mu_tiano_plus - v2024050000.0.0 Latest Release

Published by apop5 about 2 months ago

Initial Release notes of 202405 contain a full list of mu changes on top of edk2-stable202405

PR associated with the commit can be found at the bottom of the information pane reached by clicking on the commit hash

What's Changed## 🚀 Features & ✨ Enhancements

mu_tiano_plus - v2023110001.1.0

Published by github-actions[bot] 3 months ago

What's Changed

🚀 Features & ✨ Enhancements

The RngPei PEIM can be used if RNG should be provided over a dynamic
binary interface to other PEIMs on a platform.

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

SecurityPkg CI
Verify RNG linked with RngLib is executed as expected
Verify random numbers are generated successfully with a valid RngLib

Integration Instructions

Use the RngPei module if a platform needs to produce gEfiRngPpiGuid.

The platform should usually link a different RngLib instance to RngPei
than other PEIMs that may use the RNG PPI produced since RngPei is responsible
for producing the PPI.

For example, a RngLib instance that uses the rdrand instruction may be linked
against RngPei and a RngLib instance that uses the RNG PPI may be linked
against other PEIMs.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110001.0.1...v2023110001.1.0

mu_tiano_plus - v2023020001.1.0

Published by github-actions[bot] 3 months ago

What's Changed

🚀 Features & ✨ Enhancements

The RngPei PEIM can be used if RNG should be provided over a dynamic
binary interface to other PEIMs on a platform.

(cherry picked from mu_basecore/release/202311)

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

SecurityPkg CI
Verify RNG linked with RngLib is executed as expected
Verify random numbers are generated successfully with a valid RngLib

Integration Instructions

Use the RngPei module if a platform needs to produce gEfiRngPpiGuid.

The platform should usually link a different RngLib instance to RngPei
than other PEIMs that may use the RNG PPI produced since RngPei is responsible
for producing the PPI.

For example, a RngLib instance that uses the rdrand instruction may be linked
against RngPei and a RngLib instance that uses the RNG PPI may be linked
against other PEIMs.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020001.0.1...v2023020001.1.0

mu_tiano_plus - v2023110001.0.1

Published by github-actions[bot] 5 months ago

What's Changed

Resolves #275

CHANGE 1:

SecurityPkg: Restore DeviceSecurity (and libspdm submodule)

Reverts the following commit:

"SecurityPkg: Temporarily remove DeviceSecurity (and libspdm) from build"
(11506d59b72515a8d561baddfa2bb6660924ad6e)

The libspdm submodule is updated in the following commit to use a
cmocka from a more reliable host (GitLab). This revert is necessary
for that cherry-pick from edk2 to apply.

CHANGE 2:

[CHERRY-PICK] SecurityPkg: Update libspdm submodule to use GitLab cmocka repo

As noted in https://github.com/DMTF/libspdm/issues/2707, the cmocka
submodule on cryptomilk is unreliable and impacting downstream
consumer builds of SecurityPkg. This is considered a regression in
that pre-existing workflows that clone and recursively initialize
the repo are now broken.

The cmocka host was switched to a more reliable gitlab host in
https://github.com/DMTF/libspdm/pull/2710. This change updates the
submodule in edk2 to use that commit so edk2 users are not blocked
by cryptomilk.org service issues.

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

SecurityPkg CI build

Integration Instructions

First, note that this PR reverts PR https://github.com/microsoft/mu_tiano_plus/pull/272.
- Review any changes you may have made in response to that PR.
This PR adds the DeviceSecurity code back to the SecurityPkg build. That should not impact downstream users as the code was not removed, only not built in SecurityPkg.
The libspdm submodule is added back. That submodule will now be present for downstream repos (and SecurityPkg code) to use.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110001.0.0...v2023110001.0.1

mu_tiano_plus - v2023110001.0.0

Published by github-actions[bot] 5 months ago

What's Changed

⚠️ Breaking Changes

The SecurityPkg/DeviceSecurity/SpdmLib/libspdm submodule contains a
unit_test/cmockalib/cmocka submodule to https://git.cryptomilk.org/projects/cmocka.git.

cryptomilk.org is very unreliable and breaking all builds right now.
Since the DeviceSecurity content is not actively used in any main
branches, this change removes the libspdm submodule from the package
which, in turn, leads to removal of the content dependent on the
submodule.

