[edk2-devel] Non-obvious network boot stack issues in OVMF after 4c4ceb2 (NetworkPkg: SECURITY PATCH CVE-2023-45237)

["Mike Beaton" <mjsbeaton@gmail.com>]

The network boot stack fails to load in OVMF after
4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 (NetworkPkg: SECURITY PATCH
CVE-2023-45237): https://bugzilla.tianocore.org/show_bug.cgi?id=4827

I have now understood that this is because the network stack drivers
have been updated to require an instance of gEfiRngProtocolGuid, so
OVMF now requires the `-device virtio-rng-pci` qemu option in order
for the network stack to load (this flag is required in order for
VirtioRngDxe to be able to provide the required protocol).

Two issues:

1. This is rather non-obvious - previously, the user set the
compilation options for the network stack, and the network stack
started. Ideally, perhaps, this would be fixed by adding some
documentation somewhere easily found, but I am not sure where. (By the
way, we don't get any helpful asserts which would lead us in the right
direction; the depex is never satisfied, so the network stack drivers
just never load.)

2. I also spotted that OvmfXen has neither RngDxe nor VirtioRngDxe - I
have never used OvmfXen, so I am not sure about this but (since these
seem to be the only two drivers which produce gEfiRngProtocolGuid) at
least at first glance it looks as if OvmfXen won't have any RNG for
the network stack now, so that it's network stack would not start?


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120312): https://edk2.groups.io/g/devel/message/120312
Mute This Topic: https://groups.io/mt/107822587/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-