## Description
An instance of StackCheckLib must be in each DSC to accommodate
-fstack-protector and /GS flags.
- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
Tested in pipelines
## Integration Instructions
N/A
## Description
Updates edk2-pytool-extensions and edk2-pytool-library to work with the
latest commit of MU_BASECORE
For each item, place an "x" in between `[` and `]` if true. Example:
`[x]`.
_(you can also check items in the GitHub UI)_
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
N/A
## Integration Instructions
N/A
## Description
Linux shim currently incorrectly uses the UEFI memory attribute protocol
causing a fault. The broken shim does not have the NXCOMPAT
flag, so compatibility mode can be used to uninstall the protocol
when it is loaded. For flexibility, this patch implements the policy
configuration option to allow ARM platforms to choose not to install the
protocol.
- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
Tested on SBSA by running the DxePagingAuditTestApp with the protocol
policy set to TRUE and FALSE
## Integration Instructions
N/A
## Description
Adds commits that only applied Uncrustify formatting or converted
line endings to a .git-blame-ignore-revs file so they are ignored
by git blame. This is supported by GitHub:
https://github.blog/changelog/2022-03-24-ignore-commits-in-the-blame-view-beta/
This helps clean up git blame by filtering out these changes.
Note: This file needs to be updated on rebase branches. Processes
like filter-branch can automatically update relevant SHAs.
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
- `git blame`
## Integration Instructions
N/A
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
In a code review, we opted to eliminate as many casts as possible
in GetNextEntryAttribute() which includes the EntryType cast from
UINT64 to UINT32.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
`GetNextEntryAttribute()` is currently applying the 64-bit mask to a
32-bit descriptor value (the lower attributes).
`EntryType` (and `EntryTypeAttribute`) are 32-bit and
`TT_ATTRIBUTES_MASK` is 64-bit:
#define TT_ATTRIBUTES_MASK ((0xFFFULL << 52) | (0x3FFULL << 2))
In the 64-bit descriptor, there are 10 bits of lower attributes and
12 bits of upper attributes.
The descriptor is converted to a 32-bit value and assigned to
`EntryAttribute`.
This is assigned to `PrevEntryAttribute`:
*PrevEntryAttribute = EntryAttribute;
Where `PrevEntryAttribute` is also a `UINT32`:
IN OUT UINT32 *PrevEntryAttribute,
Which is passed to `PageAttributeToGcdAttribute()`:
SetGcdMemorySpaceAttributes (
MemorySpaceMap,
NumberOfDescriptors,
*StartGcdRegion,
(BaseAddress + (Index * TT_ADDRESS_AT_LEVEL (TableLevel))) - *StartGcdRegion,
PageAttributeToGcdAttribute (*PrevEntryAttribute)
);
Which accepts a `UINT64`:
STATIC
UINT64
PageAttributeToGcdAttribute (
IN UINT64 PageAttributes
);
Which sets `EFI_MEMORY_XP` based on `TT_PXN_MASK | TT_UXN_MASK`:
// Process eXecute Never attribute
if ((PageAttributes & (TT_PXN_MASK | TT_UXN_MASK)) != 0) {
GcdAttributes |= EFI_MEMORY_XP;
}
Where those bits are in the upper attributes:
This change uses a 64-bit integer to hold the attributes to set
`EFI_MEMORY_XP`.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
## Description
Integration steps for mu_devops@9.0.1
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
CI
## Integration Instructions
CI
## Description
Casts the table entry as a 32-bit integer since the value may be
larger than 32-bit. A cast is needed to prevent a compiler warning.
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
- ArmPkg build
- Virtual platform boot
## Integration Instructions
N/A
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
GetNextEntryAttribute() assigns a 64-bit integer to 32-bit integers.
This change checks that the value fits in a 32-bit integer and
fixes the following Visual Studio compiler warning:
'=': conversion from 'UINT64' to 'UINT32', possible loss of data
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
The code tries to use a data pointer type for a function pointer and
Visual Studio doesn't like it.
Fixes this warning:
nonstandard extension, function/data pointer conversion in expression
This change represents the function pointer with the appropriate type
(instead of VOID*) and defines the type with a typedef for code
clarity.
A minor change is added to also validate function pointer parameters
in an already modified function to generally improve its robustness.
Some practices like adding a function description are not added
because the function prototype is from ArmMmuLib which doesn't
currently have function descriptions and adding them is outside the
scope of the compiler fix being added in this change.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
MemoryInitPei: Remove Non-RT Types from Mem Type Info HOB
Removes the following types from the memory type information HOBs
produced in the MemoryInitPei modules in ArmPlatformPkg and ArmVirtPkg.
- `EfiBootServicesCode`
- `EfiBootServicesData`
- `EfiLoaderCode`
- `EfiLoaderData`
When the memory type information UEFI variable is updated in BDS,
it goes through the common variable check code attached to the UEFI
variable driver which explicitly checks the size of the variable data
to determine if the variable update is valid.
MemoryTypeInfoVarCheckHandler () in
MdeModulePkg/Library/MemoryTypeInfoSecVarCheckLib/MemoryTypeInfoSecVarCheckLib.c.
The size here is `0x50` instead of the expected size of `0x30`. It
is not common to place non-runtime memory types in the memory type
information HOB so the types are removed from the HOB published
here to align with typical code expectations.
UEFI variable update error:
```
ERROR: MemoryTypeInfoVarCheckHandler() - DataSize = 0x50 Expected = 0x30
Variable Check handler fail Security Violation -
4C19049F-4137-4DD3-9C10-8B97A83FFDFA:MemoryTypeInformation
Memory Type Information settings cannot be saved. OS S4 may fail!
```
Some Arm platforms may use a different UEFI variable driver that does
not perform this check. If the types are truly needed, the variable
check code should be updated to compensate for them.
- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
- ArmPlatformPkg build and CI
- ArmVirtPkg build and CI
- QemuSbsaPkg build and boot to EFI shell with test apps
## Integration Instructions
Review code to determine if either of these PEIMs (`MemoryInitPeim`).
If so, whether code was dependent on the memory types in the memory
type information HOB that were removed to determine if further changes
are needed.
---------
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tianocore/edk2-pytool-library/releases">edk2-pytool-library's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>base_parser.py: conditional evaluation bugfix by <a
href="https://github.com/Javagedes"><code>@Javagedes</code></a> in <a
href="https://redirect.github.com/tianocore/edk2-pytool-library/pull/425">tianocore/edk2-pytool-library#425</a></li>
<li>Update Supported Python versions to 3.10, 3.11, and 3.12 by <a
href="https://github.com/Javagedes"><code>@Javagedes</code></a> in <a
href="https://redirect.github.com/tianocore/edk2-pytool-library/pull/424">tianocore/edk2-pytool-library#424</a></li>
</ul>
<h2>Breaking Changes</h2>
<p>edk2-pytool-library has officially dropped support for python 3.9
with this release. To continue to receive improvements to
edk2-pytool-library passed v0.18, you will need to upgrade to a
supported version of python (3.10, 3.11, or 3.12).</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tianocore/edk2-pytool-library/compare/v0.18.2...v0.19.0">https://github.com/tianocore/edk2-pytool-library/compare/v0.18.2...v0.19.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="33722a7146"><code>33722a7</code></a>
Update Supported Python versions to 3.10, 3.11, and 3.12 (<a
href="https://redirect.github.com/tianocore/edk2-pytool-library/issues/424">#424</a>)</li>
<li><a
href="b62e1c1f3f"><code>b62e1c1</code></a>
base_parser.py: conditional evaluation bugfix (<a
href="https://redirect.github.com/tianocore/edk2-pytool-library/issues/425">#425</a>)</li>
<li>See full diff in <a
href="https://github.com/tianocore/edk2-pytool-library/compare/v0.18.2...v0.19.0">compare
view</a></li>
</ul>
</details>
<br />
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description
The current build option inserted from `DynamicTables.dsc.inc` making
the release build debug prints to be completely muted. This is
undesirable when platforms would like to keep logging capabilities, i.e.
advanced logger.
This change removes the build option that inserted the macro definition
and leave the option to platform consumers.
- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
on an a separate Web page, ...
## How This Was Tested
This was tested on proprietary platforms that includes this file and
confirmed release builds can print strings to serial port.
## Integration Instructions
N/A
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on
[edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library)
to permit the latest version.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Taylor Beebe
Joey Vagedes
Oliver Smith-Denny
Project Mu UEFI Bot [bot]
Michael Kubacki
dependabot[bot]
kuqin12