{"bugs":[{"bugid":867772,"firstseen":"2022-08-31T23:57:11.360898","severity":"normal","status":"UNCONFIRMED","summary":"sys-cluster\/minikube: kvm2 driver uses wrong hardcoded paths for aarch64 efi firmware (sys-firmware\/edk2)"},{"bugid":921729,"firstseen":"2024-01-10T23:52:26.553903","severity":"normal","status":"CONFIRMED","summary":"sys-firmware\/edk2{,-bin}: multiple vulnerabilities"},{"bugid":922253,"firstseen":"2024-01-17T00:00:11.216575","severity":"normal","status":"CONFIRMED","summary":"sys-firmware\/edk2{-bin,}: multiple vulnerabilities"}],"categories":[{"categoryid":338,"name":"app-admin","summary":"The app-admin category contains non-core applications which relate to system administration."},{"categoryid":321,"name":"app-emulation","summary":"The app-emulation category contains emulation software."},{"categoryid":470,"name":"sys-firmware","summary":"The sys-firmware category contains misc. firmware and microcode."},{"categoryid":382,"name":"x11-misc","summary":"The x11-misc category contains miscellaneous X11 applications which do not belong elsewhere."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"2224ae471ea5214d2731b1ba19883dea2c7f3dc6","committime":"2024-10-10T16:48:46","packageid":77763,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The source package now supports other platforms so follow suit.\n\nSigned-off-by: James Le Cuirot ","commitid":"32958cecf72d3efd9c1c47a239faaba1f17ed26e","committime":"2024-09-27T16:29:45","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2-ovmf-bin: Rename to edk2-bin to support other platforms"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The filenames used here differ from Fedora, which ships far more\nvariants. I felt it unnecessary to include the raw and unpadded images\nwhen the padded QCOW2 images should be all you need.\n\nQEMU_EFI.secboot_INSECURE.qcow2 does have Secure Boot enabled, but it\nmust not be used in production. The lack of an SMM implementation for\narm64 in this firmware means that the EFI variable store is unprotected,\nmaking the firmware unsafe.\n\nSigned-off-by: James Le Cuirot ","commitid":"33a4360bc3b6c40315c4e36380839b489e72f9d5","committime":"2024-09-26T16:47:52","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add arm64 VM support to 202408"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The new version bump won't use this.\n\nCloses: https:\/\/bugs.gentoo.org\/853271\nSigned-off-by: James Le Cuirot ","commitid":"14804cc2b74bb38b68677ab2727d374be0cad71b","committime":"2024-09-25T16:42:44","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Add missing BDEPEND on sys-apps\/which"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"Closes: https:\/\/bugs.gentoo.org\/937610\nSigned-off-by: James Le Cuirot ","commitid":"94a911f6b4a29c7187ee9a60a96239a2ee77b869","committime":"2024-09-25T16:39:52","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Apply missing -Werror and hardened patches to 202405"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"I don't think using UefiShell.img actually works any more, but the new version\nbump will automatically create OVMF_VARS.secboot.fd for you.\n\nCloses: https:\/\/bugs.gentoo.org\/926630\nSigned-off-by: James Le Cuirot ","commitid":"21806a819cc79eb9f19415f7b5ed29393c2a3f43","committime":"2024-09-25T15:17:24","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Drop obsolete reference to USE=binary and update URL"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"There is a lot of overlap in building firmware for other platforms from\nsource, so it makes sense to have one source package.\n\nSigned-off-by: James Le Cuirot ","commitid":"fa0b11750c1993b03e87a4180789f5342660fb8e","committime":"2024-09-25T13:56:27","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2-ovmf: Rename to edk2 to support other platforms"},{"authoremail":"chewi@gentoo.org","authorname":"James Le Cuirot","body":"The ebuild has been largely rewritten. It now:\n\n* Respects CC, CXX, and flags when building the base tools.