Bot releases are visible (Hide)
#94 Updated the generate_cryptodriver.py script to include the correct path to the DEPEX binary, but it failed to include the newly generated INF files.
Now updating with the correctly generated INF files.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Ran local build, replaced in mu_tiano_platforms and verified build failures were resolved (and q35 project booted).
N/A
In packages generated before 2023.11.3, the generated INF files would reference a common DEPEX file for all the arches instead of being contained in the same folder as the generated EFI file.
After the update for including map files, etc, the location of the DEPEX was in in the same folder as the EFI, MAP and PDB file.
Updating the script generate the correct file location for the DEPEX.
Manually updated a project to use 2023.11.5 and encountered a build error because of the depex file path was mismatched.
N/A
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2024.0.0...v2024.0.1
Published by github-actions[bot] 3 months ago
In packages generated before 2023.11.3, the generated INF files would reference a common DEPEX file for all the arches instead of being contained in the same folder as the generated EFI file.
After the update for including map files, etc, the location of the DEPEX was in in the same folder as the EFI, MAP and PDB file.
Updating the script generate the correct file location for the DEPEX.
Manually updated a project to use 2023.11.5 and encountered a build error because of the depex file path was mismatched.
N/A
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2024.0.0...v2024.0.1
Published by os-d 5 months ago
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.2.13...v2023.2.14
Published by github-actions[bot] 5 months ago
NOTE: This PR should only be completed when we are sure that we would like to
introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
binaries.
NOTE: This will need to be cherry-picked into the release/202302 branch
(with the MU_BASECORE submodule updated).
CryptoBinPkg.dsc: Use static stack cookie init for DXE
Simplifies the RNG support expected of platforms integrating
the DXE binary.
CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries
Since platforms integrating the binaries may have very different
levels of support for random number generation, allow the platform
to provide a RNG service for PEI and DXE.
A similar change may be made for SMM and Standalone MM environments
in the future.
NOTE: This PR should only be completed when we are sure that we would like to
introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
binaries.
NOTE: This will need to be cherry-picked into the release/202302 branch
(with the MU_BASECORE submodule updated).
CryptoBinPkg.dsc: Use static stack cookie init for DXE
Simplifies the RNG support expected of platforms integrating
the DXE binary.
CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries
Since platforms integrating the binaries may have very different
levels of support for random number generation, allow the platform
to provide a RNG service for PEI and DXE.
A similar change may be made for SMM and Standalone MM environments
in the future.
NOTE: This PR should only be completed when we are sure that we would like to
introduce a dependency on the RNG PPI and RNG Protocol for the PEI and DXE
binaries.
NOTE: This will need to be cherry-picked into the release/202302 branch
(with the MU_BASECORE submodule updated).
CryptoBinPkg.dsc: Use static stack cookie init for DXE
Simplifies the RNG support expected of platforms integrating
the DXE binary.
CryptoBinPkg: Use PeiRngLib and DxeRngLib for crypto binaries
Since platforms integrating the binaries may have very different
levels of support for random number generation, allow the platform
to provide a RNG service for PEI and DXE.
A similar change may be made for SMM and Standalone MM environments
in the future.
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.11.5...v2024.0.0
Published by github-actions[bot] 5 months ago
Updates the logic that is responsible to bundling the nuget contents in the appropriate manner. This update replaces the standalone script with a post build plugin that will be executed when the command line argument --bundle
is added to either the MultiFlavorBuild or SingleFlavorBuild build scripts.
Additionally, update the dsc to generate pdbs on release builds in addition to debug builds. Also ensures pdb, map, and build available and a part of the bundle that is generated for a NuGet release. These changes make it easier for the local story, such that developers can run the py MultiFlavorBuild.py ... --bundle
, and the structure of the NuGet package is generated. Instead of copying over the newly compiled binaries to the NuGet package in the platform, the developer can simply set the SHARED_CRYPTO_PATH=<workspace/Bundle>
and build.
Ensured compiling, bundling, and releasing continues to work: https://dev.azure.com/projectmu/mu/_build/results?buildId=69830&view=results
N/A
Primarily updates CryptoBinPkg/Driver/readme.md to improve the
instructions for integrating shared crypto binary releases into a
platform firmware.
