v2023020006.0.0

What's Changed

⚠️ Breaking Changes

• Add prefix for advanced logger memory message entries @kuqin12 (#388)
  
  Change Details

    # Preface

  Please ensure you have read the contribution docs prior
  to submitting the pull request. In particular,
  pull request guidelines.

  Description

  This change introduces a new message entry structure, which contains extra information of log producer and can be used to differentiate the different boot phases, i.e. PEI, DXE, SMM, etc. Platforms that have multiple firmware entities can leverage this extra information to distinguish coalesced memory logging regions.

  The updated applications (UEFI shell app and host OS Python script) are also updated to support new message entry structure while maintaining the backwards compatibility.

  Resolves #375.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  This change was tested on QEMU Q35 and verified that prefix are properly injected for DXE phase prints.

  Integration Instructions

  The log parsers are updated, thus platforms use the existing parser should pick up the latest tool from mu_plus. For platforms that carry their own implementation, they should add the proper support in their own implementation before picking up this change from mu_plus.
  

  
  

  ---

  
  

Full Changelog: v2023020005.0.0...v2023020006.0.0

v2023020005.0.0

What's Changed

⚠️ Breaking Changes

mu_plus commit f535499 creates DXE and SMM instances of MemoryProtectionTestApp, and updates the naming of the support driver for the SMM test app. This split is to support testing for platforms which do not use SMM.

Instances of the following will need to be DELETED
UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/MemoryProtectionTestApp.inf
UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/Smm/MemoryProtectionTestSmm.inf

The following will need to be ADDED for unit test builds
​UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/DxeMemoryProtectionTestApp.inf

If the platform uses SMM, add this to the platform DSC
UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/SmmMemoryProtectionTestApp.inf

And this to both the platform DSC and FDF files
​UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/Driver/SmmMemoryProtectionTestDriver.inf

• Remove Pre-Split MemoryProtectionTestApp Files @TaylorBeebe (#405)
  
  Change Details

    ## Description

  f535499 split the MemoryProtectionTestApp into DXE and SMM instances but did not delete the old files to give consumers time to update their platform DSC files. This PR is the breaking change which removes the old files.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020004.1.2...v2023020005.0.0

v2023020004.1.2

What's Changed

• DxePagingAudit: Skip Stack Publishing if Stack Info Isn't Valid @TaylorBeebe (#400)
  
  Change Details

    ## Description

  The MemoryInfoDatabase.dat file contains information about the content of memory regions. If an entry in the database file is invalid, it will break the generation of the paging audit. Before adding the stack info to the database file, check that the stack size is greater than zero.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Q35 by generating the paging audit

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [REBASE \&\& FF] FlatPageTableLib and DxePagingAuditTestApp Updates @TaylorBeebe (#395)
  
  Change Details

    ## Description

  This change set was primarily created to improve the accuracy of the DXE paging audit shell test. The problem was two-fold:

  1. The layout of memory would change as data was collected. This is solved by pre-allocating space for two of the memory maps (flat page table and EFI memory map). Those two maps will have their size requirement checked at the start of each function to ensure enough heap space has been allocated for them prior to populating them with memory information.
  2. The shell test was imprecise when reporting which regions failed the various tests. I'll use the UnallocatedMemoryIsRP() test as an example. The test parses the EFI memory map for EfiConventionalMemory regions which indicate unallocated memory. If any subsection of the region was not read protected, then the entire region would be reported as failing. With this update, every subsection which does not comply will be individually reported giving platform developers more precise information on where the problem areas are.

  Patch breakdown:

  1. Updates the DXE paging audit to always write out all .dat files even if the buffers are empty. The presence of the file acts as a receipt that the audit was run successfully and helps with automated unit testing.
  2. Adds a function to FlatPageTableLib to dump the contents of a flat page table to the console. This is useful for debugging.
  3. Updates GetRegionAccessAttributes() in FlatPageTableLib to return the attributes of the first attribute-contiguous range found in the region and report the actual size of that range. This allows the caller to collect the attributes of the region by calling the function repeatedly instead of needing to guess which subsection of the region has contiguous attributes.
  4. Updates the DXE paging audit shell tests to pre-allocate memory for memory maps. The page table map, EFI memory map, and EFI memory space map all describe the layout of the system address space. Because of this, if allocations are performed while these maps are being generated, then the maps generated the earliest will be inaccurate.
  5. Adds ValidatePageTableAttributes() to the DXE paging audit shell test logic. This function validates the attributes of the input memory region. It uses GetRegionAccessAttributes() to get the attributes of the region and compares them to the attributes passed in. This function will be used by each test case to check that the page/translation table attributes match the memory protection requirements and enables more precise reporting of regions which do not match the requirements.
  6. Updates the DXE paging audit shell tests to use ValidatePageTableAttributes() to determine policy compliance.