\n* Doesn't use gcc\/cc when building the firmware, enabling cross.\n* Prepares the ground for supporting platforms other than OVMF for x64.\n* Installs OVMF_VARS.secboot.fd prepared with virt-fw-vars.\n* Includes the latest UEFI DBX update in OVMF_VARS.secboot.fd.\n* Adds 4MB variants of the .fd images (in QCOW2 format).\n* Fixes network support broken by a recent bump.\n* Drops EnrollDefaultKeys.efi and UefiShell.img\n The enrollment tool hasn't actually worked for a while and is no longer needed\n now that we provide OVMF_VARS.secboot.fd. UefiShell.img is therefore of little\n use, and other distros now provide UefiShell.iso instead anyway. We can do the\n same if there is sufficient interest.\n\nThis moves us closer to Fedora, but they ship far more variants. They\nhave a large Python wrapper around upstream's build system, which is\nunusual in itself. Building all these would make the ebuild much more\ncomplex, take a long time, and use up more disk space. Perhaps USE flags\ncould help here, but I'm not sure what all these variants are for.\n\nI also decided to install to paths based on upstream's names, e.g.\nedk2\/ArmVirtQemu-AARCH64 as opposed to Fedora's edk2\/aarch64 because\nmixing QEMU with Xen and others would be confusing when there are many\nsimilarly named files, even within a single architecture.\n\nCloses: https:\/\/bugs.gentoo.org\/891191\nCloses: https:\/\/bugs.gentoo.org\/921819\nCloses: https:\/\/bugs.gentoo.org\/929838\nSigned-off-by: James Le Cuirot ","commitid":"261679779725bee6e18de4b66f0674796a2d1278","committime":"2024-09-25T13:50:28","packageid":77763,"repoid":1,"summary":"sys-firmware\/edk2: Bump to 202408, Python 3.13, many other improvements"}],"dependencies":[],"depending":[{"block":false,"categoryid":321,"description":"QEMU + Kernel-based Virtual Machine userland tools","ebuildids":[337271,337271,824569,824569,840110,840110,840111,840111,845652,845652,845655,845655,845656,845656,845657,845657,848765,848765],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"qemu@gentoo.org","maintainername":"Gentoo QEMU Project","name":"qemu","packageid":54810},{"block":false,"categoryid":382,"description":"Preview a GRUB 2.x theme using KVM\/QEMU","ebuildids":[786582,805417,840158,842806,842932],"firstseen":"2015-05-03T13:38:19.528443","maintainer":"sping@gentoo.org","maintainername":"Sebastian Pipping","name":"grub2-theme-preview","packageid":63428},{"block":false,"categoryid":338,"description":"Build Bespoke OS Images","ebuildids":[816036,836327],"firstseen":"2021-11-29T15:56:52.924950","name":"mkosi","packageid":73684},{"block":true,"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","ebuildids":[840582,840583],"firstseen":"2024-10-10T17:55:36.563855","name":"edk2-bin","packageid":77764}],"ebuilds":[{"archs":["-*","~amd64","~arm64"],"ebuildid":840581,"firstseen":"2024-10-10T17:55:36.563855","license":"BSD-2 MIT","moddate":"2024-12-17T22:35:48","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202408"},{"archs":["-*","~amd64"],"ebuildid":840580,"firstseen":"2024-10-10T17:55:36.563855","license":"BSD-2 MIT","moddate":"2024-12-17T22:35:48","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202405"},{"archs":["-*","amd64"],"ebuildid":840579,"firstseen":"2024-10-10T17:55:36.563855","license":"BSD-2 MIT","moddate":"2024-12-17T22:35:48","packageid":77763,"repoid":1,"slot":"0","uses":["secureboot"],"version":"202202"}],"masks":[],"package":{"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","firstseen":"2024-10-10T17:55:36.563855","name":"edk2","packageid":77763},"rdependencies":[{"block":true,"categoryid":470,"description":"TianoCore EDK II UEFI firmware for virtual machines","ebuildids":[840579,840580,840581],"firstseen":"2024-10-10T17:55:36.563855","name":"edk2-bin","packageid":77764}],"repos":[{"branch":"master","lastcommit":"4757fa8c4189b9ec3bce6a040e199a63d1cebdaa","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/github.com\/tianocore\/edk2"],"uses":[{"description":"Automatically sign efi executables using user specified key","isdefault":false,"use":"secureboot"}]}