v2024050000.0.1

What's Changed

• [202405] Add Cumulative CodeQL changes. @apop5 (#1137)
  
  Change Details

    ## Description

  Cumulative CodeQL fixes for the release 202405 Branch.

  13dff4f
  f26f86d
  e97c273
  564f262
  769b019
  4828ebb
  4c372a2
  5f165d2
  006dc1f
  c99d59f
  f648481
  c70d96e
  7c60e33
  2deccbe
  2c4db39
  ec7a96c
  45219b5
  b47eb1f
  1cd17c1
  fec2cd9
  326dde3
  a420f66
  4f4cc7d
  d2e5518
  9496601
  83ec756
  192d343
  55ad1f2
  e71970b
  be03b5b
  b9d04a0
  f495191
  6acf82c
  2c6ee99
  8398844
  f90d7a8
  5464d16
  4c082e3
  f8616ec
  070d25d
  442aab8
  fe7078e
  e0b2964
  798cfa3
  92dc249
  0c3eaac

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ran Local CI.
  Booted on physical system.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] MdeModulePkg/FaultTolerantWriteDxe: Fix buffer overrun issue @os-d (#1131)
  
  Change Details

    ## Description

  • This PR aims to prevent a buffer overrun issue found in FtwGetLastWriteHeader function.As per the current code, when there is a malformed blocks (with all bytes as 0s) then Offset += FTW_WRITE_TOTAL_SIZE (FtwHeader->NumberOfWrites, FtwHeader->PrivateDataSize) would access beyond FtwWorkSpaceSize.

  • Also added the signature check to validate work space

  • Impacts functionality?

  • Impacts security?

  • Breaking change?

  • Includes tests?

  • Includes documentation?

  How This Was Tested

  Cherry-picked from edk2.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• [202405] ImageValidation.py: Don't parse entire image @Javagedes (#1127)
  
  Change Details

    ## Description

  This commit modifies the PE parsing functionality to only parse the headers of the image, rather than the entire image. This change is made to improve performance and also the probability of failing to parse the entire image. This comes after this commit (erocarrera/pefile#365) in pefile resulted in efi image parsing failures, breaking the build.

  This commit also wraps the parsing of the image in a try-except block to catch any exceptions that may be raised during parsing, to cleanly exit.

  See: microsoft/mu_tiano_platforms#1025 and erocarrera/pefile#421

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated pipelines build on mu_tiano_platforms

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [202405] ImageValidation: Determine profile from inf MODULE\_TYPE @Javagedes (#1124)
  
  Change Details

    ## Description

  In previous iterations, the profile was determined by parsing the makefile, looking for MODULE_TYPE. As each OS / tool chain may use a different makefile type, this was not a reliable method. This updates the plugin to read the INF for the compiled efi file to determine the MODULE_TYPE and thus the profile.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated on qemuq35 that the module type was successfully parsed.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

📖 Documentation Updates

• Update ReadMe.rst to add mock-related breaking changes @VivianNK (#1130)
  
  Change Details

    ## Description

  Release notes for 202311 -> 202405
  Cmocka mocks and stubs were moved so file paths using them need to be updated.

  Remove markdown syntax for links.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2024050000.0.0...v2024050000.0.1

v2024050000.0.0

Initial Release notes of 202405 contain a full list of mu changes on top of edk2-stable202405

PR associated with the commit can be found at the bottom of the information pane reached by clicking on the commit hash

What's Changed

🚀 Features & ✨ Enhancements

• UefiCpuPkg: CpuPageTableLib: Remove Empty Test Suite
  
  Change Details

    f481172

  ---

• Create mocks for PlatformHookLib and PciLib (#1094)
  
  Change Details

    47134bd

  ---

• [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Consume PcdCpuSmmApSyncTimeout2
  
  Change Details

    4d722ac

  ---

• [CHERRY-PICK] UefiCpuPkg: Refine the PCD usage comment
  
  Change Details

    125e5a0

  ---

• [Cherry-Pick] UefiCpuPkg: Add PcdCpuSmmApSyncTimeout2 PCD (#1096)
  
  Change Details

    b970851

  ---

• Create the Google Test mocks for SmmBase2 Protocol.
  
