Accepting request 1327050 from Virtualization

- Update to edk2-stable202511 - Patches (git log --oneline --date-order edk2-stable202505..edk2-stable202508): 46548b1ada MdeModulePkg: Update brotli submodule 9e4d3b3163 BaseTools: Update brotli submodule 6c6d4d2d52 MdePkg: Add PCI Express 7.0 Header Support c624a06aa3 ArmPkg,UefiCpuPkg: fix boot failure with LPA2 7446762732 MdePkg,UefiCpuPkg: fix wrong DS bit and add helper to check it 1c74842bd0 ArmPkg/Library: fix: Incorrect SectionLength Calculation. 49d4753385 MdeModulePkg: CoreDxe: Handle multilple MemoryAllocationModules a3a180e2bc MdeModulePkg: Update Brotli Compress to 1.2.0 6d82549396 BaseTools: Update Brotli Compress to 1.2.0 059332bda3 ArmPkg/Library: Fix for coverity issue OVERRUN 05b677c9de UefiCpuPkg/MtrrLib: Prevent MTRR usage with SEV guests b98ccecdec MdePkg: Add code to detect running as an SEV guest 8058a94f60 MdePkg: Add IPMI Mailbox Size Define b7d91dbe8a BaseTools/GenFW: RISC-V: Detect Zicfilp extension cb8c8c9285 FmpDevicePkg: GetImageInfo Add missing conditions 641bd54258 UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support for AMD family 2ff1029cc3 RedfishPkg: Add missing FreePool to fix memory leak issue 9b71501f6c NetworkPkg/SnpDxe: Fix Snp used uninitialized 94065db3dc MdeModulePkg: ArmFfaLib: Add FFA_YIELD handling ed79e67369 IntelFsp2Pkg: Add check if current OS support tkinter or not aba2b4e221 EmulatorPkg/Win/Host: Fix loaded DLL page protections 2509b4be74 ArmPlatformPkg: Update transfer list register usage before stack setup 05429cbe91 OvmfPkg: Expand EnrollDefaultKeys with Microsoft 2023 keys 98d1f8a6fd BaseTools: Remove DXE_SAL_DRIVER 41f7c0cd9e NetworkPkg: Remove DXE_SAL_DRIVER b089a6a445 EmbeddedPkg: Remove DXE_SAL_DRIVER 5467d6037d ArmVirtPkg: Remove DXE_SAL_DRIVER 8b00092e3f ArmPlatformPkg: Remove DXE_SAL_DRIVER 9e740df0bd ArmPkg: Remove DXE_SAL_DRIVER d36680ad13 SecurityPkg: Remove DXE_SAL_DRIVER c6e5c20cb9 MdePkg: Remove DXE_SAL_DRIVER 147e9a053e MdeModulePkg: Remove DXE_SAL_DRIVER 59c3e63fc6 OvmfPkg: Use FvLib from MdePkg 426da7fb1a IntelFsp2WrapperPkg: Rebase FSP-S and FSP-I if Image Base not match 29a66468cb MdePkg: Copy FvLib to MdePkg d145aef952 MdeModulePkg/Core/Dxe: Fix TPL inversion from DEBUG() message 302cc88ab3 NetworkPkg/SnpDxe: Update SnpDxe SNP_DRIVER struct out of DMA-able memory. a074649c60 CryptoPkg: Fix coverity warnings in CryptoPkg. c6cea09e9a SecurityPkg: Trace and return status are handled. ff0edeaaa8 StandaloneMmPkg/Core/Dispatcher: Use more generic MMRAM term in comment 64a1aca08f MdeModulePkg: Fix UEFI runtime driver loading after EndOfDxe 7ce19889f9 DynamicTablesPkg: Add the parser for EArchCommonObjTpm2DeviceInfo e29efd220d DynamicTablesPkg: PCIE SSDT Add root port devices 01d4c1d51c DynamicTablesPkg: Update PCIe config space object 8366881b06 DynamicTablesPkg: Add PCIe root port namespace object 76c5005ce8 DynamicTablesPkg: Add X64 libraries to meta files 0a3d688b1b DynamicTablesPkg: Enhance X64 PCIe SSDT _CRS generation cec2c6bbcc MdeModulePkg: Always Initialize Separate Exception Stacks 1d6f2f0d8d MdeModulePkg: CpuExceptionHandlerLibNull: Return Success On Null Func 34cd1aca46 UefiCpuPkg: MpInitLib: Fix Task Register Race Condition GP Fault e67f405713 UefiCpuPkg: Always Initialize Separate AP Exception Stacks f64b4065b7 UefiCpuPkg/CpuDxe: fix page table walk in confidential VM 44214c0cdf MdeModulePkg/AcpiTableDxe:Improving InitializeAcpiTableDxe behavior. 9f31aa33d8 MdeModulePkg:Completed InstallAcpiTableFromAcpiSiliconHob AddTableList c22d6957f4 MdeModulePkg/AcpiTableDxe:Fixed memory corruption issue 47dc9e310b IntelFsp2Pkg: Update GenYamlCfg script db4d323909 UefiCpuPkg/PeiMpLib: Only allocate ACPI NVS AP loop code buffer on S3 e494b25fe3 BaseTools:Remove deprecated ast.Str import for Python 3.14 compatibility 2241651b17 BaseTools: Add Quoting to Python Path on Windows 174933ebf6 IntelFsp2Pkg/GenCfgOpt.py: Fix line endings in Linux environments 0fa57975b0 MdePkg: Acpi66: Add defined IOVT Signature aeb27b18ce EmulatorPkg/BuildOptions: Add CLANGPDB DLINK_FLAGS flags to build options e49ec97d12 OvmfPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options ffa859492a StandaloneMmPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS to build options 519ccd4d59 SecurityPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options 1527320ad2 CryptoPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options f80a406aa9 MdeModulePkg: CoreGetMemoryMap: Account for Unaccepted Entries 3731699a63 PrmPkg: Remove notes from Readme that do not apply 12a908e09c PrmPkg/Samples: Update INF files for GCC/CLANG c16e88e301 PrmPkg/Include: Fix GCC/CLANG PRM Module DLL Export issues 3980808abf BaseTools/Scripts: KEEP .prmexportdescriptor data sections 47b0261613 BaseTools/Source/C/GenFw: Add --image-version option 7a3bcd6684 BaseTools/Source/C/GenFw: Add no symbols check to --prm b5bab75e58 MdeModulePkg: DXE Core: Correct Usage of EFI_MEMORY_ATTRIBUTE_MASK 1e7a83cbb6 BaseTools/FMMT: Fix errors when operating the FV with CRC32 section c9eb3717b4 MdeModulePkg: ScsiDiskDxe: Query Write Protected State d428ca6fe2 MdePkg: ATAPI: Add ATA_CMD_MODE_SENSE6 Definition fe52108211 EmbeddedPkg/VirtualRealTimeClockLib: Use SOURCE_DATE_EPOCH fcc568ca6e BaseTools/build.py: set BUILD_TIME_EPOCH if not already in environment 5ca97bf64f BaseTools/build.py: language cleanup around CheckEnvVariable 9e815d789b ShellPkg/SmbiosView: Display Type 44 "Referenced Handle" field 28b7a6d5ea ShellPkg/SmbiosView: Display Type 2 Contained Objects info a0e8b71ee5 ShellPkg: Review SMBIOS 3.9 specification e27cfda33b OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling 2522020ee1 UnitTestFrameworkPkg: Use 8MB stack for MSFT and CLANGPDB 597d061e09 MdeModulePkg/DxeCapsuleLibFmp:Added PCD for EmbeddedDriver Support 9c06ac56fb SecurityPkg: Tcg2StandaloneMmArm: Enable TPM FFA Instance to Register PPI 4883960e5e SecurityPkg: Tcg2AcpiFfa: Correct TPM Instance Validation ff96eb4c2c MdePkg: Restore ARM processor macro in CPER header faeee00490 MdeModulePkg/FvSimpleFileSystemDxe: Remove Iso639Language 56989e2d24 FatPkg/EnhancedFatDxe: Remove Iso639Language aace3eebd2 DynamicTablesPkg: Use abstract tokens in token generator f09ea5f672 ArmVirtPkg/KvmtoolCfgMgrDxe: Update DynamicPlatRepoLib usage 954ee29013 DynamicTablesPkg/FdtHwInfoParserLib: Add Arm IORT parser ba69c6d514 DynamicTablesPkg: FdtHwInfoParserLib: Generate GIC ITS group objects b0aac86c0d DynamicTablesPkg: Add helper to add array as a CmObj 12690ffbb8 DynamicTablesPkg: Add helper to add CmObj with given token 2ad74b956b DynamicTablesPkg/FdtHwInfoParserLib: Support 1 PMU IRQ per core 549b473b23 MdePkg/BaseFdtLib: Add FdtGetPhandle wrapper 80eaa563ec MdeModulePkg/HiiDatabaseDxe: Avoid unexpected memory free aff203c3ce Maintainers.txt: Remove myself as BaseTools maintainer 3b83fe3958 BaseTools: Disable GCC relax on LoongArch 0070fd1aec CryptoPkg: Fix build of MbedTlsLib 4bb6dd8296 CryptoPkg: Simplify MSFT FLINK_FLAGS 0f0b472ae5 OvmfPkg/PlatformInitLib: add sanity checks to igvm code ab04d09555 EmbeddedPkg: Clear keyboard queue buffer after reading 0cad130cb4 MdeModulePkg : Clear keyboard queue buffer after reading f98662c5e3 MdePkg/MockFdtLib: add FdtLib mock functions 5cf1be671b ShellPkg/pci.c: Fix typo in source code. 5550d8f0b7 ShellPkg: Add PCIe boundary check and enhance DVSEC size calculation da44b3b24a PrmPkg: Set DXE_RUNTIME_DRIVER section alignment baf0ae3b1d SecurityPkg: rename PeilessSecMeasureNullLib d95e578b25 ArmPlatformPkg: rename LcdHwLibNull and LcdPlatformLibNull d52fa6da67 ArmPkg: rename ArmMtlNullLib 01b9f27dbb ArmPlatformPkg/PlatformPei: generate TPM event log hobs f1f672b898 ArmPkg/SemihostFs: fix crash when file open fails edb5331f78 .github/workflows: Add PR formatting validator bfbd5d70e8 .github/GitHub.py: Add output and env helpers d3a64baf4b NetworkPkg/UefiPxeBcDxe: Add buffer check before reporting status code 90771630bf UefiCpuPkg/ArmMmuLib: Add support for LPA2 5ec21149a7 ArmPkg/CpuDxe: Add support for LPA2 page table entry format 6e01bfcca2 ArmPkg/CpuDxe: Add support for signed page table levels 3916260189 ArmPkg/ArmLib: Add 52-bit VA support helper (LPA2) c5e4e7e78a MdePkg/ArmLib: Add prototype for 52-bit VA support helper 8c50ce60c4 MdePkg/AArch64: Add LPA2 related constants fe22ac2932 OvmfPkg/igvm: add IgvmSecureBootDxe 5a6a9f7955 OvmfPkg/X86QemuLoadImageLib: do not use the legacy linux loader in CVMs. 8b22c532b3 ShellPkg/Library: rework Shell...CommandsLib Load.c aa29d51637 ShellPkg: Use the newly introduced ShellPrintDefaultEx() alias 9ff74659a8 OvmfPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias c71d0e7153 PrmPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias c4a8b001f3 ShellPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias 432feb6b56 NetworkPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias 44a3048c7c ShellPkg/ShellLib.h: Add aliases for ShellPrintEx() and ShellPrintHiiEx() 9363f19900 ShellPkg/Connect: Extract a ConnectFromEfiVariable() function 53f83ae00d ShellPkg/Connect: Extract a ConnectConsoles() function bcfbaf5f00 ShellPkg/Connect: Simplify error handling in ShellConnectFromDevPaths() 7ae7bd8ef2 ShellPkg/DrvCfg: Simplify error handling in ParseBufferConfig() 3fcea99da0 ShellPkg/DrvCfg: Extract a ParseBufferConfig() function 16ffc09be1 ShellPkg/MemMap: Extract a ParseMemoryDescriptors() function 5ff8948a12 ShellPkg/MemMap: Create arrays of MemoryType configuration and Page 25daa0fcc9 ShellPkg/MemMap: Create array of MemoryType names 0f57fc7cf7 ShellPkg/Dmem: Remove return parameter from DisplayXXX() functions 2bebeb1ad4 ShellPkg/Dmem: Remove unnecessary EfiGetSystemConfigurationTable() calls 482781a7f9 ShellPkg/Dmem: Simplify logic by inverting Address checks e78453fb54 ShellPkg/Dmem: Replace per-System Table variable by indexed arrays 0235ac23c5 ShellPkg/Dmem: Remove Memory Range Capsule support cf67a0c78e ShellPkg/Dmem: Remove remaining of SAL System Table ace36ed376 ShellPkg/Dmem: Extract a DisplaySystemTable() function a51255072e OvmfPkg/EmuVariableFvbRuntimeDxe: initialize emu variable fvb from rom 289b23ec12 ArmPlatformPkg/PeilessSec: apply PeilessSecMeasureLib in PeilessSec 9bca0ee3b2 SecurityPkg/Library: introduce PeilessSecMeasureLib 9c651ef83a SecurityPkg/Library: introduce HashLibTpm2PeilessSec ba079eda61 ArmPkg: Smbios: Update ProcessorSubClassDxe for new SMBIOS structures 34e3bd44ff DynamicTablesPkg: Add SmbiosSmcLib 3e62dbf504 DynamicTablesPkg: DynamicTableManagerDxe: Fix NULL pointer dereference 6979b733ac DynamicTablesPkg: Smbios Processor Information (Type 4) d755753ef8 DynamicTablesPkg: Smbios Cache Information (Type 7) dfac150bdf MdePkg: SmBios: Add structs for cache size and configuration data a08905a62a DynamicTablesPkg: Implement abstract CM_OBJECT_TOKENs fad3450348 MdePkg: Smbios: Add AArch64 ProcessorId variant for type 4 table 5a8411a7b0 DynamicTablesPkg: Add SMBIOS table generation a4492241a7 DynamicTablesPkg: Move ACPI building & change DEPEX on protocol 06a1adf23d MdePkg/SmBios.h: Add New definition for Invalid Handle 8f63fce994 DynamicTablesPkg: Add Ordered dispatch support for SMBIOS tables 6544b894a9 DynamicTablesPkg: Update SMBIOS dispatcher dependency table 54eabaf6b4 DynamicTablesPkg: Add SMBIOS table dispatcher 4b0ba678eb DynamicTablesPkg: Define a SMBIOS Structure/Table type 64b62a0879 UefiCpuPkg/MmSaveStateLib: On AMD MmSaveStateLib, add support AmdSysCallLib 3ebcf121dc OvmfPkg: Add AmdSysCallLibNull in DSC files. 1f5faa68ce UefiCpuPkg/AmdSysCallLib: Add AmdSysCallLib headers and Null library a04994ff64 OvmfPkg/MemFD: swap memory log buffer and pei firmware volume 38370cf492 OvmfPkg/igvm: add PlatformIgvmVpCount 251462324f OvmfPkg/QemuKernelLoaderFsDxe: add support for igvm data blobs c36111cfca OvmfPkg/igvm: handle igvm data hobs f52a46375b OvmfPkg/igvm: add IgvmData struct header + guid 5e8db785e4 OvmfPkg/igvm: add igvm memory map support. 313004a57f OvmfPkg/igvm: add igvm regions to reset vector e566e1e536 OvmfPkg/igvm: reserve two pages for igvm support in memfd bc431cece3 ShellPkg: add support for AGDI table in acpiview 19a72dd1e1 MdePkg: AgdiTable: add support for Arm Agdi table 2a6708a786 OvmfPkg/build.sh: Remove support for IA32 architecture 7b971810b0 MdeModulePkg: Update to support mouse z-axis in ConSplitterDxe 3c454cf7d4 BaseTools/Plugin/HostBasedUnitTestRunner: Add CLANG support 55a5ec63fe UnitTestFrameworkPkg/UnitTestDebugAddressLib: Remove extra options 07da104cfb UnitTestFrameworkPkg/GoogleTestLib: Remove extra options 0838bf1531 UnitTestFrameworkPkg/SubhookLib: Update GCC defines 6e65f7df90 UnitTestFrameworkPkg/CmockaLib: Add CLANGPDB support 81a7efddd5 UnitTestFrameworkPkg/Include: Update GoogleTestLib for CLANG 9731114a00 UnitTestFrameworkPkg: Add CLANGDWARF and CLANGPDB support f832329add UnitTestFrameworkPkg: Set defines for CLANGPDB builds 8310dfa9f4 CryptoPkg/Library/OpensslLib: Add back PKCS12 support 2ff173af12 BaseTools: Remove ARM32 Support bc31103006 MdePkg: Remove ARM32 Support from CompilerIntrinsicsLib 49b3eb5907 MdePkg: Remove ARM32 Support from BaseLib 84c026111c MdePkg: Remove ARM32 Support c7ada42ce4 MdePkg: Remove ARM32 Support from BaseCpuLib 756fd38a80 MdePkg: Remove ARM32 Support from PE/COFF Libs 9ca3dc9b0d MdePkg: Remove ARM32 Support from BaseSynchronizationLib 673ff79628 MdePkg: Remove ARM32 Support from BaseIoIntrinsicLib 0dc21d1f75 MdePkg: Remove ARM32 Support from BaseMemoryLibOptDxe f05cf0fd66 MdePkg: Remove ARM32 Support from ArmS*cLib 7838ee347b MdePkg: Remove ARM32 Support from Service Table Libs abfe5b2869 MdePkg: Remove ARM32 Support from StackCheckLib 5984676364 MdePkg: Remove ARM32 Support from UnitTests 5f9e2eac7a UnitTestFrameworkPkg: Remove ARM32 Support ef79d58427 MdeModulePkg: Remove ARM32 Support 80de048c1b ArmPkg: Remove ARM32 Support f73b53c283 ArmPkg: Remove Incorrect ArmPkg.dsc Sections cdc8858e19 ArmPkg: Remove ARM32 Support from ArmLib 4261eb1bef ArmPkg: Remove ARM32 Support from ArmHvcLib 889676ac60 ArmPkg: Remove ARM32 Support from ArmMonitorLib 4bd1f47642 ArmPkg: Remove ARM32 Support from SMBIOS 79e9dee6c7 ArmPkg: Remove ARM32 Support from ArmExceptionLib a40d7f7d0b ArmPkg: Remove ARM32 Support from CpuDxe f75198f592 ArmPkg: Remove ARM32 Support from ArmStandaloneMmCoreEntryPoint 88b5cb3e12 ArmPkg: Remove ARM32 Support from DefaultExceptionHandlerLib 3741a42087 ArmPkg: Remove ARM32 Support from ArmGicDxe bacb949dd9 ArmPkg: Remove ARM32 Support from SemiHostFs cebf57e701 ArmPkg: Remove ARM32 Comments and Supported Arch 45147d3021 ArmPlatformPkg: Remove ARM32 Support from ArmPlatformLibNull dc1ccc9daf ArmPlatformPkg: Remove ARM32 Support from Sec 737ca4ea4f ArmPlatformPkg: Remove ARM32 Support from PeilessSec b9b1365a76 ArmPlatformPkg: Remove ARM32 Comment and Supported Architecture c6ff778056 OvmfPkg: Drop ARM32 Support 2ba9441e0b CryptoPkg: Drop ARM32 Support 90dc87714c EmulatorPkg: Drop ARM32 Support 9b8cab36cd FatPkg: Drop ARM32 Support b1f7c444e1 DynamicTablesPkg: Drop ARM32 Support 45fde54948 EmbeddedPkg: Drop ARM32 Support 2c059facb3 FmpDevicePkg: Drop ARM32 Support 1764d4eb2b NetworkPkg: Drop ARM32 Support 470a80094c RedfishPkg: Drop ARM32 Support 2b0ce49c50 PrmPkg: Drop ARM32 Support 08ae634ccb SecurityPkg: Drop ARM32 Support 9c657c3685 ShellPkg: Remove ARM32 Support 18e94d0d4b SignedCapsulePkg: Drop ARM32 Support 7cf721dd4d StandaloneMmPkg: Drop ARM32 Support 3d50e76f03 UefiPayloadPkg: Drop ARM32 Support 08c27faeed UefiCpuPkg: Drop ARM32 Support 215e45bdb3 .azurepipelines,.github,.pytool: Disable ARM32 at Top Level/Pipelines f451d187c3 ShellPkg: AcpiView: Fix CodeQL Error 12797dd337 BaseTools: Align Pre-Processor Macros for CLANGPDB and CLANGDWARF 21eff866e7 SecurityPkg/Tpm2DeviceLibDTpm: Remove global variable for command code b15f98e68f OvmfPkg/IntelTdx: Fix TDVF boot failure with odd-sized memory below 2816M 17691a2641 FmpDevicePkg/FmpDxe: Improve handling of XDR certs 18d053d682 IntelFsp2Pkg/FspSecCore: Reserve 32B when calling C function in 64bit fb43f0c085 CryptoPkg: Add support to set TLS security level. ba41bd096a MdeModulePkg/TerminalDxe: Improve the implementation of AnsiTestString 0053bbf833 MdeModulePkg/TerminalDxe: Add missing types for TestString function 8a07311710 MdeModulePkg: Add PcdDelayedDispatchMaxEntries 32711df057 DynamicTablesPkg: Drop IA32 support 81f9f6d7b3 CryptoPkg/BaseCryptLibMbedTls: Fix wrong return in X509GetIssuerName bd9cb33424 CryptoPkg/BaseCryptLibMbedTls: Fix DateTime conversion from char to int 238a6175fb BaseTools/Conf: Add support for C++ compiler flags 5dadbbac0b BaseTools/Conf: Remove -nostdlib -nostdlibinc for CLANG 6e992efa8d BaseTools/Conf: Remove -imacros from GCC_ASM_FLAGS 95c5f119bd BaseTools/Conf: Make ASLCC_FLAGS independent of CC_FLAGS 23dd3eafb8 BaseTools/Conf: USER_DEFINED/HOST_APPLICATION CLANG support a63bbb35d9 EmulatorPkg/Unix/Host: Add CLANGDWARF support and reduce warnings a9cf21e835 BaseTools/Conf: Fix build_rule.template for CLANGDWARF 24803543ea EmulatorPkg/Win/Host: Remove set but not used variables 7f557cd133 EmulatorPkg/Unix/Host: Fix set but unused variables 0bc550f466 UnitTestFrameworkPkg/SampleGoogleTest: Add missing override keyword 62861fed5d Maintainers.txt: Replace Swee Aun with Star as reviewer for StandaloneMmPkg 82a03a8248 RedfishPkg/JsonLib: Define NO_MSABI_VA_FUNCS for GCC X64 ff39a5d2dd CryptoPkg/BaseCryptLib: Fix MODULE_TYPE for unit tests ae95326c2c CryptoPkg/BaseCryptLib: Remove tolower() for unit tests 1e5aeff417 UefiCpuPkg/MtrrLib: Update unit tests for CLANGPDB d87583e720 MdePkg/Library/BaseLib: Remove __chkstk() from BaseLib 2636488e7b MdePkg/Test/MockSmmServicesTableLib: Fix struct init f57fab9b1d MdeModulePkg/Test/Include: Fix SecurityManagement include guard c4ca5ee091 MdeModulePkg/Universal/DisplayEngineDxe: Fix GCCNOLTO error 9ac6e450e4 NetworkPkg/UefiPceBcDxe/GoogleTest: Add missing EFIAPI b05c8d7b80 NetworkPkg/Dhcp6Dxe/GoogleTest: Fix init of complex struct 0d26d944d9 MdeModulePkg/Universal/DriverSampleDxe: Fix VFR warnings 2a8d98d0a5 OvmfPkg/IntelTdx: Update TDVF README.md b4e6443f89 SecurityPkg: Tpm2DeviceLibFfa: Recognize CRB Interface Version 2 b24663ee58 SecurityPkg: Tpm2DeviceLibDTpm: Recognize CRB Interface Version 2 3a5563593a MdePkg: TpmPtp: Add CRB Interface Version 2 Definition 11ecff34f3 ArmVirtPkg/ArmVirtQemu,ArmVirtQemuKernel: Allow users to enable SNP 6690201491 .pytool: Update Uncrustify to 73.0.11 d347a7e8bc BaseTools/VfrCompile: Fix compiler warning C++17 does not allow register dfbb7de3c6 ArmPkg: ArmPsciMpServicesDxe: Fix MPIDR usage from CoreInfo 1fc19a0d52 ArmPkg: ArmPsciMpServicesDxe: Fix core disable/enable if the timer expires c502e2c58e MdeModulePkg/UnicodeCollation: Fix uninitialized variable usage 3a53c57967 StandaloneMmPkg: Optimize MM core image size alignment 1780373897 MdeModulePkg/DxeMain: Add debug code for Event Group notify functions 282a324bf4 MdeModulePkg/ArmFfaLib: Add MemoryAllocationLib 2558af552d MdeModulePkg/ArmFfaLib: Add HobLib to StMm instances 615e5ca40a EmbeddedPkg/PrePiLib: minor cleanup in FfsProcessSection () 24fd71dcaa EmbeddedPkg/PrePiLib: eliminate unneeded variable in FfsProcessSection () 6b19b447c5 EmbeddedPkg/PrePiLib: refactor FfsProcessSection () 4a1dca59f6 OvmfPkg/ResetVector: reorganize #vc exit handler setup. 6d90162e28 OvmfPkg/ResetVector: move ReloadFlat32 call ea5a8582e7 OvmfPkg/MemFd: switch Microvm build to include f8953fd9bd OvmfPkg/MemFd: switch OvmfPkgIa32X64 build to include 4b1711d431 OvmfPkg/MemFd: add AmdSev changes, switch AmdSev build to include 9d282ec2d9 OvmfPkg/MemFd: move MEMFD config from OvmfPkgX64 to include file 502f0dfda4 OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag 10b310f9b2 StandaloneMmPkg/Ipl: Do not check return status of MmCore's entry point 9b931ae81f FmpDevicePkg/Library: Correct comment description b471ed2969 ArmVirtPkg: Drop ARM Virtual Platforms 1fb88ffe28 OvmfPkg: Remove OVMF IA32 20f24c0f67 OvmfPkg/MemEncryptSevLib: Check if SEV-SNP coherency mitigitation is needed f41f938b35 OvmfPkg/ResetVector: Make ReceivedVc a flag in SEV-ES workarea 07ba06fdf7 MdePkg: Add the COHERENCY_SFW_NO CPUID bit field 3b0d834db2 OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation 406aeb5a97 ShellPkg/SmbiosView: Add decode for DSP0134 SMBIOS Spec v3.9.0 9e1c211b6c MdePkg/IndustryStandard: Define enums for DSP0134 SMBIOS Spec v3.9.0 5739530817 MdePkg: Add MockSpiNorFlashProtocol f5d3291379 Maintainers.txt: Add vishalo as reviewer for AARCH64 support d7832b4800 MdeModulePkg: consider UNSUPPORTED return as valid in ArmFfaStandaloneMmLib d8e875e625 Global: fix ArmFfaLibRun() caller couldn't get ret-args 57230fff6b ArmPlatformPkg,EmbeddedPkg,MdeModulePkg: Move RealTimeClockLib header 438045682b MdePkg/Inclde: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID cf5f907cd5 ShellPkg: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID a46697f735 MdeModulePkg: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID 9898567e2b FatPkg/EnhanceFatDxe:Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID 8bd3787e4b MdePkg/Include: Deprecate EFI_DEVICE_IO_PROTOCOL e27779e2c1 ShellPkg/Library: Deprecate EFI_DEVICE_IO_PROTOCOL 80fddcaeb8 MdePkg/Include: Deprecate UNICODE_COLLATION_INTERFACE b1e018c0ad MdePkg/Include: Deprecate EFI_NVDIMM_LABEL_FLAGS_UPDATING a860818324 MdePkg/Include: Deprecate EFI_NVDIMM_LABEL_FLAGS_RESERVED ff668af879 MdePkg/Include: Deprecate EFI_IP4_CONFIG_PROTOCOL c3cab06d2b ShellPkg/Library: Deprecate EFI_IP4_CONFIG_PROTOCOL 85770fd453 MdePkg: Add support for PCIe Extended IDs c992bffaef ShellPkg: Add support for PCIe Extended IDs 338f5079f7 MdePkg: Enable CompilerIntrinsicsLib for LoongArch 6093cfcdd1 BaseTools: PatchCheck.py: Allow MultiPkg Commits For Subject Check d250191042 BaseTools/PatchCheck.py: Check CI Options Before Parsing 65485e195f UefiCpuPkg/MpInitLib: Ensure AP wake up on WakeUpByInitSipiSipi mode 1dacf4c408 CryptoPkg: Add SNI support 41cde6e2e3 NetworkPkg/TlsDxe: Add SNI support 4e41744142 MdePkg/Nvme.h: Add Power Loss Signaling defination 1bbd68755c BaseTools: Update architectures in target.template a80a53ccf2 MdeModulePkg/UiApp: Remove unused variable fcbf985673 MdePkg/ArmFfaMemMgmtLib: Fix typo in structure definition and comments f718b0ffd6 ShellPkg/UefiShellDebug1CommandsLib: Add MRDIMM entry to QueryTable 397479d748 MdePkg/IndustryStandard: Add MRDIMM into Smbios.h 2efffed938 MdePkg/Library/BaseRngLib/Riscv: use CPU RNG instructions only 77293f4711 MdePkg: Correct comments for ResolutionY and ResolutionZ in SimplePointer.h fa92e9bd05 MdeModulePkg UsbMouseDxe: Correct some parameter comments aeea04341c MdeModulePkg: Fix malformed terminal control sequences 060bb0e5a7 SecurityPkg/FvReportPei: Improve CheckStoredHashFv() description 5025fc1eda ArmPkg/ArmTransferList: add TPM_EVENT_LOG information a9cad8a1fb ArmPkg/Library/ArmTransferList: add helper to get TransferList 35a3ceb882 OvmfPkg/RiscVVirt: Add SecureBootDefaultKeysInit module. 7374b2b224 OvmfPkg/RiscVVirt: Expand variable store size for secure boot 32ea243c27 OvmfPkg/RiscVVirt: Resolve missing TPM Modules/Libraries 62929b3022 OvmfPkg/RiscVVirt/PlatformPei: Enable TPM Device Discovery 6bbdcecc0a OvmfPkg/Tcg2Config: Add RISC-V Support for TPM Device Discovery 8bdc0c2a9a UefiCpuPkg/BaseRiscV64CpuTimerLib: Ensure mTimeBase is initialized d14e964692 ArmVirtPkg/ArmVirtQemu: Introduce support for MemDebugLib. 41c48d2a7c OvmfPkg/MemDebugLogLib: move QemuFwCfgSimpleParserLib to LibraryClasses 839e79f62b OvmfPkg/MemDebugLogLib: unoptimize PEIM and PEI_CORE 4b041f09d6 RedfishPkg/PlatformConfig: Use en-US if no x-uefi-redfish string 20609b499e RedfishPkg/RedfishPlatformConfig: Expose suppressed HII options to Redfish 6755c9d82c UefiPayloadPkg: RISCV: Licensing Fix 60803295c3 pip: bump pylibfdt from 1.7.2 to 1.7.2.post1 8404e44c63 UefiPayloadPkg: update stack address print to 64 bit a56c2eb07e MdePkg/BaseFdtLib: Remove unused macros and string APIs fc0fffa7e9 pip-requirements: Add pylibfdt and pefile 31402d2a31 CryptoPkg: Add Unit Test Host of Mbedtls CryptoLib d2bdf8dda6 CryptoPkg: Fix array index out of bounds in RsaGetPrivateKeyFromPem dc9cdf6c90 CryptoPkg: Add PKCS7 test case for partial certificate chains d188ad6a1f NetworkPkg/WifiConnectionManagerDxe: UI Disconnect 68a7665250 UefiPayloadPkg/FmpDeviceSmmLib: Add for full chip flashing via SMMSTOREv2 2736239aca UefiPayloadPkg/SmmStore: Add API to read/write/erase any flash block e7a1b29553 UefiPayloadPkg/UefiPayloadPkg.dsc: Enable FMP updates f53b19f6c8 UefiPayloadPkg: Enable processing of capsules d43451b520 MdeModulePkg: Add PcdCapsuleFmpSupport cc149a8eaa UefiPayloadPkg/UefiPayloadEntry: Import update capsules from bootloader 8b2433c2f5 UefiPayloadPkg/BlSupportDxe: Publish ESRT with an entry for system firmware f3a5772aca UefiPayloadPkg/BlParseLib: Add parsing of firmware info 450784d3fd UefiPayloadPkg/SblParseLib.inf: Add missing GUIDs 433bbe6e49 BaseTools: DSC: fix processing !include in multiarch subsections 829e42d3a3 MdeModulePkg/PeiCore: Print GUID of FV and FvFile in debug log 8682d3ea0a SecurityPkg/Tpm2CommandLib: Update not found RC for Public NV Read 42ba637432 .pytool: Use Tianocore Uncrustify release 0e1e079f4c MdeModulePkg: Improve the implementation of EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL 296c2e7edb MdeModulePkg: Simplify PrintInternal function to fit wide character eb3354a499 MdeModulePkg/HiiDatabaseDxe: Avoid assert in InternalGetString 305e5845e6 BaseTools/VfrCompile: Add check for setting string default to number - Update ovmf-OvmfPkg-ArmVirtPkg-Keep-JSON-stack-cookie-files.patch - Rename ArmVirtQemu-AARCH64 path to ArmVirtQemu-AArch64 due to build path updates - Remove IA32, ArmVirtQemu-ARM because IA32 and ARM32 have been deprecated. - Update brotli Compress to 1.2.0 - brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz - e230f474b8.tar.gz - Add ovmf-Revert-OvmfPkg-RiscVVirt-Add-SecureBootDefaultKeysIn.patch (bsc#1255113) - Remove the following patches because they have been merged to edk2-stable202511: - ovmf-OvmfPkg-Add-NETWORK_ISCSI_DEFAULT_ENABLE-build-flag.patch 502f0dfda4 OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag - ovmf-MdeModulePkg-Fix-malformed-terminal-control-sequence.patch aeea04341c MdeModulePkg: Fix malformed terminal control sequences - Remove the revert patch ovmf-Revert-SecurityPkg-Add-Additional-TPM-Logging-at-DEB.patch because the upstream has resolved this issue. (bsc#1249349) 21eff866e7 SecurityPkg/Tpm2DeviceLibDTpm: Remove global variable for command code - Remove the IA32 and AARCH32 OVMF image (jsc#PED-13429) - Remove qemu-ovmf-ia32 - Remove qemu-uefi-aarch32 - Refresh patche: - ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch OBS-URL: https://build.opensuse.org/request/show/1327050 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ovmf?expand=0&rev=124
Revert Deprecate the 2MB OVMF image
2026-01-14 15:19:53 +00:00 · 2026-01-13 14:54:33 +00:00 · 2026-01-07 13:38:05 +00:00 · 2026-01-06 07:44:37 +00:00 · 2025-12-30 04:31:58 +00:00 · 2025-12-24 09:15:54 +00:00
15 changed files with 1732 additions and 203 deletions
--- a/brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz
+++ b/brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a9ba3940267de5dd73581a47c2e81b3eb1e1df6a704138c599020d66f3677a92
+size 646535
--- a/brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+++ b/brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
--- a/descriptors.tar.xz
+++ b/descriptors.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:27ce390fd560781aa99dfb3f3e32a90c57aa5c8832a29877468b14b9f6f98268
-size 1408
+oid sha256:ebda6f19f7327d96e5379d92f700f3c11e168583a90b74df0923d35a8ec713e1
+size 1324
--- a/edk2-edk2-stable202505.tar.gz
+++ b/edk2-edk2-stable202505.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5f2b5e3a267230f82e4566592fd0bfac5e205ad90520b2c9bf80f575293b7015
-size 18329425
--- a/edk2-edk2-stable202511.tar.gz
+++ b/edk2-edk2-stable202511.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d919b0344afbd9ea16d757f99919860e26acc1e9246fff743e684128c2f04dd3
+size 18471528
--- a/openssl-3.4.1.tar.gz
+++ b/openssl-3.4.1.tar.gz
--- a/openssl-3.4.1.tar.gz.asc
+++ b/openssl-3.4.1.tar.gz.asc
@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmerYOAACgkQIWCU39DL
-ge82Hw//TYSXl9ER8uSIRtlPTQ935P8n+1C9IIZOf6cWZgKR0AhLYRhGrrykv8zi
-aKNOclYfkCpMGpEAsRJIX/5FUVaXoOL7tCRTzqYOo/pjy1HOtpM+U7Rc2wBErg27
-3NN/YhuZ5d2oJ5fY7BEQmwAY5yNLh4Doi5ED+jsD5rCl8XqImfxJ7GnSioHKV8K9
-03TapTeJTR4aroLdKjWClgXY1cmRQhIMhhz+L8qPaVODbYKtx255zQVdLSdS8VPb
-XGf0aWktl9a/7btdixDUcbAd4UACzQXVESN8/fF5h+cpS2KMC9nXdV44ToK1xEhw
-skm/F6YSAdTrmG4t+Ywemnftq/WJlnEenoK858U8Bnu19cG/JTtV3ZBGZLTwsmHj
-RJ3DD2GAFjCHK1ImLdLOqVk4PNA9zIrr35sRL9h5Dav2BMUX/3kBuWE1vlGBo24X
-8O3pG5ShLXKYKmSKvBJejOS+HGt2IlyzW6WQBfULZQYyfalpM0+1cOeu2xSu61kz
-AC4ZzqKS7IWR19UeHhcmAfCdTDlO0hc6VvGM8xjPM5VL9m1oMUy/6JMiBbhm+nys
-zyOgQ+HCMwUox7lDuzzq5J0/OJtolTPr9KmmoCAAHsKXIiF/Ukcsg7UzEYmsgRoK
-dyumT1SEaVqRCLZIqSQ2TPe+iy/Dkz63JZBlbk4bvhR4ZpnrDSc=
-=FrNQ
-----END PGP SIGNATURE-----
--- a/openssl-3.5.1.tar.gz
+++ b/openssl-3.5.1.tar.gz
--- a/openssl-3.5.1.tar.gz.asc
+++ b/openssl-3.5.1.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmhjzLwACgkQIWCU39DL
+ge9rsA/5AXAEDd+2yayepyZHDamxMh9cMI8DcFnXG1NoxBgCh1P7DmdzGVRTbf8L
+V7dF063z86ebR/eIbT6QzYD+zfBd1pVMVlMe6S2/ZI+dDtJizaDdmExHsJeAJ/p/
+OeJ+ksM44eQcr0N2IUmUScr95/fZR3ED2HpAs224wMcbufe6PJUrbmyBbnPqw/Nf
+SHekc5xWAgoNT3tKKZxkjABmP8uSNtWsdn8QQuZyc7sB9Z/j5UuA/Oay7eVpQ5D8
+EiTQ1P+3u78wV/0Nqb3iDhgqShr7h7b9APgMUxQsNbvKVtoZI/7miskDz/dyNoqv
+FF9+oAhoRyC8XSQF1Td7HLLvsqqF31+iQdou5gmnrsoB6QLWEOBvfI+zOI7BckLj
+dZsa/oW6Rz1m12l5jqzorYrVYtbNfUJ7tunYMZOBnffK/VomE8XqmZuUVP+bQdZh
+zE+tLMBrIHb+h8MP3JnYsRzaYr1sN7lbLx5/7Gh1o1jpvzy57D628vbSWnbLoJuu
+l2ZjDNMAcKvcKba283lrV+Vm5aL4m/x4flsjeNiufTX50Ckzyd6U1L5Xq2wyHLuh
+kHIeO2UW9WeNud8UY5mYOBBbwHyh/9yWXphgEtxS2aSvKEIUkQ1V89e5U0Fu3pjU
+anJLQLYDc66CXfj82PK0Wq765bxIDnsRMggwgGh84U5eCvZWmMk=
+=nHMj
+-----END PGP SIGNATURE-----
--- a/ovmf-OvmfPkg-Adjust-Memory-Layout-for-2MB-OVMF.patch
+++ b/ovmf-OvmfPkg-Adjust-Memory-Layout-for-2MB-OVMF.patch
@@ -0,0 +1,36 @@
+From e1b035647e201acb02195a9ffab210f8d3e96f89 Mon Sep 17 00:00:00 2001
+From: Richard Lyu <richard.lyu@suse.com>
+Date: Wed, 3 Sep 2025 14:42:08 +0800
+Subject: [PATCH] OvmfPkg: Adjust Memory Layout for 2MB OVMF
+
+This commit increases the space for FVMAIN_COMPACT to resolve
+build failures on 2MB OVMF firmware due to insufficient space. By
+reducing the size of SEVFV and reallocating the freed space to
+FVMAIN_COMPACT, this change ensures all necessary code can fit
+within the 2MB firmware size limit.
+
+Signed-off-by: Richard Lyu richard.lyu@suse.com
+---
+ OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
+index e2543a1535..94ba51421f 100644
+--- a/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
+++ b/OvmfPkg/Include/Fdf/OvmfPkgDefines.fdf.inc
+@@ -45,9 +45,9 @@ DEFINE FW_BLOCKS         = 0x200
+ DEFINE CODE_BASE_ADDRESS = 0xFFE20000
+ DEFINE CODE_SIZE         = 0x001E0000
+ DEFINE CODE_BLOCKS       = 0x1E0
+-DEFINE FVMAIN_SIZE       = 0x001BC000
+-DEFINE SECFV_OFFSET      = 0x001DC000
+-DEFINE SECFV_SIZE        = 0x24000
+DEFINE FVMAIN_SIZE       = 0x001CC000
+DEFINE SECFV_OFFSET      = 0x001EC000
+DEFINE SECFV_SIZE        = 0x14000
+ !endif
+ 
+ !if $(FD_SIZE_IN_KB) == 4096
+-- 
+2.46.1
+
--- a/ovmf-OvmfPkg-ArmVirtPkg-Keep-JSON-stack-cookie-files.patch
+++ b/ovmf-OvmfPkg-ArmVirtPkg-Keep-JSON-stack-cookie-files.patch
@@ -1,4 +1,4 @@
-From 27a1b19ba5d3bc13562e443cebbd283c60615b89 Mon Sep 17 00:00:00 2001
+From cbc73cbf6bec0387fe7a049b659485feaeed00ea Mon Sep 17 00:00:00 2001
 From: Richard Lyu <richard.lyu@suse.com>
 Date: Thu, 26 Jun 2025 09:50:53 +0800
 Subject: [PATCH] OvmfPkg/ArmVirtPkg: Keep JSON stack cookie files for
@@ -14,29 +14,25 @@ cookie values are retained in the build directory.
 This patch includes the necessary StackCookieValues*.json files under the Build/
 directory to ensure reproducible builds for Ovmf and ArmVirt platforms.
 ---
- Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues32.json | 1 +
- Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues64.json | 1 +
- Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues32.json     | 1 +
- Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues64.json     | 1 +
+ Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues32.json | 1 +
+ Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues64.json | 1 +
+ Build/IntelTdx/DEBUG_GCC5/StackCookieValues32.json            | 1 +
+ Build/IntelTdx/DEBUG_GCC5/StackCookieValues64.json            | 1 +
 Build/Ovmf3264/DEBUG_GCC5/StackCookieValues32.json            | 1 +
 Build/Ovmf3264/DEBUG_GCC5/StackCookieValues64.json            | 1 +
- Build/OvmfIa32/DEBUG_GCC5/StackCookieValues32.json            | 1 +
- Build/OvmfIa32/DEBUG_GCC5/StackCookieValues64.json            | 1 +
 Build/OvmfX64/DEBUG_GCC5/StackCookieValues32.json             | 1 +
 Build/OvmfX64/DEBUG_GCC5/StackCookieValues64.json             | 1 +
 Build/OvmfXen/DEBUG_GCC5/StackCookieValues32.json             | 1 +
 Build/OvmfXen/DEBUG_GCC5/StackCookieValues64.json             | 1 +
 Build/RiscVVirtQemu/DEBUG_GCC5/StackCookieValues32.json       | 1 +
 Build/RiscVVirtQemu/DEBUG_GCC5/StackCookieValues64.json       | 1 +
- 14 files changed, 14 insertions(+)
- create mode 100644 Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues32.json
- create mode 100644 Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues64.json
- create mode 100644 Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues32.json
- create mode 100644 Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues64.json
+ 12 files changed, 12 insertions(+)
+ create mode 100644 Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues32.json
+ create mode 100644 Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues64.json
+ create mode 100644 Build/IntelTdx/DEBUG_GCC5/StackCookieValues32.json
+ create mode 100644 Build/IntelTdx/DEBUG_GCC5/StackCookieValues64.json
 create mode 100644 Build/Ovmf3264/DEBUG_GCC5/StackCookieValues32.json
 create mode 100644 Build/Ovmf3264/DEBUG_GCC5/StackCookieValues64.json
- create mode 100644 Build/OvmfIa32/DEBUG_GCC5/StackCookieValues32.json
- create mode 100644 Build/OvmfIa32/DEBUG_GCC5/StackCookieValues64.json
 create mode 100644 Build/OvmfX64/DEBUG_GCC5/StackCookieValues32.json
 create mode 100644 Build/OvmfX64/DEBUG_GCC5/StackCookieValues64.json
 create mode 100644 Build/OvmfXen/DEBUG_GCC5/StackCookieValues32.json
@@ -44,35 +40,35 @@ directory to ensure reproducible builds for Ovmf and ArmVirt platforms.
 create mode 100644 Build/RiscVVirtQemu/DEBUG_GCC5/StackCookieValues32.json
 create mode 100644 Build/RiscVVirtQemu/DEBUG_GCC5/StackCookieValues64.json

