From 34254ef77a48d8b37cf5539958d11a167b92f97c Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Mon, 26 Aug 2024 14:43:37 -0700 Subject: [PATCH] edk2: Deprecate hvloader; introduce edk2-hvloader (#10221) --- .github/CODEOWNERS | 1 - LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md | 2 +- LICENSES-AND-NOTICES/SPECS/data/licenses.json | 1 - SPECS/edk2/edk2.signatures.json | 4 +- SPECS/edk2/edk2.spec | 38 ++++++++- .../hvloader-target.txt} | 0 SPECS/hvloader/hvloader.signatures.json | 7 -- SPECS/hvloader/hvloader.spec | 77 ------------------- 8 files changed, 41 insertions(+), 89 deletions(-) rename SPECS/{hvloader/target-x86.txt => edk2/hvloader-target.txt} (100%) delete mode 100644 SPECS/hvloader/hvloader.signatures.json delete mode 100644 SPECS/hvloader/hvloader.spec diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 756c521148..f6cff4b97c 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -62,7 +62,6 @@ /SPECS/virtiofsd/* @microsoft/cbl-mariner-kata-containers /SPECS/cloud-hypervisor-cvm/* @microsoft/cbl-mariner-kata-containers -/SPECS/hvloader/* @microsoft/cbl-mariner-kata-containers /SPECS/cloud-init/* @microsoft/cbl-mariner-provisioning /SPECS/walinuxagent/* @microsoft/cbl-mariner-provisioning diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md index 650576f187..5d6961423c 100644 --- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md +++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md @@ -9,7 +9,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq | | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib | | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka | -| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-release
azurelinux-repos
azurelinux-rpm-macros
azurelinux-sysinfo
bazel
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor-cvm
cmake-fedora
containerd
coredns
dcos-cli
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
hvloader
ig
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
local-path-provisioner
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | +| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-nvme-utils
azure-storage-cpp
azurelinux-release
azurelinux-repos
azurelinux-rpm-macros
azurelinux-sysinfo
bazel
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor-cvm
cmake-fedora
containerd
coredns
dcos-cli
debugedit
dejavu-fonts
distroless-packages
docker-buildx
docker-cli
docker-compose
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
ig
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
kata-packages-uvm
keda
keras
kernel-signed
kernel-uki
kernel-uki-signed
kpatch
kube-vip-cloud-provider
kubernetes
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
lld
local-path-provisioner
lsb-release
ltp
lttng-consume
mm-common
moby-containerd-cc
moby-engine
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-libevdev
python-logutils
python-ml-dtypes
python-namex
python-nocasedict
python-omegaconf
python-opt-einsum
python-optree
python-pecan
python-pip
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-setuptools
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-yamlloader
R
rabbitmq-server
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
runc
sdbus-cpp
sgx-backwards-compatibility
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
sriov-network-device-plugin
SymCrypt
SymCrypt-OpenSSL
systemd-boot-signed
tensorflow
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | | Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan | | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad | | NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | libnvidia-container
mlnx-tools
mlx-bootctl
nvidia-container-toolkit
ofed-scripts
