Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GenFw: auto set nxcompat flag #456

Merged
merged 17 commits into from
Jun 15, 2023
Merged

GenFw: auto set nxcompat flag #456

merged 17 commits into from
Jun 15, 2023

Conversation

Javagedes
Copy link
Contributor

@Javagedes Javagedes commented Jun 14, 2023

Description

GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

  1. A 64 bit PE file
  2. Has 4K alignment or is evenly divisible by 4K
  3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

How This Was Tested

  1. Verified proper build on Windows and Fedora
  2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE removed from VS2022 X64 DLINK_FLAGS
  3. Verified nxcompat flags were properly set on binaries built with GCC5 and VS2022
  4. Verified MemoryProtectionTestApp.efi passes all Security.NxProtection tests on QemuQ35 and Sbsa VS2022 / GCC5
  5. Verified MemoryAttributeProtocolFuncTestApp.efi, DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

Integration Instructions

N/A

Javagedes and others added 2 commits June 14, 2023 08:14
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute
@Javagedes Javagedes self-assigned this Jun 14, 2023
@github-actions github-actions bot added the impact:security Has a security impact label Jun 14, 2023
@Javagedes
Copy link
Contributor Author

@apop5 I added the DLL characteristics as requested offline.

Javagedes and others added 5 commits June 14, 2023 13:32
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Javagedes and others added 3 commits June 14, 2023 14:24
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
@Javagedes Javagedes requested a review from makubacki June 14, 2023 22:40
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
@Javagedes Javagedes merged commit d6de782 into microsoft:release/202302 Jun 15, 2023
ProjectMuBot referenced this pull request in microsoft/mu_tiano_platforms Jun 17, 2023
Introduces 1049 new commits in [MU_BASECORE](https://github.com/microsoft/mu_basecore.git).