-diff --git a/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues32.json b/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues32.json
+diff --git a/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues32.json b/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues32.json
 new file mode 100644
 index 0000000000..279006e935
 --- /dev/null
-+++ b/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues32.json
+++ b/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues32.json
@@ -0,0 +1 @@
 +[3120319409, 3986684851, 2532066904, 2838841122, 1510610980, 3527598979, 2145389557, 915756566, 4288287152, 1592508515, 1649905414, 3214646158, 4125604801, 2636301533, 3186946058, 1297075897, 1536483215, 2684947706, 378837761, 2034357240, 1254156149, 3274923813, 1869941960, 2430363232, 2619983763, 789706441, 474468987, 4170744684, 2067453149, 80774667, 1188610392, 3484306439, 2129190303, 3706887221, 1441685697, 2832623778, 2272607630, 3766098863, 1387705257, 3531882784, 78420450, 2425693472, 2515037057, 2842949431, 2167471722, 2373850526, 2185844797, 1771878221, 3826200111, 233544227, 3019808295, 3255256900, 3737050793, 1272285847, 4114161312, 704148315, 2912601610, 3781534488, 56787233, 816583130, 2471213939, 2813874809, 2630289327, 1173288302, 1862737445, 2551923525, 1820462035, 1796829267, 1714358393, 2634249466, 176661566, 428907315, 2772923224, 1648291025, 2674956839, 2691960542, 1859704968, 709746926, 492109362, 3781180214, 4222775360, 2893670436, 2425292886, 1064615051, 3854554544, 1690467402, 356470947, 4203480635, 3958554922, 3830455836, 4051513359, 2084475517, 728710918, 2413960477, 1005365008, 117621347, 1988965873, 542004264, 1543091876, 856808939]
 \ No newline at end of file
-diff --git a/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues64.json b/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues64.json
+diff --git a/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues64.json b/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues64.json
 new file mode 100644
 index 0000000000..189f1bb32c
 --- /dev/null
-+++ b/Build/ArmVirtQemu-AARCH64/DEBUG_GCC5/StackCookieValues64.json
+++ b/Build/ArmVirtQemu-AArch64/DEBUG_GCC5/StackCookieValues64.json
@@ -0,0 +1 @@
 +[7518985701012212569, 2601960957474891530, 17831311744988480182, 16652208568711364861, 11779046321730877689, 4265457871546500992, 7292254499229112648, 223890800426602719, 2838072854045228586, 17406395504460044440, 15908843496796806072, 14702662319704085758, 9867044736590216777, 1826029253899249568, 13211023111777598167, 15781671485427291330, 10363743021216146144, 5806329751690313006, 15745089491775103262, 17509746045803567900, 1447711951392380165, 6118366145278105860, 4383356545218844403, 16245693987825670584, 2780554830603218012, 12970299634944553151, 3222388605624008866, 15814383424087557059, 15988086447905475558, 16116025969641329513, 6426405161833441255, 3254481667731922028, 6488541859345202975, 10574901139024748597, 3024566360722566355, 16062071326447635275, 12345606174395125886, 6794103055184511112, 11215411239298654461, 16898959837531392298, 11392129473298461016, 8804779203101922496, 18248956894608479019, 3405499931018446142, 17086893422507178606, 15658544032726530242, 8364333522488247864, 3279785515391664592, 13243140800673203277, 5966586998550012975, 16565158092620888628, 12638930544692949903, 1246241189792785842, 15194422135212677813, 12698266719810819587, 1534974055018719502, 12670636876876282922, 15558200550263511669, 3503220298365529701, 7528003967410398907, 17951113451990505790, 11966189487560109058, 9487073780776752004, 16989174121673443471, 11983187886593000791, 14034832459830322267, 7699754122092779654, 11045278550085659092, 15517258337126557177, 11994491770159532604, 12391224518810430854, 16412011954261833814, 6823393608276975560, 8049664586953865101, 105554461905525278, 1108289617734621870, 3107169899130739186, 16009603271400150224, 2287840628984514055, 16506851535775780356, 3856407398241994124, 15057357339963415331, 7421988999323764657, 16263909762531412778, 5520741619830646734, 12658567612226487844, 4150397776403010384, 4506124991939010117, 8337570680160461228, 1773277438796706851, 4411225815945427420, 14662834929794280164, 2744390976482384579, 5016066739309353833, 2446711385473505783, 7207045095118849468, 5059656042334578233, 5000969109599430964, 2861557136012695307, 4840563942385966137]
 \ No newline at end of file
-diff --git a/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues32.json b/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues32.json
+diff --git a/Build/IntelTdx/DEBUG_GCC5/StackCookieValues32.json b/Build/IntelTdx/DEBUG_GCC5/StackCookieValues32.json
 new file mode 100644
 index 0000000000..279006e935
 --- /dev/null
-+++ b/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues32.json
+++ b/Build/IntelTdx/DEBUG_GCC5/StackCookieValues32.json
@@ -0,0 +1 @@
 +[3120319409, 3986684851, 2532066904, 2838841122, 1510610980, 3527598979, 2145389557, 915756566, 4288287152, 1592508515, 1649905414, 3214646158, 4125604801, 2636301533, 3186946058, 1297075897, 1536483215, 2684947706, 378837761, 2034357240, 1254156149, 3274923813, 1869941960, 2430363232, 2619983763, 789706441, 474468987, 4170744684, 2067453149, 80774667, 1188610392, 3484306439, 2129190303, 3706887221, 1441685697, 2832623778, 2272607630, 3766098863, 1387705257, 3531882784, 78420450, 2425693472, 2515037057, 2842949431, 2167471722, 2373850526, 2185844797, 1771878221, 3826200111, 233544227, 3019808295, 3255256900, 3737050793, 1272285847, 4114161312, 704148315, 2912601610, 3781534488, 56787233, 816583130, 2471213939, 2813874809, 2630289327, 1173288302, 1862737445, 2551923525, 1820462035, 1796829267, 1714358393, 2634249466, 176661566, 428907315, 2772923224, 1648291025, 2674956839, 2691960542, 1859704968, 709746926, 492109362, 3781180214, 4222775360, 2893670436, 2425292886, 1064615051, 3854554544, 1690467402, 356470947, 4203480635, 3958554922, 3830455836, 4051513359, 2084475517, 728710918, 2413960477, 1005365008, 117621347, 1988965873, 542004264, 1543091876, 856808939]
 \ No newline at end of file
-diff --git a/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues64.json b/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues64.json
+diff --git a/Build/IntelTdx/DEBUG_GCC5/StackCookieValues64.json b/Build/IntelTdx/DEBUG_GCC5/StackCookieValues64.json
 new file mode 100644
 index 0000000000..189f1bb32c
 --- /dev/null
-+++ b/Build/ArmVirtQemu-ARM/DEBUG_GCC5/StackCookieValues64.json
+++ b/Build/IntelTdx/DEBUG_GCC5/StackCookieValues64.json
@@ -0,0 +1 @@
 +[7518985701012212569, 2601960957474891530, 17831311744988480182, 16652208568711364861, 11779046321730877689, 4265457871546500992, 7292254499229112648, 223890800426602719, 2838072854045228586, 17406395504460044440, 15908843496796806072, 14702662319704085758, 9867044736590216777, 1826029253899249568, 13211023111777598167, 15781671485427291330, 10363743021216146144, 5806329751690313006, 15745089491775103262, 17509746045803567900, 1447711951392380165, 6118366145278105860, 4383356545218844403, 16245693987825670584, 2780554830603218012, 12970299634944553151, 3222388605624008866, 15814383424087557059, 15988086447905475558, 16116025969641329513, 6426405161833441255, 3254481667731922028, 6488541859345202975, 10574901139024748597, 3024566360722566355, 16062071326447635275, 12345606174395125886, 6794103055184511112, 11215411239298654461, 16898959837531392298, 11392129473298461016, 8804779203101922496, 18248956894608479019, 3405499931018446142, 17086893422507178606, 15658544032726530242, 8364333522488247864, 3279785515391664592, 13243140800673203277, 5966586998550012975, 16565158092620888628, 12638930544692949903, 1246241189792785842, 15194422135212677813, 12698266719810819587, 1534974055018719502, 12670636876876282922, 15558200550263511669, 3503220298365529701, 7528003967410398907, 17951113451990505790, 11966189487560109058, 9487073780776752004, 16989174121673443471, 11983187886593000791, 14034832459830322267, 7699754122092779654, 11045278550085659092, 15517258337126557177, 11994491770159532604, 12391224518810430854, 16412011954261833814, 6823393608276975560, 8049664586953865101, 105554461905525278, 1108289617734621870, 3107169899130739186, 16009603271400150224, 2287840628984514055, 16506851535775780356, 3856407398241994124, 15057357339963415331, 7421988999323764657, 16263909762531412778, 5520741619830646734, 12658567612226487844, 4150397776403010384, 4506124991939010117, 8337570680160461228, 1773277438796706851, 4411225815945427420, 14662834929794280164, 2744390976482384579, 5016066739309353833, 2446711385473505783, 7207045095118849468, 5059656042334578233, 5000969109599430964, 2861557136012695307, 4840563942385966137]
 \ No newline at end of file
@@ -92,22 +88,6 @@ index 0000000000..189f1bb32c
@@ -0,0 +1 @@
 +[7518985701012212569, 2601960957474891530, 17831311744988480182, 16652208568711364861, 11779046321730877689, 4265457871546500992, 7292254499229112648, 223890800426602719, 2838072854045228586, 17406395504460044440, 15908843496796806072, 14702662319704085758, 9867044736590216777, 1826029253899249568, 13211023111777598167, 15781671485427291330, 10363743021216146144, 5806329751690313006, 15745089491775103262, 17509746045803567900, 1447711951392380165, 6118366145278105860, 4383356545218844403, 16245693987825670584, 2780554830603218012, 12970299634944553151, 3222388605624008866, 15814383424087557059, 15988086447905475558, 16116025969641329513, 6426405161833441255, 3254481667731922028, 6488541859345202975, 10574901139024748597, 3024566360722566355, 16062071326447635275, 12345606174395125886, 6794103055184511112, 11215411239298654461, 16898959837531392298, 11392129473298461016, 8804779203101922496, 18248956894608479019, 3405499931018446142, 17086893422507178606, 15658544032726530242, 8364333522488247864, 3279785515391664592, 13243140800673203277, 5966586998550012975, 16565158092620888628, 12638930544692949903, 1246241189792785842, 15194422135212677813, 12698266719810819587, 1534974055018719502, 12670636876876282922, 15558200550263511669, 3503220298365529701, 7528003967410398907, 17951113451990505790, 11966189487560109058, 9487073780776752004, 16989174121673443471, 11983187886593000791, 14034832459830322267, 7699754122092779654, 11045278550085659092, 15517258337126557177, 11994491770159532604, 12391224518810430854, 16412011954261833814, 6823393608276975560, 8049664586953865101, 105554461905525278, 1108289617734621870, 3107169899130739186, 16009603271400150224, 2287840628984514055, 16506851535775780356, 3856407398241994124, 15057357339963415331, 7421988999323764657, 16263909762531412778, 5520741619830646734, 12658567612226487844, 4150397776403010384, 4506124991939010117, 8337570680160461228, 1773277438796706851, 4411225815945427420, 14662834929794280164, 2744390976482384579, 5016066739309353833, 2446711385473505783, 7207045095118849468, 5059656042334578233, 5000969109599430964, 2861557136012695307, 4840563942385966137]
 \ No newline at end of file
-diff --git a/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues32.json b/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues32.json
-new file mode 100644
-index 0000000000..279006e935
--- /dev/null
-+++ b/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues32.json
-@@ -0,0 +1 @@
-+[3120319409, 3986684851, 2532066904, 2838841122, 1510610980, 3527598979, 2145389557, 915756566, 4288287152, 1592508515, 1649905414, 3214646158, 4125604801, 2636301533, 3186946058, 1297075897, 1536483215, 2684947706, 378837761, 2034357240, 1254156149, 3274923813, 1869941960, 2430363232, 2619983763, 789706441, 474468987, 4170744684, 2067453149, 80774667, 1188610392, 3484306439, 2129190303, 3706887221, 1441685697, 2832623778, 2272607630, 3766098863, 1387705257, 3531882784, 78420450, 2425693472, 2515037057, 2842949431, 2167471722, 2373850526, 2185844797, 1771878221, 3826200111, 233544227, 3019808295, 3255256900, 3737050793, 1272285847, 4114161312, 704148315, 2912601610, 3781534488, 56787233, 816583130, 2471213939, 2813874809, 2630289327, 1173288302, 1862737445, 2551923525, 1820462035, 1796829267, 1714358393, 2634249466, 176661566, 428907315, 2772923224, 1648291025, 2674956839, 2691960542, 1859704968, 709746926, 492109362, 3781180214, 4222775360, 2893670436, 2425292886, 1064615051, 3854554544, 1690467402, 356470947, 4203480635, 3958554922, 3830455836, 4051513359, 2084475517, 728710918, 2413960477, 1005365008, 117621347, 1988965873, 542004264, 1543091876, 856808939]
-\ No newline at end of file
-diff --git a/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues64.json b/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues64.json
-new file mode 100644
-index 0000000000..189f1bb32c
--- /dev/null
-+++ b/Build/OvmfIa32/DEBUG_GCC5/StackCookieValues64.json
-@@ -0,0 +1 @@
-+[7518985701012212569, 2601960957474891530, 17831311744988480182, 16652208568711364861, 11779046321730877689, 4265457871546500992, 7292254499229112648, 223890800426602719, 2838072854045228586, 17406395504460044440, 15908843496796806072, 14702662319704085758, 9867044736590216777, 1826029253899249568, 13211023111777598167, 15781671485427291330, 10363743021216146144, 5806329751690313006, 15745089491775103262, 17509746045803567900, 1447711951392380165, 6118366145278105860, 4383356545218844403, 16245693987825670584, 2780554830603218012, 12970299634944553151, 3222388605624008866, 15814383424087557059, 15988086447905475558, 16116025969641329513, 6426405161833441255, 3254481667731922028, 6488541859345202975, 10574901139024748597, 3024566360722566355, 16062071326447635275, 12345606174395125886, 6794103055184511112, 11215411239298654461, 16898959837531392298, 11392129473298461016, 8804779203101922496, 18248956894608479019, 3405499931018446142, 17086893422507178606, 15658544032726530242, 8364333522488247864, 3279785515391664592, 13243140800673203277, 5966586998550012975, 16565158092620888628, 12638930544692949903, 1246241189792785842, 15194422135212677813, 12698266719810819587, 1534974055018719502, 12670636876876282922, 15558200550263511669, 3503220298365529701, 7528003967410398907, 17951113451990505790, 11966189487560109058, 9487073780776752004, 16989174121673443471, 11983187886593000791, 14034832459830322267, 7699754122092779654, 11045278550085659092, 15517258337126557177, 11994491770159532604, 12391224518810430854, 16412011954261833814, 6823393608276975560, 8049664586953865101, 105554461905525278, 1108289617734621870, 3107169899130739186, 16009603271400150224, 2287840628984514055, 16506851535775780356, 3856407398241994124, 15057357339963415331, 7421988999323764657, 16263909762531412778, 5520741619830646734, 12658567612226487844, 4150397776403010384, 4506124991939010117, 8337570680160461228, 1773277438796706851, 4411225815945427420, 14662834929794280164, 2744390976482384579, 5016066739309353833, 2446711385473505783, 7207045095118849468, 5059656042334578233, 5000969109599430964, 2861557136012695307, 4840563942385966137]
-\ No newline at end of file
 diff --git a/Build/OvmfX64/DEBUG_GCC5/StackCookieValues32.json b/Build/OvmfX64/DEBUG_GCC5/StackCookieValues32.json
 new file mode 100644
 index 0000000000..279006e935
@@ -157,5 +137,5 @@ index 0000000000..189f1bb32c
 +[7518985701012212569, 2601960957474891530, 17831311744988480182, 16652208568711364861, 11779046321730877689, 4265457871546500992, 7292254499229112648, 223890800426602719, 2838072854045228586, 17406395504460044440, 15908843496796806072, 14702662319704085758, 9867044736590216777, 1826029253899249568, 13211023111777598167, 15781671485427291330, 10363743021216146144, 5806329751690313006, 15745089491775103262, 17509746045803567900, 1447711951392380165, 6118366145278105860, 4383356545218844403, 16245693987825670584, 2780554830603218012, 12970299634944553151, 3222388605624008866, 15814383424087557059, 15988086447905475558, 16116025969641329513, 6426405161833441255, 3254481667731922028, 6488541859345202975, 10574901139024748597, 3024566360722566355, 16062071326447635275, 12345606174395125886, 6794103055184511112, 11215411239298654461, 16898959837531392298, 11392129473298461016, 8804779203101922496, 18248956894608479019, 3405499931018446142, 17086893422507178606, 15658544032726530242, 8364333522488247864, 3279785515391664592, 13243140800673203277, 5966586998550012975, 16565158092620888628, 12638930544692949903, 1246241189792785842, 15194422135212677813, 12698266719810819587, 1534974055018719502, 12670636876876282922, 15558200550263511669, 3503220298365529701, 7528003967410398907, 17951113451990505790, 11966189487560109058, 9487073780776752004, 16989174121673443471, 11983187886593000791, 14034832459830322267, 7699754122092779654, 11045278550085659092, 15517258337126557177, 11994491770159532604, 12391224518810430854, 16412011954261833814, 6823393608276975560, 8049664586953865101, 105554461905525278, 1108289617734621870, 3107169899130739186, 16009603271400150224, 2287840628984514055, 16506851535775780356, 3856407398241994124, 15057357339963415331, 7421988999323764657, 16263909762531412778, 5520741619830646734, 12658567612226487844, 4150397776403010384, 4506124991939010117, 8337570680160461228, 1773277438796706851, 4411225815945427420, 14662834929794280164, 2744390976482384579, 5016066739309353833, 2446711385473505783, 7207045095118849468, 5059656042334578233, 5000969109599430964, 2861557136012695307, 4840563942385966137]
 \ No newline at end of file
 -- 
-2.43.0
+2.51.0

