From 2d0facae5323e343c3a7e70426faf5bcb92b4cbe Mon Sep 17 00:00:00 2001 From: Vivian Nowka-Keane Date: Tue, 9 Apr 2024 13:00:06 -0700 Subject: [PATCH 1/7] Advanced Logger Binary Dump Windows Executable (#453) ## Description Console app to get Advanced Logger binary dump. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ x] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Built and ran on ARM and x64 machines. Verified output was identical to DecodeUefiLog script raw dump. ## Integration Instructions N/A --- .../Application/Windows/AdvLoggerDumpWin.sln | 37 ++++ .../AdvLoggerDumpWin/AdvLoggerDumpWin.vcxproj | 164 +++++++++++++++++ .../AdvLoggerDumpWin/PropertySheet.props | 16 ++ .../Windows/AdvLoggerDumpWin/ReadMe.md | 51 ++++++ .../Windows/AdvLoggerDumpWin/main.cpp | 171 ++++++++++++++++++ .../Windows/AdvLoggerDumpWin/main.h | 17 ++ .../Windows/AdvLoggerDumpWin/packages.config | 4 + 7 files changed, 460 insertions(+) create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin.sln create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/AdvLoggerDumpWin.vcxproj create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/PropertySheet.props create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/ReadMe.md create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.cpp create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.h create mode 100644 AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/packages.config diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin.sln b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin.sln new file mode 100644 index 0000000000..696b697898 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin.sln @@ -0,0 +1,37 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.8.34330.188 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "AdvLoggerDumpWin", "AdvLoggerDumpWin\AdvLoggerDumpWin.vcxproj", "{F983380B-B6C4-44EE-8835-0137E0876321}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|ARM64.Build.0 = Debug|ARM64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x64.ActiveCfg = Debug|x64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x64.Build.0 = Debug|x64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x86.ActiveCfg = Debug|Win32 + {F983380B-B6C4-44EE-8835-0137E0876321}.Debug|x86.Build.0 = Debug|Win32 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|ARM64.ActiveCfg = Release|ARM64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|ARM64.Build.0 = Release|ARM64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|x64.ActiveCfg = Release|x64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|x64.Build.0 = Release|x64 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|x86.ActiveCfg = Release|Win32 + {F983380B-B6C4-44EE-8835-0137E0876321}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {514003CD-1327-488E-9C4E-8761C728A1E3} + EndGlobalSection +EndGlobal diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/AdvLoggerDumpWin.vcxproj b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/AdvLoggerDumpWin.vcxproj new file mode 100644 index 0000000000..768e896926 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/AdvLoggerDumpWin.vcxproj @@ -0,0 +1,164 @@ + + + + + true + true + true + true + 15.0 + {f983380b-b6c4-44ee-8835-0137e0876321} + Win32Proj + AdvLoggerDumpWin + 10.0.22621.0 + 10.0.17134.0 + + + + + Debug + ARM64 + + + Debug + Win32 + + + Release + ARM64 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + Application + v143 + v142 + v141 + v140 + Unicode + + + true + true + + + false + true + true + + + Static + + + Static + + + Static + + + + + + + + + + + + + + + + NotUsing + + + + + _CONSOLE;WIN32_LEAN_AND_MEAN;WINRT_LEAN_AND_MEAN;%(PreprocessorDefinitions) + Level4 + %(AdditionalOptions) /permissive- /bigobj + + + + + Disabled + _DEBUG;%(PreprocessorDefinitions) + ProgramDatabase + MultiThreadedDebugDLL + false + ProgramDatabase + false + + + Console + false + RequireAdministrator + RequireAdministrator + true + + + + + WIN32;%(PreprocessorDefinitions) + + + + + MaxSpeed + true + true + NDEBUG;%(PreprocessorDefinitions) + MultiThreaded + MultiThreaded + Default + true + true + true + + + Console + false + + + false + + + RequireAdministrator + RequireAdministrator + + + + + + + + + + + + + + + + + + + + + This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. + + + + + \ No newline at end of file diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/PropertySheet.props b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/PropertySheet.props new file mode 100644 index 0000000000..9099073af9 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/PropertySheet.props @@ -0,0 +1,16 @@ + + + + + + + + diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/ReadMe.md b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/ReadMe.md new file mode 100644 index 0000000000..4186477966 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/ReadMe.md @@ -0,0 +1,51 @@ +# AdvLoggerPkg - AdvLoggerDumpWin + +AdvLoggerDumpWin is used to retrieve the advanced UEFI debug log stored in system memory. +If the Advanced Logger is enabled, the debug log is stored in memory and is available through the UEFI +Variable store. + +## About + +This tool creates a Windows executable that writes the UEFI variable data to a binary log file. As the +log in memory has additional metadata and alignment structure, DecodeUefiLog.py (in AdvLoggerPkg) +parses the in-memory UefiLog to a text stream and writes the decoded log to a local file. The Python +script can be used to both retrieve the log and decode it. +AdvLoggerDumpWin is able to be used in systems without Python. + +## Building + +To build the project, install Visual Studio 2022 with the following workloads: + +* Desktop development