What were you trying to do that didn't work?

HTTP boot entries are missing in edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.6.noarch, even if a hardware RNG (for example virtio-rng-pci) is present.
 (A RNG is required since the pixiefail CVE fixes for network support to work.)

https://issues.redhat.com/browse/RHEL-66238 adds a workaround for VMs that are missing any hardware RNG, for example no virtio-rng-pci. This re-enables PXE boot, but not http.

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

• edk2-aarch64-20221207gitfff6d81270b5-9.el9_2.6.noarch

How reproducible is this bug?

100%

Steps to reproduce

For example run qemu-kvm like this:

/usr/libexec/qemu-kvm \
    -machine virt \
    -machine pflash0=code \
    -machine pflash1=vars \
    -blockdev node-name=code,driver=file,filename="${FW_CODE}",read-only=on \
    -blockdev node-name=vars,driver=file,filename="${FW_VARS}" \
    -machine accel=kvm \
    -cpu host \
    -m 1G \
    -boot menu=on \
    -serial stdio \
    -netdev user,id=net0 -device virtio-net-pci,netdev=net0,rombar=1 \
    "${@}"

Using the edk2 versions from above

Expected results

HTTP boot options appear in the boot options dump (requires the verbose firmware image) and is attempted (after PXE usually).

Actual results

HTTP boot is missing in the list of boot options.