Releases: microsoft/mu_basecore
v2023110012.0.0
What's Changed
-
Create mocks for PlatformHookLib and PciLib @TsunFeng (#1094)
Change Details
## Description
Create mocks for PlatformHookLib and PciLib
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call PlatformHookLib and PciLib mock functions success
Integration Instructions
N/A
- Impacts functionality?
-
[Cherry-Pick][Rebase \& FF] UefiCpuPkg: Consume PcdCpuSmmApSyncTimeout2. @apop5 (#1097)
Change Details
## Description
In addition to what was said in the Cherry-Pick in #1096.
It looks like Edk2 picked up these changes, reverted them, and then added them back because Ovmf packages had already started consuming them.
The changes should not impact existing platforms, because the changes only modify PiSmmCpuDxeSmm.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Local CI.
Integration Instructions
N/A
- Impacts functionality?
-
[Cherry-Pick] UefiCpuPkg: Add PcdCpuSmmApSyncTimeout2 PCD @apop5 (#1096)
Change Details
## Description Cherry-Picking PCD definition from edk2. This does not change the basecore functionality to consume this pcd.
Provide the capability for platform to specifies the 2nd timeout value in microseconds for the BSP/AP in SMM to wait for one another to enter SMM.
The added interface can enhance the flexibility of timeout configuration. In some cases, certain processors may not be able to enter SMI, and prolonged waiting could lead to kernel soft/hard lockup. We have now defined two timeouts. The first timeout can be set to a smaller value to reduce the waiting period. Processors that are unable to enter SMI will be woken up through SMIIPL to enter SMI, followed by a second waiting period. The second timeout can be set to a larger value to prevent delays in processors entering SMI case due to the long instruction execution.
Cc: Ray Ni [email protected]
Cc: Rahul Kumar [email protected]
Cc: Gerd Hoffmann [email protected]- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Local CI
Integration Instructions
N/A
- Impacts functionality?
⚠️ Breaking Changes
-
[REBASE\&FF][CHERRY-PICK] ImageValidation: Add default configuration @Javagedes (#1104)
Change Details
Previously, ImageValidation was an "opt-in" plugin by setting a build variable `PE_VALIDATION_PATH`, however with this pull request, Image Validation will be on by default, with some default configuration that can be changed with a custom configuration yaml file.
The default requirements are:
- All efi binaries must not be both write and execute
- All efi binaries must have an image base of 0x0
- All dxe phase binaries must be 4k section aligned, with the one exception of AARCH64 DXE_RUNTIME_DRIVERS, which must be 64k aligned.
compiled binaries that need to be opted out of, can do so by adding an
IGNORE_LIST
in the configuration file{ "IGNORE_LIST": ["Shell.efi", "etc"] }
A cherry-pick of #1100 into release/202311
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Confirmed successful execution of the plugin on Windows with QemuQ35 and Ubuntu with QemuSbsa
Integration Instructions
Platforms that begin to fail this test will need to generate a configuration yaml file, and set a stuart build variable,
PE_VALIDATION_PATH
to it. It is suggested to do this in the Platform'sPlatformBuild.py
.The Correct Integration is to evaluate the binary and why it is not meeting the requirements. The platform can elect to update the compilation of the binary to meet the requirements, add or override validation rules for certain MODULE_TYPEs, or simply add the binary to the ignore list. Please review the Plugin's readme.md file for more details on doing any of these things.
-
BaseTools/build\_rule.template: Set additional Rust module linker flags @makubacki (#1098)
Change Details
## Description
This change sets the ImageBase in the PE header for Rust modules to
0
so they do not have a preferred base. This is similar to the EFI images produced by the edk2 build system. The subsystem type is also set toefi_boot_service_driver
instead of the default target specification value ofEFI_APPLICATION
. Details for changing the subsystem type are here:https://doc.rust-lang.org/nightly/rustc/platform-support/unknown-uefi.html#requirements
Ideally, these values would be set as individual
target.<triple>.rustflags
in.cargo/config.toml
. However, we override the/MAP
argument using-C linker-args
inbuild_rule.txt
to the build output directory. This must be set dynamically since the output directory and module name are based on per module values.Since the cargo configuration file does not support reading environment variables and setting an environment there in a
[env]
section would be too late to impact the commands that run inbuild_rules.txt
(cargo is called from cargo make based on those rules), this is the simplest approach to retain the map file path in addition to the new changes.In the future, this may be moved to a common target specification so the values are available without these changes.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Checked
ImageBase
andSubsystem
of EFI images in output directory
to confirm expected values.