with C++ +* Universal Windows Platform development + +For individual components, ensure the following are installed (may be included with the above workloads): + +* Windows 11 SDK +* NugGet package manager +* MSVC v143 - VS 2022 C++ (Your Architecture) build tools +* C++ ATL fot latest v143 build tools (Your Architecture) +* C++ MFC for latest v143 build tools (Your Architecture) + +In Visual Studio, open the project solution file AdvLoggerPkg\Application\Windows\AdvLoggerDumpWin.sln + +The packages.config should tell NuGet to install the Microsoft.Windows.CppWinRT package. If not, add nuget.org +as a package source and install the package. + +Build the solution in Release mode. The executable will be in the Release folder for the given architecture. + +## Usage + +With administrator privileges, run the executable. +In an administrator command prompt: + +```.sh +AdvLoggerDumpWin.exe +``` + +The program creates a new log file `new_logfile.bin` in the current directory. + +## Copyright + +Copyright (C) Microsoft Corporation. \ +SPDX-License-Identifier: BSD-2-Clause-Patent diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.cpp b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.cpp new file mode 100644 index 0000000000..6e41deed07 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.cpp @@ -0,0 +1,171 @@ +/** @file +main.cpp + +Copyright (C) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include "main.h" +#include +#include +#include +#include +#include +#include + +using namespace winrt; +using namespace Windows::Foundation; +using namespace std; + +// +// Elevate current process system environment privileges to access UEFI variables +// +static int +ElevateCurrentPrivileges ( + ) +{ + HANDLE ProcessHandle = GetCurrentProcess (); + DWORD DesiredAccess = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY; + HANDLE hProcessToken; + TOKEN_PRIVILEGES tp; + LUID luid; + int Status = 0; + + if (!LookupPrivilegeValue (NULL, L"SeSystemEnvironmentPrivilege", &luid)) { + Status = GetLastError (); + cout << "Failed to lookup privilege value. Errno " << Status << endl; + return Status; + } + + if (!OpenProcessToken (ProcessHandle, DesiredAccess, &hProcessToken)) { + Status = GetLastError (); + cout << "Failed to open process token. Errno " << Status << endl; + return Status; + } + + tp.PrivilegeCount = 1; + tp.Privileges[0].Luid = luid; + tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + + if (!AdjustTokenPrivileges (hProcessToken, FALSE, &tp, sizeof (TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) { + Status = GetLastError (); + cout << "Failed to adjust token privileges. Errno " << Status << endl; + return Status; + } + + if (GetLastError () == ERROR_NOT_ALL_ASSIGNED) { + Status = (int)ERROR_NOT_ALL_ASSIGNED; + cout << "The token does not have the specified privilege. Errno " << Status << endl; + return Status; + } + + CloseHandle (ProcessHandle); + return SUCCESS; +} + +// +// Create log file by retrieving AdvancedLogger variables from UEFI interface +// +int +ReadLogFromUefiInterface ( + fstream &lfile + ) +{ + int Status = 0; + int i = 0; + DWORD length = 0; + DWORD err = 0; + + stringstream varName; + char *varBuffer = (char *)malloc (MAX_VAR_LENGTH + 1); + + // string to LPCWSTR conversion + string tmpGuid = "{a021bf2b-34ed-4a98-859c-420ef94f3e94}"; + wstring tmpGuidW = wstring (tmpGuid.begin (), tmpGuid.end ()); + LPCWSTR guid = tmpGuidW.c_str (); + + // + // Parse variables by index until reached end of log + // + while (Status == 0) { + string tmpVarName = "V" + to_string (i); + wstring tmpVarNameW = wstring (tmpVarName.begin (), tmpVarName.end ()); + LPCWSTR varNameConst = tmpVarNameW.c_str (); + + // Retrieve one advanced logger indexed variable via kernel32 API + length = GetFirmwareEnvironmentVariableW (varNameConst, guid, varBuffer, MAX_VAR_LENGTH); + + if (length == 0) { + err = GetLastError (); + + // If error is ERROR_NOT_FOUND (203), reached end of variables + if (err != 203) { + Status = EFI_ERROR; + cout << "Error reading variable " << tmpVarName << " errno: " << err << endl; + return Status; + } else { + Status = (int)err; + } + } + + if (Status == 0) { + i += 1; + streamsize varSize = (streamsize)length; + lfile.write (varBuffer, varSize); + if (lfile.fail ()) { + cout << "Failed to write to file\n"; + Status = CONS_ERROR; + return Status; + } + } else if (i == 0) { + cout << "No variables found.\n"; + return Status; + } else { + cout << i << " variables read. " << lfile.tellg () << " chars written.\n"; + } + + if (varBuffer) { + ZeroMemory (varBuffer, MAX_VAR_LENGTH); + } + } + + free (varBuffer); + return SUCCESS; +} + +int +main ( + ) +{ + fstream logfile; + const char *newRawFilename = ".\\new_logfile.bin"; + int Status = 0; + + Status = ElevateCurrentPrivileges (); + if (Status != 0) { + cout << "Failed to elevate privileges, errno:" << Status << endl; + return Status; + } + + // Create new binary logfile + logfile.open (newRawFilename, ios::out | ios::binary); + if (!logfile) { + cout << "Error opening file.\n"; + Status = FILE_ERROR; + return Status; + } + + Status = ReadLogFromUefiInterface (logfile); + if (Status != SUCCESS) { + cerr << "Error reading log, exiting.\n"; + return LOG_ERROR; + } + + logfile.close (); + if (logfile.fail ()) { + cout << "Error closing file.