Skip to content

Commit

Permalink
OvmfPkg: Rerun dispatcher after initializing virtio-rng
Browse files Browse the repository at this point in the history 
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.

Fixes: 4c4ceb2 ("NetworkPkg: SECURITY PATCH CVE-2023-45237")

Analysed-by: Stefano Garzarella <[email protected]>
Suggested-by: Gerd Hoffmann <[email protected]>
Signed-off-by: Oliver Steffen <[email protected]>
  • Loading branch information
@osteffenrh @mergify
osteffenrh authored and mergify[bot] committed Nov 27, 2024
1 parent 3ee2ceb commit 9c4542a
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -670,6 +670,8 @@ ConnectVirtioPciRng (
if (EFI_ERROR (Status)) {
goto Error;
}

gDS->Dispatch ();
}

return EFI_SUCCESS;
Expand Down

0 comments on commit 9c4542a

Please sign in to comment.