ -0,0 +1,89 @@
+From ac649358f044a4fa25327cf2ed6db6d35b8bd8be Mon Sep 17 00:00:00 2001
+From: hanliyang <hanliyang@hygon.cn>
+Date: Fri, 2 Aug 2024 02:06:58 +0800
+Subject: [PATCH] OvmfPkg/AmdSev: Integrate grub2 x86_64-efi modules from the
+ system path to grub.efi which is used to support Full Disk Encryption
+
+The pull request at https://gitee.com/src-openeuler/grub2/pulls/468
+added efisecret.mod to the grub2-efi-x64-modules package. Based on this
+package, we can build OVMF.fd using AmdSevX64.dsc to support booting a
+VM with full disk encryption.
+
+* How to build the OVMF.fd manually:
+
+  When we build the OVMF.fd which support full-disk encryption, we
+  should delete stale grub.efi in the source tree:
+
+  $ rm OvmfPkg/AmdSev/Grub/grub.efi
+
+  And specify the dsc file:
+
+  $ OvmfPkg/build.sh ... -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc ...
+
+Signed-off-by: hanliyang <hanliyang@hygon.cn>
+---
+ OvmfPkg/AmdSev/Grub/grub.cfg | 22 +++++++++++++++-------
+ OvmfPkg/AmdSev/Grub/grub.sh  |  3 +--
+ 2 files changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
+index 17be9427..93eea0b4 100644
+--- a/OvmfPkg/AmdSev/Grub/grub.cfg
++++ b/OvmfPkg/AmdSev/Grub/grub.cfg
+@@ -10,16 +10,12 @@
+ ##
+ 
+ echo "Entering grub config"
+-sevsecret
++cryptomount -s efisecret
+ if [ $? -ne 0 ]; then
+     echo "Failed to locate anything in the SEV secret area, prompting for password"
++    echo "OR"
++    echo "Failed to mount root securely, retrying with password prompt"
+     cryptomount -a
+-else
+-    cryptomount -s
+-    if [ $? -ne 0 ]; then
+-        echo "Failed to mount root securely, retrying with password prompt"
+-        cryptomount -a
+-    fi
+ fi
+ set root=
+ for f in (crypto*); do
+@@ -27,6 +23,18 @@ for f in (crypto*); do
+         set root=$f
+         set prefix=($root)/boot/grub
+         break;
++    elif [ -e $f/boot/grub2/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/boot/grub
++        break;
++    elif [ -e $f/grub/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/grub
++        break;
++    elif [ -e $f/grub2/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/grub2
++        break;
+     fi
+ done
+ if [ x$root = x ]; then
+diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
+index 99807d72..760a03b8 100644
+--- a/OvmfPkg/AmdSev/Grub/grub.sh
++++ b/OvmfPkg/AmdSev/Grub/grub.sh
+@@ -42,9 +42,8 @@ GRUB_MODULES="
+             test
+             regexp
+             linux
+-            linuxefi
+             reboot
+-            sevsecret
++            efisecret
+             "
+ basedir=$(dirname -- "$0")
+ 
+-- 
+2.43.0
+

edk2.spec

@@ -7,7 +7,7 @@
 
 Name: edk2
 Version: %{stable_date}
-Release: 20
+Release: 25
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent and OpenSSL and MIT 
 URL: https://github.com/tianocore/edk2
@@ -137,8 +137,29 @@ patch83: 0083-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
 patch84: 0084-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
 patch85: 0085-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
 
+# Fix CVE-2024-4603
+patch86: 0086-Check-DSA-parameters-for-excessive-sizes-before-vali.patch 
+
+# Fix CVE-2024-9143
+patch87: 0087-Harden-BN_GF2m_poly2arr-against-misuse.patch
+
+# Fix CVE-2024-38797
+patch88: 0088-SecurityPkg-Out-of-bound-read-in-HashPeImageByType.patch
+
+# Get grub2 x64 module from CI system path when building OVMF.fd using
+# AmdSevX64.dsc, this will enable the OVMF.amdsev.fd to support Full Disk
+# Encryption right out of the box.
+patch89: 0089-OvmfPkg-AmdSev-Integrate-grub2-x86_64-efi-modules-fr.patch
+
 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl 
 
+%ifarch x86_64
+# For build OVMF.fd using AmdSevX64.dsc, we need
+#   mtools mkfs.msdos grub2-mkimage grub2-efi-x64-modules packages
+# if we don't touch dummy grub.efi.
+BuildRequires: mtools dosfstools grub2-tools grub2-efi-x64-modules
+%endif
+
 %description
 EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. 
 
@@ -265,6 +286,9 @@ build $BUILD_OPTION
     for ovmf_bin in $(ls Build/OvmfX64/*/FV/OVMF*.fd.secure_boot); do
         mv ${ovmf_bin} $(echo ${ovmf_bin} | sed 's/\.secure_boot//')
     done
+
+    BUILD_OPTION=$(echo $BUILD_OPTION | sed 's/ -p OvmfPkg\/OvmfPkgX64.dsc/ -p OvmfPkg\/AmdSev\/AmdSevX64.dsc/g')
+    build $BUILD_OPTION
 %endif
 
 %install
@@ -313,6 +337,8 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %ifarch x86_64
+    mkdir -p %{buildroot}/usr/share/%{name}/ovmf.amdsev
+    mv Build/AmdSev/*/FV/OVMF*.fd %{buildroot}/usr/share/%{name}/ovmf.amdsev
     mkdir -p %{buildroot}/usr/share/%{name}/ovmf.nosb
     mv Build/OvmfX64/*/FV/OVMF*.nosb.fd %{buildroot}/usr/share/%{name}/ovmf.nosb
     mkdir -p %{buildroot}/usr/share/%{name}/ovmf
@@ -399,6 +425,7 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/ovmf
 %{_datadir}/%{name}/ovmf.nosb
+%{_datadir}/%{name}/ovmf.amdsev
 %{_datadir}/qemu/firmware/10-edk2-ovmf-x64-nosb.json
 %endif
 
@@ -427,6 +454,21 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %changelog
+* Mon Apr 28 2025 hanliyang<hanliyang@hygon.cn> - 202308-25
+- Build OVMF.fd using AmdSevX64.dsc to support Full Disk Encryption
+
+* Sun Apr 27 2025 huyu<huyu70@h-partners.com> - 202308-24
+- fix CVE-2024-38797
+
+* Fri Mar 28 2025 huyu<huyu70@h-partners.com> - 202308-23
+- fix CVE-2024-9143
+
+* Tue Mar 18 2025 hanliyang<hanliyang@hygon.cn> - 202308-22
+- Add build process that uses OvmfPkg/AmdSev/AmdSevX64.dsc
+
+* Mon Mar 17 2025 huyu<huyu70@h-partners.com> - 202308-21
+- fix CVE-2024-4603
+
 * Thu Mar 13 2025 hanliyang<hanliyang@hygon.cn> - 202308-20
 - Fix boot failure on OvmfPkg/AmdSev