\n"; + return FILE_ERROR; + } + + return SUCCESS; +} diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.h b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.h new file mode 100644 index 0000000000..bff9be79c9 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/main.h @@ -0,0 +1,17 @@ +/** @file +main.h + +Copyright (C) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#pragma once +#include +#include + +#define EFI_ERROR 1 +#define CONS_ERROR 2 +#define FILE_ERROR 3 +#define LOG_ERROR 4 +#define SUCCESS 0 +#define MAX_VAR_LENGTH 1024*1024 diff --git a/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/packages.config b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/packages.config new file mode 100644 index 0000000000..90f0d13a53 --- /dev/null +++ b/AdvLoggerPkg/Application/Windows/AdvLoggerDumpWin/packages.config @@ -0,0 +1,4 @@ + + + + From a44001ae166c377ba57b620dc720fe43a67b8521 Mon Sep 17 00:00:00 2001 From: Taylor Beebe Date: Tue, 9 Apr 2024 10:47:56 -0700 Subject: [PATCH 2/7] Paging Audit: Remove and Rename Some Tests Description Remove the AllocatedPagesAndPoolsAreProtected test because the state that it tests is not required by the Enhanced Memory Protection spec and a similar test is executed in the DxeMemoryProtectionTestApp. Rename the NullCheck test to NullPageIsRp to make it more clear what the test does. - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [x] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... How This Was Tested Tested by building and running the test on Q35 Integration Instructions N/A --- .../UEFI/Dxe/App/DxePagingAuditTestApp.c | 96 +------------------ 1 file changed, 2 insertions(+), 94 deletions(-) diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c index 0b7c914482..3617bb58ab 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c +++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c @@ -977,97 +977,6 @@ IsMemoryAttributeProtocolPresent ( return UNIT_TEST_PASSED; } -/** - Allocates Pages and Pools of each memory type and - checks that the returned buffers have restrictive - access attributes. - - @param[in] Context Unit test context - - @retval UNIT_TEST_PASSED The unit test passed - @retval other The unit test failed -**/ -UNIT_TEST_STATUS -EFIAPI -AllocatedPagesAndPoolsAreProtected ( - IN UNIT_TEST_CONTEXT Context - ) -{ - UINTN Index; - BOOLEAN TestFailure; - UINTN *PageAllocations[EfiMaxMemoryType]; - UINTN *PoolAllocations[EfiMaxMemoryType]; - - DEBUG ((DEBUG_INFO, "%a Enter...\n", __FUNCTION__)); - - TestFailure = FALSE; - ZeroMem (PageAllocations, sizeof (PageAllocations)); - ZeroMem (PoolAllocations, sizeof (PoolAllocations)); - - for (Index = 0; Index < EfiMaxMemoryType; Index++) { - if ((Index != EfiConventionalMemory) && (Index != EfiPersistentMemory) && (Index != EfiUnacceptedMemoryType)) { - PageAllocations[Index] = AllocatePages (1); - if (PageAllocations[Index] == NULL) { - UT_LOG_ERROR ("Failed to allocate one page for memory type %d\n", Index); - TestFailure = TRUE; - } - - PoolAllocations[Index] = AllocatePool (8); - if (PoolAllocations[Index] == NULL) { - UT_LOG_ERROR ("Failed to allocate an 8 byte pool for memory type %d\n", Index); - TestFailure = TRUE; - } - } - } - - UT_ASSERT_NOT_EFI_ERROR (ValidatePageTableMapSize ()); - UT_ASSERT_NOT_EFI_ERROR (PopulatePageTableMap ()); - - for (Index = 0; Index < EfiMaxMemoryType; Index++) { - if ((Index != EfiConventionalMemory) && (Index != EfiPersistentMemory) && (Index != EfiUnacceptedMemoryType)) { - if (!ValidateRegionAttributes ( - &mMap, - (UINT64)PageAllocations[Index], - EFI_PAGE_SIZE, - EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP, - TRUE, - FALSE, - TRUE - )) - { - TestFailure = TRUE; - } - - if (!ValidateRegionAttributes ( - &mMap, - (UINT64)PoolAllocations[Index], - 8, - EFI_MEMORY_RP | EFI_MEMORY_RO | EFI_MEMORY_XP, - TRUE, - FALSE, - TRUE - )) - { - TestFailure = TRUE; - } - } - } - - for (Index = 0; Index < EfiMaxMemoryType; Index++) { - if (PageAllocations[Index] != NULL) { - FreePages (PageAllocations[Index], 1); - } - - if (PoolAllocations[Index] != NULL) { - FreePool (PoolAllocations[Index]); - } - } - - UT_ASSERT_FALSE (TestFailure); - - return UNIT_TEST_PASSED; -} - /** Checks that the NULL page is not mapped or is EFI_MEMORY_RP. @@ -1080,7 +989,7 @@ AllocatedPagesAndPoolsAreProtected ( STATIC UNIT_TEST_STATUS EFIAPI -NullCheck ( +NullPageIsRp ( IN UNIT_TEST_CONTEXT Context ) { @@ -1627,8 +1536,7 @@ DxePagingAuditTestAppEntryPoint ( AddTestCase (Misc, "No pages are readable, writable, and executable", "Security.Misc.NoReadWriteExecute", NoReadWriteExecute, NULL, GeneralTestCleanup, NULL); AddTestCase (Misc, "Unallocated memory is EFI_MEMORY_RP", "Security.Misc.UnallocatedMemoryIsRP", UnallocatedMemoryIsRP, NULL, GeneralTestCleanup, NULL); AddTestCase (Misc, "Memory Attribute Protocol is present", "Security.Misc.IsMemoryAttributeProtocolPresent", IsMemoryAttributeProtocolPresent, NULL, NULL, NULL); - AddTestCase (Misc, "Calls to allocate pages and pools return buffers with restrictive access attributes", "Security.Misc.AllocatedPagesAndPoolsAreProtected", AllocatedPagesAndPoolsAreProtected, NULL, GeneralTestCleanup, NULL); - AddTestCase (Misc, "NULL page is EFI_MEMORY_RP", "Security.Misc.NullCheck", NullCheck, NULL, GeneralTestCleanup, NULL); + AddTestCase (Misc, "NULL page is EFI_MEMORY_RP", "Security.Misc.NullPageIsRp", NullPageIsRp, NULL, GeneralTestCleanup, NULL); AddTestCase (Misc, "MMIO Regions are EFI_MEMORY_XP", "Security.Misc.MmioIsXp", MmioIsXp, NULL, GeneralTestCleanup, NULL); AddTestCase (Misc, "Image code sections are EFI_MEMORY_RO and and data sections are EFI_MEMORY_XP", "Security.Misc.ImageCodeSectionsRoDataSectionsXp", ImageCodeSectionsRoDataSectionsXp, NULL, GeneralTestCleanup, NULL); AddTestCase (Misc, "BSP stack is EFI_MEMORY_XP and has EFI_MEMORY_RP guard page", "Security.Misc.BspStackIsXpAndHasGuardPage", BspStackIsXpAndHasGuardPage, NULL, GeneralTestCleanup, NULL); From 8f3b25d9a906ac54f3c4aeb3a952421cbaed7dc9 Mon Sep 17 00:00:00 2001 From: Taylor Beebe Date: Thu, 11 Apr 2024 08:44:44 -0700 Subject: [PATCH 3/7] Paging Audit: Use gEfiEventBeforeExitBootServicesGuid instead of gMuEventPreExitBootServicesGuid