perftest | diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json index 5b27bca1ad..1b1f8ffd6a 100644 --- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json +++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json @@ -2231,7 +2231,6 @@ "GSL", "gtk-update-icon-cache", "helm", - "hvloader", "ig", "intel-pf-bb-config", "ivykis", diff --git a/SPECS/edk2/edk2.signatures.json b/SPECS/edk2/edk2.signatures.json index 104816979d..3a5fe9358e 100644 --- a/SPECS/edk2/edk2.signatures.json +++ b/SPECS/edk2/edk2.signatures.json @@ -28,9 +28,11 @@ "edk2-build.py": "b4be60833465d372662ac4f1f89f40b9c65d59fb17f7716059f980503069ddb7", "edk2-build.rhel-9": "477723037cadf03fa15756de563995cc556ccf84d9a4ba059ea37c97c3a0e3e7", "edk2-platforms-a912d9fcf7d1.tar.xz": "dc2c8a0eb131ccba28f52c83d14617cae049ddd466f98a8cd229215051b9754a", + "hvloader-286f1c642ed624af2c7840fbca7923497891fe68.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba", + "hvloader-target.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8", "jansson-2.13.1.tar.bz2": "ee90a0f879d2b7b7159124ff22b937a2a9a8c36d3bb65d1da7dd3f04370a10bd", "openssl-rhel-db0287935122edceb91dcda8dfb53b4090734e22.tar.xz": "9fcc5b49513d6ae21c7ddc3d1bbb1f8973cfbe76f2392d10106a8cd435e3eb47", "ovmf-whitepaper-c770f8c.txt": "842518adadaa837914dbb13a6628002fb7f7acca107c6d6f41815b399dc9f8b8", "softfloat-20180726-gitb64af41.tar.xz": "c7f2172357ca3022621b9464fd92bf2b462256bda3e019bf9a669fa6b5aeea91" } -} \ No newline at end of file +} diff --git a/SPECS/edk2/edk2.spec b/SPECS/edk2/edk2.spec index 59f55aaf8d..c0f0dfe6c2 100644 --- a/SPECS/edk2/edk2.spec +++ b/SPECS/edk2/edk2.spec @@ -39,6 +39,9 @@ ExclusiveArch: x86_64 %define DBXDATE 20230509 +%define HVLOADER_VER 1.0.1 +%define HVLOADER_COMMIT 286f1c642ed624af2c7840fbca7923497891fe68 + %define build_ovmf 1 %define build_aarch64 0 %define build_riscv64 0 @@ -52,7 +55,7 @@ ExclusiveArch: x86_64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 1%{?dist} +Release: 2%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain URL: http://www.tianocore.org @@ -68,6 +71,8 @@ Source3: softfloat-%{softfloat_version}.tar.xz Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz Source5: jansson-2.13.1.tar.bz2 Source6: README.experimental +Source7: hvloader-%{HVLOADER_COMMIT}.tar.gz +Source8: hvloader-target.txt # json description files Source10: 50-edk2-aarch64-qcow2.json @@ -305,6 +310,18 @@ This package provides tools that are needed to build EFI executables and ROMs using the GNU tools. You do not need to install this package; you probably want to install edk2-tools only. +%package hvloader +Summary: Loader binary for loading type 1 hypervisors under Linux. +Requires: python3 + +%description hvloader +HvLoader.efi is an EFI application for loading an external hypervisor loader. + +HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and +calls it's entry point passing HvLoader.efi ImageHandle. This way the +hypervisor loader binary has access to HvLoader.efi's command line options, +and use those as configuration parameters. The first HvLoader.efi command line +option is the path to hypervisor loader binary. %prep @@ -330,6 +347,7 @@ tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatL tar -xf %{SOURCE4} --strip-components=1 --wildcards "*/Drivers" "*/Features" "*/Platform" "*/Silicon" mkdir -p RedfishPkg/Library/JsonLib/jansson tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson + # include paths pointing to unused submodules mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include @@ -353,6 +371,10 @@ cp -a -- \ %{SOURCE90} %{SOURCE91} \ . +# extract hvloader source into place +tar -xf %{SOURCE7} --directory MdeModulePkg/Application +sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/HvLoader-%{HVLOADER_VER}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc + %build chmod +x ./edk2-build.py @@ -475,6 +497,11 @@ for raw in */riscv/*.raw; do done %endif +source ./edksetup.sh +make -C BaseTools +cp %{SOURCE8} Conf/target.txt +build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader.inf + %install cp -a OvmfPkg/License.txt License.OvmfPkg.txt @@ -573,6 +600,9 @@ done %py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python %endif +mkdir -p %{buildroot}/boot/efi +cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/HvLoader-%{HVLOADER_VER}/HvLoader/OUTPUT/HvLoader.efi %{buildroot}/boot/efi + %check for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do test -f "$file" || continue @@ -749,7 +779,13 @@ done %dir %{_datadir}/%{name} %{_datadir}/%{name}/Python +%files hvloader +/boot/efi/HvLoader.efi + %changelog +* Wed Aug 21 2024 Cameron Baird - 20240524git3e722403cd16-2 +- Introduce edk2-hvloader subpackage + * Tue Jul 30 2024 Betty Lakes - 20240524git3e722403cd16-1 - Upgrade to 20240524git3e722403cd16 to fix CVE-2023-45236, CVE-2023-45237 diff --git a/SPECS/hvloader/target-x86.txt b/SPECS/edk2/hvloader-target.txt similarity index 100% rename from SPECS/hvloader/target-x86.txt rename to SPECS/edk2/hvloader-target.txt diff --git a/SPECS/hvloader/hvloader.signatures.json b/SPECS/hvloader/hvloader.signatures.json deleted file mode 100644 index f391cb64fe..0000000000 --- a/SPECS/hvloader/hvloader.signatures.