--- a/ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch
+++ b/ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch
@@ -9,22 +9,11 @@ This reverts commit f53f029122d4493e9db95e2424dd8f067f247661.
 BaseTools/Conf/tools_def.template | 41 ++++++++++++++-----------------
 1 file changed, 19 insertions(+), 22 deletions(-)

-diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index de86f96733..2a479365da 100755
--- a/BaseTools/Conf/tools_def.template
-+++ b/BaseTools/Conf/tools_def.template
-@@ -21,9 +21,8 @@
- #      - Add GCC and GCCNOLTO
- #      - Deprecate GCC48, GCC49 and GCC5.
- # 3.01 - Add toolchain for VS2022
-# 3.02 - Enable stack cookies for IA32, X64, ARM, and AARCH64 builds for GCC and MSVC
- #
-#!VERSION=3.02
-+#!VERSION=3.01
- 
- IDENTIFIER = Default TOOL_CHAIN_CONF
- 
-@@ -636,9 +635,9 @@ NOOPT_VS2017_AARCH64_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
+Index: edk2-edk2-stable202511/BaseTools/Conf/tools_def.template
+===================================================================
+--- edk2-edk2-stable202511.orig/BaseTools/Conf/tools_def.template
+++ edk2-edk2-stable202511/BaseTools/Conf/tools_def.template
+@@ -608,9 +608,9 @@ NOOPT_VS2017_AARCH64_DLINK_FLAGS   = /NO
 *_VS2019_IA32_PP_PATH      = DEF(VS2019_BIN_IA32)\cl.exe
 *_VS2019_IA32_ASM_PATH     = DEF(VS2019_BIN_IA32)\ml.exe
 
@@ -37,7 +26,7 @@ index de86f96733..2a479365da 100755
 
   DEBUG_VS2019_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
 RELEASE_VS2019_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd
-@@ -666,9 +665,9 @@ NOOPT_VS2019_IA32_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /O
+@@ -638,9 +638,9 @@ NOOPT_VS2019_IA32_DLINK_FLAGS   = /NOLOG
 *_VS2019_X64_DLINK_PATH    = DEF(VS2019_BIN_X64)\link.exe
 *_VS2019_X64_ASLDLINK_PATH = DEF(VS2019_BIN_X64)\link.exe
 
@@ -50,7 +39,7 @@ index de86f96733..2a479365da 100755
 
   DEBUG_VS2019_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd /Zi
 RELEASE_VS2019_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd
-@@ -779,9 +778,9 @@ NOOPT_VS2019_AARCH64_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
+@@ -725,9 +725,9 @@ NOOPT_VS2019_AARCH64_DLINK_FLAGS   = /NO
 *_VS2022_IA32_ASM_PATH     = DEF(VS2022_BIN_IA32)\ml.exe
 
       *_VS2022_IA32_MAKE_FLAGS  = /nologo
@@ -63,7 +52,7 @@ index de86f96733..2a479365da 100755
 
   DEBUG_VS2022_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
 RELEASE_VS2022_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd
-@@ -815,9 +814,9 @@ NOOPT_VS2022_IA32_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /O
+@@ -761,9 +761,9 @@ NOOPT_VS2022_IA32_DLINK_FLAGS   = /NOLOG
 *_VS2022_X64_DLINK_PATH    = DEF(VS2022_BIN_X64)\link.exe
 *_VS2022_X64_ASLDLINK_PATH = DEF(VS2022_BIN_X64)\link.exe
 
@@ -76,24 +65,21 @@ index de86f96733..2a479365da 100755
 
   DEBUG_VS2022_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd /Zi
 RELEASE_VS2022_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd
-@@ -919,13 +918,11 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG     = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
- *_*_*_DTCPP_PATH                   = DEF(DTCPP_BIN)
+@@ -833,10 +833,10 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG     = --a
 *_*_*_DTC_PATH                     = DEF(DTC_BIN)
 
-# All supported GCC archs except LOONGARCH64 support -mstack-protector-guard=global, so set that on everything except LOONGARCH64
+ # All supported GCC archs except LOONGARCH64 support -mstack-protector-guard=global, so set that on everything except LOONGARCH64
 -DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -fstack-protector
 -DEFINE GCC_IA32_X64_CC_FLAGS       = -mstack-protector-guard=global
-DEFINE GCC_ARM_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie -mstack-protector-guard=global
 +DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
-+DEFINE GCC_ARM_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
+DEFINE GCC_IA32_X64_CC_FLAGS       = 
 DEFINE GCC_LOONGARCH64_CC_FLAGS    = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
- DEFINE GCC_ARM_CC_XIPFLAGS         = -mno-unaligned-access
 -DEFINE GCC_AARCH64_CC_FLAGS        = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char  -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18 -mstack-protector-guard=global
 +DEFINE GCC_AARCH64_CC_FLAGS        = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char  -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18
 DEFINE GCC_AARCH64_CC_XIPFLAGS     = -mstrict-align -mgeneral-regs-only
 DEFINE GCC_RISCV64_CC_XIPFLAGS     = -mstrict-align -mgeneral-regs-only
 DEFINE GCC_DLINK2_FLAGS_COMMON     = -Wl,--script=$(EDK_TOOLS_PATH)/Scripts/GccBase.lds
-@@ -961,8 +958,8 @@ DEFINE GCC_DEPS_FLAGS              = -MMD -MF $@.deps
+@@ -864,8 +864,8 @@ DEFINE GCC_DEPS_FLAGS              = -MM
 
