29 Jul 22:15

github-actions

7a2272c

v2023110010.0.1

What's Changed

Add deprecation warning support to OverrideValidation plugin @NishanthSanjeevi (#742)
Change Details
## Description
Added deprecation warning support to the existing Override validation plugin/tool.
- Impacts functionality?
  - Functionality - All libraries/drivers that are no longer used should add a Deprecation warning
- Impacts security?
  - Security - N/A
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior? No
- Includes tests? No
- Includes documentation? Added documentation for how to use the Deprecation warnings module
How This Was Tested

Added the Deprecation warnings to the INFs and a warning was thrown when a deprecated module was part of the DSC

Integration Instructions

N/A

Update BaseCryptLib tests to reference the PCDs before running @kenlautner (#1034)
Change Details
## Description
The BaseCryptLibUnitTestApp tests the linked BaseCryptLib instance's crypto to make sure all functions are performing as expected. With the move to the Crypto binary and the BaseCryptLibOnProtocol instances we disable certain crypto functionality on purpose which causes the test to fail (and also the BaseCryptLibOnProtocol lib to assert). The changes made here use the already existing crypto PCDs to check if the tested cryptography is enabled with the current Crypto binary and if not to skip the test. This will allow the test to show if the enabled crypto is working correctly instead of failing for crypto we don't care about.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested on Qemu and intel physical platforms with various crypto binary layouts. The relevant tests pass and disabled crypto skips their tests. Furthermore when the PCDs are configured to run tests for crypto we don't support with the selected crypto binary, the test fails as expected.

Integration Instructions

N/A. Using the crypto binaries should automatically configure the correct PCDs and BaseCryptLib library for the test to work correctly.

BaseTools/codeql: Update to CodeQL 2.18.1 @makubacki (#1072)
Change Details
## Description
Updates to the latest CodeQL version to resolve query dependencies.

Currently, errors like this will be seen:
```
Not using precompiled NoSpaceForZeroTerminator.qlx: This QLX (written by CodeQL 2.18.1) uses a primitive 'internSets', which this QL engine is too old to evaluate.
```
This is related to a CodeQL release made a few hours ago:

Release v2.18.1 · github/codeql-cli-binaries · GitHub

2311 version of #1069
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested
- CI with CodeQL plugin enabled
Integration Instructions
- Verify queries being used are compatible with CodeQL 2.18.1

Added MockUefiDevicePathLib. Added gBS\_AllocatePool under MockUefiBootServicesTableLib @v-bhavanisu (#1059)
Change Details
## Description
Added MockUefiDevicePathLib. Added gBS_AllocatePool under MockUefiBootServicesTableLib
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Included this change under a GoogleTest and build successful

Integration Instructions

N/A

MdePkg/MockUefiLib: Add EfiCreateProtocolNotifyEvent() @TsunFeng (#1055)
Change Details
## Description
Added mock functions on UefiLib
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Unit tests component can call this mock function success

Integration Instructions

N/A

Full Changelog: v2023110010.0.0...v2023110010.0.1

Contributors

makubacki, NishanthSanjeevi, and 3 other contributors

Assets 4

13 Jul 18:38

github-actions

v2023110009.0.1

1cbfaf1

v2023110009.0.1

What's Changed

🔐 Security Impacting

MdeModulePkg: Compatibility Mode: Only Remap System Memory Regions @os-d (#1030)
Change Details
## Description
When we enter memory protections compatibility mode, we attempt to disable null protection and remap 0 - 0xA0000 as RWX. This was done for x86 systems with broken shim/grubs on Linux that would attempt to use those regions. This resolved that issue and we could boot non-memory protection safe Linux images on x86 HW. However, this approach did not take into account systems that do not have that range marked as system memory, for example ARM64 systems do not have this requirement. As such, this would inappropriately map these regions as RWX when they were not system memory.

This patch updates the remapping to only remap and disable null protection if these ranges are marked as system memory, otherwise it will leave them alone.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested on an ARM64 platform that does not have 0 - 0xA0000 as system memory, as well as an X86 system that does have that range as system memory, booting a Linux image on both that forces us to enter compatibility mode.