Updates the main Readme.rst file to point to the driver instructions
toward the top of the file.
Removes a small set of redundant code in CryptoBinPkg.dsc.
Impacts functionality?
Impacts security?
Breaking change?
Includes tests?
Includes documentation?
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.11.3...v2023.11.5
Published by Flickdm 6 months ago
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.11.2...v2023.11.3
Published by makubacki 7 months ago
NOTE: When picking up the crypto binary built with this change, you must
include commit 6cc02e2 from the release/202311 branch in Mu
Basecore.
Expand the availability of the RSAES-OAEP crypto capability in
BaseCryptLib. Applications using RSA crypto functions directly from
OpensslLib can transition to BaseCryptLib to take advantage of the
shared crypto feature in CryptoDxe.
Host-based unit tests, end-to-end testing with shared crypto binary.
When picking up the crypto binary built with this change, you must
include commit 6cc02e2
from the release/202311
branch in Mu
Basecore.
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.11.1...v2023.11.2
Published by makubacki 7 months ago
This is the first crypto binary release based on the Mu Basecore 202311 branch.
The underlying crypto changes are the same as the 2023.2.13 release, the only
difference is it is built upon Mu Basecore release/202311.
Published by makubacki 7 months ago
This was a release candidate (RC) for the 202302 branch of Mu Crypto release.
It was a RC built of a special release branch (mu_cryptobin_2023_2_14
).
Due to integration challenges syncing the changes with Mu Basecore, this is planned
to be the final release based on Mu Basecore 202302, future releases will be based on
Mu Basecore 202311.
Expand the availability of the RSAES-OAEP crypto capability in
BaseCryptLib. Applications using RSA crypto functions directly from
OpensslLib can transition to BaseCryptLib to take advantage of the
shared crypto feature in CryptoDxe.
Host-based unit tests, end-to-end testing with shared crypto binary.
When picking up the crypto binary built with this change, you must
include commit 6cc02e2
from the release/202311
branch in Mu
Basecore.
Published by makubacki 7 months ago
Closes #69
Adds the AARCH64 build for CryptoRuntimeDxe. The crypto generation
script already publishes build files for AARCH64 Runtime DXE
binaries.
RUNTIMEDXE_CRYPTO_ARCH
and RUNTIMEDXE_CRYPTO_SERVICES
should be set
in platform DSC files for the AARCH64
architecture and the selected
flavor to have the binary included in thee platform build.
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.2.12...v2023.2.13
Published by kenlautner 8 months ago
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023.2.11...v2023.2.12
Published by makubacki 8 months ago
A platform is expected to define the crypto services and applicable
archs at the beginning of the platform DSC and then include the
CryptoDriver.inc.dsc file. This file currently requires that all
services and archs are accounted for even if they are not used.
This change first checks if the platform set any values. If not, then
the service and corresponding arch is set to NONE. This allows
platforms to simply opt into the services and corresponding archs
that are necessary.
NONE
value is applied.Define the crypto services needed for a platform. If a crypto service is used,
set the applicable arch. Otherwise, the arch does not need to be specified.
Published by makubacki 8 months ago
NOTE: This release should have updated the minor version since it is a breaking change.
This was not done in retrospect since the release has already been consumed in several repos.
Recently Openssl and its BaseCryptLib implementation were moved out of MU_BASECORE in favor of requiring a crypto binary. However, the generated files that work with the binary were left in CryptoPkg. This PR moves binary generation code to CryptoBinPkg and updates it to work from it's new location.
Changes that were made:
CryptoPkg/Library/BaseCryptLibOnProtocolPpi/CryptLib.c
and CryptoPkg/Include/Protocol/Crypto.h
. The changes are almost always a timestamp bump but you'll need to confirm that when generating new crypto binaries.Tested locally and on the server pipeline to make sure the crypto files were correctly added to the nuget binary. Tested the generated extdep to make sure the core functionality has remained the same.
If you were previously using the crypto binary you'll need to update the paths to the extdep files.
Closes #55
Primary purpose is to add Runtime DXE shared crypto. Other fixes and
updates are included. Below is a summary of the changes.