Description Now that the gEfiEventBeforeExitBootServicesGuid is available, we no longer need to use the Mu-specific gMuEventPreExitBootServicesGuid. - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... How This Was Tested N/A Integration Instructions N/A --- .../PagingAudit/UEFI/Dxe/Driver/DxePagingAuditDriver.c | 2 +- .../AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/Driver/DxePagingAuditDriver.c b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/Driver/DxePagingAuditDriver.c index 842552d343..582075c0f0 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/Driver/DxePagingAuditDriver.c +++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/Driver/DxePagingAuditDriver.c @@ -53,7 +53,7 @@ PagingAuditDriverEntryPoint ( TPL_CALLBACK, DumpPagingInfoEvent, NULL, - &gMuEventPreExitBootServicesGuid, + &gEfiEventBeforeExitBootServicesGuid, &Event ); DEBUG ((DEBUG_ERROR, "%a leave - %r\n", __FUNCTION__, Status)); diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf index e5024f0230..31da8abd83 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf +++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf @@ -58,7 +58,7 @@ [Guids] gEfiDebugImageInfoTableGuid ## SOMETIMES_CONSUMES ## GUID gEfiMemoryAttributesTableGuid - gMuEventPreExitBootServicesGuid + gEfiEventBeforeExitBootServicesGuid gEfiHobMemoryAllocStackGuid ## SOMETIMES_CONSUMES ## SystemTable [Protocols] From d642d6c9b8639d85f00c98e3eeb68eb81e8f1975 Mon Sep 17 00:00:00 2001 From: Taylor Beebe Date: Tue, 9 Apr 2024 10:48:18 -0700 Subject: [PATCH 4/7] Paging Audit: Update the Readme to Reflect Updates Description - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [x] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... How This Was Tested N/A Integration Instructions N/A --- .../AuditTests/PagingAudit/README.md | 151 +++++++++++++----- 1 file changed, 109 insertions(+), 42 deletions(-) diff --git a/UefiTestingPkg/AuditTests/PagingAudit/README.md b/UefiTestingPkg/AuditTests/PagingAudit/README.md index 011d531a88..98c9e0f467 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/README.md +++ b/UefiTestingPkg/AuditTests/PagingAudit/README.md @@ -1,5 +1,85 @@ # Paging Audit +## Contents + +- [Paging Audit](#paging-audit) + - [Contents](#contents) + - [DXE Paging Audit](#dxe-paging-audit) + - [DXE Driver](#dxe-driver) + - [DXE Shell App](#dxe-shell-app) + - [Mode 1: Shell-Based Unit Test](#mode-1-shell-based-unit-test) + - [Mode 2: Paging Audit Collection Tool](#mode-2-paging-audit-collection-tool) + - [SMM Paging Audit](#smm-paging-audit) + - [SMM Driver](#smm-driver) + - [SMM Shell App](#smm-shell-app) + - [Parsing the Paging Data](#parsing-the-paging-data) + - [Platform Configuration](#platform-configuration) + - [SMM Paging Audit Configuration](#smm-paging-audit-configuration) + - [DXE Paging Audit Driver Configuration](#dxe-paging-audit-driver-configuration) + - [DXE Paging Audit App Configuration](#dxe-paging-audit-app-configuration) + - [Copyright](#copyright) + +## DXE Paging Audit + +The DXE paging audit is a tool to analyze the page/translation tables of the platform to check +compliance with +[Enhanced Memory Protection](https://microsoft.github.io/mu/WhatAndWhy/enhancedmemoryprotection/), +debug paging related issues, and understand the memory layout of the platform. The DXE version +of the audit operates only on the page/translation tables of the DXE environment and not the +tables used in SMM. + +### DXE Driver + +The DXE Driver registers an event to be notified on Mu Pre Exit Boot Services (to change this, +replace gEfiEventBeforeExitBootServicesGuid with a different event GUID), which will then trigger +the paging information collection. The driver will then save the collected information to +an available simple file system. The driver version of the DXE paging audit should be used +when the intent is to capture a snapshot of the page/translation table data at an arbitrary +point in boot. + +### DXE Shell App + +The DXE version of UEFI shell app has two modes of operation and **does not require** +**the DXE driver**. + +#### Mode 1: Shell-Based Unit Test + +Calling the app in the following way: + +`DxePagingAuditTestApp.efi` +OR +`DxePagingAuditTestApp.efi -r` + +Will run the app as a shell-based unit test. The following tests will be run and the +results will be saved to an XML file in the same file system as the app (or the next +available writable simple file system): + +- **NoReadWriteExecute:** Checks if the page/translation table has any readable, writable, +and executable regions. +- **UnallocatedMemoryIsRP:** Checks that all EfiConventionalMemory is EFI_MEMORY_RP or +is not mapped. +- **IsMemoryAttributeProtocolPresent:** Checks if the EFI Memory Attribute Protocol +is installed. +- **NullPageIsRp:** Checks if page 0 is EFI_MEMORY_RP or is not mapped. +- **MmioIsXp:** Checks that MMIO regions in the EFI memory map are EFI_MEMORY_XP. +- **ImageCodeSectionsRoDataSectionsXp:** Checks that loaded image sections containing +code are EFI_MEMORY_RO and sections containing data are EFI_MEMORY_XP. +- **BspStackIsXpAndHasGuardPage:** Checks that the stack is EFI_MEMORY_XP and has an +EFI_MEMORY_RP page at the base to catch overflow. +- **MemoryOutsideEfiMemoryMapIsInaccessible:** Checks that memory ranges not in +the EFI memory map EFI_MEMORY_RP or is not mapped. + +#### Mode 2: Paging Audit Collection Tool + +Calling the app in the following way: + +`DxePagingAuditTestApp.efi -d` + +Will collect paging information and save the data in the same file system as +the app (or the next available writable simple file system). See the +[Parsing the Paging Data](#parsing-the-paging-data) for instructions on parsing +the collected data. + ## SMM Paging Audit SMM is a privileged