  How This Was Tested

  This was tested on Q35 and an ARM platform. Some changes in test caused the UnallocatedMemoryIsRP() test to erroneously fail due to reason 1 above which has been fixed with this patch set. Additionally, this patch set was checked by comparing the shell test output to the full HTML paging audit to verify that errant regions are exact and consistent.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• Fix DxePagingAuditTestApp Typo, Update FlatPageTableLib AARCH64 IsPageReadable() Check @TaylorBeebe (#402)
  
  Change Details

    ## Description

  DxePagingAuditTestApp: When checking an image section characteristics, a bitmasking is done which incorrectly includes a logical OR instead of a bitwise OR.
  FlatPageTableLib: The AARCH64 IsPageReadable() routine correctly checks for the no access, r/w case (0b00) but not the r/w, r/w case (0b01) because both 0b11 and 0b01 would pass the latter check.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on a Surface ARM platform and SBSA

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020004.1.1...v2023020004.1.2

v2023020004.1.1

What's Changed

• Add PeiCore method to find AdvancedLogger log buffer if LoggerInfo is… @apop5 (#389)
  
  Change Details

    ## Description

  This was discovered in a platform that uses AdvancedLogger Starting in Pei, but without permanent memory until after MRC runs.
  (i.e. AdvancedLoggerLib PeiCore instance allocates CAR heap for the log buffer)

  The platform makes uses of EFI_PEI_TEMPORARY_RAM_DONE_PPI, where is tears down all variable range MTRRs.

  When PeiCore is reentered after memory has become available, it will relocate Hobs to system memory, then it will go through the Hobs and fix up the memory allocation pointers to point to the system memory addresses instead of the Heap addresses.

  During this transition, the PlatformBlob pointer will become invalid, after CAR is torn down.

  During the PeiCore's PeiServicesInstallPpi (&mMemoryDiscoveredPpi);, a debug message will attempt to be output about the Install PPI: of the Memory Discovered Ppi, and the current logic will attempt to use the PlatformBlob, which results in a memory exception (the pointer is all Fs).

  This PR updates the logic in AdvancedLoggerGetLoggerInfo to verify the PlatformBlob pointer contains the correct signature before returning it, and if that fails, it then will go through Memory Allocation Hobs to try to find a memory allocation that corresponds to the AdvancedLogger buffer. If it fails, it will fall through to the existing functionality of creating a new allocation hob.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Verified that the system that was triggering an exception was able to function correctly after this change was incorporated.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2023020004.1.0...v2023020004.1.1

v2023020004.1.0

What's Changed

🚀 Features & ✨ Enhancements

• Implement a new version of UefiHidDxeV2 with significant improvements to unit test capability and general architecture. @joschock (#374)
  
  Change Details

    ## Description

  This PR introduces a "v2" implementation of UefiHidDxe that has significant refactoring to support unit tests and architectural improvements.

  • UefiHidDxeV2 code coverage with unit tests is ~80% or greater for all modules of the UefiHidDxe crate
  • Better separation between FFI layers and native rust layers

  The long term plan is to eventually remove the original UefiHidDxe in favor of this implementation.

  • Impacts functionality?
    • Driver provides the same functionality as UefiHidDxe which should be considered deprecated going forward.
  • Impacts security?
  • Breaking change?
  • Includes tests?
    • Includes Rust unit tests covering all new modules.
  • Includes documentation?
    • Standard rustdocs included.

  How This Was Tested

  Tested under QEMU using simulated USB keyboard and mouse.