OpensslPkg/RuntimeCryptLib: Fix build issues
UefiRuntimeLib needs to be included in [LibaryClasses] to properly
link the functions. gEfiEventVirtualAddressChangeGuid is missing
in the [Guids] section.
generate_cryptodriver.py: Fix migration regression
The migration commit (455ca6b) contained an older section of code in
the DSC generation section. This restores the section to match the
contents in https://github.com/microsoft/mu_basecore/pull/713.
Use SHARED_CRYPTO_PATH for the shared crypto path
In CryptoBinPkg, some files (like Crypto.inc.dsc) are used during
the build. This should come from the latest revisions in the
mu_crypto_release repo (which doesn't use the actual binaries).
In consuming repos, the ext dep could be defined anywhere. To
satisfy both of these needs and make the location more portable in
general, a build environment variable is introduced to track the
path.
In mu_crypto_release, the path will be set to "CryptoBinPkg". This
will cause its build to reference the files in the code tree. In
shared crypto consuming repos, it is set in the ext dep (during build)
to the path the binaries are placed in.
Add shared crypto Runtime DXE driver
Adds the CryptoRuntimeDxe driver, currently built for IA32 and X64,
it produces the EDK II Crypto protocol backed by runtime code buffers
so the functionality can be invoked at OS runtime.
Consuming RT DXE drivers should link an instance of BaseCryptLib
that is RT DXE compatible, like the RuntimeDxeCryptLib in
CryptoPkg.
RUNTIMEDXE_CRYPTO_SERVICES and RUNTIMEDXE_CRYPTO_ARCH should be set
in platform DSC files to a value other than "NONE" to use the driver.
Update readmes for recent changes
Refreshes content in the main repo and shared crypto readme files
to reflect recent changes and current process.
Use the new Runtime DXE shared crypto binaries if needed for a
platform.
Published by makubacki 8 months ago
Update the MU_BASECORE pin to include the change to the STANDARD crypto binary flavor that includes SHA384 and SHA512.
Tested on a local build. The newly generated crypto binary included SHA384 and SHA512.
Update to the next crypto binary release.
Published by github-actions[bot] 8 months ago
Add PEI and Standalone MM AARCH64 binaries
Produces an AARCH64 CryptoPei and CryptoStandaloneMm binary.
Note:
MmServicesTableLib
and StandaloneMmDriverEntryPoint
libraryStandaloneMmPkg
for AARCH64
.BaseRngLibTimerLib
instance for AARCH64 MM_STANDALONE
due to currentRngDxe
instance for DXE
drivers so platforms can publish agEdkiiCryptoProtocolGuid
protocol instance backed by an RngLib
AARCH64
binaries can be built for all flavors using GCC or Visual Studio,AARCH64 GCC Build and Pipeline Support
Closes #46
Note: CryptoStandaloneMm
is intentionally only built for X64
due to
build limitations in MM Supervisor dependencies for IA32
.
This file is not tracking an upstream file. Diff markers are not
needed.
If a tool chain is not specified, use VS2022 instead of VS2019. It
is the pipeline build tool chain and installed more commonly now.
Moves MU_BASECORE to the latest MU_BASECORE. This is a relatively
large move including about 207 Mu Basecore commits.
Some integration related changes are included.
Adds a Standalone MM driver to the shared crypto binary release.
Adds the Project Mu MM Supervisor repo as a submodule and updates the
library instances for CryptoStandaloneMm to use the supervisor library
instances where relevant.
Properly escapes the backslash character to prevent SyntaxWarning
due to an invalid escape sequence.
Merges the two [LibraryClasses] sections together resolving duplicates
and sorting contents for easier inspection and diff.
NOTE: The Mu Basecore submodule will be updated after several PRs are
completed in that repo required for this PR. Right now, this PR
is using a temporary branch with all of those changes consolidated.
A new build rule may be needed in a platform FDF to integrate Standalone MM binaries. An
example to use the Standalone MM shared crypto driver is shown below:
[Rule.Common.MM_STANDALONE.BINARY]
FILE MM_STANDALONE = $(NAMED_GUID) {
SMM_DEPEX SMM_DEPEX Optional |.depex
PE32 PE32 |.efi
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
</blockquote>
<hr>
</details>
The parameter is currently not passed from the outer YAML file to
the template so the nuget_publish value in template-build.yml is
always false.
