* Removed 0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch since it has been included upstream since commit c1e85376 [1].
* Updated the patch Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl so it applies again. * had to increase FD_SIZE to 4M for the x64 build as otherwise the package wouldn't build due to the size of the resulting image [1] https://github.com/tianocore/edk2/commit/c1e853769046b322690ad336fdb98966757e7414 Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> --- Wasn't able to build this package without setting FD_SIZE to 4M, not sure if this is due to my failure or if the image just got bigger with the new changes. Due to CRLF shenanigans I have made this commit available via my repos as well - you can find it under staff/s.hanreich/pve-edk2-firmware on the branch 2023-08. Still not sure if the line endings are 100% correct since I have warnings about EOL and trailing spaces, but I think they are because of gits CRLF handling. debian/changelog | 6 +++ ...latformInitLib-limit-phys-bits-to-46.patch | 43 ------------------- ...g-make-EFI_LOADER_DATA-non-executabl.patch | 17 +++----- debian/patches/series | 1 - debian/rules | 3 +- edk2 | 2 +- 6 files changed, 13 insertions(+), 59 deletions(-) delete mode 100644 debian/patches/0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch diff --git a/debian/changelog b/debian/changelog index 4d0ac21..dd61c6f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +pve-edk2-firmware (3.20230826-1) bookworm; urgency=medium + + * update sources to upstream edk2-stable202308 tag + + -- Proxmox Support Team <supp...@proxmox.com> Tue, 29 Aug 2023 13:58:15 +0200 + pve-edk2-firmware (3.20230228-4) bookworm; urgency=medium * limiting the phys-bits to 46 instead of 47 to work around older guest diff --git a/debian/patches/0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch b/debian/patches/0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch deleted file mode 100644 index 1708f40..0000000 --- a/debian/patches/0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 89a12f2a42b989e7925b4a71e503209971eaa271 Mon Sep 17 00:00:00 2001 -From: Gerd Hoffmann <kra...@redhat.com> -Date: Thu, 1 Jun 2023 09:57:31 +0200 -Subject: [PATCH] OvmfPkg/PlatformInitLib: limit phys-bits to 46. - -Older linux kernels have problems with phys-bits larger than 46, -ubuntu 18.04 (kernel 4.15) has been reported to be affected. - -Reduce phys-bits limit from 47 to 46. - -Reported-by: Fiona Ebner <f.eb...@proxmox.com> -Signed-off-by: Gerd Hoffmann <kra...@redhat.com> ---- - OvmfPkg/Library/PlatformInitLib/MemDetect.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -index 38cece9173..4d0522ce22 100644 ---- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c -+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c -@@ -657,16 +657,19 @@ PlatformAddressWidthFromCpuid ( - )); - - if (Valid) { -- if (PhysBits > 47) { -+ if (PhysBits > 46) { - /* - * Avoid 5-level paging altogether for now, which limits - * PhysBits to 48. Also avoid using address bit 48, due to sign - * extension we can't identity-map these addresses (and lots of - * places in edk2 assume we have everything identity-mapped). - * So the actual limit is 47. -+ * -+ * Also some older linux kernels apparently have problems handling -+ * phys-bits > 46 correctly, so use that as limit. - */ -- DEBUG ((DEBUG_INFO, "%a: limit PhysBits to 47 (avoid 5-level paging)\n", __func__)); -- PhysBits = 47; -+ DEBUG ((DEBUG_INFO, "%a: limit PhysBits to 46 (avoid 5-level paging)\n", __func__)); -+ PhysBits = 46; - } - - if (!Page1GSupport && (PhysBits > 40)) { diff --git a/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch b/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch index 7e1417a..b2aedec 100644 --- a/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch +++ b/debian/patches/Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch @@ -1,20 +1,13 @@ -Description: Revert "ArmVirtPkg: make EFI_LOADER_DATA non-executable" - The versions of GRUB most distros are shipping still depend on executable - EFI_LOADER_DATA. Revert this upstream change until the necessary fixes are - more generally available. -Author: dann frazier <da...@debian.org> -Bug-Debian: https://bugs.debian.org/1025656 -Forwarded: https://edk2.groups.io/g/devel/message/97814 -Last-Update: 2023-03-09 - +diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc +index 2443e8351c..9a0cef46d9 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc -@@ -361,7 +361,7 @@ +@@ -365,7 +365,7 @@ # reserved ones, with the exception of LoaderData regions, of which OS loaders # (i.e., GRUB) may assume that its contents are executable. # - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 - [Components.common] - # + gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE + diff --git a/debian/patches/series b/debian/patches/series index a9ee2be..f1ec614 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,4 +2,3 @@ no-stack-protector-all-archs.diff brotlicompress-disable.diff x64-baseline-abi.patch Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch -0001-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch diff --git a/debian/rules b/debian/rules index eb0ee89..934fe50 100755 --- a/debian/rules +++ b/debian/rules @@ -29,7 +29,6 @@ COMMON_FLAGS += -DPVSCSI_ENABLE=TRUE OVMF_COMMON_FLAGS = $(COMMON_FLAGS) OVMF_2M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_2MB OVMF_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB -OVMF_2M_SMM_FLAGS = $(OVMF_2M_FLAGS) -DSMM_REQUIRE=TRUE OVMF_4M_SMM_FLAGS = $(OVMF_4M_FLAGS) -DSMM_REQUIRE=TRUE OVMF32_4M_FLAGS = $(OVMF_COMMON_FLAGS) -DFD_SIZE_4MB OVMF32_4M_SMM_FLAGS = $(OVMF32_4M_FLAGS) -DSMM_REQUIRE=TRUE @@ -132,7 +131,7 @@ $(OVMF_BINARIES) $(OVMF_IMAGES): debian/setup-build-stamp -t $(EDK2_TOOLCHAIN) \ -p OvmfPkg/OvmfPkgX64.dsc \ $(PCD_OPTIONS) \ - $(OVMF_2M_SMM_FLAGS) -b $(BUILD_TYPE) + $(OVMF_4M_SMM_FLAGS) -b $(BUILD_TYPE) cp $(OVMF_BUILD_DIR)/FV/OVMF_CODE.fd \ $(OVMF_INSTALL_DIR)/OVMF_CODE.secboot.fd rm -rf Build/OvmfX64 diff --git a/edk2 b/edk2 index f80f052..819cfc6 160000 --- a/edk2 +++ b/edk2 @@ -1 +1 @@ -Subproject commit f80f052277c88a67c55e107b550f504eeea947d3 +Subproject commit 819cfc6b42a68790a23509e4fcc58ceb70e1965e -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