  Change Details

    efda14a

  ---

• Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol
  
  Change Details

    2f6f616

  ---

• Create Mock for IsaHc protocol
  
  Change Details

    19e3f7b

  ---

• Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib
  
  Change Details

    ea82edd

  ---

• Add deprecation warning support to OverrideValidation plugin (#742)
  
  Change Details

    6f49d15

  ---

• Update BaseCryptLib tests to reference the PCDs before running (#1034)
  
  Change Details

    2567c9b

  ---

• Added MockUefiDevicePathLib and gBS_AllocatePool under MockUefiBootServicesTableLib
  
  Change Details

    64d9dfe

  ---

• Added mock functions on UefiLib
  
  Change Details

    6e13911

  ---

• Added mock functions for TimerLib
  
  Change Details

    b477e63

  ---

• Added mock functions for PciExpressLib
  
  Change Details

    0182bec

  ---

• Added mock functions for UefiBootServicesTableLib
  
  Change Details

    c321f8c

  ---

• BaseTools/Plugin/HostBasedUnitTestRunner: Fix invalid escape in HostBasedUnitTest.py (#899)
  
  Change Details

    4719b97

  ---

• Set EFI_MEMORY_SP as System Memory (#886)
  
  Change Details

    036686e

  ---

• Added MockPciIoProtocol and MockLocalApicLib (#890)
  
  Change Details

    52973f2

  ---

• GitHub Action: Bump robinraju/release-downloader from 1.10 to 1.11 (#1116)
  
  Change Details

    973a5aa

  ---

• pip: Update all pip-requirements to latest. (#1120)
  
  Change Details

    7dac39f

  ---

• Repo File Sync: 202405 Branch Transition Updates. (#1119)
  
  Change Details

    ba1307e

  ---

• CodeQlFilters.yml: Add global CodeQL filter file to repo.
  
  Change Details

    301fb03

  ---

• ShellPkg: CodeQL Fixes.
  
  Change Details

    22ae568

  ---

• UefiCpuPkg: CodeQL Fixes.
  
  Change Details

    b001cc9

  ---

• MdeModulePkg: CodeQL Fixes.
  
  Change Details

    d74b9cf

  ---

• MdePkg: CodeQL Fixes.
  
  Change Details

    413351c

  ---

• NetworkPkg: CodeQL Fixes.
  
  Change Details

    3dc1746

  ---

• StandaloneMmPkg: CodeQL Fixes.
  
  Change Details

    652f7e4

  ---

• Updated Release notes. (#1107)
  
  Change Details

    dbfd484

  ---

• BaseTools/build_rule.template: Add FILE_GUID to the environment for Rust modules (#1108)
  
  Change Details

    6305b70

  ---

• MdeModulePkg: Correct the placement of the variable policy locking
  
  Change Details

    8c05410

  ---

• MdePkg: Create Google mock for ReadOnlyVariable2
  
  Change Details

    30d4dd5

  ---

• Revert "MdeModulePkg: Updates Debug Statements for Mem/Page.c"
  
  Change Details

  ...

v2023110012.0.0

What's Changed

• Create mocks for PlatformHookLib and PciLib @TsunFeng (#1094)
  
  Change Details

    ## Description

  Create mocks for PlatformHookLib and PciLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call PlatformHookLib and PciLib mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick][Rebase \& FF] UefiCpuPkg: Consume PcdCpuSmmApSyncTimeout2. @apop5 (#1097)
  
  Change Details

    ## Description

  In addition to what was said in the Cherry-Pick in #1096.

  It looks like Edk2 picked up these changes, reverted them, and then added them back because Ovmf packages had already started consuming them.

  The changes should not impact existing platforms, because the changes only modify PiSmmCpuDxeSmm.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Local CI.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick] UefiCpuPkg: Add PcdCpuSmmApSyncTimeout2 PCD @apop5 (#1096)
  
  Change Details

    ## Description Cherry-Picking PCD definition from edk2. This does not change the basecore functionality to consume this pcd.

  Provide the capability for platform to specifies the 2nd timeout value in microseconds for the BSP/AP in SMM to wait for one another to enter SMM.

  The added interface can enhance the flexibility of timeout configuration. In some cases, certain processors may not be able to enter SMI, and prolonged waiting could lead to kernel soft/hard lockup. We have now defined two timeouts. The first timeout can be set to a smaller value to reduce the waiting period. Processors that are unable to enter SMI will be woken up through SMIIPL to enter SMI, followed by a second waiting period. The second timeout can be set to a larger value to prevent delays in processors entering SMI case due to the long instruction execution.

