Bot releases are visible (Hide)
This change updated the override validation tags. It also integrates the cherry-pick commit from https://github.com/microsoft/mu_basecore/commit/4d722ac91608d3c4fbe807b418b77f2a6e279117.
For details on how to complete to complete these options and their meaning refer to CONTRIBUTING.md.
This was tested on pipeline and passed override check. Also booted on Q35 branch.
The change needs to pair with basecore commit https://github.com/microsoft/mu_basecore/commit/4d722ac91608d3c4fbe807b418b77f2a6e279117 or later.
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v13.0.1...v13.0.2
Published by github-actions[bot] 2 months ago
This change updates the version information of this package and module. It also updates the document on how to integrate the latest changes into platforms that are picking up 202405.
The version number is updated from 11
to 13
to match the release version, which was missed in v12 release.
N/A
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v13.0.0...v13.0.1
Published by github-actions[bot] 2 months ago
This change integrates the upstream changes from 2405 release tag into supervisor
Change is tested on QEMU Q35 branch.
N/A
This change integrates the upstream changes from 2405 release tag into supervisor
Change is tested on QEMU Q35 branch.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v12.0.2...v13.0.0
Published by github-actions[bot] 2 months ago
Updated AllocatePageTableMemory to include a new input variable *NewAllocation. This variable is used to keep track of if new pages were allocated for use in the page table page pool. This fixes a bug where if we run out of page table pool pages while changing some pages memory attributes we'll recursively call into ConvertMemoryPageAttributes while allocating pages leading to unaccounted for pages in the original call. This leads to an assert by the ConvertMemoryPageAttributes code.
Tested on two separate physical platforms that experienced the issue in different circumstances. This fix tested on those reproing platforms have the issue resolved and no longer saw any asserts.
N/A
Updated AllocatePageTableMemory to include a new input variable *NewAllocation. This variable is used to keep track of if new pages were allocated for use in the page table page pool. This fixes a bug where if we run out of page table pool pages while changing some pages memory attributes we'll recursively call into ConvertMemoryPageAttributes while allocating pages leading to unaccounted for pages in the original call. This leads to an assert by the ConvertMemoryPageAttributes code.
Tested on two separate physical platforms that experienced the issue in different circumstances. This fix tested on those reproing platforms have the issue resolved and no longer saw any asserts.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v12.0.1...v12.0.2
Published by github-actions[bot] 3 months ago
Basecore 2023110009.0.0 included the change for consuming panic lib in place of CpuDeadloop.
Replaced CpuDeadloops in MmSupervisorCore with calls to PanicLib.
Local CI.
N/A - Panic lib was already consumed in module.
PiSmmCpuDxeSmm was updated to use Panic library and Panic calls instead of CPU_DEADLOOPs for error conditions.
This changed the generated override validation tag. mu_feature_mm_supv needed updated.
The consumption of PanicLib was not introduced at this time. Details can be seen at link below:
https://github.com/microsoft/mu_basecore/commit/bbbff00dc39a67dc1e44aa0ce392d460b12f66b9
Local CI, and a mu_tiano_platforms build with newer version.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v12.0.0...v12.0.1
Published by github-actions[bot] 4 months ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change will cover a few more CLANG fixes, including uninitialized variables and unintentionally pulled in compiler intrinsics.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This was tested on QEMU Q35.
N/A
</blockquote>
<hr>
</details>
The pipeline build is broken due to a commit cherry-picked in to basecore: https://github.com/microsoft/mu_basecore/commit/7f9a27e0d7bcefd06e8d45fc06d5e906b6898911.
This change is needed to unblock other PRs into this repo.
N/A
N/A
Primarily made to pull in this change UefiCpuPkg/PiSmmCpuDxeSmm: Use NonSmm BSP as default SMM BSP.
.
Also includes other optimizations to keep the file in sync with edk2. The history of the recent changes in the file in this repo vs edk2 are shown for reference.
