Skip to content

v2023110000.0.0

Compare
Choose a tag to compare
@github-actions github-actions released this 05 Feb 15:16
· 42 commits to refs/heads/release/202311 since this release
f29260e

What's Changed

First 202311 Mu OEM Sample release 🎉.

  • [Rebase \& FF] [Cherry-pick] Get all the missing commits from 202302 into 202311 @kenlautner (#186)
    Change Details
      ## Description

    Cherry-pick the commits from 202302 that are missing from 202311 since the creation of the release branch.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    CI

    Integration Instructions

    N/A




  • Updated CISettings.py to use the edk2toolext codeql helpers @kenlautner (#178)
    Change Details
      ## Description

    The 202311 rebase moved the codeql plugin from .pytool to Basetools. This requires a change in CISettings.py to reference the correct codeql helper functions. Instead of using the internal versions we instead move to the edk2 pytool extensions version.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested with CI.

    Integration Instructions

    N/A




  • OemPkg/SecureBootKeyStoreLibOem: Delete @Javagedes (#164)
    Change Details
      ## Description

    Removes SecureBootKeyStoreLibOem from OemPkg in favor of SecureBootKeyStoreLib in MsCorePkg.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Verified QemuQ35Pkg continues to build with the new version of SecurebootKeyStoreLib provided by MsCorePkg.

    Integration Instructions

    Switch from OemPkg's SecureBootKeyStoreLib implementation. Follow integration instructions provided by the package.




  • Fix Possible BootMenu Failure @TaylorBeebe (#138)
    Change Details
      ## Description BootMenu should have a DEPEX on gEdkiiFormBrowserEx2ProtocolGuid and should not return failure (to avoid unloading the driver after creating events and installing protocol interfaces).
    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested on Q35

    Integration Instructions

    N/A




  • Clears the DebugDirectory of the Debug information for Release builds of HelloUefi @Flickdm (#123)
    Change Details
      # Preface

    Please ensure you have read the contribution docs prior
    to submitting the pull request. In particular,
    pull request guidelines.

    Description

    This is a workaround for an issue in GenFw

    On linux when building using GCC5 in RELEASE the PE DebugDirectory includes the full path to the intermittent DLL.

    See:

    00000330: 3403 0000 4e42 3130 0000 0000 0000 0000 4...NB10........
    00000340: 0000 0000 2f68 6f6d 652f 7573 6572 2d78 ..../home/user-x
    00000350: 782f 6d75 5f6f 656d 5f73 616d 706c 652f x/mu_oem_sample/
    00000360: 4275 696c 642f 4f65 6d50 6b67 2f52 454c Build/OemPkg/REL
    00000370: 4541 5345 5f47 4343 352f 5836 342f 4f65 EASE_GCC5/X64/Oe
    00000380: 6d50 6b67 2f48 656c 6c6f 5565 6669 2f48 mPkg/HelloUefi/H
    00000390: 656c 6c6f 5565 6669 2f44 4542 5547 2f48 elloUefi/DEBUG/H
    000003a0: 656c 6c6f 5565 6669 2e64 6c6c 0000 0000 elloUefi.dll....
    000003b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
    • Simply zeros out the timestamps and debug directory using GenFW
    • Impacts security?
    • Breaking change?
      • If anyone is actually consuming the DebugDirectory, this would be a breaking change. This is mitigated by only removing it in this application on RELEASE builds.
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built on WSL2 Ubuntu with GCC5 tool chain

    Integration Instructions

    N/A




  • OemPkg/HelloUefi - CI fixes @Flickdm (#117)
    Change Details
      ## Description

    This is the simplest possible UEFI application, it differs from HelloWorld in that it drops dependencies on libraries, and eliminates the PCD logic, this application ideal purpose is to be used to test secure boot certificates as it's attack surface is minimal.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built with stuart_ci_build and wsl

    Integration Instructions

    N/A




  • Add simple UEFI application - HelloUefi @Flickdm (#116)
    Change Details
      ## Description

    This is the simplest possible UEFI application. It differs from 'HelloWorld' by dropping PCD logic and dependencies

    • Impacts functionality?

    • Impacts security?

    • Breaking change?

    • Includes tests?

    • Includes documentation?

    How This Was Tested

    Ran on QemuQ35

    Integration Instructions

    N/A




  • ci.yaml: add PrEval entry @Javagedes (#111)
    Change Details
      ## Description

    Add a PrEval entry to all ci.yaml files to enable the new PrEval Policy 5.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    N/A

    Integration Instructions

    N/A




  • Fixing Uncrustify break @kuqin12 (#112)
    Change Details
      # Preface

    Please ensure you have read the contribution docs prior
    to submitting the pull request. In particular,
    pull request guidelines.