Integration Instructions

N/A.
```
  </blockquote>
  <hr>
</details>
```

Full Changelog: v2023110009.0.0...v2023110009.0.1

Contributors

os-d

Assets 4

27 Jun 21:38

github-actions

v2023110008.1.1

884e654

v2023110008.1.1

What's Changed

Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE \& FF] @v-bhavanisu (#931)
Change Details
Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE & FF]
Preface

Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Included the mock functions on GoogleTests for the appropriate libraries under x86 and ensured build successful

Integration Instructions

N/A

Change CpuDeadLoops to panic calls in PiSmmCpuDxeSmm.c @kenlautner (#892)
Change Details
## Description
Changes the newly added CpuDeadLoops in PiSmmCpuDxeSmm.c into PANIC calls to give more information on issues that are hit instead of hanging the system.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

N/A

Integration Instructions

N/A

[CHERRY-PICK] UefiCpuPkg:fix issue when splitting paging entry @kenlautner (#909)
Change Details
## Description
This patch is to fix issue when splitting leaf paging entry in CpuPageTableLib code.

In previous code, before we assign the new child paging structure address to the content of splitted paging entry, PageTableLibSetPnle() is called to make sure the bit7 is set to 0, which indicate the previous leaf entry is changed to non-leaf entry now. There is a gap between we change the bit7 and we assign the new child paging structure address to the content of the splitted paging entry. If the address of code execution or data access happens to be in the range covered by the splitted paging entry, this gap may cause issue.

In this patch, we prepare the new paging entry content value in a local variable and assign the value to the splitted paging entry at once. The volatile keyword is used to ensure that no optimization will occur in compilation.

Reviewed-by: Ray Ni ray.ni@intel.com
Cc: Rahul Kumar rahul1.kumar@intel.com
Cc: Gerd Hoffmann kraxel@redhat.com
Reviewed-by: Jiaxin Wu jiaxin.wu@intel.com
Cc: Zhou Jianfeng jianfeng.zhou@intel.com

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested on Intel physical platforms that were hitting a paging split issue and ones that weren't having any problems. With this fix both platforms are able to boot correctly.

Integration Instructions

N/A

BaseTools/Plugin/HostBasedUnitTestRunner: Fix invalid escape in HostBasedUnitTest.py @antklein (#899)
Change Details
## Description
Fix invalid escape sequence in BaseTools/Plugin/HostBasedUnitTestRunner/HostBasedUnitTestRunner.py. These warnings are exposed by Python 3.12.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Validated no functional changes to HostBasedUnitTestRunner.

Integration Instructions

N/A

🐛 Bug Fixes

[CHERRY-PICK] [Release/202311] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#891)
Change Details
# Preface
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610

Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).

This works fine if you're linking a program manually using
```
gcc a.o b.o c.o -o test_suite
```
but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for obj...

Contributors

Flickdm, antklein, and 2 other contributors

Assets 4

16 Jul 20:38

github-actions

v2023020017.0.0

093cb0e

v2023020017.0.0

What's Changed

MuCodeQlQueries.qls: Pin to the 0.9.12 codeq/cpp-queries pack @makubacki (#883)
Change Details
## Description
The codeql/cpp-queries pack used in MuCodeQlQueries.qls was versioned
0.9.12 for the CodeQL CLI v2.17.3 release currently used.

https://github.com/github/codeql/blob/codeql-cli/v2.17.3/cpp/ql/src/qlpack.yml

This change pins that pack version to prevent the CodeQL CLI and
pack from getting out of sync until explicitly updated.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified the CodeQL query pack version listed is pulled.
Integration Instructions
- N/A - No change to queries used. Should prevent breaks in the future where
  the latest queries are no longer compatible with the current CodeQL CLI used.

⚠️ Breaking Changes

[REVERT] [CHERRY-PICK] Reverts previous commit to update to 2023.2.16, moves to 2023.2.15, corrects extdep, removes duplicate files @Flickdm (#913)
Change Details
## Description
An incorrect assumption was made that the INF's need to be removed from the CryptoPkgDriver because the MU_BASECORE already had duplicate entries and this aligned with previous releases (Now unlisted 2023.2.16). This goes back to the working release (2023.2.15) and updates the extdep accordingly. Further additional (potentially breaking) changes were required to be made to get the crypto package working. See commit 5efeb20

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Simplifies RNG Support expected of platforms
  - platforms integrating the binaries may have very different levels of support for random number generation,
  - allow the platform to provide a RNG service for PEI and DXE.
- Impacts security?
- Breaking change?
  - Platforms are expected to provide a source for RNG
    
    See [this change]
    (microsoft/mu_crypto_release@68c7e29)
  - Platforms that have a direct dependency on CryptoPkg should now use $(SHARED_CRYPTO_PATH)
  !include $(SHARED_CRYPTO_PATH)/Driver/Bin/CryptoDriver.inc.dsc
- Includes tests?
- Includes documentation?
How This Was Tested

Built on multiple Release/202302 based platforms
Booted to Shell

Integration Instructions

Platforms are expected to provide a source for RNG [this change]
(microsoft/mu_crypto_release@68c7e29)

MU_TIANO_PLATFORMS may be used as an example

Update Crypto Driver to 2023.2.16 for RNG Services @Flickdm (#910)
Change Details
# Preface
This updates the crypto driver to simplify RNG support and allows for a platform to provide a RNG service for PEI and DXE.