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change is integrating the changes from BASECORE:
https://github.com/microsoft/mu_basecore/commit/ff7dabfdca8534a1d1b3551e91b739be20a5f8fc
https://github.com/microsoft/mu_basecore/commit/719bf756ea6d94ef800eaab4601d3ed52423ef35
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This change is tested with QEMU Q35.
This requires the platforms to update their BASECORE version to be later than https://github.com/microsoft/mu_basecore/commit/719bf756ea6d94ef800eaab4601d3ed52423ef35 of release/202311.
</blockquote>
<hr>
</details>
This change integrated the update from EDK2 where the MP information of the system will be pulled from the HOBs instead of gBS, which aligns with our existing implementation.
This change was tested on QEMU Q35 and booted to UEFI shell.
N/A
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change fixes a code path where the Status could get evaluated without being initialized.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This was tested on QEMU Q35.
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v11.0.1...v12.0.0
Published by github-actions[bot] 6 months ago
We have not updated this field for too long, which will make the print out during runtime have discrepancy compared to the code release version. This change is made to fix that.
This is only a version change, no functional update.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v11.0.0...v11.0.1
Published by github-actions[bot] 6 months ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change integrates 4 commits from MU_BASECORE to use the common library implementation for image record creation and resolve the corresponding override validation failures.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This change was tested on QEMU Q35 and booted to UEFI shell.
Platform needs to include ImagePropertiesRecordLib
in their platform dsc file to pick up this change.
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v10.0.0...v11.0.0
Published by github-actions[bot] 7 months ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
The BaseLib is updated with new support of CRC16-CCITT-FALSE implementation. This change added the change and updated the override hash.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This change is tested on QEMU Q35 and booted to UEFI shell.
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v9.0.1...v10.0.0
Published by github-actions[bot] 7 months ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
The current exception handling routine has 2 issues:
This change should fix both issues.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This change is tested on QEMU Q35 and verified bootable into UEFI shell.
N/A
</blockquote>
<hr>
</details>
Integrated the following commits from MU_BASECORE into the supervisor core (which themselves were taken from edk2):
https://github.com/microsoft/mu_basecore/commit/fba09d01a35746f4e8a3b03a70b1f13fb43342be
https://github.com/microsoft/mu_basecore/commit/f5417b804d5cb89dbbe384458fa6dfc0b81377ff
https://github.com/microsoft/mu_basecore/commit/d421e2b9c9d1af511aca95a20f6fe483f646909b
https://github.com/microsoft/mu_basecore/commit/bb7120572e7f8754fa46aaf01b76f9734ab4b29e
Additionally updated the override of UefiCpuPkg in the supervisor cores inf.
Tested on physical platforms with the latest MU 202311 branches. No issues observed.
N/A
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
It does not seem that the edk2-basetools are not being used. This change will remove it.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Pipeline change, no firmware function changes.
N/A.
</blockquote>
<hr>
</details>
An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.
Tested in pipelines
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v9.0.0...v9.0.1
Published by github-actions[bot] 9 months ago
This change updated the release version to v9 to reflect the new value from release template.
N/A
N/A
This change integrates the edk2 upstream changes into applicable overridden modules.
Specifically, this change integrates the following commits:
The following commits are determined not relevant to this package:
This change is tested on QEMU Q35 and SBSA virtual platform and booted to UEFI shell as well as host OS. This change is also verified bootable on proprietary hardware platform.
An update of 202311 based mu submodules are required to consume this change.
Contains the primary commit for the HOB calculation overflow and
a separate commit to build with the tip of mu_basecore release/202302.
CVE-2022-36765 - StandaloneMmHobLibSysCall: Prevent integer overflow in CreateHob()
Based on commit 9a75b030cf27d2530444e9a2f9f11867f79bf679
in edk2.
Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765
The CreateHob() function aligns the requested size to 8
performing the following operation:HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
No checks are performed to ensure this value doesn't
overflow, and could lead to CreateHob() returning a smaller
HOB than requested, which could lead to OOB HOB accesses.