  Integration Instructions

  UefiHidDxeV2 is a drop-in replacement for UefiHidDxe; platforms that wish to move to the new implementation can do so by pulling in the new UefiHidDxeV2 and adding the necessary mockall crate to their workspace Cargo.toml.
  

  
  

  ---

  
  

📖 Documentation Updates

• Implement a new version of UefiHidDxeV2 with significant improvements to unit test capability and general architecture. @joschock (#374)
  
  Change Details

    ## Description

  This PR introduces a "v2" implementation of UefiHidDxe that has significant refactoring to support unit tests and architectural improvements.

  • UefiHidDxeV2 code coverage with unit tests is ~80% or greater for all modules of the UefiHidDxe crate
  • Better separation between FFI layers and native rust layers

  The long term plan is to eventually remove the original UefiHidDxe in favor of this implementation.

  • Impacts functionality?
    • Driver provides the same functionality as UefiHidDxe which should be considered deprecated going forward.
  • Impacts security?
  • Breaking change?
  • Includes tests?
    • Includes Rust unit tests covering all new modules.
  • Includes documentation?
    • Standard rustdocs included.

  How This Was Tested

  Tested under QEMU using simulated USB keyboard and mouse.

  Integration Instructions

  UefiHidDxeV2 is a drop-in replacement for UefiHidDxe; platforms that wish to move to the new implementation can do so by pulling in the new UefiHidDxeV2 and adding the necessary mockall crate to their workspace Cargo.toml.
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.5...v2023020004.1.0

v2023020004.0.5

What's Changed

• Fix various non-functional issues [Rebase \& FF] @makubacki (#387)
  
  Change Details

    ## Description

  1. Add header guards missing in some files

     Some header files, such as those which define structures,
     cannot be included more than once within a translation unit, as doing
     so would cause a redefinition error. Such headers must be guarded to
     prevent ill-effects from multiple inclusion. Similarly, if header
     files include other header files, and this inclusion graph contains
     a cycle, then at least one file within the cycle must contain header
     guards in order to break the cycle. Because of cases like these, all
     headers should be guarded as a matter of good practice, even if they
     do not strictly need to be.

     Furthermore, most modern compilers contain optimizations which are
     triggered by header guards. If the header guard strictly conforms
     to the pattern that compilers expect, then inclusions of that
     header other than the first have absolutely no effect: the file
     isn't re-read from disk, nor is it re-tokenised or re-preprocessed.
     This can result in a noticeable, albeit minor, improvement to
     compilation time.

  2. MsWheaPkg/MsWheaEarlyStorageLib: Remove unused static function

     Removes MsWheaCMOSStoreClearAll() which is scoped to the file and
     not used. Improves code readability and maintenance.

  3. MsWheaPkg/MsWheaEarlyStorageLib: Remove unsigned comparisons to zero

     Removes an unnecessary condition since unsigned values are always
     greater than or equal to 0.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Build and CI.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• MsGraphicsPkg/SimpleUIToolKit: Move array bounds check before access @makubacki (#386)
  
  Change Details

    ## Description

  Checks the index is within expected bounds before accessing the array.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  CodeQL and package compilation.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.4...v2023020004.0.5

v2023020004.0.4

What's Changed

📖 Documentation Updates

• Adding policy check for advanced file logger @kuqin12 (#384)
  
  Change Details

    # Preface

  Please ensure you have read the contribution docs prior
  to submitting the pull request. In particular,
  pull request guidelines.

  Description

  This change added support for enablement/disablement of advanced file logger through policy services. Platforms intending to support this functionality should produce policy prior to the driver load. The default configuration is set to file logger enabled.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  This is tested on QEMU Q35 and verified that not creating policy will remain producing log files, and disabling the policy will prevent the driver from logging any files to ESP.

  Integration Instructions

  In platform code, use SetPolicy with gAdvancedFileLoggerPolicyGuid to produce a policy entry for file logger driver to consume.
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.3...v2023020004.0.4

v2023020004.0.3

What's Changed

• Minor debug print updates for DxePagingAuditTestApp @kuqin12 (#382)
  
  Change Details

    ## Description

  This change updated some print levels and added the PDB name for images being looked at.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on proprietary virtual ARM platform and verified updated prints works as expected.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• DxePagingAudit: Update MemoryOutsideEfiMemoryMapIsInaccessible Test @TaylorBeebe (#381)
  
  Change Details

    ## Description

  1. MemoryOutsideEfiMemoryMapIsInaccessible checks if memory not present in the EFI memory map has the EFI_MEMORY_RP attribute. The previous version of this test assumed that the memory range spanned by the EFI memory map was contiguous which is sometimes not the case on platforms. This update changes the flow of the test to look at interstitial gaps in the memory map and not just those on the flanks.

  2. The EFI memory map returned through the boot services table is sometimes out of order. This update sorts the memory map and memory space map whenever they're populated for a test.

  3. The X64 MemoryOutsideEfiMemoryMapIsInaccessible HTML test had a typo which is fixed in this update.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Q35 and ARM

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.2...v2023020004.0.3

v2023020004.0.2

What's Changed

• Split MemoryProtectionTestApp to DXE and SMM Versions @TaylorBeebe (#379)
  
  Change Details

    ## Description

  MemoryProtectionTestApp was written before Project Mu supported an ARM platform and Standalone MM. The test app generates the test cases for both the SMM and DXE environments. The SMM tests will report failure for Arm platforms and platforms using Standalone MM, so this update separates the test app into SMM and DXE versions.

  The SMM version will still require a driver to handle the SMI calls. To reduce confusing naming, MemoryProtectionTestSmm (the driver supporting SMM memory protection testing) has been renamed to SmmMemoryProtectionTestDriver.

  NOTE: Removing the old test app will be delayed for a couple of weeks to give consumers a chance to switch references in their DSC files.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  SMM test was checked on a physical x86 platform. The DXE test was checked on Q35 and SBSA

  Integration Instructions

  Instances of

  UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/MemoryProtectionTestApp.inf

  will need to be updated to

  UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/SmmMemoryProtectionTestApp.inf UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/App/DxeMemoryProtectionTestApp.inf

  And instances of

  UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/Smm/MemoryProtectionTestSmm.inf

  will need to be updated to

  UefiTestingPkg/FunctionalSystemTests/MemoryProtectionTest/Driver/SmmMemoryProtectionTestDriver.inf
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.1...v2023020004.0.2

v2023020004.0.1

What's Changed

• MemoryProtectionTestApp: Separate Reset Method Init to Arch Specific Files @TaylorBeebe (#376)
  
  Change Details

    ## Description

  The reset test method is not supported on ARM platforms currently (support will be added later, but it's not high priority because this test method often takes 40+ minutes). This PR separates the initialization of this testing method to architecture specific logic so the test method is not attempted on ARM platforms.

  This also fixes a build error on ARM platforms caused by DefaultExceptionHandlerLib being included (which does not support UEFI_APPLICATION without a MU override).

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Running the updated test app on Q35 and SBSA

  Integration Instructions

  N/A
  

  
  

  ---

  
  

---

🚀 Features & ✨ Enhancements

• MsCorePkg/SecureBootKeyStoreLib: Add Library implementation @Javagedes (#377)
  
  Change Details

    ## Description

  Adds SecureBootKeyStoreLib which provides secureboot key store options by consuming fixed at build PCDs that represent the Pk, Db, 3PDb, Kek, and Dbx.

  • Impacts functionality?
    • Adds 5 new PCDs to represent the Pk, Db, 3PDb, Kek, and Dbx, which are consumed by SedcureBootKeyStoreLibOem when configuring SecureBoot.
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Verified secureboot is properly enabled on Qemu35Pkg for Microsoft and Microsoft 3rd party.

  Integration Instructions

  Generate the following PCDs for your platform DSC:

  1. gOemPkgTokenSpaceGuid.PcdDefaultKek
  2. gOemPkgTokenSpaceGuid.PcdDefaultDb
  3. gOemPkgTokenSpaceGuid.PcdDefault3PDb
  4. gOemPkgTokenSpaceGuid.PcdDefaultDbx
  5. gOemPkgTokenSpaceGuid.PcdDefaultPk

  It is highly suggested, but not required, that each pcd is generated by running BaseTools BinToPcd over the binary blobs created in secureboot_objects, then including them in the platform's DSC file.
  

  
  

  ---

  
  

Full Changelog: v2023020004.0.0...v2023020004.0.1