回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "gaoliming via groups.io" <gaoliming=byosoft.com.cn@groups.io>
To: <devel@edk2.groups.io>, <gaoliming@byosoft.com.cn>,
	<kraxel@redhat.com>, "'Ard Biesheuvel'" <ardb@kernel.org>
Cc: <dougflick@microsoft.com>,
	"'Michael D Kinney'" <michael.d.kinney@intel.com>,
	"'Andrew Fish'" <afish@apple.com>, <quic_llindhol@quicinc.com>
Subject: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237
Date: Sat, 25 May 2024 00:00:12 +0800	[thread overview]
Message-ID: <007b01daadf3$75c0f8d0$6142ea70$@byosoft.com.cn> (raw)
In-Reply-To: <17D27450B424AC2B.30215@groups.io>

Hi, all

Because this patch fixes two CVE, I decide to include them in this stable
tag 202405. 

https://github.com/tianocore/edk2/pull/5582 has been merged. 

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 gaoliming via
> groups.io
> 发送时间: 2024年5月24日 22:51
> 收件人: devel@edk2.groups.io; kraxel@redhat.com; 'Ard Biesheuvel'
> <ardb@kernel.org>
> 抄送: dougflick@microsoft.com; 'Michael D Kinney'
> <michael.d.kinney@intel.com>; 'Andrew Fish' <afish@apple.com>;
> quic_llindhol@quicinc.com
> 主题: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
> 
> Gerd and Ard:
>   Thanks for your comments. I understand this CVE fix requires
> EFI_RNG_PROTOCOL. I will add this requirement in the release note.
> 
> Thanks
> Liming
> > -----邮件原件-----
> > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Gerd
> Hoffmann
> > 发送时间: 2024年5月24日 19:49
> > 收件人: Ard Biesheuvel <ardb@kernel.org>
> > 抄送: devel@edk2.groups.io; gaoliming@byosoft.com.cn;
> > dougflick@microsoft.com; Michael D Kinney <michael.d.kinney@intel.com>;
> > Andrew Fish <afish@apple.com>; quic_llindhol@quicinc.com
> > 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> > CVE-2023-45237
> >
> > On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> > > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> > > <gaoliming=byosoft.com.cn@groups.io> wrote:
> > > >
> > > > Ard:
> > > >   Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that
> > includes 20 commits. You can check them.
> > > >
> > >
> > > This looks fine to me in principle.
> > >
> > > Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> > >
> > > However, IIUC, the impact of this series is that all out-of-tree
> > > platforms that lack the right implementation of the EFI_RNG_PROTOCOL
> > > (i.e., using a GUID that appears in the allowlist) will lose the
> > > ability to do network boot. If that is a tolerable result, I am fine
> > > with that too, but I think it needs to be made very clear in the
> > > stable tag release notes.
> >
> > Tested the v3 series with OVMF, results are as expected:  Without
> > virtio-rng-pci network boot does not work.  With virtio-rng-pci
> > everything is fine.
> >
> > Tested-by: Gerd Hoffmann <kraxel@redhat.com>
> > Acked-by: Gerd Hoffmann <kraxel@redhat.com>
> >
> > Agree that this must be noted in the release notes.
> >
> > Related: I'm working on patch series adding RngDxe to OVMF with
> > runtime rdrand detection:
> > https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/
> >
> > take care,
> >   Gerd
> >
> >
> >
> >
> >
> 
> 
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119258): https://edk2.groups.io/g/devel/message/119258
Mute This Topic: https://groups.io/mt/106284249/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next prev parent reply	other threads:[~2024-05-24 16:00 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-24  5:44 [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 01/20] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 02/20] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 03/20] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 04/20] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 05/20] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 06/20] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-24  5:44 ` [edk2-devel] [PATCH v3 07/20] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-24  5:53   ` Yao, Jiewen
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 08/20] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 09/20] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 10/20] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 11/20] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 12/20] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 13/20] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 14/20] ArmPkg: Allow SMC/HVC monitor conduit to be specified at runtime Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 15/20] ArmVirtPkg: Move PcdMonitorConduitHvc Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 16/20] MdePkg/BaseRngLib AARCH64: Remove overzealous ASSERT() Doug Flick via groups.io
2024-05-24  6:47   ` 回复: " gaoliming via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 17/20] ArmVirtPkg/ArmVirtQemu: Permit the use of dynamic PCDs in PEI Doug Flick via groups.io
2024-05-24  5:45 ` [edk2-devel] [PATCH v3 18/20] ArmVirtPkg: Use dynamic PCD to set the SMCCC conduit Doug Flick via groups.io
2024-05-24  7:01 ` 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-24  7:07   ` Ard Biesheuvel
2024-05-24  9:12     ` 回复: " gaoliming via groups.io
2024-05-24  9:41       ` Ard Biesheuvel
2024-05-24 11:48         ` Gerd Hoffmann
2024-05-24 14:51           ` 回复: " gaoliming via groups.io
2024-05-24 16:50             ` [edk2-devel] " Doug Flick via groups.io
2024-05-25  4:33               ` 回复: " gaoliming via groups.io
     [not found]           ` <17D27450B424AC2B.30215@groups.io>
2024-05-24 16:00             ` gaoliming via groups.io [this message]
2024-05-29 13:09 ` Gerd Hoffmann
2024-05-30  5:07   ` 回复: " gaoliming via groups.io
2024-05-30  9:31     ` Gerd Hoffmann
2024-05-30 10:08       ` Michael Brown
2024-05-30 10:33         ` Gerd Hoffmann
2024-05-30 10:49           ` Michael Brown
2024-05-30 11:48             ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='007b01daadf3$75c0f8d0$6142ea70$@byosoft.com.cn' \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox