From 7e30a970348b2b39e367de73c595a6a6a511fa7f Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Mon, 23 Sep 2024 12:36:00 -0400 Subject: [PATCH 1/7] Repo File Sync: Run CodeQL on dev/* branches (#1151) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. Updates CodeQL to additionally run on dev/* branches and updates some miscellaneous documentation. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#10998098864](https://github.com/microsoft/mu_devops/actions/runs/10998098864) Signed-off-by: Project Mu UEFI Bot --- .github/pull_request_template.md | 2 +- .github/workflows/codeql.yml | 2 ++ CONTRIBUTING.md | 2 +- rust-toolchain.toml | 4 ++-- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 60a2b7af1b..eb455e3452 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -2,7 +2,7 @@ <_Include a description of the change and why this change was made._> -For details on how to complete to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md). +For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md). - [ ] Impacts functionality? - [ ] Impacts security? diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 46bdd4fbee..52fb6a2258 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,10 +29,12 @@ on: branches: - main - release/* + - dev/* pull_request: branches: - main - release/* + - dev/* paths-ignore: - '!**.c' - '!**.h' diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dc0f5763ec..2199e97489 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -75,7 +75,7 @@ Project Mu pull requests autopopulate a PR description from a template in most r 2. **Remove** this line of instructions so the PR description shows cleanly in release notes: - `"For details on how to complete to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md)."` + `"For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md)."` 3. For each checkbox in the PR description, **place an "x"** in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ diff --git a/rust-toolchain.toml b/rust-toolchain.toml index f15049ea9d..dcd6587c87 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,6 +1,6 @@ [toolchain] -channel = "1.76.0" +channel = "1.80.0" [tool] cargo-make = "0.37.9" -cargo-tarpaulin = "0.27.3" +cargo-tarpaulin = "0.31.2" From 36f763d4f61ed9dbdb0bcc2835cca6407c8c69db Mon Sep 17 00:00:00 2001 From: Zhiguang Liu Date: Wed, 24 Apr 2024 15:24:32 +0800 Subject: [PATCH 2/7] MdeModulePkg/SMM: Initialize 'WillReturn' variable The local variable 'WillReturn' was being used without prior initialization in some code paths. This patch ensures that 'WillReturn' is properly initialized to prevent undefined behavior. Signed-off-by: Zhiguang Liu --- MdeModulePkg/Core/PiSmmCore/Smi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/MdeModulePkg/Core/PiSmmCore/Smi.c b/MdeModulePkg/Core/PiSmmCore/Smi.c index a84a1f48d3..6b56fa5f69 100644 --- a/MdeModulePkg/Core/PiSmmCore/Smi.c +++ b/MdeModulePkg/Core/PiSmmCore/Smi.c @@ -152,6 +152,7 @@ SmiManage ( PERF_FUNCTION_BEGIN (); mSmiManageCallingDepth++; + WillReturn = FALSE; Status = EFI_NOT_FOUND; ReturnStatus = Status; if (HandlerType == NULL) { From 34455f5e1f8ec100213c030f7f201707a89d89e1 Mon Sep 17 00:00:00 2001 From: Joey Vagedes Date: Mon, 23 Sep 2024 13:39:51 -0700 Subject: [PATCH 3/7] CryptoPkg: Require exact crypto version match (#1157) ## Description Crypto versioning is not currently backwards compatible. This change updates the check to require an exact match of the crypto version. - [ ] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested N/A ## Integration Instructions N/A --- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c | 4 ++-- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c | 4 ++-- .../Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c | 4 ++-- CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c | 4 ++-- .../Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c index b10e589d22..b94fa40fc1 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/DxeCryptLib.c @@ -66,9 +66,9 @@ DxeCryptLibConstructor ( } Version = mCryptoProtocol->GetVersion (); - if (Version < EDKII_CRYPTO_VERSION) { + if (Version != EDKII_CRYPTO_VERSION) { DEBUG ((DEBUG_ERROR, "[DxeCryptLib] Crypto Protocol unsupported version %d\n", Version)); - ASSERT (Version >= EDKII_CRYPTO_VERSION); + ASSERT (Version == EDKII_CRYPTO_VERSION); mCryptoProtocol = NULL; return EFI_NOT_FOUND; } diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c index 36c21cbe50..bcc2cb5204 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/PeiCryptLib.c @@ -47,9 +47,9 @@ GetCryptoServices ( } Version = CryptoPpi->GetVersion (); - if (Version < EDKII_CRYPTO_VERSION) { + if (Version != EDKII_CRYPTO_VERSION) { DEBUG ((DEBUG_ERROR, "[PeiCryptLib] Crypto PPI unsupported version %d\n", Version)); - ASSERT (Version >= EDKII_CRYPTO_VERSION); + ASSERT (Version == EDKII_CRYPTO_VERSION); return NULL; } diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c index 641d1213df..2b32ea62e0 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/RuntimeDxeCryptLib.c @@ -110,9 +110,9 @@ RuntimeDxeCryptLibConstructor ( } Version = mCryptoProtocol->GetVersion (); - if (Version < EDKII_CRYPTO_VERSION) { + if (Version != EDKII_CRYPTO_VERSION) { DEBUG ((DEBUG_ERROR, "[%a] Crypto Protocol unsupported version %u.\n", __func__, Version)); - ASSERT (Version >= EDKII_CRYPTO_VERSION); + ASSERT (Version == EDKII_CRYPTO_VERSION); mCryptoProtocol = NULL; return EFI_NOT_FOUND; } diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c index 9fd1b4869d..290fd8c7fb 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/SmmCryptLib.c @@ -68,9 +68,9 @@ SmmCryptLibConstructor ( } Version = mSmmCryptoProtocol->GetVersion (); - if (Version < EDKII_CRYPTO_VERSION) { + if (Version != EDKII_CRYPTO_VERSION) { DEBUG ((DEBUG_ERROR, "[SmmCryptLib] Crypto SMM Protocol unsupported version %d\n", Version)); - ASSERT (Version >= EDKII_CRYPTO_VERSION); + ASSERT (Version == EDKII_CRYPTO_VERSION); mSmmCryptoProtocol = NULL; return EFI_NOT_FOUND; } diff --git a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c index eda635a357..9564702e88 100644 --- a/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c +++ b/CryptoPkg/Library/BaseCryptLibOnProtocolPpi/StandaloneMmCryptLib.c @@ -68,9 +68,9 @@ StandaloneMmCryptLibConstructor ( } Version = mSmmCryptoProtocol->GetVersion (); - if (Version < EDKII_CRYPTO_VERSION) { + if (Version != EDKII_CRYPTO_VERSION) { DEBUG ((DEBUG_ERROR, "[StandaloneMmCryptLib] Crypto SMM Protocol unsupported version %d\n", Version)); - ASSERT (Version >= EDKII_CRYPTO_VERSION); + ASSERT (Version == EDKII_CRYPTO_VERSION); mSmmCryptoProtocol = NULL; return EFI_NOT_FOUND; } From 848222d2c3f5283d60acd9f9835d7ad12315b573 Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Mon, 23 Sep 2024 22:16:12 -0400 Subject: [PATCH 4/7] Repo File Sync: Update Mu DevOps and container version (#1158) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#11004666094](https://github.com/microsoft/mu_devops/actions/runs/11004666094) Signed-off-by: Project Mu UEFI Bot --- .azurepipelines/MuDevOpsWrapper.yml | 6 +++--- .github/workflows/auto-approve.yml | 2 +- .github/workflows/auto-merge.yml | 2 +- .github/workflows/issue-assignment.yml | 2 +- .github/workflows/label-issues.yml | 2 +- .github/workflows/label-sync.yml | 2 +- .github/workflows/release-draft.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/triage-issues.yml | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml index e838283829..9bd9820824 100644 --- a/.azurepipelines/MuDevOpsWrapper.yml +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -19,7 +19,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v10.0.0 + ref: refs/tags/v12.0.2 parameters: - name: do_ci_build @@ -82,7 +82,7 @@ parameters: jobs: - template: Jobs/PrGate.yml@mu_devops parameters: - linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 + linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:d1e4ff1 ${{ if eq(parameters.rust_build, true) }}: linux_container_options: --security-opt seccomp=unconfined do_ci_build: ${{ parameters.do_ci_build }} @@ -105,7 +105,7 @@ jobs: container: - image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 + image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:d1e4ff1 options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined steps: diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 23b9389ffe..4c5bc6e38c 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -29,5 +29,5 @@ jobs: if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v12.0.2 secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index 4f37dd5f5a..4540ef8a93 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -32,5 +32,5 @@ jobs: if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v12.0.2 secrets: inherit diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 79196ea3b2..8c5666a294 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -23,4 +23,4 @@ jobs: contents: read issues: write - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v12.0.2 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index ffad0ec08f..658170a7d7 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -36,4 +36,4 @@ jobs: contents: read pull-requests: write - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v12.0.2 diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index c42746422d..3f9599c489 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -28,4 +28,4 @@ jobs: permissions: issues: write - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v12.0.2 diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index 27517df9f0..a9868f4701 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -32,5 +32,5 @@ jobs: contents: write pull-requests: write - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v12.0.2 secrets: inherit diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 5b94e82283..b4b9fb86cd 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -29,4 +29,4 @@ jobs: issues: write pull-requests: write - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v12.0.2 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 49780aaedb..2faddd987d 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -23,4 +23,4 @@ jobs: permissions: issues: write - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v10.0.0 + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v12.0.2 From b9498295a6543eb6975359c524de928be10ea2fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 22:22:58 -0400 Subject: [PATCH 5/7] pip: bump regex from 2024.7.24 to 2024.9.11 (#1146) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.7.24 to 2024.9.11. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pip-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 1a2544b854..5ebf4ed85b 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -18,4 +18,4 @@ antlr4-python3-runtime==4.13.2 lcov-cobertura==2.0.2 pygount==1.8.0 # MU_CHANGE toml==0.10.2 # MU_CHANGE -regex==2024.7.24 +regex==2024.9.11 From 384dc770f5d47cc2c432372b3f953059519da6be Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:40:57 -0400 Subject: [PATCH 6/7] pip: update edk2-pytool-library requirement from ~=0.21.10 to ~=0.21.11 (#1147) Updates the requirements on [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) to permit the latest version. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pip-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 5ebf4ed85b..6bce296038 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -12,7 +12,7 @@ # https://www.python.org/dev/peps/pep-0440/#version-specifiers ## -edk2-pytool-library~=0.21.10 # MU_CHANGE +edk2-pytool-library~=0.21.11 # MU_CHANGE edk2-pytool-extensions~=0.27.11 # MU_CHANGE antlr4-python3-runtime==4.13.2 lcov-cobertura==2.0.2 From a952e84bd6f36d342496cc29e8534ec2e0362499 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 14:55:12 +0000 Subject: [PATCH 7/7] pip: update edk2-pytool-extensions requirement from ~=0.27.11 to ~=0.27.12 (#1148) Updates the requirements on [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) to permit the latest version. Signed-off-by: dependabot[bot] Co-authored-by: Michael Kubacki --- pip-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 6bce296038..54f2eb8292 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -13,7 +13,7 @@ ## edk2-pytool-library~=0.21.11 # MU_CHANGE -edk2-pytool-extensions~=0.27.11 # MU_CHANGE +edk2-pytool-extensions~=0.27.12 # MU_CHANGE antlr4-python3-runtime==4.13.2 lcov-cobertura==2.0.2 pygount==1.8.0 # MU_CHANGE