  Cc: Ray Ni [email protected]
  Cc: Rahul Kumar [email protected]
  Cc: Gerd Hoffmann [email protected]

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Local CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [REBASE\&FF][CHERRY-PICK] ImageValidation: Add default configuration @Javagedes (#1104)
  
  Change Details

    Previously, ImageValidation was an "opt-in" plugin by setting a build variable `PE_VALIDATION_PATH`, however with this pull request, Image Validation will be on by default, with some default configuration that can be changed with a custom configuration yaml file.

  The default requirements are:

  1. All efi binaries must not be both write and execute
  2. All efi binaries must have an image base of 0x0
  3. All dxe phase binaries must be 4k section aligned, with the one exception of AARCH64 DXE_RUNTIME_DRIVERS, which must be 64k aligned.

  compiled binaries that need to be opted out of, can do so by adding an IGNORE_LIST in the configuration file

  {
    "IGNORE_LIST": ["Shell.efi", "etc"]
  }

  A cherry-pick of #1100 into release/202311

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Confirmed successful execution of the plugin on Windows with QemuQ35 and Ubuntu with QemuSbsa

  Integration Instructions

  Platforms that begin to fail this test will need to generate a configuration yaml file, and set a stuart build variable, PE_VALIDATION_PATH to it. It is suggested to do this in the Platform's PlatformBuild.py.

  The Correct Integration is to evaluate the binary and why it is not meeting the requirements. The platform can elect to update the compilation of the binary to meet the requirements, add or override validation rules for certain MODULE_TYPEs, or simply add the binary to the ignore list. Please review the Plugin's readme.md file for more details on doing any of these things.
  

  
  

  ---

  
  

• BaseTools/build\_rule.template: Set additional Rust module linker flags @makubacki (#1098)
  
  Change Details

    ## Description

  This change sets the ImageBase in the PE header for Rust modules to 0 so they do not have a preferred base. This is similar to the EFI images produced by the edk2 build system. The subsystem type is also set to efi_boot_service_driver instead of the default target specification value of EFI_APPLICATION. Details for changing the subsystem type are here:

  https://doc.rust-lang.org/nightly/rustc/platform-support/unknown-uefi.html#requirements

  Ideally, these values would be set as individual target.<triple>.rustflags in .cargo/config.toml. However, we override the /MAP argument using -C linker-args in build_rule.txt to the build output directory. This must be set dynamically since the output directory and module name are based on per module values.

  Since the cargo configuration file does not support reading environment variables and setting an environment there in a [env] section would be too late to impact the commands that run in build_rules.txt (cargo is called from cargo make based on those rules), this is the simplest approach to retain the map file path in addition to the new changes.

  In the future, this may be moved to a common target specification so the values are available without these changes.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Checked ImageBase and Subsystem of EFI images in output directory
    to confirm expected values.

  Integration Instructions

  This ...

v2023110011.0.0

What's Changed

• Create the Google Test mocks for SmmBase2 Protocol. @Eathonhsu (#1088)
  
  Change Details

    ## Description

  Add mock functions under MockSmmBase2 and Create Mock for SmmBase2 protocol.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol @TsunFeng (#1084)
  
  Change Details

    ## Description

  Add mock functions under MockPciIoProtocol and Create Mock for Smbio, UsbIo and NvmExpressPassthru protocol.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call these mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Create Mock for IsaHc protocol @TsunFeng (#1087)
  
  Change Details

    ## Description

  Create Mock for IsaHc protocol

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call IsaHc mock functions success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib @TsunFeng (#1078)
  
  Change Details

    ## Description

  Added MockServiceBinding and Add mock functions under MockUefiBootServicesTableLib, MockUefiLib and MockUefiDevicePathLib for Unit Test.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call this mock function success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [SQUASH ON REBASE] Revert "MdePkg/CompilerIntrinsicsLib: Add IntrinsicLib class and strcmp" @makubacki (#1086)
  
  Change Details

    ## Description

  The strcmp function was added to CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c in edk2 commit 46226fb. Therefore, ARM and AARCH64 modules can pick up the strcmp function needed to compile code from there without adding more functionality to CompilerIntrinsicsLib just for building third-party crypto code.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • CrytoBinPkg build of all architectures
  • Mu Basecore CI

  Integration Instructions

  • strcmp will no longer be provided in ArmCompilerIntrinsicsLib, use
    another implementation if needed. Marked potentially breaking for this reason.
    

