There are no code changes, the only difference is adding the --pcd PcdMonitorConduitHvc=TRUE option to the build.sh command line, and running QEMU with -device virtio-rng-pci (which we should be doing in any case, IMO)
The DEPEX might fix this, and this is actually the appropriate thing to do if the driver cannot even be dispatched without the RNG protocol available. However, I'm not convinced this is the right approach - I think dispatching the driver but failing in the Supported() call on a missing RNG protocol would be less disruptive, and give more opportunity for a meaningful warning/error message to the actual user. But I must admit I have only taken a very cursory look at the underlying CVE and your proposed mitigation. On Wed, 8 May 2024 at 00:28, Doug Flick via groups.io <dougflick=microsoft....@groups.io> wrote: > > Thanks Ard for the explanation! Would you be able to tell me the exact > changes you made to get to this point and if that would be an acceptable > change to make to get these CVE patches on the mailing list? I'm happy adding > the depex but fundamentally I think the goal is get these patches into this > release. My attempts to rollback some of my changes and use VirtioRngDxe have > been unsuccessful so far. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118649): https://edk2.groups.io/g/devel/message/118649 Mute This Topic: https://groups.io/mt/105949609/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
