Bot releases are visible (Hide)
Current base tests DCFI_IntuneSettings use the Dfci3.ProcessorSMT.Enable option for testing DFCI V3 features but this is a silicon specific option that fails on Microsoft AARCH64 platforms as it is not present. Recommend the base tests avoid use of silicon-specific features as these tests will not broadly pass.
DFCI testing on AARCH64 platform.
NA
Fixes #235
Adds a command line switch to a pip command in the dockerfile. This allows the docker image creation process to pass.
--break-system-packages
was introduced in pip 23.0.1.
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
Built on Windows 10.
N/A
Fixes #234
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.7...v4.0.8
Published by github-actions[bot] 2 months ago
Adding DFCI settings for two more power policies: After Power Loss, and Always on.
The difference between the behaviors of the two modes is Always On
will boot it up even if power was yanked in the shutdown state.
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.6...v4.0.7
Published by github-actions[bot] 5 months ago
Resolve a CodeQL identified issue where an unsigned type was being checked against greater than or equal to zero. This will always be true and thus provides no value
Was not tested other than basic CI
NA
Corrects deprecation warning in Robot Framework
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Ran before change - warnings
Ran after change - no warnins
N / A
This change limits the TLS Ciphers provided by the Docker Container to strictly the four TLSv1.2 Ciphers that Intune currently uses.
This will force firmware to OpenSSL TLSv1.2 and strictly the four algorithms currently supported
namely
cipher_list = [b'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
b'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
b'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
b'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256']
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This nmap script can confirm the ssl siphers are what are expected
nmap --script ssl-enum-ciphers -p 443 127.0.0.1
N/A
This change limits the TLS Ciphers provided by the Docker Container to strictly the four TLSv1.2 Ciphers that Intune currently uses.
This will force firmware to OpenSSL TLSv1.2 and strictly the four algorithms currently supported
namely
cipher_list = [b'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
b'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
b'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
b'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256']
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This nmap script can confirm the ssl siphers are what are expected
nmap --script ssl-enum-ciphers -p 443 127.0.0.1
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.5...v4.0.6
Published by github-actions[bot] 8 months ago
An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.
Tested in pipelines
N/A
Removes edk2-basetools from pip-requirements.txt and any usage of it in the CISettings.py. The is done as there are changes in the build tools python source code that are available locally in BaseTools (as it is managed by Project Mu) that is not available in edk2-basetools.
Verified the build system continues to use the local python source
N/A - only effects this repository's CI system.
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.4...v4.0.5
Published by github-actions[bot] 9 months ago
Updates edk2-pytool-extensions and edk2-pytool-library to work with the latest commit of MU_BASECORE
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
N/A
N/A
</blockquote>
<hr>
</details>
Drop the library instance in the DSC due to recent refactor in
CryptoPkg in Mu Basecore.
N/A - Only local package build is affected.
Adds commits that only applied Uncrustify formatting or converted
line endings to a .git-blame-ignore-revs file so they are ignored
by git blame. This is supported by GitHub:
https://github.blog/changelog/2022-03-24-ignore-commits-in-the-blame-view-beta/
This helps clean up git blame by filtering out these changes.
Note: This file needs to be updated on rebase branches. Processes
like filter-branch can automatically update relevant SHAs.
git blame
N/A
All header files should include header guards.
Some header files, such as those which define structures,
cannot be included more than once within a translation unit, as doing
so would cause a redefinition error. Such headers must be guarded to
prevent ill-effects from multiple inclusion. Similarly, if header
files include other header files, and this inclusion graph contains
a cycle, then at least one file within the cycle must contain header
guards in order to break the cycle. Because of cases like these, all
headers should be guarded as a matter of good practice, even if they
do not strictly need to be.
Furthermore, most modern compilers contain optimizations which are
triggered by header guards. If the header guard strictly conforms
to the pattern that compilers expect, then inclusions of that
header other than the first have absolutely no effect: the file
isn't re-read from disk, nor is it re-tokenised or re-preprocessed.
This can result in a noticeable, albeit minor, improvement to
compilation time.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.3...v4.0.4
Published by github-actions[bot] 11 months ago
With this change if memory allocation for the NewChallenge variable fails, EFI_OUT_OF_RESOURCES is returned
Build passes with this change
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.2...v4.0.3
Published by github-actions[bot] 11 months ago
Update DFCI DSC file to use the new stack cookie library.
Tested on Q35 GCC and MSVC builds
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.1...v4.0.2
Published by github-actions[bot] about 1 year ago
Adds a PrEval entry to all ci.yaml files to enable the new PrEval Policy 5.
N/A
N/A
</blockquote>
<hr>
</details>
The library class is currently DfciSupportLib
in the INF file. This
name is not used anywhere else including consuming code and
documenation. Therefore, some packages have used the library class
name used elsewhere (DfciV1SupportLibNull
) but that may give a
warning since the library class does not match the INF.
This changes updates the INF so the name is consistent.
There's also minor other cleanup:
Fix BASE_NAME
so it accurately identifies the instance
Move MdePkg.dec
to the beginning of the package order to allow
more specific definitions to override generic ones in MdePkg
.
Remove empty sections cluttering the file.
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
DfciPkg build and build of packages dependent on the library class.
If DfciSupportLib
was being used before to reference this library class instance
in a package, update it to DfciV1SupportLib
.
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v4.0.0...v4.0.1
Published by github-actions[bot] over 1 year ago
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
This change updated the mu_devops to use the Jobs/PrGate.yml pipeline and update synchronization files.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
This was tested on selfhost-agents and existing agents.
Pipeline changes, N/A for integration.
</blockquote>
<hr>
</details>
Update submodules to use their 202302 branches.
Pending
N/A
</blockquote>
<hr>
</details>
Allow all exceptions to signal system not available when waiting for online or offline.
Fixes #94
Tested on the QEMU path and a physical system.
N/A
</blockquote>
<hr>
</details>
A test exemption had to be added for an OEM that has a device with different Type1 and Type3 serial numbers.
Type1 is the system board, and Type3 is the enclosure or chassis. All laptops seen prior to this OEM had the same serial number for both Type1 and Type3. Fixes #77
Potentially a breaking change for testing when a Device Under Test has different serial numbers for Type1 and Type3.
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
Tested with a fixed DfciDeviceIdSupportLib that used the Type1 SMBIOS serial number on a Windows DUT in a QemuQ35Pkg environment with different smbios serial numbers. The DfciDeviceIdSupportLib is a platform provided library.
N/A
</blockquote>
<hr>
</details>
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
Updating documentation to include HTTP Connection definitions
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
<Please describe the test(s) that were run to verify the changes.>
<Describe how these changes should be integrated. Use N/A if nothing is required.>
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v3.0.0...v4.0.0
Published by github-actions[bot] over 1 year ago
Fixes #83.
This is all changes to the Dfci UnitTest and Docs directories. There is no change to DFCI functionality.
Quite a number of little changes needed to support Dfci in a QemuQ35Pkg virtual system. The Q35 environment has fewer settings, so there are fewer settings tested in the Enroll/Unenroll operations. Due to a pending restructure of the settings test, the current settings test will fail due to settings not in Q35. All the other tests have been tested.
The restart mechanism needed to be updated to not rely on ping. Since ping isn't forwarded to Q35, Q35 appeared to never go away.
DFCI_SupportLib.py needed a lot of changes to pass flake8.
This PR will need additional testing using a physical system.
Impacts functionality?
Impacts security?
Breaking change?
This PR will need additional testing using a physical system to ensure the new restart detections mechanism still works.
Includes tests?
Includes documentation?
Tested with a QemuQ35Pkg virtual system.
N/A
</blockquote>
<hr>
</details>
Fixes #83.
This is all changes to the Dfci UnitTest and Docs directories. There is no change to DFCI functionality.
Quite a number of little changes needed to support Dfci in a QemuQ35Pkg virtual system. The Q35 environment has fewer settings, so there are fewer settings tested in the Enroll/Unenroll operations. Due to a pending restructure of the settings test, the current settings test will fail due to settings not in Q35. All the other tests have been tested.
