## Description
Allows CodeQL to be run locally by specifying `--codeql` when
providing `stuart_update` and `stuart_ci_build` commands in this
repo.
- `stuart_update` - Automatically downloads the CodeQL CLI application
appropriate for your host operating system
- Note: This may take several minutes depending on your Internet
connection speed
- `stuart_ci_build` - Automatically runs CodeQL against the packages
built after they are built.
NOTE: Running with CodeQL will increase your overall build time for a
couple of reasons:
1. Every package must be clean built to get proper results
2. The CodeQL analysis phase takes a while to run
(1) happens automatically, you do not need to specify a clean build
manually
For more information, such as:
1. How to view results
2. How to modify the CodeQL rules run
3. How to include/exclude files/rules at various levels of granularity
And more...
Go to the CodeQL plugin readme:
https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md
---
Also, this commit sets `STUART_CODEQL_AUDIT_ONLY` to `TRUE`. This is
done to:
1. Demonstrate how to set an entire repo to audit-only mode
2. Allow CodeQL to run without breaking the build at this point in
source history since issues remain to be fixed on this branch
This will be removed from the file when (2) is completed.
---
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
## How This Was Tested
Verified `--codeql` usage with `stuart_update` and `stuart_ci_build` locally.
## Integration Instructions
See earlier PR description and CodeQL plugin readme:
https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
## Description
Add libraries needed to support /GS MSVC flag.
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
## How This Was Tested
Verified IntelFsp2Pkg VS2022 build.
## Integration Instructions
N/A - Local package build
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
## Description
The /GS flag will not be added to VS2015 and VS2017 builds. This change removes the addition of stack cookie support libraries for VS2015 and VS2017 builds.
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [ ] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
## How This Was Tested
N/A - VS2015 or VS2017 are no longer supported
## Integration Instructions
N/A
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4114
1.Use xmm5 slot 1 and xmm6 slot 3 to save ucode status and UPD pointer
respectively in TempRamInitApi in IA32 FspSecCoreT.
2.Correct inappropriate description in the return value of
AsmGetFspInfoHeader.
3.Replace hardcoded offset value 0x1C with FSP_HEADER_IMGBASE_OFFSET in
FspHeler.nasm.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Chinni B Duggapu <chinni.b.duggapu@intel.com>
Signed-off-by: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4114
FSP specification supports input UPD as NULL cases which FSP will
use built-in UPD region instead.
FSP should not return INVALID_PARAMETER in such cases.
In FSP-T entry point case, the valid FSP-T UPD region pointer will be
passed to platform FSP code to consume.
In FSP-M and FSP-S cases, valid UPD pointer will be decided when
updating corresponding pointer field in FspGlobalData.
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Reviewed-by: Ted Kuo <ted.kuo@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4126
Common functions will have either 32bit or 64bit instances which
having different return code size. Function header should support both
scenarios.
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
## Description
A new identifier can be used to identify published artifacts (as
of mu_devops 2.0.0 release). This change passes the packages and
targets being built to clarify artifact names.
The default value for the identifier is "Artifacts" so that is
what is being used at the moment. For example, build logs are
published under `"Logs Artifacts"`. After this change, the
identifier will be `"Logs <packages> <targets>"`.
- [ ] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [ ] Impacts security?
- **Security** - Does the change have a direct security impact on an application,
flow, or firmware?
- Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- [x] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a break
in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
- **Tests** - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation additions
outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
## How This Was Tested
Verified pipeline artifacts are named as expected.
## Integration Instructions
This is considered a "breaking change" because artifacts are accessible via
ADO APIs and can be identified by the artifact name. While it is unlikely any
process is consuming these artifacts based on name, if they are, they will
need to use the new artifact naming convention introduced in this change.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
## Description
Changes the matrix build job to be able to take input for the container
image used in the generic mu_devops file generated.
Will be used by: https://github.com/microsoft/mu_devops/pull/59
- [ ] Impacts functionality?
- [ ] Impacts security?
- [ ] Breaking change?
- [ ] Includes tests?
- [ ] Includes documentation?
## How This Was Tested
Tested on test pipeline with mu_devops changes made locally
## Integration Instructions
N/A
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4048
The FILE_GUID for this library instance file is a duplicate of
Library/SecFspSecPlatformLibNull/SecFspSecPlatformLibNull.inf.
This change replaces the duplicated GUID value with a unique GUID.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Michael D Kinney <michael.d.kinney>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4049
Link error occurred in certain compiling environment when building
FspSecCoreI: unresolved external symbol _TempRamInitApi.
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4063
Added NvsBufferPtr to FSPM_UPD_COMMON_FSP24 in Fsp24ApiEntryM.nasm to
align with FSP 2.4 SPEC.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Ashraf Ali S <ashraf.ali.s@intel.com>
Cc: Chinni B Duggapu <chinni.b.duggapu@intel.com>
Signed-off-by: Ted Kuo <ted.kuo@intel.com>
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3916
Adopt MultiPhase functions for both FspSecCoreS and FspSecCoreM.
For backward compatibility, new INF are created for new modules.
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Chasel Chiu <chasel.chiu@intel.com>
Reviewed-by: Nate DeSimone <nathaniel.l.desimone@intel.com>
Adds an action to automatically sync labels used in this repository
from a centralized file in Project Mu DevOps.
https://github.com/microsoft/mu_devops
New labels should be added to the `Labels.yml` file in mu_devops.
Repo-specific labels are allowed to be defined. Those can either be
created in a repo-local config YAML file (preferred) or manually
in the "Labels" section of the repo.
- [ ] Breaking change?
- Will this change break pre-existing builds or functionality without action being taken?
**No**
On fork repositories.
Now downstream integration required, only impacts this repo
Repo users should understand label definitions and read instructions
noted in this change regarding how to modify labels in the future.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Enables stale bot to automatically closed old issues in this repo.
https://github.com/actions/stale
This action is largely based on a reusable workflow from Mu DevOps.
Current configuration:
- Stale PR: After 60 days
- Stale Issue: After 45 days
- Days until PR and Issue close: 7 days
- Exempt labels:
- `impact:security`
- `state:backlog`
- `state:under-discussion`
- Stale Issue label: `state:stale`
- Stale PR label: `state:stale`
- Comments are left when marked stale and when closed
These settings come directly from the default setting values in
the Mu DevOps reusable workflow.
Note: The `workflow_dispatch` trigger is added to allow the workflow to be manually
invoked if ever needed.
- [ ] Breaking change?
- Will this change break pre-existing builds or functionality without action being taken?
**No**
On fork repositories.
N/A - Only affects the GitHub workflow in this repo
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Since we are currently aligned on CRLF line endings (inherited from
TianoCore), this change updates any non-CRLF line endings to be CRLF.
Since these files are mostly taken as-is from IntelSiliconPkg, I was
considering disabling the check. But, PatchCheck is run on
IntelSiliconPkg (in edk2-platforms) and I confirmed the files there
are CRLF so these line ending changes likely occurred during the
Mu porting of IntelSiliconPkg.
Therefore, for now, I recommend we fix the line endings and leave
the check enabled to match the line endings upstream.
Fixes errors reported by Line Ending Check Test.
- [ ] Breaking change?
- Will this change break pre-existing builds or functionality without
action being taken?
**POSSIBLY** - Tools will break if they depend on LF line endings.
1. Checked line endings in files before change (LF)
2. Checked line endings in files after change (CRLF)
N/A
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
## Description
Updates this repo to use mu_devops for Azure Pipeline definitions.
In order to centralize definitions and avoid build churn in individual
Mu repos,
some changes are made to allow build administrators to quickly adjust
settings:
- Toolchain, VM image, and architecture are controlled by build
administrators through centralized
variable groups
- CI triggers, CI schedules, and PR triggers are controlled by build
administrators within the
individual pipeline UI settings
- [ ] Breaking change?
- Will this change break pre-existing builds or functionality without
action being taken?
**No**
## How This Was Tested
Verified in test pipelines.
## Integration Instructions
N/A - No developer integration required
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3540
Adds a NULL instance of SmmAccessLib.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Michael Kubacki
dependabot[bot]
Taylor Beebe
Kuo, Ted
Chasel Chiu
Project Mu UEFI Bot [bot]
Chris Fernald
kenlautner
Ken Lautner
Bret Barkelew
Bret Barkelew