 DEFINE GCC48_ALL_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
 DEFINE GCC48_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
@@ -104,15 +90,3 @@ index de86f96733..2a479365da 100755
 DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
 DEFINE GCC48_IA32_X64_DLINK_FLAGS    = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
 DEFINE GCC48_IA32_DLINK2_FLAGS       = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
-@@ -971,7 +968,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS        = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF
- DEFINE GCC48_ASM_FLAGS               = DEF(GCC_ASM_FLAGS)
- DEFINE GCC48_ARM_ASM_FLAGS           = $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
- DEFINE GCC48_AARCH64_ASM_FLAGS       = $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
-DEFINE GCC48_ARM_CC_FLAGS            = $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -mword-relocations
-+DEFINE GCC48_ARM_CC_FLAGS            = $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -fstack-protector -mword-relocations
- DEFINE GCC48_ARM_CC_XIPFLAGS         = DEF(GCC_ARM_CC_XIPFLAGS)
- DEFINE GCC48_AARCH64_CC_FLAGS        = $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS)
- DEFINE GCC48_AARCH64_CC_XIPFLAGS     = DEF(GCC_AARCH64_CC_XIPFLAGS)
-- 
-2.43.0
-
--- a/ovmf-Revert-OvmfPkg-RiscVVirt-Add-SecureBootDefaultKeysIn.patch
+++ b/ovmf-Revert-OvmfPkg-RiscVVirt-Add-SecureBootDefaultKeysIn.patch
@@ -0,0 +1,765 @@
+From 96eb23c5556ed28d2242669bed9eb818285251b6 Mon Sep 17 00:00:00 2001
+From: Richard Lyu <richard.lyu@suse.com>
+Date: Wed, 17 Dec 2025 11:35:31 +0800
+Subject: [PATCH] Revert "OvmfPkg/RiscVVirt: Add SecureBootDefaultKeysInit
+ module."
+
+This reverts commit 35a3ceb882b57da0964c8b4a038e8808b3dc2b13.
+---
+ .../SecureBootDefaultKeysInit.c               | 643 ------------------
+ .../SecureBootDefaultKeysInit.inf             |  49 --
+ OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc           |   2 +-
+ OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf           |  18 -
+ 4 files changed, 1 insertion(+), 711 deletions(-)
+ delete mode 100644 OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c
+ delete mode 100644 OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf
+
+diff --git a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c b/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c
+deleted file mode 100644
+index 037174dc6a..0000000000
+--- a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.c
+++ /dev/null
+@@ -1,643 +0,0 @@
+-/** @file
+-  This driver init default Secure Boot variables
+-
+-  Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+-  (C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR>
+-  Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+-  Copyright (c) 2021, Semihalf All rights reserved.<BR>
+-  Copyright (c) 2021, Ampere Computing LLC. All rights reserved.<BR>
+-  Copyright (C) 2023-2025 Advanced Micro Devices, Inc. All rights reserved.
+-
+-  SPDX-License-Identifier: BSD-2-Clause-Patent
+-
+-**/
+-
+-#include <Uefi.h>
+-#include <UefiSecureBoot.h>
+-#include <Library/BaseLib.h>
+-#include <Library/BaseMemoryLib.h>
+-#include <Library/DebugLib.h>
+-#include <Library/DxeServicesLib.h>
+-#include <Library/MemoryAllocationLib.h>
+-#include <Library/UefiBootServicesTableLib.h>
+-#include <Library/UefiRuntimeServicesTableLib.h>
+-#include <Library/UefiLib.h>
+-#include <Guid/AuthenticatedVariableFormat.h>
+-#include <Guid/ImageAuthentication.h>
+-#include <Library/SecureBootVariableLib.h>
+-#include <Library/SecureBootVariableProvisionLib.h>
+-
+-/**
+-  Set PKDefault Variable.
+-
+-  @param[in] X509Data              X509 Certificate data.
+-  @param[in] X509DataSize          X509 Certificate data size.
+-
+-  @retval   EFI_SUCCESS            PKDefault is set successfully.
+-
+-**/
+-EFI_STATUS
+-SetPkDefault (
+-  IN UINT8  *X509Data,
+-  IN UINTN  X509DataSize
+-  )
+-{
+-  EFI_STATUS          Status;
+-  UINT32              Attr;
+-  UINTN               DataSize;
+-  EFI_SIGNATURE_LIST  *PkCert;
+-  EFI_SIGNATURE_DATA  *PkCertData;
+-
+-  PkCert = NULL;
+-
+-  //
+-  // Allocate space for PK certificate list and initialize it.
+-  // Create PK database entry with SignatureHeaderSize equals 0.
+-  //
+-  PkCert = (EFI_SIGNATURE_LIST *)AllocateZeroPool (
+-                                   sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1
+-                                   + X509DataSize
+-                                   );
+-  if (PkCert == NULL) {
+-    Status = EFI_OUT_OF_RESOURCES;
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-  PkCert->SignatureListSize = (UINT32)(sizeof (EFI_SIGNATURE_LIST)
+-                                       + sizeof (EFI_SIGNATURE_DATA) - 1
+-                                       + X509DataSize);
+-  PkCert->SignatureSize       = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+-  PkCert->SignatureHeaderSize = 0;
+-  CopyGuid (&PkCert->SignatureType, &gEfiCertX509Guid);
+-  PkCertData = (EFI_SIGNATURE_DATA *)((UINTN)PkCert
+-                                      + sizeof (EFI_SIGNATURE_LIST)
+-                                      + PkCert->SignatureHeaderSize);
+-  CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid);
+-  //
+-  // Fill the PK database with PKpub data from X509 certificate file.
+-  //
+-  CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize);
+-
+-  Attr     = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS;
+-  DataSize = PkCert->SignatureListSize;
+-
+-  Status = gRT->SetVariable (
+-                  EFI_PK_DEFAULT_VARIABLE_NAME,
+-                  &gEfiGlobalVariableGuid,
+-                  Attr,
+-                  DataSize,
+-                  PkCert
+-                  );
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-ON_EXIT:
+-
+-  if (PkCert != NULL) {
+-    FreePool (PkCert);
+-  }
+-
+-  return Status;
+-}
+-
+-/**
+-  Set KDKDefault Variable.
+-
+-  @param[in] X509Data              X509 Certificate data.
+-  @param[in] X509DataSize          X509 Certificate data size.
+-
+-  @retval   EFI_SUCCESS            KEKDefault is set successfully.
+-
+-**/
+-EFI_STATUS
+-SetKekDefault (
+-  IN UINT8  *X509Data,
+-  IN UINTN  X509DataSize
+-  )
+-{
+-  EFI_STATUS          Status;
+-  EFI_SIGNATURE_DATA  *KEKSigData;
+-  EFI_SIGNATURE_LIST  *KekSigList;
+-  UINTN               DataSize;
+-  UINTN               KekSigListSize;
+-  UINT32              Attr;
+-
+-  KekSigList     = NULL;
+-  KekSigListSize = 0;
+-  DataSize       = 0;
+-  KEKSigData     = NULL;
+-
+-  KekSigListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize;
+-  KekSigList     = (EFI_SIGNATURE_LIST *)AllocateZeroPool (KekSigListSize);
+-  if (KekSigList == NULL) {
+-    Status = EFI_OUT_OF_RESOURCES;
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-  //
+-  // Fill Certificate Database parameters.
+-  //
+-  KekSigList->SignatureListSize   = (UINT32)KekSigListSize;
+-  KekSigList->SignatureHeaderSize = 0;
+-  KekSigList->SignatureSize       = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+-  CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid);
+-
+-  KEKSigData = (EFI_SIGNATURE_DATA *)((UINT8 *)KekSigList + sizeof (EFI_SIGNATURE_LIST));
+-  CopyGuid (&KEKSigData->SignatureOwner, &gEfiGlobalVariableGuid);
+-  CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize);
+-
+-  //
+-  // Check if KEK been already existed.
+-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
+-  // new kek to original variable
+-  //
+-  Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS;
+-
+-  Status = gRT->GetVariable (
+-                  EFI_KEK_DEFAULT_VARIABLE_NAME,
+-                  &gEfiGlobalVariableGuid,
+-                  NULL,
+-                  &DataSize,
+-                  NULL
+-                  );
+-  if (Status == EFI_BUFFER_TOO_SMALL) {
+-    Attr |= EFI_VARIABLE_APPEND_WRITE;
+-  } else if (Status != EFI_NOT_FOUND) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot get the value of KEK: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-  Status = gRT->SetVariable (
+-                  EFI_KEK_DEFAULT_VARIABLE_NAME,
+-                  &gEfiGlobalVariableGuid,
+-                  Attr,
+-                  KekSigListSize,
+-                  KekSigList
+-                  );
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-ON_EXIT:
+-
+-  if (KekSigList != NULL) {
+-    FreePool (KekSigList);
+-  }
+-
+-  return Status;
+-}
+-
+-/**
+-  Checks if the file content complies with EFI_VARIABLE_AUTHENTICATION_2 format
+-
+-  @param[in] Data                  Data.
+-  @param[in] DataSize              Data size.
+-
+-  @retval    TRUE                  The content is EFI_VARIABLE_AUTHENTICATION_2 format.
+-  @retval    FALSE                 The content is NOT a EFI_VARIABLE_AUTHENTICATION_2 format.
+-
+-**/
+-BOOLEAN
+-IsAuthentication2Format (
+-  IN UINT8  *Data,
+-  IN UINTN  DataSize
+-  )
+-{
+-  EFI_VARIABLE_AUTHENTICATION_2  *Auth2;
+-  BOOLEAN                        IsAuth2Format;
+-
+-  IsAuth2Format = FALSE;
+-
+-  Auth2 = (EFI_VARIABLE_AUTHENTICATION_2 *)Data;
+-  if (Auth2->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) {
+-    goto ON_EXIT;
+-  }
+-
+-  if (CompareGuid (&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) {
+-    IsAuth2Format = TRUE;
+-  }
+-
+-ON_EXIT:
+-
+-  return IsAuth2Format;
+-}
+-
+-/**
+-  Set signature database with the data of EFI_VARIABLE_AUTHENTICATION_2 format.
+-
+-  @param[in] AuthData              AUTHENTICATION_2 data.
+-  @param[in] AuthDataSize          AUTHENTICATION_2 data size.
+-  @param[in] VariableName          Variable name of signature database, must be
+-                                   EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME.
+-
+-  @retval   EFI_SUCCESS            New signature is set successfully.
+-  @retval   EFI_INVALID_PARAMETER  The parameter is invalid.
+-  @retval   EFI_UNSUPPORTED        Unsupported command.
+-  @retval   EFI_OUT_OF_RESOURCES   Could not allocate needed resources.
+-
+-**/
+-EFI_STATUS
+-SetAuthentication2ToSigDb (
+-  IN UINT8   *AuthData,
+-  IN UINTN   AuthDataSize,
+-  IN CHAR16  *VariableName
+-  )
+-{
+-  EFI_STATUS  Status;
+-  UINTN       DataSize;
+-  UINT32      Attr;
+-  UINT8       *Data;
+-
+-  Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS;
+-
+-  //
+-  // Check if SigDB variable has been already existed.
+-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
+-  // new signature data to original variable
+-  //
+-  DataSize = 0;
+-  Status   = gRT->GetVariable (
+-                    VariableName,
+-                    &gEfiGlobalVariableGuid,
+-                    NULL,
+-                    &DataSize,
+-                    NULL
+-                    );
+-  if (Status == EFI_BUFFER_TOO_SMALL) {
+-    Attr |= EFI_VARIABLE_APPEND_WRITE;
+-  } else if (Status != EFI_NOT_FOUND) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot get the value of signature database: %r\n", __func__, Status));
+-    return Status;
+-  }
+-
+-  //
+-  // Ignore AUTHENTICATION_2 region. Only the actual certificate is needed.
+-  //
+-  DataSize = AuthDataSize - ((EFI_VARIABLE_AUTHENTICATION_2 *)AuthData)->AuthInfo.Hdr.dwLength - sizeof (EFI_TIME);
+-  Data     = AuthData + (AuthDataSize - DataSize);
+-
+-  Status = gRT->SetVariable (
+-                  VariableName,
+-                  &gEfiGlobalVariableGuid,
+-                  Attr,
+-                  DataSize,
+-                  Data
+-                  );
+-
+-  return Status;
+-}
+-
+-/**
+-
+-  Set signature database with the data of X509 format.
+-
+-  @param[in] X509Data              X509 Certificate data.
+-  @param[in] X509DataSize          X509 Certificate data size.
+-  @param[in] VariableName          Variable name of signature database, must be
+-                                   EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME.
+-  @param[in] SignatureOwnerGuid    Guid of the signature owner.
+-
+-  @retval   EFI_SUCCESS            New X509 is enrolled successfully.
+-  @retval   EFI_OUT_OF_RESOURCES   Could not allocate needed resources.
+-
+-**/
+-EFI_STATUS
+-SetX509ToSigDb (
+-  IN UINT8     *X509Data,
+-  IN UINTN     X509DataSize,
+-  IN CHAR16    *VariableName,
+-  IN EFI_GUID  *SignatureOwnerGuid
+-  )
+-{
+-  EFI_STATUS          Status;
+-  EFI_SIGNATURE_LIST  *SigDBCert;
+-  EFI_SIGNATURE_DATA  *SigDBCertData;
+-  VOID                *Data;
+-  UINTN               DataSize;
+-  UINTN               SigDBSize;
+-  UINT32              Attr;
+-
+-  SigDBSize     = 0;
+-  DataSize      = 0;
+-  SigDBCert     = NULL;
+-  SigDBCertData = NULL;
+-  Data          = NULL;
+-
+-  SigDBSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize;
+-  Data      = AllocateZeroPool (SigDBSize);
+-  if (Data == NULL) {
+-    Status = EFI_OUT_OF_RESOURCES;
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot allocate memory: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-  //
+-  // Fill Certificate Database parameters.
+-  //
+-  SigDBCert                      = (EFI_SIGNATURE_LIST *)Data;
+-  SigDBCert->SignatureListSize   = (UINT32)SigDBSize;
+-  SigDBCert->SignatureHeaderSize = 0;
+-  SigDBCert->SignatureSize       = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + X509DataSize);
+-  CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid);
+-
+-  SigDBCertData = (EFI_SIGNATURE_DATA *)((UINT8 *)SigDBCert + sizeof (EFI_SIGNATURE_LIST));
+-  CopyGuid (&SigDBCertData->SignatureOwner, SignatureOwnerGuid);
+-  CopyMem ((UINT8 *)(SigDBCertData->SignatureData), X509Data, X509DataSize);
+-
+-  //
+-  // Check if signature database entry has been already existed.
+-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
+-  // new signature data to original variable
+-  //
+-  Attr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS;
+-
+-  Status = gRT->GetVariable (
+-                  VariableName,
+-                  &gEfiGlobalVariableGuid,
+-                  NULL,
+-                  &DataSize,
+-                  NULL
+-                  );
+-  if (Status == EFI_BUFFER_TOO_SMALL) {
+-    Attr |= EFI_VARIABLE_APPEND_WRITE;
+-  } else if (Status != EFI_NOT_FOUND) {
+-    goto ON_EXIT;
+-  }
+-
+-  Status = gRT->SetVariable (
+-                  VariableName,
+-                  &gEfiGlobalVariableGuid,
+-                  Attr,
+-                  SigDBSize,
+-                  Data
+-                  );
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot set signature database: %r\n", __func__, Status));
+-    goto ON_EXIT;
+-  }
+-
+-ON_EXIT:
+-
+-  if (Data != NULL) {
+-    FreePool (Data);
+-  }
+-
+-  return Status;
+-}
+-
+-/**
+-
+-  Set signature database.
+-
+-  @param[in] Data                  Data.
+-  @param[in] DataSize              Data size.
+-  @param[in] VariableName          Variable name of signature database, must be
+-                                   EFI_DB_DEFAULT_VARIABLE_NAME or EFI_DBX_DEFAULT_VARIABLE_NAME or EFI_DBT_DEFAULT_VARIABLE_NAME.
+-  @param[in] SignatureOwnerGuid    Guid of the signature owner.
+-
+-  @retval   EFI_SUCCESS            Signature is set successfully.
+-  @retval   EFI_OUT_OF_RESOURCES   Could not allocate needed resources.
+-
+-**/
+-EFI_STATUS
+-SetSignatureDatabase (
+-  IN UINT8     *Data,
+-  IN UINTN     DataSize,
+-  IN CHAR16    *VariableName,
+-  IN EFI_GUID  *SignatureOwnerGuid
+-  )
+-{
+-  if (IsAuthentication2Format (Data, DataSize)) {
+-    return SetAuthentication2ToSigDb (Data, DataSize, VariableName);
+-  } else {
+-    return SetX509ToSigDb (Data, DataSize, VariableName, SignatureOwnerGuid);
+-  }
+-}
+-
+-/** Initializes PKDefault variable with data from FFS section.
+-
+-  @retval  EFI_SUCCESS           Variable was initialized successfully.
+-  @retval  EFI_UNSUPPORTED       Variable already exists.
+-**/
+-EFI_STATUS
+-InitPkDefault (
+-  IN VOID
+-  )
+-{
+-  EFI_STATUS  Status;
+-  UINT8       *Data;
+-  UINTN       DataSize;
+-
+-  //
+-  // Check if variable exists, if so do not change it
+-  //
+-  Status = GetVariable2 (EFI_PK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
+-  if (Status == EFI_SUCCESS) {
+-    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+-    FreePool (Data);
+-    return EFI_UNSUPPORTED;
+-  }
+-
+-  //
+-  // Variable does not exist, can be initialized
+-  //
+-  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_PK_DEFAULT_VARIABLE_NAME));
+-
+-  //
+-  // Enroll default PK.
+-  //
+-  Status = GetSectionFromFv (
+-             &gDefaultPKFileGuid,
+-             EFI_SECTION_RAW,
+-             0,
+-             (VOID **)&Data,
+-             &DataSize
+-             );
+-  if (!EFI_ERROR (Status)) {
+-    SetPkDefault (Data, DataSize);
+-  }
+-
+-  return EFI_SUCCESS;
+-}
+-
+-/** Initializes KEKDefault variable with data from FFS section.
+-
+-  @retval  EFI_SUCCESS           Variable was initialized successfully.
+-  @retval  EFI_UNSUPPORTED       Variable already exists.
+-**/
+-EFI_STATUS
+-InitKekDefault (
+-  IN VOID
+-  )
+-{
+-  EFI_STATUS  Status;
+-  UINTN       Index;
+-  UINT8       *Data;
+-  UINTN       DataSize;
+-
+-  //
+-  // Check if variable exists, if so do not change it
+-  //
+-  Status = GetVariable2 (EFI_KEK_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
+-  if (Status == EFI_SUCCESS) {
+-    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_KEK_DEFAULT_VARIABLE_NAME));
+-    FreePool (Data);
+-    return EFI_UNSUPPORTED;
+-  }
+-
+-  Index = 0;
+-  do {
+-    Status = GetSectionFromFv (
+-               &gDefaultKEKFileGuid,
+-               EFI_SECTION_RAW,
+-               Index,
+-               (VOID **)&Data,
+-               &DataSize
+-               );
+-    if (!EFI_ERROR (Status)) {
+-      SetKekDefault (Data, DataSize);
+-      Index++;
+-    }
+-  } while (Status == EFI_SUCCESS);
+-
+-  return EFI_SUCCESS;
+-}
+-
+-/** Initializes dbDefault variable with data from FFS section.
+-
+-  @retval  EFI_SUCCESS           Variable was initialized successfully.
+-  @retval  EFI_UNSUPPORTED       Variable already exists.
+-**/
+-EFI_STATUS
+-InitDbDefault (
+-  IN VOID
+-  )
+-{
+-  EFI_STATUS  Status;
+-  UINTN       Index;
+-  UINT8       *Data;
+-  UINTN       DataSize;
+-
+-  Status = GetVariable2 (EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
+-  if (Status == EFI_SUCCESS) {
+-    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+-    FreePool (Data);
+-    return EFI_UNSUPPORTED;
+-  }
+-
+-  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DB_DEFAULT_VARIABLE_NAME));
+-
+-  Index = 0;
+-  do {
+-    Status = GetSectionFromFv (
+-               &gDefaultdbFileGuid,
+-               EFI_SECTION_RAW,
+-               Index,
+-               (VOID **)&Data,
+-               &DataSize
+-               );
+-    if (!EFI_ERROR (Status)) {
+-      SetSignatureDatabase (Data, DataSize, EFI_DB_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid);
+-      Index++;
+-    }
+-  } while (Status == EFI_SUCCESS);
+-
+-  return EFI_SUCCESS;
+-}
+-
+-/** Initializes dbxDefault variable with data from FFS section.
+-
+-  @retval  EFI_SUCCESS           Variable was initialized successfully.
+-  @retval  EFI_UNSUPPORTED       Variable already exists.
+-**/
+-EFI_STATUS
+-InitDbxDefault (
+-  IN VOID
+-  )
+-{
+-  EFI_STATUS  Status;
+-  UINTN       Index;
+-  UINT8       *Data;
+-  UINTN       DataSize;
+-
+-  //
+-  // Check if variable exists, if so do not change it
+-  //
+-  Status = GetVariable2 (EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid, (VOID **)&Data, &DataSize);
+-  if (Status == EFI_SUCCESS) {
+-    DEBUG ((DEBUG_INFO, "Variable %s exists. Old value is preserved\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+-    FreePool (Data);
+-    return EFI_UNSUPPORTED;
+-  }
+-
+-  //
+-  // Variable does not exist, can be initialized
+-  //
+-  DEBUG ((DEBUG_INFO, "Variable %s does not exist.\n", EFI_DBX_DEFAULT_VARIABLE_NAME));
+-
+-  Index = 0;
+-  do {
+-    Status = GetSectionFromFv (
+-               &gDefaultdbxFileGuid,
+-               EFI_SECTION_RAW,
+-               Index,
+-               (VOID **)&Data,
+-               &DataSize
+-               );
+-    if (!EFI_ERROR (Status)) {
+-      SetSignatureDatabase (Data, DataSize, EFI_DBX_DEFAULT_VARIABLE_NAME, &gEfiGlobalVariableGuid);
+-      Index++;
+-    }
+-  } while (Status == EFI_SUCCESS);
+-
+-  return EFI_SUCCESS;
+-}
+-
+-/**
+-  Initializes default SecureBoot certificates with data from FFS section.
+-
+-  @param[in] ImageHandle          The firmware allocated handle for the EFI image.
+-  @param[in] SystemTable           A pointer to the EFI System Table.
+-
+-  @retval  EFI_SUCCESS           Variable was initialized successfully.
+-**/
+-EFI_STATUS
+-EFIAPI
+-SecureBootDefaultKeysInitEntry (
+-  IN EFI_HANDLE        ImageHandle,
+-  IN EFI_SYSTEM_TABLE  *SystemTable
+-  )
+-{
+-  EFI_STATUS  Status;
+-
+-  Status = InitPkDefault ();
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize PKDefault: %r\n", __func__, Status));
+-    return Status;
+-  }
+-
+-  Status = InitKekDefault ();
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize KEKDefault: %r\n", __func__, Status));
+-    return Status;
+-  }
+-
+-  Status = InitDbDefault ();
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbDefault: %r\n", __func__, Status));
+-    return Status;
+-  }
+-
+-  Status = InitDbxDefault ();
+-  if (EFI_ERROR (Status)) {
+-    DEBUG ((DEBUG_ERROR, "%a: Cannot initialize dbxDefault: %r\n", __func__, Status));
+-    return Status;
+-  }
+-
+-  return EFI_SUCCESS;
+-}
+diff --git a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf b/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf
+deleted file mode 100644
+index 0127841733..0000000000
+--- a/OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf
+++ /dev/null
+@@ -1,49 +0,0 @@
+-## @file
+-#  Initializes Secure Boot default keys
+-#
+-#  Copyright (c) 2021, ARM Ltd. All rights reserved.<BR>
+-#  Copyright (c) 2021, Semihalf All rights reserved.<BR>
+-#  Copyright (C) 2023-2025 Advanced Micro Devices, Inc. All rights reserved.
+-#
+-#  SPDX-License-Identifier: BSD-2-Clause-Patent
+-#
+-##
+-
+-[Defines]
+-  INF_VERSION                    = 1.29
+-  BASE_NAME                      = SecureBootDefaultKeysInit
+-  FILE_GUID                      = 384D1860-7306-11F0-B8B4-F53A5CB787AC
+-  MODULE_TYPE                    = DXE_DRIVER
+-  VERSION_STRING                 = 1.0
+-  ENTRY_POINT                    = SecureBootDefaultKeysInitEntry
+-
+-[Sources]
+-  SecureBootDefaultKeysInit.c
+-
+-[Packages]
+-  MdeModulePkg/MdeModulePkg.dec
+-  MdePkg/MdePkg.dec
+-  SecurityPkg/SecurityPkg.dec
+-
+-[LibraryClasses]
+-  DebugLib
+-  DxeServicesLib
+-  SecureBootVariableLib
+-  SecureBootVariableProvisionLib
+-  UefiBootServicesTableLib
+-  UefiDriverEntryPoint
+-
+-[Guids]
+-  gDefaultdbFileGuid
+-  gDefaultdbxFileGuid
+-  gDefaultKEKFileGuid
+-  gDefaultPKFileGuid
+-  gEfiCertPkcs7Guid
+-  gEfiCertX509Guid
+-  gEfiCustomModeEnableGuid
+-  gEfiImageSecurityDatabaseGuid
+-  gEfiSecureBootEnableDisableGuid
+-
+-[Depex]
+-  gEfiVariableArchProtocolGuid      AND
+-  gEfiVariableWriteArchProtocolGuid
+diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+index a7c4f842bb..0c1162b845 100644
+--- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+@@ -392,7 +392,7 @@
+ !endif
+   }
+   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+-  OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf
+  OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
+ !else
+   MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
+ !endif
+diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf
+index 1f37eb6894..a71ce1ae0b 100644
+--- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf
+++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.fdf
+@@ -89,24 +89,6 @@ INF  MdeModulePkg/Universal/FaultTolerantWriteDxe/FaultTolerantWriteDxe.inf
+ !endif
+ !if $(SECURE_BOOT_ENABLE) == TRUE
+   INF  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
+-  INF  OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootDefaultKeysInit/SecureBootDefaultKeysInit.inf
+-
+-  FILE FREEFORM = 85254ea7-4759-4fc4-82d4-5eed5fb0a4a0 {
+-    SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/PK/PK.cer
+-  }
+-
+-  FILE FREEFORM = 6f64916e-9f7a-4c35-b952-cd041efb05a3 {
+-    SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/KEK/MicCorKEKCA2011_2011-06-24.crt
+-  }
+-
+-  FILE FREEFORM = c491d352-7623-4843-accc-2791a7574421 {
+-    SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/db/MicWinProPCA2011_2011-10-19.crt
+-    SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/db/MicCorUEFCA2011_2011-06-27.crt
+-  }
+-
+-  FILE FREEFORM = 5740766a-718e-4dc0-9935-c36f7d3f884f {
+-    SECTION RAW = OvmfPkg/RiscVVirt/Feature/SecureBoot/SecureBootKeys/dbx/dbxupdate_x64.bin
+-  }
+ !endif
+ INF  MdeModulePkg/Universal/MonotonicCounterRuntimeDxe/MonotonicCounterRuntimeDxe.inf
+ INF  MdeModulePkg/Universal/ResetSystemRuntimeDxe/ResetSystemRuntimeDxe.inf
+-- 
+2.51.0
+
--- a/ovmf.changes
+++ b/ovmf.changes
@@ -1,3 +1,863 @@
+-------------------------------------------------------------------
+Tue Dec 16 04:19:11 UTC 2025 - Richard Lyu <richard.lyu@suse.com>
+
+- Update to edk2-stable202511
+    - Patches (git log --oneline --date-order edk2-stable202505..edk2-stable202508):
+        46548b1ada MdeModulePkg: Update brotli submodule
+        9e4d3b3163 BaseTools: Update brotli submodule
+        6c6d4d2d52 MdePkg: Add PCI Express 7.0 Header Support
+        c624a06aa3 ArmPkg,UefiCpuPkg: fix boot failure with LPA2
+        7446762732 MdePkg,UefiCpuPkg: fix wrong DS bit and add helper to check it
+        1c74842bd0 ArmPkg/Library: fix: Incorrect SectionLength Calculation.
+        49d4753385 MdeModulePkg: CoreDxe: Handle multilple MemoryAllocationModules
+        a3a180e2bc MdeModulePkg: Update Brotli Compress to 1.2.0
+        6d82549396 BaseTools: Update Brotli Compress to 1.2.0
+        059332bda3 ArmPkg/Library: Fix for coverity issue OVERRUN
+        05b677c9de UefiCpuPkg/MtrrLib: Prevent MTRR usage with SEV guests
+        b98ccecdec MdePkg: Add code to detect running as an SEV guest
+        8058a94f60 MdePkg: Add IPMI Mailbox Size Define
+        b7d91dbe8a BaseTools/GenFW: RISC-V: Detect Zicfilp extension
+        cb8c8c9285 FmpDevicePkg: GetImageInfo Add missing conditions
+        641bd54258 UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support for AMD family
+        2ff1029cc3 RedfishPkg: Add missing FreePool to fix memory leak issue
+        9b71501f6c NetworkPkg/SnpDxe: Fix Snp used uninitialized
+        94065db3dc MdeModulePkg: ArmFfaLib: Add FFA_YIELD handling
+        ed79e67369 IntelFsp2Pkg: Add check if current OS support tkinter or not
+        aba2b4e221 EmulatorPkg/Win/Host: Fix loaded DLL page protections
+        2509b4be74 ArmPlatformPkg: Update transfer list register usage before stack setup
+        05429cbe91 OvmfPkg: Expand EnrollDefaultKeys with Microsoft 2023 keys
+        98d1f8a6fd BaseTools: Remove DXE_SAL_DRIVER
+        41f7c0cd9e NetworkPkg: Remove DXE_SAL_DRIVER
+        b089a6a445 EmbeddedPkg: Remove DXE_SAL_DRIVER
+        5467d6037d ArmVirtPkg: Remove DXE_SAL_DRIVER
+        8b00092e3f ArmPlatformPkg: Remove DXE_SAL_DRIVER
+        9e740df0bd ArmPkg: Remove DXE_SAL_DRIVER
+        d36680ad13 SecurityPkg: Remove DXE_SAL_DRIVER
+        c6e5c20cb9 MdePkg: Remove DXE_SAL_DRIVER
+        147e9a053e MdeModulePkg: Remove DXE_SAL_DRIVER
+        59c3e63fc6 OvmfPkg: Use FvLib from MdePkg
+        426da7fb1a IntelFsp2WrapperPkg: Rebase FSP-S and FSP-I if Image Base not match
+        29a66468cb MdePkg: Copy FvLib to MdePkg
+        d145aef952 MdeModulePkg/Core/Dxe: Fix TPL inversion from DEBUG() message
+        302cc88ab3 NetworkPkg/SnpDxe: Update SnpDxe SNP_DRIVER struct out of DMA-able memory.
+        a074649c60 CryptoPkg: Fix coverity warnings in CryptoPkg.
+        c6cea09e9a SecurityPkg: Trace and return status are handled.
+        ff0edeaaa8 StandaloneMmPkg/Core/Dispatcher: Use more generic MMRAM term in comment
+        64a1aca08f MdeModulePkg: Fix UEFI runtime driver loading after EndOfDxe
+        7ce19889f9 DynamicTablesPkg: Add the parser for EArchCommonObjTpm2DeviceInfo
+        e29efd220d DynamicTablesPkg: PCIE SSDT Add root port devices
+        01d4c1d51c DynamicTablesPkg: Update PCIe config space object
+        8366881b06 DynamicTablesPkg: Add PCIe root port namespace object
+        76c5005ce8 DynamicTablesPkg: Add X64 libraries to meta files
+        0a3d688b1b DynamicTablesPkg: Enhance X64 PCIe SSDT _CRS generation
+        cec2c6bbcc MdeModulePkg: Always Initialize Separate Exception Stacks
+        1d6f2f0d8d MdeModulePkg: CpuExceptionHandlerLibNull: Return Success On Null Func
+        34cd1aca46 UefiCpuPkg: MpInitLib: Fix Task Register Race Condition GP Fault
+        e67f405713 UefiCpuPkg: Always Initialize Separate AP Exception Stacks
+        f64b4065b7 UefiCpuPkg/CpuDxe: fix page table walk in confidential VM
+        44214c0cdf MdeModulePkg/AcpiTableDxe:Improving InitializeAcpiTableDxe behavior.
+        9f31aa33d8 MdeModulePkg:Completed InstallAcpiTableFromAcpiSiliconHob AddTableList
+        c22d6957f4 MdeModulePkg/AcpiTableDxe:Fixed memory corruption issue
+        47dc9e310b IntelFsp2Pkg: Update GenYamlCfg script
+        db4d323909 UefiCpuPkg/PeiMpLib: Only allocate ACPI NVS AP loop code buffer on S3
+        e494b25fe3 BaseTools:Remove deprecated ast.Str import for Python 3.14 compatibility
+        2241651b17 BaseTools: Add Quoting to Python Path on Windows
+        174933ebf6 IntelFsp2Pkg/GenCfgOpt.py: Fix line endings in Linux environments
+        0fa57975b0 MdePkg: Acpi66: Add defined IOVT Signature
+        aeb27b18ce EmulatorPkg/BuildOptions: Add CLANGPDB DLINK_FLAGS flags to build options
+        e49ec97d12 OvmfPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options
+        ffa859492a StandaloneMmPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS to build options
+        519ccd4d59 SecurityPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options
+        1527320ad2 CryptoPkg/BuildOptions : Add CLANGPDB DLINK_FLAGS flags to build options
+        f80a406aa9 MdeModulePkg: CoreGetMemoryMap: Account for Unaccepted Entries
+        3731699a63 PrmPkg: Remove notes from Readme that do not apply
+        12a908e09c PrmPkg/Samples: Update INF files for GCC/CLANG
+        c16e88e301 PrmPkg/Include: Fix GCC/CLANG PRM Module DLL Export issues
+        3980808abf BaseTools/Scripts: KEEP .prmexportdescriptor data sections
+        47b0261613 BaseTools/Source/C/GenFw: Add --image-version option
+        7a3bcd6684 BaseTools/Source/C/GenFw: Add no symbols check to --prm
+        b5bab75e58 MdeModulePkg: DXE Core: Correct Usage of EFI_MEMORY_ATTRIBUTE_MASK
+        1e7a83cbb6 BaseTools/FMMT: Fix errors when operating the FV with CRC32 section
+        c9eb3717b4 MdeModulePkg: ScsiDiskDxe: Query Write Protected State
+        d428ca6fe2 MdePkg: ATAPI: Add ATA_CMD_MODE_SENSE6 Definition
+        fe52108211 EmbeddedPkg/VirtualRealTimeClockLib: Use SOURCE_DATE_EPOCH
+        fcc568ca6e BaseTools/build.py: set BUILD_TIME_EPOCH if not already in environment
+        5ca97bf64f BaseTools/build.py: language cleanup around CheckEnvVariable
+        9e815d789b ShellPkg/SmbiosView: Display Type 44 "Referenced Handle" field
+        28b7a6d5ea ShellPkg/SmbiosView: Display Type 2 Contained Objects info
+        a0e8b71ee5 ShellPkg: Review SMBIOS 3.9 specification
+        e27cfda33b OvmfPkg/IoMmuDxe: Fix 1M and 2M buffer handling
+        2522020ee1 UnitTestFrameworkPkg: Use 8MB stack for MSFT and CLANGPDB
+        597d061e09 MdeModulePkg/DxeCapsuleLibFmp:Added PCD for EmbeddedDriver Support
+        9c06ac56fb SecurityPkg: Tcg2StandaloneMmArm: Enable TPM FFA Instance to Register PPI
+        4883960e5e SecurityPkg: Tcg2AcpiFfa: Correct TPM Instance Validation
+        ff96eb4c2c MdePkg: Restore ARM processor macro in CPER header
+        faeee00490 MdeModulePkg/FvSimpleFileSystemDxe: Remove Iso639Language
+        56989e2d24 FatPkg/EnhancedFatDxe: Remove Iso639Language
+        aace3eebd2 DynamicTablesPkg: Use abstract tokens in token generator
+        f09ea5f672 ArmVirtPkg/KvmtoolCfgMgrDxe: Update DynamicPlatRepoLib usage
+        954ee29013 DynamicTablesPkg/FdtHwInfoParserLib: Add Arm IORT parser
+        ba69c6d514 DynamicTablesPkg: FdtHwInfoParserLib: Generate GIC ITS group objects
+        b0aac86c0d DynamicTablesPkg: Add helper to add array as a CmObj
+        12690ffbb8 DynamicTablesPkg: Add helper to add CmObj with given token
+        2ad74b956b DynamicTablesPkg/FdtHwInfoParserLib: Support 1 PMU IRQ per core
+        549b473b23 MdePkg/BaseFdtLib: Add FdtGetPhandle wrapper
+        80eaa563ec MdeModulePkg/HiiDatabaseDxe: Avoid unexpected memory free
+        aff203c3ce Maintainers.txt: Remove myself as BaseTools maintainer
+        3b83fe3958 BaseTools: Disable GCC relax on LoongArch
+        0070fd1aec CryptoPkg: Fix build of MbedTlsLib
+        4bb6dd8296 CryptoPkg: Simplify MSFT FLINK_FLAGS
+        0f0b472ae5 OvmfPkg/PlatformInitLib: add sanity checks to igvm code
+        ab04d09555 EmbeddedPkg: Clear keyboard queue buffer after reading
+        0cad130cb4 MdeModulePkg : Clear keyboard queue buffer after reading
+        f98662c5e3 MdePkg/MockFdtLib: add FdtLib mock functions
+        5cf1be671b ShellPkg/pci.c: Fix typo in source code.
+        5550d8f0b7 ShellPkg: Add PCIe boundary check and enhance DVSEC size calculation
+        da44b3b24a PrmPkg: Set DXE_RUNTIME_DRIVER section alignment
+        baf0ae3b1d SecurityPkg: rename PeilessSecMeasureNullLib
+        d95e578b25 ArmPlatformPkg: rename LcdHwLibNull and LcdPlatformLibNull
+        d52fa6da67 ArmPkg: rename ArmMtlNullLib
+        01b9f27dbb ArmPlatformPkg/PlatformPei: generate TPM event log hobs
+        f1f672b898 ArmPkg/SemihostFs: fix crash when file open fails
+        edb5331f78 .github/workflows: Add PR formatting validator
+        bfbd5d70e8 .github/GitHub.py: Add output and env helpers
+        d3a64baf4b NetworkPkg/UefiPxeBcDxe: Add buffer check before reporting status code
+        90771630bf UefiCpuPkg/ArmMmuLib: Add support for LPA2
+        5ec21149a7 ArmPkg/CpuDxe: Add support for LPA2 page table entry format
+        6e01bfcca2 ArmPkg/CpuDxe: Add support for signed page table levels
+        3916260189 ArmPkg/ArmLib: Add 52-bit VA support helper (LPA2)
+        c5e4e7e78a MdePkg/ArmLib: Add prototype for 52-bit VA support helper
+        8c50ce60c4 MdePkg/AArch64: Add LPA2 related constants
+        fe22ac2932 OvmfPkg/igvm: add IgvmSecureBootDxe
+        5a6a9f7955 OvmfPkg/X86QemuLoadImageLib: do not use the legacy linux loader in CVMs.
+        8b22c532b3 ShellPkg/Library: rework Shell...CommandsLib Load.c
+        aa29d51637 ShellPkg: Use the newly introduced ShellPrintDefaultEx() alias
+        9ff74659a8 OvmfPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias
+        c71d0e7153 PrmPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias
+        c4a8b001f3 ShellPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias
+        432feb6b56 NetworkPkg: Use the newly introduced ShellPrintHiiDefaultEx() alias
+        44a3048c7c ShellPkg/ShellLib.h: Add aliases for ShellPrintEx() and ShellPrintHiiEx()
+        9363f19900 ShellPkg/Connect: Extract a ConnectFromEfiVariable() function
+        53f83ae00d ShellPkg/Connect: Extract a ConnectConsoles() function
+        bcfbaf5f00 ShellPkg/Connect: Simplify error handling in ShellConnectFromDevPaths()
+        7ae7bd8ef2 ShellPkg/DrvCfg: Simplify error handling in ParseBufferConfig()
+        3fcea99da0 ShellPkg/DrvCfg: Extract a ParseBufferConfig() function
+        16ffc09be1 ShellPkg/MemMap: Extract a ParseMemoryDescriptors() function
+        5ff8948a12 ShellPkg/MemMap: Create arrays of MemoryType configuration and Page
+        25daa0fcc9 ShellPkg/MemMap: Create array of MemoryType names
+        0f57fc7cf7 ShellPkg/Dmem: Remove return parameter from DisplayXXX() functions
+        2bebeb1ad4 ShellPkg/Dmem: Remove unnecessary EfiGetSystemConfigurationTable() calls
+        482781a7f9 ShellPkg/Dmem: Simplify logic by inverting Address checks
+        e78453fb54 ShellPkg/Dmem: Replace per-System Table variable by indexed arrays
+        0235ac23c5 ShellPkg/Dmem: Remove Memory Range Capsule support
+        cf67a0c78e ShellPkg/Dmem: Remove remaining of SAL System Table
+        ace36ed376 ShellPkg/Dmem: Extract a DisplaySystemTable() function
+        a51255072e OvmfPkg/EmuVariableFvbRuntimeDxe: initialize emu variable fvb from rom
+        289b23ec12 ArmPlatformPkg/PeilessSec: apply PeilessSecMeasureLib in PeilessSec
+        9bca0ee3b2 SecurityPkg/Library: introduce PeilessSecMeasureLib
+        9c651ef83a SecurityPkg/Library: introduce HashLibTpm2PeilessSec
+        ba079eda61 ArmPkg: Smbios: Update ProcessorSubClassDxe for new SMBIOS structures
+        34e3bd44ff DynamicTablesPkg: Add SmbiosSmcLib
+        3e62dbf504 DynamicTablesPkg: DynamicTableManagerDxe: Fix NULL pointer dereference
+        6979b733ac DynamicTablesPkg: Smbios Processor Information (Type 4)
+        d755753ef8 DynamicTablesPkg: Smbios Cache Information (Type 7)
+        dfac150bdf MdePkg: SmBios: Add structs for cache size and configuration data
+        a08905a62a DynamicTablesPkg: Implement abstract CM_OBJECT_TOKENs
+        fad3450348 MdePkg: Smbios: Add AArch64 ProcessorId variant for type 4 table
+        5a8411a7b0 DynamicTablesPkg: Add SMBIOS table generation
+        a4492241a7 DynamicTablesPkg: Move ACPI building & change DEPEX on protocol
+        06a1adf23d MdePkg/SmBios.h: Add New definition for Invalid Handle
+        8f63fce994 DynamicTablesPkg: Add Ordered dispatch support for SMBIOS tables
+        6544b894a9 DynamicTablesPkg: Update SMBIOS dispatcher dependency table
+        54eabaf6b4 DynamicTablesPkg: Add SMBIOS table dispatcher
+        4b0ba678eb DynamicTablesPkg: Define a SMBIOS Structure/Table type
+        64b62a0879 UefiCpuPkg/MmSaveStateLib: On AMD MmSaveStateLib, add support AmdSysCallLib
+        3ebcf121dc OvmfPkg: Add AmdSysCallLibNull in DSC files.
+        1f5faa68ce UefiCpuPkg/AmdSysCallLib: Add AmdSysCallLib headers and Null library
+        a04994ff64 OvmfPkg/MemFD: swap memory log buffer and pei firmware volume
+        38370cf492 OvmfPkg/igvm: add PlatformIgvmVpCount
+        251462324f OvmfPkg/QemuKernelLoaderFsDxe: add support for igvm data blobs
+        c36111cfca OvmfPkg/igvm: handle igvm data hobs
+        f52a46375b OvmfPkg/igvm: add IgvmData struct header + guid
+        5e8db785e4 OvmfPkg/igvm: add igvm memory map support.
+        313004a57f OvmfPkg/igvm: add igvm regions to reset vector
+        e566e1e536 OvmfPkg/igvm: reserve two pages for igvm support in memfd
+        bc431cece3 ShellPkg: add support for AGDI table in acpiview
+        19a72dd1e1 MdePkg: AgdiTable: add support for Arm Agdi table
+        2a6708a786 OvmfPkg/build.sh: Remove support for IA32 architecture
+        7b971810b0 MdeModulePkg: Update to support mouse z-axis in ConSplitterDxe
+        3c454cf7d4 BaseTools/Plugin/HostBasedUnitTestRunner: Add CLANG support
+        55a5ec63fe UnitTestFrameworkPkg/UnitTestDebugAddressLib: Remove extra options
+        07da104cfb UnitTestFrameworkPkg/GoogleTestLib: Remove extra options
+        0838bf1531 UnitTestFrameworkPkg/SubhookLib: Update GCC defines
+        6e65f7df90 UnitTestFrameworkPkg/CmockaLib: Add CLANGPDB support
+        81a7efddd5 UnitTestFrameworkPkg/Include: Update GoogleTestLib for CLANG
+        9731114a00 UnitTestFrameworkPkg: Add CLANGDWARF and CLANGPDB support
+        f832329add UnitTestFrameworkPkg: Set defines for CLANGPDB builds
+        8310dfa9f4 CryptoPkg/Library/OpensslLib: Add back PKCS12 support
+        2ff173af12 BaseTools: Remove ARM32 Support
+        bc31103006 MdePkg: Remove ARM32 Support from CompilerIntrinsicsLib
+        49b3eb5907 MdePkg: Remove ARM32 Support from BaseLib
+        84c026111c MdePkg: Remove ARM32 Support
+        c7ada42ce4 MdePkg: Remove ARM32 Support from BaseCpuLib
+        756fd38a80 MdePkg: Remove ARM32 Support from PE/COFF Libs
+        9ca3dc9b0d MdePkg: Remove ARM32 Support from BaseSynchronizationLib
+        673ff79628 MdePkg: Remove ARM32 Support from BaseIoIntrinsicLib
+        0dc21d1f75 MdePkg: Remove ARM32 Support from BaseMemoryLibOptDxe
+        f05cf0fd66 MdePkg: Remove ARM32 Support from ArmS*cLib
+        7838ee347b MdePkg: Remove ARM32 Support from Service Table Libs
+        abfe5b2869 MdePkg: Remove ARM32 Support from StackCheckLib
+        5984676364 MdePkg: Remove ARM32 Support from UnitTests
+        5f9e2eac7a UnitTestFrameworkPkg: Remove ARM32 Support
+        ef79d58427 MdeModulePkg: Remove ARM32 Support
+        80de048c1b ArmPkg: Remove ARM32 Support
+        f73b53c283 ArmPkg: Remove Incorrect ArmPkg.dsc Sections
+        cdc8858e19 ArmPkg: Remove ARM32 Support from ArmLib
+        4261eb1bef ArmPkg: Remove ARM32 Support from ArmHvcLib
+        889676ac60 ArmPkg: Remove ARM32 Support from ArmMonitorLib
+        4bd1f47642 ArmPkg: Remove ARM32 Support from SMBIOS
+        79e9dee6c7 ArmPkg: Remove ARM32 Support from ArmExceptionLib
+        a40d7f7d0b ArmPkg: Remove ARM32 Support from CpuDxe
+        f75198f592 ArmPkg: Remove ARM32 Support from ArmStandaloneMmCoreEntryPoint
+        88b5cb3e12 ArmPkg: Remove ARM32 Support from DefaultExceptionHandlerLib
+        3741a42087 ArmPkg: Remove ARM32 Support from ArmGicDxe
+        bacb949dd9 ArmPkg: Remove ARM32 Support from SemiHostFs
+        cebf57e701 ArmPkg: Remove ARM32 Comments and Supported Arch
+        45147d3021 ArmPlatformPkg: Remove ARM32 Support from ArmPlatformLibNull
+        dc1ccc9daf  ArmPlatformPkg: Remove ARM32 Support from Sec
+        737ca4ea4f ArmPlatformPkg: Remove ARM32 Support from PeilessSec
+        b9b1365a76 ArmPlatformPkg: Remove ARM32 Comment and Supported Architecture
+        c6ff778056 OvmfPkg: Drop ARM32 Support
+        2ba9441e0b CryptoPkg: Drop ARM32 Support
+        90dc87714c EmulatorPkg: Drop ARM32 Support
+        9b8cab36cd FatPkg: Drop ARM32 Support
+        b1f7c444e1 DynamicTablesPkg: Drop ARM32 Support
+        45fde54948 EmbeddedPkg: Drop ARM32 Support
+        2c059facb3 FmpDevicePkg: Drop ARM32 Support
+        1764d4eb2b NetworkPkg: Drop ARM32 Support
+        470a80094c RedfishPkg: Drop ARM32 Support
+        2b0ce49c50 PrmPkg: Drop ARM32 Support
+        08ae634ccb SecurityPkg: Drop ARM32 Support
+        9c657c3685 ShellPkg: Remove ARM32 Support
+        18e94d0d4b SignedCapsulePkg: Drop ARM32 Support
+        7cf721dd4d StandaloneMmPkg: Drop ARM32 Support
+        3d50e76f03 UefiPayloadPkg: Drop ARM32 Support
+        08c27faeed UefiCpuPkg: Drop ARM32 Support
+        215e45bdb3 .azurepipelines,.github,.pytool: Disable ARM32 at Top Level/Pipelines
+        f451d187c3 ShellPkg: AcpiView: Fix CodeQL Error
+        12797dd337 BaseTools: Align Pre-Processor Macros for CLANGPDB and CLANGDWARF
+        21eff866e7 SecurityPkg/Tpm2DeviceLibDTpm: Remove global variable for command code
+        b15f98e68f OvmfPkg/IntelTdx: Fix TDVF boot failure with odd-sized memory below 2816M
+        17691a2641 FmpDevicePkg/FmpDxe: Improve handling of XDR certs
+        18d053d682 IntelFsp2Pkg/FspSecCore: Reserve 32B when calling C function in 64bit
+        fb43f0c085 CryptoPkg: Add support to set TLS security level.
+        ba41bd096a MdeModulePkg/TerminalDxe: Improve the implementation of AnsiTestString
+        0053bbf833 MdeModulePkg/TerminalDxe: Add missing types for TestString function
+        8a07311710 MdeModulePkg: Add PcdDelayedDispatchMaxEntries
+        32711df057 DynamicTablesPkg: Drop IA32 support
+        81f9f6d7b3 CryptoPkg/BaseCryptLibMbedTls: Fix wrong return in X509GetIssuerName
+        bd9cb33424 CryptoPkg/BaseCryptLibMbedTls: Fix DateTime conversion from char to int
+        238a6175fb BaseTools/Conf: Add support for C++ compiler flags
+        5dadbbac0b BaseTools/Conf: Remove -nostdlib -nostdlibinc for CLANG
+        6e992efa8d BaseTools/Conf: Remove -imacros from GCC_ASM_FLAGS
+        95c5f119bd BaseTools/Conf: Make ASLCC_FLAGS independent of CC_FLAGS
+        23dd3eafb8 BaseTools/Conf: USER_DEFINED/HOST_APPLICATION CLANG support
+        a63bbb35d9 EmulatorPkg/Unix/Host: Add CLANGDWARF support and reduce warnings
+        a9cf21e835 BaseTools/Conf: Fix build_rule.template for CLANGDWARF
+        24803543ea EmulatorPkg/Win/Host: Remove set but not used variables
+        7f557cd133 EmulatorPkg/Unix/Host: Fix set but unused variables
+        0bc550f466 UnitTestFrameworkPkg/SampleGoogleTest: Add missing override keyword
+        62861fed5d Maintainers.txt: Replace Swee Aun with Star as reviewer for StandaloneMmPkg
+        82a03a8248 RedfishPkg/JsonLib: Define NO_MSABI_VA_FUNCS for GCC X64
+        ff39a5d2dd CryptoPkg/BaseCryptLib: Fix MODULE_TYPE for unit tests
+        ae95326c2c CryptoPkg/BaseCryptLib: Remove tolower() for unit tests
+        1e5aeff417 UefiCpuPkg/MtrrLib: Update unit tests for CLANGPDB
+        d87583e720 MdePkg/Library/BaseLib: Remove __chkstk() from BaseLib
+        2636488e7b MdePkg/Test/MockSmmServicesTableLib: Fix struct init
+        f57fab9b1d MdeModulePkg/Test/Include: Fix SecurityManagement include guard
+        c4ca5ee091 MdeModulePkg/Universal/DisplayEngineDxe: Fix GCCNOLTO error
+        9ac6e450e4 NetworkPkg/UefiPceBcDxe/GoogleTest: Add missing EFIAPI
+        b05c8d7b80 NetworkPkg/Dhcp6Dxe/GoogleTest: Fix init of complex struct
+        0d26d944d9 MdeModulePkg/Universal/DriverSampleDxe: Fix VFR warnings
+        2a8d98d0a5 OvmfPkg/IntelTdx: Update TDVF README.md
+        b4e6443f89 SecurityPkg: Tpm2DeviceLibFfa: Recognize CRB Interface Version 2
+        b24663ee58 SecurityPkg: Tpm2DeviceLibDTpm: Recognize CRB Interface Version 2
+        3a5563593a MdePkg: TpmPtp: Add CRB Interface Version 2 Definition
+        11ecff34f3 ArmVirtPkg/ArmVirtQemu,ArmVirtQemuKernel: Allow users to enable SNP
+        6690201491 .pytool: Update Uncrustify to 73.0.11
+        d347a7e8bc BaseTools/VfrCompile: Fix compiler warning C++17 does not allow register
+        dfbb7de3c6 ArmPkg: ArmPsciMpServicesDxe: Fix MPIDR usage from CoreInfo
+        1fc19a0d52 ArmPkg: ArmPsciMpServicesDxe: Fix core disable/enable if the timer expires
+        c502e2c58e MdeModulePkg/UnicodeCollation: Fix uninitialized variable usage
+        3a53c57967 StandaloneMmPkg: Optimize MM core image size alignment
+        1780373897 MdeModulePkg/DxeMain: Add debug code for Event Group notify functions
+        282a324bf4 MdeModulePkg/ArmFfaLib: Add MemoryAllocationLib
+        2558af552d MdeModulePkg/ArmFfaLib: Add HobLib to StMm instances
+        615e5ca40a EmbeddedPkg/PrePiLib: minor cleanup in FfsProcessSection ()
+        24fd71dcaa EmbeddedPkg/PrePiLib: eliminate unneeded variable in FfsProcessSection ()
+        6b19b447c5 EmbeddedPkg/PrePiLib: refactor FfsProcessSection ()
+        4a1dca59f6 OvmfPkg/ResetVector: reorganize #vc exit handler setup.
+        6d90162e28 OvmfPkg/ResetVector: move ReloadFlat32 call
+        ea5a8582e7 OvmfPkg/MemFd: switch Microvm build to include
+        f8953fd9bd OvmfPkg/MemFd: switch OvmfPkgIa32X64 build to include
+        4b1711d431 OvmfPkg/MemFd: add AmdSev changes, switch AmdSev build to include
+        9d282ec2d9 OvmfPkg/MemFd: move MEMFD config from OvmfPkgX64 to include file
+        502f0dfda4 OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag
+        10b310f9b2 StandaloneMmPkg/Ipl: Do not check return status of MmCore's entry point
+        9b931ae81f FmpDevicePkg/Library: Correct comment description
+        b471ed2969 ArmVirtPkg: Drop ARM Virtual Platforms
+        1fb88ffe28 OvmfPkg: Remove OVMF IA32
+        20f24c0f67 OvmfPkg/MemEncryptSevLib: Check if SEV-SNP coherency mitigitation is needed
+        f41f938b35 OvmfPkg/ResetVector: Make ReceivedVc a flag in SEV-ES workarea
+        07ba06fdf7 MdePkg: Add the COHERENCY_SFW_NO CPUID bit field
+        3b0d834db2 OvmfPkg/MemEncryptSevLib: Evict cache lines during SNP memory validation
+        406aeb5a97 ShellPkg/SmbiosView: Add decode for DSP0134 SMBIOS Spec v3.9.0
+        9e1c211b6c MdePkg/IndustryStandard: Define enums for DSP0134 SMBIOS Spec v3.9.0
+        5739530817 MdePkg: Add MockSpiNorFlashProtocol
+        f5d3291379 Maintainers.txt: Add vishalo as reviewer for AARCH64 support
+        d7832b4800 MdeModulePkg: consider UNSUPPORTED return as valid in ArmFfaStandaloneMmLib
+        d8e875e625 Global: fix ArmFfaLibRun() caller couldn't get ret-args
+        57230fff6b ArmPlatformPkg,EmbeddedPkg,MdeModulePkg: Move RealTimeClockLib header
+        438045682b MdePkg/Inclde: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID
+        cf5f907cd5 ShellPkg: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID
+        a46697f735 MdeModulePkg: Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID
+        9898567e2b FatPkg/EnhanceFatDxe:Deprecate EFI_UNICODE_COLLATION_PROTOCOL_GUID
+        8bd3787e4b MdePkg/Include: Deprecate EFI_DEVICE_IO_PROTOCOL
+        e27779e2c1 ShellPkg/Library: Deprecate EFI_DEVICE_IO_PROTOCOL
+        80fddcaeb8 MdePkg/Include: Deprecate UNICODE_COLLATION_INTERFACE
+        b1e018c0ad MdePkg/Include: Deprecate EFI_NVDIMM_LABEL_FLAGS_UPDATING
+        a860818324 MdePkg/Include: Deprecate EFI_NVDIMM_LABEL_FLAGS_RESERVED
+        ff668af879 MdePkg/Include: Deprecate EFI_IP4_CONFIG_PROTOCOL
+        c3cab06d2b ShellPkg/Library: Deprecate EFI_IP4_CONFIG_PROTOCOL
+        85770fd453 MdePkg: Add support for PCIe Extended IDs
+        c992bffaef ShellPkg: Add support for PCIe Extended IDs
+        338f5079f7 MdePkg: Enable CompilerIntrinsicsLib for LoongArch
+        6093cfcdd1 BaseTools: PatchCheck.py: Allow MultiPkg Commits For Subject Check
+        d250191042 BaseTools/PatchCheck.py: Check CI Options Before Parsing
+        65485e195f UefiCpuPkg/MpInitLib: Ensure AP wake up on WakeUpByInitSipiSipi mode
+        1dacf4c408 CryptoPkg: Add SNI support
+        41cde6e2e3 NetworkPkg/TlsDxe: Add SNI support
+        4e41744142 MdePkg/Nvme.h: Add Power Loss Signaling defination
+        1bbd68755c BaseTools: Update architectures in target.template
+        a80a53ccf2 MdeModulePkg/UiApp: Remove unused variable
+        fcbf985673 MdePkg/ArmFfaMemMgmtLib: Fix typo in structure definition and comments
+        f718b0ffd6 ShellPkg/UefiShellDebug1CommandsLib: Add MRDIMM entry to QueryTable
+        397479d748 MdePkg/IndustryStandard: Add MRDIMM into Smbios.h
+        2efffed938 MdePkg/Library/BaseRngLib/Riscv: use CPU RNG instructions only
+        77293f4711 MdePkg: Correct comments for ResolutionY and ResolutionZ in SimplePointer.h
+        fa92e9bd05 MdeModulePkg UsbMouseDxe: Correct some parameter comments
+        aeea04341c MdeModulePkg: Fix malformed terminal control sequences
+        060bb0e5a7 SecurityPkg/FvReportPei: Improve CheckStoredHashFv() description
+        5025fc1eda ArmPkg/ArmTransferList: add TPM_EVENT_LOG information
+        a9cad8a1fb ArmPkg/Library/ArmTransferList: add helper to get TransferList
+        35a3ceb882 OvmfPkg/RiscVVirt: Add SecureBootDefaultKeysInit module.
+        7374b2b224 OvmfPkg/RiscVVirt: Expand variable store size for secure boot
+        32ea243c27 OvmfPkg/RiscVVirt: Resolve missing TPM Modules/Libraries
+        62929b3022 OvmfPkg/RiscVVirt/PlatformPei: Enable TPM Device Discovery
+        6bbdcecc0a OvmfPkg/Tcg2Config: Add RISC-V Support for TPM Device Discovery
+        8bdc0c2a9a UefiCpuPkg/BaseRiscV64CpuTimerLib: Ensure mTimeBase is initialized
+        d14e964692 ArmVirtPkg/ArmVirtQemu: Introduce support for MemDebugLib.
+        41c48d2a7c OvmfPkg/MemDebugLogLib: move QemuFwCfgSimpleParserLib to LibraryClasses
+        839e79f62b OvmfPkg/MemDebugLogLib: unoptimize PEIM and PEI_CORE
+        4b041f09d6 RedfishPkg/PlatformConfig: Use en-US if no x-uefi-redfish string
+        20609b499e RedfishPkg/RedfishPlatformConfig: Expose suppressed HII options to Redfish
+        6755c9d82c UefiPayloadPkg: RISCV: Licensing Fix
+        60803295c3 pip: bump pylibfdt from 1.7.2 to 1.7.2.post1
+        8404e44c63 UefiPayloadPkg: update stack address print to 64 bit
+        a56c2eb07e MdePkg/BaseFdtLib: Remove unused macros and string APIs
+        fc0fffa7e9 pip-requirements: Add pylibfdt and pefile
+        31402d2a31 CryptoPkg: Add Unit Test Host of Mbedtls CryptoLib
+        d2bdf8dda6 CryptoPkg: Fix array index out of bounds in RsaGetPrivateKeyFromPem
+        dc9cdf6c90 CryptoPkg: Add PKCS7 test case for partial certificate chains
+        d188ad6a1f NetworkPkg/WifiConnectionManagerDxe: UI Disconnect
+        68a7665250 UefiPayloadPkg/FmpDeviceSmmLib: Add for full chip flashing via SMMSTOREv2
+        2736239aca UefiPayloadPkg/SmmStore: Add API to read/write/erase any flash block
+        e7a1b29553 UefiPayloadPkg/UefiPayloadPkg.dsc: Enable FMP updates
+        f53b19f6c8 UefiPayloadPkg: Enable processing of capsules
+        d43451b520 MdeModulePkg: Add PcdCapsuleFmpSupport
+        cc149a8eaa UefiPayloadPkg/UefiPayloadEntry: Import update capsules from bootloader
+        8b2433c2f5 UefiPayloadPkg/BlSupportDxe: Publish ESRT with an entry for system firmware
+        f3a5772aca UefiPayloadPkg/BlParseLib: Add parsing of firmware info
+        450784d3fd UefiPayloadPkg/SblParseLib.inf: Add missing GUIDs
+        433bbe6e49 BaseTools: DSC: fix processing !include in multiarch subsections
+        829e42d3a3 MdeModulePkg/PeiCore: Print GUID of FV and FvFile in debug log
+        8682d3ea0a SecurityPkg/Tpm2CommandLib: Update not found RC for Public NV Read
+        42ba637432 .pytool: Use Tianocore Uncrustify release
+        0e1e079f4c MdeModulePkg: Improve the implementation of EFI_SIMPLE_TEXT_OUTPUT_PROTOCOL
+        296c2e7edb MdeModulePkg: Simplify PrintInternal function to fit wide character
+        eb3354a499 MdeModulePkg/HiiDatabaseDxe: Avoid assert in InternalGetString
+        305e5845e6 BaseTools/VfrCompile: Add check for setting string default to number
+  - Update ovmf-OvmfPkg-ArmVirtPkg-Keep-JSON-stack-cookie-files.patch
+      - Rename ArmVirtQemu-AARCH64 path to ArmVirtQemu-AArch64 due to build path updates
+      - Remove IA32, ArmVirtQemu-ARM because IA32 and ARM32 have been deprecated.
+  - Update brotli Compress to 1.2.0
+      - brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz
+          - https://github.com/google/brotli/archive/e230f474b87134e8c6c85b630084c612057f253e.tar.gz
+  - Add ovmf-Revert-OvmfPkg-RiscVVirt-Add-SecureBootDefaultKeysIn.patch (bsc#1255113)
+  - Remove the following patches because they have been merged to edk2-stable202511:
+      - ovmf-OvmfPkg-Add-NETWORK_ISCSI_DEFAULT_ENABLE-build-flag.patch 
+          502f0dfda4 OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag
+      - ovmf-MdeModulePkg-Fix-malformed-terminal-control-sequence.patch
+          aeea04341c MdeModulePkg: Fix malformed terminal control sequences
+  - Remove the revert patch ovmf-Revert-SecurityPkg-Add-Additional-TPM-Logging-at-DEB.patch
+    because the upstream has resolved this issue. (bsc#1249349) 
+        21eff866e7 SecurityPkg/Tpm2DeviceLibDTpm: Remove global variable for command code
+  - Remove the IA32 and AARCH32 OVMF image (jsc#PED-13429)
+      - Remove qemu-ovmf-ia32
+      - Remove qemu-uefi-aarch32
+  - Refresh patche:
+      - ovmf-Revert-Add-Stack-Cookie-Support-to-MSVC-and-GCC.patch
+
+-------------------------------------------------------------------
+Wed Sep  3 05:41:20 UTC 2025 - Richard Lyu <richard.lyu@suse.com>
+
+- Update to edk2-stable202508
+    - New Features & Bug Fixes (https://github.com/tianocore/edk2/releases):
+        - update to openssl 3.5.1
+        - MdeModule: Update oniguruma to v6.9.10
+        - Support Standalone MM on OVMF
+        - MdePkg/IndustryStandard: update Tpm2Acpi table to revision 5
+        - Adding FF-A memory management library
+        - Add UUID-GUID conversion interfaces in ArmFfaLib
+        - BaseTools: Add support for mingw-w64
+        - Remove UGA support
+        - Add support for ARM GICv5
+        - RISC-V: Support PEI booting
+    - Patches (git log --oneline --date-order edk2-stable202505..edk2-stable202508):
+        d46aa46c83 ShellPkg: Remove EmbeddedPkg dependency
+        db5b28ed9e MdePkg, EmbeddedPkg: Move Fdt Table Guid to MdePkg
+        808f1f1f87 UefiPayloadPkg: Scan for Option ROMs
+        072ab3846c Revert "SecurityPkg: CodeQL Fixes."
+        8d984e6a57 MdeModulePkg: XhciDxe: Fix comment grammar in XhcMonitorAsyncRequests
+        6d37ca427e MdeModulePkg: XhciDxe: Fix USB reset issue: callback / update order
+        e69d7653b9 MdeModulePkg: XhciDxe: Fix USB reset issue: use after free
+        b58ce4c226 MdeModulePkg: Support conditional UFS initialization
+        9baa6193c2 Update reviewer for SecurityPkg: Tcg related modules and UefiCpuPkg
+        4488d4479a UefiPayloadPkg/BlSupportDxe: Drop manual reservations for APIC and HPET
+        44d88d5d0c MdeModulePkg: Remove obsolete PEI_USB_HOST_CONTROLLER_PPI
+        834586f316 MdeModulePkg/UsbBusPei: Drop support for obsolete host controller PPI
+        4e950950a4 MdeModulePkg/Usb: Remove UhciPei
+        9688712f1d MdeModulePkg: Usb cumulative codeql issues.
+        d68f418300 MdeModulePkg: Variable cumulative codeql issues.
+        504a80c151 SecurityPkg/Tcg/OpalPasswordDxe: Fix logic for RemoveDevice()
+        bd785cedc3 StandaloneMmPkg/MmCore: Correct EndOfDxe to EndOfPei in MmEndOfPeiHandler
+        d192e7ea75 StandaloneMmPkg/MmIpl: Correct CreatMmHobList to CreateMmHobList
+        9418a9f1e7 .azurepipelines: Use Fedora 41 imagBug 1245454 - iSCSI boot support is disabled in OVMF imagese for Linux CI jobs
+        057a611ae6 SecurityPkg: Added basic DxeImageVerificationLib tests
+        5125e2d6b1 CryptoPkg: workaround for MSVC linking tolower
+        d55642f537 MdePkg: added mocks for DevicePathLib and OpenProtocol
+        1c3a22059b MdeModulePkg: added SecurityManagementLib mock
+        3f453cd7aa Add Poncho Figueroa as BaseTools reviewer
+        d1c1f7e354 StandaloneMmPkg/MmIpl: Call CreatMmHobList() with page aligned size
+        0662754134 MdePkg/Library: Remove MM_STANDALONE LibraryClass in UefiDevicePathLib.inf
+        fdd6796d08 MdePkg/Library: Remove UefiDevicePathLibStandaloneMm.inf
+        80f9e3aa2f OvmfPkg/OvmfPkg.dsc:Update DevicePathLib mapping for MM_STANDALONE drivers
+        6e4bf7f934 .mergify: Set max parallel checks to 1
+        5c7ef27b96 MdeModulePkg: UefiBootManagerLib Change default alignment for ramdisk boot.
+        686f1e3ea8 CryptoPkg/BaseCryptLibMbedTls : Add strpbrk() support to MbedTls
+        d2d8d38ee0 UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on SMM entry
+        7fe3609022 DynamicTablesPkg: Add alias for EArchCommonObjPciConfigSpaceInfo
+        a60334ad59 BaseTools: Fix FMMT FvHandler Padding operation issue
+        491530abaa MdeModulePkg: Change PCD type to support dynamic
+        3b48f8ccab UefiPayloadPkg: Fix calling convention
