edk2 (2025.02-8) unstable; urgency=medium

  The EFI_MEMORY_ATTRIBUTE_PROTOCOL is disabled by default in the
  AAVMF_CODE.secboot.fd image. This is to avoid crashes with guest
  operating system bootloaders that do not observe proper memory access
  semantics. If your guest operating system supports it, it is recommended
  that you use the AAVMF_CODE.secboot.strictnx.fd image instead to
  provide additional security protection. This security feature will
  be enabled by default for all *.secboot.fd images in the next release.

 -- dann frazier <dannf@debian.org>  Mon, 12 May 2025 18:23:21 -0600

edk2 (2025.02-1) unstable; urgency=medium

  For security reasons, network boot options are no longer usable in
  guests that lack a random number generator. You can add a random
  number generator to QEMU guests with `-device virtio-rng-pci`, or by
  using the equivalent libvirt configuration:
    https://libvirt.org/formatdomain.html#random-number-generator-device

 -- dann frazier <dannf@debian.org>  Sun, 09 Mar 2025 15:12:43 -0600