edk2 (2025.02-5) unstable; urgency=medium

  The EFI_MEMORY_ATTRIBUTE_PROTOCOL is now enabled by default in the
  AAVMF_CODE.secboot.fd image. This is a security feature that will
  cause crashes for operating systems with bootloaders that do not
  observe proper memory access semantics. Users that experience issues
  with such bootloaders have the options to either append the following
  to the qemu-system-aarch64 command line:
    -fw_cfg name=opt/org.tianocore/UninstallMemAttrProtocol,string=y
  or switch to the no-secboot image, which uninstalls this protocol by
  default.

 -- dann frazier <dannf@debian.org>  Fri, 28 Mar 2025 08:23:47 -0600

edk2 (2025.02-1) unstable; urgency=medium

  For security reasons, network boot options are no longer usable in
  guests that lack a random number generator. You can add a random
  number generator to QEMU guests with `-device virtio-rng-pci`, or by
  using the equivalent libvirt configuration:
    https://libvirt.org/formatdomain.html#random-number-generator-device

 -- dann frazier <dannf@debian.org>  Sun, 09 Mar 2025 15:12:43 -0600