Integration Instructions
This ...
v2023110011.0.0
What's Changed
-
Create the Google Test mocks for SmmBase2 Protocol. @Eathonhsu (#1088)
Change Details
## Description
Add mock functions under MockSmmBase2 and Create Mock for SmmBase2 protocol.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call these mock functions success
Integration Instructions
N/A
- Impacts functionality?
-
Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol @TsunFeng (#1084)
Change Details
## Description
Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call these mock functions success
Integration Instructions
N/A
- Impacts functionality?
-
Create Mock for IsaHc protocol @TsunFeng (#1087)
Change Details
## Description
Create Mock for IsaHc protocol
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call IsaHc mock functions success
Integration Instructions
N/A
- Impacts functionality?
-
Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib @TsunFeng (#1078)
Change Details
## Description
Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib for Unit Test.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call this mock function success
Integration Instructions
N/A
- Impacts functionality?
⚠️ Breaking Changes
-
[SQUASH ON REBASE] Revert "MdePkg/CompilerIntrinsicsLib: Add IntrinsicLib class and strcmp" @makubacki (#1086)
Change Details
## Description
The
strcmp
function was added to CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c in edk2 commit 46226fb. Therefore, ARM and AARCH64 modules can pick up thestrcmp
function needed to compile code from there without adding more functionality toCompilerIntrinsicsLib
just for building third-party crypto code.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- CrytoBinPkg build of all architectures
- Mu Basecore CI
Integration Instructions
strcmp
will no longer be provided inArmCompilerIntrinsicsLib
, use
another implementation if needed. Marked potentially breaking for this reason.
-
CryptoPkg: Updating Shared Crypto Bin to version 2023.12.2. @apop5 (#1075)
Change Details
## Description
Previous version v2023.11.3 did not contain PDB information, which was causing some problems in a platform which needed PDB information.
v2023.12.1 includes PDB information.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Ran mu_tiano_platforms with changes and verified boot.
Integration Instructions
After this update, platforms are required to supply gEfiRngPpiGuid in the Pei phase, and gEfiRngProtocolGuid in the Dxe phase.
Common implementations ar... - Impacts functionality?
v2023110010.0.1
What's Changed
-
Add deprecation warning support to OverrideValidation plugin @NishanthSanjeevi (#742)
Change Details
## Description
Added deprecation warning support to the existing Override validation plugin/tool.
- Impacts functionality?
- Functionality - All libraries/drivers that are no longer used should add a Deprecation warning
- Impacts security?
- Security - N/A
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? No
- Breaking change - Will anyone consuming this change experience a break
- Includes tests? No
- Includes documentation? Added documentation for how to use the Deprecation warnings module
How This Was Tested
Added the Deprecation warnings to the INFs and a warning was thrown when a deprecated module was part of the DSC
Integration Instructions
N/A
- Impacts functionality?
-
Update BaseCryptLib tests to reference the PCDs before running @kenlautner (#1034)
Change Details
## Description
The BaseCryptLibUnitTestApp tests the linked BaseCryptLib instance's crypto to make sure all functions are performing as expected. With the move to the Crypto binary and the BaseCryptLibOnProtocol instances we disable certain crypto functionality on purpose which causes the test to fail (and also the BaseCryptLibOnProtocol lib to assert). The changes made here use the already existing crypto PCDs to check if the tested cryptography is enabled with the current Crypto binary and if not to skip the test. This will allow the test to show if the enabled crypto is working correctly instead of failing for crypto we don't care about.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on Qemu and intel physical platforms with various crypto binary layouts. The relevant tests pass and disabled crypto skips their tests. Furthermore when the PCDs are configured to run tests for crypto we don't support with the selected crypto binary, the test fails as expected.
Integration Instructions
N/A. Using the crypto binaries should automatically configure the correct PCDs and BaseCryptLib library for the test to work correctly.
- Impacts functionality?