<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/microsoft/mu_basecore/commit/384dcfd6d2ff4bf727665b729a27fe9dc52b72c7">384dcf</a> Added definition of AMD specific public MSRs</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fc60628d08face82cb399681d1d4f009d7d47d1a">fc6062</a> Remove support for deprecated crypto from BaseCryptLib.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2cd8b0211d675b3b84294571200a14e04426b48f">2cd8b0</a> TCBZ2997: Use Non-Null CryptPkcs5Pbkdf2 for RuntimeCryptLib.inf</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e62a86e504d343aa638bccb3a39bb027009441c8">e62a86</a> TCBZ2424: Reconfigure OpensslLib to add elliptic curve chipher algorithms</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/1a84ddda36f21eca4ed2475450de4852794f7f3a">1a84dd</a> [Binary Crypto] The New BCOP in CryptoPkg (details below)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/92fde1c8fabbe4ba8c01619beda3a2bbf94faa38">92fde1</a> CryptoPkg: Add host-based unit testing</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ce99f24c5dbbd612a0a8f9cd390c47a43a90b05e">ce99f2</a> Add Libraries, Components, and UnitTests, and BugFixes to ShellPkg.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/30ace7b6ac271230c0c968771f671b14534c213d">30ace7</a> Make necessary changes to fix CoreBuild in new integration.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dac80fe5ce5ac997a605c59b4b411ba157f0c821">dac80f</a> TCBZ3232: Fix for exception on 0 length write</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ec4bdf71947d1fb1c8490719c24f5f8c281a96db">ec4bdf</a> Create the MMU access lib to abstract memory protection settings</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/66d11946b014a548ff7d32f8d7faa070653100f1">66d119</a> BaseTools: Update the path for the GccLto binaries to point to BaseTools</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e04a66d52e2b4e511d2befa1205fed389fd7d3a9">e04a66</a> Create a StandaloneMmCoreEntryNull to satisfy other archs</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/881c831082c1b2367ade5c4217d0177549b43958">881c83</a> MdeModulePkg: Swap to MmuLib instead of Arm-specific lib and Drop all remaining references to ArmPkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/54987dc8b1223377db2dada49ad32414d8a58465">54987d</a> StandaloneMmPkg: Switch to the MmuLib abstraction</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/30eba675d1ade2ad72d10d865076e94e2713f4e1">30eba6</a> Create PEI & DXE services for generalized policy management</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/58916d5380b73b9ff05242b23854f3491c1a62c7">58916d</a> Add VarPolicy to HDDP, MTC, and PcAtRealTimeClock. Add VarPolicy exception to PxeBcBoot.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e90740cec301bcb4fa1082176b82801022991b81">e90740</a> Add MemoryTypeInfoSecVarCheckLib to VariableStandaloneMm.inf</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/1df8cb90c4f506de13186b1ccf8c6d3a2a066005">1df8cb</a> Add Initial Memory Protection HOB Changes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/31113603ebc2b28895c46cb03f3caa47d5d627b3">311136</a> Add ExceptionPersistenceLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/728eb0e5cbbfe62dfe8a5fb348a3d3ab87c009bc">728eb0</a> Stack Cookie Changes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e984b26b7fec7dc971751bc767de9f3a96a788d5">e984b2</a> Update Memory Protection Initialization</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9b8e4807245d06b091a6ce69292ec1bb83eb9b5b">9b8e48</a> Add Memory Protection Special Region Support</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/66c6c8ad36b186aaf30bcc4a6f5954148f3c1433">66c6c8</a> Add NX Support</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a521e4f6d6c896d589269026c3e41b29b3c98682">a521e4</a> Add Memory Attribute Protocol</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0df0ccaa4c44ee623fc86c3905420c4152f3d11d">0df0cc</a> Clear Access Attributes Before Page Free</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/b57bda6429053db7faa41724360131aa2443f28e">b57bda</a> Add Memory Protection Debug Protocol</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/31b950d64de43bbd68c0367675f4dce99787d9d4">31b950</a> Add Memory Protection Nonstop Protocol</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/55b5c276e32f762ec970dd1c9683bff9476868f0">55b5c2</a> Add Memory Protection Support Host Based Test</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/00f90c1395d92532fd1058c85f2ebbe01f653d22">00f90c</a> Add CPU MP Debug Protocol</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7da1ca05826d013926e6f889e455afd0520bbe88">7da1ca</a> Secure MP Buffers</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/94dc3ac4ad6bf27e3c2af9257da19509dd6bf2cb">94dc3a</a> Add SEC and PEI MU Exception Handler</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8638429063138e3b7aba018c00887878312575ef">863842</a> Update X64 GCD Sync Verbosity</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/20b71a6f8ba349da8d7875bcd191df487c85ad44">20b71a</a> Update SetUefiImageMemoryAttributes() Verbosity</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2b8fbf27727ed723800e62a4a888e066c026ec4b">2b8fbf</a> Add a named event that is signalled when Snp->Initialize() is executed.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/721703b9c63b0f96be2efd161cebd8f5ef329edf">721703</a> ArpDriver: refetch Snp Mode data after running MnpConfigure</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/1d21291ebe6d64fbfc43881e22e6c46c37538614">1d2129</a> Add CredScan suppressions for test certs and examples</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d521a4a5870edd1cc7de5b229b81b84d6985cf5a">d521a4</a> NEEDTCBZ: Fix memory free bug in HmacTest</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/726cce6129d75d650020a52ea2579cc14aca22d3">726cce</a> Add x64 and VS2019 IA32 openssl native instructions to cryptopkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d405afeb650c5da55c6b4d4523a85e9ee0432c14">d405af</a> Basetool changes to make uncrustify work and increased DevicePath length to support more PCDs.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d95b26356c1a18758acb5325e27ab180c2cc440a">d95b26</a> Merged PR 4842: Added support for track tags that allows multiple tags pointing to one module</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e7e5067e114b6a72d9ac946a94729c8ccefecafe">e7e506</a> Merged PR 4819: [Rebase & FF] Decouple MM core mailbox data</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/596662325a2e3171ed308329dac942cacb88928f">596662</a> Reset USB port during enumeration if GetPortStatus returns device error (<a href="https://github.com/microsoft/mu_basecore/pull/101">#101</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/43e13bac3d94f2c92802c88511803770743b74e9">43e13b</a> MdePkg: SmmMemLib: Added New Interface for Communicate Buffer Validation</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8e8201e2e8c6de1d14fb046dd08a96f4780fc0f2">8e8201</a> StandaloneMmPkg: StandaloneMmMemLib: Communicate Buffer Validation Function</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2ee5b7fdad36d28dc6c49bac3319a2845625d1d0">2ee5b7</a> MdeModulePkg: VarCheckPolicyLib: Utilize communicate buffer validator</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8b8569eebdffd2f42c4fc191bffd07a105f18c7c">8b8569</a> REBASE: Revert "MdePkg: Added header file for Delayed Dispatch PPI"</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9f3e8b24004a790f0a4e3a9f0d7b3cc6e3ae273f">9f3e8b</a> [Binary Crypto] Remove the functions and macros from Crypto.c template</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d264c24ca12954441264639fa6dd6463b8e9a337">d264c2</a> [Binary Crypto] Update the generate_cryptodriver.py script for Uncrustify</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4ae00ba29effbfdaaa73aba89e524724b7f32ed7">4ae00b</a> [Binary Crypto] Update all CryptoBin packaging files for new release</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8427e3c714a5f1171525271debce0c99d46d034d">8427e3</a> Merged PR 4958: Add a flag to support applying Uncrustify in place</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c17db30b6143fbcd4c83b36148b120a8d8602a07">c17db3</a> Remove CpuBreakAssert for MSVC and Add CpuBreakAssert.nasm.  