Releases: microsoft/mu_tiano_plus
v2024050000.0.5
What's Changed
-
[CHERRY-PICK] SecurityPkg: Update libspdm
Change Details
## Description
This patch updates libspdm to pull in various bug fixes,
but primarily commit ca4854be3325bd8fc7f2c714574d17aac2d4e13b
which updates libspdm's MbedTLS submodule to v3.6.2, fixing
CVE https://nvd.nist.gov/vuln/detail/CVE-2023-37920 there.
This CVE does not affect libspdm or edk2, but automatic
CVE scanning tools see the bad version of the certifi
pip module in the edk2/libspdm code trees and flag these
projects as failing.
libspdm has been updated to pull in the newer MbedTLS that
fixes this issue and this patch updates edk2 to pull in
the newer libspdm.
Full Changelog: v2024050000.0.4...v2024050000.0.5
v2024050000.0.4
What's Changed
-
Add MockTcgPpiLib @PaddyDengKC (#345)
Change Details
## Description
To provide google test mock of TcgPpi
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested on other consumer package that can leverage the MockTcgPpiLib for google test.
Integration Instructions
N/A
Full Changelog: v2024050000.0.3...v2024050000.0.4
Contributors
Assets 2
v2024050000.0.3
What's Changed
-
[Cherry-Pick] Tcg2Smm: Added support for Standalone Mm [RB\&FF] @apop5 (#351)
Change Details
## Description
Cherry-Picking tianocore/edk2#5728 from edk2.
This change added Standalone MM instance of Tcg2. The notify function for
Standalone MM instance is left empty.A dependency DXE driver with a Depex of gEfiMmCommunication2ProtocolGuid
was created to indicate the readiness of Standalone MM Tcg2 driver.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Platform using standalone mm required these changes for Tcg2 MM support to corectly work.
Integration Instructions
There should be no changes for existing platforms using smm.
-
[Cherry-Pick] Convert line endings to CRLF @apop5 (#352)
Change Details
## Description
Convert line endings to CRLF so we are compliant with the LineEndingCheck plugin.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
</blockquote> <hr> </details>
Full Changelog: v2024050000.0.2...v2024050000.0.3
Contributors
Assets 2
v2024050000.0.2
What's Changed
-
[CHERRY-PICK] [REBASE \& FF] Revert Mu Commit in Favor of edk2 Commit @os-d (#328)
Change Details
## Description
This reverts a Mu commit that has been upstreamed and cherry-picks the upstream version.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A.
Integration Instructions
N/A.
Full Changelog: v2024050000.0.1...v2024050000.0.2
Contributors
Assets 2
v2024050000.0.1
What's Changed
-
[CHERRY-PICK][REBASE \& FF] Revert Mu Commits In Favor of edk2 Commits @os-d (#327)
Change Details
## Description
This PR is the current set of mu_tiano_plus commits I have upstreamed to edk2 from release/202405. Some of these had changes from edk2, so it is not a 1:1 revert to commit.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A.
Integration Instructions
N/A.
</blockquote> <hr> </details>
Full Changelog: v2024050000.0.0...v2024050000.0.1
Contributors
Assets 2
v2024050000.0.0
Initial Release notes of 202405 contain a full list of mu changes on top of edk2-stable202405
PR associated with the commit can be found at the bottom of the information pane reached by clicking on the commit hash
What's Changed## 🚀 Features & ✨ Enhancements
-
GitHub Action: Bump robinraju/release-downloader from 1.10 to 1.11 (#320)
-
pip: Update all pip-requirements to latest. (#326)
-
Repo File Sync: 202405 Branch Transition Updates. (#325)
-
SecurityPkg: CodeQL Fixes.
-
EmbeddedPkg: CodeQL Fixes.
-
FmpDevicePkg: CodeQL Fixes.
-
FatPkg: CodeQL Fixes.
-
Updated Release Notes. (#319)
-
[202405][Rebase&&FF] Everything MS Changes (#311)
-
SecurityPkg: Move Platform Lockdown to EndOfDxe event
-
EmbeddedPkg: Enable build under VS2019 and fix build errors. (#282)
-
Require cspell 5.20.0
-
SecurityPkg: Support special case where PK is being deleted
-
SecurityPkg: Remove custom mode setting during PK deletion
-
SecurityPkg: Allow unsigned PK's to be set when we don't have a PK already
-
SecurityPkg: Add Pkcs7 EKU PCD for FmpAuthentication Lib
-
FmpDevicePkg: Add Eku PCD to FmpDxe
-
SecurityPkg: Adding dTPM support for MM Core module type (#259)
-
SecurityPkg: Add an assert to TCG log function if log is full (#257)
-
SecurityPkg: Added NULL implementation for Tcg2PreUefiEventLogLib (#235)
-
SecurityPkg: Tcg2Smm: Inspect target address before usage (#195)
-
SecurityPkg: Minimized TCG2 Physical Presence Interface Library
-
SecurityPkg: Add gEfiTcg2MuProtocolGuid & Log Only function Interface
-
SecurityPkg: Additional helper functions to Tpm2CommandLib
-
SecurityPkg: Add a PCD to skip Tcg2Smm ACPI table measurement
-
SecurityPkg: Tcg2Dxe ExitBootServicesFailed handler TPL change to CALLBACK
-
SecurityPkg: Add NvUndefineSpaceSpecial to the Tpm2CommandLib.