-
BaseTools/codeql: Update to CodeQL 2.18.1 @makubacki (#1072)
Change Details
## Description
Updates to the latest CodeQL version to resolve query dependencies.
Currently, errors like this will be seen:
Not using precompiled NoSpaceForZeroTerminator.qlx: This QLX (written by CodeQL 2.18.1) uses a primitive 'internSets', which this QL engine is too old to evaluate.
This is related to a CodeQL release made a few hours ago:
Release v2.18.1 · github/codeql-cli-binaries · GitHub
2311 version of #1069
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
- CI with CodeQL plugin enabled
Integration Instructions
- Verify queries being used are compatible with CodeQL 2.18.1
- Impacts functionality?
-
Added MockUefiDevicePathLib. Added gBS\_AllocatePool under MockUefiBootServicesTableLib @v-bhavanisu (#1059)
Change Details
## Description
Added MockUefiDevicePathLib. Added gBS_AllocatePool under MockUefiBootServicesTableLib
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Included this change under a GoogleTest and build successful
Integration Instructions
N/A
- Impacts functionality?
-
MdePkg/MockUefiLib: Add EfiCreateProtocolNotifyEvent() @TsunFeng (#1055)
Change Details
## Description
Added mock functions on UefiLib
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Unit tests component can call this mock function success
Integration Instructions
N/A
- Impacts functionality?
Full Changelog: v2023110010.0.0...v2023110010.0.1
v2023110010.0.0
What's Changed
-
Revert `NO_ABSOLUTE_RELOCS_IN_TEXT` MU change for GCC @kuqin12 (#1040)
Change Details
## Description
This change is created to revert the commit of 57e8694.
The original change was checked in the midst of other 202311 integration changes and now proven to be unnecessary.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
This was tested on MU tiano platforms repo and passed pipeline checks.
Integration Instructions
N/A
- Impacts functionality?
⚠️ Breaking Changes
-
[Cherry-Pick] BaseTools/HostBasedUnitTestRunner: Promote Unittest error to CI fail. @apop5 (#1039)
Change Details
## Description
Some unit tests would fail to execute or execute and not produce any output logs. In these cases, the only output would be in the CI Log as
UnitTest Execution Error
.A UnitTest Execution Error should be considered the same as a unit tests test failing.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
On repo where hosted based unit test failed execution prior to generating test results, CI would pass and CI Log would show "Execution Error" for the unit test.
After integrating this change, CI will fail with a unit test error.
Integration Instructions
For unit tests that are failing, each unit test will need to be examined and individually corrected.
- Impacts functionality?
Full Changelog: v2023110009.0.1...v2023110010.0.0
v2023110009.0.1
What's Changed
🔐 Security Impacting
-
MdeModulePkg: Compatibility Mode: Only Remap System Memory Regions @os-d (#1030)
Change Details
## Description
When we enter memory protections compatibility mode, we attempt to disable null protection and remap 0 - 0xA0000 as RWX. This was done for x86 systems with broken shim/grubs on Linux that would attempt to use those regions. This resolved that issue and we could boot non-memory protection safe Linux images on x86 HW. However, this approach did not take into account systems that do not have that range marked as system memory, for example ARM64 systems do not have this requirement. As such, this would inappropriately map these regions as RWX when they were not system memory.
This patch updates the remapping to only remap and disable null protection if these ranges are marked as system memory, otherwise it will leave them alone.
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on an ARM64 platform that does not have 0 - 0xA0000 as system memory, as well as an X86 system that does have that range as system memory, booting a Linux image on both that forces us to enter compatibility mode.
Integration Instructions
N/A.
</blockquote> <hr> </details>
- Impacts functionality?
Full Changelog: v2023110009.0.0...v2023110009.0.1
v2023110009.0.0
What's Changed
⚠️ Breaking Changes
-
Host Based Unit Test updates @Javagedes (#837)
Change Details
## Description
Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.
The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.
Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
N/A
Integration Instructions
If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
- Impacts functionality?
🚀 Features & ✨ Enhancements
-
BaseTools/Plugin/RustEnvironmentCheck: Use pytools Rust helpers @makubacki (#1037)
Change Details
## Description
The plugin implementation has moved to edk2-pytool-extensions so it
can be reused for plugins targeting different scenarios such as
public/generic (this plugin) or custom internal environments that
may need to add on additional functionality.This simplifies this plugin's implementation significantly.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified plugin still detects errors properly
- Unit tests added in edk2-pytool-extensions
Integration Instructions
An
id
has been added to the plugin YAML file (rust-env-check
). This
retains the same scope as before (rust-ci
) but allows a custom version
of the plugin to override this version by specifying:"id_override": "rust-env-check"
In its YAML file. Otherwise, no integration work is needed.
There is an example of code that sets
id_override
(via generated YAML) here for reference.edk2-pytool-extenions
0.27.10
is required this change to work due to the new functionality used in that release.
📖 Documentation Updates
-
Host Based Unit Test updates @Javagedes (#837)
Change Details
## Description
Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.
The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.
Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
N/A
Integration Instructions
If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
- Impacts functionality?
Full Changelog: v2023110008.1.1...v2023110009.0.0
v2023110008.1.1
What's Changed
-
Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE \& FF] @v-bhavanisu (#931)
Change Details
Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE & FF]
Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.Description
Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Included the mock functions on GoogleTests for the appropriate libraries under x86 and ensured build successful
Integration Instructions
N/A
- Impacts functionality?
-
Change CpuDeadLoops to panic calls in PiSmmCpuDxeSmm.c @kenlautner (#892)
Change Details
## Description
Changes the newly added CpuDeadLoops in PiSmmCpuDxeSmm.c into PANIC calls to give more information on issues that are hit instead of hanging the system.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
N/A
Integration Instructions
N/A
- Impacts functionality?
-
[CHERRY-PICK] UefiCpuPkg:fix issue when splitting paging entry @kenlautner (#909)
Change Details
## Description
This patch is to fix issue when splitting leaf paging entry in CpuPageTableLib code.
In previous code, before we assign the new child paging structure address to the content of splitted paging entry, PageTableLibSetPnle() is called to make sure the bit7 is set to 0, which indicate the previous leaf entry is changed to non-leaf entry now. There is a gap between we change the bit7 and we assign the new child paging structure address to the content of the splitted paging entry. If the address of code execution or data access happens to be in the range covered by the splitted paging entry, this gap may cause issue.
In this patch, we prepare the new paging entry content value in a local variable and assign the value to the splitted paging entry at once. The volatile keyword is used to ensure that no optimization will occur in compilation.
Reviewed-by: Ray Ni [email protected]
Cc: Rahul Kumar [email protected]
Cc: Gerd Hoffmann [email protected]
Reviewed-by: Jiaxin Wu [email protected]
Cc: Zhou Jianfeng [email protected]For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on Intel physical platforms that were hitting a paging split issue and ones that weren't having any problems. With this fix both platforms are able to boot correctly.
Integration Instructions
N/A
- Impacts functionality?
-
BaseTools/Plugin/HostBasedUnitTestRunner: Fix invalid escape in HostBasedUnitTest.py @antklein (#899)
Change Details
## Description
Fix invalid escape sequence in BaseTools/Plugin/HostBasedUnitTestRunner/HostBasedUnitTestRunner.py. These warnings are exposed by Python 3.12.
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Validated no functional changes to HostBasedUnitTestRunner.
Integration Instructions
N/A
- Impacts functionality?
🐛 Bug Fixes
-
[CHERRY-PICK] [Release/202311] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#891)
Change Details
# Preface
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610
Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).
This works fine if you're linking a program manually using
gcc a.o b.o c.o -o test_suite
but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for obj...
v2023020017.0.0
What's Changed
-
MuCodeQlQueries.qls: Pin to the 0.9.12 codeq/cpp-queries pack @makubacki (#883)
Change Details
## Description
The
codeql/cpp-queries
pack used in MuCodeQlQueries.qls was versioned
0.9.12 for the CodeQL CLI v2.17.3 release currently used.https://github.com/github/codeql/blob/codeql-cli/v2.17.3/cpp/ql/src/qlpack.yml
This change pins that pack version to prevent the CodeQL CLI and
pack from getting out of sync until explicitly updated.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified the CodeQL query pack version listed is pulled.
Integration Instructions
- N/A - No change to queries used. Should prevent breaks in the future where
the latest queries are no longer compatible with the current CodeQL CLI used.
⚠️ Breaking Changes
-
[REVERT] [CHERRY-PICK] Reverts previous commit to update to 2023.2.16, moves to 2023.2.15, corrects extdep, removes duplicate files @Flickdm (#913)
Change Details
## Description
An incorrect assumption was made that the INF's need to be removed from the CryptoPkgDriver because the MU_BASECORE already had duplicate entries and this aligned with previous releases (Now unlisted 2023.2.16). This goes back to the working release (2023.2.15) and updates the extdep accordingly. Further additional (potentially breaking) changes were required to be made to get the crypto package working. See commit 5efeb20
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Simplifies RNG Support expected of platforms
- platforms integrating the binaries may have very different levels of support for random number generation,
- allow the platform to provide a RNG service for PEI and DXE.
- Impacts security?
- Breaking change?
- Platforms are expected to provide a source for RNG
- See [this change]
(microsoft/mu_crypto_release@68c7e29)
- See [this change]
- Platforms that have a direct dependency on CryptoPkg should now use
$(SHARED_CRYPTO_PATH)
!include $(SHARED_CRYPTO_PATH)/Driver/Bin/CryptoDriver.inc.dsc
- Platforms are expected to provide a source for RNG
- Includes tests?
- Includes documentation?
How This Was Tested
Built on multiple Release/202302 based platforms
Booted to ShellIntegration Instructions
Platforms are expected to provide a source for RNG [this change]
(microsoft/mu_crypto_release@68c7e29)MU_TIANO_PLATFORMS may be used as an example
- Impacts functionality?
-
Update Crypto Driver to 2023.2.16 for RNG Services @Flickdm (#910)
Change Details
# Preface
This updates the crypto driver to simplify RNG support and allows for a platform to provide a RNG service for PEI and DXE.
The crypto binary (2023.2.15) was built at this commit
microsoft/mu_crypto_release@c978485For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Simplifies RNG Support expected of platforms
- platforms integrating the binaries may have very different levels of support for random number generation,
- allow the platform to provide a RNG service for PEI and DXE.
- Impacts security?
- Breaking change?
- Platforms are expected to provide a source for RNG
- See this change
- Platforms are expected to provide a source for RNG
- Includes tests?
- Includes documentation?
How This Was Tested
✔️ Built locally
✔️ Built against Pipelines
✔️ Booted to shell
✔️ Booted to frontpage on a system with rdrand disabledIntegration Instructions
-
Read the readme update made in this change in the
"Dependencies Built into Shared Crypto" section.</blockquote> <hr>
- Impacts functionality?
🚀 Features & ✨ Enhancements
-
[CHERRY-PICK] Add RNG PPI Support [Rebase \& FF] @makubacki (#888)
Change Details
## Description
MdePkg: Add Random Number Generator (RNG) PPI
Adds a new PPI that serves the same purpose as EFI_RNG_PROTOCOL in
DXE. This PPI can be produced by a PEIM to provide a dynamic interface
to RNG services in PEI.This PPI is called
EFI_RNG_PPI
because it shares the exact same
interface withEFI_RNG_PROTOCOL
which is described in the UEFI
Speficiation.
MdePkg: Add PeiRngLib
Adds a new PEI library instance for RngLib that uses the RNG services
provided by the RNG PPI.This library instance will add a DEPEX on gEfiRngPpiGuid on modules
it links against. It can be used to allow PEIMs to get RNG support
over a dynamic interface.
(cherry picked from mu_basecore/release/202311)
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- MdePkg CI
- Verify the RNG PPI can be successfully produced and consumed
Integration Instructions
If a platform needs to share RNG support across a dynamic interface
between PEIMs, the RNG PPI can be used.PeiRngLib
provides aRngLib
instance that use the RNG PPI. It will include a dependency ongEfiRngPpiGuid
.
🐛 Bug Fixes
-
[CHERRY-PICK] Set EFI\_MEMORY\_SP as System Memory @makubacki (#920)
Change Details
## Description
Cherry picks 9051d2e from release/202311.
When supplying DxeCore with a resource descriptor HOB, a platform can choose which memory type to specify. For EFI_MEMORY_SP resource descriptor HOBs, instead of blindly setting GcdReserved as the memory type, respect what the resource descriptor HOB specified. Closes #884.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware?- Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ... - Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
How This Was Tested
Tested on virtual platforms with CXL memory attached.
