Package: edk2 / 2020.11-2+deb11u2

Metadata

Package Version Patches format
edk2 2020.11-2+deb11u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
no stack protector all archs.diff | (download)

BaseTools/Conf/tools_def.template | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 pass -fno-stack-protector to all gcc toolchains
 The upstream build rules inexplicably pass -fno-stack-protector only
 when building for i386 and amd64.  Add this essential argument to the
 generic rules for gcc 4.8 and later.
Last-Updated: 2019-03-14
brotlicompress disable.diff | (download)

BaseTools/Source/C/GNUmakefile | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 
 do not attempt to compile removed brotlicompress source
 BrotliCompress is not currently used, and including an embedded
 copy of its source could cause false-positives when scanning for
 security issues. This code is stripped from our orig.tar (at the request
 of the Ubuntu security team), so we also need to disable the build.
ovmf vars generator Pass OEM Strings to the guest.patch | (download)

qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator | 20 19 + 1 - 0 !
1 file changed, 19 insertions(+), 1 deletion(-)

 
 [patch] pass oem strings to the guest

Fixes #25

As a stop-gap solution to #25, expose the feature added in QEMU commit
2d6dcbf93fb0 ("smbios: support setting OEM strings table", 2017-12-05)
with the new option "--oemstring".

The caller of "ovmf-vars-generator" can format the PK/KEK1 certificate
that is the subject of #25 as a base64-encoded string, preceded by an
application prefix. This string can now be passed to
"EnrollDefaultKeys.efi" with "--oemstring".

Signed-off-by: Laszlo Ersek <lersek@redhat.com>
ovmf vars generator ignore qemu warnings.patch | (download)

qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 
 skip any warnings from qemu while waiting for uefi output
ovmf vars generator no defaults.patch | (download)

qemu-ovmf-secureboot-1-1-3/ovmf-vars-generator | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 
---
0001 SecurityPkg Create SecureBootVariableLib.patch | (download)

SecurityPkg/Include/Library/SecureBootVariableLib.h | 29 29 + 0 - 0 !
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 53 53 + 0 - 0 !
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.inf | 46 46 + 0 - 0 !
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.uni | 16 16 + 0 - 0 !
SecurityPkg/SecurityPkg.dec | 4 4 + 0 - 0 !
SecurityPkg/SecurityPkg.dsc | 1 1 + 0 - 0 !
6 files changed, 149 insertions(+)

 
 [patch 1/6] securitypkg: create securebootvariablelib.

This commits add library, which consist helper functions related
to creation/removal Secure Boot variables. Some of the functions
was moved from SecureBootConfigImpl.c file.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
0002 ArmVirtPkg add SecureBootVariableLib class resolutio.patch | (download)

ArmVirtPkg/ArmVirt.dsc.inc | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 [patch 3/6] armvirtpkg: add securebootvariablelib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

moves generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for ArmVirtPkg platform.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
0003 OvmfPkg add SecureBootVariableLib class resolution.patch | (download)

OvmfPkg/OvmfPkgIa32.dsc | 1 1 + 0 - 0 !
OvmfPkg/OvmfPkgIa32X64.dsc | 1 1 + 0 - 0 !
OvmfPkg/OvmfPkgX64.dsc | 1 1 + 0 - 0 !
3 files changed, 3 insertions(+)

 
 [patch 4/6] ovmfpkg: add securebootvariablelib class resolution

The edk2 patch
  SecurityPkg: Create library for setting Secure Boot variables.

moves generic functions from SecureBootConfigDxe and places
them into SecureBootVariableLib. This patch adds SecureBootVariableLib
mapping for OvmfPkg.

Signed-off-by: Grzegorz Bernacki <gjb@semihalf.com>
0004 SecurityPkg SecureBootVariableLib Added newly suppor.patch | (download)

SecurityPkg/Include/Library/SecureBootVariableLib.h | 13 13 + 0 - 0 !
SecurityPkg/Library/SecureBootVariableLib/SecureBootVariableLib.c | 38 38 + 0 - 0 !
2 files changed, 51 insertions(+)

 
 [patch] securitypkg: securebootvariablelib: added newly supported
 interfaces

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3911

This change updated the interfaces provided by SecureBootVariableLib.

The new additions provided interfaces to enroll single authenticated
variable from input, a helper function to query secure boot status,
enroll all secure boot variables from UefiSecureBoot.h defined data
structures, a as well as a routine that deletes all secure boot related
variables.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Min Xu <min.m.xu@intel.com>

Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Disable the Shell when SecureBoot is enabled.patch | (download)

ShellPkg/Application/Shell/Shell.c | 14 14 + 0 - 0 !
ShellPkg/Application/Shell/Shell.h | 3 3 + 0 - 0 !
ShellPkg/Application/Shell/Shell.inf | 2 2 + 0 - 0 !
ShellPkg/ShellPkg.dsc | 1 1 + 0 - 0 !
4 files changed, 20 insertions(+)

 
 shell: disable the shell when secureboot is enabled and not in
 SetupMode

Signed-off-by: Mate Kukri <mate.kukri@canonical.com>