These changes are made such that this commit can be reverted in the future.

That will easily restore everything after the libspdm submodule is updated
to find a more reliable host than cryptomilk.org.

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

SecurityPkg CI build

Integration Instructions

This is a temporary change. It is expected to be reverted soon.
- If you depend on the libspdm submodule in SecurityPkg, it is
  recommended to stay on the commit prior to its removal and wait
  for it to be restored in a future commit.
- If you do not depend on the libspdm submodule, there is not impact.
If you pick up this change be aware that any files in your build
dependent on the libspdm submodule will fail.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.1.0...v2023110001.0.0

mu_tiano_plus - v2023110000.0.5

Published by github-actions[bot] 7 months ago

What's Changed

Currently, if the TCG log fills up, the firmware will boot only logging some errors and the OS may or may not fail depending on scenario and configuration. This PR adds an assert so that these truncations can be found in testing rather then having to wait for failures in production.

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

N/A

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.0.4...v2023110000.0.5

mu_tiano_plus - v2023020001.0.1

Published by github-actions[bot] 8 months ago

What's Changed

An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Tested in pipelines

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020001.0.0...v2023020001.0.1

mu_tiano_plus - v2023110000.0.4

Published by github-actions[bot] 8 months ago

What's Changed

An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.

Impacts functionality?
Functionality - Does the change ultimately impact how firmware functions?
Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
Security - Does the change have a direct security impact on an application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
Breaking change?
Breaking change - Will anyone consuming this change experience a break
in build or boot behavior?
Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)?
Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...

How This Was Tested

Tested in pipelines

Integration Instructions

N/A

Description

This reverts the revert where we reverted the update that supports SHA384 and SHA512.

When ProcessVarWithPk(..) is called the expected code path is that you are in CUSTOM MODE and a UserPhysicallyPresent. Neither of which Project MU does or supports. So we end up falling down into VerifyTimeBasedPayloadAndUpdate(..). From there we fall into VerifyTimeBasedPayload and then finally we were depending on a special case where the size wasn't checked to hit the following line

 // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
 if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
   VerifyStatus = TRUE;
   goto Exit;
 }

This would work in 202302 and before allow us to delete the PK. However in this commit the logic to detect digest algorithm was changed and now prevents any payload with an invalid signature size (such as a PK Delete payload) from working.

History:

Bug seen where PK cannot be deleted
See Issue #246

This patch series contains the original two commits and the bug fix

Effectively this adds a special case where if the signature is 0

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)

Impacts functionality?
- Functionality - Allows for a PK to be deleted
Impacts security?
- Security - No
Breaking change?
- Breaking change - No
Includes tests?
- Tests - No
Includes documentation?
- Documentation - No

How This Was Tested

Boot QemuQ35
Enable Secure Boot with the Microsoft Only Certificates
Boot to the Front Page
Go to the Security Tab - Reboot to Front Page
Disable Secure Boot by selecting None
If broken firmware will assert
otherwise proceed

Additionally, confirmed that authenticated variables with valid signature data using the hash algorithms SHA256, SHA384 and SHA512 still work.

Integration Instructions

N/A

Description

Pipeline just started picking up a spelling mistake in a log message in a unit test

Impacts functionality?
- Functionality - No
Impacts security?
- Security - No
Breaking change?
- Breaking change - No
Includes tests?
- Tests - No
Includes documentation?
- Documentation - No

How This Was Tested

N/A

Integration Instructions

N/A

Reverts commit https://github.com/microsoft/mu_tiano_plus/commit/36b848b39cdfe644a22c50f5421f873f3015e81f.
Reverts commit https://github.com/microsoft/mu_tiano_plus/commit/bbf182229587958b17336c114e0a1525c4f90f3d.

This change has created an issue where the PK cannot be deleted after creation because of a hashing signature mismatch. This change is to revert the offending change until this issue can be further debugged.

Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?