+        0d82e48221 DynamicTablesPkg: add Tpm2DeviceTableLib to generate Tpm2 device table
+        faeedaa54b DynamicTablesPkg: add ArchCommonObjTpm2DeviceInfo
+        47e818016a ShellPkg/Library: Remove unecessary error check
+        97b0f1ea3b OvmfPkg/CloudHv: bump PcdCpuMaxLogicalProcessorNumber to 254
+        be6342d64f ShellPkg: Fixed Deadcode and Null field Coverity warnings.
+        01295fd25b ShellPkg: DtbTableAddress via config in dmem
+        f41cc8ac79 ArmVirtPkg: Introduce ArmTransferListLib to ArmVirtPkg
+        adf345e27b ArmPlatformPkg: Introduce TransferList Guid Hob for SEC
+        c1e3e71643 ArmPlatformPkg: Introduce gArmTransferListPpiGuid
+        0bad279bd4 ArmPkg: Add gArmTransferListPpiGuid
+        6a329eb853 ArmPlatformPkg: Capture TransferList Information for SEC
+        078414f045 ArmPlatformPkg: Introduce TransferList Guid Hob for PeilessSec
+        78d17ce5d2 ArmPkg: Add ArmTransferListHob Guid
+        b1096651d8 ArmPlatformPkg: Capture TransferList information for PeilessSec
+        e841099600 ArmPkg/ArmTransferListLib: Add utility functions
+        5fc1ba3f25 SecurityPkg/Tcg2Config: add Tcg2ConfigFfaPei
+        f47216f159 SecurityPkg/Library: Tpm2DeviceSecLibFfa for PeilessSec
+        ee9950d3fb SecurityPkg/Library: separate logics geting TPM2 information with FF-A
+        ba6a8eb045 SecurityPkg: CodeQL Fixes.
+        690929c458 SecurityPkg: Tpm2DumpLib: Make All Prints at DEBUG_SECURITY
+        05c966e8f1 StandaloneMmPkg: Unify EfiFileName Parsing
+        c3479204cc MdeModulePkg: Unify EfiFileName Parsing
+        bcd8509640 StandaloneMmPkg: Always Print Driver Load Messages
+        1ec1f5d711 MdeModulePkg: Always Print Driver Load Messages
+        43d696a366 OvmfPkg/CpuHotplugSmm: hook up MSR_IA32_FEATURE_CONTROL with platform info
+        0e814e829e OvmfPkg/CpuHotplugSmm: set MSR_IA32_FEATURE_CONTROL in first SMI handler
+        f92ba13a66 OvmfPkg/CpuHotplugSmm: add whitespace
+        c37e2d38d6 OvmfPkg/PlatformPei: record "etc/msr_feature_control" presence explicitly
+        c27552f343 ShellPkg: Shell Validate parameter before use.
+        04fe3f50d6 OvmfPkg/RiscVVirt: Adopt New CpuExceptionHandlerLib
+        4052e8f155 UefiCpuPkg: CpuExceptionHandlerLib: RISC-V: Support backtrace
+        aee4d29d56 BaseTools/tools_def: Enable frame pointer for RISC-V
+        3a06b5dac9 OvmfPkg/RiscVVirt/PlatformSecLib: Clear s0 (fp) at entry point
+        db299fa788 UefiCpuPkg: CpuExceptionHandlerLib: Support RISC-V
+        c840e5f95b EmbeddedPkg: Fix incorrect define for hardware interrupt2 protocol
+        188f8c686e BaseTools/tools_def: Always link with -Wl,-z,notext for BFD/LLD
+        d7ccf477f5 BaseTools/tools_def: Make linker warnings fatal for RISCV + LOONGARCH64
+        35a93babfb BaseTools/tools_def: Drop unused GCC IA32/X64 flag variables
+        1caa6a92ea ArmPlatformPkg/PL011UartLib: Prevent data loss in conversion.
+        6cb4523704 ArmPlatformPkg/PL011SerialPortLib: Support dynamic PCD type.
+        095bfacc9e DynamicTablesPkg: Implement X64-specific SsdtSerialPortFixupLib
+        7d8760875a DynamicTablesPkg: Adds AML code generation for serial UART RD
+        d1f8485822 DynamicTablesPkg: Adds AML code generation for IRQ
+        10f0364b61 MdePkg/Acpi50: Add revision macro for Serial Bus UART structure
+        988162092b MdePkg: Acpi66: Update FADT and MADT versions
+        b0fb8da1fa MdePkg: Acpi66: Add newly defined RISC-V affinity structure
+        6b8522d007 MdePkg: Acpi66: Add RISC-V MADT and RHCT structures
+        6f939cee32 UefiCpuPkg/MpInitLib: Rename FillExchangeInfoDataSevEs()
+        046ba401c2 UefiCpuPkg/MpInitLib: Fix random SEV-ES guest boot crash
+        0bb4cf0228 SecurityPkg: Clarify Is800155Event
+        9c38295325 OvmfPkg: Clarify Is800155Event
+        8216419a02 UefiCpuPkg/PiSmmCpuDxeSmm: Refine debug log in SmmWaitForApArrival
+        6fb7117e28 UefiCpuPkg/PiSmmCpuDxeSmm: Correct AllApArrivedWithException flag
+        562bce0feb IntelFsp2Pkg: Preserve GDTR and CS/DS/ES/FS/GS/SS
+        8be9a344d3 MdeModulePkg: Console cumulative codeql issues.
+        7bbe0b2dec CryptoPkg/openssl: disable some features support
+        94d6fcf465 CryptoPkg/openssl: turn off warning 4130 for microsoft compiler
+        c718ed29a4 CryptoPkg/CrtLib: explicitly define INT32* constants
+        2a36117d7a CryptoPkg/CrtLib: add strpbrk implementation
+        e9bac26203 CryptoPkg/openssl: add ossl_bio_print_labeled_buf stub
+        8a1698229f CryptoPkg/openssl: add new generated files to uncrustify exception list
+        565323e29d CryptoPkg/openssl: update generated files
+        fdda38a96e CryptoPkg/openssl: update submodule to openssl-3.5.1 release
+        cb85c4deef MdeModulePkg: FvSimpleFileSystemDxe cumulative codeql issues.
+        4cb3e8d467 OvmfPkg/LoongArchVirt: Add SATA support
+        1f462def90 PrmPkg: Fix debug log format specifier for PhysicalAddress
+        83794b8e96 IntelFsp2Pkg/FspMultiPhaseLib: Remove EFIAPI for local function
+        36b63e9fc8 IntelFsp2Pkg/FspCommonLib: Remove unused API SetFspCoreStackPointer()
+        29477c2045 OvmfPkg/AmdSvsmLib: add AmdSvsmQueryProtocol
+        a72e6fe7ab UefiCpuPkg/AmdSvsmLib: add AmdSvsmQueryProtocol
+        bdca3681e9 Maintainers.txt: Update reviewer for OvmfPkg/Confidential Computing
+        ac20e4398a OvmfPkg/RiscVVirt: Add PEI phase booting support
+        003c888714 OvmfPkg/RiscVVirt: Add PlatformPeim module
+        07552c31ad OvmfPkg/RiscVVirt: PrePiHobListPointerLib: Use scratch register directly
+        977b68aa1e OvmfPkg/RiscVVirt: Add PlatformSecLib library
+        dbe17c79e7 UefiCpuPkg/SecCore: Add support for architectures beyond IA32 and X64
+        be053713c0 MdePkg: RISC-V: Add PeiServicesTablePointerLib
+        4d80dc68c6 MdePkg: RISC-V: Remove firmware context APIs
+        2ff92cf2ae UefiCpuPkg/CpuDxeRiscV64: Retrieve booting info from SEC HOB data
+        dd36c3048f UefiCpuPkg: RISC-V: Add SEC HOB Data definition
+        f53f943b59 OvmfPkg/RiscVVirt: Unlink BaseRiscVFpuLib
+        66189310e2 UefiCpuPkg: Remove BaseRiscVFpuLib
+        8f62819df3 MdePkg/BaseCpuLib: Add FPU initialization support for RISC-V
+        b762965bda ArmPkg: TimerDxe: Add support for GICv5 PPIs
+        b7fdcbbeb8 ArmPkg: ArmGicDxe: Add support for GICv5
+        e1ac8b32a6 ArmPkg: ArmLib: Add functions to read AA64PFR2 and check GICv5 support
+        42b30dbc03 MdePkg: Include: Add defines for AA64PFR2 system register
+        bfd90d47ab ArmPkg/ArmGicV3Dxe: Make v3 driver AArch64-only
+        f85c718167 MdeModulePkg/Include: change type of buffer address in ArmFfaRxTxBufferInfo
+        5a2713ec2b MdeModulePkg/Library: commonize some duplicate code in ArmFfaLib
+        a7e27682cf MdeModulePkg/Library: add ArmFfaSecLib
+        bbd810221e MdeModulePkg: Make PcdFfaTxRxPageCount a PcdsFixedAtBuild PCD
+        b336d9b87a MdeModulePkg/Library: fix memory leak Rx/Tx Buffer in ArmFfaPeiLib
+        460f2705b4 SecurityPkg: Add Additional TPM Logging at DEBUG_SECURITY
+        d5b8630379 SecurityPkg: Move Noisy Logs to DEBUG_SECURITY
+        1f2adcbba5 SecurityPkg: Remove/Downgrade Noisy TCG Prints
+        dbf45a870b MdePkg: Add DEBUG_SECURITY Bit in PcdDebugPrintErrorLevel
+        a1b509c1a4 Maintainers.txt: Update reviewer for StandaloneMmPkg and UefiCpuPkg
+        c2a56930a6 CryptoPkg: Add support for IA32 builds using CLANGPDB
+        a00ad45ea4 MdeModulePkg: UsbBusDxe Reset USB port GetPortStatus returns device error.
+        7c2e2d4f1a BaseTools/toolsetup.bat: Set IASL_PREFIX when using Mingw-w64 on Windows
+        e2a30df32e BaseTools/tools_def: Use MSVC ABI for CLANGPDB Targets
+        965a754f19 Revert "OvmfPkg: Pass command-line args to PR Eval"
+        b61c476329 pip-requirements.txt: Update pytools
+        27599905c0 edk2/Maintainers.txt: Remove Ray for EmulatorPkg
+        33a4ea1824 edk2/Maintainers.txt: Replace Ray with Jacek for MdeModulePkg/Device
+        e44cb970da StandaloneMmPkg: Split MmEvent to a separate Driver
+        c9f01e3566 UefiCpuPkg: Apply ReadOnly on Ap loop buffers.
+        5f2e0c8c43 MdeModulePkg: MdeModulePkg.dec update PcdDxeNxMemoryProtectionPolicy.
+        2d69507a4d MdeModulePkg: Leak Memory if Not RW on FreePages
+        0425158a94 Maintainers.txt: Remove Maintainers
+        49b7a5e961 ArmVirtPkg: Remove unnecessary dependency on EmbeddedPkg
+        6cb0553387 OvmfPkg/RiscVVirt: Remove unnecessary PCD
+        34d609402b UefiCpuPkg/CpuTimerDxeRiscV64: Use DT based timer frequency in Timer driver
+        484930e0c6 UefiCpuPkg/CpuDxeRiscV64: Use DT based timer frequency for CPU driver
+        8c721d68ea MdePkg, EmbeddedPkg: Moved definition of Fdt Guid to MdePkg
+        67b744697c UefiCpuPkg: TimerLib support to fetch freq from DT
+        5ea0be305a UefiPayloadPkg: Remove UGA support
+        282d6962e4 OvmfPkg: Remove UGA support
+        ea2ef8c3c9 ShellPkg: Remove UGA support
+        c7569abdc4 MdePkg: Remove UGA support
+        4315b1922e MdeModulePkg/GraphicsConsoleDxe UGA
+        ecaca1652d MdeModulePkg/ConSplitterDxe UGA
+        0fe2520aad MdeModulePkg: Remove UGA support
+        b2f90ef115 EmulatorPkg: Remove UGA support
+        d97f415b52 BaseTools: Remove UGA support
+        67192751ab ArmVirtPkg: Remove UGA support
+        91a9ad4349 ArmPkg: Remove UGA support
+        5090c39a59 OvmfPkg/PlatformDxe: register log buffer as efi config table
+        7f756db37a EmbeddedPkg/PrePiMemoryAllocationLib: Add reserved memory allocations
+        fb55173551 OvmfPkg/PlatformDebugLibIoPort: Add check for MemDebugLogWrite
+        33e58db9e2 OvmfPkg: Pass command-line args to PR Eval
+        91bb5cee36 MdeModulePkg: Don't Allocate Page 0
+        83b30736bf OvmfPkg: Don't Allocate Page 0
+        9280f16345 UefiPayloadPkg: Don't Allocate Page 0
+        0277d5d8f1 BaseTools: Improve report generation for Nested Fvs.
+        ef1d2fb8d6 OvmfPkg: add qemu vars documentation
+        f4f14b8d7e OvmfPkg/VirtMmCommunicationDxe: better usage hint
+        2e236ea148 OvmfPkg/RiscVVirt: enable qemu uefi variable store support
+        2dfaf135f1 OvmfPkg/VirtMmCommunicationDxe: enable riscv64
+        765d5e1c54 OvmfPkg/VirtMmCommunicationDxe: limit to 64-bit archs
+        f920354f92 CryptoPkg: Enable the time check flag.
+        a4db6ecfd9 UefiPayloadPkg: Add BlSupportDxe AArch64 support
+        b95eaaf06a UefiPayloadPkg: Add Architecture layer to support multiple architectures
+        5b3bb5939e ArmPkg,MdePkg,UefiCpuPkg,ArmPlatformPkg,ArmVirtPkg,UefiPayloadPkg: Move ArmMmuLib
+        07fc968c8f ArmPkg: Drop PcdNormalMemoryNonshareableOverride support
+        3ce9d3f45b ArmPkg,ArmPlatformPkg,ArmVirtPkg: Add UefiCpuPkg to AcceptableDependencies
+        4c282b4b4c ArmPkg,ArmPlatformPkg,ArmVirtPkg,UefiCpuPkg: Move ArmMmuLib.h to UefiCpuPkg
+        0b0d6e42f4 OvmfPkg: add runtime switch for sdcard support
+        a3c6636d1e OvmfPkg: add sdcard support
+        3798da443e OvmfPkg: switch IntelTdx to OptHw include files.
+        57b9a6235c OvmfPkg: switch AmdSev to OptHw include files.
+        391e350cec OvmfPkg: switch CloudHw to OptHw include files.
+        fceccd3eda OvmfPkg: switch OvmfPkgIa32 to OptHw include files.
+        55b48c85a8 OvmfPkg: switch OvmfPkgIa32X64 to OptHw include files.
+        faf600ccc7 OvmfPkg: move scsi drivers to new OptHw include files
+        25b1754ae5 MdeModulePkg: Correct spelling errors and typos
+        0eae93e07c MdePkg: Correct spelling errors and typos
+        66cc827270 NetworkPkg: Correct spelling errors and typos
+        727ba13d3e OvmfPkg: Correct spelling errors and typos
+        96ce01e6e7 RedfishPkg: Correct spelling errors and typos
+        f2e9785b6e ShellPkg: Correct spelling errors and typos
+        db762861df UefiCpuPkg: Correct spelling errors and typos
+        2e1c3b53ae UefiPayloadPkg: Correct spelling errors and typos
+        4be603d713 BaseTools: Fix the spelling or typo
+        c3bf98f265 CryptoPkg: Disable the security risk ciphers.
+        87a4bfd28c BaseTools/PatchCheck.py: permit at least 20 characters after ':'
+        2bcad87004 BaseTools/PatchCheck.py: clean up subject line length handling
+        27d44c1abd BaseTools/PatchCheck.py: drop redundant line count check
+        7c40bc06a9 SecurityPkg/SecTpmMeasurementLib: Fix OverFlow Coverity issue
+        d49364779c UefiCpuPkg/PiSmmCpuDxeSmm: Add sync barrier before BSP invokes SmmCoreEntry
+        d15b57292f MdeModulePkg: SectionExtractionPei cumulative codeql issues.
+        6cc56c6a2e MdeModulePkg: SmmCommunicationBuffer cumulative codeql issues.
+        2d6b8d5ac9 BaseTools: WorkSpace: Remove unnecessary code
+        70d53c2df0 BaseTools: UPT/Library: Remove unnecessary code
+        5c558ce5f3 BaseTools: UPT/Xml: Remove unnecessary code
+        9b52f0c205 BaseTools: UPT/PomAdapter: Remove unnecessary code
+        583b64122c BaseTools: UPT/Parser: Remove unnecessary code
+        ee79100678 BaseTools: Table: Remove unnecessary code
+        fa2c27514c BaseTools: GenFds: Remove unnecessary code
+        ff0162bf07 BaseTools: FMTT: Remove unnecessary code
+        3c2f04a3c7 BaseTools: Eot: Remove unnecessary code
+        7402bd06cf BaseTools: Ecc: Remove unnecessary code
+        c6e088cafc BaseTools: Capsule: Remove unnecessary code
+        ac9dc33396 BaseTools: build: Remove unnecessary code
+        f79717aac2 BaseTools: AutoGen: Remove unnecessary code
+        c169a5420b BaseTools: Remove unreachable code
+        f54fe78d9a BaseTools: Remove unused import
+        d165ebcf43 MdeModulePkg/FaultTolerantWriteDxe: Add validation for FtwWorkSpaceHeader
+        51d273d8c3 MdeModulePkg: MmVariablePei: Use MM communicate v3
+        23e1fc6b0b MdeModulePkg: VariableSmmRuntimeDxe: Use MM communicate v3
+        fdb638fc28 MdeModulePkg: PiSmmIpl: Add check for MM communicate v3 header
+        9752e69927 ArmPkg: StandaloneMmCpu: Add MM communicate v3 support
+        6b7a3e05f0 ArmPkg: ArmStandaloneMmCoreEntryPoint: Add MM communicate v3 support
+        1634dd5b93 ArmPkg: MmCommunicationPei: Add MM communicate v3
+        6eed57a0aa ArmPkg: MmCommunicationDxe: Add MM communicate v3
+        4fa354b116 EmbeddedPkg/TimeBaseLib: aligning year with UEFI specification
+        1cd24ff130 Maintainers.txt: Add reviewer and maintainer for ARM-FFA folders
+        a0d78f6625 MdePkg: ArmFfaMemMgmtLib: Introduce FF-A memory protocol library
+        22142b4f4a MdePkg, MdeModulePkg: ArmFfaLib: Expose FFA_ARGS and ArmCallFfa
+        b534cabbda MdeModulePkg: ArmFfaLib: Add Rx/Tx support for Stmm secure partition
+        a2e4ee7ed2 UnitTestFrameworkPkg: Add -Wno-write-strings to host unit tests
+        d7110cd638 MdePkg: Add ACPI 5.1 table definition for WAET
+        e0852f75d8 ArmPkg: StMM: Use x24 register to store stack address
+        07425903d3 MdeModulePkg/UefiBootManagerLib: Fix crash when no load options are found
+        b55530ad44 BaseTools/PatchCheck.py: verify commit message lists package(s)
+        c44efa0fbd BaseTools/PatchCheck.py: pass list of packages to CommitMessageCheck
+        a2e20bc4b0 BaseTools/PatchCheck.py: make get_parent_packages return directory names
+        fe19f86dcd MdeModulePkg/SmmCore: Modify check for Mm Communicate Buffer without data
+        0cb71c18c5 NetworkPkg/WifiConnectionManager: net list scan ui
+        579c12d7bc UefiPayloadPkg: Add missing VirtNorFlashDeviceLib instance
+        5ac1dfc093 MdeModulePkg/UfsPassThruDxe: Correct size in UfsHc->FreeBuffer call
+        7d4b9f5cb1 BaseTools: Declare $(DEBUG_DIR)/<module>.efi output
+        5925977a4e OvmfPkg/RiscVVirt: Add support for Capsule Firmware Upgrade
+        26c80e55ed ArmVirtPkg: Link all targets to the new VirtNorFlashDeviceLib
+        6fff3da225 OvmfPkg/VirtNorFlash: Move low level NOR flash functions into library
+        e64983d53d OvmfPkg/VirtNorFlash: Refactor TPL handling outside NOR flash functions
+        d82e9b7bbb WifiConnectionManagerDxe: clear timers not events
+        da7b74161b WifiConnectionManagerDxe: HII missing EAP TLS case
+        36a71d088b NetworkPkg: Use Library/GoogleTestLib.h
+        953b9d0e57 MdePkg: Use Library/GoogleTestLib.h
+        ecdab102c8 DynamicTablesPkg: Use Library/GoogleTestLib.h
+        50dc5f2f31 BaseTools/GetFw: Skip R_X86_64_NONE relocations
+        3f278768fa BaseTools/HostBasedUnitTestRunner: lcov ignore mismatch errors
+        272c1b2b5f UnitTestFrameworkPkg: Add -pie to ASLCC_FLAGS for unit tests
+        b4e5860fd5 UnitTestFrameworkPkg/GoogleTestLib: Enhance unit test NULL checks
+        f93e6a0743 Revert "UefiCpuPkg/PiSmmCpuDxeSmm: Add sync barrier before BSP invokes ..."
+        bbee92c9af UefiCpuPkg/PiSmmCpuDxeSmm: Add sync barrier before BSP invokes SmmCoreEntry
+        92c714f8b7 OvmfPkg/TdxDxe: Support 5-level paging for ResetVector
+        406f42cb74 OvmfPkg: Add the ResetVector in TDX MailBox
+        41aaecbf59 OvmfPkg: Add the Test command in TDX MailBox
+        8d22d1c288 OvmfPkg/WorkArea.h: Add MAILBOX_GDT
+        510a5c2039 MdePkg/Acpi66.h: Add ACPI 6.6 header
+        f93da07277 DynamicTablesPkg: Enhance SPCR support for interrupt and terminal types
+        e4e29690f1 OvmfPkg: README: Add documentation for Standalone MM on OVMF
+        b25c1aa090 OvmfPkg: PlatformCI: Ovmf x64 platform with Standalone MM
+        e8fe2e83f1 OvmfPkg: OvmfPkgX64: Platform changes for Standalone MM support
+        00ee4b57f8 OvmfPkg: MmPlatformHobProducerLibOvmf: Ovmf specific HOB creators for Stmm
+        187761e05d OvmfPkg: MemEncryptSevLib: Add Null instance
+        4ea31ba020 OvmfPkg: QemuFlashFvbServices: Introduce Standalone MM instance
+        aedcb46e6f OvmfPkg: QemuFlashFvbServicesRuntimeDxe: Abstract out SMM/DXE functions
+        cf4534c9da OvmfPkg: SmmControl2Dxe: Avoid double initialization
+        8ac270e812 OvmfPkg: MmControlPei: Introduce MM control PPI to OVMF
+        84f140bf86 OvmfPkg: StandaloneMmCpuFeaturesLib: Introduce SmmCpuFeaturesLib for Ovmf
+        ad46860061 OvmfPkg: SmmCpuFeaturesLib: Abstract out SMM specific implementations
+        d03c535745 OvmfPkg: PlatformSecureLib: Support Standalone MM core and drivers
+        a60b026a10 OvmfPkg: PlatformDebugLibIoPort: Support Standalone MM core and drivers
+        423b987253 OvmfPkg: DxeAcpiTimerLib: Support Standalone MM core and drivers
+        aba8a76a64 OvmfPkg: MemDebugLogLibNull: Support Standalone MM core and drivers
+        73b0b5edae StandaloneMmPkg: StandaloneMmIplPei: Use MM access to open the regions
+        c72d638434 StandaloneMmPkg: StandaloneMmIplPei: Prevent Freeing Zero Pages
+        c255456765 OvmfPkg: Update README with new 'TLS Auth Configuration'
+        0dde8cd314 NetworkPkg: Change 'Tls' to 'TLS'
+        897edd165c MdeModulePkg: Add help for Reset menu item, and fix French strings
+        45010d2812 UefiPayloadPkg: fix SPI prefetch and cache disable setting
+        8810c3b270 edksetup.sh: Update "inux" to "Unix-like"
+        92bf30908f DynamicTablesPkg: Add SLIT table generator library
+        b188715202 OvmfPkg: Add OVMF Memory Debug Logging to Ia32X64 and X64 OVMF builds
+        44831e815c OvmfPkg: Add OVMF Mem Debug Log buffer to PEI mem cap/reserve early buffer
+        b3bc195490 OvmfPkg: Add OVMF Memory Debug Logging support to PlatformDebugLibIoPort
+        57844e4997 OvmfPkg: Add OVMF Memory Debug Logging MemDebugLogPei PEIM
+        ba05ea83b7 OvmfPkg: Add OVMF Memory Debug Logging MemDebugLogLib library
+        26b37a1670 OvmfPkg: Add OVMF Memory Debug Logging GUIDs and PCDs
+        9d4eda962a ShellPkg: Remove PcdShellSupportOldProtocols
+        c2eb2136b4 ShellPkg/UefiShellLib: Fix Buffer underflow
+        f242a0e87f ShellPkg/UefiShellLevel2CommandLib: Free Buffer after use
+        e076d2ab8c NetworkPkg/DxeNetLib: Fix CodeQl Error
+        617e061830 SecurityPkg/Tpm2CommandLib: Add new digest list copy and size functions
+        e83a694c0f UefiCpuPkg/Test/EfiMpServicesPpiProtocol: EFI_AP_PROCEDURE must be EFIAPI
+        02e967f1e4 RedfishPkg/JsonLib: Use same defines for MSFT and GCC families
+        6c1fd8d567 RedfishPkg/RedfishLib: Fix enum type mismatch
+        62549edb9f StandaloneMmPlg/StandaloneMmIpPei: Fix use without initialization
+        18164e8c69 SecurityPkg/SpdmCryptLib: Fix CLANG 20.1.0 error
+        cbbd0f747f SecurityPkg/Spdm: Use spdmlib enums for spdmlib calls
+        724394ebe2 MdeModulePkg/DebugSupportDxe: Fix type mismatches
+        73ecd7d8b2 MdeModulePkg/SpiNorFlashJedecSfdp: Initialize AddressSize
+        1b26c4b73b MdeModulePkg: Refactor MM Services Tables linked in MM Core Perf Lib
+        d297c699c9 IntelFsp2Pkg: Add Fsp notify phase check
+        3fe67222b9 EmulatorPkg: Fix enum type mismatch warning treated as error
+        a808062890 MdeModulePkg: Fix function typos
+        dd5ea931ea UefiPayloadPkg: Fix EFI_SUCCESS typos
+        9720cccecf UefiCpuPkg: Fix EFI_SUCCESS typos
+        0a5bdcb63c OvmfPkg: Fix EFI_SUCCESS typos
+        dcfb898199 MdePkg: Fix EFI_SUCCESS typos
+        716563f594 EmulatorPkg: Fix EFI_SUCCESS typos
+        c4bc60b2b7 MdeModulePkg: Fix EFI_SUCCESS typos
+        108757b613 RedfishPkg/RedfishConfigHandler: Free handle buffers
+        ddacfa238a PrmPkg/DxePrmContextBufferLib: Free handle buffers after LocateHandleBuffer
+        ef516ea82d NetworkPkg/HttpUtilitiesDxe: Free handle buffers after LocateHandleBuffer
+        58d3345d8c MdeModulePkg/SpiBus: Free handle buffers after LocateHandleBuffer
+        f9408b7cc1 NetworkPkg: Add PCD to control http boot enable or disable.
+        614d5ba332 MdePkg: Fix definition typos
+        51a8869907 MdeModulePkg: Fix definition typos
+        b0bc23d1f2 UefiCpuPkg/MpInitLib: Fix split-lock violation from MP_CPU_EXCHANGE_INFO
+        5a00ea00e9 DynamicTablesPkg: AcpiSratLib: Handle new ProximityDomainInfo CmObj
+        2ccdb29f9a DynamicTablesPkg: Add GetProximityDomainId() to CmObjHelperLib
+        52531b20d6 DynamicTablesPkg: Add HMAT/SLIT related objects
+        317ef44747 DynamicTablesPkg: Rework ProximityDomain handling
+        8375d2ea60 DynamicTablesPkg: Check cluster's VALID bit based on SSDT Topology table
+        d5a215ce71 DynamicTablesPkg: Add CmObjHelperLib
+        dbdf94f68a DynamicTablesPkg: AcpiPpttLib: Use MetadataObjLib for cluster _UID
+        24d89d099f DynamicTablesPkg: SsdtCpuTopologyLib: Use MetadataObjLib for cluster _UID
+        771b452507 DynamicTablesPkg: Add GetMetadataRoot() cb to DynamicTableFactory protocol
+        d15e48853c DynamicTablesPkg: Add MetadataHandlerLib library
+        1b7d687dc6 DynamicTablesPkg: Add MetaDataObjLib library
+        b1e55f561b DynamicTablesPkg: X64SratGenerator: Fix ProximityDomain bits
+        980da7e0eb PrmPkg: Add ACPI Parameter Data Buffer Signature
+        8b2c56e638 UefiCpuPkg/PiSmmCpuDxeSmm: Modify PcdCpuSmmRestrictedMemoryAccess retrieval
+        0d472346df OvmfPkg/PlatformBmPrintScLib: hint at Secure Boot verification
+        c8c65be3b9 NetworkPkg : Replace hardcoded value with existing #define constant
+        c87ea47519 MdeModulePkg/HiiDatabaseDxe: Fix NULL Pointer access from EfiVarStore
+        dfc8e90fdb ShellPkg: Prevent memcpy intrinsics in VS22 (17.14.2)
+        a9d304f858 MdeModulePkg: Prevent memcpy intrinsics in VS22 (17.14.2)
+        c0ef2b0178 BaseTools: Add support for mingw-w64
+        18fdec11b1 BaseTools: Add Unit Test Support for X64 BaseTools on Windows
+        a55d933064 MdeModule: Update oniguruma to v6.9.10
+        431da739a0 BaseTools: Add line number to PatchCheck error messages
+        cce084eb45 ArmPkg/Include: fix usage of wrong macro in ArmGicv3Dxe
+        215ed375d9 ArmPkg: ArmStandaloneMmCoreEntryPoint: Use common UUID conversion routine
+        1d0c037b54 MdeModulePkg: ArmFfaLib: Support UUID-GUID conversion interfaces
+        6ec73a6c95 MdePkg: BaseLib: Add UUID-GUID conversion function
+        e10edfe71e MdeModulePkg/TpmMeasurementLibNull: Allow broader linking
+        d81e4121b1 MdeModulePkg/PciBusDxe: Free descriptor buffer in GetResourcePadding()
+        8c04bcc7ed EmbeddedPkg: Fix a data error in comment
+        51733a72ca StandaloneMmPkg/Core: try best to dispatch FVs
+        97fc789316 StandaloneMmPkg/Core: Improve debug messages
+        24a80a59db StandaloneMmPkg/Core: Fix FV HOB loop by advancing with GET_NEXT_HOB
+        d6d2f68e38 ArmPkg/Drivers/ArmGicDxe: Add Extended SPI support for GICv3
+        15a2f3e511 EmbeddedPkg: PrePiLib missing header used in file
+        030d01f800 EmbeddedPkg: delete ancient libfdt semi-integration
+        95f1b10aad ArmPkg: Add HobLib to ArmStandaloneMmCoreEntryPoint.
+        aa980f0e12 ArmPlatformPkg: PL011SerialPort Empty Rx buffer during init.
+        6b1b031cef MdePkg/BaseFdtLib: fix declaration/definition misalignment
+        72dc1d0104 MdePkg/BaseFdtLib: add a few new function wrappers
+        81f75c41f9 MdeModulePkg: Typedef ptrdiff_t to fix building with gcc 15.1
+        4518ba2a2b RedfishPkg: Don't define bool type if building in C23 mode
+        772fa11ac8 SecurityPkg: Don't define bool type if building in C23 mode
+        11f1d28bcb NetworkPkg/HttpBootDxe: Wait for IPv6 DAD before issuing DHCPv6 requests
+        60e54e9211 ArmVirtPkg: fix boot under Xen
+        0321f030ea SPDM related fix based on real hardware testing - SecurityPkg
+        3260988830 MdeModulePkg: Enable PciBus to handle CRS responses by ignoring the device.
+        5b80d7944d ArmPlatformPkg/Sec: Re-use SetupExceptionLevel1 when running VHE at EL2
+        9cd4328f5e ArmPlatformPkg/Sec: Simplify SetupExceptionLevel1() using a tail call
+        81549ad5e5 ArmPlatformPkg/Sec: Remove EL1 timer setup when booting at EL2
+        db7fedc243 DynamicTablesPkg/Library: support TPM2 ACPI table generation
+        365085f707 MdePkg/IndustryStandard: update Tpm2Acpi table to revision 5
+        e15fe06603 MdeModulePkg/Library: make ArmFfaPeiLib available early PEIM stage
+        748bea7171 ArmPkg: ArmPsciResetSystemLib: PSCI warm reset fix
+        20cd31ea83 MdeModulePkg: Removed Pei, Dxe, Smm and mm header files
+        de0c610d3d ShellPkg: Removed Pei, Dxe, Smm and mm header files
+        2781647298 ShellPkg: Removed comments on ShellPkgHostTest.dsc as per PR review
+        5f510abf66 ShellPkg: Added MockShellCommandLib
+        6ea05b5c95 ShellPkg: Added MockShellLib
+        9c1259b4ed MdePkg: Added MockHiiDatabase protocol
+        3d9de5d046 MdeModulePkg: Added MockHiiLib
+        9b6d1126de BaseTools: Add GUID section for build report
+        29520ddcbb MdePkg/IndustryStandard: add CRB Cap value in TpmPtp.h
+        8b274d7f21 WifiConnectionManager: Scan timer reconfig connect
+        6e2c030d76 Remove Bob Feng from Reviewer list of BaseTools
+        a80e7c061e NetworkPkg: Update to make IPv6 prefix length 128 will not be excluded.
+        6caec7af9d SPDM related fix based on real hardware testing - CryptoPkg
+        9c58104ba8 ArmPlatformPkg/Sec: Deal with entry at EL2 with VHE enabled
+        4a7dd504d9 pip-requirements.txt: Restrict antlr4-python3-runtime to 4.9
+        a78f525634 BaseTools: Update CParser4 to import TextIO from typing
+        6fde6ec6d8 ArmPkg: Fix typos
+        a2ac0fea49 [QemuLoadImageLib] Prefix initrd=initrd in cmdline
+        93aeaa0812 MdeModulePkg/Spi: Allow NULL WriteBuffer in FillWriteBuffer()
+        c04c2514af MdePkg: Add comment describing address parameter in PciSegmentLib
+        3e2c650da5 MdeModulePkg: Fix typos in Protocol/DisplayProtocol.h
+        fc1b9c828d MdeModulePkg: Fix typos in CustomizedDisplayLib
+        8809497094 BaseTools: Fix type annotations
+        a8f0e70dbf MdeModulePkg-SdMmcPciHcDxe: Add missing defines in SD_MMC_HC_SLOT_CAP
+        aaab4f5f8c SecurityPkg/Tpm2ServiceFfa.h: add useful definitions
+        347877c1ee CryptoPkg: Fix memory leak in RsaSetKey
+        85a5bd47e9 DynamicTablesPkg: Add CEDT generator tests
+        f6b99eea6a DynamicTablesPkg: Add CEDT generator
+        1668fd54aa DynamicTablesPkg: Add CXL CEDT namespace objects
+        ee6a2bfc2c IntelFsp2Pkg/CacheLib: Make integer width consistent in loop condition
+        8cb24514e2 Maintainers.txt: restrict Arm architectures wildcard entries
+    - Add a patch to ensure Ovmf builds succeed with a 2MB size limit (bsc#1249471)
+        - ovmf-OvmfPkg-Adjust-Memory-Layout-for-2MB-OVMF.patch
+    - Revert patch to fix Tcg2Pei.efi installation failure (bsc#1249349)
+        - ovmf-Revert-SecurityPkg-Add-Additional-TPM-Logging-at-DEB.patch
+    - Add backported patch to fix the OVMF firmware UI display (bsc#1245329)
+        - ovmf-MdeModulePkg-Fix-malformed-terminal-control-sequence.patch
+            aeea04341c MdeModulePkg: Fix malformed terminal control sequences
+    - Add backported patch to enable iSCSI boot support by default (bsc#1245454)
+        - ovmf-OvmfPkg-Add-NETWORK_ISCSI_DEFAULT_ENABLE-build-flag.patch
+            502f0dfda4 OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag
+        - Add build flag NETWORK_ISCSI_DEFAULT_ENABLE for x64 OVMF to enable iSCSI boot support by default
+
+-------------------------------------------------------------------
+Wed Aug 13 23:05:06 UTC 2025 - Richard Lyu <richard.lyu@suse.com>
+
+- Update firmware descriptors to remove tab whitespace (bsc#1247847)
+  - Replace tab whitespace with spaces in 50-ovmf-x86_64-sev.json
+  - Replace tab whitespace with spaces in 50-ovmf-x86_64-sev-snp.json
+
 -------------------------------------------------------------------
 Tue Aug 12 01:52:15 UTC 2025 - Richard Lyu <richard.lyu@suse.com>

