OvmfPkg: Rerun dispatcher after initializing virtio-rng

Since the pixiefail CVE fix the network stack requires a hardware random number generator. This can currently be a modern CPU supporting the RDRAND instruction or a virtio-rng device. The latter is initialized during the BDS phase. To ensure all depending (network) modules are also started, we need to run the dispatcher once more after the device was initialized. Without this, network boot is not available under certain hardware configurations. Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") Analysed-by: Stefano Garzarella <sgarzare@redhat.com> Suggested-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Oliver Steffen <osteffen@redhat.com>
2025-07-23 13:44:33 +02:00 · 2024-11-04 19:00:11 +01:00 · 2024-11-04 19:00:11 +01:00 · 9c4542a064
commit 9c4542a064
parent 3ee2ceb6fa
1 changed files with 2 additions and 0 deletions
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@ -670,6 +670,8 @@ ConnectVirtioPciRng (
    if (EFI_ERROR (Status)) {
      goto Error;
    }
+
+    gDS->Dispatch ();
  }

  return EFI_SUCCESS;