diff --git a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch new file mode 100644 index 0000000..94d6eb6 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch @@ -0,0 +1,50 @@ +From e4a64ad230ff2906ec56d41b2a8dd7a0bb39a399 Mon Sep 17 00:00:00 2001 +From: Dov Murik +Date: Tue, 4 Jan 2022 15:16:40 +0800 +Subject: [PATCH] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as + reserved + +RH-Author: Pawel Polawski +RH-MergeRequest: 11: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved +RH-Commit: [1/1] a14d34eb204387aae3446770a0e5fb95a9283ae3 (elkoniu/edk2) +RH-Bugzilla: 2041754 +RH-Acked-by: Oliver Steffen + +Mark the SEV launch secret MEMFD area as reserved, which will allow the +guest OS to use it during the lifetime of the OS, without creating +copies of the sensitive content. + +Cc: Ard Biesheuvel +Cc: Jordan Justen +Cc: Gerd Hoffmann +Cc: Brijesh Singh +Cc: Erdem Aktas +Cc: James Bottomley +Cc: Jiewen Yao +Cc: Min Xu +Cc: Tom Lendacky +Cc: Tobin Feldman-Fitzthum +Signed-off-by: Dov Murik +Acked-by: Gerd Hoffmann +Acked-by: Jiewen Yao +Reviewed-by: Brijesh Singh +--- + OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c +index db94c26b54..6bf1a55dea 100644 +--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c ++++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c +@@ -19,7 +19,7 @@ InitializeSecretPei ( + BuildMemoryAllocationHob ( + PcdGet32 (PcdSevLaunchSecretBase), + ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE), +- EfiBootServicesData ++ EfiReservedMemoryType + ); + + return EFI_SUCCESS; +-- +2.27.0 + diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index a536ac5..88eead7 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 1%{?dist}.test +Release: 2%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT @@ -49,6 +49,8 @@ Patch0023: 0023-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch Patch0024: 0024-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch Patch0025: 0025-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch Patch0026: 0026-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch +# For bz#2041754 - Mark SEV launch secret area as reserved +Patch27: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch # python3-devel and libuuid-devel are required for building tools. @@ -493,6 +495,11 @@ true %endif %changelog +* Tue Mar 01 2022 Jon Maloy - 20220126gitbb1bba3d77-2 +- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2041754] +- Resolves: bz#2041754 + (Mark SEV launch secret area as reserved) + * Wed Feb 02 2022 Jon Maloy - 20220126gitbb1bba3d77-1.el8 - Rebase to latest upstream release [bz#2018386] - Resolves: bz#2018386