  
  

  ---

• CryptoPkg: Updating Shared Crypto Bin to version 2023.12.2. @apop5 (#1075)
  
  Change Details

    ## Description

  Previous version v2023.11.3 did not contain PDB information, which was causing some problems in a platform which needed PDB information.

  v2023.12.1 includes PDB information.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Ran mu_tiano_platforms with changes and verified boot.

  Integration Instructions

  After this update, platforms are required to supply gEfiRngPpiGuid in the Pei phase, and gEfiRngProtocolGuid in the Dxe phase.
  Common implementations ar...

v2023110010.0.1

What's Changed

• Add deprecation warning support to OverrideValidation plugin @NishanthSanjeevi (#742)
  
  Change Details

    ## Description

  Added deprecation warning support to the existing Override validation plugin/tool.

  • Impacts functionality?
    • Functionality - All libraries/drivers that are no longer used should add a Deprecation warning
  • Impacts security?
    • Security - N/A
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior? No
  • Includes tests? No
  • Includes documentation? Added documentation for how to use the Deprecation warnings module

  How This Was Tested

  Added the Deprecation warnings to the INFs and a warning was thrown when a deprecated module was part of the DSC

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Update BaseCryptLib tests to reference the PCDs before running @kenlautner (#1034)
  
  Change Details

    ## Description

  The BaseCryptLibUnitTestApp tests the linked BaseCryptLib instance's crypto to make sure all functions are performing as expected. With the move to the Crypto binary and the BaseCryptLibOnProtocol instances we disable certain crypto functionality on purpose which causes the test to fail (and also the BaseCryptLibOnProtocol lib to assert). The changes made here use the already existing crypto PCDs to check if the tested cryptography is enabled with the current Crypto binary and if not to skip the test. This will allow the test to show if the enabled crypto is working correctly instead of failing for crypto we don't care about.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Qemu and intel physical platforms with various crypto binary layouts. The relevant tests pass and disabled crypto skips their tests. Furthermore when the PCDs are configured to run tests for crypto we don't support with the selected crypto binary, the test fails as expected.

  Integration Instructions

  N/A. Using the crypto binaries should automatically configure the correct PCDs and BaseCryptLib library for the test to work correctly.
  

  
  

  ---

  
  

• BaseTools/codeql: Update to CodeQL 2.18.1 @makubacki (#1072)
  
  Change Details

    ## Description

  Updates to the latest CodeQL version to resolve query dependencies.

  Currently, errors like this will be seen:

  Not using precompiled NoSpaceForZeroTerminator.qlx: This QLX (written by CodeQL 2.18.1) uses a primitive 'internSets', which this QL engine is too old to evaluate.
  

  This is related to a CodeQL release made a few hours ago:

  Release v2.18.1 · github/codeql-cli-binaries · GitHub

  ---

  2311 version of #1069

  ---

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • CI with CodeQL plugin enabled

  Integration Instructions

  • Verify queries being used are compatible with CodeQL 2.18.1
    

  
  

  ---

• Added MockUefiDevicePathLib. Added gBS\_AllocatePool under MockUefiBootServicesTableLib @v-bhavanisu (#1059)
  
  Change Details

    ## Description

  Added MockUefiDevicePathLib. Added gBS_AllocatePool under MockUefiBootServicesTableLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Included this change under a GoogleTest and build successful

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• MdePkg/MockUefiLib: Add EfiCreateProtocolNotifyEvent() @TsunFeng (#1055)
  
  Change Details

    ## Description

  Added mock functions on UefiLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Unit tests component can call this mock function success

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110010.0.0...v2023110010.0.1

v2023110010.0.0

What's Changed

• Revert `NO_ABSOLUTE_RELOCS_IN_TEXT` MU change for GCC @kuqin12 (#1040)
  
  Change Details

    ## Description

  This change is created to revert the commit of 57e8694.