    Description

    This change fixed an Uncrustify failure on the latest top of mainline branch.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Uncrustify fix, no functional change.

    Integration Instructions

    N/A




  • Display the Type 1 serial number instead of the Type 3 serial number @mikeytdisco (#104)
    Change Details
      ## Description

    The sample Front Page is displaying the Type 3 serial number and should display the Type 1 serial number.

    This one fixes #102

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested in QemuQ35Pkg

    Integration Instructions

    N/A




  • Remove the data library and introduce the metadata policy @kuqin12 (#109)
    Change Details
      # Preface

    Please ensure you have read the contribution docs prior
    to submitting the pull request. In particular,
    pull request guidelines.

    Description

    This change pairs with the latest update from mu_feature_config, where it starts to host the data library definition.

    The configuration policy creator module is also updated to consume the newly created gProfileFlavorNames to demonstrate the usage of such data.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    This was tested on QEMU Q35 and SBSA platforms.

    Integration Instructions

    N/A




  • Onboarding ARM64 builds on selfhosted Azure pipeline agents @kuqin12 (#85)
    Change Details
      # Preface

    Please ensure you have read the contribution docs prior
    to submitting the pull request. In particular,
    pull request guidelines.

    Description

    This change added a few new matrix entries to support building mu_tiano_platforms on native ARM64 systems. The PR will cover both microsoft/mu_basecore#369 and microsoft/mu_basecore#305.

    The PR should also be incorporated with mu_devops change.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    This was tested on selfhost-agents and existing agents.

    Integration Instructions

    Pipeline changes, N/A for integration.




  • pip: bump antlr4-python3-runtime from 4.12.0 to 4.13.0 @dependabot (#91)
    Change Details
      Bumps [antlr4-python3-runtime]() from 4.12.0 to 4.13.0.

    Dependabot compatibility score

    You can trigger a rebase of this PR by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

  • Readme.rst: Update CI badges for new pipelines @makubacki (#9)
    Change Details
      Updates the pipeline badge URLs for the new pipelines being used.

    Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com




  • Use Mu DevOps @makubacki (#8)
    Change Details
      Updates this repository to use the consolidated YAML template resources provided at microsoft/mu_devops for its Azure DevOps pipelines.

    The following remaining YAML files build against the latest templates in
    mu_devops main branch by defining a repository resource in the YAML
    file:

    • .azurepipelines\Ubuntu-GCC5.yml
    • .azurepipelines\Windows-VS.yml

    These YAML files have been tested to support this repository's builds as
    visible in the Project Mu pipelines.

    https://dev.azure.com/projectmu/mu/_build

    Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com




  • Fix RepoDetails.md to include the correct content @spbrogan (#1)
    Change Details
     

🐛 Bug Fixes

  • OemPkg: Fix build @makubacki (#121)
    Change Details
      ## Description

    Fix errors in several CI plugins to pass CI.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    CI build.

    Integration Instructions

    N/A




🔐 Security Impacting

  • Use New Stack Cookie Library @TaylorBeebe (#160)
    Change Details
      ## Description

    MdePkg/MdeLibs.dsc.inc contains the definitions for the new stack cookie libraries.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested on Q35 GCC and MSVC builds

    Integration Instructions

    N/A




  • adding stack cookie support @Flickdm (#119)
    Change Details
      # Preface

    Please ensure you have read the contribution docs prior
    to submitting the pull request. In particular,
    pull request guidelines.

    Description

    Issue 118

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Yes, builds with stack cookies by default for OemPkg when using stuart_ci_build
    • Impacts security?
      • Yes, adds stack cookies
    • Breaking change?
      • This shouldn't be breaking
    • Includes tests?
      • No
    • Includes documentation?
      • No

    How This Was Tested

    This was built in a windows environment with VS2022 using stuart_ci_build and built on a linux environment using WSL2 on ubuntu 22.04.2 using GCC5

    Integration Instructions

    N/A




📖 Documentation Updates

  • HelloUefi: Add 30 second stall @Flickdm (#120)
    Change Details
      ## Description

    This application is the simplest UEFI application possible, with no dependencies. These changes add a 30 second stall such that a platform may boot directly to this application and see "Hello UEFI!" with no need for a shell to run it (Such as ShellPkg).

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?
      • Readme.md

    How This Was Tested

    Ran on a physical machine, QemuQ35,

    built With GCC and VS2022

    Integration Instructions

    N/A




Full Changelog: ...v0.1.0