v2024050000.0.2

What's Changed

• [CHERRY-PICK][REBASE\&FF] ImageValidation.py: Support gitignore style syntax for file exclusion @Javagedes (#1154)
  
  Change Details

    ## Description

  Cherry-pick of #1140 into dev/202405

  This commit is also in release/202308

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Squash into 6310e1e

  How This Was Tested

  Cherry-pick of #1140 into dev/202405

  Integration Instructions

  Cherry-pick of #1140 into dev/202405

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] .pytool/ImageValidation: Print invalid dir paths @makubacki (#1155)
  
  Change Details

    ## Description

  • Print directory paths considered invalid to aid debugging

  • Build native OS file paths using os.path.join for walk dirs

  • Clean up trailing whitespace throughout the file

  • Impacts functionality?

  • Impacts security?

  • Breaking change?

  • Includes tests?

  • Includes documentation?

  How This Was Tested

  • Local build with the plugin
  • Tested invalid directory printing by adding an invalid arch to TARGET_ARCH (so the directory doesn't exist in build output).

  Integration Instructions

  N/A - Minor tweaks
  

  
  

  ---

  
  

• [CHERRY-PICK] MdePkg: Bring in mocks from 2311 @VivianNK (#1139)
  
  Change Details

    ## Description

  Add mocks from 2311

  Cherry picked and squashed the following commits:
  a5ba951
  5aa1be5

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested in 202311 CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick] Support Report Status Code in the UefiPxe driver. @apop5 (#1138)
  
  Change Details

    ## Description

  Report PXE error status via Status Code, with this design, it will be flexible to register a status code handler via gEfiRscHandlerProtocolGuid to output the customized error code to other telemetry service.

  The subclass code is EFI_IO_BUS_IP_NETWORK

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• [REBASE\&FF] MdeModulePkg/SMM: Initialize 'WillReturn' variable @Javagedes (#1159)
  
  Change Details

    ## Description

  The local variable 'WillReturn' was being used without prior initialization in some code paths.
  This patch ensures that 'WillReturn' is properly initialized to prevent undefined behavior.

  Cherry-pick from EDKII tianocore/edk2@30b6d08
  Cherry-pick from dev/202405 36f763d

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Cherry-pick from EDKII tianocore/edk2@30b6d08

  Integration Instructions

  Cherry-pick from EDKII tianocore/edk2@30b6d08

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2024050000.0.1...v2024050000.0.2

v2023110012.1.0

What's Changed

• [202311] ImageValidation.py: Support gitignore style syntax for file exclusion @Javagedes (#1141)
  
  Change Details

    ## Description

  Add gitignore style syntax for file exclusion

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ensured existing syntax (filename only) continues to work. Ensured gitignore style syntax now works.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Mock Functions for ReportStatusCodeHandler Library \& RegistryNotify , ConnectController in MockUefiBootServicesTableLib @v-sbolisetti (#1122)
  
  Change Details

    ## Description

  Added Mock Functions for ReportStatusCodeHandler Library & RegistryNotify , ConnectController in MockUefiBootServicesTableLib

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add mock functions under MockUefiRuntimeServicesTableLib, MockUefiRuntimeServicesTableLib and Create Mock for DxeServicesTableLib @YiTa-AMI (#1109)
  
  Change Details

    ## Description

  Add mock functions under MockUefiRuntimeServicesTableLib, MockUefiRuntimeServicesTableLib and Create Mock for DxeServicesTableLib

  For details on how to complete to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] MdeModulePkg/FaultTolerantWriteDxe: Fix buffer overrun issue @os-d (#1134)
  
  Change Details

    ## Description

  • This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader function.As per the current code, when there is a malformed blocks (with all bytes as 0s) then Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites, FtwHeader->PrivateDataSize) would access beyond FtwWorkSpaceSize.

  • Also added the signature check to validate work space

  • Impacts functionality?

  • Impacts security?

  • Breaking change?

  • Includes tests?

  • Includes documentation?

  How This Was Tested

  Tested on failing platform.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• [202311] ImageValidation.py: Don't parse entire image @Javagedes (#1126)
  
  Change Details

    ## Description

  This commit modifies the PE parsing functionality to only parse the headers of the image, rather than the entire image. This change is made to improve performance and also the probability of failing to parse the entire image. This comes after this commit (erocarrera/pefile#365) in pefile resulted in efi image parsing failures, breaking the build.