The crypto binary (2023.2.15) was built at this commit
microsoft/mu_crypto_release@c978485

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Simplifies RNG Support expected of platforms
  - platforms integrating the binaries may have very different levels of support for random number generation,
  - allow the platform to provide a RNG service for PEI and DXE.
- Impacts security?
- Breaking change?
  - Platforms are expected to provide a source for RNG
    
    See this change
- Includes tests?
- Includes documentation?
How This Was Tested

✔️ Built locally
✔️ Built against Pipelines
✔️ Booted to shell
✔️ Booted to frontpage on a system with rdrand disabled

Integration Instructions
- Read the readme update made in this change in the
  "Dependencies Built into Shared Crypto" section.
  </blockquote> <hr>

🚀 Features & ✨ Enhancements

[CHERRY-PICK] Add RNG PPI Support [Rebase \& FF] @makubacki (#888)
Change Details
## Description
MdePkg: Add Random Number Generator (RNG) PPI

Adds a new PPI that serves the same purpose as EFI_RNG_PROTOCOL in
DXE. This PPI can be produced by a PEIM to provide a dynamic interface
to RNG services in PEI.

This PPI is called EFI_RNG_PPI because it shares the exact same
interface with EFI_RNG_PROTOCOL which is described in the UEFI
Speficiation.

MdePkg: Add PeiRngLib

Adds a new PEI library instance for RngLib that uses the RNG services
provided by the RNG PPI.

This library instance will add a DEPEX on gEfiRngPpiGuid on modules
it links against. It can be used to allow PEIMs to get RNG support
over a dynamic interface.

(cherry picked from mu_basecore/release/202311)
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- MdePkg CI
- Verify the RNG PPI can be successfully produced and consumed
Integration Instructions

If a platform needs to share RNG support across a dynamic interface
between PEIMs, the RNG PPI can be used. PeiRngLib provides a RngLib
instance that use the RNG PPI. It will include a dependency on gEfiRngPpiGuid.

🐛 Bug Fixes

[CHERRY-PICK] Set EFI\_MEMORY\_SP as System Memory @makubacki (#920)
Change Details
## Description
Cherry picks 9051d2e from release/202311.

When supplying DxeCore with a resource descriptor HOB, a platform can choose which memory type to specify. For EFI_MEMORY_SP resource descriptor HOBs, instead of blindly setting GcdReserved as the memory type, respect what the resource descriptor HOB specified. Closes #884.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...
How This Was Tested

Tested on virtual platforms with CXL memory attached.

Integration Instructions

N/A.

[CHERRY-PICK] [Release/202302] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#893)
Change Details
# Preface REF: https://github.com//pull/891 - Dropping GOOGLETEST_HOST_UNIT_BUILD option as release/202302 does not have any expectation to support it.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610

Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).

This works fine if you're linking a program manually using
```
gcc a.o b.o c.o -o test_suite
```
but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for object files to be pulled in to the link if there isn't an undefined symbol reference to that .o elsewhere.

Fix it by passing --whole-archive (GCC) and /WHOLEARCHIVE (MSVC). These options force the linker to pull in the entire s...

Contributors

Flickdm and makubacki

Assets 4

06 Jun 18:54

github-actions

v2023110008.1.0

4298c31

v2023110008.1.0

What's Changed

[Rebase \& FF] Adding support for CLANGPDB build @kuqin12 (#848)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

This change added the tools_def section for building AARCH64 target with CLANGPDB.

A few assembly files are fixed up to remove unsupported directives.

Lastly, an issue of uninitialized variable that might be used is fixed from DevicesPathLib.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

This change is tested on QEMU SBSA platform and booted to UEFI shell.

Integration Instructions

Platforms that would like to build with CLANGPDB should specify TOOL_CHAIN_TAG=CLANGPDB to build with CLANGPDB.
```
  </blockquote>
  <hr>
</details>
```

[CHERRY-PICK] Pull in fixes in UefiCpuPkg where we can dereference a NULL pointer for mCpuHotPlugData.SmBase @kenlautner (#887)
Change Details
## Description
Cherry-pick the following two commits that fix some issues with previously cherry-picked UefiCpuPkg commits. This mainly fixes a NULL dereference bug.

tianocore/edk2@72c441d
tianocore/edk2@edc6681

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested on Smm based intel physical platforms.

