edk2 (2025.02-5) unstable; urgency=medium

  The EFI_MEMORY_ATTRIBUTE_PROTOCOL is now enabled by default in the
  OVMF_CODE_4M.secboot.fd image. This is a security feature that will
  cause crashes for operating systems with bootloaders that do not
  observe proper memory access semantics. Users that experience issues
  with such bootloaders have the options to either append the following
  to the qemu-system-x86_64 command line:
    -fw_cfg name=opt/org.tianocore/UninstallMemAttrProtocol,string=y
  or switch to the OVMF_CODE_4M.fd (non-secboot) image, which uninstalls
  this protocol by default.

 -- dann frazier <dannf@debian.org>  Fri, 28 Mar 2025 08:23:47 -0600

edk2 (2025.02-1) unstable; urgency=medium

  For security reasons, network boot options are no longer usable in
  guests that lack a random number generator. You can add a random
  number generator to QEMU guests with `-device virtio-rng-pci`, or by
  using the equivalent libvirt configuration:
    https://libvirt.org/formatdomain.html#random-number-generator-device

 -- dann frazier <dannf@debian.org>  Sun, 09 Mar 2025 15:12:43 -0600

edk2 (2023.11-2) unstable; urgency=medium

  The 2MB ovmf pflash images, OVMF_CODE.*.fd and OVMF_VARS.*.fd, have now
  been removed. Users of the 2MB pflash images should migrate to their 4MB
  image counterparts:

    OVMF_CODE.fd         -> OVMF_CODE_4M.fd
    OVMF_CODE.ms.fd      -> OVMF_CODE_4M.ms.fd
    OVMF_CODE.secboot.fd -> OVMF_CODE_4M.secboot.fd
    OVMF_VARS.fd         -> OVMF_VARS_4M.fd
    OVMF_VARS.ms.fd      -> OVMF_VARS_4M.ms.fd

  2MB VAR images are not compatible with 4MB CODE images. Users must
  migrate both CODE and VARS images simultaneously.

  A migration guide is provided at:
    /usr/share/doc/ovmf/howto-2M-to-4M-migration.md.gz

 -- dann frazier <dannf@debian.org>  Wed, 27 Dec 2023 10:15:33 -0700