Integration Instructions
N/A.
-
[CHERRY-PICK] [Release/202302] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#893)
Change Details
# Preface REF: https://github.com//pull/891 - Dropping GOOGLETEST_HOST_UNIT_BUILD option as release/202302 does not have any expectation to support it.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610
Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).
This works fine if you're linking a program manually using
gcc a.o b.o c.o -o test_suite
but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for object files to be pulled in to the link if there isn't an undefined symbol reference to that .o elsewhere.
Fix it by passing --whole-archive (GCC) and /WHOLEARCHIVE (MSVC). These options force the linker to pull in the entire s...
v2023110008.1.0
What's Changed
-
[Rebase \& FF] Adding support for CLANGPDB build @kuqin12 (#848)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.Description
This change added the tools_def section for building AARCH64 target with CLANGPDB.
A few assembly files are fixed up to remove unsupported directives.
Lastly, an issue of uninitialized variable that might be used is fixed from DevicesPathLib.
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
This change is tested on QEMU SBSA platform and booted to UEFI shell.
Integration Instructions
Platforms that would like to build with CLANGPDB should specify
TOOL_CHAIN_TAG=CLANGPDB
to build with CLANGPDB.</blockquote> <hr> </details>
- Impacts functionality?
-
[CHERRY-PICK] Pull in fixes in UefiCpuPkg where we can dereference a NULL pointer for mCpuHotPlugData.SmBase @kenlautner (#887)
Change Details
## Description
Cherry-pick the following two commits that fix some issues with previously cherry-picked UefiCpuPkg commits. This mainly fixes a NULL dereference bug.
tianocore/edk2@72c441d
tianocore/edk2@edc6681For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on Smm based intel physical platforms.
Integration Instructions
N/A
</blockquote> <hr> </details>
- Impacts functionality?
-
Added MockPciIoProtocol and MockLocalApicLib @v-bhavanisu (#890)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.Description
Added MockPciIoProtocol and MockLocalApicLib to be used in GoogleTests
For each item, place an "x" in between
[
and]
if true. Example:[x]
.
(you can also check items in the GitHub UI)- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Integrated these into Intel Gen 11 for a GoogleTest and ensured no build errors
Integration Instructions
N/A
</blockquote> <hr> </details>
- Impacts functionality?
-
MuCodeQlQueries.qls: Pin to the 0.9.12 codeq/cpp-queries pack @makubacki (#882)
Change Details
## Description
The
codeql/cpp-queries
pack used in MuCodeQlQueries.qls was versioned
0.9.12 for the CodeQL CLI v2.17.3 release currently used.https://github.com/github/codeql/blob/codeql-cli/v2.17.3/cpp/ql/src/qlpack.yml
This change pins that pack version to prevent the CodeQL CLI and
pack from getting out of sync until explicitly updated.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified the CodeQL query pack version listed is pulled.
Integration Instructions
- N/A - No change to queries used. Should prevent breaks in the future where
the latest queries are no longer compatible with the current CodeQL CLI used.
🚀 Features & ✨ Enhancements
-
Add RNG PPI Support @makubacki (#881)
Change Details
## Description
MdePkg: Add Random Number Generator (RNG) PPI
Adds a new PPI that serves the same purpose as EFI_RNG_PROTOCOL in
DXE. This PPI can be produced by a PEIM to provide a dynamic interface
to RNG services in PEI.This PPI is called
EFI_RNG_PPI
because it shares the exact same
interface withEFI_RNG_PROTOCOL
which is described in the UEFI
Speficiation.
MdePkg: Add PeiRngLib
Adds a new PEI library instance for RngLib that uses the RNG services
provided by the RNG PPI.This library instance will add a DEPEX on gEfiRngPpiGuid on modules
it links against. It can be used to allow PEIMs to get RNG support
over a dynamic interface.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- MdePkg CI
- Verify the RNG PPI can be successfully produced and consumed
Integration Instructions
If a platform needs to share RNG support across a dynamic interface
between PEIMs, the RNG PPI can be used.PeiRngLib
provides aRngLib
instance that use the RNG PPI. It will include a dependency ongEfiRngPpiGuid
.