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "Signatures": { - "edk2-stable202405-submodules.tar.gz": "aa9ef0f245b006c3e2cb069cf3356d3e8942b41b9d6cda5349be265548b15e5f", - "hvloader-1.0.1.tar.gz": "4e0a15cfab98a89a0a93f747df876ea3ee5366c3ffbd158c28e296bf52c7dfba", - "target-x86.txt": "fcf4f427d3b80e67296be2a1d17ec124d65f673d4f6ea37d238f8d3fc1ddc4b8" - } -} \ No newline at end of file diff --git a/SPECS/hvloader/hvloader.spec b/SPECS/hvloader/hvloader.spec deleted file mode 100644 index 5a0e46fb27..0000000000 --- a/SPECS/hvloader/hvloader.spec +++ /dev/null @@ -1,77 +0,0 @@ -%define debug_package %{nil} -%define name_github HvLoader -%define edk2_tag edk2-stable202405 -Summary: HvLoader.efi is an EFI application for loading an external hypervisor loader. -Name: hvloader -Version: 1.0.1 -Release: 5%{?dist} -License: MIT -Vendor: Microsoft Corporation -Distribution: Azure Linux -Group: Applications/System -URL: https://github.com/microsoft/HvLoader -Source0: https://github.com/microsoft/HvLoader/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz -# Instructions to generate edk2 submodules: https://github.com/tianocore/edk2/tree/edk2-stable202405?tab=readme-ov-file#submodules -Source1: https://github.com/tianocore/edk2/archive/refs/tags/%{edk2_tag}.tar.gz#/%{edk2_tag}-submodules.tar.gz -Source2: target-x86.txt -BuildRequires: bc -BuildRequires: gcc -BuildRequires: build-essential -BuildRequires: gcc-c++ -BuildRequires: genisoimage -BuildRequires: acpica-tools -BuildRequires: libuuid-devel -BuildRequires: nasm -BuildRequires: python3 -BuildRequires: python3-devel -ExclusiveArch: x86_64 - -%description -HvLoader.efi is an EFI application for loading an external hypervisor loader. - -HvLoader.efi loads a given hypervisor loader binary (DLL, EFI, etc.), and -calls it's entry point passing HvLoader.efi ImageHandle. This way the -hypervisor loader binary has access to HvLoader.efi's command line options, -and use those as configuration parameters. The first HvLoader.efi command line -option is the path to hypervisor loader binary. - -%prep -%autosetup -a 0 -a 1 -c "%{name}-%{version}" -set -x -ls -l -mv %{name_github}-%{version} MdeModulePkg/Application - -%build -export EDK_TOOLS_PATH=$(pwd)/BaseTools -source ./edksetup.sh -make -C BaseTools -sed -i '/MdeModulePkg\/Application\/HelloWorld\/HelloWorld.inf/a \ \ MdeModulePkg\/Application\/%{name_github}-%{version}/HvLoader.inf' MdeModulePkg/MdeModulePkg.dsc -cp %{SOURCE2} Conf/target.txt -build -p MdeModulePkg/MdeModulePkg.dsc -m MdeModulePkg/Application/%{name_github}-%{version}/HvLoader.inf - -%install -mkdir -p %{buildroot}/boot/efi -cp ./Build/MdeModule/RELEASE_GCC5/X64/MdeModulePkg/Application/%{name_github}-%{version}/%{name_github}/OUTPUT/HvLoader.efi %{buildroot}/boot/efi - -%files -%license MdeModulePkg/Application/%{name_github}-%{version}/LICENSE -/boot/efi/HvLoader.efi - -%changelog -* Thu Jul 25 2024 Betty Lakes - 1.0.1-5 -- Update edk2_tag to edk2-stable202405 to fix CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45236, CVE-2023-45237 -- Remove CVE-2024-1298 and CVE-2023-0464 patches, since they were fixed in version edk2-stable202405 - -* Fri Jul 12 2024 Archana Choudhary - 1.0.1-4 -- Add patch to resolve CVE-2023-0464 - -* Fri Jul 12 2024 Archana Choudhary - 1.0.1-3 -- Add patch to resolve CVE-2024-1298 - -* Wed Jun 05 2024 Chris Co - 1.0.1-2 -- Update edk2_tag to edk2-stable202305 - -* Tue May 02 2023 Cameron Baird - 1.0.1-1 -- Add hvloader.spec -- License verified -- Original version for CBL-Mariner