From: "Mike Beaton" <mjsbeaton@gmail.com>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb@kernel.org>,
dougflick@microsoft.com, Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] Non-obvious network boot stack issues in OVMF after 4c4ceb2 (NetworkPkg: SECURITY PATCH CVE-2023-45237)
Date: Sat, 10 Aug 2024 10:08:20 +0100 [thread overview]
Message-ID: <CAHzAAWSd9UefjhYbRXT8bTC5uYSur0F6COmZTmWYd78BppMHhQ@mail.gmail.com> (raw)
The network boot stack fails to load in OVMF after
4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 (NetworkPkg: SECURITY PATCH
CVE-2023-45237): https://bugzilla.tianocore.org/show_bug.cgi?id=4827
I have now understood that this is because the network stack drivers
have been updated to require an instance of gEfiRngProtocolGuid, so
OVMF now requires the `-device virtio-rng-pci` qemu option in order
for the network stack to load (this flag is required in order for
VirtioRngDxe to be able to provide the required protocol).
Two issues:
1. This is rather non-obvious - previously, the user set the
compilation options for the network stack, and the network stack
started. Ideally, perhaps, this would be fixed by adding some
documentation somewhere easily found, but I am not sure where. (By the
way, we don't get any helpful asserts which would lead us in the right
direction; the depex is never satisfied, so the network stack drivers
just never load.)
2. I also spotted that OvmfXen has neither RngDxe nor VirtioRngDxe - I
have never used OvmfXen, so I am not sure about this but (since these
seem to be the only two drivers which produce gEfiRngProtocolGuid) at
least at first glance it looks as if OvmfXen won't have any RNG for
the network stack now, so that it's network stack would not start?
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120312): https://edk2.groups.io/g/devel/message/120312
Mute This Topic: https://groups.io/mt/107822587/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next reply other threads:[~2024-08-10 9:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-10 9:08 Mike Beaton [this message]
2024-08-21 10:38 ` [edk2-devel] Non-obvious network boot stack issues in OVMF after 4c4ceb2 (NetworkPkg: SECURITY PATCH CVE-2023-45237) Gerd Hoffmann
2024-08-21 11:36 ` Mike Beaton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHzAAWSd9UefjhYbRXT8bTC5uYSur0F6COmZTmWYd78BppMHhQ@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox