Enable building on riscv64

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>
cherry-pick edk2 bugfixes
2023-09-07 20:03:00 +03:00 · 2023-09-06 08:20:35 +02:00 · 2023-09-06 08:01:43 +02:00 · 2023-09-06 08:01:43 +02:00 · 2023-09-06 08:01:43 +02:00 · 2023-09-06 08:01:00 +02:00
40 changed files with 878 additions and 1131 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@
 /openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
 /openssl-rhel-740e53ace8f6771c205bf84780e26bcd7a3275df.tar.xz
 /jansson-2.13.1.tar.bz2
+/openssl-rhel-3adb22b68e9fe61fc4863c2d2dc6cc6fc094b005.tar.xz
--- a/0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch
+++ b/0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch
@ -1,4 +1,4 @@
-From 85b2dc9bb820a749e95136bf7bdd0f6c49e8389d Mon Sep 17 00:00:00 2001
+From bdb3ed312b939fc5f0c7b9b56c2395dada7c689c Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Thu, 4 Jun 2020 13:34:12 +0200
 Subject: [PATCH 01/14] BaseTools: do not build BrotliCompress (RH only)
@ -39,5 +39,5 @@ index 5275f657efe8..39d719975309 100644
   EfiRom \
   GenFfs \
 -- 
-2.40.1
+2.41.0

--- a/0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch
+++ b/0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch
@ -1,4 +1,4 @@
-From f1996ce088098f8479eec2f0739978b9de7840fc Mon Sep 17 00:00:00 2001
+From d42cd3199b6a33ec9811e5cc42a6ef0647d6a597 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Thu, 4 Jun 2020 13:39:08 +0200
 Subject: [PATCH 02/14] MdeModulePkg: remove package-private Brotli include
@ -32,7 +32,7 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 1 file changed, 3 deletions(-)

 diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 95dd077e19b3..1609b6d9c29e 100644
+index 0ff058b0a9da..2f8e49f87bcc 100644
 --- a/MdeModulePkg/MdeModulePkg.dec
 +++ b/MdeModulePkg/MdeModulePkg.dec
@@ -26,9 +26,6 @@ [Includes]
@ -46,5 +46,5 @@ index 95dd077e19b3..1609b6d9c29e 100644
   ##  @libraryclass  Defines a set of methods to reset whole system.
   ResetSystemLib|Include/Library/ResetSystemLib.h
 -- 
-2.40.1
+2.41.0

--- a/0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
+++ b/0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
@ -1,4 +1,4 @@
-From 212665c3bc7c480d6dfa7df52c50457e83af149a Mon Sep 17 00:00:00 2001
+From e88e9ee342a168114a27c0fa09e807161bf54490 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Tue, 25 Feb 2014 22:40:01 +0100
 Subject: [PATCH 03/14] MdeModulePkg: TerminalDxe: set xterm resolution on mode
@ -87,12 +87,12 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 3 files changed, 35 insertions(+)

 diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
-index 1609b6d9c29e..c0d376bed1f0 100644
+index 2f8e49f87bcc..c1b10b38ef1d 100644
 --- a/MdeModulePkg/MdeModulePkg.dec
 +++ b/MdeModulePkg/MdeModulePkg.dec
-@@ -2127,6 +2127,10 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
-   # @Prompt The shared bit mask when Intel Tdx is enabled.
-   gEfiMdeModulePkgTokenSpaceGuid.PcdTdxSharedBitMask|0x0|UINT64|0x10000025
+@@ -2148,6 +2148,10 @@ [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+   # @Prompt The value is use for Usb Network rate limiting supported.
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUsbNetworkRateLimitingFactor|100|UINT32|0x10000028
 
 +  ## Controls whether TerminalDxe outputs an XTerm resize sequence on terminal
 +  #  mode change.
@ -176,5 +176,5 @@ index 7809869e7d49..496849458db4 100644
 
   Status = This->ClearScreen (This);
 -- 
-2.40.1
+2.41.0

--- a/0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
+++ b/0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
@ -1,4 +1,4 @@
-From 677df60b929f97fde9e7d03dfe82b4bf593d5986 Mon Sep 17 00:00:00 2001
+From 20ba2d80413888bfcb1f5e5ba914b5c67fc4ced2 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 14 Oct 2015 15:59:06 +0200
 Subject: [PATCH 04/14] OvmfPkg: take PcdResizeXterm from the QEMU command line
@ -88,10 +88,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 9 files changed, 21 insertions(+)

 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index b32049194d39..bff9f166219e 100644
+index 2c6ed7c9745f..cf81a86c67dd 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -476,6 +476,7 @@ [PcdsFixedAtBuild]
+@@ -477,6 +477,7 @@ [PcdsFixedAtBuild]
 [PcdsDynamicDefault]
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -100,10 +100,10 @@ index b32049194d39..bff9f166219e 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
 diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
-index 2a1139daaa19..1e61af6eeff6 100644
+index e000deed9e4d..7a167bd4d039 100644
 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc
 +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
-@@ -575,6 +575,7 @@ [PcdsDynamicDefault]
+@@ -576,6 +576,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -112,10 +112,10 @@ index 2a1139daaa19..1e61af6eeff6 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-index d4403f11a7c6..86673d06ef2e 100644
+index 193657ff2d61..bfcd486976cf 100644
 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
 +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
-@@ -473,6 +473,7 @@ [PcdsDynamicDefault]
+@@ -474,6 +474,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -124,10 +124,10 @@ index d4403f11a7c6..86673d06ef2e 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
 diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
-index 5f671bc3840d..02c225f6d2a7 100644
+index 2f7585639374..023b7b0fe959 100644
 --- a/OvmfPkg/Microvm/MicrovmX64.dsc
 +++ b/OvmfPkg/Microvm/MicrovmX64.dsc
-@@ -573,6 +573,7 @@ [PcdsDynamicDefault]
+@@ -577,6 +577,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -136,10 +136,10 @@ index 5f671bc3840d..02c225f6d2a7 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index e333b8b41803..f5390a30fb09 100644
+index 80d8e370095d..2395bcf6b8dc 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -595,6 +595,7 @@ [PcdsDynamicDefault]
+@@ -604,6 +604,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -148,10 +148,10 @@ index e333b8b41803..f5390a30fb09 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 25974230a27e..c43fb2d39910 100644
+index d9757149e359..9bf5ac0d143c 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -603,6 +603,7 @@ [PcdsDynamicDefault]
+@@ -616,6 +616,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -160,10 +160,10 @@ index 25974230a27e..c43fb2d39910 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageVariableBase64|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase64|0
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index c1762ffca445..ce49a3d3a54d 100644
+index b12d874daa0a..69deaf8e08ec 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -626,6 +626,7 @@ [PcdsDynamicDefault]
+@@ -634,6 +634,7 @@ [PcdsDynamicDefault]
   #   ($(SMM_REQUIRE) == FALSE)
   gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved|0
 
@ -184,7 +184,7 @@ index 3934aeed9514..98123ec63b3d 100644
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
   gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack
 diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index c56247e294f2..5d7f50cc5876 100644
+index f5dc41c3a8c4..ce9868d57de1 100644
 --- a/OvmfPkg/PlatformPei/Platform.c
 +++ b/OvmfPkg/PlatformPei/Platform.c
@@ -41,6 +41,18 @@
@ -206,7 +206,7 @@ index c56247e294f2..5d7f50cc5876 100644
 EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
   {
     EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
-@@ -386,6 +398,7 @@ InitializePlatform (
+@@ -355,6 +367,7 @@ InitializePlatform (
     MemTypeInfoInitialization (PlatformInfoHob);
     MemMapInitialization (PlatformInfoHob);
     NoexecDxeInitialization (PlatformInfoHob);
@ -215,5 +215,5 @@ index c56247e294f2..5d7f50cc5876 100644
 
   InstallClearCacheCallback ();
 -- 
-2.40.1
+2.41.0

--- a/0005-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
+++ b/0005-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
@ -1,4 +1,4 @@
-From ca84f8dd5a7653d2b884406f67f5e9d4bc136852 Mon Sep 17 00:00:00 2001
+From 5b56419459e64d33cd92b4b98ef954bca8f9f344 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Sun, 26 Jul 2015 08:02:50 +0000
 Subject: [PATCH 05/14] ArmVirtPkg: take PcdResizeXterm from the QEMU command
@ -96,10 +96,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 create mode 100644 ArmVirtPkg/Library/TerminalPcdProducerLib/TerminalPcdProducerLib.c

 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 449e73b9e132..2ccbef41c23b 100644
+index 1e0225951aef..9f52eb44a1fd 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -307,6 +307,8 @@ [PcdsPatchableInModule]
+@@ -308,6 +308,8 @@ [PcdsPatchableInModule]
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0x0
 !endif
 
@ -108,7 +108,7 @@ index 449e73b9e132..2ccbef41c23b 100644
 [PcdsDynamicHii]
   gUefiOvmfPkgTokenSpaceGuid.PcdForceNoAcpi|L"ForceNoAcpi"|gOvmfVariableGuid|0x0|FALSE|NV,BS
 
-@@ -416,7 +418,10 @@ [Components.common]
+@@ -417,7 +419,10 @@ [Components.common]
   MdeModulePkg/Universal/Console/ConPlatformDxe/ConPlatformDxe.inf
   MdeModulePkg/Universal/Console/ConSplitterDxe/ConSplitterDxe.inf
   MdeModulePkg/Universal/Console/GraphicsConsoleDxe/GraphicsConsoleDxe.inf
@ -200,5 +200,5 @@ index 000000000000..bfd3a6a535f9
 +  return RETURN_SUCCESS;
 +}
 -- 
-2.40.1
+2.41.0

--- a/0006-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
+++ b/0006-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
@ -1,4 +1,4 @@
-From 447b5540fdc12ff4ca74dc2dd183149732075c18 Mon Sep 17 00:00:00 2001
+From 6f1c7583bce90e89193ae40042923f16c6e16ca7 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:45 +0100
 Subject: [PATCH 06/14] OvmfPkg: enable DEBUG_VERBOSE (RHEL only)
@ -65,10 +65,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 4 files changed, 4 insertions(+), 4 deletions(-)

 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index bff9f166219e..14a5d10d2b67 100644
+index cf81a86c67dd..d8b1c4d9e8af 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -426,7 +426,7 @@ [PcdsFixedAtBuild]
+@@ -427,7 +427,7 @@ [PcdsFixedAtBuild]
   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
   #                             // significantly impact boot performance
   # DEBUG_ERROR     0x80000000  // Error
@ -78,10 +78,10 @@ index bff9f166219e..14a5d10d2b67 100644
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index f5390a30fb09..62c68d99165d 100644
+index 2395bcf6b8dc..21118b11f6b3 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -535,7 +535,7 @@ [PcdsFixedAtBuild]
+@@ -537,7 +537,7 @@ [PcdsFixedAtBuild]
   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
   #                             // significantly impact boot performance
   # DEBUG_ERROR     0x80000000  // Error
@ -91,10 +91,10 @@ index f5390a30fb09..62c68d99165d 100644
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index c43fb2d39910..b03af9cacd2b 100644
+index 9bf5ac0d143c..afb1afcceb61 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -541,7 +541,7 @@ [PcdsFixedAtBuild]
+@@ -544,7 +544,7 @@ [PcdsFixedAtBuild]
   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
   #                             // significantly impact boot performance
   # DEBUG_ERROR     0x80000000  // Error
@ -104,10 +104,10 @@ index c43fb2d39910..b03af9cacd2b 100644
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index ce49a3d3a54d..a9dad1b59ee8 100644
+index 69deaf8e08ec..45e0658e2b4a 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -562,7 +562,7 @@ [PcdsFixedAtBuild]
+@@ -563,7 +563,7 @@ [PcdsFixedAtBuild]
   # DEBUG_VERBOSE   0x00400000  // Detailed debug messages that may
   #                             // significantly impact boot performance
   # DEBUG_ERROR     0x80000000  // Error
@ -117,5 +117,5 @@ index ce49a3d3a54d..a9dad1b59ee8 100644
 !if $(SOURCE_DEBUG_ENABLE) == TRUE
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
 -- 
-2.40.1
+2.41.0

--- a/0007-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
+++ b/0007-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
@ -1,4 +1,4 @@
-From f0d8ef8071a0b20495a5a1dc3e6e49f8f145c503 Mon Sep 17 00:00:00 2001
+From eaf1ac5c40d16705219e5021d4878e52904467ba Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:46 +0100
 Subject: [PATCH 07/14] OvmfPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -82,10 +82,10 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 4 files changed, 32 insertions(+), 8 deletions(-)

 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 14a5d10d2b67..870c4bd890fe 100644
+index d8b1c4d9e8af..b3b70b600139 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -684,8 +684,14 @@ [Components]
+@@ -685,8 +685,14 @@ [Components]
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
 
@ -103,10 +103,10 @@ index 14a5d10d2b67..870c4bd890fe 100644
 
   #
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index 62c68d99165d..d7bce8d40d26 100644
+index 21118b11f6b3..8686da30008f 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -841,9 +841,15 @@ [Components]
+@@ -850,9 +850,15 @@ [Components]
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
 
 !ifndef $(CSM_ENABLE)
@ -125,10 +125,10 @@ index 62c68d99165d..d7bce8d40d26 100644
 
   #
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index b03af9cacd2b..8103d1d4882a 100644
+index afb1afcceb61..4b9c0b312532 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -855,9 +855,15 @@ [Components.X64]
+@@ -868,9 +868,15 @@ [Components.X64]
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
 
 !ifndef $(CSM_ENABLE)
@ -147,10 +147,10 @@ index b03af9cacd2b..8103d1d4882a 100644
 
   #
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index a9dad1b59ee8..7fe23d9153fe 100644
+index 45e0658e2b4a..9b83e51ba3c1 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -929,9 +929,15 @@ [Components]
+@@ -936,9 +936,15 @@ [Components]
   MdeModulePkg/Universal/MemoryTest/NullMemoryTestDxe/NullMemoryTestDxe.inf
 
 !ifndef $(CSM_ENABLE)
@ -169,5 +169,5 @@ index a9dad1b59ee8..7fe23d9153fe 100644
 
   #
 -- 
-2.40.1
+2.41.0

--- a/0008-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
+++ b/0008-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
@ -1,4 +1,4 @@
-From 461077f978edf909f0ef59c777c2d45ab7664526 Mon Sep 17 00:00:00 2001
+From 298ab8d033dac6298239b70a6494eb2de472e54f Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 27 Jan 2016 03:05:18 +0100
 Subject: [PATCH 08/14] ArmVirtPkg: silence DEBUG_VERBOSE (0x00400000) in
@ -61,10 +61,10 @@ Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 2 files changed, 8 insertions(+), 2 deletions(-)

 diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index 2ccbef41c23b..bc097880f79f 100644
+index 9f52eb44a1fd..8b44fadeeb39 100644
 --- a/ArmVirtPkg/ArmVirtQemu.dsc
 +++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -544,7 +544,10 @@ [Components.common]
+@@ -546,7 +546,10 @@ [Components.common]
   #
   # Video support
   #
@ -77,10 +77,10 @@ index 2ccbef41c23b..bc097880f79f 100644
   OvmfPkg/PlatformDxe/Platform.inf
 
 diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 3cb9120e4e10..02877284bfa3 100644
+index 8ef5927b53ff..2503cdb79c27 100644
 --- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
 +++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -444,7 +444,10 @@ [Components.common]
+@@ -446,7 +446,10 @@ [Components.common]
   #
   # Video support
   #
@ -93,5 +93,5 @@ index 3cb9120e4e10..02877284bfa3 100644
   OvmfPkg/PlatformDxe/Platform.inf
 
 -- 
-2.40.1
+2.41.0

--- a/0009-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
+++ b/0009-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
@ -1,4 +1,4 @@
-From 58b31e995b9626e3187872c5dbb4696f04374a56 Mon Sep 17 00:00:00 2001
+From ad5e6471ec1d395c6395d0e9775a88e239570884 Mon Sep 17 00:00:00 2001
 From: Philippe Mathieu-Daude <philmd@redhat.com>
 Date: Thu, 1 Aug 2019 20:43:48 +0200
 Subject: [PATCH 09/14] OvmfPkg: QemuRamfbDxe: Do not report DXE failure on
@ -92,5 +92,5 @@ index 5a1044f0dc7b..3a687901b0d2 100644
   }
 
 -- 
-2.40.1
+2.41.0

--- a/0010-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
+++ b/0010-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
@ -1,4 +1,4 @@
-From 88ca1daf0a9c0b6ea002f09b56cca1ab075ace9e Mon Sep 17 00:00:00 2001
+From a5c8a37b20394f8b2595c0e520955667b4c17527 Mon Sep 17 00:00:00 2001
 From: Paolo Bonzini <pbonzini@redhat.com>
 Date: Tue, 21 Nov 2017 00:57:47 +0100
 Subject: [PATCH 10/14] OvmfPkg: silence EFI_D_VERBOSE (0x00400000) in
@ -63,11 +63,11 @@ Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 4 files changed, 16 insertions(+), 4 deletions(-)

 diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
-index 870c4bd890fe..ad6e7724ee8e 100644
+index b3b70b600139..865d150a2871 100644
 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc
 +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
-@@ -678,7 +678,10 @@ [Components]
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -679,7 +679,10 @@ [Components]
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@ -79,11 +79,11 @@ index 870c4bd890fe..ad6e7724ee8e 100644
   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
-index d7bce8d40d26..b644669291ac 100644
+index 8686da30008f..9cd981ae7be8 100644
 --- a/OvmfPkg/OvmfPkgIa32.dsc
 +++ b/OvmfPkg/OvmfPkgIa32.dsc
-@@ -834,7 +834,10 @@ [Components]
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -843,7 +843,10 @@ [Components]
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@ -95,11 +95,11 @@ index d7bce8d40d26..b644669291ac 100644
   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index 8103d1d4882a..e37ec97fbc7a 100644
+index 4b9c0b312532..9186ab2ba83b 100644
 --- a/OvmfPkg/OvmfPkgIa32X64.dsc
 +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -848,7 +848,10 @@ [Components.X64]
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -861,7 +861,10 @@ [Components.X64]
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@ -111,11 +111,11 @@ index 8103d1d4882a..e37ec97fbc7a 100644
   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
-index 7fe23d9153fe..1f4934616ada 100644
+index 9b83e51ba3c1..a059f143f5be 100644
 --- a/OvmfPkg/OvmfPkgX64.dsc
 +++ b/OvmfPkg/OvmfPkgX64.dsc
-@@ -922,7 +922,10 @@ [Components]
-   OvmfPkg/SataControllerDxe/SataControllerDxe.inf
+@@ -929,7 +929,10 @@ [Components]
+   MdeModulePkg/Bus/Pci/SataControllerDxe/SataControllerDxe.inf
   MdeModulePkg/Bus/Ata/AtaAtapiPassThru/AtaAtapiPassThru.inf
   MdeModulePkg/Bus/Ata/AtaBusDxe/AtaBusDxe.inf
 -  MdeModulePkg/Bus/Pci/NvmExpressDxe/NvmExpressDxe.inf
@ -127,5 +127,5 @@ index 7fe23d9153fe..1f4934616ada 100644
   MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
   MdeModulePkg/Universal/DisplayEngineDxe/DisplayEngineDxe.inf
 -- 
-2.40.1
+2.41.0

--- a/0011-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
+++ b/0011-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
@ -1,181 +0,0 @@
-From 5e31bb6319ba4aabb113c2fb94e133a2efd79bb0 Mon Sep 17 00:00:00 2001
-From: Laszlo Ersek <lersek@redhat.com>
-Date: Sat, 16 Nov 2019 17:11:27 +0100
-Subject: [PATCH 11/14] CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
- in the INFs (RH)
-
-Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
-RHEL-8.5/20210520-e1999b264f1f [edk2-stable202105] rebase:
-
- Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1938257
-
- Recreate the patch based on downstream commits:
-
-  - 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
-                  in the INFs (RH)", 2020-06-05),
-  - e81751a1c303 ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g",
-                  2020-11-23),
-  - 3e3fe5e62079 ("redhat: bump OpenSSL dist-git submodule to 1.1.1g+ /
-                  RHEL-8.4", 2020-11-23).
-
-  (1) At e81751a1c303, downstream edk2 was in sync with upstream edk2
-      consuming OpenSSL 1.1.1g (upstream edk2 commit 8c30327debb2
-      ("CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g", 2020-07-25)).
-
-      Since commit 8c30327debb2, upstream edk2 modified the OpensslLib INF
-      files, namely
-
-      - CryptoPkg/Library/OpensslLib/OpensslLib.inf
-      - CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-
-      in the following commits only:
-
-      - be01087e0780 ("CryptoPkg/Library: Remove the redundant build
-        option", 2020-08-12), which did not affect the source file list at
-        all,
-
-      - b5701a4c7a0f ("CryptoPkg: OpensslLib: Use RngLib to generate
-        entropy in rand_pool", 2020-09-18), which replaced some of the
-        *edk2-specific* "rand_pool_noise" source files with an RngLib
-        dependency.
-
-      This means that the list of required, actual OpenSSL source files
-      has not changed in upstream edk2 since our downstream edk2 commit
-      e81751a1c303.
-
-  (2) At commit 3e3fe5e62079 (the direct child of e81751a1c303),
-      downstream edk2's OpenSSL dependency was satisfied with RHEL-8
-      OpenSSL at dist-git commit bdd048e929dc ("Two fixes that will be
-      shipped in RHEL-8.3.0.z", 2020-10-23).
-
-      Since commit bdd048e929dc, RHEL-8 OpenSSL dist-git advanced
-      (fast-forwarded) to commit a75722161d20 ("Update to version 1.1.1k",
-      2021-05-25), which is the current head of the rhel-8.5.0 branch.
-      (See also <https://bugzilla.redhat.com/show_bug.cgi?id=1938257#c6>.)
-
-      At both dist-git bdd048e929dc and dist-git a75722161d20, I built the
-      respective RHEL-8 OpenSSL *source* RPM, and prepped the respective
-      source tree, with "rpmbuild -bp". Subsequently I compared the
-      prepped source trees recursively.
-
-      - The following files disappeared:
-
-        - 29 backup files created by "patch",
-
-        - the assembly generator perl script called
-          "ecp_nistz256-avx2.pl", which is not used during the build.
-
-      - The following new files appeared:
-
-        - 18 files directly or indirectly under the "test" subdirectory,
-          which are not used during the build,
-
-        - 5 backup files created by "patch",
-
-        - 2 DCL scripts used when building OpenSSL on OpenVMS.
-
-      This means that the total list of RHEL-8 OpenSSL source files has
-      not changed in RHEL-8 OpenSSL dist-git since our downstream edk2
-      commit 3e3fe5e62079.
-
-  As a result, copy the "RHEL8-specific OpenSSL file list" sections
-  verbatim from the INF files, at downstream commit e81751a1c303. (I used
-  the "git checkout -p e81751a1c303 -- Library/OpensslLib/OpensslLib.inf
-  CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf" command.)
-
-Notes about the RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] ->
-RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] rebase:
-
- "OpensslLib.inf":
-
-  - Automatic leading context refresh against upstream commit c72ca4666886
-    ("CryptoPkg/OpensslLib: Add "sort" keyword to header file parsing
-    loop", 2020-03-10).
-
-  - Manual trailing context refresh against upstream commit b49a6c8f80d9
-    ("CryptoPkg/OpensslLib: improve INF file consistency", 2019-12-02).
-
- "OpensslLibCrypto.inf":
-
-  - Automatic leading context refresh against upstream commits
-    8906f076de35 ("CryptoPkg/OpensslLib: Add missing header files in INF
-    file", 2019-08-16) and 9f4fbd56d430 ("CryptoPkg/OpensslLib: Update
-    process_files.pl to generate .h files", 2019-10-30).
-
-Notes about the RHEL-8.1/20190308-89910a39dcfd [edk2-stable201903] ->
-RHEL-8.2/20190904-37eef91017ad [edk2-stable201908] rebase:
-
- new patch
-
-The downstream changes in RHEL8's OpenSSL package, for example in
-"openssl-1.1.1-evp-kdf.patch", introduce new files, and even move some
-preexistent code into those new files. In order to avoid undefined
-references in link editing, we have to list the new files.
-
-Note: "process_files.pl" is not re-run at this time manually, because
-
-(a) "process_files.pl" would pollute the file list (and some of the
-    auto-generated header files) with RHEL8-specific FIPS artifacts, which
-    are explicitly unwanted in edk2,
-
-(b) The RHEL OpenSSL maintainer, Tomas Mraz, identified this specific set
-    of files in <https://bugzilla.redhat.com/show_bug.cgi?id=1749693#c10>,
-    and will help with future changes too.
-
-Signed-off-by: Laszlo Ersek <lersek@redhat.com>
-(cherry picked from commit 57bd3f146590df8757865d8f2cdd1db3cf3f4d40)
-(cherry picked from commit 56c4bb81b311dfcee6a34c81d3e4feeda7f88995)
---
- CryptoPkg/Library/OpensslLib/OpensslLib.inf       | 12 ++++++++++++
- CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf | 12 ++++++++++++
- 2 files changed, 24 insertions(+)
-
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-index 0f64c9fa7eca..6d49136ed75e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
-@@ -576,6 +576,18 @@ [Sources]
-   $(OPENSSL_PATH)/ssl/statem/statem.h
-   $(OPENSSL_PATH)/ssl/statem/statem_local.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
-diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-index 311cd1e6051a..f5ead202ec8e 100644
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
-@@ -526,6 +526,18 @@ [Sources]
-   $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
-   $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
- # Autogenerated files list ends here
-+# RHEL8-specific OpenSSL file list starts here
-+  $(OPENSSL_PATH)/crypto/bn/rsa_sup_mul.c
-+  $(OPENSSL_PATH)/crypto/evp/kdf_lib.c
-+  $(OPENSSL_PATH)/crypto/evp/pkey_kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kbkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_local.h
-+  $(OPENSSL_PATH)/crypto/kdf/kdf_util.c
-+  $(OPENSSL_PATH)/crypto/kdf/krb5kdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/pbkdf2.c
-+  $(OPENSSL_PATH)/crypto/kdf/sshkdf.c
-+  $(OPENSSL_PATH)/crypto/kdf/sskdf.c
-+# RHEL8-specific OpenSSL file list ends here
-   buildinf.h
-   ossl_store.c
-   rand_pool.c
-- 
-2.40.1
-
--- a/0011-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
+++ b/0011-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
@ -1,7 +1,7 @@
-From 22d3b3dff458b0523fc3da5f22c96dce91e35d0c Mon Sep 17 00:00:00 2001
+From 8cc002364f8c51114a39782737088331a7c6c5c3 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:31:36 +0200
-Subject: [PATCH 12/14] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no
+Subject: [PATCH 11/14] OvmfPkg/QemuKernelLoaderFsDxe: suppress error on no
 "-kernel" in silent aa64 build (RH)

 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
@ -80,5 +80,5 @@ index 3c12085f6c1e..e473c0b57345 100644
   }
 
 -- 
-2.40.1
+2.41.0

--- a/0012-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
+++ b/0012-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
@ -1,7 +1,7 @@
-From 583e3a67563e3f177a0e61dc41077e7413f100ef Mon Sep 17 00:00:00 2001
+From 14b635b6d18976cc9661001ce0a5fa3d5eec786f Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Wed, 24 Jun 2020 11:40:09 +0200
-Subject: [PATCH 13/14] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in
+Subject: [PATCH 12/14] SecurityPkg/Tcg2Dxe: suppress error on no swtpm in
 silent aa64 build (RH)

 Notes about the RHEL-8.3/20200603-ca407c7246bf [edk2-stable202005] ->
@ -78,5 +78,5 @@ index f6ea8b2bbf18..681eb7e08b98 100644
   }
 
 -- 
-2.40.1
+2.41.0

--- a/0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
+++ b/0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
@ -1,7 +1,7 @@
-From e2fb1116801f5725812b37f18022fe46959bd5fb Mon Sep 17 00:00:00 2001
+From eb24212304ec31c3ae8b878a21d4b875d5942cd1 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Tue, 28 Feb 2023 15:47:00 +0100
-Subject: [PATCH 27/27] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug
+Subject: [PATCH 13/14] UefiCpuPkg/MpInitLib: fix apic mode for cpu hotplug

 In case the number of CPUs can in increase beyond 255
 due to CPU hotplug choose x2apic mode.
@ -12,10 +12,10 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 1 file changed, 7 insertions(+), 1 deletion(-)

 diff --git a/UefiCpuPkg/Library/MpInitLib/MpLib.c b/UefiCpuPkg/Library/MpInitLib/MpLib.c
-index f1f284071441..79fd8fb04dad 100644
+index 6f1456cfe168..9277e06c9b4a 100644
 --- a/UefiCpuPkg/Library/MpInitLib/MpLib.c
 +++ b/UefiCpuPkg/Library/MpInitLib/MpLib.c
-@@ -526,7 +526,9 @@ CollectProcessorCount (
+@@ -527,7 +527,9 @@ CollectProcessorCount (
   //
   // Enable x2APIC mode if
   //  1. Number of CPU is greater than 255; or
@ -26,7 +26,7 @@ index f1f284071441..79fd8fb04dad 100644
   //
   X2Apic = FALSE;
   if (CpuMpData->CpuCount > 255) {
-@@ -534,6 +536,10 @@ CollectProcessorCount (
+@@ -535,6 +537,10 @@ CollectProcessorCount (
     // If there are more than 255 processor found, force to enable X2APIC
     //
     X2Apic = TRUE;
@ -38,5 +38,5 @@ index f1f284071441..79fd8fb04dad 100644
     CpuInfoInHob = (CPU_INFO_IN_HOB *)(UINTN)CpuMpData->CpuInfoInHob;
     for (Index = 0; Index < CpuMpData->CpuCount; Index++) {
 -- 
-2.40.1
+2.41.0

--- a/0014-ArmPkg-Add-Pcd-to-disable-EFI_MEMORY_ATTRIBUTE_PROTO.patch
+++ b/0014-ArmPkg-Add-Pcd-to-disable-EFI_MEMORY_ATTRIBUTE_PROTO.patch
@ -1,7 +1,7 @@
-From 40efdacf7f4f378c0acf95a73d1dcc5e200d42d8 Mon Sep 17 00:00:00 2001
+From 5068dd0dffb843c2fb8aad44471fcf56188af6a7 Mon Sep 17 00:00:00 2001
 From: Oliver Steffen <osteffen@redhat.com>
 Date: Mon, 19 Jun 2023 22:32:25 +0200
-Subject: [PATCH 28/28] ArmPkg: Add Pcd to disable
+Subject: [PATCH 14/14] ArmPkg: Add Pcd to disable
 EFI_MEMORY_ATTRIBUTE_PROTOCOL

 Recent versions of shim (15.6 and 15.7) crash when the newly added
@ -21,10 +21,10 @@ Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
 3 files changed, 15 insertions(+), 2 deletions(-)

 diff --git a/ArmPkg/ArmPkg.dec b/ArmPkg/ArmPkg.dec
-index 2444457ae58a..625e45c3e0c0 100644
+index 1a16d044c94b..e8579c80bf08 100644
 --- a/ArmPkg/ArmPkg.dec
 +++ b/ArmPkg/ArmPkg.dec
-@@ -167,6 +167,9 @@ [PcdsFixedAtBuild.common]
+@@ -172,6 +172,9 @@ [PcdsFixedAtBuild.common]
   gArmTokenSpaceGuid.PcdCpuVectorBaseAddress|0xffff0000|UINT64|0x00000004
   gArmTokenSpaceGuid.PcdCpuResetAddress|0x00000000|UINT32|0x00000005
 
@ -35,22 +35,22 @@ index 2444457ae58a..625e45c3e0c0 100644
   # ARM Secure Firmware PCDs
   #
 diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
-index e732e21cb94a..1bad4ae160af 100644
+index 7d8132200e64..c5878c1ecc2e 100644
 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
 +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.inf
-@@ -64,6 +64,7 @@ [Guids]
- 
+@@ -66,6 +66,7 @@ [Guids]
 [Pcd.common]
   gArmTokenSpaceGuid.PcdVFPEnabled
+   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy
 +  gArmTokenSpaceGuid.PcdEnableEfiMemoryAttributeProtocol
 
 [FeaturePcd.common]
   gArmTokenSpaceGuid.PcdDebuggerExceptionSupport
 diff --git a/ArmPkg/Drivers/CpuDxe/CpuDxe.c b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
-index d04958e79e52..ff7d735b2bde 100644
+index fc63e527846a..30c5963276e4 100644
 --- a/ArmPkg/Drivers/CpuDxe/CpuDxe.c
 +++ b/ArmPkg/Drivers/CpuDxe/CpuDxe.c
-@@ -244,10 +244,19 @@ CpuDxeInitialize (
+@@ -331,10 +331,19 @@ CpuDxeInitialize (
                   &mCpuHandle,
                   &gEfiCpuArchProtocolGuid,
                   &mCpu,
--- a/0015-CryptoPkg-CrtLib-add-stat.h.patch
+++ b/0015-CryptoPkg-CrtLib-add-stat.h.patch
@ -0,0 +1,29 @@
+From c3f28ab099ea7c6949b849129cf5ea1c15b03854 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:11:02 +0200
+Subject: [PATCH 15/16] CryptoPkg/CrtLib: add stat.h
+
+needed by rhel downstream openssl patches
+---
+ CryptoPkg/Library/Include/sys/stat.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+ create mode 100644 CryptoPkg/Library/Include/sys/stat.h
+
+diff --git a/CryptoPkg/Library/Include/sys/stat.h b/CryptoPkg/Library/Include/sys/stat.h
+new file mode 100644
+index 000000000000..22247bb2db80
+--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/stat.h
+@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building the third-party cryptographic library.
+
+Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <CrtLibSupport.h>
+-- 
+2.41.0
+
--- a/0015-OvmfPkg-PlatformPei-drop-S3Verification.patch
+++ b/0015-OvmfPkg-PlatformPei-drop-S3Verification.patch
@ -1,72 +0,0 @@
-From 55a09dea67c8818d1c871af825307fb3b2b0ba4b Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 23 May 2023 10:25:51 +0200
-Subject: [PATCH 15/27] OvmfPkg/PlatformPei: drop S3Verification()
-
-Not needed any more, SMM + 64-bit PEI + S3 suspend works now.
-
-Fixed by commits:
- - 8bd2028f9ac3 ("MdeModulePkg: Supporting S3 in 64bit PEI")
- - 6acf72901a2e ("UefiCpuPkg: Supporting S3 in 64bit PEI")
-See also https://bugzilla.tianocore.org/show_bug.cgi?id=4195
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Laszlo Ersek <lersek@redhat.com>
-Reviewed-by: Ray Ni <ray.ni@intel.com>
-(cherry picked from commit 098c55702318fd907de6fad7b43b5e9a6ad9ff7f)
---
- OvmfPkg/PlatformPei/Platform.c | 31 -------------------------------
- 1 file changed, 31 deletions(-)
-
-diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
-index 5d7f50cc5876..ce9868d57de1 100644
--- a/OvmfPkg/PlatformPei/Platform.c
-+++ b/OvmfPkg/PlatformPei/Platform.c
-@@ -242,36 +242,6 @@ ReserveEmuVariableNvStore (
-   ASSERT_RETURN_ERROR (PcdStatus);
- }
- 
-STATIC
-VOID
-S3Verification (
-  IN EFI_HOB_PLATFORM_INFO  *PlatformInfoHob
-  )
-{
- #if defined (MDE_CPU_X64)
-  if (PlatformInfoHob->SmmSmramRequire && PlatformInfoHob->S3Supported) {
-    DEBUG ((
-      DEBUG_ERROR,
-      "%a: S3Resume2Pei doesn't support X64 PEI + SMM yet.\n",
-      __func__
-      ));
-    DEBUG ((
-      DEBUG_ERROR,
-      "%a: Please disable S3 on the QEMU command line (see the README),\n",
-      __func__
-      ));
-    DEBUG ((
-      DEBUG_ERROR,
-      "%a: or build OVMF with \"OvmfPkgIa32X64.dsc\".\n",
-      __func__
-      ));
-    ASSERT (FALSE);
-    CpuDeadLoop ();
-  }
-
- #endif
-}
-
- STATIC
- VOID
- Q35BoardVerification (
-@@ -366,7 +336,6 @@ InitializePlatform (
-     ASSERT_EFI_ERROR (Status);
-   }
- 
-  S3Verification (PlatformInfoHob);
-   BootModeInitialization (PlatformInfoHob);
- 
-   //
-- 
-2.40.1
-
--- a/0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
+++ b/0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
@ -0,0 +1,138 @@
+From dc0c929b8e17eefd7931ba21705eb0ec90c49714 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Mon, 28 Aug 2023 13:27:09 +0200
+Subject: [PATCH 16/16] CryptoPkg/CrtLib: add access/open/read/write/close
+ syscalls
+
+needed by rhel downstream openssl patches
+---
+ CryptoPkg/Library/Include/CrtLibSupport.h     | 41 +++++++++++++++++
+ .../Library/BaseCryptLib/SysCall/CrtWrapper.c | 46 +++++++++++++++++++
+ 2 files changed, 87 insertions(+)
+
+diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
+index f36fe08f0c61..7d98496af80b 100644
+--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
+@@ -78,6 +78,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ //
+ // Definitions for global constants used by CRT library routines
+ //
+#define EINTR         4
+ #define EINVAL        22              /* Invalid argument */
+ #define EAFNOSUPPORT  47              /* Address family not supported by protocol family */
+ #define INT_MAX       0x7FFFFFFF      /* Maximum (signed) int value */
+@@ -102,6 +103,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
+ #define NS_INADDRSZ   4   /*%< IPv4 T_A */
+ #define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
+ 
+#define O_RDONLY        00000000
+#define O_WRONLY        00000001
+#define O_RDWR          00000002
+
+#define R_OK  4
+#define W_OK  2
+#define X_OK  1
+#define F_OK  0
+
+ //
+ // Basic types mapping
+ //
+@@ -324,6 +334,37 @@ fprintf     (
+   ...
+   );
+ 
+int
+access(
+  const char*,
+  int
+  );
+
+int
+open (
+  const char *,
+  int
+  );
+
+ssize_t
+read (
+  int,
+  void*,
+  size_t
+  );
+
+ssize_t
+write (
+  int,
+  const void*,
+  size_t
+  );
+
+int
+close (
+  int
+  );
+
+ time_t
+ time        (
+   time_t *
+diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+index 37cdecc9bd1d..dfdb63553667 100644
+--- a/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c
+@@ -550,6 +550,52 @@ fread (
+   return 0;
+ }
+ 
+int
+access(
+  const char*,
+  int
+  )
+{
+  return -1;
+}
+
+int
+open (
+  const char *,
+  int
+  )
+{
+  return -1;
+}
+
+ssize_t
+read (
+  int,
+  void*,
+  size_t
+  )
+{
+  return -1;
+}
+
+ssize_t
+write (
+  int,
+  const void*,
+  size_t
+  )
+{
+  return -1;
+}
+
+int
+close (
+  int
+  )
+{
+  return -1;
+}
+
+ uid_t
+ getuid (
+   void
+-- 
+2.41.0
+
--- a/0016-OvmfPkg-PciHotPlugInitDxe-Do-not-reserve-IO-ports-by.patch
+++ b/0016-OvmfPkg-PciHotPlugInitDxe-Do-not-reserve-IO-ports-by.patch
@ -1,47 +0,0 @@
-From e54dd3f5c1ea0171317d9054d44b35d634ac4557 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Tue, 16 May 2023 11:47:58 +0200
-Subject: [PATCH 16/27] OvmfPkg/PciHotPlugInitDxe: Do not reserve IO ports by
- default.
-
-Flip the default for IO address space reservations for PCI(e) bridges
-and root ports with hotplug support from TRUE to FALSE.
-
-PCI(e) bridges will still get IO address space assigned in case:
-
-  (a) Downstream devices actually need IO address space, or
-  (b) Explicit configuration, using "qemu -device
-      pcie-root-port,io-reserve=<size>".
-
-In case IO address space is exhausted edk2 will stop assigning resources
-to PCI(e) bridges.  This is not limited to IO resources, the affected
-bridges will not get any memory resources assigned either.
-
-This patch solves this issue by not handing out the scarce IO address
-space, which is not needed in most cases anyway.  Result is a more
-consistent PCI configuration in virtual machine configurations with many
-PCie root ports.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit 27727338b2c0e3f50eb0176a1044e903fcb3c3b1)
---
- OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.c b/OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.c
-index 6b2b6797b3b6..69903a600981 100644
--- a/OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.c
-+++ b/OvmfPkg/PciHotPlugInitDxe/PciHotPlugInit.c
-@@ -589,7 +589,7 @@ GetResourcePadding (
-     return EFI_INVALID_PARAMETER;
-   }
- 
-  DefaultIo       = TRUE;
-+  DefaultIo       = FALSE;
-   DefaultMmio     = TRUE;
-   DefaultPrefMmio = TRUE;
- 
-- 
-2.40.1
-
--- a/0017-OvmfPkg-IoMmuDxe-don-t-rely-on-TPLs-to-manage-concur.patch
+++ b/0017-OvmfPkg-IoMmuDxe-don-t-rely-on-TPLs-to-manage-concur.patch
@ -0,0 +1,235 @@
+From bf2f6173802c709a84c36d43f414c815ad6aa2f6 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Thu, 20 Jul 2023 15:45:57 +0200
+Subject: [PATCH 17/20] OvmfPkg/IoMmuDxe: don't rely on TPLs to manage
+ concurrency
+
+Instead of relying on raising the TPL to protect the critical sections
+that manipulate the global bitmask that keeps track of bounce buffer
+allocations, use compare-and-exchange to manage the global variable, and
+tweak the logic to line up with that.
+
+Given that IoMmuDxe implements a singleton protocol that is shared
+between multiple drivers, and considering the elaborate and confusing
+requirements in the UEFP spec regarding TPL levels at which protocol
+methods may be invoked, not relying on TPL levels at all is a more
+robust approach in this case.
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=2211060
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Acked-by: Pedro Falcato <pedro.falcato@gmail.com>
+(cherry picked from commit dfb941d32a2f38c9177729e39c6a6515abbbad48)
+---
+ OvmfPkg/IoMmuDxe/IoMmuDxe.inf  |   1 +
+ OvmfPkg/IoMmuDxe/IoMmuBuffer.c | 100 +++++++++++++++++++--------------
+ 2 files changed, 60 insertions(+), 41 deletions(-)
+
+diff --git a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+index 17fca5285692..d08f7e59e2b6 100644
+--- a/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+++ b/OvmfPkg/IoMmuDxe/IoMmuDxe.inf
+@@ -35,6 +35,7 @@ [LibraryClasses]
+   MemEncryptSevLib
+   MemEncryptTdxLib
+   MemoryAllocationLib
+  SynchronizationLib
+   UefiBootServicesTableLib
+   UefiDriverEntryPoint
+ 
+diff --git a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+index 103003cae376..f8dcd5b7ec92 100644
+--- a/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+++ b/OvmfPkg/IoMmuDxe/IoMmuBuffer.c
+@@ -12,6 +12,7 @@
+ #include <Library/MemEncryptSevLib.h>
+ #include <Library/MemEncryptTdxLib.h>
+ #include <Library/PcdLib.h>
+#include <Library/SynchronizationLib.h>
+ #include <Library/UefiBootServicesTableLib.h>
+ #include "IoMmuInternal.h"
+ 
+@@ -268,16 +269,17 @@ InternalAllocateBuffer (
+   IN  EFI_ALLOCATE_TYPE        Type,
+   IN  EFI_MEMORY_TYPE          MemoryType,
+   IN  UINTN                    Pages,
+-  IN OUT UINT32                *ReservedMemBitmap,
+  OUT UINT32                   *ReservedMemBit,
+   IN OUT EFI_PHYSICAL_ADDRESS  *PhysicalAddress
+   )
+ {
+   UINT32                    MemBitmap;
+  UINT32                    ReservedMemBitmap;
+   UINT8                     Index;
+   IOMMU_RESERVED_MEM_RANGE  *MemRange;
+   UINTN                     PagesOfLastMemRange;
+ 
+-  *ReservedMemBitmap = 0;
+  *ReservedMemBit = 0;
+ 
+   if (Pages == 0) {
+     ASSERT (FALSE);
+@@ -309,23 +311,31 @@ InternalAllocateBuffer (
+ 
+   MemRange = &mReservedMemRanges[Index];
+ 
+-  if ((mReservedMemBitmap & MemRange->BitmapMask) == MemRange->BitmapMask) {
+-    // The reserved memory is exausted. Turn to legacy allocate.
+-    goto LegacyAllocateBuffer;
+-  }
+  do {
+    ReservedMemBitmap = mReservedMemBitmap;
+ 
+-  MemBitmap = (mReservedMemBitmap & MemRange->BitmapMask) >> MemRange->Shift;
+    if ((ReservedMemBitmap & MemRange->BitmapMask) == MemRange->BitmapMask) {
+      // The reserved memory is exhausted. Turn to legacy allocate.
+      goto LegacyAllocateBuffer;
+    }
+
+    MemBitmap = (ReservedMemBitmap & MemRange->BitmapMask) >> MemRange->Shift;
+ 
+-  for (Index = 0; Index < MemRange->Slots; Index++) {
+-    if ((MemBitmap & (UINT8)(1<<Index)) == 0) {
+-      break;
+    for (Index = 0; Index < MemRange->Slots; Index++) {
+      if ((MemBitmap & (UINT8)(1<<Index)) == 0) {
+        break;
+      }
+     }
+-  }
+ 
+-  ASSERT (Index != MemRange->Slots);
+    ASSERT (Index != MemRange->Slots);
+ 
+-  *PhysicalAddress   = MemRange->StartAddressOfMemRange + Index * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize;
+-  *ReservedMemBitmap = (UINT32)(1 << (Index + MemRange->Shift));
+    *PhysicalAddress = MemRange->StartAddressOfMemRange + Index * SIZE_OF_MEM_RANGE (MemRange) + MemRange->HeaderSize;
+    *ReservedMemBit  = (UINT32)(1 << (Index + MemRange->Shift));
+  } while (ReservedMemBitmap != InterlockedCompareExchange32 (
+                                  &mReservedMemBitmap,
+                                  ReservedMemBitmap,
+                                  ReservedMemBitmap | *ReservedMemBit
+                                  ));
+ 
+   DEBUG ((
+     DEBUG_VERBOSE,
+@@ -334,16 +344,16 @@ InternalAllocateBuffer (
+     MemRange->DataSize,
+     *PhysicalAddress,
+     Pages,
+-    *ReservedMemBitmap,
+-    mReservedMemBitmap,
+-    mReservedMemBitmap | *ReservedMemBitmap
+    *ReservedMemBit,
+    ReservedMemBitmap,
+    ReservedMemBitmap | *ReservedMemBit
+     ));
+ 
+   return EFI_SUCCESS;
+ 
+ LegacyAllocateBuffer:
+ 
+-  *ReservedMemBitmap = 0;
+  *ReservedMemBit = 0;
+   return gBS->AllocatePages (Type, MemoryType, Pages, PhysicalAddress);
+ }
+ 
+@@ -366,27 +376,41 @@ IoMmuAllocateBounceBuffer (
+   )
+ {
+   EFI_STATUS  Status;
+-  UINT32      ReservedMemBitmap;
+-  EFI_TPL     OldTpl;
+-
+-  OldTpl            = gBS->RaiseTPL (TPL_NOTIFY);
+-  ReservedMemBitmap = 0;
+-  Status            = InternalAllocateBuffer (
+-                        Type,
+-                        MemoryType,
+-                        MapInfo->NumberOfPages,
+-                        &ReservedMemBitmap,
+-                        &MapInfo->PlainTextAddress
+-                        );
+-  MapInfo->ReservedMemBitmap = ReservedMemBitmap;
+-  mReservedMemBitmap        |= ReservedMemBitmap;
+-  gBS->RestoreTPL (OldTpl);
+ 
+  Status = InternalAllocateBuffer (
+             Type,
+             MemoryType,
+             MapInfo->NumberOfPages,
+             &MapInfo->ReservedMemBitmap,
+             &MapInfo->PlainTextAddress
+             );
+   ASSERT (Status == EFI_SUCCESS);
+ 
+   return Status;
+ }
+ 
+/**
+ * Clear a bit in the reserved memory bitmap in a thread safe manner
+ *
+ * @param ReservedMemBit  The bit to clear
+ */
+STATIC
+VOID
+ClearReservedMemBit (
+  IN  UINT32  ReservedMemBit
+  )
+{
+  UINT32  ReservedMemBitmap;
+
+  do {
+    ReservedMemBitmap = mReservedMemBitmap;
+  } while (ReservedMemBitmap != InterlockedCompareExchange32 (
+                                  &mReservedMemBitmap,
+                                  ReservedMemBitmap,
+                                  ReservedMemBitmap & ~ReservedMemBit
+                                  ));
+}
+
+ /**
+  * Free the bounce buffer allocated in IoMmuAllocateBounceBuffer.
+  *
+@@ -398,8 +422,6 @@ IoMmuFreeBounceBuffer (
+   IN OUT     MAP_INFO  *MapInfo
+   )
+ {
+-  EFI_TPL  OldTpl;
+-
+   if (MapInfo->ReservedMemBitmap == 0) {
+     gBS->FreePages (MapInfo->PlainTextAddress, MapInfo->NumberOfPages);
+   } else {
+@@ -412,11 +434,9 @@ IoMmuFreeBounceBuffer (
+       mReservedMemBitmap,
+       mReservedMemBitmap & ((UINT32)(~MapInfo->ReservedMemBitmap))
+       ));
+-    OldTpl                     = gBS->RaiseTPL (TPL_NOTIFY);
+    ClearReservedMemBit (MapInfo->ReservedMemBitmap);
+     MapInfo->PlainTextAddress  = 0;
+-    mReservedMemBitmap        &= (UINT32)(~MapInfo->ReservedMemBitmap);
+     MapInfo->ReservedMemBitmap = 0;
+-    gBS->RestoreTPL (OldTpl);
+   }
+ 
+   return EFI_SUCCESS;
+@@ -452,8 +472,6 @@ IoMmuAllocateCommonBuffer (
+              );
+   ASSERT (Status == EFI_SUCCESS);
+ 
+-  mReservedMemBitmap |= *ReservedMemBitmap;
+-
+   if (*ReservedMemBitmap != 0) {
+     *PhysicalAddress -= SIZE_4KB;
+   }
+@@ -494,7 +512,7 @@ IoMmuFreeCommonBuffer (
+     mReservedMemBitmap & ((UINT32)(~CommonBufferHeader->ReservedMemBitmap))
+     ));
+ 
+-  mReservedMemBitmap &= (UINT32)(~CommonBufferHeader->ReservedMemBitmap);
+  ClearReservedMemBit (CommonBufferHeader->ReservedMemBitmap);
+   return EFI_SUCCESS;
+ 
+ LegacyFreeCommonBuffer:
+-- 
+2.41.0
+
--- a/0017-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch
+++ b/0017-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch
@ -1,51 +0,0 @@
-From 543497088c1356c408f1bf79c06ab64b5c35be6b Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 17 May 2023 12:24:47 +0200
-Subject: [PATCH 17/27] OvmfPkg/PlatformInitLib: check PcdUse1GPageTable
-
-If PcdUse1GPageTable is not enabled restrict the physical address space
-used to 1TB, to limit the amount of memory needed for identity mapping
-page tables.
-
-The same already happens in case the processor has no support for
-gigabyte pages.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit d4d24001f78bcee965d8854fba6f08f48b4ec446)
---
- OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf | 1 +
- OvmfPkg/Library/PlatformInitLib/MemDetect.c         | 5 +++++
- 2 files changed, 6 insertions(+)
-
-diff --git a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
-index 86a82ad3e084..5a79d95b689c 100644
--- a/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
-+++ b/OvmfPkg/Library/PlatformInitLib/PlatformInitLib.inf
-@@ -58,6 +58,7 @@ [LibraryClasses.X64]
- 
- [Pcd]
-   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable
- 
- [FixedPcd]
-   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
-diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-index acf90b4e93fd..1102b00ecbf0 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-@@ -663,6 +663,11 @@ PlatformAddressWidthFromCpuid (
-       PhysBits = 40;
-     }
- 
-+    if (!FixedPcdGetBool (PcdUse1GPageTable) && (PhysBits > 40)) {
-+      DEBUG ((DEBUG_INFO, "%a: limit PhysBits to 40 (PcdUse1GPageTable is false)\n", __func__));
-+      PhysBits = 40;
-+    }
-+
-     PlatformInfoHob->PhysMemAddressWidth = PhysBits;
-     PlatformInfoHob->FirstNonAddress     = LShiftU64 (1, PlatformInfoHob->PhysMemAddressWidth);
-   }
-- 
-2.40.1
-
--- a/0018-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+++ b/0018-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
@ -0,0 +1,84 @@
+From 2dd5afb5f43f645041b91c8fa6f797121a384061 Mon Sep 17 00:00:00 2001
+From: YuanhaoXie <yuanhao.xie@intel.com>
+Date: Tue, 22 Aug 2023 09:52:14 +0800
+Subject: [PATCH 18/20] OvmfPkg: Disable PcdFirstTimeWakeUpAPsBySipi
+
+Disable PcdFirstTimeWakeUpAPsBySipi for IntelTdx, Microvm, and Xen to
+preserve the original execution of INIT-SIPI-SIPI.
+
+Cc: Eric Dong <eric.dong@intel.com>
+Cc: Ray Ni <ray.ni@intel.com>
+Cc: Rahul Kumar <rahul1.kumar@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Jordan Justen <jordan.l.justen@intel.com>
+Signed-off-by: Yuanhao Xie <yuanhao.xie@intel.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+(cherry picked from commit 020cc9e2e7053bb62247b0babbbe80cb855592e5)
+---
+ OvmfPkg/IntelTdx/IntelTdxX64.dsc | 8 ++++++++
+ OvmfPkg/Microvm/MicrovmX64.dsc   | 8 ++++++++
+ OvmfPkg/OvmfXen.dsc              | 8 ++++++++
+ 3 files changed, 24 insertions(+)
+
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+index bfcd486976cf..cfd5e8516ea4 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+@@ -463,6 +463,14 @@ [PcdsFixedAtBuild]
+   # Point to the MdeModulePkg/Application/UiApp/UiApp.inf
+   gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
+ 
+  #
+  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+  # initialization. Deactivate this parameter to preserve
+  # the original execution of INIT-SIPI-SIPI.
+  #
+  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
+index 023b7b0fe959..3cb2b6ddc490 100644
+--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
+@@ -566,6 +566,14 @@ [PcdsFixedAtBuild]
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSerialPciDeviceInfo|{0xFF}
+   gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase|0x3f8
+ 
+  #
+  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+  # initialization. Deactivate this parameter to preserve
+  # the original execution of INIT-SIPI-SIPI.
+  #
+  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
+index 210578c1d74d..dcb99d1f0bce 100644
+--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
+@@ -458,6 +458,14 @@ [PcdsFixedAtBuild]
+   # We populate DXE IPL tables with 1G pages preferably on Xen
+   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
+ 
+  #
+  # PcdFirstTimeWakeUpAPsBySipi determines whether to employ
+  # SIPI instead of the INIT-SIPI-SIPI sequence during APs
+  # initialization. Deactivate this parameter to preserve
+  # the original execution of INIT-SIPI-SIPI.
+  #
+  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+-- 
+2.41.0
+
--- a/0018-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch
+++ b/0018-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch
@ -1,31 +0,0 @@
-From f1bbf3e4195bb21d4edfb2af8e940bceacc2ced4 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 17 May 2023 12:24:48 +0200
-Subject: [PATCH 18/27] OvmfPkg/OvmfPkgIa32X64: enable 1G pages
-
-Reduces the memory footprint and speeds up booting.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit b63e17d746aa6bab2b1101711395725005e71a02)
---
- OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
-index e37ec97fbc7a..2b2f8e3e84d3 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
-+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
-@@ -557,6 +557,9 @@ [PcdsFixedAtBuild]
-   # never lets the RAM below 4 GB exceed 2816 MB.
-   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress|0xE0000000
- 
-+  # use 1G pages
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
-+
- !if $(SOURCE_DEBUG_ENABLE) == TRUE
-   gEfiSourceLevelDebugPkgTokenSpaceGuid.PcdDebugLoadImageMethod|0x2
- !endif
-- 
-2.40.1
-
--- a/0019-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+++ b/0019-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
@ -0,0 +1,46 @@
+From cb435f3097b28e7470a7653def7d5ab06855f6ee Mon Sep 17 00:00:00 2001
+From: Michael Roth <michael.roth@amd.com>
+Date: Wed, 16 Aug 2023 15:11:46 -0500
+Subject: [PATCH 19/20] OvmfPkg/AmdSev: Disable PcdFirstTimeWakeUpAPsBySipi
+
+PcdFirstTimeWakeUpAPsBySipi was recently introduced to indicate when the
+full INIT-SIPI-SIPI sequence can be skipped for AP bringup. It is true
+by default, but needs to be disabled for QEMU/OVMF where early INIT is
+not simulated. Commit 1d76560146 ("OvmfPkg: Disable
+PcdFirstTimeWakeUpAPsBySipi.") added changes to disable it by default
+for OvmfPkg, but a similar change was not made for the AmdSev package.
+This breaks booting of SEV and SNP guests.
+
+Fix this defaulting PcdFirstTimeWakeUpAPsBySipi to false for AmdSev
+package, as was previously done for OvmfPkg variants.
+
+Fixes: eaffa1d7ff ("UefiCpuPkg:Wake up APs after power-up or RESET through SIPI.")
+Signed-off-by: Michael Roth <michael.roth@amd.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+(cherry picked from commit 8b66f9df1bb0fd5ebb743944d41cb33178cf2fdd)
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 865d150a2871..7f808126675f 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -468,6 +468,14 @@ [PcdsFixedAtBuild]
+   gEfiMdeModulePkgTokenSpaceGuid.PcdConInConnectOnDemand|TRUE
+   gUefiOvmfPkgTokenSpaceGuid.PcdBootRestrictToFirmware|TRUE
+ 
+  #
+  # INIT is now triggered before BIOS by ucode/hardware. In the OVMF
+  # environment, QEMU lacks a simulation for the INIT process.
+  # To address this, PcdFirstTimeWakeUpAPsBySipi set to FALSE to
+  # broadcast INIT-SIPI-SIPI for the first time.
+  #
+  gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE
+
+ ################################################################################
+ #
+ # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform
+-- 
+2.41.0
+
--- a/0019-OvmfPkg-MicrovmX64-enable-1G-pages.patch
+++ b/0019-OvmfPkg-MicrovmX64-enable-1G-pages.patch
@ -1,31 +0,0 @@
-From 9c6bc52b413feda953158ad623237f6c9e7b533d Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Wed, 17 May 2023 12:24:49 +0200
-Subject: [PATCH 19/27] OvmfPkg/MicrovmX64: enable 1G pages
-
-Reduces the memory footprint and speeds up booting.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit 04c5b3023e49c35d291f41d2c39b4d12a62b8f9c)
---
- OvmfPkg/Microvm/MicrovmX64.dsc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
-index 02c225f6d2a7..b0acab41103b 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
-+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
-@@ -544,6 +544,9 @@ [PcdsFixedAtBuild]
-   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesCode|0x100
-   gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiRuntimeServicesData|0x100
- 
-+  # use 1G pages
-+  gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
-+
-   #
-   # Network Pcds
-   #
-- 
-2.40.1
-
--- a/0020-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
+++ b/0020-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch
@ -0,0 +1,72 @@
+From 6580637b33ef9b55b6dcfa8517e5933fb87b02d1 Mon Sep 17 00:00:00 2001
+From: "Roth, Michael via groups.io" <Michael.Roth=amd.com@groups.io>
+Date: Wed, 16 Aug 2023 15:11:45 -0500
+Subject: [PATCH 20/20] OvmfPkg/AmdSev: fix BdsPlatform.c assertion failure
+ during boot
+
+Booting an SEV guest with AmdSev OVMF package currently triggers the
+following assertion with QEMU:
+
+  InstallQemuFwCfgTables: installed 7 tables
+  PcRtc: Write 0x20 to CMOS location 0x32
+  [Variable]END_OF_DXE is signaled
+  Initialize variable error flag (FF)
+
+  ASSERT_EFI_ERROR (Status = Not Found)
+  ASSERT [BdsDxe] /home/VT_BUILD/ovmf/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c(1711): !(((INTN)(RETURN_STATUS)(Status)) < 0)
+
+This seems to be due to commit 81dc0d8b4c, which switched to using
+PlatformBootManagerLib instead of PlatformBootManagerLibGrub. That pulls
+in a dependency on gEfiS3SaveStateProtocolGuid provider being available
+(which is asserted for in
+BdsPlatform.c:PlatformBootManagerBeforeConsole()/SaveS3BootScript()),
+but the libraries that provide it aren't currently included in the
+build. Add them similarly to what's done for OvmfPkg.
+
+Fixes: 81dc0d8b4c ("OvmfPkg/AmdSev: stop using PlatformBootManagerLibGrub")
+Signed-off-by: Michael Roth <michael.roth@amd.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Jiewen Yao <Jiewen.yao@intel.com>
+(cherry picked from commit f008890ae55929f7f17e7d2f8aff929255007d33)
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 3 +++
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 7f808126675f..49f6be3a079c 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -200,6 +200,7 @@ [LibraryClasses]
+ 
+   SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
+   OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
+  S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf
+ 
+ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc
+ 
+@@ -727,6 +728,8 @@ [Components]
+   #
+   MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+   OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+   MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+   #
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 463bd3e9ef15..b2ab0c777320 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
+++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -270,6 +270,8 @@ [FV.DXEFV]
+ 
+ INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf
+ INF  OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
+INF  MdeModulePkg/Universal/Acpi/S3SaveStateDxe/S3SaveStateDxe.inf
+INF  MdeModulePkg/Universal/Acpi/BootScriptExecutorDxe/BootScriptExecutorDxe.inf
+ INF  MdeModulePkg/Universal/Acpi/BootGraphicsResourceTableDxe/BootGraphicsResourceTableDxe.inf
+ 
+ INF  FatPkg/EnhancedFatDxe/Fat.inf
+-- 
+2.41.0
+
--- a/0020-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch
+++ b/0020-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch
@ -1,39 +0,0 @@
-From 71024b694fa3a6317ebbba1d79626f80d8dce792 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 12 May 2023 16:23:06 +0200
-Subject: [PATCH 20/27] OvmfPkg/VirtioSerialDxe: use TPL_NOTIFY
-
-Apparently TPL_CALLBACK is too low, code runs into an ASSERT
-complaining the new TPL is lower than the old TPL.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 4e5a804222415ec7b2bec90ea0300b8a9f60f131)
---
- OvmfPkg/VirtioSerialDxe/VirtioSerialPort.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/OvmfPkg/VirtioSerialDxe/VirtioSerialPort.c b/OvmfPkg/VirtioSerialDxe/VirtioSerialPort.c
-index 522b25e9698c..e4a58deff162 100644
--- a/OvmfPkg/VirtioSerialDxe/VirtioSerialPort.c
-+++ b/OvmfPkg/VirtioSerialDxe/VirtioSerialPort.c
-@@ -158,7 +158,7 @@ VirtioSerialIoWrite (
- 
-   VirtioSerialRingClearTx (SerialIo->Dev, PortTx (SerialIo->PortId));
- 
-  OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-+  OldTpl = gBS->RaiseTPL (TPL_NOTIFY);
-   if (SerialIo->WriteOffset &&
-       (SerialIo->WriteOffset + *BufferSize > PORT_TX_BUFSIZE))
-   {
-@@ -201,7 +201,7 @@ VirtioSerialIoRead (
-     goto NoData;
-   }
- 
-  OldTpl = gBS->RaiseTPL (TPL_CALLBACK);
-+  OldTpl = gBS->RaiseTPL (TPL_NOTIFY);
-   if (SerialIo->WriteOffset) {
-     DEBUG ((DEBUG_VERBOSE, "%a:%d: WriteFlush %d\n", __func__, __LINE__, SerialIo->WriteOffset));
-     VirtioSerialRingSendBuffer (
-- 
-2.40.1
-
--- a/0021-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-refine-flash-.patch
+++ b/0021-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-refine-flash-.patch
@ -1,51 +0,0 @@
-From 8372a31938eb57921bd8a9a5dd5d56b838b074a2 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 08:08:03 +0200
-Subject: [PATCH 21/27] OvmfPkg/QemuFlashFvbServicesRuntimeDxe: refine flash
- detection
-
-Flash can be write-protected in qemu (which is usually the case for
-code).  In case the variable store flash block is configured read-only
-ovmf wouldn't be able to store EFI variables there, so not setting up
-fvb in that case (and fallhack to emulation) is the better option.
-It'll avoid problems later due to flash writes failing.
-
-The patch tries to write back the original value read earlier, so flash
-content doesn't change in case the write succeeds.  But the status we
-read back after the attempt to write will tell us whenever flash is
-writable or not.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 578a715cfc6abc08ead8f585f096789374254b2a)
---
- OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
-index 54f859de9ff9..a577aea55614 100644
--- a/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
-+++ b/OvmfPkg/QemuFlashFvbServicesRuntimeDxe/QemuFlash.c
-@@ -114,9 +114,17 @@ QemuFlashDetected (
-       DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as RAM\n"));
-       *Ptr = OriginalUint8;
-     } else if (ProbeUint8 == CLEARED_ARRAY_STATUS) {
-      DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH\n"));
-      FlashDetected = TRUE;
-      *Ptr          = READ_ARRAY_CMD;
-+      *Ptr       = WRITE_BYTE_CMD;
-+      *Ptr       = OriginalUint8;
-+      *Ptr       = READ_STATUS_CMD;
-+      ProbeUint8 = *Ptr;
-+      *Ptr       = READ_ARRAY_CMD;
-+      if (ProbeUint8 & 0x10 /* programming error */) {
-+        DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH, write-protected\n"));
-+      } else {
-+        DEBUG ((DEBUG_INFO, "QemuFlashDetected => FD behaves as FLASH, writable\n"));
-+        FlashDetected = TRUE;
-+      }
-     }
-   }
- 
-- 
-2.40.1
-
--- a/0022-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch
+++ b/0022-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch
@ -1,47 +0,0 @@
-From cdb34f5003b9001d12d1841e8a4eeab9471ab928 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 09:57:31 +0200
-Subject: [PATCH 22/27] OvmfPkg/PlatformInitLib: limit phys-bits to 46.
-
-Older linux kernels have problems with phys-bits larger than 46,
-ubuntu 18.04 (kernel 4.15) has been reported to be affected.
-
-Reduce phys-bits limit from 47 to 46.
-
-Reported-by: Fiona Ebner <f.ebner@proxmox.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit c1e853769046b322690ad336fdb98966757e7414)
---
- OvmfPkg/Library/PlatformInitLib/MemDetect.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/OvmfPkg/Library/PlatformInitLib/MemDetect.c b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-index 1102b00ecbf0..662e7e85bbc5 100644
--- a/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-+++ b/OvmfPkg/Library/PlatformInitLib/MemDetect.c
-@@ -646,16 +646,19 @@ PlatformAddressWidthFromCpuid (
-     ));
- 
-   if (Valid) {
-    if (PhysBits > 47) {
-+    if (PhysBits > 46) {
-       /*
-        * Avoid 5-level paging altogether for now, which limits
-        * PhysBits to 48.  Also avoid using address bit 48, due to sign
-        * extension we can't identity-map these addresses (and lots of
-        * places in edk2 assume we have everything identity-mapped).
-        * So the actual limit is 47.
-+       *
-+       * Also some older linux kernels apparently have problems handling
-+       * phys-bits > 46 correctly, so use that as limit.
-        */
-      DEBUG ((DEBUG_INFO, "%a: limit PhysBits to 47 (avoid 5-level paging)\n", __func__));
-      PhysBits = 47;
-+      DEBUG ((DEBUG_INFO, "%a: limit PhysBits to 46 (avoid 5-level paging)\n", __func__));
-+      PhysBits = 46;
-     }
- 
-     if (!Page1GSupport && (PhysBits > 40)) {
-- 
-2.40.1
-
--- a/0023-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch
+++ b/0023-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch
@ -1,53 +0,0 @@
-From bc308234de0455d9448f6b841506bd1e2b04b024 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 13:57:10 +0200
-Subject: [PATCH 23/27] ArmVirt: add VirtioSerialDxe to ArmVirtQemu builds
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Acked-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit 6925150febb3a76d8e40c19babcc578555ca78fe)
---
- ArmVirtPkg/ArmVirtQemu.dsc           | 1 +
- ArmVirtPkg/ArmVirtQemuKernel.dsc     | 1 +
- ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
-index bc097880f79f..a03f5e4d43cf 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
-+++ b/ArmVirtPkg/ArmVirtQemu.dsc
-@@ -453,6 +453,7 @@ [Components.common]
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-   OvmfPkg/VirtioNetDxe/VirtioNet.inf
-   OvmfPkg/VirtioRngDxe/VirtioRng.inf
-+  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- 
-   #
-   # FAT filesystem + GPT/MBR partitioning + UDF filesystem + virtio-fs
-diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-index 02877284bfa3..e7d76a6502c7 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
-+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
-@@ -353,6 +353,7 @@ [Components.common]
-   OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-   OvmfPkg/VirtioNetDxe/VirtioNet.inf
-   OvmfPkg/VirtioRngDxe/VirtioRng.inf
-+  OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- 
-   #
-   # FAT filesystem + GPT/MBR partitioning + UDF filesystem + virtio-fs
-diff --git a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-index 8a063bac04ac..2894bc853a46 100644
--- a/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-+++ b/ArmVirtPkg/ArmVirtQemuFvMain.fdf.inc
-@@ -98,6 +98,7 @@ [FV.FvMain]
-   INF OvmfPkg/VirtioNetDxe/VirtioNet.inf
-   INF OvmfPkg/VirtioScsiDxe/VirtioScsi.inf
-   INF OvmfPkg/VirtioRngDxe/VirtioRng.inf
-+  INF OvmfPkg/VirtioSerialDxe/VirtioSerial.inf
- 
-   INF ShellPkg/Application/Shell/Shell.inf
-   INF ShellPkg/DynamicCommand/TftpDynamicCommand/TftpDynamicCommand.inf
-- 
-2.40.1
-
--- a/0024-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch
+++ b/0024-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch
@ -1,68 +0,0 @@
-From f0d2e5cf0f436cf48afae5e7b86bd5bd7e137751 Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 13:57:11 +0200
-Subject: [PATCH 24/27] ArmVirt/PlatformBootManagerLib: factor out IsVirtio()
-
-IsVirtioRng() becomes just a thin wrapper for IsVirtio().
-This allows to add similar thin wrappers for other virtio
-devices in the future.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit a196b04926e70880334fcd649837d0ac63b0bfd5)
---
- .../PlatformBootManagerLib/PlatformBm.c       | 26 +++++++++++++++----
- 1 file changed, 21 insertions(+), 5 deletions(-)
-
-diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-index 10c815378cd5..5eb6f0f9c14a 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-@@ -269,15 +269,16 @@ IsPciDisplay (
- }
- 
- /**
-  This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at
-  the VIRTIO_DEVICE_PROTOCOL level.
-+  This function checks if a handle corresponds to the Virtio Device ID given
-+  at the VIRTIO_DEVICE_PROTOCOL level.
- **/
- STATIC
- BOOLEAN
- EFIAPI
-IsVirtioRng (
-+IsVirtio (
-   IN EFI_HANDLE    Handle,
-  IN CONST CHAR16  *ReportText
-+  IN CONST CHAR16  *ReportText,
-+  IN UINT16        VirtIoDeviceId
-   )
- {
-   EFI_STATUS              Status;
-@@ -293,7 +294,22 @@ IsVirtioRng (
-   }
- 
-   return (BOOLEAN)(VirtIo->SubSystemDeviceId ==
-                   VIRTIO_SUBSYSTEM_ENTROPY_SOURCE);
-+                   VirtIoDeviceId);
-+}
-+
-+/**
-+  This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at
-+  the VIRTIO_DEVICE_PROTOCOL level.
-+**/
-+STATIC
-+BOOLEAN
-+EFIAPI
-+IsVirtioRng (
-+  IN EFI_HANDLE    Handle,
-+  IN CONST CHAR16  *ReportText
-+  )
-+{
-+  return IsVirtio (Handle, ReportText, VIRTIO_SUBSYSTEM_ENTROPY_SOURCE);
- }
- 
- /**
-- 
-2.40.1
-
--- a/0025-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch
+++ b/0025-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch
@ -1,90 +0,0 @@
-From 7863796aacb5dc2acd852920bd33a3fec167c80b Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 13:57:12 +0200
-Subject: [PATCH 25/27] ArmVirt/PlatformBootManagerLib: factor out
- IsVirtioPci()
-
-IsVirtioPciRng() becomes just a thin wrapper for IsVirtioPci().
-This allows to add similar thin wrappers for other virtio
-devices in the future.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
-(cherry picked from commit aaf546879ab71722c36738ccc6f0f0ab4ecf5076)
---
- .../PlatformBootManagerLib/PlatformBm.c       | 30 ++++++++++++++-----
- 1 file changed, 23 insertions(+), 7 deletions(-)
-
-diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-index 5eb6f0f9c14a..ed38c42a43ee 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-@@ -313,15 +313,16 @@ IsVirtioRng (
- }
- 
- /**
-  This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at
-  the EFI_PCI_IO_PROTOCOL level.
-+  This function checks if a handle corresponds to the Virtio Device ID given
-+  at the EFI_PCI_IO_PROTOCOL level.
- **/
- STATIC
- BOOLEAN
- EFIAPI
-IsVirtioPciRng (
-+IsVirtioPci (
-   IN EFI_HANDLE    Handle,
-  IN CONST CHAR16  *ReportText
-+  IN CONST CHAR16  *ReportText,
-+  IN UINT16        VirtIoDeviceId
-   )
- {
-   EFI_STATUS           Status;
-@@ -387,11 +388,11 @@ IsVirtioPciRng (
-   //
-   // From DeviceId and RevisionId, determine whether the device is a
-   // modern-only Virtio 1.0 device. In case of Virtio 1.0, DeviceId can
-  // immediately be restricted to VIRTIO_SUBSYSTEM_ENTROPY_SOURCE, and
-+  // immediately be restricted to VirtIoDeviceId, and
-   // SubsystemId will only play a sanity-check role. Otherwise, DeviceId can
-   // only be sanity-checked, and SubsystemId will decide.
-   //
-  if ((DeviceId == 0x1040 + VIRTIO_SUBSYSTEM_ENTROPY_SOURCE) &&
-+  if ((DeviceId == 0x1040 + VirtIoDeviceId) &&
-       (RevisionId >= 0x01))
-   {
-     Virtio10 = TRUE;
-@@ -419,7 +420,7 @@ IsVirtioPciRng (
-     return TRUE;
-   }
- 
-  if (!Virtio10 && (SubsystemId == VIRTIO_SUBSYSTEM_ENTROPY_SOURCE)) {
-+  if (!Virtio10 && (SubsystemId == VirtIoDeviceId)) {
-     return TRUE;
-   }
- 
-@@ -430,6 +431,21 @@ IsVirtioPciRng (
-   return FALSE;
- }
- 
-+/**
-+  This FILTER_FUNCTION checks if a handle corresponds to a Virtio RNG device at
-+  the EFI_PCI_IO_PROTOCOL level.
-+**/
-+STATIC
-+BOOLEAN
-+EFIAPI
-+IsVirtioPciRng (
-+  IN EFI_HANDLE    Handle,
-+  IN CONST CHAR16  *ReportText
-+  )
-+{
-+  return IsVirtioPci (Handle, ReportText, VIRTIO_SUBSYSTEM_ENTROPY_SOURCE);
-+}
-+
- /**
-   This CALLBACK_FUNCTION attempts to connect a handle non-recursively, asking
-   the matching driver to produce all first-level child handles.
-- 
-2.40.1
-
--- a/0026-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch
+++ b/0026-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch
@ -1,222 +0,0 @@
-From 83a8a9dc1a51d340199587d5bea715406bbc4efa Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Thu, 1 Jun 2023 13:57:13 +0200
-Subject: [PATCH 26/27] ArmVirt/PlatformBootManagerLib: set up virtio serial as
- console
-
-In case a virtio serial device is found in the system register the first
-console port as EFI console, by updating ConIn, ConOut and ErrOut.
-
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-(cherry picked from commit 15f83fa36442eaa272300b31699b3b82ce7e07a9)
---
- .../PlatformBootManagerLib/PlatformBm.c       | 172 ++++++++++++++++++
- 1 file changed, 172 insertions(+)
-
-diff --git a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-index ed38c42a43ee..b92a916f7eec 100644
--- a/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-+++ b/ArmVirtPkg/Library/PlatformBootManagerLib/PlatformBm.c
-@@ -312,6 +312,21 @@ IsVirtioRng (
-   return IsVirtio (Handle, ReportText, VIRTIO_SUBSYSTEM_ENTROPY_SOURCE);
- }
- 
-+/**
-+  This FILTER_FUNCTION checks if a handle corresponds to a Virtio serial device at
-+  the VIRTIO_DEVICE_PROTOCOL level.
-+**/
-+STATIC
-+BOOLEAN
-+EFIAPI
-+IsVirtioSerial (
-+  IN EFI_HANDLE    Handle,
-+  IN CONST CHAR16  *ReportText
-+  )
-+{
-+  return IsVirtio (Handle, ReportText, VIRTIO_SUBSYSTEM_CONSOLE);
-+}
-+
- /**
-   This function checks if a handle corresponds to the Virtio Device ID given
-   at the EFI_PCI_IO_PROTOCOL level.
-@@ -446,6 +461,21 @@ IsVirtioPciRng (
-   return IsVirtioPci (Handle, ReportText, VIRTIO_SUBSYSTEM_ENTROPY_SOURCE);
- }
- 
-+/**
-+  This FILTER_FUNCTION checks if a handle corresponds to a Virtio serial device at
-+  the EFI_PCI_IO_PROTOCOL level.
-+**/
-+STATIC
-+BOOLEAN
-+EFIAPI
-+IsVirtioPciSerial (
-+  IN EFI_HANDLE    Handle,
-+  IN CONST CHAR16  *ReportText
-+  )
-+{
-+  return IsVirtioPci (Handle, ReportText, VIRTIO_SUBSYSTEM_CONSOLE);
-+}
-+
- /**
-   This CALLBACK_FUNCTION attempts to connect a handle non-recursively, asking
-   the matching driver to produce all first-level child handles.
-@@ -534,6 +564,142 @@ AddOutput (
-     ));
- }
- 
-+/**
-+  This CALLBACK_FUNCTION retrieves the EFI_DEVICE_PATH_PROTOCOL from
-+  the handle, appends serial, uart and terminal nodes, finally updates
-+  ConIn, ConOut and ErrOut.
-+**/
-+STATIC
-+VOID
-+EFIAPI
-+SetupVirtioSerial (
-+  IN EFI_HANDLE    Handle,
-+  IN CONST CHAR16  *ReportText
-+  )
-+{
-+  STATIC CONST ACPI_HID_DEVICE_PATH  SerialNode = {
-+    {
-+      ACPI_DEVICE_PATH,
-+      ACPI_DP,
-+      {
-+        (UINT8)(sizeof (ACPI_HID_DEVICE_PATH)),
-+        (UINT8)((sizeof (ACPI_HID_DEVICE_PATH)) >> 8)
-+      },
-+    },
-+    EISA_PNP_ID (0x0501),
-+    0
-+  };
-+
-+  STATIC CONST UART_DEVICE_PATH  UartNode = {
-+    {
-+      MESSAGING_DEVICE_PATH,
-+      MSG_UART_DP,
-+      {
-+        (UINT8)(sizeof (UART_DEVICE_PATH)),
-+        (UINT8)((sizeof (UART_DEVICE_PATH)) >> 8)
-+      },
-+    },
-+    0,
-+    115200,
-+    8,
-+    1,
-+    1
-+  };
-+
-+  STATIC CONST VENDOR_DEVICE_PATH  TerminalNode = {
-+    {
-+      MESSAGING_DEVICE_PATH,
-+      MSG_VENDOR_DP,
-+      {
-+        (UINT8)(sizeof (VENDOR_DEVICE_PATH)),
-+        (UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
-+      },
-+    },
-+    DEVICE_PATH_MESSAGING_VT_UTF8
-+  };
-+
-+  EFI_STATUS                Status;
-+  EFI_DEVICE_PATH_PROTOCOL  *DevicePath, *OldDevicePath;
-+
-+  DevicePath = DevicePathFromHandle (Handle);
-+
-+  if (DevicePath == NULL) {
-+    DEBUG ((
-+      DEBUG_ERROR,
-+      "%a: %s: handle %p: device path not found\n",
-+      __func__,
-+      ReportText,
-+      Handle
-+      ));
-+    return;
-+  }
-+
-+  DevicePath = AppendDevicePathNode (
-+                 DevicePath,
-+                 &SerialNode.Header
-+                 );
-+
-+  OldDevicePath = DevicePath;
-+  DevicePath    = AppendDevicePathNode (
-+                    DevicePath,
-+                    &UartNode.Header
-+                    );
-+  FreePool (OldDevicePath);
-+
-+  OldDevicePath = DevicePath;
-+  DevicePath    = AppendDevicePathNode (
-+                    DevicePath,
-+                    &TerminalNode.Header
-+                    );
-+  FreePool (OldDevicePath);
-+
-+  Status = EfiBootManagerUpdateConsoleVariable (ConIn, DevicePath, NULL);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((
-+      DEBUG_ERROR,
-+      "%a: %s: adding to ConIn: %r\n",
-+      __func__,
-+      ReportText,
-+      Status
-+      ));
-+    return;
-+  }
-+
-+  Status = EfiBootManagerUpdateConsoleVariable (ConOut, DevicePath, NULL);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((
-+      DEBUG_ERROR,
-+
-+      "%a: %s: adding to ConOut: %r\n",
-+      __func__,
-+      ReportText,
-+      Status
-+      ));
-+    return;
-+  }
-+
-+  Status = EfiBootManagerUpdateConsoleVariable (ErrOut, DevicePath, NULL);
-+  if (EFI_ERROR (Status)) {
-+    DEBUG ((
-+      DEBUG_ERROR,
-+      "%a: %s: adding to ErrOut: %r\n",
-+      __func__,
-+      ReportText,
-+      Status
-+      ));
-+    return;
-+  }
-+
-+  FreePool (DevicePath);
-+
-+  DEBUG ((
-+    DEBUG_VERBOSE,
-+    "%a: %s: added to ConIn, ConOut and ErrOut\n",
-+    __func__,
-+    ReportText
-+    ));
-+}
-+
- STATIC
- VOID
- PlatformRegisterFvBootOption (
-@@ -932,6 +1098,12 @@ PlatformBootManagerBeforeConsole (
-   // instances on Virtio PCI RNG devices.
-   //
-   FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciRng, Connect);
-+
-+  //
-+  // Register Virtio serial devices as console.
-+  //
-+  FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
-+  FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
- }
- 
- /**
-- 
-2.40.1
-
--- a/50-edk2-riscv-qcow2.json
+++ b/50-edk2-riscv-qcow2.json
@ -0,0 +1,32 @@
+{
+    "description": "UEFI firmware for RISC-V virtual machines",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+        "mode" : "split",
+        "executable": {
+            "filename": "/usr/share/edk2/riscv/RISCV_VIRT_CODE.qcow2",
+            "format": "qcow2"
+        },
+        "nvram-template": {
+            "filename": "/usr/share/edk2/riscv/RISCV_VIRT_VARS.qcow2",
+            "format": "qcow2"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "riscv64",
+            "machines": [
+                "virt-*"
+            ]
+        }
+    ],
+    "features": [
+
+    ],
+    "tags": [
+
+    ]
+}
--- a/README.experimental
+++ b/README.experimental
@ -0,0 +1,35 @@
+
+experimental edk2 builds
+------------------------
+
+OVMF.stateless.fd
+OVMF.stateless.secboot.fd
+OVMF.stateless.secboot.pcr
+
+  Stateless (== no persistent uefi variables) ovmf build.  Has secure
+  boot support, the 'secboot' variant has secure boot enabled.  Does
+  not require SMM support.
+
+OVMF_CODE.4m.secboot.strictnx.fd
+
+  OVMF build with strict NX configuration (using r-x for code, rw- for
+  data).  Known to not work with some grub and linux kernel versions
+  because they use the wrong memory type for allocations and run into
+  NX faults.  Useful for bootloader development and CI.
+
+QEMU_EFI.strictnx.fd
+QEMU_EFI-strictnx-pflash.raw
+
+  ArmVirt build with strict NX configuration (see above for details).
+
+QEMU_EFI.secboot.testonly.fd
+QEMU_EFI-secboot-testonly-pflash.raw
+vars-template-secboot-testonly-pflash.raw
+
+  ArmVirt build with secure boot support.
+
+  Exposes the secure boot APIs, so they can be used for development /
+  testing / CI.
+
+  The EFI variable store is NOT protected, therefore the build is NOT
+  suitable for production use.
--- a/edk2-build.fedora
+++ b/edk2-build.fedora
@ -16,6 +16,7 @@ FD_SIZE_4MB              = TRUE
 [opts.ovmf.2m]
 FD_SIZE_2MB              = TRUE
 NETWORK_ISCSI_ENABLE     = FALSE
+NETWORK_TLS_ENABLE       = FALSE

 [opts.ovmf.sb.smm]
 SECURE_BOOT_ENABLE       = TRUE
@ -36,6 +37,9 @@ DEBUG_PRINT_ERROR_LEVEL  = 0x8040004F
 [opts.armvirt.silent]
 DEBUG_PRINT_ERROR_LEVEL  = 0x80000000

+[opts.armvirt.sb.testonly]
+SECURE_BOOT_ENABLE       = TRUE
+
 [opts.armvirt.kernel]
 TPM2_ENABLE              = FALSE
 TPM2_CONFIG_ENABLE       = FALSE
@ -195,9 +199,12 @@ conf = OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
 arch = RISCV64
 plat = RiscVVirtQemu
 dest = Fedora/riscv
-cpy1 = FV/RISCV_VIRT.fd
-cpy2 = FV/RISCV_VIRT.fd RISCV_VIRT.raw
-pad1 = RISCV_VIRT.raw 32m
+cpy1 = FV/RISCV_VIRT_CODE.fd
+cpy2 = FV/RISCV_VIRT_CODE.fd RISCV_VIRT_CODE.raw
+cpy3 = FV/RISCV_VIRT_VARS.fd
+cpy4 = FV/RISCV_VIRT_VARS.fd RISCV_VIRT_VARS.raw
+pad1 = RISCV_VIRT_CODE.raw 32m
+pad2 = RISCV_VIRT_VARS.raw 32m