Add PEI and Standalone MM AARCH64 binaries
Produces an AARCH64 CryptoPei and CryptoStandaloneMm binary.
Note:
MmServicesTableLib
and StandaloneMmDriverEntryPoint
libraryStandaloneMmPkg
for AARCH64
.BaseRngLibTimerLib
instance for AARCH64 MM_STANDALONE
due to currentRngDxe
instance for DXE
drivers so platforms can publish agEdkiiCryptoProtocolGuid
protocol instance backed by an RngLib
AARCH64
binaries can be built for all flavors using GCC or Visual Studio,AARCH64 GCC Build and Pipeline Support
Openssl was removed from MU_BASECORE in favor of the generated SHARED_CRYPTO binaries. However, to create the binary we still need access to Openssl. This PR moves Openssl and the BaseCryptLib implementation into this repo for binary generation.
In progress
N/A
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023020000.0.2...v2023020000.1.0
Published by github-actions[bot] 9 months ago
Closes #46
Note: CryptoStandaloneMm
is intentionally only built for X64
due to
build limitations in MM Supervisor dependencies for IA32
.
This file is not tracking an upstream file. Diff markers are not
needed.
If a tool chain is not specified, use VS2022 instead of VS2019. It
is the pipeline build tool chain and installed more commonly now.
Moves MU_BASECORE to the latest MU_BASECORE. This is a relatively
large move including about 207 Mu Basecore commits.
Some integration related changes are included.
Adds a Standalone MM driver to the shared crypto binary release.
Adds the Project Mu MM Supervisor repo as a submodule and updates the
library instances for CryptoStandaloneMm to use the supervisor library
instances where relevant.
Properly escapes the backslash character to prevent SyntaxWarning
due to an invalid escape sequence.
Merges the two [LibraryClasses] sections together resolving duplicates
and sorting contents for easier inspection and diff.
NOTE: The Mu Basecore submodule will be updated after several PRs are
completed in that repo required for this PR. Right now, this PR
is using a temporary branch with all of those changes consolidated.
A new build rule may be needed in a platform FDF to integrate Standalone MM binaries. An
example to use the Standalone MM shared crypto driver is shown below:
[Rule.Common.MM_STANDALONE.BINARY]
FILE MM_STANDALONE = $(NAMED_GUID) {
SMM_DEPEX SMM_DEPEX Optional |.depex
PE32 PE32 |.efi
UI STRING="$(MODULE_NAME)" Optional
VERSION STRING="$(INF_VERSION)" Optional BUILD_NUM=$(BUILD_NUMBER)
}
Note that the Standalone MM binaries are built against the Project Mu
MM Supervisor.
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023020000.0.2...v2023020000.1.0
Published by github-actions[bot] about 1 year ago
Update the referenced OpensslLib to be OpensslLibFull to include additional crypto algorithms that we want available in the Shared Crypto binary.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Used BaseCryptLib Shell based test with test binaries and passed all tests with this change.
Update to the new release that will be made after this goes in (2023.02.3)
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023020000.0.1...v2023020000.0.2
Published by github-actions[bot] over 1 year ago
Crypto autogen was updated to not specify the module type for components to follow PEI spec. This PR pulls these changes for a release.
For each item, place an "x" in between [
and ]
if true. Example: [x]
.
(you can also check items in the GitHub UI)
Build and booted with latest changes to crypto.
Update crypto binary version in basecore to 2023.02.2
</blockquote>
<hr>
</details>
Full Changelog: https://github.com/microsoft/mu_crypto_release/compare/v2023020000.0.0...v2023020000.0.1
Published by cfernald over 1 year ago
This is the first MU Crypto 202302 release π
The previous branch was 202208.
These versions correspond to edk2 stable release tags that the code is based upon.
Since edk2 makes a release every 3 months, two stable tags were actually picked up in this release:
Review those release notes to understand the changes coming in from edk2. In addition, Mu repos highlight important changes in their Readme files. Review the 202302 Readme before you move code to this branch to understand major changes.