This will support GCC/CLANG tool chains for x86.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/030e75cbc3ee7ebc54f089dcffbfe5953642299c">030e75</a> TCBZ_3877: Clang toolchain found unused local in SmBiosMeasurementDxe</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e7a7c17b2c48c0652ec2d64324700e9628535572">e7a7c1</a> Switch from VS2019 to VS2022 and add ClangPDB to PR and CI gates</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/b19ebc92e96c079539779dfdedf1748c37308bf0">b19ebc</a> Log command flags stored in respfiles.txt</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/b48ca5aa760162ce5ae81f2a82a98470f8d09745">b48ca5</a> Merged PR 4947: Continue PEI dispatch loop if there are any outstanding DelayDispatch registr...</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c68f52bea3721691a1ee411c457e5f8d0e937920">c68f52</a> Merged PR 4946: Add ParallelLzmaDecompress</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6504c2f96b17a2d4076bc88e7e064e94752e156d">6504c2</a> Merged PR 4945: Add support for non-blocking AP dispatch in PEI.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/12ba1095f78595e61952f8120fbd033fe465bada">12ba10</a> Merged PR 5006: Implement verified policy library for policy service, add sample and tests</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d1530a0c97878b954ae9a6ee54dba60f9a060205">d1530a</a> Merged PR 5181: Change FirmwarePerformanceDxe.c EndofDxeEvent tpl to TPL_CALLBACK</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9641d1ca0017ea414890f6a3ec1c9d766a00c7ef">9641d1</a> Merged PR 5182: BmLoadOption.c: Move locking OptionName variable after calling SetVariable</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a509dc9db526f1da49849bb7f038338edbb4004a">a509dc</a> Merged PR 5107: Add support for Minimum Allocation constraint when calculating memory type info change</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/579a76150a3d1dc5e60a31ee82a72f710565f77e">579a76</a> Merged PR 5184: Add PolicyServicePkg to pipeline build</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/668d63471491b8440a12d529ed0220d1abd6f5d2">668d63</a> Merged PR 5187: Add ParallelLzmaCustomDecompress implementation to MdeModulePkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/40875b78e5a4a97a8cc641411c2fc98797ef7339">40875b</a> Add support for in-place updates of .inf files to OverrideValidation.py (<a href="https://github.com/microsoft/mu_basecore/pull/103">#103</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e7a4ce0b1c6ed1ccdaff42af09317d668c8d67a0">e7a4ce</a> Merged PR 5008: Initial implementation or code coverage on basecore unittests</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ebf80b7aaaf45ffad033aa242f177adf162ff9bf">ebf80b</a> [Cherry-Pick] MdeModulePkg: Add Variable Flash Info HOB</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9ae1c1d3a0bb5f21bda835fbd177b2c829645cf4">9ae1c1</a> Merged PR 5328: MdeModulePkg/HiiDatabaseDxe: Fix linker error</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a948eadc406e0ec349db5ed5ecf36b360e9b9045">a948ea</a> [TCBZ3925] Correct the implementation of Pkcs7Sign</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9814178d1b54327abee0fc199e8bf7f38a3a52a1">981417</a> Improve logging for Linux exceptions in unit tests</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/80e5eedb32976f2e559f7733ad166a0a12ce65ee">80e5ee</a> Add the UT_CLEANUP_ASSERT_* macros to UnitTestLib.h</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/70f0b41c66ce85fb2d89c0f33e116bc3b093fa97">70f0b4</a> Move MockUefiRuntimeServicesTableLib to its proper home</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9807ab9f7ef6a1f0ba6c977f6758a17e84e00b69">9807ab</a> Create a VarCheckPolicyLib for RuntimeDxe</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7fd28e7426e717cf9b690a79293f1bc15ef8a20a">7fd28e</a> Create a host-based stub for UefiLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8b09a51514a9b78d8c5705ca1fe2cfff016fc443">8b09a5</a> Create a host-based stub for HobLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/1e67e0691be192062bf11c0a9aae69797eee1ad6">1e67e0</a> Create a host-based mock for UefiBootServicesTableLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c6b6a547dc66abbee457f50917160fec8f5baad3">c6b6a5</a> Create a host-based implementation of RngLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3d8202f2efc56e7324a4a3d4c3d05bd67c3becef">3d8202</a> Create a host-based implementation of SynchronizationLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/385eea8774ec4765eb85f46655750a8ad4c1ac86">385eea</a> Create a host-based unit test for VariableDxe</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e472e5e743288e679184a97163197b6b94eba778">e472e5</a> Directly copy required files from SCT</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ad8e368d2e6983250a1a8cbbecee4ce249a999fd">ad8e36</a> Integrate SCT test cases into the host-based test</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/1dc35a0f1d14e4c418bfce119570a915f31b14c2">1dc35a</a> Allow simple delete when VarPol is disabled</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f43d29c4fb9e135924ec333625c91be49564101b">f43d29</a> Merged PR 5426: Install UFS Device Config Protocol before caching device config</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4eb232c6922c1b85eede6f75c714807583a757ce">4eb232</a> Initial draft of MEDIA_SANITIZE protocol with NVM Express Support (<a href="https://github.com/microsoft/mu_basecore/pull/107">#107</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/818ca9e14dbdd86a57bab5a255fa427a148dd9ab">818ca9</a> Image Validation Build Plugin</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7d231a68749f8906bc297f613a8577fa46a43921">7d231a</a> Merged PR 5474: Add code to block on AP execution if a task is in progress.</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2d01a2c05333e93a410083f54571bf3a8f0fcd92">2d01a2</a> Merged PR 5330: Introduce autogen verified policy and their accessors</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/68c544ef21d1793e74570ef46accd350cb811faf">68c544</a> MdePkg: PiStatusCode: Add TPM subclass definition to MdePkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e40d041a2a66b3c00a6795e3df4edb27b341bde2">e40d04</a> Protocol/VariablePolicy: Add more granular variable policy querying</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/65a05d604795d4261f4564a974de08d652af2a7b">65a05d</a> VariablePolicyLib: Add Variable Policy Info unit tests</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d50bb2a7d8d530f9741febaf97d054c4e0b00e93">d50bb2</a> renaming to match convention (<a href="https://github.com/microsoft/mu_basecore/pull/114">#114</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/14c423706fe22afd9a91c127a856bcb4bdd7fa8a">14c423</a> Add initial plugin</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f5165ab56445d6faf64cb28221735878d29a113c">f5165a</a> Restore TPL requirements for WaitForEvent()</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/822d50e6b1b44d71b279c394776891ba9e6b9a53">822d50</a> MdePkg/IndustryStandard: add definitions for ACPI MPAM table</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/65fc23d7f0219029ad4ed6ffcdf20d30c786519d">65fc23</a> REBASE: Fixed markdown lint errors in ReadMe.md for FMMT</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4debc5d11a8f2ab84793aece93813b4d1a771ca0">4debc5</a> REBASE: Updated UefiDevicePathLib to support PEIMs</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/29987744ef55bd8848f909b4672100f7c7b74da6">299877</a> Merged PR 6024: CodeQL Fixes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/b38b5b718e7dee2842100b339262753b23df0ed5">b38b5b</a> Merged PR 6113: Added debug messages and default values for env variables PRODUCT_NAME and BU...