diff --git a/Docs/Sample.plist b/Docs/Sample.plist
index c406f63b63f..c0a7e4f7858 100644
--- a/Docs/Sample.plist
+++ b/Docs/Sample.plist
@@ -1709,6 +1709,18 @@
 				<key>Path</key>
 				<string>RngDxe.efi</string>
 			</dict>
+			<dict>
+				<key>Arguments</key>
+				<string></string>
+				<key>Comment</key>
+				<string></string>
+				<key>Enabled</key>
+				<false/>
+				<key>LoadEarly</key>
+				<false/>
+				<key>Path</key>
+				<string>Hash2DxeCrypto.efi</string>
+			</dict>
 			<dict>
 				<key>Arguments</key>
 				<string></string>
diff --git a/Docs/SampleCustom.plist b/Docs/SampleCustom.plist
index 31d679f8fa6..210ea7dfae3 100644
--- a/Docs/SampleCustom.plist
+++ b/Docs/SampleCustom.plist
@@ -2077,6 +2077,18 @@
 				<key>Path</key>
 				<string>RngDxe.efi</string>
 			</dict>
+			<dict>
+				<key>Arguments</key>
+				<string></string>
+				<key>Comment</key>
+				<string></string>
+				<key>Enabled</key>
+				<false/>
+				<key>LoadEarly</key>
+				<false/>
+				<key>Path</key>
+				<string>Hash2DxeCrypto.efi</string>
+			</dict>
 			<dict>
 				<key>Arguments</key>
 				<string></string>
diff --git a/OpenCorePkg.dsc b/OpenCorePkg.dsc
index 6f76d9866f1..1babb76d140 100755
--- a/OpenCorePkg.dsc
+++ b/OpenCorePkg.dsc
@@ -160,7 +160,7 @@
   UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
   UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
   UefiDriverEntryPoint|OpenCorePkg/Library/OcDriverEntryPoint/UefiDriverEntryPoint.inf
-  UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
+  UefiHiiServicesLib|OpenCorePkg/Library/OcHiiServicesLib/OcHiiServicesLib.inf
   UefiImageExtraActionLib|MdePkg/Library/BaseUefiImageExtraActionLibNull/BaseUefiImageExtraActionLibNull.inf
   UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
   UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
@@ -383,9 +383,10 @@
   # Ext4 driver
   Ext4Pkg/Ext4Dxe/Ext4Dxe.inf
 
-  # EFI_RNG_PROTOCOL is required by various network boot drivers since edk2-stable202405
+  # RNG and HASH2 protocols are required by various network boot drivers since edk2-stable202405
   # REF: https://github.com/acidanthera/bugtracker/issues/2421
   SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+  SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf
 
   #
   # Network Support
diff --git a/Platform/OpenNetworkBoot/HttpBootCustomRead.c b/Platform/OpenNetworkBoot/HttpBootCustomRead.c
index 9f21e702ec9..63653e6a8fb 100644
--- a/Platform/OpenNetworkBoot/HttpBootCustomRead.c
+++ b/Platform/OpenNetworkBoot/HttpBootCustomRead.c
@@ -7,6 +7,9 @@
 
 #include "NetworkBootInternal.h"
 
+#include <Library/OcConsoleLib.h>
+#include <Protocol/ConsoleControl.h>
+
 typedef struct {
   EFI_DEVICE_PATH_PROTOCOL    *RamDiskDevicePath;
 } CUSTOM_FREE_CONTEXT;
@@ -158,6 +161,8 @@ HttpBootCustomRead (
 
   gDmgLoading = DmgLoading;
 
+  OcConsoleControlSetMode (EfiConsoleControlScreenText);
+
   //
   // Load the first (or only) file. This method has been extended to
   // abort early (avoiding a pointless, long, slow load of a DMG) if DmgLoading
@@ -285,6 +290,8 @@ PxeBootCustomRead (
   OUT VOID                                 **Context
   )
 {
+  OcConsoleControlSetMode (EfiConsoleControlScreenText);
+
   *DevicePath = BmExpandLoadFiles (ChosenEntry->DevicePath, Data, DataSize);
 
   return (*DevicePath == NULL ? EFI_NOT_FOUND : EFI_SUCCESS);
diff --git a/Platform/OpenNetworkBoot/OpenNetworkBoot.c b/Platform/OpenNetworkBoot/OpenNetworkBoot.c
index 2518ac6be42..12712128c06 100644
--- a/Platform/OpenNetworkBoot/OpenNetworkBoot.c
+++ b/Platform/OpenNetworkBoot/OpenNetworkBoot.c
@@ -151,11 +151,6 @@ InternalAddEntry (
     PickerEntry->Flavour    = IsIPv4 ? OC_FLAVOUR_PXE_BOOT4 : OC_FLAVOUR_PXE_BOOT6;
   }
 
