edk2 (2025.02-8) unstable; urgency=medium

  The EFI_MEMORY_ATTRIBUTE_PROTOCOL is disabled by default in the
  OVMF_CODE_4M.secboot.fd image. This is to avoid crashes with guest
  operating system bootloaders that do not observe proper memory access
  semantics. If your guest operating system supports it, it is recommended
  that you use the OVMF_CODE_4M.secboot.strictnx.fd image instead to
  provide additional security protection. This security feature will
  be enabled by default for all *.secboot.fd images in the next release.

 -- dann frazier <dannf@debian.org>  Mon, 12 May 2025 18:23:21 -0600

edk2 (2025.02-1) unstable; urgency=medium

  For security reasons, network boot options are no longer usable in
  guests that lack a random number generator. You can add a random
  number generator to QEMU guests with `-device virtio-rng-pci`, or by
  using the equivalent libvirt configuration:
    https://libvirt.org/formatdomain.html#random-number-generator-device

 -- dann frazier <dannf@debian.org>  Sun, 09 Mar 2025 15:12:43 -0600

edk2 (2023.11-2) unstable; urgency=medium

  The 2MB ovmf pflash images, OVMF_CODE.*.fd and OVMF_VARS.*.fd, have now
  been removed. Users of the 2MB pflash images should migrate to their 4MB
  image counterparts:

    OVMF_CODE.fd         -> OVMF_CODE_4M.fd
    OVMF_CODE.ms.fd      -> OVMF_CODE_4M.ms.fd
    OVMF_CODE.secboot.fd -> OVMF_CODE_4M.secboot.fd
    OVMF_VARS.fd         -> OVMF_VARS_4M.fd
    OVMF_VARS.ms.fd      -> OVMF_VARS_4M.ms.fd

  2MB VAR images are not compatible with 4MB CODE images. Users must
  migrate both CODE and VARS images simultaneously.

  A migration guide is provided at:
    /usr/share/doc/ovmf/howto-2M-to-4M-migration.md.gz

 -- dann frazier <dannf@debian.org>  Wed, 27 Dec 2023 10:15:33 -0700