Skip to content

Releases: microsoft/mu_feature_dfci

v2.3.1

06 Apr 20:05
@github-actions github-actions
v2.3.1
426e8d5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.3.1

What's Changed

  • Remove references to a function removed long ago @mikeytdisco (#76)
    Change Details
      ## Description

    Code comments and the library DfciUiSupportLibNull reference a function no longer used. This removes the dead code from the NULL library, and updates comments in the active code. Fixes #75

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?

    • Impacts security?

    • Breaking change?

    • Includes tests?

    • Includes documentation?

    How This Was Tested

    Not tested

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • Fix duplicate name error when adding second firewall rule @mikeytdisco (#73)
    Change Details
      ## Description

    Originally tested on a system where the firewall was disabled, so the missing firewall entry error was not observed. Fixes #74

    • Impacts functionality?

    • Impacts security?

    • Breaking change?

    • Includes tests?

      • Changes the setup script

    • Includes documentation?

    How This Was Tested

    Tested configuring a Windows Guest running in a QemuQ35Pkg VM.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

🐛 Bug Fixes

  • DfciPkg/DfciMenu: Fix memory leaks @wenbhou (#66)
    Change Details
      ## Description

    Fix #65

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Run standard testing:

    1. DFCI_InitialState
    2. DFCI_InTuneEnroll
    3. DFCI_InTuneRollCerts
    4. DFCI_InTunePermissions
    5. DFCI_InTuneSettings
    6. DFCI_InTuneBadUpdate
    7. DFCI_InTuneUnenroll

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

Full Changelog: v2.3.0...v2.3.1

Contributors

mikeytdisco and wenbhou
Assets 2
Loading

v2.3.0

04 Apr 00:43
@github-actions github-actions
v2.3.0
0fc28dd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.3.0

What's Changed

🚀 Features & ✨ Enhancements

  • Revert VarPolicy locking change @spbrogan (#70)
    Change Details
      ## Description

    Revert Variable locking change due to side effects (not locking) on some platforms.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?

    How This Was Tested

    CI and code inspection. Platform testing will be performed ASAP

    Integration Instructions

    DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.



🐛 Bug Fixes

  • Revert VarPolicy locking change @spbrogan (#70)
    Change Details
      ## Description

    Revert Variable locking change due to side effects (not locking) on some platforms.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?

    How This Was Tested

    CI and code inspection. Platform testing will be performed ASAP

    Integration Instructions

    DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.



🔐 Security Impacting

  • Revert VarPolicy locking change @spbrogan (#70)
    Change Details
      ## Description

    Revert Variable locking change due to side effects (not locking) on some platforms.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?

    How This Was Tested

    CI and code inspection. Platform testing will be performed ASAP

    Integration Instructions

    DFCI Feature requires Project Mu Phase Variables. If that is present, then no integration required.



Full Changelog: v2.2.0...v2.3.0

Contributors

spbrogan
Assets 2
Loading

v2.2.0

31 Mar 18:22
@github-actions github-actions
v2.2.0
4bf67f2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.2.0

What's Changed

🐛 Bug Fixes

  • Make DFCI Lock Var Runtime accessible @spbrogan (#64)
    Change Details
      ## Description

    Due to how Variable Locking works the lock variable should be runtime accessible.

    • Impacts functionality?
    • Impacts security?

    How This Was Tested

    Code inspection

    Integration Instructions

    NA

      </blockquote>
  <hr>
</details>

🔐 Security Impacting

  • Make DFCI Lock Var Runtime accessible @spbrogan (#64)
    Change Details
      ## Description

    Due to how Variable Locking works the lock variable should be runtime accessible.

    • Impacts functionality?
    • Impacts security?

    How This Was Tested

    Code inspection

    Integration Instructions

    NA

      </blockquote>
  <hr>
</details>

Full Changelog: v2.1.0...v2.2.0

Contributors

spbrogan
Assets 2
Loading

v2.1.0

31 Mar 15:29
@github-actions github-actions
v2.1.0
3b324ef
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.0

What's Changed

🐛 Bug Fixes

  • Revert invalid change which breaks DFCI Refresh from network from "Add Test requirement for using local Refresh from Network server. (#3)" 577c811 @spbrogan (#61)
    Change Details   Resolve issue where DFCI network refresh returns error code 400: bad request.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Code inspection. Additional testing will be done by product teams.


Full Changelog: v2.0.2...v2.1.0

Contributors

spbrogan
Assets 2
Loading

v2.0.2

28 Mar 13:46
@github-actions github-actions
v2.0.2
f60becd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.2

What's Changed

  • Corrected use of BOOLEAN for values other than TRUE and FALSE @apop5 (#54)
    Change Details
      ## Description Uefi coding standard states that BOOLEANs should only contain TRUE or FALSE.

    Corrected area of code that are using a BOOLEAN to store a UINT8 value.

    Functionality is not affected because of how BOOLEAN is declared in ProcessorBind.h. (BOOLEAN and UINT8 are the same type)

    Fixes #45

    Minor CI change for MD034/no-bare-urls due to open parenthesis being on different line.