The restart mechanism needed to be updated to not rely on ping. Since ping isn't forwarded to Q35, Q35 appeared to never go away.
DFCI_SupportLib.py needed a lot of changes to pass flake8.
This PR will need additional testing using a physical system.
Impacts functionality?
Impacts security?
Breaking change?
This PR will need additional testing using a physical system to ensure the new restart detections mechanism still works.
Includes tests?
Includes documentation?
Tested with a QemuQ35Pkg virtual system.
N/A
</blockquote>
<hr>
</details>
You can trigger a rebase of this PR by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can trigger a rebase of this PR by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.3.1...v3.0.0
Published by github-actions[bot] over 1 year ago
Code comments and the library DfciUiSupportLibNull reference a function no longer used. This removes the dead code from the NULL library, and updates comments in the active code. Fixes #75
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
Not tested
N/A
</blockquote>
<hr>
</details>
Originally tested on a system where the firewall was disabled, so the missing firewall entry error was not observed. Fixes #74
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
Tested configuring a Windows Guest running in a QemuQ35Pkg VM.
N/A
</blockquote>
<hr>
</details>
Fix https://github.com/microsoft/mu_feature_dfci/issues/65
Run standard testing:
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.3.0...v2.3.1
Published by github-actions[bot] over 1 year ago
Revert Variable locking change due to side effects (not locking) on some platforms.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
CI and code inspection. Platform testing will be performed ASAP
DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.
Revert Variable locking change due to side effects (not locking) on some platforms.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
CI and code inspection. Platform testing will be performed ASAP
DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.
Revert Variable locking change due to side effects (not locking) on some platforms.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
CI and code inspection. Platform testing will be performed ASAP
DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.2.0...v2.3.0
Published by github-actions[bot] over 1 year ago
Due to how Variable Locking works the lock variable should be runtime accessible.
Code inspection
NA
</blockquote>
<hr>
</details>
Due to how Variable Locking works the lock variable should be runtime accessible.
Code inspection
NA
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.1.0...v2.2.0
Published by github-actions[bot] over 1 year ago
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Code inspection. Additional testing will be done by product teams.
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.0.2...v2.1.0
Published by github-actions[bot] over 1 year ago
Corrected area of code that are using a BOOLEAN to store a UINT8 value.
Functionality is not affected because of how BOOLEAN is declared in ProcessorBind.h. (BOOLEAN and UINT8 are the same type)
Fixes #45
Minor CI change for MD034/no-bare-urls due to open parenthesis being on different line.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Ran Local CI
N/A
Refactor ProviderValueAsAscii() and remove following macros to make it can allocate buffer with right size for each setting.
Fix https://github.com/microsoft/mu_feature_dfci/issues/43
#define ENABLED_STRING_SIZE (9)
#define ASSET_TAG_STRING_MAX_SIZE (22)
#define SECURE_BOOT_ENUM_STRING_SIZE (20)
#define SYSTEM_PASSWORD_STATE_STRING_SIZE (30)
#define USB_PORT_STATE_STRING_SIZE (20)
Tested with SEMM tool. No regression seen.
N/A
</blockquote>
<hr>
</details>
Various fixes
Build and boot changes on QemuQ35Pkg to EFI shell.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.0.1...v2.0.2
Published by github-actions[bot] over 1 year ago
Verified with SEMM tool:
N/A
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/v2.0.0...v2.0.1
Published by github-actions[bot] over 1 year ago
Note: v2.0.0 marks the first release from mu_feature_dfci 🎉. Previous
major release versions were made before moving to this repo.
Updates the CodeQL file filter list to include all filters found in
the repo. This will pick up filters from repos like mu_basecore.
Verified CodeQL filter files being used are expected.
N/A
Signed-off-by: Michael Kubacki [email protected]
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
Additional testing showed Semm enroll fails to prompt for the thumbprint.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Ran Semm Enroll and Semm Unenroll tests to verify the UI prompt occurred.
N/A
</blockquote>
<hr>
</details>
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
A TPL inversion was created with how TPL changes were done. This was corrected to always follow normal TPL transitions. The TPL inversion also caused errors on some platfoms.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Tested locally on Zeus
N/A
</blockquote>
<hr>
</details>
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Signed-off-by: Michael Kubacki [email protected]
A new identifier can be used to identify published artifacts (as
of mu_devops 2.0.0 release). This change passes the packages and
targets being built to clarify artifact names.
The default value for the identifier is "Artifacts" so that is
what is being used at the moment. For example, build logs are
published under "Logs Artifacts"
. After this change, the
identifier will be "Logs <packages> <targets>"
.
Verified pipeline artifacts are named as expected.
This is considered a "breaking change" because artifacts are accessible via
ADO APIs and can be identified by the artifact name. While it is unlikely any
process is consuming these artifacts based on name, if they are, they will
need to use the new artifact naming convention introduced in this change.
Signed-off-by: Michael Kubacki [email protected]
Allows CodeQL to be run locally by specifying --codeql
when
providing stuart_update
and stuart_ci_build
commands in this
repo.
stuart_update
- Automatically downloads the CodeQL CLI applicationstuart_ci_build
- Automatically runs CodeQL against the packagesNOTE: Running with CodeQL will increase your overall build time for a
couple of reasons:
(1) happens automatically, you do not need to specify a clean build
manually
For more information, such as:
And more...
Go to the CodeQL plugin readme:
https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md
Also, this commit sets STUART_CODEQL_AUDIT_ONLY
to TRUE
. This is
done to:
This will be removed from the file when (2) is completed.
Verified --codeql
usage with stuart_update
and stuart_ci_build
locally.
See earlier PR description and CodeQL plugin readme:
https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md
Signed-off-by: Michael Kubacki [email protected]
A new identifier can be used to identify published artifacts (as
of mu_devops 2.0.0 release). This change passes the packages and
targets being built to clarify artifact names.
The default value for the identifier is "Artifacts" so that is
what is being used at the moment. For example, build logs are
published under "Logs Artifacts"
. After this change, the
identifier will be "Logs <packages> <targets>"
.
Verified pipeline artifacts are named as expected.
This is considered a "breaking change" because artifacts are accessible via
ADO APIs and can be identified by the artifact name. While it is unlikely any
process is consuming these artifacts based on name, if they are, they will
need to use the new artifact naming convention introduced in this change.
Signed-off-by: Michael Kubacki [email protected]
Change the Pass message to not be associated with an error message.
N/A
N/A
</blockquote>
<hr>
</details>
AllocatePool ()
takes a UINTN
argument that specifies the size
of buffer to allocate. If the size is 0
, a buffer of size 0
is
returned.
The code modified here calls AllocatePool ()
as follows:
CertText = AllocatePool (L'\0');
The single wide-character literal \0
has an integer value of zero.
This change updates the call to be sizeof (L'\0')
which will
pass the bytes required to hold the character.
This will allow the buffer to hold the character in the following
assignment to the buffer:
CertText[0] = L'\0';
Compile DfciPkg with change
N/A
Signed-off-by: Michael Kubacki [email protected]
</blockquote>
<hr>
</details>
Various fixes
Building DfciPkg
N/A
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
The commit at ac4bd1b7451447dfd524dc25f11193c5ea84ecde was not tested thoroughly and left some DFCI variables unlocked.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Tested on multiple platforms.
N/A
</blockquote>
<hr>
</details>
This PR adds a requirement to use a local Refresh from Network server, and how to set one up on a Windows system using WSL2 and Docket Desktop. This PR is a test environment only PR, and does not affect Dfci operation.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Tested locally
The ability to test Refresh from Network has changed significantly.
You will have to read the DfciTests Documentation, as there are significant changes on testing Refresh from Network.
Instead of a hand built Azure server, each entity testing Dfci has to publish their own Refresh Server.
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
<Please include a description of the change and why this change was made.>
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
None
N/A
</blockquote>
<hr>
</details>
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.
Updated document links to point into this repository.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Tested locally.
N/A
Full Changelog: https://github.com/microsoft/mu_feature_dfci/compare/...v0.1.0