MmSupervisorPkg/BaseLibSysCall/BaseLib: Update override
The change that occurred in MdePkg/Library/BaseLib only affected
AARCH64 which does not exist in the instance in MmSupervisorPkg.
So, this change simply updates the override hash to the new value.
N/A
Contains the primary commit for the HOB calculation overflow and
a separate commit to build with the tip of mu_basecore release/202302.
CVE-2022-36765 - StandaloneMmHobLibSysCall: Prevent integer overflow in CreateHob()
Based on commit 9a75b030cf27d2530444e9a2f9f11867f79bf679
in edk2.
Fix integer overflow in various CreateHob instances.
Fixes: CVE-2022-36765
The CreateHob() function aligns the requested size to 8
performing the following operation:HobLength = (UINT16)((HobLength + 0x7) & (~0x7));
No checks are performed to ensure this value doesn't
overflow, and could lead to CreateHob() returning a smaller
HOB than requested, which could lead to OOB HOB accesses.
MmSupervisorPkg/BaseLibSysCall/BaseLib: Update override
The change that occurred in MdePkg/Library/BaseLib only affected
AARCH64 which does not exist in the instance in MmSupervisorPkg.
So, this change simply updates the override hash to the new value.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.8...v9.0.0
Published by github-actions[bot] 9 months ago
The current dependency evaluator violates the memory access permission
when patching depex grammar directly in the read-only depex memory area.
Laszlo pointed out the optimization issue in the thread (1) "Memory
Attribute for depex section" and provided suggested patch to remove the
perf optimization.
In my testing, removing the optimization does not make significant perf
reduction. That makes sense that StandaloneMM dispatcher only searches
in MM protocol database and does not depend on UEFI/DXE protocol
database. Also, we don't have many protocols in StandaloneMM like
UEFI/DXE.
From Laszlo,
"The patch removes the EFI_DEP_REPLACE_TRUE handling altogether, plus it
CONST-ifies the Iterator pointer (which points into the DEPEX section),
so that the compiler catch any possible accesses at build time that
would write to the write-protected DEPEX memory area."
(1) https://edk2.groups.io/g/devel/message/113531
Signed-off-by: Nhi Pham [email protected]
Tested-by: levi.yun [email protected]
Reviewed-by: levi.yun [email protected]
Reviewed-by: Ray Ni [email protected]
(cherry picked from commit 2ddae5df31789853040f4c5261bb85e2f010c4a7)
StandaloneMmPkg
boot with change present.N/A
Updates edk2-pytool-extensions and edk2-pytool-library to work with the latest commit of MU_BASECORE
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
N/A
N/A
Adds commits that only converted line endings to a
.git-blame-ignore-revs file so they are ignored by git blame. This is
supported by GitHub:
https://github.blog/changelog/2022-03-24-ignore-commits-in-the-blame-view-beta/
This helps clean up git blame by filtering out these changes.
Note: This file needs to be updated on rebase branches. Processes
like filter-branch can automatically update relevant SHAs.
git blame
N/A
These libraries need to be linked against MmIplPei. Since they are
missing, linker failures can result depending on platform integration
of library instances against the module.
CI build.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.7...v8.1.8
Published by github-actions[bot] 11 months ago
This series transitions the core to use the new stack cookie libraries.
The stack cookie value no longer needs to be initialized before
image execution and can instead be initialized in the library
constructor.
Tested on Q35
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.6...v8.1.7
Published by github-actions[bot] about 1 year ago
Fixes #182
The main change is to remove a NULL check for the CommBufferSize
parameter value in the MM_SUPERVISOR_REQUEST_FETCH_POLICY switch
case since it triggers a CodeQL alert as a redundant NULL check
operation. The actual parameter value is checked for NULL at the
beginning of the function and not modified until that line of code.
However, the function API and implementation is confusing so that's
cleaned up as well.
