回复: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and CVE-2023-45237

Fri, 24 May 2024 07:51:40 -0700 

Gerd and Ard:
  Thanks for your comments. I understand this CVE fix requires
EFI_RNG_PROTOCOL. I will add this requirement in the release note. 

Thanks
Liming
> -----邮件原件-----
> 发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Gerd Hoffmann
> 发送时间: 2024年5月24日 19:49
> 收件人: Ard Biesheuvel <a...@kernel.org>
> 抄送: devel@edk2.groups.io; gaolim...@byosoft.com.cn;
> dougfl...@microsoft.com; Michael D Kinney <michael.d.kin...@intel.com>;
> Andrew Fish <af...@apple.com>; quic_llind...@quicinc.com
> 主题: Re: [edk2-devel] [PATCH v3 00/20] NetworkPkg: CVE-2023-45236 and
> CVE-2023-45237
> 
> On Fri, May 24, 2024 at 11:41:04AM GMT, Ard Biesheuvel wrote:
> > On Fri, 24 May 2024 at 11:12, gaoliming via groups.io
> > <gaoliming=byosoft.com...@groups.io> wrote:
> > >
> > > Ard:
> > >   Here is Doug PR https://github.com/tianocore/edk2/pull/5582 that
> includes 20 commits. You can check them.
> > >
> >
> > This looks fine to me in principle.
> >
> > Reviewed-by: Ard Biesheuvel <a...@kernel.org>
> >
> > However, IIUC, the impact of this series is that all out-of-tree
> > platforms that lack the right implementation of the EFI_RNG_PROTOCOL
> > (i.e., using a GUID that appears in the allowlist) will lose the
> > ability to do network boot. If that is a tolerable result, I am fine
> > with that too, but I think it needs to be made very clear in the
> > stable tag release notes.
> 
> Tested the v3 series with OVMF, results are as expected:  Without
> virtio-rng-pci network boot does not work.  With virtio-rng-pci
> everything is fine.
> 
> Tested-by: Gerd Hoffmann <kra...@redhat.com>
> Acked-by: Gerd Hoffmann <kra...@redhat.com>
> 
> Agree that this must be noted in the release notes.
> 
> Related: I'm working on patch series adding RngDxe to OVMF with
> runtime rdrand detection:
> https://github.com/kraxel/edk2/commits/devel/ovmf-rdrand/
> 
> take care,
>   Gerd
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119256): https://edk2.groups.io/g/devel/message/119256
Mute This Topic: https://groups.io/mt/106282939/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to