mode of the IA32/X64 cpu architecture. In this environment nearly all system state can @@ -23,46 +103,44 @@ The UEFI shell application collects system information from the DXE environment communicates to the SMM driver/handler to collect necessary info from SMM. It then writes this data to files for parsing by Python scripts. -## DXE Paging Audit +## Parsing the Paging Data -The DXE version of the paging audit and driver have overlapping purpose. Both are capable of -inspecting the page/translation tables to collect all leaf entries for parsing using -Windows\PagingReportGenerator.py and both are compatible with X64 and AARCH64 architectures. +The Python Windows\PagingReportGenerator.py script will parse the *.dat files into +a human-readable HTML report file to inspect +the page table at the collection point. The Results tab of the HTML shows the results of testing +the parsed data against the tests run in the shell app, and each failed test presents a filter +button to show the regions of memory which do not pass the test. -### DXE Driver +Run the following command for help with the script: -The DXE Driver registers an event to be notified on Mu Pre Exit Boot Services (to change this, -replace gMuEventPreExitBootServicesGuid with a different event GUID), which will then trigger -the paging information collection. The driver will then save the collected information to -an available simple file system. The driver version of the DXE paging audit should be used -when the intent is to capture a snapshot of the page/translation table at a point in boot at -which the shell app cannot be run. +`PagingReportGenerator.py -h` -### DXE Version App +The script is run with the following command: -The DXE version of UEFI shell app has two modes of operation and **does not require the DXE driver**. -Calling the app without any parameters will run it as a unit test with the only current test being -to check every leaf entry in the page/translation table to ensure that no page is Read/Write/Execute. -Calling the app with the '-d' parameter will collect paging information and attempt to save it to the -same file system containing the app. If it cannot save to the app's file system, it will save to the -first available simple file system. +```cmd +PagingReportGenerator.py -i -o [-p ] [--PlatformVersion ] [-l ] [--debug] +``` -## Python Script +**Required Input Parameters:** + `-i `: The directory containing the *.dat files to be parsed. + `-o `: The name of the HTML report file to be generated. -The Python script will parse the *.dat files into a human-readable HTML report file to inspect -the page table at the collection point. The Results tab of the HTML checks the data against our suggested -rules to act as a barometer for the security of the target system. +**Optional Input Parameters:** + `-p `: The name of the platform the data was collected on. + `--PlatformVersion `: The version of the platform the data was collected on. + `-l `: The name of the log file to be generated. + `--debug`: Set logging level to DEBUG (will be INFO by default). -## Usage +## Platform Configuration -### SMM Paging Audit Usage +### SMM Paging Audit Configuration ```text -[PcdsFixedAtBuild.X64] +[PcdsFixedAtBuild] # Optional: Virtual platforms that do not support SMRRs can add below change to skip the auditing related to SMRR gUefiTestingPkgTokenSpaceGuid.PcdPlatformSmrrUnsupported|TRUE -[Components.X64] +[Components] UefiTestingPkg/AuditTests/PagingAudit/UEFI/SmmPagingAuditDriver.inf UefiTestingPkg/AuditTests/PagingAudit/UEFI/SmmPagingAuditTestApp.inf ``` @@ -78,18 +156,16 @@ to a USB key. Boot the target system running the new firmware to the shell and r a set of *.dat files on an available simple file system on the target system. Run the Python script on the data to create the HTML report. -### DXE Paging Audit Usage - -#### DXE Paging Audit Driver +### DXE Paging Audit Driver Configuration Add the following to the platform DSC file: ```text -[PcdsFixedAtBuild.X64] +[PcdsFixedAtBuild] # Optional: Virtual platforms that do not support SMRRs can add below change to skip the auditing related to SMRR gUefiTestingPkgTokenSpaceGuid.PcdPlatformSmrrUnsupported|TRUE -[Components.X64] +[Components] UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditDriver.inf ``` @@ -111,12 +187,12 @@ Example if the paging audit files are on FS1 and the USB/virtual drive FS0: copy FS1:\*.dat FS0:\ ``` -#### DXE Paging Audit App +### DXE Paging Audit App Configuration Add the following entry to platform dsc file and compile the new firmware image: ```text -[Components.X64] +[Components] UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditTestApp.inf ``` @@ -132,15 +208,6 @@ FS0:\DxePagingAuditTestApp.efi the USB/virtual drive FS0 -### Parsing the .dat files - -Run the Python Windows\PagingReportGenerator.py script against the collected .dat files. Use the following -command for detailed script instruction: - -```cmd -PagingReportGenerator.py -h -``` - ## Copyright Copyright (c) Microsoft Corporation. From 00975e1f60cbeec7f75a37f828e920ba34fd1135 Mon Sep 17 00:00:00 2001 From: Oliver Smith-Denny Date: Fri, 12 Apr 2024 07:29:34 -0700 Subject: [PATCH 5/7] Update the Mem Map and MAT Shell Test to Support RUNTIME_PAGE_ALLOCATION_GRANULARITY Alignment (#460) ## Description The Mem Map and MAT shell test currently has a hard dependency on 4k alignment of EFI_MEMORY_MAP and MAT table entries. This is only valid when the RUNTIME_PAGE_ALLOCATION_GRANULARITY is 4k. To make this more universal, compare the MAT entries to RUNTIME_PAGE_ALLOCATION_GRANULARITY as well as the UEFI spec defined EFI_MEMORY_MAP types that should have RUNTIME_PAGE_ALLOCATION_GRANULARITY. As a small cleanup, rename LegacyMemoryMap to