 #####################################################################
@ -281,3 +288,17 @@ dest = Fedora/experimental
 cpy1 = FV/QEMU_EFI.fd  QEMU_EFI.strictnx.fd
 cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-strictnx-pflash.raw
 pad3 = QEMU_EFI-strictnx-pflash.raw  64m
+
+[build.armvirt.aa64.secboot.testonly]
+desc = ArmVirt build for qemu, 64-bit (arm v8), secure boot
+conf = ArmVirtPkg/ArmVirtQemu.dsc
+arch = AARCH64
+opts = ovmf.common
+       armvirt.verbose
+       armvirt.sb.testonly
+pcds = nx.strict
+plat = ArmVirtQemu-AARCH64
+dest = Fedora/experimental
+cpy1 = FV/QEMU_EFI.fd  QEMU_EFI.secboot.testonly.fd
+cpy3 = FV/QEMU_EFI.fd  QEMU_EFI-secboot-testonly-pflash.raw
+pad3 = QEMU_EFI-secboot-testonly-pflash.raw  64m
--- a/edk2-build.py
+++ b/edk2-build.py
@ -337,7 +337,8 @@ def main():
    parser.add_argument('-j', '--jobs', dest = 'jobs', type = str,
                        help = 'allow up to JOBS parallel build jobs',
                        metavar = 'JOBS')
-    parser.add_argument('-m', '--match', dest = 'match', type = str,
+    parser.add_argument('-m', '--match', dest = 'match',
+                        type = str, action = 'append',
                        help = 'only run builds matching INCLUDE (substring)',
                        metavar = 'INCLUDE')
    parser.add_argument('-x', '--exclude', dest = 'exclude',
@ -408,9 +409,14 @@ def main():
    for build in cfg.sections():
        if not build.startswith('build.'):
            continue
-        if options.match and options.match not in build:
-            print(f'# skipping "{build}" (not matching "{options.match}")')
-            continue
+        if options.match:
+            matching = False
+            for item in options.match:
+                if item in build:
+                    matching = True
+            if not matching:
+                print(f'# skipping "{build}" (not matching "{"|".join(options.match)}")')
+                continue
        if options.exclude:
            exclude = False
            for item in options.exclude:
--- a/edk2.spec
+++ b/edk2.spec
@ -6,13 +6,17 @@
 # in theory should build everywhere without much trouble, but
 # in practice the edk2 build system barfs on archs it doesn't know
 # (such as ppc), so lets limit things to the known-good ones.
-ExclusiveArch: x86_64 aarch64
+ExclusiveArch: x86_64 aarch64 riscv64

-# edk2-stable202302
-%define GITDATE        20230524
-%define GITCOMMIT      ba91d0292e59
-%define TOOLCHAIN      GCC5
-%define OPENSSL_VER    1.1.1k
+# edk2-stable202308
+%define GITDATE        20230825
+%define GITCOMMIT      819cfc6b42a6
+%define TOOLCHAIN      GCC
+
+%define OPENSSL_VER    3.0.7
+%define OPENSSL_COMMIT 3adb22b68e9fe61fc4863c2d2dc6cc6fc094b005
+
+%define PLATFORMS_COMMIT e509ac5a729e

 %define DBXDATE        20230509

@ -39,9 +43,9 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}
-Release:    %autorelease
+Release:    %autorelease -e 0.riscv64
 Summary:    UEFI firmware for 64-bit virtual machines
-License:    BSD-2-Clause-Patent and OpenSSL and MIT
+License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org

 # The source tarball is created using following commands:
@ -50,10 +54,11 @@ URL:        http://www.tianocore.org
 # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
 Source0: edk2-%{GITCOMMIT}.tar.xz
 Source1: ovmf-whitepaper-c770f8c.txt
-Source2: openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz
+Source2: openssl-rhel-%{OPENSSL_COMMIT}.tar.xz
 Source3: softfloat-%{softfloat_version}.tar.xz
-Source4: edk2-platforms-7880b92e2a04.tar.xz
+Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
 Source5: jansson-2.13.1.tar.bz2
+Source6: README.experimental

 # json description files
 Source10: 50-edk2-aarch64-qcow2.json
@ -77,6 +82,8 @@ Source46: 51-edk2-ovmf-2m-raw-x64-nosb.json
 Source47: 60-edk2-ovmf-x64-amdsev.json
 Source48: 60-edk2-ovmf-x64-inteltdx.json