-
SecurityPkg: Add support for Excluded Fvs in Dxe Tpm2 MeasuredBootLib
-
SecurityPkg: Improve PCR allocation enforcement for varied platform support.
-
SecurityPkg: Break out the PromptForUserConfirmation() function from Tcg2 PPI.
-
SecurityPkg: Improved performance changes for TCG2 modules
-
SecurityPkg: Add Pre-TCG measurements to logs
-
SecurityPkg: Add support for Tpm2PolicyLocality assertions.
-
SecurityPkg: Add Tpm2DebugLib to support detailed logging
Change De...
v2023110001.1.0
What's Changed
🚀 Features & ✨ Enhancements
-
SecurityPkg: Add RngPei @makubacki (#277)
Change Details
## Description
The
RngPeiPEIM can be used if RNG should be provided over a dynamic
binary interface to other PEIMs on a platform.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- SecurityPkg CI
- Verify RNG linked with RngLib is executed as expected
- Verify random numbers are generated successfully with a valid RngLib
Integration Instructions
Use the
RngPeimodule if a platform needs to producegEfiRngPpiGuid.The platform should usually link a different
RngLibinstance toRngPei
than other PEIMs that may use the RNG PPI produced sinceRngPeiis responsible
for producing the PPI.For example, a
RngLibinstance that uses the rdrand instruction may be linked
againstRngPeiand aRngLibinstance that uses the RNG PPI may be linked
against other PEIMs.
Full Changelog: v2023110001.0.1...v2023110001.1.0
Contributors
Assets 2
v2023020001.1.0
What's Changed
🚀 Features & ✨ Enhancements
-
[CHERRY-PICK] SecurityPkg: Add RngPei @makubacki (#278)
Change Details
## Description
The
RngPeiPEIM can be used if RNG should be provided over a dynamic
binary interface to other PEIMs on a platform.(cherry picked from mu_basecore/release/202311)
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- SecurityPkg CI
- Verify RNG linked with RngLib is executed as expected
- Verify random numbers are generated successfully with a valid RngLib
Integration Instructions
Use the
RngPeimodule if a platform needs to producegEfiRngPpiGuid.The platform should usually link a different
RngLibinstance toRngPei
than other PEIMs that may use the RNG PPI produced sinceRngPeiis responsible
for producing the PPI.For example, a
RngLibinstance that uses the rdrand instruction may be linked
againstRngPeiand aRngLibinstance that uses the RNG PPI may be linked
against other PEIMs.
Full Changelog: v2023020001.0.1...v2023020001.1.0
Contributors
Assets 2
v2023110001.0.1
What's Changed
-
Restore Device Security [Rebase \& FF] @makubacki (#276)
Change Details
## Description
Resolves #275
CHANGE 1:
SecurityPkg: Restore DeviceSecurity (and libspdm submodule)
Reverts the following commit:
"SecurityPkg: Temporarily remove DeviceSecurity (and libspdm) from build"
(11506d5)The libspdm submodule is updated in the following commit to use a
cmocka from a more reliable host (GitLab). This revert is necessary
for that cherry-pick from edk2 to apply.
CHANGE 2:
[CHERRY-PICK] SecurityPkg: Update libspdm submodule to use GitLab cmocka repo
As noted in DMTF/libspdm#2707, the cmocka
submodule on cryptomilk is unreliable and impacting downstream
consumer builds of SecurityPkg. This is considered a regression in
that pre-existing workflows that clone and recursively initialize
the repo are now broken.The cmocka host was switched to a more reliable gitlab host in
DMTF/libspdm#2710. This change updates the
submodule in edk2 to use that commit so edk2 users are not blocked
by cryptomilk.org service issues.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- SecurityPkg CI build
Integration Instructions
- First, note that this PR reverts PR #272.
- Review any changes you may have made in response to that PR.
- This PR adds the DeviceSecurity code back to the SecurityPkg build. That should not impact downstream users as the code was not removed, only not built in SecurityPkg.
- The libspdm submodule is added back. That submodule will now be present for downstream repos (and SecurityPkg code) to use.
Full Changelog: v2023110001.0.0...v2023110001.0.1
Contributors
Assets 2
v2023110001.0.0
What's Changed
⚠️ Breaking Changes
-
SecurityPkg: Temporarily remove DeviceSecurity (and libspdm) from build @makubacki (#272)
Change Details
## Description
The
SecurityPkg/DeviceSecurity/SpdmLib/libspdmsubmodule contains a
unit_test/cmockalib/cmockasubmodule to https://git.cryptomilk.org/projects/cmocka.git.cryptomilk.org is very unreliable and breaking all builds right now.
Since the DeviceSecurity content is not actively used in any main
branches, this change removes thelibspdmsubmodule from the package
which, in turn, leads to removal of the content dependent on the
submodule.These changes are made such that this commit can be reverted in the future.
That will easily restore everything after the
libspdmsubmodule is updated
to find a more reliable host than cryptomilk.org.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- SecurityPkg CI build
Integration Instructions
- This is a temporary change. It is expected to be reverted soon.
- If you depend on the
libspdmsubmodule in SecurityPkg, it is
recommended to stay on the commit prior to its removal and wait
for it to be restored in a future commit. - If you do not depend on the
libspdmsubmodule, there is not impact.
- If you depend on the
- If you pick up this change be aware that any files in your build
dependent on thelibspdmsubmodule will fail.
Full Changelog: v2023110000.1.0...v2023110001.0.0