</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/811a5b2a7ba3888310458c6bd0d9ae82ac128bc0">811a5b</a> Fix line endings (LF to CRLF)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2fe0f021ae5f3366f5ce572364fe0c110b1bdd9a">2fe0f0</a> .pytool/LineEndingCheck.py: Add initial plugin</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/930742699e17a55afb701c7efc743c1ad73b54de">930742</a> CryptoPkg/OpensslLib: Update generated files for native X64</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0ccaa442daaf0d6a40a6be8376b38796c00f36c9">0ccaa4</a> Merged PR 6184: Added missing function definition in SecPeiCpuExceptionMu</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/69909c3a9fb4ca928803df927c8dd9b22397798d">69909c</a> MdeModulePkg: TerminalDxe: Extending the FIFO size</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f8ea8581a14cae7916cf480de6700e9e02fc596f">f8ea85</a> MdeModulePkg: TerminalDxe: Added a PCD to set the timer interval</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4baa087502bff94825e7ac9e81d933481dffd6c8">4baa08</a> Use Mu DevOps (<a href="https://github.com/microsoft/mu_basecore/pull/139">#139</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/85ccad8e6106dd3289e2979994895d8c23e2685a">85ccad</a> Fixing bug in GuidCheck plugin + cleanup (<a href="https://github.com/microsoft/mu_basecore/pull/147">#147</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ada470c4507cec718b80aed7a8ce9db8c05c68fb">ada470</a> Fix buffer overflow when merging guard pages in MergeMemoryMap (<a href="https://github.com/microsoft/mu_basecore/pull/126">#126</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6aca52a497c0a547c3059261e64a227b42ae78cf">6aca52</a> Add CodeQL support</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/41e5858e34f5568bec059086215615780ba6ba6e">41e585</a> .github/dependabot.yml: Enable dependabot (<a href="https://github.com/microsoft/mu_basecore/pull/169">#169</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fa8acc42a81ee600ca496ec9f03452260cfeba3a">fa8acc</a> UefiBootManagerLib: Update assert condition in BmFindBootOptionInVariable() (<a href="https://github.com/microsoft/mu_basecore/pull/182">#182</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/807ac25dd0617fde2024637bc34f37343ee516df">807ac2</a> Enable stale bot GitHub Action (<a href="https://github.com/microsoft/mu_basecore/pull/186">#186</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/73e9e9ec1ead7676b1c926e05be4468d4052538e">73e9e9</a> Enable Label Sync GitHub Action (<a href="https://github.com/microsoft/mu_basecore/pull/187">#187</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dbd6dbb6e5294854f75c491db28ab1845ed78107">dbd6db</a> Add support for HTTP error 429 (<a href="https://github.com/microsoft/mu_basecore/pull/190">#190</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9a7c8977e7427feea0e62559055571153ad60074">9a7c89</a> Repo File Sync: Synced file(s) with microsoft/mu_devops (<a href="https://github.com/microsoft/mu_basecore/pull/191">#191</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/76b86eae16c9485a132c074342bfe269fd7c35be">76b86e</a> Create memory bin override library to allow for more extensive platform customization  (<a href="https://github.com/microsoft/mu_basecore/pull/194">#194</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/21e980808ca90995d5fabf2034dff1d5cfb3192a">21e980</a> [Cherry-pick] MdeModulePkg: Add new Application/MpServicesTest application</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/cce7189be209b4eb3f6b5c5155a94f82d865fe5f">cce718</a> REBASE: MdeModulePkg: MpServicesTest: Fixing build breaks</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/eb49294d2bea6fc8abe2beddd6b072af517c1484">eb4929</a> Add logic for container build to Matrix-Build-Job.yml (<a href="https://github.com/microsoft/mu_basecore/pull/199">#199</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a30127207d61277339c2dd3093b71193ada908d4">a30127</a> Fix missing logs from GenMake.py (<a href="https://github.com/microsoft/mu_basecore/pull/195">#195</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/51bf586b6ec63391645859d3947405a5e676c5c1">51bf58</a> Add debug messages for DHCP state changes, Tftp progress, and PxeBc progress. (<a href="https://github.com/microsoft/mu_basecore/pull/188">#188</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/57f73253f53f8fdc0209662467e7aadd5810118f">57f732</a> .sync/workflows: Add file sync notice to some files (<a href="https://github.com/microsoft/mu_basecore/pull/67">#67</a>) (<a href="https://github.com/microsoft/mu_basecore/pull/202">#202</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/15d76820e8a415b6587c3a3a04668725146a0c56">15d768</a> Plugin/CodeQL: Skip CodeQlBuildPlugin if --skipbuild is given (<a href="https://github.com/microsoft/mu_basecore/pull/205">#205</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c8652d3696b2cb96c060ae0613f1919bac667206">c8652d</a> Plugin/CodeQL: Add an integration file (<a href="https://github.com/microsoft/mu_basecore/pull/206">#206</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9189c138767fe564136a9b0930048f69da5697bd">9189c1</a> Plugin/CodeQL: Add plugin advantages to readme</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c18f1bbe91f35397718b6d41b9d07cbe4a8610f7">c18f1b</a> Plugin/CodeQL: Add filtering support</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/85ad5d3db4b0fb75db01fd89eeee67303cdcb478">85ad5d</a> Improve log messages for DependencyCheck, UncrustifyCheck, and SpellCheck (<a href="https://github.com/microsoft/mu_basecore/pull/115">#115</a>) (<a href="https://github.com/microsoft/mu_basecore/pull/215">#215</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7ba3a804736c20edd3109ae64c0a42ecba9be0da">7ba3a8</a> HostUnitTestCompilerPlugin: enable single module build test execution (<a href="https://github.com/microsoft/mu_basecore/pull/219">#219</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c2d24138faa4c435e60c81fd371a0f78fd8bd2b4">c2d241</a> Add a PCD to allow the AP wakeup buffer to be reserved (<a href="https://github.com/microsoft/mu_basecore/pull/209">#209</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/51e1aef5fa84ca61f2785be6bac8473552c82591">51e1ae</a> Convert relevant files to CRLF</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c78e233a5943d6f3b97178a625ff40746d3e12b4">c78e23</a> BaseTools.ci.yaml: Exclude line ending check</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a2555f1ad5594c8f6f8179eb43e2fe353d559acd">a2555f</a> .pytool/Plugin/LineEndingCheck: Fix scanning and other changes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/21f9f1d13c1d712b21c1caf78608bc42f7834c2a">21f9f1</a> Add ability to request maintainer feedback in issues (<a href="https://github.com/microsoft/mu_basecore/pull/90">#90</a>) (<a href="https://github.com/microsoft/mu_basecore/pull/228">#228</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/bf1d10533589312cb37ce19489a68b20545eb941">bf1d10</a> Add scheduled maintenance workflow (<a href="https://github.com/microsoft/mu_basecore/pull/92">#92</a>) (<a href="https://github.com/microsoft/mu_basecore/pull/232">#232</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/44499d836783ec2f62b29350c3b4cc4c8b836c7e">44499d</a> Update edk2-pytool-library (<a href="https://github.com/microsoft/mu_basecore/pull/237">#237</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/69c9f03218857d3901374e64f7443405fe66e838">69c9f0</a> Enable Data Terminal Ready and Request to Send at the end of a Serial… (<a href="https://github.com/microsoft/mu_basecore/pull/168">#168</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/946e51b40c750d5a4c5ccbbb8b83fb185ece5ba3">946e51</a> Add extra RestoreTpl() call in DiskIo to maintain TPL raise/restore symmetry (<a href="https://github.com/microsoft/mu_basecore/pull/230">#230</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ff052f3084932db2036c52dc8105d4bb0915597b">ff052f</a> .azurepipelines: Add