RHBA-2016:2608 - Bug Fix Advisory

Topic

Updated ovmf packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7.

Description

OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Note that OVMF is provided as a Technical Preview.

The ovmf package has been upgraded to upstream version 20160608b-1.git988715a.el7, which provides a number of bug fixes and enhancements over the previous version, notably:

• Previously, guest virtual machines that were installed using the "OVMF_CODE.fd" firmware binary file appeared to have the Secure Boot operating mode enabled, which was not true, because "OVMF_CODE.fd" lacks the Secure Boot feature. With this update, the Secure Boot operating mode is visibly disabled at the first shutdown of the described guest machines, which no longer incorrectly states that the Secure Boot mode is enabled.
• With this update, the "OVMF_CODE.secboot.fd" firmware binary file includes the Secure Boot feature. This binary can be used with pc-q35-rhel7.3.0 and later Q35 machine types only, and it also requires the RHEL-7.3 GA version of host kernel or later.

(BZ#1182495, BZ#1202819, BZ#1207554, BZ#1259395, BZ#1270279, BZ#1308678)

Users of OVMF are advised to upgrade to this updated package, which fixes these bugs and add these enhancements.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64

Fixes

• BZ - 1193080 - RFE: Support multiple PCI root buses
• BZ - 1202819 - OVMF: secure boot limitations
• BZ - 1257882 - FEAT: support to boot from virtio 1.0 modern devices
• BZ - 1308678 - clearly separate SB-less, SMM-less OVMF binary from SB+SMM OVMF binary
• BZ - 1330955 - VM can not be booted up from hard disk successfully when with a passthrough USB stick
• BZ - 1332408 - Q35 machine can not hot-plug scsi controller under switch
• BZ - 1333238 - Q35 machine can not boot up successfully with more than 3 virtio-scsi storage controller under switch
• BZ - 1341733 - prevent SMM stack overflow in OVMF while enrolling certificates in "db"
• BZ - 1353494 - [OVMF] "EFI Internal Shell" should be removed from "Boot Manager"
• BZ - 1356184 - refresh embedded OpenSSL to 1.0.2h
• BZ - 1356913 - fix use-without-initialization in EnrollDefaultKeys.efi

CVEs

(none)

References

(none)