For (2), the optional modifier is simply removed from the arguments
to indicate the function expects valid pointers are passed.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.5...v8.1.6
Published by github-actions[bot] about 1 year ago
Updates the repo for a change that merged UefiCpuLib with CpuLib.
UefiCpuLib will be removed entirely soon so all references are updated to CpuLib.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.4...v8.1.5
Published by github-actions[bot] about 1 year ago
PcdUserCommBufferPages
is currently set to 4
. This buffer is
used for UEFI variable transactions where includes larger data like Intel
memory training and Secure Boot related UEFI variables.
16 pages provides 64KB by default which allows these common scenarios
to succeed in most cases without platform intervention.
Verified on Qemu Q35 and a physical Intel platform.
If the default value was previously unmodified on a platform, expect that the
user mode communicate buffer will now be 48KB larger. If that's an issue, set
gMmSupervisorPkgTokenSpaceGuid.PcdUserCommBufferPages
to 4
in the platform
DSC file to restore previous behavior.
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.3...v8.1.4
Published by github-actions[bot] about 1 year ago
Current implementation of MmIsBufferOutsideMmValid
for the user instance will only check to see if the requested space is unblocked from the perspective of MM supervisor, which could result in the issue that the region is only unblocked at the supervisor level is still not accessible from user space. If this is the case, FALSE
should be returned.
This change is tested on Q35 platform and booted to UEFI shell.
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.2...v8.1.3
Published by github-actions[bot] over 1 year ago
Updates overrides for:
Relevant changes from https://github.com/microsoft/mu_basecore/pull/490
CI build and QemuQ35Pkg unit boot.
When updating Mu Basecore to include the changes linked in the
description, update the submodule with MmSupervisorPkg
to
include these changes.
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.1...v8.1.2
Published by github-actions[bot] over 1 year ago
Updates DumpInfo function for a policy to dump it's contents to any IO object, not just to stdout. By default, the DumpInfo function will dump to stdout, keeping existing logic, but allows the caller to specify any IO object via the outfs
optional parameter.
Additionally changes the dump for the purpose of the SupervisorPolicyMaker helper script to dump to logging.DEBUG rather than as a print statement, as the print statement does not end up in the log file.
Virtual Platforms
N/A
</blockquote>
<hr>
</details>
Catching a bare exception is considered bad practice. Catching bare exceptions can make it impossible to interrupt the program (e.g., with Ctrl-C) and can disguise other problems. This removes all bare excepts and instead catches Exception
which is the base class for all code-generated exceptions.
N/A
N/A
</blockquote>
<hr>
</details>
Updates the UT_LOG_*
messages to print a new line so the prints
do not run into the individual test section dividers.
Prints additional information when examining IOMMU regions to show
what regions are being considered and specific details about
potential range overlaps.
Ran test on a physical Intel platform and reviewed debug output.
N/A
Add a PrEval entry to all ci.yaml files. This enables the PrEval Policy 5
N/A
N/A
</blockquote>
<hr>
</details>
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change updated the unit test to inspect retrieved MM policy attribute against protected regions, such as TXT and IOMMU regions as defined by WHCP specification.
Although the specification only mentions that the regions should have no write access, this implementation will flag attributes on executable protected regions.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This is tested on QemuQ35Pkg.
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v8.1.0...v8.1.1
Published by github-actions[bot] over 1 year ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change bumps the version number to make a release before we transition to 202302.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
N/A
N/A
</blockquote>
<hr>
</details>
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change integrates a series of patches checked into the overridden modules from supervisor repo.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This was tested on QEMU virtual platform and proprietary hardware.
End user should update to release/202302 branches for other project MU repos to consume this.
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change integrates a series of patches checked into the overridden modules from supervisor repo.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This was tested on QEMU virtual platform and proprietary hardware.
End user should update to release/202302 branches for other project MU repos to consume this.
Full Changelog: https://github.com/microsoft/mu_feature_mm_supv/compare/v7.3.2...v8.1.0