--- a/ovmf.spec
+++ b/ovmf.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ovmf
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@


 %undefine _build_create_debug
-%global openssl_version 3.4.1
+%global openssl_version 3.5.1
 %global softfloat_version b64af41c3276f
 %if 0%{?suse_version} < 1599
 %bcond_with build_riscv64
@@ -27,7 +27,7 @@
 %endif

 Name:           ovmf
-Version:        202505
+Version:        202511
 Release:        0
 Summary:        Open Virtual Machine Firmware
 License:        BSD-2-Clause-Patent
@@ -50,7 +50,7 @@ Source9:        public-mipi-sys-t-1.1-edk2.tar.gz
 # mbedtls: https://github.com/Mbed-TLS/mbedtls
 Source10:       mbedtls-3.3.0.tar.gz
 # brotli: https://github.com/google/brotli
-Source11:       brotli-f4153a09f87cbb9c826d8fc12c74642bb2d879ea.tar.gz
+Source11:       brotli-e230f474b87134e8c6c85b630084c612057f253e.tar.gz
 # libspdm: https://github.com/DMTF/libspdm.git
 Source12:       libspdm-50924a4c8145fc721e17208f55814d2b38766fe6.tar.gz
 # pylibfdt: https://github.com/devicetree-org/pylibfdt
@@ -60,7 +60,10 @@ Source101:      gdb_uefi.py.in
 Patch1:         %{name}-gdb-symbols.patch
 Patch2:         %{name}-pie.patch
 Patch3:         %{name}-disable-ia32-firmware-piepic.patch
+Patch4:         %{name}-OvmfPkg-Adjust-Memory-Layout-for-2MB-OVMF.patch
 Patch6:         %{name}-ignore-spurious-GCC-12-warning.patch
+# Bug 1255113 - Build Failure for RISC-V 64 When Secure Boot is Enabled Due to SecureBootDefaultKeysInit module
+Patch7:         %{name}-Revert-OvmfPkg-RiscVVirt-Add-SecureBootDefaultKeysIn.patch
 # Bug 1207095 - ASSERT [ArmCpuDxe] /home/abuild/rpmbuild/BUILD/edk2-edk2-stable202211/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): ((BOOLEAN)(0==1))
 Patch8:         %{name}-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch
 # Bug 1205613 - L3: win 2k22 UEFI xen VMs cannot boot in xen after upgrade
@@ -135,19 +138,6 @@ firmware for Virtual Machines using the edk2 code base.

