Hi, all Because this patch fixes two CVE, I decide to include them in this stable tag 202405.
https://github.com/tianocore/edk2/pull/5582 has been merged. Thanks Liming > -----邮件原件----- > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 gaoliming via > groups.io > 发送时间: 2024年5月24日 22:51 > 收件人: devel@edk2.groups.io; kra...@redhat.com; 'Ard Biesheuvel' > <a...@kernel.org> > 抄送: dougfl...@microsoft.com; 'Michael D Kinney' > <michael.d.kin...@intel.com>; 'Andrew Fish' <af...@apple.com>; > quic_llind...@quicinc.com > 主题: 回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and > CVE-2023-45237 > > Gerd and Ard: > Thanks for your comments. I understand this CVE fix requires > EFI_RNG_PROTOCOL. I will add this requirement in the release note. > > Thanks > Liming > > -----邮件原件----- > > 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Gerd > Hoffmann > > 发送时间: 2024年5月24日 19:49 > > 收件人: Ard Biesheuvel <a...@kernel.org> > > 抄送: devel@edk2.groups.io; gaolim...@byosoft.com.cn; > > dougfl...@microsoft.com; Michael D Kinney <michael.d.kin...@intel.com>; > > Andrew Fish <af...@apple.com>; quic_llind...@quicinc.com > > 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and > > CVE-2023-45237 > > > > On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote: > > > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io > > > <gaoliming=byosoft.com...@groups.io> wrote: > > > > > > > > Ard: > > > > Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that > > includes 20 commits. You can check them. > > > > > > > > > > This looks fine to me in principle. > > > > > > Reviewed-by: Ard Biesheuvel <a...@kernel.org> > > > > > > However, IIUC, the impact of this series is that all out-of-tree > > > platforms that lack the right implementation of the EFI_RNG_PROTOCOL > > > (i.e., using a GUID that appears in the allowlist) will lose the > > > ability to do network boot. If that is a tolerable result, I am fine > > > with that too, but I think it needs to be made very clear in the > > > stable tag release notes. > > > > Tested the v3 series with OVMF, results are as expected: Without > > virtio-rng-pci network boot does not work. With virtio-rng-pci > > everything is fine. > > > > Tested-by: Gerd Hoffmann <kra...@redhat.com> > > Acked-by: Gerd Hoffmann <kra...@redhat.com> > > > > Agree that this must be noted in the release notes. > > > > Related: I'm working on patch series adding RngDxe to OVMF with > > runtime rdrand detection: > > https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/ > > > > take care, > > Gerd > > > > > > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119258): https://edk2.groups.io/g/devel/message/119258 Mute This Topic: https://groups.io/mt/106284249/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