  This commit also wraps the parsing of the image in a try-except block to catch any exceptions that may be raised during parsing, to cleanly exit.

  See: microsoft/mu_tiano_platforms#1025 and erocarrera/pefile#421

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated pipelines build on mu_tiano_platforms

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add mock functions under MockUefiLib and Create Mock for CapsuleLib, PerformanceLib, MockUefiBootManagerLib and GenericMemoryTestProtocol @YiTa-AMI (#1111)
  
  Change Details

    ## Description

  Add mock functions under MockUefiLib and Create Mock for CapsuleLib, PerformanceLib and GenericMemoryTestProtocol

  For details on how to complete to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [202311] ImageValidation: Determine profile from inf MODULE\_TYPE @Javagedes (#1125)
  
  Change Details

    ## Description

  In previous iterations, the profile was determined by parsing the makefile, looking for MODULE_TYPE. As each OS / tool chain may use a different makefile type, this was not a reliable method. This updates the plugin to read the INF for the compiled efi file to determine the MODULE_TYPE and thus the profile.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated on qemuq35 that the module type was successfully parsed.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• [2311][Rebase \& FF] STM Support @makubacki (#1113)
  
  Change Details

    ## Description

  Adds SMM Transfer Monitor (STM) infrastructure changes.

  Commit Summary

  • MdeModulePkg/TpmMeasurementLibNull: Add MM_CORE_STANDALONE

  • BaseTools: Add the GenStm C tool

  • Impacts functionality?

  • Impacts security?

  • Breaking change?

  • Includes tests?

  • Includes documentation?

  How This Was Tested

  • Build with GenStm
  • Generate an aux file using the build rule
  • Link the TpmMeasureLibNull instance to a Standalone MM Core module

  Integration Instructions

  • No change is needed unless this support is needed
  • Review the GenStm arguments in help output for more details
    

  
  

  ---

Full Changelog: v2023110012.0.0...v2023110012.1.0

v2024050000.0.1

What's Changed

• [202405] Add Cumulative CodeQL changes. @apop5 (#1137)
  
  Change Details

    ## Description

  Cumulative CodeQL fixes for the release 202405 Branch.

  13dff4f
  f26f86d
  e97c273
  564f262
  769b019
  4828ebb
  4c372a2
  5f165d2
  006dc1f
  c99d59f
  f648481
  c70d96e
  7c60e33
  2deccbe
  2c4db39
  ec7a96c
  45219b5
  b47eb1f
  1cd17c1
  fec2cd9
  326dde3
  a420f66
  4f4cc7d
  d2e5518
  9496601
  83ec756
  192d343
  55ad1f2
  e71970b
  be03b5b
  b9d04a0
  f495191
  6acf82c
  2c6ee99
  8398844
  f90d7a8
  5464d16
  4c082e3
  f8616ec
  070d25d
  442aab8
  fe7078e
  e0b2964
  798cfa3
  92dc249
  0c3eaac

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ran Local CI.
  Booted on physical system.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] MdeModulePkg/FaultTolerantWriteDxe: Fix buffer overrun issue @os-d (#1131)
  
  Change Details

    ## Description

  • This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader function.As per the current code, when there is a malformed blocks (with all bytes as 0s) then Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites, FtwHeader->PrivateDataSize) would access beyond FtwWorkSpaceSize.

  • Also added the signature check to validate work space

  • Impacts functionality?

  • Impacts security?

  • Breaking change?

  • Includes tests?

  • Includes documentation?

  How This Was Tested

  Cherry-picked from edk2.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• [202405] ImageValidation.py: Don't parse entire image @Javagedes (#1127)
  
  Change Details

    ## Description

  This commit modifies the PE parsing functionality to only parse the headers of the image, rather than the entire image. This change is made to improve performance and also the probability of failing to parse the entire image. This comes after this commit (erocarrera/pefile#365) in pefile resulted in efi image parsing failures, breaking the build.

  This commit also wraps the parsing of the image in a try-except block to catch any exceptions that may be raised during parsing, to cleanly exit.

  See: microsoft/mu_tiano_platforms#1025 and erocarrera/pefile#421

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated pipelines build on mu_tiano_platforms

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [202405] ImageValidation: Determine profile from inf MODULE\_TYPE @Javagedes (#1124)
  
  Change Details

    ## Description

  In previous iterations, the profile was determined by parsing the makefile, looking for MODULE_TYPE. As each OS / tool chain may use a different makefile type, this was not a reliable method. This updates the plugin to read the INF for the compiled efi file to determine the MODULE_TYPE and thus the profile.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated on qemuq35 that the module type was successfully parsed.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

📖 Documentation Updates

• Update ReadMe.rst to add mock-related breaking changes @VivianNK (#1130)
  
  Change Details

    ## Description

  Release notes for 202311 -> 202405
  Cmocka mocks and stubs were moved so file paths using them need to be updated.

  Remove markdown syntax for links.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2024050000.0.0...v2024050000.0.1

v2024050000.0.0

Initial Release notes of 202405 contain a full list of mu changes on top of edk2-stable202405

PR associated with the commit can be found at the bottom of the information pane reached by clicking on the commit hash

What's Changed

🚀 Features & ✨ Enhancements

• UefiCpuPkg: CpuPageTableLib: Remove Empty Test Suite
  
  Change Details

    f481172

  ---

• Create mocks for PlatformHookLib and PciLib (#1094)
  
  Change Details

    47134bd

  ---

• [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Consume PcdCpuSmmApSyncTimeout2
  
  Change Details

    4d722ac

  ---

• [CHERRY-PICK] UefiCpuPkg: Refine the PCD usage comment
  
  Change Details

    125e5a0

  ---

• [Cherry-Pick] UefiCpuPkg: Add PcdCpuSmmApSyncTimeout2 PCD (#1096)
  
  Change Details

    b970851

  ---

• Create the Google Test mocks for SmmBase2 Protocol.
  
  Change Details

    efda14a

  ---

• Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol
  
  Change Details

    2f6f616

  ---

• Create Mock for IsaHc protocol
  
  Change Details

    19e3f7b

  ---

• Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib
  
  Change Details

    ea82edd

  ---

• Add deprecation warning support to OverrideValidation plugin (#742)
  
  Change Details

    6f49d15

  ---

• Update BaseCryptLib tests to reference the PCDs before running (#1034)
  
  Change Details

    2567c9b

  ---

• Added MockUefiDevicePathLib and gBS_AllocatePool under MockUefiBootServicesTableLib
  
  Change Details

    64d9dfe

  ---

• Added mock functions on UefiLib
  
  Change Details

    6e13911

  ---

• Added mock functions for TimerLib
  
  Change Details

    b477e63

  ---

• Added mock functions for PciExpressLib
  
  Change Details

    0182bec

  ---

• Added mock functions for UefiBootServicesTableLib
  
  Change Details

    c321f8c

  ---

• BaseTools/Plugin/HostBasedUnitTestRunner: Fix invalid escape in HostBasedUnitTest.py (#899)
  
  Change Details

    4719b97

  ---

• Set EFI_MEMORY_SP as System Memory (#886)
  
  Change Details

    036686e

  ---

• Added MockPciIoProtocol and MockLocalApicLib (#890)
  
  Change Details

    52973f2

  ---

• GitHub Action: Bump robinraju/release-downloader from 1.10 to 1.11 (#1116)
  
  Change Details

    973a5aa

  ---

• pip: Update all pip-requirements to latest. (#1120)
  
  Change Details

    7dac39f

  ---

• Repo File Sync: 202405 Branch Transition Updates. (#1119)
  
  Change Details

    ba1307e

  ---

• CodeQlFilters.yml: Add global CodeQL filter file to repo.
  
  Change Details

    301fb03

  ---

• ShellPkg: CodeQL Fixes.
  
  Change Details

    22ae568

  ---

• UefiCpuPkg: CodeQL Fixes.
  
  Change Details

    b001cc9

  ---

• MdeModulePkg: CodeQL Fixes.
  
  Change Details

    d74b9cf

  ---

• MdePkg: CodeQL Fixes.
  
  Change Details

    413351c

  ---

• NetworkPkg: CodeQL Fixes.
  
  Change Details

    3dc1746

  ---

• StandaloneMmPkg: CodeQL Fixes.
  
  Change Details

    652f7e4

  ---

• Updated Release notes. (#1107)
  
  Change Details

    dbfd484

  ---

• BaseTools/build_rule.template: Add FILE_GUID to the environment for Rust modules (#1108)
  
  Change Details

    6305b70

  ---

• MdeModulePkg: Correct the placement of the variable policy locking
  
  Change Details

    8c05410

  ---

• MdePkg: Create Google mock for ReadOnlyVariable2
  
  Change Details

    30d4dd5

  ---

• Revert "MdeModulePkg: Updates Debug Statements for Mem/Page.c"
  
  Change Details

  ...

v2023110012.0.0

What's Changed

• Create mocks for PlatformHookLib and PciLib @TsunFeng (#1094)
  
  Change Details

    ## Description

  Create mocks for PlatformHookLib and PciLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call PlatformHookLib and PciLib mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick][Rebase \& FF] UefiCpuPkg: Consume PcdCpuSmmApSyncTimeout2. @apop5 (#1097)
  
  Change Details

    ## Description

  In addition to what was said in the Cherry-Pick in #1096.

  It looks like Edk2 picked up these changes, reverted them, and then added them back because Ovmf packages had already started consuming them.

  The changes should not impact existing platforms, because the changes only modify PiSmmCpuDxeSmm.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Local CI.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick] UefiCpuPkg: Add PcdCpuSmmApSyncTimeout2 PCD @apop5 (#1096)
  
  Change Details

    ## Description Cherry-Picking PCD definition from edk2. This does not change the basecore functionality to consume this pcd.

  Provide the capability for platform to specifies the 2nd timeout value in microseconds for the BSP/AP in SMM to wait for one another to enter SMM.

  The added interface can enhance the flexibility of timeout configuration. In some cases, certain processors may not be able to enter SMI, and prolonged waiting could lead to kernel soft/hard lockup. We have now defined two timeouts. The first timeout can be set to a smaller value to reduce the waiting period. Processors that are unable to enter SMI will be woken up through SMIIPL to enter SMI, followed by a second waiting period. The second timeout can be set to a larger value to prevent delays in processors entering SMI case due to the long instruction execution.

  Cc: Ray Ni [email protected]
  Cc: Rahul Kumar [email protected]
  Cc: Gerd Hoffmann [email protected]

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Local CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [REBASE\&FF][CHERRY-PICK] ImageValidation: Add default configuration @Javagedes (#1104)
  
  Change Details

    Previously, ImageValidation was an "opt-in" plugin by setting a build variable `PE_VALIDATION_PATH`, however with this pull request, Image Validation will be on by default, with some default configuration that can be changed with a custom configuration yaml file.

  The default requirements are:

  1. All efi binaries must not be both write and execute
  2. All efi binaries must have an image base of 0x0
  3. All dxe phase binaries must be 4k section aligned, with the one exception of AARCH64 DXE_RUNTIME_DRIVERS, which must be 64k aligned.

  compiled binaries that need to be opted out of, can do so by adding an IGNORE_LIST in the configuration file

  {
    "IGNORE_LIST": ["Shell.efi", "etc"]
  }

  A cherry-pick of #1100 into release/202311

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Confirmed successful execution of the plugin on Windows with QemuQ35 and Ubuntu with QemuSbsa

  Integration Instructions

  Platforms that begin to fail this test will need to generate a configuration yaml file, and set a stuart build variable, PE_VALIDATION_PATH to it. It is suggested to do this in the Platform's PlatformBuild.py.

  The Correct Integration is to evaluate the binary and why it is not meeting the requirements. The platform can elect to update the compilation of the binary to meet the requirements, add or override validation rules for certain MODULE_TYPEs, or simply add the binary to the ignore list. Please review the Plugin's readme.md file for more details on doing any of these things.
  

  
  

  ---

  
  

• BaseTools/build\_rule.template: Set additional Rust module linker flags @makubacki (#1098)
  
  Change Details

    ## Description

  This change sets the ImageBase in the PE header for Rust modules to 0 so they do not have a preferred base. This is similar to the EFI images produced by the edk2 build system. The subsystem type is also set to efi_boot_service_driver instead of the default target specification value of EFI_APPLICATION. Details for changing the subsystem type are here:

  https://doc.rust-lang.org/nightly/rustc/platform-support/unknown-uefi.html#requirements

  Ideally, these values would be set as individual target.<triple>.rustflags in .cargo/config.toml. However, we override the /MAP argument using -C linker-args in build_rule.txt to the build output directory. This must be set dynamically since the output directory and module name are based on per module values.

  Since the cargo configuration file does not support reading environment variables and setting an environment there in a [env] section would be too late to impact the commands that run in build_rules.txt (cargo is called from cargo make based on those rules), this is the simplest approach to retain the map file path in addition to the new changes.

