| Message ID | 20240816154613.4030253-1-tgamblin@baylibre.com |
|---|---|
| State | New |
| Headers | show |
| Series | ovmf: upgrade edk2-stable202402 -> edk2-stable202405 | expand |
On Fri, 2024-08-16 at 11:46 -0400, Trevor Gamblin via lists.openembedded.org wrote: > Changelog (https://github.com/tianocore/edk2/releases): > > New Features & Bug Fixes > - SecurityPkg:Add EFI Device Authentication Signature Database and SPDM > - CryptoPkg:add additional RSAES-OAEP crypto functions > - OvmfPkg:Add 5-level paging support > - OvmfPkg:SEV-SNP Support for running under an SVSM > - OvmfPkg:RBP register shall be cleared in TDVMCALL > - OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742) > - Add SPI bus driver stack > - NetworkPkg: Predictable TCP ISNs > - NetworkPkg: Use of a Weak PseudoRandom Number Generator > - UefiCpuPkg: Add new SmmRelocationLib library > > Update Notes > - NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to > provide the right implementation of the EFI_RNG_PROTOCOL (i.e., using > a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is > not implemented, the platform will lose the ability to do network > boot. > > Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> > --- > meta/recipes-core/ovmf/ovmf_git.bb | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) I suspect this upgrade is the cause of these selftest failures: https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/7021/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/7021/steps/14/logs/stdio https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/7078/steps/14/logs/stdio Cheers, Richard
On 2024-08-18 9:55 a.m., Richard Purdie wrote: > On Fri, 2024-08-16 at 11:46 -0400, Trevor Gamblin via lists.openembedded.org wrote: >> Changelog (https://github.com/tianocore/edk2/releases): >> >> New Features & Bug Fixes >> - SecurityPkg:Add EFI Device Authentication Signature Database and SPDM >> - CryptoPkg:add additional RSAES-OAEP crypto functions >> - OvmfPkg:Add 5-level paging support >> - OvmfPkg:SEV-SNP Support for running under an SVSM >> - OvmfPkg:RBP register shall be cleared in TDVMCALL >> - OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742) >> - Add SPI bus driver stack >> - NetworkPkg: Predictable TCP ISNs >> - NetworkPkg: Use of a Weak PseudoRandom Number Generator >> - UefiCpuPkg: Add new SmmRelocationLib library >> >> Update Notes >> - NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to >> provide the right implementation of the EFI_RNG_PROTOCOL (i.e., using >> a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is >> not implemented, the platform will lose the ability to do network >> boot. >> >> Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> >> --- >> meta/recipes-core/ovmf/ovmf_git.bb | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) > I suspect this upgrade is the cause of these selftest failures: > > https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/7021/steps/14/logs/stdio > https://autobuilder.yoctoproject.org/typhoon/#/builders/80/builds/7021/steps/14/logs/stdio > https://autobuilder.yoctoproject.org/typhoon/#/builders/87/builds/7078/steps/14/logs/stdio Hmm, I'm not immediately sure what to do with it. I'll have to come back around to it soon, unless someone else decides to give it a try. > > Cheers, > > Richard
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 085574c0cbd..0d17da1d4d4 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb @@ -26,8 +26,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ file://0004-reproducible.patch \ " -PV = "edk2-stable202402" -SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768" +PV = "edk2-stable202405" +SRCREV = "3e722403cd16388a0e4044e705a2b34c841d76ca" UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)" CVE_PRODUCT = "edk2"
Changelog (https://github.com/tianocore/edk2/releases): New Features & Bug Fixes - SecurityPkg:Add EFI Device Authentication Signature Database and SPDM - CryptoPkg:add additional RSAES-OAEP crypto functions - OvmfPkg:Add 5-level paging support - OvmfPkg:SEV-SNP Support for running under an SVSM - OvmfPkg:RBP register shall be cleared in TDVMCALL - OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742) - Add SPI bus driver stack - NetworkPkg: Predictable TCP ISNs - NetworkPkg: Use of a Weak PseudoRandom Number Generator - UefiCpuPkg: Add new SmmRelocationLib library Update Notes - NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL (i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot. Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> --- meta/recipes-core/ovmf/ovmf_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)