  The original change was checked in the midst of other 202311 integration changes and now proven to be unnecessary.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  This was tested on MU tiano platforms repo and passed pipeline checks.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• [Cherry-Pick] BaseTools/HostBasedUnitTestRunner: Promote Unittest error to CI fail. @apop5 (#1039)
  
  Change Details

    ## Description

  Some unit tests would fail to execute or execute and not produce any output logs. In these cases, the only output would be in the CI Log as UnitTest Execution Error.

  A UnitTest Execution Error should be considered the same as a unit tests test failing.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  On repo where hosted based unit test failed execution prior to generating test results, CI would pass and CI Log would show "Execution Error" for the unit test.

  After integrating this change, CI will fail with a unit test error.

  Integration Instructions

  For unit tests that are failing, each unit test will need to be examined and individually corrected.
  

  
  

  ---

  
  

Full Changelog: v2023110009.0.1...v2023110010.0.0

v2023110009.0.1

What's Changed

🔐 Security Impacting

• MdeModulePkg: Compatibility Mode: Only Remap System Memory Regions @os-d (#1030)
  
  Change Details

    ## Description

  When we enter memory protections compatibility mode, we attempt to disable null protection and remap 0 - 0xA0000 as RWX. This was done for x86 systems with broken shim/grubs on Linux that would attempt to use those regions. This resolved that issue and we could boot non-memory protection safe Linux images on x86 HW. However, this approach did not take into account systems that do not have that range marked as system memory, for example ARM64 systems do not have this requirement. As such, this would inappropriately map these regions as RWX when they were not system memory.

  This patch updates the remapping to only remap and disable null protection if these ranges are marked as system memory, otherwise it will leave them alone.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on an ARM64 platform that does not have 0 - 0xA0000 as system memory, as well as an X86 system that does have that range as system memory, booting a Linux image on both that forces us to enter compatibility mode.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2023110009.0.0...v2023110009.0.1

v2023110009.0.0

What's Changed

⚠️ Breaking Changes

• Host Based Unit Test updates @Javagedes (#837)
  
  Change Details

    ## Description

  Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.

  The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.

  Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• BaseTools/Plugin/RustEnvironmentCheck: Use pytools Rust helpers @makubacki (#1037)
  
  Change Details

    ## Description

  The plugin implementation has moved to edk2-pytool-extensions so it
  can be reused for plugins targeting different scenarios such as
  public/generic (this plugin) or custom internal environments that
  may need to add on additional functionality.

  This simplifies this plugin's implementation significantly.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Verified plugin still detects errors properly
  • Unit tests added in edk2-pytool-extensions

  Integration Instructions

  An id has been added to the plugin YAML file (rust-env-check). This
  retains the same scope as before (rust-ci) but allows a custom version
  of the plugin to override this version by specifying:

  • "id_override": "rust-env-check"

  In its YAML file. Otherwise, no integration work is needed.

  There is an example of code that sets id_override (via generated YAML) here for reference.

  edk2-pytool-extenions 0.27.10 is required this change to work due to the new functionality used in that release.
  

  
  

  ---

  
  

📖 Documentation Updates

• Host Based Unit Test updates @Javagedes (#837)
  
  Change Details

    ## Description

  Updates the host-based unit test runner to fail if a unit test executable returns successfully, but has no test results, or if a test suite generated from a unit test executable does not contain any tests.

  The issues above indicate configuration errors in the unit test source code itself and indicates to the developer that changes to the unit test need to be made.

  Updates the README.md file for the UnitTestFrameworkPkg to correct inaccurate information regarding code coverage and provide information on how to consolidate and generate unit test html reports.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  If any host based unit tests were written incorrectly, and there exists a test with no test suites, or a test suite with no tests, The host based unit test runner will now fail. These tests will need to be corrected.
  

  
  

  ---

  
  

Full Changelog: v2023110008.1.1...v2023110009.0.0

v2023110008.1.1

What's Changed

• Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE \& FF] @v-bhavanisu (#931)
  
  Change Details

    Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib [REBASE & FF]

  Preface

  Please ensure you have read the contribution docs prior
  to submitting the pull request. In particular,
  pull request guidelines.