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

Added MockPciIoProtocol and MockLocalApicLib @v-bhavanisu (#890)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

Added MockPciIoProtocol and MockLocalApicLib to be used in GoogleTests

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Integrated these into Intel Gen 11 for a GoogleTest and ensured no build errors

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

MuCodeQlQueries.qls: Pin to the 0.9.12 codeq/cpp-queries pack @makubacki (#882)
Change Details
## Description
The codeql/cpp-queries pack used in MuCodeQlQueries.qls was versioned
0.9.12 for the CodeQL CLI v2.17.3 release currently used.

https://github.com/github/codeql/blob/codeql-cli/v2.17.3/cpp/ql/src/qlpack.yml

This change pins that pack version to prevent the CodeQL CLI and
pack from getting out of sync until explicitly updated.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified the CodeQL query pack version listed is pulled.
Integration Instructions
- N/A - No change to queries used. Should prevent breaks in the future where
  the latest queries are no longer compatible with the current CodeQL CLI used.

🚀 Features & ✨ Enhancements

Add RNG PPI Support @makubacki (#881)
Change Details
## Description
MdePkg: Add Random Number Generator (RNG) PPI

Adds a new PPI that serves the same purpose as EFI_RNG_PROTOCOL in
DXE. This PPI can be produced by a PEIM to provide a dynamic interface
to RNG services in PEI.

This PPI is called EFI_RNG_PPI because it shares the exact same
interface with EFI_RNG_PROTOCOL which is described in the UEFI
Speficiation.

MdePkg: Add PeiRngLib

Adds a new PEI library instance for RngLib that uses the RNG services
provided by the RNG PPI.

This library instance will add a DEPEX on gEfiRngPpiGuid on modules
it links against. It can be used to allow PEIMs to get RNG support
over a dynamic interface.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- MdePkg CI
- Verify the RNG PPI can be successfully produced and consumed
Integration Instructions

If a platform needs to share RNG support across a dynamic interface
between PEIMs, the RNG PPI can be used. PeiRngLib provides a RngLib
instance that use the RNG PPI. It will include a dependency on gEfiRngPpiGuid.

🐛 Bug Fixes

Set EFI\_MEMORY\_SP as System Memory @os-d (#886)
Change Details
## Description
When supplying DxeCore with a resource descriptor HOB, a platform can choose which memory type to specify. For EFI_MEMORY_SP resource descriptor HOBs, instead of blindly setting GcdReserved as the memory type, respect what the resource descriptor HOB specified. Closes #884.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples:...

Contributors

makubacki, os-d, and 3 other contributors

Assets 4

24 May 00:55

github-actions

v2023020016.1.1

3ba6589

v2023020016.1.1

What's Changed

🔐 Security Impacting

Supports ARM Platforms without needing to disable PcdEnforceSecureRngAlgorithms @Flickdm (#855)
Change Details
## Description
This adds two additional options for "Secure RNG Algorithms"
```
 &gEfiRngAlgorithmArmRndr,           // unspecified SP800-90A DRBG via ARM RNDR register
 &gEfiRngAlgorithmRaw                  // Raw data from a NRBG (or a TRNG)
```
gEfiRngAlgorithmRaw takes data from the Hardware or CPU instruction
gEfiRngAlgorithmArmRndr is a newly proposed (and accepted) Guid that gets a "unspecified" SP800-90A algorithm from the CPU
- Impacts functionality?
  - Adds two new acceptable algorithms to NetworkPkg Secure list
- Impacts security?
  - Allows for additional ARM specific algorithm and RAW
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

Tested on ARM platform

Integration Instructions

N/A

Full Changelog: v2023020016.1.0...v2023020016.1.1

Contributors

Flickdm

Assets 4

Releases: microsoft/mu_basecore

v2023110011.0.0

What's Changed

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

⚠️ Breaking Changes

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

Contributors

v2023110010.0.1

What's Changed

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

Contributors

v2023110010.0.0

What's Changed

How This Was Tested

Integration Instructions

⚠️ Breaking Changes

How This Was Tested

Integration Instructions

Contributors

v2023110009.0.1

What's Changed

🔐 Security Impacting

How This Was Tested

Integration Instructions

Contributors

v2023110009.0.0

What's Changed

⚠️ Breaking Changes

How This Was Tested

Integration Instructions

🚀 Features & ✨ Enhancements

How This Was Tested

Integration Instructions

📖 Documentation Updates

How This Was Tested

Integration Instructions

Contributors

v2023110008.1.1

What's Changed

Preface

Description

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🐛 Bug Fixes

Contributors

v2023020017.0.0

What's Changed

How This Was Tested

Integration Instructions

⚠️ Breaking Changes

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🚀 Features & ✨ Enhancements