Re: [edk2-devel] Assistance Needed: ArmVirtPkg

["Ard Biesheuvel" <ardb@kernel.org>]

There are no code changes, the only difference is adding the --pcd
PcdMonitorConduitHvc=TRUE option to the build.sh command line, and
running QEMU with -device virtio-rng-pci (which we should be doing in
any case, IMO)

The DEPEX might fix this, and this is actually the appropriate thing
to do if the driver cannot even be dispatched without the RNG protocol
available. However, I'm not convinced this is the right approach - I
think dispatching the driver but failing in the Supported() call on a
missing RNG protocol would be less disruptive, and give more
opportunity for a meaningful warning/error message to the actual user.

But I must admit I have only taken a very cursory look at the
underlying CVE and your proposed mitigation.



On Wed, 8 May 2024 at 00:28, Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> Thanks Ard for the explanation! Would you be able to tell me the exact changes you made to get to this point and if that would be an acceptable change to make to get these CVE patches on the mailing list? I'm happy adding the depex but fundamentally I think the goal is get these patches into this release. My attempts to rollback some of my changes and use VirtioRngDxe have been unsuccessful so far.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118649): https://edk2.groups.io/g/devel/message/118649
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-