  Description

  Added mock functions on UefiBootServicesTableLib, added mock PciExpressLib and TimerLib

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Included the mock functions on GoogleTests for the appropriate libraries under x86 and ensured build successful

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Change CpuDeadLoops to panic calls in PiSmmCpuDxeSmm.c @kenlautner (#892)
  
  Change Details

    ## Description

  Changes the newly added CpuDeadLoops in PiSmmCpuDxeSmm.c into PANIC calls to give more information on issues that are hit instead of hanging the system.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] UefiCpuPkg:fix issue when splitting paging entry @kenlautner (#909)
  
  Change Details

    ## Description

  This patch is to fix issue when splitting leaf paging entry in CpuPageTableLib code.

  In previous code, before we assign the new child paging structure address to the content of splitted paging entry, PageTableLibSetPnle() is called to make sure the bit7 is set to 0, which indicate the previous leaf entry is changed to non-leaf entry now. There is a gap between we change the bit7 and we assign the new child paging structure address to the content of the splitted paging entry. If the address of code execution or data access happens to be in the range covered by the splitted paging entry, this gap may cause issue.

  In this patch, we prepare the new paging entry content value in a local variable and assign the value to the splitted paging entry at once. The volatile keyword is used to ensure that no optimization will occur in compilation.

  Reviewed-by: Ray Ni [email protected]
  Cc: Rahul Kumar [email protected]
  Cc: Gerd Hoffmann [email protected]
  Reviewed-by: Jiaxin Wu [email protected]
  Cc: Zhou Jianfeng [email protected]

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Intel physical platforms that were hitting a paging split issue and ones that weren't having any problems. With this fix both platforms are able to boot correctly.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• BaseTools/Plugin/HostBasedUnitTestRunner: Fix invalid escape in HostBasedUnitTest.py @antklein (#899)
  
  Change Details

    ## Description

  Fix invalid escape sequence in BaseTools/Plugin/HostBasedUnitTestRunner/HostBasedUnitTestRunner.py. These warnings are exposed by Python 3.12.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Validated no functional changes to HostBasedUnitTestRunner.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• [CHERRY-PICK] [Release/202311] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#891)
  
  Change Details

    # Preface

  REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610

  Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).

  This works fine if you're linking a program manually using

  gcc a.o b.o c.o -o test_suite
  

  but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for obj...

v2023020017.0.0

What's Changed

• MuCodeQlQueries.qls: Pin to the 0.9.12 codeq/cpp-queries pack @makubacki (#883)
  
  Change Details

    ## Description

  The codeql/cpp-queries pack used in MuCodeQlQueries.qls was versioned
  0.9.12 for the CodeQL CLI v2.17.3 release currently used.

  https://github.com/github/codeql/blob/codeql-cli/v2.17.3/cpp/ql/src/qlpack.yml

  This change pins that pack version to prevent the CodeQL CLI and
  pack from getting out of sync until explicitly updated.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Verified the CodeQL query pack version listed is pulled.

  Integration Instructions

  • N/A - No change to queries used. Should prevent breaks in the future where
    the latest queries are no longer compatible with the current CodeQL CLI used.
    

  
  

  ---

⚠️ Breaking Changes

• [REVERT] [CHERRY-PICK] Reverts previous commit to update to 2023.2.16, moves to 2023.2.15, corrects extdep, removes duplicate files @Flickdm (#913)
  
  Change Details

    ## Description

  An incorrect assumption was made that the INF's need to be removed from the CryptoPkgDriver because the MU_BASECORE already had duplicate entries and this aligned with previous releases (Now unlisted 2023.2.16). This goes back to the working release (2023.2.15) and updates the extdep accordingly. Further additional (potentially breaking) changes were required to be made to get the crypto package working. See commit 5efeb20

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Simplifies RNG Support expected of platforms
    • platforms integrating the binaries may have very different levels of support for random number generation,
    • allow the platform to provide a RNG service for PEI and DXE.
  • Impacts security?
  • Breaking change?
    • Platforms are expected to provide a source for RNG
      • See [this change]
        (microsoft/mu_crypto_release@68c7e29)
    • Platforms that have a direct dependency on CryptoPkg should now use $(SHARED_CRYPTO_PATH)

      !include $(SHARED_CRYPTO_PATH)/Driver/Bin/CryptoDriver.inc.dsc
    

  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built on multiple Release/202302 based platforms
  Booted to Shell

  Integration Instructions

  Platforms are expected to provide a source for RNG [this change]
  (microsoft/mu_crypto_release@68c7e29)

  MU_TIANO_PLATFORMS may be used as an example
  

  
  

  ---

  
  

• Update Crypto Driver to 2023.2.16 for RNG Services @Flickdm (#910)
  
  Change Details

    # Preface

  This updates the crypto driver to simplify RNG support and allows for a platform to provide a RNG service for PEI and DXE.