EfiMemoryMap as it is certainly not legacy and to avoid confusion :). This also removes a duplicate test. For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. _(you can also check items in the GitHub UI)_ - [ ] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [x] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested Tested by running the shell app on Q35 and confirming it still succeeds. ## Integration Instructions N/A. This has no dependency on mu_basecore 64k changes because the RUNTIME_PAGE_ALLOCATION_GRANULARITY is what we expect the MAT and runtime EFI_MEMORY_MAP entries to be aligned to, regardless of whether that is 4k or 64k. --- .../MemmapAndMatTestApp/MemmapAndMatTestApp.c | 180 +++++++++--------- 1 file changed, 85 insertions(+), 95 deletions(-) diff --git a/UefiTestingPkg/FunctionalSystemTests/MemmapAndMatTestApp/MemmapAndMatTestApp.c b/UefiTestingPkg/FunctionalSystemTests/MemmapAndMatTestApp/MemmapAndMatTestApp.c index dbf563f344..30d372ff00 100644 --- a/UefiTestingPkg/FunctionalSystemTests/MemmapAndMatTestApp/MemmapAndMatTestApp.c +++ b/UefiTestingPkg/FunctionalSystemTests/MemmapAndMatTestApp/MemmapAndMatTestApp.c @@ -35,7 +35,7 @@ typedef struct _MEM_MAP_META { VOID *Map; } MEM_MAP_META; -MEM_MAP_META mLegacyMapMeta; +MEM_MAP_META mEfiMemoryMapMeta; MEM_MAP_META mMatMapMeta; /// ================================================================================================ @@ -78,7 +78,7 @@ MemoryMapShouldHaveFewEntries ( IN UNIT_TEST_CONTEXT Context ) { - return (mLegacyMapMeta.EntryCount <= 500) ? + return (mEfiMemoryMapMeta.EntryCount <= 500) ? UNIT_TEST_PASSED : UNIT_TEST_ERROR_TEST_FAILED; } // MemoryMapShouldHaveFewEntries() @@ -89,27 +89,27 @@ ListsShouldHaveTheSameDescriptorSize ( IN UNIT_TEST_CONTEXT Context ) { - return (mLegacyMapMeta.EntrySize == mMatMapMeta.EntrySize) ? + return (mEfiMemoryMapMeta.EntrySize == mMatMapMeta.EntrySize) ? UNIT_TEST_PASSED : UNIT_TEST_ERROR_TEST_FAILED; } // ListsShouldHaveTheSameDescriptorSize() UNIT_TEST_STATUS EFIAPI -LegacyMapSizeShouldBeAMultipleOfDescriptorSize ( +EfiMemoryMapSizeShouldBeAMultipleOfDescriptorSize ( IN UNIT_TEST_CONTEXT Context ) { UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; - if (((mLegacyMapMeta.MapSize / mLegacyMapMeta.EntrySize) != mLegacyMapMeta.EntryCount) || - ((mLegacyMapMeta.MapSize % mLegacyMapMeta.EntrySize) != 0)) + if (((mEfiMemoryMapMeta.MapSize / mEfiMemoryMapMeta.EntrySize) != mEfiMemoryMapMeta.EntryCount) || + ((mEfiMemoryMapMeta.MapSize % mEfiMemoryMapMeta.EntrySize) != 0)) { Status = UNIT_TEST_ERROR_TEST_FAILED; } return Status; -} // LegacyMapSizeShouldBeAMultipleOfDescriptorSize() +} // EfiMemoryMapSizeShouldBeAMultipleOfDescriptorSize() UNIT_TEST_STATUS EFIAPI @@ -130,7 +130,7 @@ MatMapSizeShouldBeAMultipleOfDescriptorSize ( UNIT_TEST_STATUS EFIAPI -NoLegacyMapEntriesShouldHaveZeroSize ( +NoEfiMemoryMapEntriesShouldHaveZeroSize ( IN UNIT_TEST_CONTEXT Context ) { @@ -138,8 +138,8 @@ NoLegacyMapEntriesShouldHaveZeroSize ( UINTN Index; EFI_MEMORY_DESCRIPTOR *Descriptor; - for (Index = 0; Index < mLegacyMapMeta.EntryCount; Index++) { - Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mLegacyMapMeta.Map + (Index * mLegacyMapMeta.EntrySize)); + for (Index = 0; Index < mEfiMemoryMapMeta.EntryCount; Index++) { + Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mEfiMemoryMapMeta.Map + (Index * mEfiMemoryMapMeta.EntrySize)); if (Descriptor->NumberOfPages == 0) { Status = UNIT_TEST_ERROR_TEST_FAILED; break; @@ -147,7 +147,7 @@ NoLegacyMapEntriesShouldHaveZeroSize ( } return Status; -} // NoLegacyMapEntriesShouldHaveZeroSize() +} // NoEfiMemoryMapEntriesShouldHaveZeroSize() UNIT_TEST_STATUS EFIAPI @@ -172,7 +172,7 @@ NoMatMapEntriesShouldHaveZeroSize ( UNIT_TEST_STATUS EFIAPI -AllLegacyMapEntriesShouldBePageAligned ( +AllEfiMemoryMapEntriesShouldBeAligned ( IN UNIT_TEST_CONTEXT Context ) { @@ -180,41 +180,33 @@ AllLegacyMapEntriesShouldBePageAligned ( UINTN Index; EFI_MEMORY_DESCRIPTOR *Descriptor; - for (Index = 0; Index < mLegacyMapMeta.EntryCount; Index++) { - Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mLegacyMapMeta.Map + (Index * mLegacyMapMeta.EntrySize)); + for (Index = 0; Index < mEfiMemoryMapMeta.EntryCount; Index++) { + Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mEfiMemoryMapMeta.Map + (Index * mEfiMemoryMapMeta.EntrySize)); if (((Descriptor->PhysicalStart & EFI_PAGE_MASK) != 0) || ((Descriptor->VirtualStart & EFI_PAGE_MASK) != 0)) { Status = UNIT_TEST_ERROR_TEST_FAILED; break; } - } - - return Status; -} // AllLegacyMapEntriesShouldBePageAligned() - -UNIT_TEST_STATUS -EFIAPI -AllMatMapEntriesShouldBePageAligned ( - IN UNIT_TEST_CONTEXT Context - ) -{ - UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; - UINTN Index; - EFI_MEMORY_DESCRIPTOR *Descriptor; - for (Index = 0; Index < mMatMapMeta.EntryCount; Index++) { - Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mMatMapMeta.Map + (Index * mMatMapMeta.EntrySize)); - if (((Descriptor->PhysicalStart & EFI_PAGE_MASK) != 0) || - ((Descriptor->VirtualStart & EFI_PAGE_MASK) != 0)) + // per the UEFI spec, these types need to have + // RUNTIME_PAGE_ALLOCATION_GRANULARITY + if ((Descriptor->Type == EfiRuntimeServicesCode) || + (Descriptor->Type == EfiRuntimeServicesData) || + (Descriptor->Type == EfiACPIMemoryNVS) || + (Descriptor->Type == EfiReservedMemoryType)) { - Status = UNIT_TEST_ERROR_TEST_FAILED; - break; + if (((Descriptor->PhysicalStart & (RUNTIME_PAGE_ALLOCATION_GRANULARITY - 1)) != 0) || + ((Descriptor->VirtualStart & (RUNTIME_PAGE_ALLOCATION_GRANULARITY - 1)) != 0)) + { + Status = UNIT_TEST_ERROR_TEST_FAILED; + break; + } } } return Status; -} // AllMatMapEntriesShouldBePageAligned() +} // AllEfiMemoryMapEntriesShouldBeAligned() UNIT_TEST_STATUS EFIAPI @@ -289,21 +281,20 @@ AllMatEntriesShouldHaveNxOrRoAttribute ( UNIT_TEST_STATUS EFIAPI -AllMatEntriesShouldBe4kAligned ( +AllMatEntriesShouldBeRuntimePageGranularityAligned ( IN UNIT_TEST_CONTEXT Context ) { UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; UINTN Index; EFI_MEMORY_DESCRIPTOR *Descriptor; - EFI_PHYSICAL_ADDRESS FourKPage = (1024 * 4) - 1; for (Index = 0; Index < mMatMapMeta.EntryCount; Index++) { Descriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mMatMapMeta.Map + (Index * mMatMapMeta.EntrySize)); - // Make sure that all MAT entries are 4k aligned. - if (((Descriptor->PhysicalStart & FourKPage) != 0) || - ((Descriptor->VirtualStart & FourKPage) != 0)) + // Make sure that all MAT entries are RUNTIME_PAGE_ALLOCATION_GRANULARITY aligned. + if (((Descriptor->PhysicalStart & (RUNTIME_PAGE_ALLOCATION_GRANULARITY - 1)) != 0) || + ((Descriptor->VirtualStart & (RUNTIME_PAGE_ALLOCATION_GRANULARITY - 1)) != 0)) { Status = UNIT_TEST_ERROR_TEST_FAILED; break; @@ -378,12 +369,12 @@ EntriesInASingleMapShouldNotOverlapAtAll ( UNIT_TEST_STATUS EFIAPI -EntriesInLegacyMapShouldNotOverlapAtAll ( +EntriesInEfiMemoryMapShouldNotOverlapAtAll ( IN UNIT_TEST_CONTEXT Context ) { - return EntriesInASingleMapShouldNotOverlapAtAll (&mLegacyMapMeta); -} // EntriesInLegacyMapShouldNotOverlapAtAll() + return EntriesInASingleMapShouldNotOverlapAtAll (&mEfiMemoryMapMeta); +} // EntriesInEfiMemoryMapShouldNotOverlapAtAll() UNIT_TEST_STATUS EFIAPI @@ -401,14 +392,14 @@ EntriesBetweenListsShouldNotOverlapBoundaries ( ) { UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; - UINTN LegacyIndex, MatIndex; - EFI_PHYSICAL_ADDRESS LegacyEnd, MatEnd; - EFI_MEMORY_DESCRIPTOR *LegacyDescriptor, *MatDescriptor; + UINTN EfiMemoryIndex, MatIndex; + EFI_PHYSICAL_ADDRESS EfiMemoryEnd, MatEnd; + EFI_MEMORY_DESCRIPTOR *EfiMemoryDescriptor, *MatDescriptor; // Create an outer loop for the first list. - for (LegacyIndex = 0; LegacyIndex < mLegacyMapMeta.EntryCount; LegacyIndex++) { - LegacyDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mLegacyMapMeta.Map + (LegacyIndex * mLegacyMapMeta.EntrySize)); - LegacyEnd = LegacyDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (LegacyDescriptor->NumberOfPages) - 1; + for (EfiMemoryIndex = 0; EfiMemoryIndex < mEfiMemoryMapMeta.EntryCount; EfiMemoryIndex++) { + EfiMemoryDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mEfiMemoryMapMeta.Map + (EfiMemoryIndex * mEfiMemoryMapMeta.EntrySize)); + EfiMemoryEnd = EfiMemoryDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (EfiMemoryDescriptor->NumberOfPages) - 1; // Create an inner loop for the second list. for (MatIndex = 0; MatIndex < mMatMapMeta.EntryCount; MatIndex++) { @@ -429,12 +420,12 @@ EntriesBetweenListsShouldNotOverlapBoundaries ( // | | // |---------| // - if ((A_IS_BETWEEN_B_AND_C (MatDescriptor->PhysicalStart, LegacyDescriptor->PhysicalStart, LegacyEnd) && (MatEnd > LegacyEnd)) || - (A_IS_BETWEEN_B_AND_C (LegacyDescriptor->PhysicalStart, MatDescriptor->PhysicalStart, MatEnd) && (LegacyEnd > MatEnd))) + if ((A_IS_BETWEEN_B_AND_C (MatDescriptor->PhysicalStart, EfiMemoryDescriptor->PhysicalStart, EfiMemoryEnd) && (MatEnd > EfiMemoryEnd)) || + (A_IS_BETWEEN_B_AND_C (EfiMemoryDescriptor->PhysicalStart, MatDescriptor->PhysicalStart, MatEnd) && (EfiMemoryEnd > MatEnd))) { DEBUG ((DEBUG_VERBOSE, "%a - Overlap between MemoryMaps!\n", __FUNCTION__)); DumpDescriptor (DEBUG_VERBOSE, L"[MatDescriptor]", MatDescriptor); - DumpDescriptor (DEBUG_VERBOSE, L"[LegacyDescriptor]", LegacyDescriptor); + DumpDescriptor (DEBUG_VERBOSE, L"[EfiMemoryDescriptor]", EfiMemoryDescriptor); Status = UNIT_TEST_ERROR_TEST_FAILED; break; } @@ -451,9 +442,9 @@ AllEntriesInMatShouldLieWithinAMatchingEntryInMemmap ( ) { UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; - UINTN MatIndex, LegacyIndex; - EFI_PHYSICAL_ADDRESS MatEnd, LegacyEnd; - EFI_MEMORY_DESCRIPTOR *MatDescriptor, *LegacyDescriptor; + UINTN MatIndex, EfiMemoryIndex; + EFI_PHYSICAL_ADDRESS MatEnd, EfiMemoryEnd; + EFI_MEMORY_DESCRIPTOR *MatDescriptor, *EfiMemoryDescriptor; BOOLEAN MatchFound; // Create an outer loop for the first list. @@ -465,22 +456,22 @@ AllEntriesInMatShouldLieWithinAMatchingEntryInMemmap ( MatchFound = FALSE; // Create an inner loop for the second list. - for (LegacyIndex = 0; LegacyIndex < mLegacyMapMeta.EntryCount && !MatchFound; LegacyIndex++) { - LegacyDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mLegacyMapMeta.Map + (LegacyIndex * mLegacyMapMeta.EntrySize)); - LegacyEnd = LegacyDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (LegacyDescriptor->NumberOfPages) - 1; + for (EfiMemoryIndex = 0; EfiMemoryIndex < mEfiMemoryMapMeta.EntryCount && !MatchFound; EfiMemoryIndex++) { + EfiMemoryDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mEfiMemoryMapMeta.Map + (EfiMemoryIndex * mEfiMemoryMapMeta.EntrySize)); + EfiMemoryEnd = EfiMemoryDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (EfiMemoryDescriptor->NumberOfPages) - 1; // - // Determine whether this MAT entry lies entirely within this Legacy entry. + // Determine whether this MAT entry lies entirely within this EfiMemory entry. // An entry lies within if: // - It starts at the same address or starts within AND // - It ends at the same address or ends within. // - if ((A_IS_BETWEEN_B_AND_C (MatDescriptor->PhysicalStart, LegacyDescriptor->PhysicalStart, LegacyEnd) || - (MatDescriptor->PhysicalStart == LegacyDescriptor->PhysicalStart)) && - (A_IS_BETWEEN_B_AND_C (MatEnd, LegacyDescriptor->PhysicalStart, LegacyEnd) || (MatEnd == LegacyEnd))) + if ((A_IS_BETWEEN_B_AND_C (MatDescriptor->PhysicalStart, EfiMemoryDescriptor->PhysicalStart, EfiMemoryEnd) || + (MatDescriptor->PhysicalStart == EfiMemoryDescriptor->PhysicalStart)) && + (A_IS_BETWEEN_B_AND_C (MatEnd, EfiMemoryDescriptor->PhysicalStart, EfiMemoryEnd) || (MatEnd == EfiMemoryEnd))) { // Now, make sure that the type matches. - if (MatDescriptor->Type == LegacyDescriptor->Type) { + if (MatDescriptor->Type == EfiMemoryDescriptor->Type) { MatchFound = TRUE; } } @@ -488,7 +479,7 @@ AllEntriesInMatShouldLieWithinAMatchingEntryInMemmap ( // If a match was not found for this MAT entry, we have a problem. if (!MatchFound) { - DEBUG ((DEBUG_VERBOSE, "%a - MAT entry not found in Legacy MemoryMap!