support for new artifacts_identifier param (<a href="https://github.com/microsoft/mu_basecore/pull/248">#248</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/de730f41ad7665e706e84a2f5ad736d040df69d2">de730f</a> [Cherry-pick] UnitTestFrameworkPkg: Add googletest submodule and GoogleTestLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/bdb36110e13633b0b821ffe012005af1aca5cdbc">bdb361</a> UnitTestFrameworkPkg: CI tweaks for Google Test changes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2990af78a945a2d1353a65c6a2557cc45aa5d101">2990af</a> Base.h: Ignore VA macro Mu change when host tests are enabled</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/26a8bd1615ecc6b48fa2ad72f970dfc491f804a1">26a8bd</a> Add CodeQL Stuart parameter to this repo (<a href="https://github.com/microsoft/mu_basecore/pull/251">#251</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4aa106d2f255b88d28e174ff307b277ee28b7a33">4aa106</a> Added check if requested overridevalidation file is not contained in a Package (<a href="https://github.com/microsoft/mu_basecore/pull/256">#256</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3c8294be98ac26203f7322fe10d5b71b562495f4">3c8294</a> Add varpolicy dynamic shell command (<a href="https://github.com/microsoft/mu_basecore/pull/254">#254</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/881e889d9dd10e94de9132b8b186970de166fa49">881e88</a> [Cherry-pick] CodeQL Fixes - Second Pass from 202202</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/da332b6d9fc5649edef73c06caf3eea6f188d638">da332b</a> Batch of CodeQL Fixes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/00c5f0c0f97dc394ffd4853f5f2858d2dd5d09b8">00c5f0</a> StandaloneMmPkg: Additional CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/262">#262</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3b23bd152084c2d81ad5aec7549f0022952710cb">3b23bd</a> UefiCpuPkg: Additional CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/263">#263</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/056060a651c7057d708a45d1e24399de991b1fd4">056060</a> MdePkg: Additional CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/266">#266</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e3795247d6148d2a703b936eb51807c05edadf6d">e37952</a> pip: Updated pip to latest</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8b97e864934c186d82e2077f7cf4d819ac85a4f6">8b97e8</a> NetworkPkg: Additional CodeQL Fixes (<a href="https://github.com/microsoft/mu_basecore/pull/261">#261</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f6bdadfd2604f18dbf0aa0b8eda323f02eb4442b">f6bdad</a> MdeModulePkg: Additional codeql fixes (<a href="https://github.com/microsoft/mu_basecore/pull/273">#273</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/09072d7e67ce205b91753b028c403ae4ff8d4b7e">09072d</a> Bugfix: Initialize EFI_STATUS in EfiBootManagerUpdateConsoleVariable() (<a href="https://github.com/microsoft/mu_basecore/pull/271">#271</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/54f849d78d191cba691a658b48c340439a94de8e">54f849</a> ShellPkg: Additional CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/268">#268</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0972b9611f852d7c8758ad0cc6defa990b121c50">0972b9</a> CryptoPkg: Additional CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/279">#279</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2387dfbf581b438b5b1de6db81e59e9ac2a39dfe">2387df</a> Allow PciBus to tolerate a CRS response by ignoring the device (<a href="https://github.com/microsoft/mu_basecore/pull/269">#269</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a4ce4e7a134d926c7afa3d948c12028126271058">a4ce4e</a> MdePkg/BaseMemoryLib: Prevent VS2022 (17.5) linker failure (<a href="https://github.com/microsoft/mu_basecore/pull/290">#290</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/726b94365e66298d619b4b2c25b8fada393aa9ee">726b94</a> IndustryStandard\IpmiNetFnSensorEvent.h: Added SetSensorThreshold and GetSensorThreshold commands (<a href="https://github.com/microsoft/mu_basecore/pull/288">#288</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c149fae5f0c2df42a030cc9c275382847e22fc81">c149fa</a> Ensure DevicePath is FilePath Prior to Accessing PathName (<a href="https://github.com/microsoft/mu_basecore/pull/292">#292</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ece1c6a4e44a0ae71a7dfde73ffc69a1464dd916">ece1c6</a> Updated openssl to 1.1.1t and updated the corresponding native instructions</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/da67fcd39f67764c6d48c2726f8c1a6c0ec60800">da67fc</a> CodeQlFilters.yml: Filter updates (<a href="https://github.com/microsoft/mu_basecore/pull/295">#295</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/22409a593142b1d5ecd22c6556a999c1dc8035a1">22409a</a> Remove MemoryAttributeProtocolFuncTestApp (<a href="https://github.com/microsoft/mu_basecore/pull/286">#286</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8c580d909d2cec8ec774d8229952f6c8c34b10b5">8c580d</a> NetworkPkg\Ip6Dxe and MdeModulePkg\Universal\SetupBrowserDxe: Fix Previous CodeQL fix (<a href="https://github.com/microsoft/mu_basecore/pull/296">#296</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/60ef03df242c931245cd52ffe0a0ba27b55b0a2a">60ef03</a> MicrocodeMeasurementDxe debug string correction (<a href="https://github.com/microsoft/mu_basecore/pull/303">#303</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0fb995ae92a10691c126f13e1611c4ae70c37993">0fb995</a> Update CodeQL CLI from 2.11.2 to 2.12.4 (<a href="https://github.com/microsoft/mu_basecore/pull/309">#309</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/cceeae31ac517ea3c0e1f628206e84e68a2b555b">cceeae</a> Saving unit test cache file to the path where user ran it from (<a href="https://github.com/microsoft/mu_basecore/pull/315">#315</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d859369961b4d2480e980f3cbc848d3f18df701a">d85936</a> NetworkPkg: More CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/317">#317</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/bf3dfbe03579a0977c0591026817bc85bdf7f816">bf3dfb</a> MdeModulePkg: More CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/319">#319</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/5b2d935a492f7af5755d79c6c74392f7d5031c16">5b2d93</a> MdePkg: More CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/318">#318</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a05d8195494cac891c0c2ac98a02f30a96b79733">a05d81</a> ShellPkg: More CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/321">#321</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/275df1dbf0020c756c5ac685b5f6fc819c1df4d4">275df1</a> Add Volatile Keyword to NVMe CQs and SQs (<a href="https://github.com/microsoft/mu_basecore/pull/326">#326</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6c781863092847e28c2253f6d33a59736465282f">6c7818</a> Adding support of building BaseTool for Windows ARM (<a href="https://github.com/microsoft/mu_basecore/pull/323">#323</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/98f66d7a490762d7b02afd4915c373181e1193a7">98f66d</a> CryptoPkg: More CodeQL fixes (<a href="https://github.com/microsoft/mu_basecore/pull/320">#320</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/87eb07d1accb480d51c75ea85e71d62f684c1803">87eb07</a> Use Ubuntu version 20.04 to build basetool to keep backwards compatibility (<a href="https://github.com/microsoft/mu_basecore/pull/331">#331</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/229be7c39be307cf2352419d48c3699ae824cae3">229be7</a> Introduce code coverage job for matrix build (<a href="https://github.com/microsoft/mu_basecore/pull/333">#333</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/97a968c65fa70db97a4dc968fbb34480af8e1a98">97a968</a> SetupBrowserDxe: Initialize the variable 'BrowserStorage' (<a href="https://github.com/microsoft/mu_basecore/pull/346">#346</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c787a50eb40fbdd4571ae0f50668519eb0d72fc7">c787a5</a> python: resolve parser