What's Changed

Note: v2.0.0 marks the first release from mu_feature_dfci 🎉. Previous
major release versions were made before moving to this repo.

.pytool/CISettings.py: Use all CodeQL filter files @makubacki (#35)
Change Details
## Description
Updates the CodeQL file filter list to include all filters found in
the repo. This will pick up filters from repos like mu_basecore.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Verified CodeQL filter files being used are expected.

Integration Instructions

N/A

Signed-off-by: Michael Kubacki [email protected]

pip: bump edk2-pytool-extensions from 0.21.8 to 0.22.0 @dependabot (#34)
Change Details
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.8 to 0.22.0.
Release notes

Sourced from edk2-pytool-extensions's releases.
Version 0.22.0

What's Changed

Remove edk2git by @Javagedes in tianocore/edk2-pytool-extensions#407

Integration Instructions

This release has no integration instructions, however git management for edk2_setup, edk2_ci_setup, and git_depenencies has been completely rewritten. While this change has passed all unit and integration tests, it is expected that there will be some growing pains. Please raise an issue for anything that comes up here.

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.9...v0.22.0

Version 0.21.9

What's Changed

Add CLI env information to the argument parser --help by @Javagedes in tianocore/edk2-pytool-extensions#417

edk2_logging: filter secrets [REBASE&FF] by @Javagedes in tianocore/edk2-pytool-extensions#449

edk2_logging Updates [Rebase & FF] by @makubacki in tianocore/edk2-pytool-extensions#443

Other Changes

Bump setuptools from 67.3.1 to 67.3.2 by @dependabot in tianocore/edk2-pytool-extensions#447

Bump mkdocs-material from 9.0.12 to 9.0.13 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#448

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.8...v0.21.9
Commits
- f03cc88 Remove edk2_git.py (#407)
- b202e95 Update vscode settings
- 12acb07 edk2_logging: filter secrets from logs
- 0ee5614 Add CLI env information to the argument parser --help (#417)
- 439b70a Bump mkdocs-material from 9.0.12 to 9.0.13 in /docs/user (#448)
- 88043ec Bump setuptools from 67.3.1 to 67.3.2 (#447)
- f0aab31 Bump setuptools from 67.2.0 to 67.3.1 (#444)
- 921b8ab edk2_logging: Add GCC compilation error info to log
- c09a684 edk2_logging: Strip whitespace from errors
- f7d91d4 test_edk2_logging: Add initial set of logging unit tests
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Correct TPL processing for Apply packets @mikeytdisco (#29)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

Additional testing showed Semm enroll fails to prompt for the thumbprint.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Ran Semm Enroll and Semm Unenroll tests to verify the UI prompt occurred.

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

GitHub Action: Bump microsoft/mu\_devops from 2.0.1 to 2.1.0 @dependabot (#27)
Change Details
Bumps [microsoft/mu_devops](https://github.com/microsoft/mu_devops) from 2.0.1 to 2.1.0.
Release notes

Sourced from microsoft/mu_devops's releases.
v2.1.0

What's Changed

🚀 Features & ✨ Enhancements

Signed-off-by: Michael Kubacki [email protected]

📖 Documentation Updates

Signed-off-by: Michael Kubacki [email protected]

</blockquote> <hr> </details>

Full Changelog: microsoft/mu_devops@v2.0.2...v2.1.0

v2.0.2

What's Changed
... (truncated)
Commits
- bcace84 .sync/workflows/leaf: Add PR formatting validator workflow (#118)
- fe730bb PullRequests.github-issues: Remove uefibot and ProjectMuBot from human PRs (#...
- 883f72d .sync/azure_pipelines: Switch from microdnf to dnf (#115)
- badf2c8 Repo File Sync: synced file(s) with microsoft/mu_devops (#114)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump antlr4-python3-runtime from 4.11.1 to 4.12.0 @dependabot (#26)
Change Details
Bumps [antlr4-python3-runtime](http://www.antlr.org) from 4.11.1 to 4.12.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump edk2-pytool-extensions from 0.21.7 to 0.21.8 @dependabot (#20)
Change Details
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.7 to 0.21.8.
Release notes

Sourced from edk2-pytool-extensions's releases.
Version 0.21.8

What's Changed

Non valued build variable bugfix by @Javagedes in tianocore/edk2-pytool-extensions#441

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.7...v0.21.8
Commits
- f95cbf3 Non valued build variable bugfix (#441)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump edk2-pytool-extensions from 0.21.6 to 0.21.7 @dependabot (#19)
Change Details
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.6 to 0.21.7.
Release notes

Sourced from edk2-pytool-extensions's releases.
Version 0.21.7

What's Changed

edk2toolext/nuget: Download NuGet 6.4.0 (latest release) by @makubacki in tianocore/edk2-pytool-extensions#439

shell_environment: set_shell_var() exception by @Javagedes in tianocore/edk2-pytool-extensions#432

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.6...v0.21.7
Commits
- 51454d8 shell_environment: set_shell_var() exception (#432)
- 5e4344f edk2toolext/nuget: Download NuGet 6.4.0 (latest release) (#439)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump edk2-pytool-extensions from 0.21.2 to 0.21.6 @dependabot (#18)
Change Details
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.2 to 0.21.6.
Release notes

Sourced from edk2-pytool-extensions's releases.
Version 0.21.6

What's Changed

Update pypi required dependencies by @Javagedes in tianocore/edk2-pytool-extensions#438

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.5...v0.21.6

Version 0.21.5

What's Changed

Update release pipeline unit testing by @Javagedes in tianocore/edk2-pytool-extensions#437

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.4...v0.21.5

Version 0.21.4

What's Changed

Bump pefile from 2022.5.30 to 2023.2.7 by @dependabot in tianocore/edk2-pytool-extensions#433

Bump markdown-include from 0.8.0 to 0.8.1 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#435

Bump setuptools from 67.1.0 to 67.2.0 by @dependabot in tianocore/edk2-pytool-extensions#434

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.3...v0.21.4

Version 0.21.3

What's Changed

nuget_publishing: Make license entry in config file optional by @makubacki in tianocore/edk2-pytool-extensions#424

nuget_publishing: Fix logging message typo by @makubacki in tianocore/edk2-pytool-extensions#428

nuget_publishing: Add repository metadata support by @makubacki in tianocore/edk2-pytool-extensions#429

Other Changes

Update github-actions by @Javagedes in tianocore/edk2-pytool-extensions#422

Bump mkdocs-material from 9.0.10 to 9.0.11 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#431

Bump black from 22.12.0 to 23.1.0 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#426

Bump setuptools from 67.0.0 to 67.1.0 by @dependabot in tianocore/edk2-pytool-extensions#425

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.2...v0.21.3
Commits
- c731fd7 Update pypi required dependencies (#438)
- d13b9e4 Update release pipeline unit testing (#437)
- 6e0bd70 Bump setuptools from 67.1.0 to 67.2.0 (#434)
- fb1bbac Bump markdown-include from 0.8.0 to 0.8.1 in /docs/user (#435)
- 10fe1dd Bump pefile from 2022.5.30 to 2023.2.7 (#433)
- 472102d Bump mkdocs-material from 9.0.10 to 9.0.11 in /docs/user (#431)
- 9da01b2 nuget_publishing: Add repository metadata support (#429)
- f1d5517 nuget_publishing: Fix logging message typo (#428)
- bf23dca Bump setuptools from 67.0.0 to 67.1.0 (#425)
- 972e1f6 nuget_publishing: Make license entry in config file optional (#424)
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump edk2-pytool-library from 0.13.1 to 0.14.0 @dependabot (#17)
Change Details
Bumps [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) from 0.13.1 to 0.14.0.
Release notes

Sourced from edk2-pytool-library's releases.
Version 0.14.0

Breaking Changes

Remove deprecated custom enum by @Javagedes in tianocore/edk2-pytool-library#249

Integration Steps

Replace with standard library enum definition

What's Changed

Implemented C array export function and updated utility_functions.py by @Flickdm in tianocore/edk2-pytool-library#244

Feature/update/uefi multi phase by @Flickdm in tianocore/edk2-pytool-library#242

Update buildreport_parser by @Javagedes in tianocore/edk2-pytool-library#256

utility_functions: Force GetHostInfo() to return MacOs by @Javagedes in tianocore/edk2-pytool-library#257

Other Changes

Bump mkdocs-material from 8.5.6 to 9.0.11 in /docs/user by @dependabot in tianocore/edk2-pytool-library#255

New Contributors

@Flickdm made their first contribution in tianocore/edk2-pytool-library#244

Full Changelog: tianocore/edk2-pytool-library@v0.13.1...v0.14.0
Commits
- abce13c utility_functions: Force GetHostInfo() to return MacOs (#257)
- e1645a4 Remove Deprecated custom enum (#249)
- d431b09 Update buildreport_parser (#256)
- fc56d9e EfiVariableAttributes: Enable string / int conversions (#242)
- eb8e5d2 Implmented C array export function and updated utility_functions.py (#244)
- 163b5c8 Bump mkdocs-material from 8.5.6 to 9.0.11 in /docs/user (#255)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Simplifiy Tpl changes @mikeytdisco (#11)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

A TPL inversion was created with how TPL changes were done. This was corrected to always follow normal TPL transitions. The TPL inversion also caused errors on some platfoms.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested locally on Zeus

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

pip: bump edk2-pytool-library from 0.13.0 to 0.13.1 @dependabot (#13)
Change Details
Bumps [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) from 0.13.0 to 0.13.1.
Release notes

Sourced from edk2-pytool-library's releases.
Version 0.13.1

What's Changed

N/A

Other Changes

Replace pipeline CI with action CI by @Javagedes in tianocore/edk2-pytool-library#248

Bump setuptools from 67.0.0 to 67.1.0 by @dependabot in tianocore/edk2-pytool-library#247

Bump mkdocstrings[python] from 0.19.0 to 0.20.0 in /docs/user by @dependabot in tianocore/edk2-pytool-library#250

Bump markdown-include from 0.6.0 to 0.8.0 in /docs/user by @dependabot in tianocore/edk2-pytool-library#251

Bump black from 22.10.0 to 23.1.0 in /docs/user by @dependabot in tianocore/edk2-pytool-library#252

Bump mkdocstrings-python from 0.7.1 to 0.8.3 in /docs/user by @dependabot in tianocore/edk2-pytool-library#253

Bump mkdocs from 1.4.0 to 1.4.2 in /docs/user by @dependabot in tianocore/edk2-pytool-library#254

Full Changelog: tianocore/edk2-pytool-library@v0.13.0...v0.13.1
Commits
- 1d6fb1a Bump mkdocs from 1.4.0 to 1.4.2 in /docs/user (#254)
- f9c6233 Bump mkdocstrings-python from 0.7.1 to 0.8.3 in /docs/user (#253)
- 354d422 Bump black from 22.10.0 to 23.1.0 in /docs/user (#252)
- 7a8493e Bump markdown-include from 0.6.0 to 0.8.0 in /docs/user (#251)
- 4afb6f0 Bump mkdocstrings[python] from 0.19.0 to 0.20.0 in /docs/user (#250)
- 509c958 Replace pipeline CI with action CI (#248)
- 985dc67 Bump setuptools from 67.0.0 to 67.1.0 (#247)
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

pip: bump edk2-pytool-extensions from 0.21.0 to 0.21.2 @dependabot (#8)
Change Details
Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.0 to 0.21.2.
Release notes

Sourced from edk2-pytool-extensions's releases.
Version 0.21.2

Changes

Add ability to skip verification of external dependencies by @Javagedes in tianocore/edk2-pytool-extensions#419

Other Changes

Bump coverage from 7.0.5 to 7.1.0 by @dependabot in tianocore/edk2-pytool-extensions#414

Bump setuptools from 66.1.1 to 67.0.0 by @dependabot in tianocore/edk2-pytool-extensions#420

Bump mkdocs-material from 9.0.6 to 9.0.8 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#421

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.1...v0.21.2

Version 0.21.1

Changes

Platform build SDE failure description by @Javagedes in tianocore/edk2-pytool-extensions#379

Enable non-valued variable defines by @Javagedes in tianocore/edk2-pytool-extensions#372

Other Changes

Update readme by @Javagedes in tianocore/edk2-pytool-extensions#392

Update dependabot.yml by @Javagedes in tianocore/edk2-pytool-extensions#401

Add Temporary fix to integration tests by @Javagedes in tianocore/edk2-pytool-extensions#412

Use reusable workflows to set variables used by multiple workflows in one place by @Javagedes in tianocore/edk2-pytool-extensions#378

Bump coverage from 7.0.4 to 7.0.5 by @dependabot in tianocore/edk2-pytool-extensions#396

Bump pydocstyle from 6.2.3 to 6.3.0 by @dependabot in tianocore/edk2-pytool-extensions#400

Bump pytest from 7.2.0 to 7.2.1 by @dependabot in tianocore/edk2-pytool-extensions#398

Bump mkdocs from 1.4.0 to 1.4.2 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#402

Bump mkdocstrings[python] from 0.19.1 to 0.20.0 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#410

Bump mkdocstrings-python from 0.7.1 to 0.8.3 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#404

Bump markdown-include from 0.6.0 to 0.8.0 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#405

Bump mkdocs-material from 9.0.5 to 9.0.6 in /docs/user by @dependabot in tianocore/edk2-pytool-extensions#409

Bump setuptools from 66.0.0 to 66.1.1 by @dependabot in tianocore/edk2-pytool-extensions#411

Full Changelog: tianocore/edk2-pytool-extensions@v0.21.0...v0.21.1
Commits
- ff69ffd Add ability to skip verification of external dependencies (#419)
- c5218ea Bump mkdocs-material from 9.0.6 to 9.0.8 in /docs/user
- 4700050 Bump setuptools from 66.1.1 to 67.0.0 (#420)
- 6582e93 Bump coverage from 7.0.5 to 7.1.0 (#414)
- 9143522 Bump mkdocs-material from 9.0.5 to 9.0.6 in /docs/user (#409)
- a7517f7 Bump mkdocstrings[python] from 0.19.1 to 0.20.0 in /docs/user (#410)
- fad6242 Bump setuptools from 66.0.0 to 66.1.1 (#411)
- 71a2d5a Temporary fix to integration tests (#412)
- 4a71eb0 Enable non-valued variable defines (#372)
- cf18f2e Bump coverage from 7.0.4 to 7.0.5 (#396)
- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Matrix-Build-Job.yml: Add container support @makubacki (#6)

Change Details

Adds support for container images to the matrix.
Signed-off-by: Michael Kubacki [email protected]

Bump edk2-pytool-library to 0.13.0 @Javagedes (#5)

Change Details

⚠️ Breaking Changes

.azurepipelines: Add support for new artifacts\_identifier param @makubacki (#15)
Change Details
## Description
A new identifier can be used to identify published artifacts (as
of mu_devops 2.0.0 release). This change passes the packages and
targets being built to clarify artifact names.

The default value for the identifier is "Artifacts" so that is
what is being used at the moment. For example, build logs are
published under "Logs Artifacts". After this change, the
identifier will be "Logs <packages> <targets>".
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Verified pipeline artifacts are named as expected.

Integration Instructions

This is considered a "breaking change" because artifacts are accessible via
ADO APIs and can be identified by the artifact name. While it is unlikely any
process is consuming these artifacts based on name, if they are, they will
need to use the new artifact naming convention introduced in this change.

Signed-off-by: Michael Kubacki [email protected]

🚀 Features & ✨ Enhancements

Add CodeQL Stuart parameter to this repo @makubacki (#21)
Change Details
## Description
Allows CodeQL to be run locally by specifying --codeql when
providing stuart_update and stuart_ci_build commands in this
repo.
- stuart_update - Automatically downloads the CodeQL CLI application
  appropriate for your host operating system
  - Note: This may take several minutes depending on your Internet
    connection speed
- stuart_ci_build - Automatically runs CodeQL against the packages
  built after they are built.
NOTE: Running with CodeQL will increase your overall build time for a
couple of reasons:
1. Every package must be clean built to get proper results
2. The CodeQL analysis phase takes a while to run
(1) happens automatically, you do not need to specify a clean build
manually

For more information, such as:
1. How to view results
2. How to modify the CodeQL rules run
3. How to include/exclude files/rules at various levels of granularity
And more...

Go to the CodeQL plugin readme:

https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md

Also, this commit sets STUART_CODEQL_AUDIT_ONLY to TRUE. This is
done to:
1. Demonstrate how to set an entire repo to audit-only mode
2. Allow CodeQL to run without breaking the build at this point in
  source history since issues remain to be fixed on this branch
This will be removed from the file when (2) is completed.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Verified --codeql usage with stuart_update and stuart_ci_build locally.

Integration Instructions

See earlier PR description and CodeQL plugin readme:

https://github.com/microsoft/mu_basecore/blob/HEAD/.pytool/Plugin/CodeQL/Readme.md

Signed-off-by: Michael Kubacki [email protected]

.azurepipelines: Add support for new artifacts\_identifier param @makubacki (#15)
Change Details
## Description
A new identifier can be used to identify published artifacts (as
of mu_devops 2.0.0 release). This change passes the packages and
targets being built to clarify artifact names.

The default value for the identifier is "Artifacts" so that is
what is being used at the moment. For example, build logs are
published under "Logs Artifacts". After this change, the
identifier will be "Logs <packages> <targets>".
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Verified pipeline artifacts are named as expected.

Integration Instructions

This is considered a "breaking change" because artifacts are accessible via
ADO APIs and can be identified by the artifact name. While it is unlikely any
process is consuming these artifacts based on name, if they are, they will
need to use the new artifact naming convention introduced in this change.

Signed-off-by: Michael Kubacki [email protected]

🐛 Bug Fixes

Update lock test pass message to avoid confusion @mikeytdisco (#39)
Change Details
# Preface
Description

Change the Pass message to not be associated with an error message.
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

N/A

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

DfciPkg/UiSupport: Fix bad size in memory alloc @makubacki (#31)
Change Details
## Description
AllocatePool () takes a UINTN argument that specifies the size
of buffer to allocate. If the size is 0, a buffer of size 0 is
returned.

The code modified here calls AllocatePool () as follows:
CertText = AllocatePool (L'\0');

The single wide-character literal \0 has an integer value of zero.

This change updates the call to be sizeof (L'\0') which will
pass the bytes required to hold the character.

This will allow the buffer to hold the character in the following
assignment to the buffer:

CertText[0] = L'\0';
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Compile DfciPkg with change

Integration Instructions

N/A

Signed-off-by: Michael Kubacki [email protected]
```
  </blockquote>
  <hr>
</details>
```

🔐 Security Impacting

DfciPkg: Additional CodeQL fixes @TaylorBeebe (#24)
Change Details
## Description
Various fixes
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Building DfciPkg

Integration Instructions

N/A

Update DfciVarLock to correctly lock Dfci Variables @mikeytdisco (#23)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

The commit at ac4bd1b was not tested thoroughly and left some DFCI variables unlocked.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- [x ] Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- [x ] Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- [x ] Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested on multiple platforms.

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

📖 Documentation Updates

Add Test requirement for using local Refresh from Network server. @mikeytdisco (#3)
Change Details
# Preface
Description

This PR adds a requirement to use a local Refresh from Network server, and how to set one up on a Windows system using WSL2 and Docket Desktop. This PR is a test environment only PR, and does not affect Dfci operation.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested locally

Integration Instructions

The ability to test Refresh from Network has changed significantly.
You will have to read the DfciTests Documentation, as there are significant changes on testing Refresh from Network.
Instead of a hand built Azure server, each entity testing Dfci has to publish their own Refresh Server.

Minor changes to Readme.rst @mikeytdisco (#4)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

<Please include a description of the change and why this change was made.>

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

None

Integration Instructions

N/A
```
  </blockquote>
  <hr>
</details>
```

Update document links to point into mu\_feature\_dfci @mikeytdisco (#2)
Change Details
# Preface
Please ensure you have read the contribution docs prior
to submitting the pull request. In particular,
pull request guidelines.

Description

Updated document links to point into this repository.

For each item, place an "x" in between [ and ] if true. Example: [x].
(you can also check items in the GitHub UI)
- Impacts functionality?
  - Functionality - Does the change ultimately impact how firmware functions?
  - Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
  - Security - Does the change have a direct security impact on an application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- Breaking change?
  - Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  - Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
- Includes tests?
  - Tests - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [x ] Includes documentation?
  - Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  - Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...
How This Was Tested

Tested locally.

Integration Instructions

N/A

Full Changelog: ...v0.1.0

v2.0.0

What's Changed

How This Was Tested

Integration Instructions

Version 0.22.0

What's Changed

Integration Instructions

Version 0.21.9

What's Changed

Other Changes

Description

How This Was Tested

Integration Instructions

v2.1.0

What's Changed

🚀 Features & ✨ Enhancements

📖 Documentation Updates

v2.0.2

What's Changed

Version 0.21.8

What's Changed

Version 0.21.7

What's Changed

Version 0.21.6

What's Changed

Version 0.21.5

What's Changed

Version 0.21.4

What's Changed

Version 0.21.3

What's Changed

Other Changes

Version 0.14.0

Breaking Changes

Integration Steps

What's Changed

Other Changes

New Contributors

Description

How This Was Tested

Integration Instructions

Version 0.13.1

What's Changed

Other Changes

Version 0.21.2

Changes

Other Changes

Version 0.21.1

Changes

Other Changes

⚠️ Breaking Changes

How This Was Tested

Integration Instructions

🚀 Features & ✨ Enhancements

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🐛 Bug Fixes

Description

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🔐 Security Impacting

How This Was Tested

Integration Instructions

Description

How This Was Tested

Integration Instructions

📖 Documentation Updates

Description

How This Was Tested

Integration Instructions

Description

How This Was Tested

Integration Instructions

Description

How This Was Tested

Integration Instructions