From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B10E09412A9 for ; Sat, 10 Aug 2024 09:08:36 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dnANaIKamaqLJxC3IrRnSECQUEL7GiNv4U7RropupZk=; c=relaxed/simple; d=groups.io; h=MIME-Version:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1723280916; v=1; b=Z8EXnffbwDBNq8eku1ufk75j5jBWM2ZlFoJ7G8YygeC7to1AXnmX80cEoQiwabkV/nUpmyDV QhrS+cg9nEPqyZx3Q/BGkH8Lh+pNrzIH4fQMxFUrn2vKHHepp4I1wAgHoXPtFS/z3Yi3XRW01Wk VL/gc1ZBdOtphhIoX5IJDH5J0sexmmF0rLyuElNNNt9yDxB1YKotE8ER3cqQVgOpE3NX5lxhz5a fHQIPyG4IjmFadvBR47f+RoVr68lGE+z+0JXlDbnQDNpChr9MYZv3HVlmxtsAZG6Eygy8ft9Iot pN+Y36kLXXHemJaeu9CPrH6ki001yCiRe5XY9aV1T6jow== X-Received: by 127.0.0.2 with SMTP id rIPeYY7687511x2WVEX0mWMk; Sat, 10 Aug 2024 02:08:35 -0700 X-Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.web10.2425.1723280914326163121 for ; Sat, 10 Aug 2024 02:08:34 -0700 X-Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-367940c57ddso1531283f8f.3 for ; Sat, 10 Aug 2024 02:08:34 -0700 (PDT) X-Gm-Message-State: 84fmaVix9XvSP0YeocONeAuHx7686176AA= X-Google-Smtp-Source: AGHT+IGDqXvCGv4JHURo67ugT2/qvn/gBkEIAfsjg3fT7JYD2LMp7nXh+gI1VgWkU91vwfsEHXSivy2DiQLBdrhftUc= X-Received: by 2002:adf:b1dd:0:b0:367:434f:caa2 with SMTP id ffacd0b85a97d-36d5ad9c793mr2743477f8f.0.1723280911795; Sat, 10 Aug 2024 02:08:31 -0700 (PDT) MIME-Version: 1.0 From: "Mike Beaton" Date: Sat, 10 Aug 2024 10:08:20 +0100 Message-ID: Subject: [edk2-devel] Non-obvious network boot stack issues in OVMF after 4c4ceb2 (NetworkPkg: SECURITY PATCH CVE-2023-45237) To: devel@edk2.groups.io Cc: Ard Biesheuvel , dougflick@microsoft.com, Gerd Hoffmann Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sat, 10 Aug 2024 02:08:34 -0700 Resent-From: mjsbeaton@gmail.com Reply-To: devel@edk2.groups.io,mjsbeaton@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=Z8EXnffb; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io The network boot stack fails to load in OVMF after 4c4ceb2ceb80c42fd5545b2a4bd80321f07f4345 (NetworkPkg: SECURITY PATCH CVE-2023-45237): https://bugzilla.tianocore.org/show_bug.cgi?id=4827 I have now understood that this is because the network stack drivers have been updated to require an instance of gEfiRngProtocolGuid, so OVMF now requires the `-device virtio-rng-pci` qemu option in order for the network stack to load (this flag is required in order for VirtioRngDxe to be able to provide the required protocol). Two issues: 1. This is rather non-obvious - previously, the user set the compilation options for the network stack, and the network stack started. Ideally, perhaps, this would be fixed by adding some documentation somewhere easily found, but I am not sure where. (By the way, we don't get any helpful asserts which would lead us in the right direction; the depex is never satisfied, so the network stack drivers just never load.) 2. I also spotted that OvmfXen has neither RngDxe nor VirtioRngDxe - I have never used OvmfXen, so I am not sure about this but (since these seem to be the only two drivers which produce gEfiRngProtocolGuid) at least at first glance it looks as if OvmfXen won't have any RNG for the network stack now, so that it's network stack would not start? -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120312): https://edk2.groups.io/g/devel/message/120312 Mute This Topic: https://groups.io/mt/107822587/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-