deprecation warnings (<a href="https://github.com/microsoft/mu_basecore/pull/340">#340</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/72f032af3be2fca055e832b6d58826b78a9e419c">72f032</a> Add repo versioning details to readme</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/244f66ba4d34c5c0d098e7518d0df438da97392b">244f66</a> [CHERRY-PICK] UnitTestFrameworkPkg: Add subhook submodule required for gmock</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/5ddc59ae959d1005058fb69cef1c741706fdfde9">5ddc59</a> [CHERRY-PICK] .pytool/CISettings.py: Add subhook submodule</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/eaf0929ea5686f592bc4f0b2cede203c92755735">eaf092</a> [CHERRY-PICK] UnitTestFrameworkPkg:  Add gmock support to GoogleTestLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a43832bd163638ba04ac9ad588f0427989d29b81">a43832</a> [CHERRY-PICK] UnitTestFrameworkPkg/ReadMe.md: Add gmock documentation</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/579518b3eec3c4dc9125705f14cccafd3f0ff90f">579518</a> [CHERRY-PICK] MdePkg: Add gmock examples</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/338e5cedeeee103cb1b217e7aaaa224192b84766">338e5c</a> [CHERRY-PICK] MdeModulePkg/Library/UefiSortLib: Add GoogleTestLib example</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8e793676bc1be83ac85e6c8a11c58bc201bc06a1">8e7936</a> UnitTestFrameworkPkg: Fix markdownlint issues</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0d0165ca235006aa2662ebe72a9045beda3da695">0d0165</a> Infinite boot retries (<a href="https://github.com/microsoft/mu_basecore/pull/347">#347</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e3e520f1ff826ce3a87bb8b40f091aa5a002d39c">e3e520</a> Plugin/CodeQL: Linux fixes (<a href="https://github.com/microsoft/mu_basecore/pull/364">#364</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e34c9b56bc6e9b24de013486865cb55ab7c3dcfc">e34c9b</a> Additional CodeQL Fixes (<a href="https://github.com/microsoft/mu_basecore/pull/358">#358</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/26aaa6cc041af9853689e797060e5ae4c868010d">26aaa6</a> Adding base tool build for Linux ARM (<a href="https://github.com/microsoft/mu_basecore/pull/362">#362</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3c8d6c4ab7cdb4d9f66d3f9b629b2667387410dc">3c8d6c</a> Add Windows ARM 64-bit base tools (<a href="https://github.com/microsoft/mu_basecore/pull/376">#376</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/768fbda8c841bf97435b24cbea7d8effc47c87c3">768fbd</a> Mark NonDiscoverablePciDeviceIo Memory XP By Default (<a href="https://github.com/microsoft/mu_basecore/pull/374">#374</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dbd00955f1a8029b12cd70c0017622d39410a318">dbd009</a> [CHERRY-PICK] BaseTools/Plugin: Clarify code coverage failure message (<a href="https://github.com/microsoft/mu_basecore/pull/375">#375</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/555493781fa9b5df4a841a45366f3bec63e366be">555493</a> Updated Crypto Tests (<a href="https://github.com/microsoft/mu_basecore/pull/372">#372</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/174af8d89a032c5a076d0d798910f839b887b15f">174af8</a> Updating all binary releases (<a href="https://github.com/microsoft/mu_basecore/pull/379">#379</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/01e1083f8763273db0177af1c3110f0173cc4489">01e108</a> Edk2ToolsBuild.py: set arch to host arch if not specified on linux (<a href="https://github.com/microsoft/mu_basecore/pull/381">#381</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fc5f8a5d41f9d529e1e05c978a72d6d0763b3789">fc5f8a</a> REBASE: Start the readme for the integration</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3151bc4cb2cdab11a947e9f0eaec38413f9cc08d">3151bc</a> REBASE: Updated PcdCpuStackGuard references to PcdCpuSmmStackGuard references</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d68aedf7fb76faced89efc7bfd398a3b69fbe51f">d68aed</a> REBASE: Created new files integrating the upstream crypto changes</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/70e730c158e9a71415efba4cee7586830f85ed91">70e730</a> REBASE: Fix line endings for VariableServicesBBTests</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/30d66ef2ade18b41db3e9d20f259092b732a3a87">30d66e</a> REBASE: Uncrustified PiSmmCore</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d3229b9fb210c6eece770fa3272b09aae38af062">d3229b</a> REBASE: Fixed Markdown errors in new Readme.md file</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f3a0c02c636141fa03897db2354a0f6880cfd9cf">f3a0c0</a> REBASE: Added new extendwords for spellcheck and remove redundant library reference</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a5660336d97da393995780eab35832332dbb0de8">a56603</a> REBASE: Updated readme with changes for 202302</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3a80a0e0bea5d253eaae3393bfffd1fd64fe5d47">3a80a0</a> REBASE: Changed ArmPkg reference to instead point to BaseTools</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ccd4ebc215e35a9d5580ae5b9cc940785dbca102">ccd4eb</a> Repo File Sync: Always publish logs in CodeQL workflow, fix container safe dir, add issue assignment workflow (<a href="https://github.com/microsoft/mu_basecore/pull/383">#383</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4bc8bb7f209b53997ec184e89ebd562ee99ec953">4bc8bb</a> Fix dmpstore regressed during CodeQL changes (<a href="https://github.com/microsoft/mu_basecore/pull/382">#382</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/feb736194a45c188aa06f7e145dfdfddc776a862">feb736</a> MdeModulePkg/Core: Reduce stack cookie value verbosity (<a href="https://github.com/microsoft/mu_basecore/pull/384">#384</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fc449b7900e7e501a1c1d101cded9080ea8206c6">fc449b</a> Remove the ARM GCC compiler extdeps to use container GCC (<a href="https://github.com/microsoft/mu_basecore/pull/388">#388</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/081a36ca96d4d63e566f6df9ffbb6ce7531c1fc2">081a36</a> Fixing bug with newer versions of markdownlint (<a href="https://github.com/microsoft/mu_basecore/pull/389">#389</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4b8868ef3ec28d9781ce7f8dbd096bb720652db6">4b8868</a> Repo File Sync: Update CodeQL workflow trigger (<a href="https://github.com/microsoft/mu_basecore/pull/387">#387</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f7832954f7ab6281736b15515bae180c7edcd86b">f78329</a> Introduce Standalone MM Policy Service (<a href="https://github.com/microsoft/mu_basecore/pull/390">#390</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dc6c1f99c459dc4107bf51d307d3484f101a95fa">dc6c1f</a> Add basic wrappers to the Policy Library (<a href="https://github.com/microsoft/mu_basecore/pull/396">#396</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/714d41b7278194ace70026b5eb8c8bcce68da963">714d41</a> Stop USB enumeration in case a malformed descriptor is found (<a href="https://github.com/microsoft/mu_basecore/pull/410">#410</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/02fb2cf9bcce054f524fbb9f6ff51564b638c37f">02fb2c</a> pip: update edk2-pytool-extensions requirement from ~=0.23.0 to ~=0.23.2 (<a href="https://github.com/microsoft/mu_basecore/pull/397">#397</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/96ce3ea047ae8a03bc1afeb4fa412c7f2747d09d">96ce3e</a> pip: bump edk2-basetools from 0.1.45 to 0.1.48 (<a href="https://github.com/microsoft/mu_basecore/pull/401">#401</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ca441a415abe9845ad07967d3bf8442a5d812fea">ca441a</a> Create Github Workflow to publish basetools on release (<a href="https://github.com/microsoft/mu_basecore/pull/385">#385</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/9e18e136316c9e40ddba40f9d76e09ccfb75df10">9e18e1</a> Additional CodeQL Fixes (<a href="https://github.com/microsoft/mu_basecore/pull/400">#400</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/811b93287ea42377e2c54fba65a41728068a364e">811b93</a> pip: update edk2-pytool-library requirement from ~=0.14.1 to ~=0.15.0 (<a href="https://github.com/microsoft/mu_basecore/pull/405">#405</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/53baca9a93bdf6adfc38ee64860dddec22ea245a">53baca</a> pip: bump antlr4-python3-runtime from 4.12.0 to 4.13.0 (<a href="https://github.com/microsoft/mu_basecore/pull/408">#408</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/52b17944c4f5ff590e8657e807208011b390cfb1">52b179</a> pip: update edk2-pytool-extensions requirement from ~=0.23.2 to ~=0.23.3 (<a href="https://github.com/microsoft/mu_basecore/pull/406">#406</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0f68c4a01cd10f35f1af98a6cc761973479bef9a">0f68c4</a> Fix some miscellaneous issues in cryptopkg. (<a href="https://github.com/microsoft/mu_basecore/pull/407">#407</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7c84dcdde1183e515bcece3da91fba1973f0ce2c">7c84dc</a> CHERRY-PICK: Add a pull request build for basetools pipeline and directory changes… (<a href="https://github.com/microsoft/mu_basecore/pull/416">#416</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0fd1faf1db17c78922d50103cbd11f96e505e97d">0fd1fa</a> Repo File Sync: synced file(s) with microsoft/mu_devops (<a href="https://github.com/microsoft/mu_basecore/pull/415">#415</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/584076aea202c2f749a52a27ac2b08e17197cde5">584076</a> REBASE: Re-remove the codeql workflow (<a href="https://github.com/microsoft/mu_basecore/pull/417">#417</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/5e80f0883234c4882b2cf2f8af9ca64cef22558a">5e80f0</a> Add support for IAD-style USB input devices in ConPlatform (<a href="https://github.com/microsoft/mu_basecore/pull/420">#420</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ddb306e99aa5909c4e9b55ac29a553d4fcc3b75e">ddb306</a> Enable crypto binaries for 202302 (<a href="https://github.com/microsoft/mu_basecore/pull/419">#419</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8d2d00d20e291606d8005a33c098fce7dc91f677">8d2d00</a> Repo File Sync: Update to Mu DevOps 3.0.0 and Ubuntu 22 container (<a href="https://github.com/microsoft/mu_basecore/pull/421">#421</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6b2ec70aeb5ab439a4aa24df6d0c2dec72b46648">6b2ec7</a> Explicitly make Linux binaries executable and create Basetools tar file. (<a href="https://github.com/microsoft/mu_basecore/pull/427">#427</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/67f186207eec041b5765e024898a6d8d5db6b789">67f186</a> Update basetools for 202302 using the github release. (<a href="https://github.com/microsoft/mu_basecore/pull/418">#418</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/ace9c9886a9d78e800af8161d133e422917f1f3d">ace9c9</a> CryptoPkg: remove unnecessary auto gen MODULE_TYPE (<a href="https://github.com/microsoft/mu_basecore/pull/428">#428</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/62ed1c37b26531eba1ed83ae5700cea72025ad1d">62ed1c</a> Repo File Sync: synced file(s) with microsoft/mu_devops (<a href="https://github.com/microsoft/mu_basecore/pull/431">#431</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dd6eae6c8e3af107d974dfd954b1bc07afc9d4aa">dd6eae</a> Onboarding ARM64 builds on selfhosted Azure pipeline agents (<a href="https://github.com/microsoft/mu_basecore/pull/404">#404</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4ccdca80b163feac4311c100efe008eaebf975b7">4ccdca</a> Remove passing print from Char Encoding Check Plugin (<a href="https://github.com/microsoft/mu_basecore/pull/435">#435</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/a79f06706f7c65cc07e5ddaf625ca88a32379380">a79f06</a> Integrate PrEval Policy 5 (<a href="https://github.com/microsoft/mu_basecore/pull/423">#423</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/e0df06af8d988c46a0a9b911544bd7101708ad87">e0df06</a> Repo File Sync: Update Dependabot PIP schedule from daily to weekly (<a href="https://github.com/microsoft/mu_basecore/pull/437">#437</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7d3f1a1b02f05407bd4f298ec92340209196a182">7d3f1a</a> pip: bump edk2-basetools from 0.1.48 to 0.1.49 (<a href="https://github.com/microsoft/mu_basecore/pull/438">#438</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/943be637228acc66dbfecb534356ce05697dfb80">943be6</a> Introduce notification callbacks for the Policy Service (<a href="https://github.com/microsoft/mu_basecore/pull/433">#433</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0fedcc39a597b0e4f529ee9beb96451b6a430f64">0fedcc</a> CodeQL Fix: Add NULL Check to Generated Filename in UnitTestPersistLibSfs (<a href="https://github.com/microsoft/mu_basecore/pull/424">#424</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d79126e3fde5718afc821cffd20cfb0228e503e9">d79126</a> Don't Create Variable Policy for PlatformRecovery#### if SetVariable Failed (<a href="https://github.com/microsoft/mu_basecore/pull/440">#440</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/38f087258bca9656ba88886d620d22e07a1fd210">38f087</a> pip: update edk2-pytool-library requirement from ~=0.15.0 to ~=0.15.2 (<a href="https://github.com/microsoft/mu_basecore/pull/430">#430</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/2d6394b1ddf6690c1b4eb7f1144ca394a7a88287">2d6394</a> Removing ARM based tests as this is not supported yet (<a href="https://github.com/microsoft/mu_basecore/pull/443">#443</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/443760304f7c07f6b4e9706b6777a30f78621118">443760</a> pip: update edk2-pytool-extensions requirement from ~=0.23.4 to ~=0.23.5 (<a href="https://github.com/microsoft/mu_basecore/pull/439">#439</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dda5476dac2810e28767e6b3034764b376e18492">dda547</a> [CHERRY-PICK] MdeModulePkg/UefiBootManagerLib: Skip con var update if no change (<a href="https://github.com/microsoft/mu_basecore/pull/445">#445</a>) (<a href="https://github.com/microsoft/mu_basecore/pull/447">#447</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/064793f367c4d86ee2d101d51cdd9c8f1f7c9ed4">064793</a> Updated Crypto driver to use the newly generated binaries (<a href="https://github.com/microsoft/mu_basecore/pull/432">#432</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d99824ac79e3b29557027c63498514a39c7d36a9">d99824</a> UefiDevicePathLib: remove PEIM support (<a href="https://github.com/microsoft/mu_basecore/pull/449">#449</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/0febecb3698afbaab0c8d79b861d72a6fb170140">0febec</a> Repo File Sync: Update ubuntu-22-build container image to bc713a5 (<a href="https://github.com/microsoft/mu_basecore/pull/448">#448</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/7951ca0aea904013c63ae47bc90460c258b99089">7951ca</a> Initialize Status Variable on Failure Path in LoadUnitTestCache() (<a href="https://github.com/microsoft/mu_basecore/pull/453">#453</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/8c81dc20e0a4d44b165cd2e1a913cd22e4b8bd21">8c81dc</a> OverrideValidation: Update logging levels (<a href="https://github.com/microsoft/mu_basecore/pull/450">#450</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/5e1cc097c9bbee55fe2c77d5df598029b8640c4f">5e1cc0</a> pip: update edk2-pytool-library requirement from ~=0.15.2 to ~=0.15.3 (<a href="https://github.com/microsoft/mu_basecore/pull/455">#455</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c637d73b1fd1d17740c7f711a7cc255c5c619fbe">c637d7</a> pip: update edk2-pytool-extensions requirement from ~=0.23.5 to ~=0.23.6 (<a href="https://github.com/microsoft/mu_basecore/pull/454">#454</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/df732debeabf5b5896874230c45fae59a242892b">df732d</a> BaseTools: Detect invalid library override (<a href="https://github.com/microsoft/mu_basecore/pull/452">#452</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d6de782efd9f9076d592801318d6e1f668eb6ea5">d6de78</a> GenFw: auto set nxcompat flag (<a href="https://github.com/microsoft/mu_basecore/pull/456">#456</a>)</li>
</ul>
</details>