-  //
-  // Probably sensible on balance ... although not yet clear how it will interact with GUI-based firmware.
-  //
-  PickerEntry->TextMode = TRUE;
-
   PickerEntry->Auxiliary = mAuxEntries;
 
   return EFI_SUCCESS;
diff --git a/Platform/OpenNetworkBoot/OpenNetworkBoot.inf b/Platform/OpenNetworkBoot/OpenNetworkBoot.inf
index 00c2f996d58..b892e86b11f 100644
--- a/Platform/OpenNetworkBoot/OpenNetworkBoot.inf
+++ b/Platform/OpenNetworkBoot/OpenNetworkBoot.inf
@@ -22,6 +22,7 @@
   DebugLib
   DevicePathLib
   HttpLib
+  OcConsoleLib
   OcBootManagementLib
   OcFlexArrayLib
   OcVirtualFsLib
diff --git a/Platform/OpenNetworkBoot/README.md b/Platform/OpenNetworkBoot/README.md
index 44adfe73fb1..6797b792f44 100644
--- a/Platform/OpenNetworkBoot/README.md
+++ b/Platform/OpenNetworkBoot/README.md
@@ -363,60 +363,58 @@ The following drivers supplied with OpenCore make up the network boot
 stack. Please follow the procedures given towards the start of this
 document for deciding which drivers to add.
 
-### RNG (UEFI Random Number Generator Protocol) Support
+### Prerequisites
+Various network boot drivers depend on the presence of HiiDatabase.
+
 A recent (May 2024) security update to the EDK 2 network stack
-means that many network stack drivers require EFI_RNG_PROTOCOL.
-The driver for this protocol is often present in firmware
-older than that. It can be checked for with `dh -p Rng` in the UEFI Shell.
-If it cannot be found, the network boot stack will fail
-to start (and debug versions of the drivers will print a
-warning and ASSERT).
-If the protocol is missing it is necessary to load `RngDxe.efi`
-to provide it.
-
-In the case of OVMF, the driver `VirtioRngDxe` which provides this protocol
-is already present in firmware, but it will not operate without the qemu
-option `-device virtio-rng-pci`, which provides the VM RNG service which that
-driver has to connect to. Therefore, when starting OVMF, you can
-provide that qemu option instead of loading `RngDxe`.
-
-*Note*: Current versions of the drivers listed below with * require
-this protocol. (`HttpBootDxe.efi` only requires the protocol for IPv6
-support. The others listed require it for IPv4 and IPv6.)
+means that various drivers also depend on the RNG and Hash2 protocols.
+
+These protocols can be checked for in UEFI Shell with:
+
+```
+dh -p HIIDatabase
+dh -p Rng
+dh -p Hash2
+```
+
+If not present, the respective drivers should be loaded before
+the network boot stack.
 
 ```
+HiiDatabase
 RngDxe
+Hash2DxeCrypto
 ```
 
-### Base
+### Network Boot Base
 ```
 DpcDxe
 SnpDxe
 MnpDxe
-TcpDxe *
+TcpDxe
 ```
 
 ### IPv4
 ```
 ArpDxe
-Dhcp4Dxe *
-Ip4Dxe *
-Udp4Dxe *
+Dhcp4Dxe
+Ip4Dxe
+Udp4Dxe
 ```
 
 ### IPv6
 ```
-Dhcp6Dxe *
-Ip6Dxe *
-Udp6Dxe *
+Dhcp6Dxe
+Ip6Dxe
+Udp6Dxe
 ```
 
 ### HTTP Boot
 ```
-DnsDxe *
+DnsDxe
 HttpDxe
 HttpUtilitiesDxe
-HttpBootDxe *
+HttpBootDxe
 ```
 
 ### HTTPS (TLS) support for HTTP Boot
diff --git a/build_oc.tool b/build_oc.tool
index 750c7c32993..717cab9b632 100755
--- a/build_oc.tool
+++ b/build_oc.tool
@@ -191,6 +191,7 @@ package() {
       "DpcDxe.efi"
       "Ext4Dxe.efi"
       "FirmwareSettingsEntry.efi"
+      "Hash2DxeCrypto.efi"
       "HiiDatabase.efi"
       "HttpBootDxe.efi"
       "HttpDxe.efi"