  The crypto binary (2023.2.15) was built at this commit
  microsoft/mu_crypto_release@c978485

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Simplifies RNG Support expected of platforms
    • platforms integrating the binaries may have very different levels of support for random number generation,
    • allow the platform to provide a RNG service for PEI and DXE.
  • Impacts security?
  • Breaking change?
    • Platforms are expected to provide a source for RNG
      • See this change
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  ✔️ Built locally
  ✔️ Built against Pipelines
  ✔️ Booted to shell
  ✔️ Booted to frontpage on a system with rdrand disabled

  Integration Instructions

  • Read the readme update made in this change in the
    "Dependencies Built into Shared Crypto" section.

    </blockquote>
    <hr>
    

🚀 Features & ✨ Enhancements

• [CHERRY-PICK] Add RNG PPI Support [Rebase \& FF] @makubacki (#888)
  
  Change Details

    ## Description

  MdePkg: Add Random Number Generator (RNG) PPI

  Adds a new PPI that serves the same purpose as EFI_RNG_PROTOCOL in
  DXE. This PPI can be produced by a PEIM to provide a dynamic interface
  to RNG services in PEI.

  This PPI is called EFI_RNG_PPI because it shares the exact same
  interface with EFI_RNG_PROTOCOL which is described in the UEFI
  Speficiation.

  ---

  MdePkg: Add PeiRngLib

  Adds a new PEI library instance for RngLib that uses the RNG services
  provided by the RNG PPI.

  This library instance will add a DEPEX on gEfiRngPpiGuid on modules
  it links against. It can be used to allow PEIMs to get RNG support
  over a dynamic interface.

  ---

  (cherry picked from mu_basecore/release/202311)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • MdePkg CI
  • Verify the RNG PPI can be successfully produced and consumed

  Integration Instructions

  If a platform needs to share RNG support across a dynamic interface
  between PEIMs, the RNG PPI can be used. PeiRngLib provides a RngLib
  instance that use the RNG PPI. It will include a dependency on gEfiRngPpiGuid.
  

  
  

  ---

  
  

🐛 Bug Fixes

• [CHERRY-PICK] Set EFI\_MEMORY\_SP as System Memory @makubacki (#920)
  
  Change Details

    ## Description

  Cherry picks 9051d2e from release/202311.

  When supplying DxeCore with a resource descriptor HOB, a platform can choose which memory type to specify. For EFI_MEMORY_SP resource descriptor HOBs, instead of blindly setting GcdReserved as the memory type, respect what the resource descriptor HOB specified. Closes #884.

  • Impacts functionality?
  • Functionality - Does the change ultimately impact how firmware functions?
  • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
  • Security - Does the change have a direct security impact on an application,
    flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
  • Breaking change?
  • Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  • Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
  • Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  • Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...

  How This Was Tested

  Tested on virtual platforms with CXL memory attached.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• [CHERRY-PICK] [Release/202302] UnitTestFrameworkPkg: Fix Google Test components with multiple files @Flickdm (#893)
  
  Change Details

    # Preface REF: https://github.com//pull/891 - Dropping GOOGLETEST_HOST_UNIT_BUILD option as release/202302 does not have any expectation to support it.

  REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4610

  Google Test hides test registration in global constructors on global objects. Global constructors are traditionally implemented by placing references to the global constructor's symbol in special sections (traditionally named .ctors or .init_array). These sections are not explicitly referenced by the linker, and libc only looks at special start and end symbols (and calls them).

  This works fine if you're linking a program manually using

  gcc a.o b.o c.o -o test_suite
  

  but fails miserably when using static libraries (such as what EDK2 does), because traditional static archive symbol resolution rules don't allow for object files to be pulled in to the link if there isn't an undefined symbol reference to that .o elsewhere.

  Fix it by passing --whole-archive (GCC) and /WHOLEARCHIVE (MSVC). These options force the linker to pull in the entire s...