  In the future, this may be moved to a common target specification so the values are available without these changes.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Checked ImageBase and Subsystem of EFI images in output directory
    to confirm expected values.

  Integration Instructions

  This ...

v2023110011.0.0

What's Changed

• Create the Google Test mocks for SmmBase2 Protocol. @Eathonhsu (#1088)
  
  Change Details

    ## Description

  Add mock functions under MockSmmBase2 and Create Mock for SmmBase2 protocol.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol @TsunFeng (#1084)
  
  Change Details

    ## Description

  Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Create Mock for IsaHc protocol @TsunFeng (#1087)
  
  Change Details

    ## Description

  Create Mock for IsaHc protocol

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call IsaHc mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib @TsunFeng (#1078)
  
  Change Details

    ## Description

  Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib for Unit Test.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call this mock function success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [SQUASH ON REBASE] Revert "MdePkg/CompilerIntrinsicsLib: Add IntrinsicLib class and strcmp" @makubacki (#1086)
  
  Change Details

    ## Description

  The strcmp function was added to CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c in edk2 commit 46226fb. Therefore, ARM and AARCH64 modules can pick up the strcmp function needed to compile code from there without adding more functionality to CompilerIntrinsicsLib just for building third-party crypto code.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • CrytoBinPkg build of all architectures
  • Mu Basecore CI

  Integration Instructions

  • strcmp will no longer be provided in ArmCompilerIntrinsicsLib, use
    another implementation if needed. Marked potentially breaking for this reason.
    

  
  

  ---

• CryptoPkg: Updating Shared Crypto Bin to version 2023.12.2. @apop5 (#1075)
  
  Change Details

    ## Description

  Previous version v2023.11.3 did not contain PDB information, which was causing some problems in a platform which needed PDB information.

  v2023.12.1 includes PDB information.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Ran mu_tiano_platforms with changes and verified boot.

  Integration Instructions

  After this update, platforms are required to supply gEfiRngPpiGuid in the Pei phase, and gEfiRngProtocolGuid in the Dxe phase.
  Common implementations ar...

v2023110010.0.1

What's Changed

• Add deprecation warning support to OverrideValidation plugin @NishanthSanjeevi (#742)
  
  Change Details

    ## Description

  Added deprecation warning support to the existing Override validation plugin/tool.

  • Impacts functionality?
    • Functionality - All libraries/drivers that are no longer used should add a Deprecation warning
  • Impacts security?
    • Security - N/A
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior? No
  • Includes tests? No
  • Includes documentation? Added documentation for how to use the Deprecation warnings module

  How This Was Tested

  Added the Deprecation warnings to the INFs and a warning was thrown when a deprecated module was part of the DSC

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Update BaseCryptLib tests to reference the PCDs before running @kenlautner (#1034)
  
  Change Details

    ## Description

  The BaseCryptLibUnitTestApp tests the linked BaseCryptLib instance's crypto to make sure all functions are performing as expected. With the move to the Crypto binary and the BaseCryptLibOnProtocol instances we disable certain crypto functionality on purpose which causes the test to fail (and also the BaseCryptLibOnProtocol lib to assert). The changes made here use the already existing crypto PCDs to check if the tested cryptography is enabled with the current Crypto binary and if not to skip the test. This will allow the test to show if the enabled crypto is working correctly instead of failing for crypto we don't care about.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Qemu and intel physical platforms with various crypto binary layouts. The relevant tests pass and disabled crypto skips their tests. Furthermore when the PCDs are configured to run tests for crypto we don't support with the selected crypto binary, the test fails as expected.

  Integration Instructions

  N/A. Using the crypto binaries should automatically configure the correct PCDs and BaseCryptLib library for the test to work correctly.
  

  
  

  ---

  
  

• BaseTools/codeql: Update to CodeQL 2.18.1 @makubacki (#1072)
  
  Change Details

    ## Description

  Updates to the latest CodeQL version to resolve query dependencies.

  Currently, errors like this will be seen:

  Not using precompiled NoSpaceForZeroTerminator.qlx: This QLX (written by CodeQL 2.18.1) uses a primitive 'internSets', which this QL engine is too old to evaluate.
  