Signed-off-by: Project Mu Bot <mubot@microsoft.com>
kenlautner pushed a commit to kenlautner/mu_basecore that referenced this pull request Jul 13, 2023
## Description

GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

## How This Was Tested

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

## Integration Instructions

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 17, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 17, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 18, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 18, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 19, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 20, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
kenlautner pushed a commit that referenced this pull request Oct 23, 2023
GenFw will now automatically set the nxcompat if the PE file meets the
requirements. Those requirements are:

1. A 64 bit PE file
2. Has 4K alignment or is evenly divisible by 4K
3. No section has both Write and Execute

This fixup takes place inside the main function, scoped to only when the
PE's OptionalHeader's Magic is EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

1. Verified proper build on Windows and Fedora
2. Verified proper build on Windows with /NXCOMPAT and SUBSYSTEM:CONSOLE
removed from VS2022 X64 DLINK_FLAGS
1. Verified nxcompat flags were properly set on binaries built with GCC5
and VS2022
2. Verified MemoryProtectionTestApp.efi passes all
`Security.NxProtection` tests on QemuQ35 and Sbsa VS2022 / GCC5
3. Verified MemoryAttributeProtocolFuncTestApp.efi,
DxePagingAuditTestApp.efi pass on QemuQ35 VS2022 / GCC5

N/A

---------

Signed-off-by: Joey Vagedes <joey.vagedes@gmail.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
impact:security Has a security impact
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants