control: retitle -1 qemu-efi-aarch64: Secure Boot regression for some arm64 VMs control: reassign -1 qemu-efi-aarch64 2025.02-7 control: severity -1 serious control: affects -1 incus
Release 2025.02-5 of src:edk2 dropped the patch Revert-ArmVirtPkg- make-EFI_LOADER_DATA-non-executabl.patch. This has caused a regression for (at least) Debian bookworm and Ubuntu 22.04 arm64 VMs when booting with Secure Boot enabled. I have verified that re-applying that patch to src:edk2 2025.02-7 allows these VMs to boot once again. Mathias
From c2df6203da5df1ab015e51f6d6c3049ce7867d69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@stgraber.org> Date: Fri, 15 Sep 2023 11:13:23 -0400 Subject: [PATCH] Revert "ArmVirtPkg: make EFI_LOADER_DATA non-executable" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 2997ae38739756ecba9b0de19e86032ebc689ef9. Signed-off-by: Stéphane Graber <stgra...@stgraber.org> --- ArmVirtPkg/ArmVirt.dsc.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 5384a41818..fe1ae25a93 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -383,7 +383,7 @@ # build command line you can allow code execution in EfiLoaderData. This is # required when using some outdated GRUB versions. # - gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD5 + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1 gEfiMdeModulePkgTokenSpaceGuid.PcdCpuStackGuard|TRUE
signature.asc
Description: This is a digitally signed message part