  This is related to a CodeQL release made a few hours ago:

  Release v2.18.1 · github/codeql-cli-binaries · GitHub

  ---

  2311 version of #1069

  ---

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • CI with CodeQL plugin enabled

  Integration Instructions

  • Verify queries being used are compatible with CodeQL 2.18.1
    

  
  

  ---

• Added MockUefiDevicePathLib. Added gBS\_AllocatePool under MockUefiBootServicesTableLib @v-bhavanisu (#1059)
  
  Change Details

    ## Description

  Added MockUefiDevicePathLib. Added gBS_AllocatePool under MockUefiBootServicesTableLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Included this change under a GoogleTest and build successful

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• MdePkg/MockUefiLib: Add EfiCreateProtocolNotifyEvent() @TsunFeng (#1055)
  
  Change Details

    ## Description

  Added mock functions on UefiLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call this mock function success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110010.0.0...v2023110010.0.1

v2023110010.0.0

What's Changed

• Revert `NO_ABSOLUTE_RELOCS_IN_TEXT` MU change for GCC @kuqin12 (#1040)
  
  Change Details

    ## Description

  This change is created to revert the commit of 57e8694.

  The original change was checked in the midst of other 202311 integration changes and now proven to be unnecessary.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  This was tested on MU tiano platforms repo and passed pipeline checks.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [Cherry-Pick] BaseTools/HostBasedUnitTestRunner: Promote Unittest error to CI fail. @apop5 (#1039)
  
  Change Details

    ## Description

  Some unit tests would fail to execute or execute and not produce any output logs. In these cases, the only output would be in the CI Log as UnitTest Execution Error.

  A UnitTest Execution Error should be considered the same as a unit tests test failing.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  On repo where hosted based unit test failed execution prior to generating test results, CI would pass and CI Log would show "Execution Error" for the unit test.

  After integrating this change, CI will fail with a unit test error.

  Integration Instructions

  For unit tests that are failing, each unit test will need to be examined and individually corrected.
  

  
  

  ---

  
  

Full Changelog: v2023110009.0.1...v2023110010.0.0

v2023110009.0.1

What's Changed

🔐 Security Impacting

• MdeModulePkg: Compatibility Mode: Only Remap System Memory Regions @os-d (#1030)
  
  Change Details

    ## Description

  When we enter memory protections compatibility mode, we attempt to disable null protection and remap 0 - 0xA0000 as RWX. This was done for x86 systems with broken shim/grubs on Linux that would attempt to use those regions. This resolved that issue and we could boot non-memory protection safe Linux images on x86 HW. However, this approach did not take into account systems that do not have that range marked as system memory, for example ARM64 systems do not have this requirement. As such, this would inappropriately map these regions as RWX when they were not system memory.

  This patch updates the remapping to only remap and disable null protection if these ranges are marked as system memory, otherwise it will leave them alone.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on an ARM64 platform that does not have 0 - 0xA0000 as system memory, as well as an X86 system that does have that range as system memory, booting a Linux image on both that forces us to enter compatibility mode.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2023110009.0.0...v2023110009.0.1

v2023110009.0.0

What's Changed

⚠️ Breaking Changes

• Host Based Unit Test updates @Javagedes (#837)
  
  Change Details

    ## Description

  Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.

  The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.

  Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• BaseTools/Plugin/RustEnvironmentCheck: Use pytools Rust helpers @makubacki (#1037)
  
  Change Details

    ## Description

  The plugin implementation has moved to edk2-pytool-extensions so it
  can be reused for plugins targeting different scenarios such as
  public/generic (this plugin) or custom internal environments that
  may need to add on additional functionality.

  This simplifies this plugin's implementation significantly.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Verified plugin still detects errors properly
  • Unit tests added in edk2-pytool-extensions

  Integration Instructions

  An id has been added to the plugin YAML file (rust-env-check). This
  retains the same scope as before (rust-ci) but allows a custom version
  of the plugin to override this version by specifying:

  • "id_override": "rust-env-check"

  In its YAML file. Otherwise, no integration work is needed.

  There is an example of code that sets id_override (via generated YAML) here for reference.

  edk2-pytool-extenions 0.27.10 is required this change to work due to the new functionality used in that release.
  

  
  

  ---

  
  

📖 Documentation Updates

• Host Based Unit Test updates @Javagedes (#837)
  
  Change Details

    ## Description

  Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.

  The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.

  Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
  

  
  

  ---

  
  

Full Changelog: v2023110008.1.1...v2023110009.0.0