+Source50: 50-edk2-riscv-qcow2.json
+
 # https://gitlab.com/kraxel/edk2-build-config
 Source80: edk2-build.py
 Source81: edk2-build.fedora
@ -96,23 +103,16 @@ Patch0007: 0007-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
 Patch0008: 0008-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
 Patch0009: 0009-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
 Patch0010: 0010-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
-Patch0011: 0011-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch
-Patch0012: 0012-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
-Patch0013: 0013-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
-Patch0015: 0015-OvmfPkg-PlatformPei-drop-S3Verification.patch
-Patch0016: 0016-OvmfPkg-PciHotPlugInitDxe-Do-not-reserve-IO-ports-by.patch
-Patch0017: 0017-OvmfPkg-PlatformInitLib-check-PcdUse1GPageTable.patch
-Patch0018: 0018-OvmfPkg-OvmfPkgIa32X64-enable-1G-pages.patch
-Patch0019: 0019-OvmfPkg-MicrovmX64-enable-1G-pages.patch
-Patch0020: 0020-OvmfPkg-VirtioSerialDxe-use-TPL_NOTIFY.patch
-Patch0021: 0021-OvmfPkg-QemuFlashFvbServicesRuntimeDxe-refine-flash-.patch
-Patch0022: 0022-OvmfPkg-PlatformInitLib-limit-phys-bits-to-46.patch
-Patch0023: 0023-ArmVirt-add-VirtioSerialDxe-to-ArmVirtQemu-builds.patch
-Patch0024: 0024-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtio.patch
-Patch0025: 0025-ArmVirt-PlatformBootManagerLib-factor-out-IsVirtioPc.patch
-Patch0026: 0026-ArmVirt-PlatformBootManagerLib-set-up-virtio-serial-.patch
-Patch0027: 0027-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
-Patch0028: 0028-ArmPkg-Add-Pcd-to-disable-EFI_MEMORY_ATTRIBUTE_PROTO.patch
+Patch0011: 0011-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
+Patch0012: 0012-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
+Patch0013: 0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
+Patch0014: 0014-ArmPkg-Add-Pcd-to-disable-EFI_MEMORY_ATTRIBUTE_PROTO.patch
+Patch0015: 0015-CryptoPkg-CrtLib-add-stat.h.patch
+Patch0016: 0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
+Patch0017: 0017-OvmfPkg-IoMmuDxe-don-t-rely-on-TPLs-to-manage-concur.patch
+Patch0018: 0018-OvmfPkg-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+Patch0019: 0019-OvmfPkg-AmdSev-Disable-PcdFirstTimeWakeUpAPsBySipi.patch
+Patch0020: 0020-OvmfPkg-AmdSev-fix-BdsPlatform.c-assertion-failure-d.patch


 # python3-devel and libuuid-devel are required for building tools.
@ -124,6 +124,13 @@ BuildRequires:  /usr/bin/iasl
 BuildRequires:  binutils gcc git gcc-c++ make
 BuildRequires:  qemu-img

+# openssl configure
+BuildRequires:  perl(FindBin)
+BuildRequires:  perl(IPC::Cmd)
+BuildRequires:  perl(File::Compare)
+BuildRequires:  perl(File::Copy)
+BuildRequires:  perl(JSON)
+
 %if %{build_ovmf}
 # Only OVMF includes 80x86 assembly files (*.nasm*).
 BuildRequires:  nasm
@ -159,7 +166,7 @@ Obsoletes:  OVMF < 20180508-100.gitee3198e672e2.el7
 # OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
 # library.
 Provides:   bundled(openssl) = %{OPENSSL_VER}
-License:    BSD-2-Clause-Patent and OpenSSL
+License:    BSD-2-Clause-Patent and Apache-2.0

 # URL taken from the Maintainers.txt file.
 URL:        http://www.tianocore.org/ovmf/
@ -181,7 +188,7 @@ Conflicts:  libvirt-daemon-driver-qemu < 9.2.0

 # No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
 Provides:   bundled(openssl) = %{OPENSSL_VER}
-License:    BSD-2-Clause-Patent and OpenSSL
+License:    BSD-2-Clause-Patent and Apache-2.0

 # URL taken from the Maintainers.txt file.
 URL:        https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
@ -218,7 +225,7 @@ environment for the UEFI and PI specifications. This package contains sample
 %if %{defined fedora}
 %package ovmf-ia32
 Summary:        Open Virtual Machine Firmware
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 Provides:       bundled(openssl)
 BuildArch:      noarch
 %description ovmf-ia32
@ -227,26 +234,27 @@ Open Virtual Machine Firmware (ia32)

 %package ovmf-xen
 Summary:        Open Virtual Machine Firmware, Xen build
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 Provides:       bundled(openssl)
 BuildArch:      noarch
 %description ovmf-xen
 EFI Development Kit II
 Open Virtual Machine Firmware (Xen build)

-%package ovmf-experimental
+%package experimental
 Summary:        Open Virtual Machine Firmware, experimental builds
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 Provides:       bundled(openssl)
+Obsoletes:      edk2-ovmf-experimental < 20230825
 BuildArch:      noarch
-%description ovmf-experimental
+%description experimental
 EFI Development Kit II
 Open Virtual Machine Firmware (experimental builds)

 %package arm
 Summary:        ARM Virtual Machine Firmware
 BuildArch:      noarch
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 %description arm
 EFI Development Kit II
 ARMv7 UEFI Firmware
@ -254,14 +262,14 @@ ARMv7 UEFI Firmware
 %package riscv64
 Summary:        RISC-V Virtual Machine Firmware
 BuildArch:      noarch
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 %description riscv64
 EFI Development Kit II
 RISC-V UEFI Firmware

 %package ext4
 Summary:        Ext4 filesystem driver
-License:        BSD-2-Clause-Patent and OpenSSL
+License:        BSD-2-Clause-Patent and Apache-2.0
 BuildArch:      noarch
 %description ext4
 EFI Development Kit II
@ -305,11 +313,13 @@ mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
 chmod -Rf a+rX,u+w,g-w,o-w .

 cp -a -- \
+   %{SOURCE6} \
   %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
   %{SOURCE20} \
   %{SOURCE30} %{SOURCE31} %{SOURCE32} \
   %{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \
   %{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \
+   %{SOURCE50} \
   %{SOURCE80} %{SOURCE81} %{SOURCE82} %{SOURCE83} \
   %{SOURCE90} %{SOURCE91} \
   .
@ -355,6 +365,7 @@ export EXTRA_LDFLAGS="%{__global_ldflags}"
 export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')"

 touch OvmfPkg/AmdSev/Grub/grub.efi   # dummy
+python3 CryptoPkg/Library/OpensslLib/configure.py

 %if %{build_ovmf}
 %if %{defined rhel}
@ -395,7 +406,8 @@ done
 virt-fw-vars --input   Fedora/experimental/OVMF.stateless.fd \
             --output  Fedora/experimental/OVMF.stateless.secboot.fd \
             --set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
-             --enroll-redhat --secure-boot
+             --enroll-redhat --secure-boot \
+             --set-fallback-no-reboot

 for image in \
 	Fedora/ovmf/OVMF_CODE.secboot.fd \
@ -422,6 +434,9 @@ done
 %else
 ./edk2-build.py --config edk2-build.fedora --silent --release-date "$RELEASE_DATE" -m armvirt
 ./edk2-build.py --config edk2-build.fedora.platforms --silent -m aa64
+virt-fw-vars --input   Fedora/aarch64/vars-template-pflash.raw \
+             --output  Fedora/experimental/vars-template-secboot-testonly-pflash.raw \
+             --enroll-redhat --secure-boot
 %endif
 for raw in */aarch64/*.raw; do
    qcow2="${raw%.raw}.qcow2"
@ -432,12 +447,17 @@ done
 %if %{build_riscv64}
 ./edk2-build.py --config edk2-build.fedora --silent --release-date "$RELEASE_DATE" -m riscv
 ./edk2-build.py --config edk2-build.fedora.platforms --silent -m riscv
+for raw in */riscv/*.raw; do
+    qcow2="${raw%.raw}.qcow2"
+    qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
+    rm -f "$raw"
+done
 %endif

 %install

 cp -a OvmfPkg/License.txt License.OvmfPkg.txt
-cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
+cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl
 mkdir -p %{buildroot}%{_datadir}/qemu/firmware

 # install the tools
@ -530,6 +550,15 @@ install -m 0644 \
 # endif build_aarch64
 %endif

+%if %{build_riscv64}
+
+install -m 0644 \
+        50-edk2-riscv-qcow2.json \
+        %{buildroot}%{_datadir}/qemu/firmware
+
+# endif build_riscv64
+%endif
+
 %if %{defined fedora}

 # edk2-tools-python install
@ -667,8 +696,9 @@ done
 %{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb.json
 %{_datadir}/qemu/firmware/50-edk2-ovmf-ia32-nosb.json

-%files ovmf-experimental
+%files experimental
 %common_files
+%doc README.experimental
 %dir %{_datadir}/%{name}/experimental
 %{_datadir}/%{name}/experimental/*.fd
 %{_datadir}/%{name}/experimental/*.raw
@ -694,7 +724,8 @@ done
 %files riscv64
 %common_files
 %{_datadir}/%{name}/riscv/*.fd
-%{_datadir}/%{name}/riscv/*.raw
+%{_datadir}/%{name}/riscv/*.qcow2
+%{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json

 %files ext4
 %common_files
--- a/6
+++ b/6
@ -1,5 +1,5 @@
 SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30
 SHA512 (jansson-2.13.1.tar.bz2) = 057f0eda43e4162569888d739f4d78d1d02fce8359400d8f66fdc6e440b0405cb457e1126820dc8ce51e9c4a7f4b7effc640caf1d54307c78c0c47c3fc093011
-SHA512 (openssl-rhel-d00c3c5b8a9d6d3ea3dabfcafdf36afd61ba8bcc.tar.xz) = 418f8476e80c79e76ba2225670075f95ae75065b23cad9180daac5149e02f11deaa6551e1f70d04fe4b275b0e5f2756f890738693516a737d6f84ee8cd839019
-SHA512 (edk2-ba91d0292e59.tar.xz) = bbf1c45a168528f057b8e1b43b7bec8eba68238b07ec9cff08a0478cb7f6599c233c18c45fea1044892bb600435070b205e01e108c745274fdd5954109968974
-SHA512 (edk2-platforms-7880b92e2a04.tar.xz) = 054cff28dd9ffa634067a9572570bd397dad892c056f174166f2d2acad52d3623b5768dac99d0a836e44b4a90fce965acc75a59446c9a48b7042b9d62439c7fb
+SHA512 (edk2-819cfc6b42a6.tar.xz) = c15af78de67b8eeb6a1070dbdfe535c0f6686ff5a602e6b2592c2736fe669f047e948206f6c80acbdb6d3ae372f5bad71caa3c7c8f7bad2056358b2c6eda1e37
+SHA512 (edk2-platforms-e509ac5a729e.tar.xz) = 3722fe9916cba417807ebfb16d6b930e02a4645bd41d759e56799225bce6c71fb44245fa5879463761e1df45180bb715825d7ccbd96e0e1f95a90cf3bd3a05c5
+SHA512 (openssl-rhel-3adb22b68e9fe61fc4863c2d2dc6cc6fc094b005.tar.xz) = 93ccefcf79b90d6661dbce51307511fd2427480d06ec0da9ec786030638f6a59a4bf15129288baac56b26eb64152f65101d5c64bc29859d5face0dbaa0400275
Author	SHA1	Message	Date
David Abdurachmanov	634804e1ab	Enable building on riscv64 Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>	2023-09-07 20:03:00 +03:00
Gerd Hoffmann	9a94e6f906	cherry-pick edk2 bugfixes	2023-09-06 08:20:35 +02:00
Gerd Hoffmann	9cf97d0705	add README.experimental	2023-09-06 08:01:43 +02:00
Gerd Hoffmann	6614f291c6	rename subpackage ovmf-experimental to experimental	2023-09-06 08:01:43 +02:00
Gerd Hoffmann	0279a8196d	stateless: add --set-fallback-no-reboot	2023-09-06 08:01:43 +02:00
Gerd Hoffmann	222487dd93	add experimental + testonly secure boot build for armvirt It isn't actually secure, but exposes the secure boot APIs and might be useful for development + CI purposes.	2023-09-06 08:01:00 +02:00
Gerd Hoffmann	34231a5eb6	update edk2 build script	2023-09-06 08:01:00 +02:00
Gerd Hoffmann	a8b54e7c53	add buildrequires: perl modules for openssl configure	2023-09-06 08:01:00 +02:00
Gerd Hoffmann	fae250a1be	openssl licence update (3.0.x uses apache 2.0).	2023-09-06 08:01:00 +02:00
Gerd Hoffmann	8fd9ce42f3	add riscv firmware json file	2023-09-06 08:01:00 +02:00
Gerd Hoffmann	2c36bf7de4	split code/vars builds for riscv	2023-09-06 07:59:58 +02:00
Gerd Hoffmann	9736356a35	disable TLS for 2M builds b/c of running out of space.	2023-09-06 07:59:58 +02:00
Gerd Hoffmann	ff36b6b0d0	rebase to edk2-stable202308, update patches and openssl tarball	2023-09-06 07:59:58 +02:00