How This Was Tested

Tested oh physical platform

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.0.3...v2023110000.0.4

mu_tiano_plus - v2023110000.0.3

Published by github-actions[bot] 8 months ago

What's Changed

Move the range check before array access to enforce the bounds
as expected.

Cc: Ray Ni [email protected]
Signed-off-by: Michael Kubacki [email protected]
Reviewed-by: Michael D Kinney [email protected]
(cherry picked from commit 3ce5f2d445e51efe2aebaa227a055e5c8522d00b)

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Run CodeQL before and after the change.

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.0.2...v2023110000.0.3

mu_tiano_plus - v2023110000.0.2

Published by github-actions[bot] 8 months ago

What's Changed

Removes edk2-basetools from pip-requirements.txt and any usage of it in the CISettings.py. The is done as there are changes in the build tools python source code that are available locally in BaseTools (as it is managed by Project Mu) that is not available in edk2-basetools.

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Verified the build system continues to use the local python source

Integration Instructions

N/A - only effects this repository's CI system.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.0.1...v2023110000.0.2

mu_tiano_plus - v2023110000.0.1

Published by github-actions[bot] 8 months ago

What's Changed

Edk2 updated AuthVariable and secureboot to allow them to use SHA384 and SHA512. The AuthVariable addition is good because it allows signing this with the PK but the secureboot addition is unnecessary.

The secureboot change has things hashed by all three algorithms and then checking them in the DBX for SHA256, SHA384 and SHA512 lists to make sure it's not on any of them. The issue with this is two fold.

This will have a performance impact. One that many platforms will not want.
This is completely unnecessary because the only group putting things in the DBX is Microsoft and we only use SHA256.

For these reasons it makes sense to revert the change in the secureboot logic and keep the AuthVariable changes.
Commit in edk2 for reference: https://github.com/tianocore/edk2/commit/bbf182229587958b17336c114e0a1525c4f90f3d

[] Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
[] Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Tested on Intel Physical systems. No issues seen.

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023110000.0.0...v2023110000.0.1

mu_tiano_plus - v2023020001.0.0

Published by github-actions[bot] 9 months ago

What's Changed

⚠️ Breaking Changes

The TempPreUefiEventLogLib is an instance of the Tcg2PreUefiEventLogLib, but it contains an assert for when the library instance is used.

Tcg2PreUefiEventLogNull is now available. TempPreUefiEventLogLib is no longer necessary to allow builds to complete.

Remove the TempPreUefiEventLogLib instance of TempPreUefiEventLogLib.

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

CI
Local build of platform with included change.

Integration Instructions

Dsc files that made use of TempPreUefiEventLogLib need to update to point to the Tcg2PreUefiEventLogLibNull library instance.

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020000.2.1...v2023020001.0.0

mu_tiano_plus - v2023020000.2.1

Published by github-actions[bot] 9 months ago

What's Changed

Added NULL implementation for Tcg2PreUefiEventLogLib

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Consumed this null library under C41A8 project and verified Build successful

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020000.2.0...v2023020000.2.1

mu_tiano_plus - v2023020000.1.2

Published by github-actions[bot] 11 months ago

What's Changed

🔐 Security Impacting

Update one DSC file to use the new stack cookie library, and MdePkg/MdeLibs.dsc.inc contains the definitions for the new stack cookie libraries for the remaining DSC files.

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

Tested on Q35 GCC and MSVC builds

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020000.1.1...v2023020000.1.2

mu_tiano_plus - v2023020000.1.1

Published by github-actions[bot] 12 months ago

What's Changed

This change uses abstracted interface from MemLib to validate incoming nested pointer before usage to ensure user supplied legitimate NVS buffer for corresponding TCG operations.

Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
Impacts security?
- Security - Does the change have a direct security impact on an application,
  flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
  validation improvement, ...
Breaking change?
- Breaking change - Will anyone consuming this change experience a break
  in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
  a function in a new library class in a pre-existing module, ...
Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
Includes documentation?
- Documentation - Does the change contain explicit documentation additions
  outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
  on an a separate Web page, ...

How This Was Tested

This change is validated on proprietary hardware platform.

Integration Instructions

N/A

Full Changelog: https://github.com/microsoft/mu_tiano_plus/compare/v2023020000.1.0...v2023020000.1.1