    For each item, place an "x" in between [ and ] if true. Example: [x].
    (you can also check items in the GitHub UI)

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Ran Local CI

    Integration Instructions

    N/A



🐛 Bug Fixes

  • Refactor ProviderValueAsAscii() @wenbhou (#48)
    Change Details
      ## Description

    Refactor ProviderValueAsAscii() and remove following macros to make it can allocate buffer with right size for each setting.
    Fix #43

    #define ENABLED_STRING_SIZE                (9)
#define ASSET_TAG_STRING_MAX_SIZE          (22)
#define SECURE_BOOT_ENUM_STRING_SIZE       (20)
#define SYSTEM_PASSWORD_STATE_STRING_SIZE  (30)
#define USB_PORT_STATE_STRING_SIZE         (20)
    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested with SEMM tool. No regression seen.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

🔐 Security Impacting

  • DfciPkg: More CodeQL fixes @TaylorBeebe (#53)
    Change Details
      ## Description

    Various fixes

    • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware
      functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm,
      ...
    • Impacts security?
    • Security - Does the change have a direct security impact on an
      application,
      flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
    • Breaking change - Will anyone consuming this change experience a
      break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo,
      call
      a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
    • Documentation - Does the change contain explicit documentation
      additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to
      documentation
      on an a separate Web page, ...

    How This Was Tested

    Build and boot changes on QemuQ35Pkg to EFI shell.

    Integration Instructions

    N/A



Full Changelog: v2.0.1...v2.0.2

Contributors

TaylorBeebe, wenbhou, and apop5
Assets 2
Loading

v2.0.1

09 Mar 19:18
@github-actions github-actions
v2.0.1
9694a42
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.1

What's Changed

🐛 Bug Fixes

  • Update buffer size for string of DFCI setting @wenbhou (#36)
    Change Details
      Fixes #41

    Description

    1. Increase ENABLED_STRING_SIZE & USB_PORT_STATE_STRING_SIZE so that the buffer allocated can be big enough to accommodate the string of DFCI setting, otherwise the generated DFCI setting string will be truncated.
    2. Remove define of ASSET_TAG_STRING_MAX_SIZE which is no longer used.
    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Verified with SEMM tool:

    1. Set USB port to UsbPortAuthenticated via ConfigureSEMM.ps1
    2. Reboot
    3. Verify with CurrentSettings.ps1. The USB port is in correct mode.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

Full Changelog: v2.0.0...v2.0.1

Contributors

wenbhou
Assets 2
Loading

v2.0.0

28 Feb 21:28
@github-actions github-actions
v2.0.0
c0f7b04
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0

What's Changed

Note: v2.0.0 marks the first release from mu_feature_dfci 🎉. Previous
major release versions were made before moving to this repo.

  • .pytool/CISettings.py: Use all CodeQL filter files @makubacki (#35)
    Change Details
      ## Description

    Updates the CodeQL file filter list to include all filters found in
    the repo. This will pick up filters from repos like mu_basecore.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Verified CodeQL filter files being used are expected.

    Integration Instructions

    N/A

    Signed-off-by: Michael Kubacki [email protected]



  • pip: bump edk2-pytool-extensions from 0.21.8 to 0.22.0 @dependabot (#34)
    Change Details
      Bumps [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) from 0.21.8 to 0.22.0.
    Release notes

    Sourced from edk2-pytool-extensions's releases.

    Version 0.22.0

    What's Changed

    Integration Instructions

    This release has no integration instructions, however git management for edk2_setup, edk2_ci_setup, and git_depenencies has been completely rewritten. While this change has passed all unit and integration tests, it is expected that there will be some growing pains. Please raise an issue for anything that comes up here.

    Full Changelog: tianocore/edk2-pytool-extensions@v0.21.9...v0.22.0

    Version 0.21.9

    What's Changed

    Other Changes

    Full Changelog: tianocore/edk2-pytool-extensions@v0.21.8...v0.21.9

    Commits
    • f03cc88 Remove edk2_git.py (#407)
    • b202e95 Update vscode settings
    • 12acb07 edk2_logging: filter secrets from logs
    • 0ee5614 Add CLI env information to the argument parser --help (#417)
    • 439b70a Bump mkdocs-material from 9.0.12 to 9.0.13 in /docs/user (#448)
    • 88043ec Bump setuptools from 67.3.1 to 67.3.2 (#447)
    • f0aab31 Bump setuptools from 67.2.0 to 67.3.1 (#444)
    • 921b8ab edk2_logging: Add GCC compilation error info to log
    • c09a684 edk2_logging: Strip whitespace from errors
    • f7d91d4 test_edk2_logging: Add initial set of logging unit tests
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • Correct TPL processing for Apply packets @mikeytdisco (#29)
    Change Details
      # Preface

    Please ens...

Read more

Contributors

mikeytdisco, makubacki, and 3 other contributors
Assets 2
Loading