 This package contains the tools from edk2.

-%package -n qemu-ovmf-ia32
-Summary:        Open Virtual Machine Firmware - QEMU rom images (IA32)
-Group:          System/Emulators/PC
-Requires:       qemu
-BuildArch:      noarch
-
-%description -n qemu-ovmf-ia32
-The Open Virtual Machine Firmware (OVMF) project aims to support
-firmware for Virtual Machines using the edk2 code base.
-
-This package contains UEFI rom images for exercising UEFI secure
-boot in a qemu environment (IA32)
-
 %package -n qemu-ovmf-x86_64
 Summary:        Open Virtual Machine Firmware - QEMU rom images (x86_64)
 Group:          System/Emulators/PC
@@ -183,15 +173,6 @@ BuildArch:      noarch
 This package contains the UEFI rom image (AArch64) for QEMU cortex-a57
 virt board.

-%package -n qemu-uefi-aarch32
-Summary:        UEFI QEMU rom image (AArch32)
-Group:          System/Emulators/PC
-BuildArch:      noarch
-
-%description -n qemu-uefi-aarch32
-This package contains the UEFI rom image (AArch32) for QEMU cortex-a15
-virt board.
-
 %if %{with build_riscv64}
 %package -n qemu-uefi-riscv64
 Summary:        UEFI QEMU rom image (RISC-V 64)
@@ -275,19 +256,6 @@ echo `gcc -dumpversion`
 TOOL_CHAIN=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/')
 %endif

-# Flavors for x86
-FLAVORS_X86=("ovmf-ia32")
-BUILD_OPTIONS_X86=" \
-	$OVMF_FLAGS \
-	-D FD_SIZE_2MB \
-	-D SECURE_BOOT_ENABLE \
-	-D BUILD_SHELL=FALSE \
-	-a IA32 \
-	-p OvmfPkg/OvmfPkgIa32.dsc \
-	-b DEBUG \
-	-t $TOOL_CHAIN \
-"
-
 # Flavors for x86_64: 2MB, 4MB, 4MB+SMM and AMD SEV
 FLAVORS_X64=("ovmf-x86_64" "ovmf-x86_64-4m" "ovmf-x86_64-smm" "ovmf-x86_64-sev" "ovmf-x86_64-tdx")
 # Flavors will NOT enroll default kek/db keys
@@ -296,6 +264,7 @@ FLAVORS_X64_SKIP_SB_KEY=("ovmf-x86_64-sev" "ovmf-x86_64-tdx")
 FLAVORS_X64_UNIFIED_ONLY=("ovmf-x86_64-sev" "ovmf-x86_64-tdx")
 BUILD_OPTIONS_X64=" \
 	$OVMF_FLAGS \
+	-D NETWORK_ISCSI_DEFAULT_ENABLE \
 	-D BUILD_SHELL=FALSE \
 	-a X64 \
 	-b DEBUG \
@@ -314,14 +283,6 @@ BUILD_OPTIONS_AA64=" \
 	-t $TOOL_CHAIN \
 "

-# Flavors for arm
-FLAVORS_AA32=("aavmf-aarch32")
-BUILD_OPTIONS_AA32=" \
-	-a ARM \
-	-p ArmVirtPkg/ArmVirtQemu.dsc \
-	-b DEBUG \
-	-t $TOOL_CHAIN \
-"
 %if %{with build_riscv64}
 # Flavors for riscv
 FLAVORS_RV64=("riscv")
@@ -354,20 +315,6 @@ export CXX=g++-12
 # Import the build functions
 source ./edksetup.sh

-### Build x86 UEFI Images ###
-%ifnarch %{ix86} x86_64
-# Assign the cross-compiler prefix
-export ${TOOL_CHAIN}_BIN="x86_64-suse-linux-"
-%endif
-build $BUILD_OPTIONS_X86
-
-cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin
-cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
-cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
-
-# Remove the temporary build files to reduce the disk usage (bsc#1178244)
-rm -rf Build/OvmfIa32/
-
 ### Build x86_64 UEFI Images ###
 %ifarch x86_64
 collect_x86_64_debug_files()
@@ -406,7 +353,7 @@ OUTDIR_X64=(
 	[ovmf-x86_64-4m]="OvmfX64"
 	[ovmf-x86_64-smm]="Ovmf3264"
 	[ovmf-x86_64-sev]="OvmfX64"
-	[ovmf-x86_64-tdx]="OvmfX64"
+	[ovmf-x86_64-tdx]="IntelTdx"
 )

 %ifnarch x86_64
@@ -466,34 +413,17 @@ export ${TOOL_CHAIN}_AARCH64_PREFIX="aarch64-suse-linux-"
 # Build the UEFI image without keys
 build $BUILD_OPTIONS_AA64

-cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
-cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd aavmf-aarch64-code.bin
+cp Build/ArmVirtQemu-AArch64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
+cp Build/ArmVirtQemu-AArch64/DEBUG_GCC*/FV/QEMU_EFI.fd aavmf-aarch64-code.bin
 truncate -s 64M aavmf-aarch64-code.bin
-cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_VARS.fd aavmf-aarch64-vars.bin
+cp Build/ArmVirtQemu-AArch64/DEBUG_GCC*/FV/QEMU_VARS.fd aavmf-aarch64-vars.bin
 truncate -s 64M aavmf-aarch64-vars.bin

 # Remove the temporary build files to reduce the disk usage (bsc#1178244)
-rm -rf Build/ArmVirtQemu-AARCH64/
+rm -rf Build/ArmVirtQemu-AArch64/

 # Build with keys done later (shared between archs)

-### Build AARCH32 UEFI Images ###
-%ifnarch armv7hl
-# Assign the cross-compiler prefix
-export ${TOOL_CHAIN}_ARM_PREFIX="arm-suse-linux-gnueabi-"
-%endif
-# Build the UEFI image
-build $BUILD_OPTIONS_AA32
-
-cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
-cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_EFI.fd aavmf-aarch32-code.bin
-truncate -s 64M aavmf-aarch32-code.bin
-cp Build/ArmVirtQemu-ARM/DEBUG_GCC*/FV/QEMU_VARS.fd aavmf-aarch32-vars.bin
-truncate -s 64M aavmf-aarch32-vars.bin
-
-# Remove the temporary build files to reduce the disk usage (bsc#1178244)
-rm -rf Build/ArmVirtQemu-ARM/
-
 ### Build RISCV64 UEFI Images ###
 %if %{with build_riscv64}
 %ifnarch riscv64
@@ -641,13 +571,6 @@ rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
 %doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
 %{_bindir}/EfiRom

-%files -n qemu-ovmf-ia32
-%license License.txt License-ovmf.txt
-%dir %{_datadir}/qemu/
-%{_datadir}/qemu/ovmf-ia32*.bin
-%dir %{_datadir}/qemu/firmware
-%{_datadir}/qemu/firmware/*-ia32*.json
-
 %files -n qemu-ovmf-x86_64
 %license License.txt License-ovmf.txt
 %dir %{_datadir}/qemu/
@@ -673,15 +596,6 @@ rm %{buildroot}%{_datadir}/qemu/firmware/*-riscv64*.json
 %dir %{_datadir}/qemu/firmware
 %{_datadir}/qemu/firmware/*-aarch64*.json

-%files -n qemu-uefi-aarch32
-%license License.txt
-%dir %{_datadir}/qemu/
-%{_datadir}/qemu/qemu-uefi-aarch32.bin
-%{_datadir}/qemu/aavmf-aarch32-code.bin
-%{_datadir}/qemu/aavmf-aarch32-vars.bin
-%dir %{_datadir}/qemu/firmware
-%{_datadir}/qemu/firmware/*-aarch32*.json
-
 %if %{with build_riscv64}
 %files -n qemu-uefi-riscv64
 %license License.txt