🐛 Bug Fixes
-
Set EFI\_MEMORY\_SP as System Memory @os-d (#886)
Change Details
## Description
When supplying DxeCore with a resource descriptor HOB, a platform can choose which memory type to specify. For EFI_MEMORY_SP resource descriptor HOBs, instead of blindly setting GcdReserved as the memory type, respect what the resource descriptor HOB specified. Closes #884.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples:...
- Impacts functionality?
v2023110008.0.0
What's Changed
-
NetworkPkg TcpDxe: Fixed system stuck on PXE boot flow in iPXE enviro… @Flickdm (#879)
Change Details
## Description
This bug fix is based on the following commit "NetworkPkg TcpDxe: SECURITY PATCH"
REF: 1904a64Issue Description:
An "Invalid handle" error was detected during runtime when attempting to destroy a child instance of the hashing protocol. The problematic code segment was:NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, &mHash2ServiceHandle);Root Cause Analysis:
The root cause of the error was the passing of an incorrect parameter type, a pointer to an EFI_HANDLE instead of an EFI_HANDLE itself, to the DestroyChild function. This mismatch resulted in the function receiving an invalid handle.Implemented Solution:
To resolve this issue, the function call was corrected to pass mHash2ServiceHandle directly:NetworkPkg\TcpDxe\TcpDriver.c
Status = Hash2ServiceBinding->DestroyChild(Hash2ServiceBinding, mHash2ServiceHandle);This modification ensures the correct handle type is used, effectively rectifying the "Invalid handle" error.
Verification:
Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment.Cc: Doug Flick [MSFT] [email protected]
Reviewed-by: Saloni Kasbekar [email protected]
- [ X] Impacts functionality?
- Corrects handle passed to DestroyChild(..)
- Impacts security?
- N/A
- Breaking change?
- N/A
- Includes tests?
- N/A
- Includes documentation?
- N/A
How This Was Tested
"Testing has been conducted, confirming the efficacy of the fix. Additionally, the BIOS can boot into the OS in an iPXE environment."
iPXE booted successfully
Integration Instructions
N/A
- [ X] Impacts functionality?
-
[CHERRY-PICK] MdePkg/SmBios.h: Add New ProcessorUpgrade definitions for SMBIOS Type4 @srilathasridharan (#858)
Change Details
## Description
The patch adds new ProcessorUpgrade definitions for SMBIOS Type4 based on SMBIOS 3.8.0.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Builds and boots on intel platforms.
Integration Instructions
N/A
- Impacts functionality?
-
[CHERRY\_PICK] UefiCpuPkg changes [Rebase \& FF] @srilathasridharan (#839)
Change Details
## Description
Cherry-pick commits to support latest intel platforms. Below is a summary of the commits included.
- Support for CPUID_EXTEND_TOPOLOGY
- Support for Customized FV Migration
- Create gMpInformationHobGuid2
- Support for choosing Non SMM BSP in SMM.
- Get processor extended information in SmmAddProcessor
- [x ] Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Verified on Intel platform. (Testing on older platforms pending).
Integration Instructions
N/A
-
BinToPcd.py: Remove xdrlib import @antklein (#852)
Change Details
## Description
- Run Python sort on imports
- Remove xdrlib import as it is not used and will be deprecated in Python 3.13
- This change was missed as part of implementing Python updates between release/202302 and release/202311 branches.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Validated this change does not impact the functionality of the BinToPcd.py script.
Integration Instructions
N/A
⚠️ Breaking Changes
-
[CHERRY-PICK] UefiCpuPkg: change name of gMpInformationHobGuid2 @srilathasridharan (#875)
Change Details
## Description
Change name of gMpInformationHobGuid2 to
gMpInformation2HobGuid. It's to align with
the file name MpInformation2.h and the
structure name MP_INFORMATION2_HOB_DATA.- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on Intel platform
Integration Instructions
N/A
- Impacts functionality?
🚀 Features & ✨ Enhancements
-
Fixing an edge case in AutoGen script where BUILDMODULE might fail @kuqin12 (#878)
Change Details
## Description
This change fixed an edge case when invoking the build process with "BUILDMODULE" and no stack cookie is involved (i.e. pure assembly code), the build might fail.
The existing code path is written to handle such case, b...