\n", __FUNCTION__)); + DEBUG ((DEBUG_VERBOSE, "%a - MAT entry not found in EfiMemory MemoryMap!\n", __FUNCTION__)); DumpDescriptor (DEBUG_VERBOSE, NULL, MatDescriptor); Status = UNIT_TEST_ERROR_TEST_FAILED; break; @@ -505,19 +496,19 @@ AllMemmapRuntimeCodeAndDataEntriesMustBeEntirelyDescribedByMat ( ) { UNIT_TEST_STATUS Status = UNIT_TEST_PASSED; - UINTN LegacyIndex, MatIndex; - EFI_PHYSICAL_ADDRESS LegacyEnd, MatEnd; - EFI_MEMORY_DESCRIPTOR *LegacyDescriptor, *MatDescriptor; + UINTN EfiMemoryIndex, MatIndex; + EFI_PHYSICAL_ADDRESS EfiMemoryEnd, MatEnd; + EFI_MEMORY_DESCRIPTOR *EfiMemoryDescriptor, *MatDescriptor; EFI_PHYSICAL_ADDRESS CurrentEntryProgress; BOOLEAN EntryComplete; // Create an outer loop for the first list. - for (LegacyIndex = 0; LegacyIndex < mLegacyMapMeta.EntryCount; LegacyIndex++) { - LegacyDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mLegacyMapMeta.Map + (LegacyIndex * mLegacyMapMeta.EntrySize)); - LegacyEnd = LegacyDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (LegacyDescriptor->NumberOfPages) - 1; + for (EfiMemoryIndex = 0; EfiMemoryIndex < mEfiMemoryMapMeta.EntryCount; EfiMemoryIndex++) { + EfiMemoryDescriptor = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)mEfiMemoryMapMeta.Map + (EfiMemoryIndex * mEfiMemoryMapMeta.EntrySize)); + EfiMemoryEnd = EfiMemoryDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (EfiMemoryDescriptor->NumberOfPages) - 1; // If this entry is not EfiRuntimeServicesCode or EfiRuntimeServicesData, we don't care. - if ((LegacyDescriptor->Type != EfiRuntimeServicesCode) && (LegacyDescriptor->Type != EfiRuntimeServicesData)) { + if ((EfiMemoryDescriptor->Type != EfiRuntimeServicesCode) && (EfiMemoryDescriptor->Type != EfiRuntimeServicesData)) { continue; // Just keep looping over other entries. } @@ -528,7 +519,7 @@ AllMemmapRuntimeCodeAndDataEntriesMustBeEntirelyDescribedByMat ( // Since there's a prerequisite on the MAT entries being in ascending order, we can be confident // that a bottom-up approach will work. // - CurrentEntryProgress = LegacyDescriptor->PhysicalStart; + CurrentEntryProgress = EfiMemoryDescriptor->PhysicalStart; EntryComplete = FALSE; // Create an inner loop for the second list. @@ -537,7 +528,7 @@ AllMemmapRuntimeCodeAndDataEntriesMustBeEntirelyDescribedByMat ( MatEnd = MatDescriptor->PhysicalStart + EFI_PAGES_TO_SIZE (MatDescriptor->NumberOfPages) - 1; // If this entry doesn't match the type we're looking for, then it's of no interest. - if (LegacyDescriptor->Type != MatDescriptor->Type) { + if (EfiMemoryDescriptor->Type != MatDescriptor->Type) { continue; } @@ -552,7 +543,7 @@ AllMemmapRuntimeCodeAndDataEntriesMustBeEntirelyDescribedByMat ( } // If the progress has now covered the entire entry, we're good. - if (CurrentEntryProgress > LegacyEnd) { + if (CurrentEntryProgress > EfiMemoryEnd) { EntryComplete = TRUE; break; } @@ -560,8 +551,8 @@ AllMemmapRuntimeCodeAndDataEntriesMustBeEntirelyDescribedByMat ( // If we never completed this entry, we're borked. if (!EntryComplete) { - DEBUG ((DEBUG_VERBOSE, "%a - Legacy MemoryMap entry not covered by MAT entries!\n", __FUNCTION__)); - DumpDescriptor (DEBUG_VERBOSE, NULL, LegacyDescriptor); + DEBUG ((DEBUG_VERBOSE, "%a - EfiMemory MemoryMap entry not covered by MAT entries!\n", __FUNCTION__)); + DumpDescriptor (DEBUG_VERBOSE, NULL, EfiMemoryDescriptor); Status = UNIT_TEST_ERROR_TEST_FAILED; break; } @@ -594,41 +585,41 @@ InitializeTestEnvironment ( { EFI_STATUS Status; EFI_MEMORY_ATTRIBUTES_TABLE *MatMap; - EFI_MEMORY_DESCRIPTOR *LegacyMap = NULL; + EFI_MEMORY_DESCRIPTOR *EfiMemoryMap = NULL; UINTN MapSize, DescriptorSize; // // Make sure that the structures are clear. // - ZeroMem (&mLegacyMapMeta, sizeof (mLegacyMapMeta)); + ZeroMem (&mEfiMemoryMapMeta, sizeof (mEfiMemoryMapMeta)); ZeroMem (&mMatMapMeta, sizeof (mMatMapMeta)); // // Grab the legacy MemoryMap... // MapSize = 0; - Status = gBS->GetMemoryMap (&MapSize, LegacyMap, NULL, &DescriptorSize, NULL); + Status = gBS->GetMemoryMap (&MapSize, EfiMemoryMap, NULL, &DescriptorSize, NULL); if ((Status != EFI_BUFFER_TOO_SMALL) || !MapSize) { // If we're here, we had something weird happen. // By passing a size of 0, it should have returned EFI_BUFFER_TOO_SMALL. return EFI_UNSUPPORTED; } - LegacyMap = AllocateZeroPool (MapSize); - if (!LegacyMap) { + EfiMemoryMap = AllocateZeroPool (MapSize); + if (!EfiMemoryMap) { return EFI_OUT_OF_RESOURCES; } - Status = gBS->GetMemoryMap (&MapSize, LegacyMap, NULL, &DescriptorSize, NULL); + Status = gBS->GetMemoryMap (&MapSize, EfiMemoryMap, NULL, &DescriptorSize, NULL); if (EFI_ERROR (Status)) { return Status; } // MemoryMap data should now be in the structure. - mLegacyMapMeta.MapSize = MapSize; - mLegacyMapMeta.EntrySize = DescriptorSize; - mLegacyMapMeta.EntryCount = (MapSize / DescriptorSize); - mLegacyMapMeta.Map = (VOID *)LegacyMap; // This should be freed at some point. + mEfiMemoryMapMeta.MapSize = MapSize; + mEfiMemoryMapMeta.EntrySize = DescriptorSize; + mEfiMemoryMapMeta.EntryCount = (MapSize / DescriptorSize); + mEfiMemoryMapMeta.Map = (VOID *)EfiMemoryMap; // This should be freed at some point. // // Grab the MAT memory map... @@ -700,12 +691,11 @@ MemmapAndMatTestApp ( AddTestCase (TableStructureTests, "Memory Maps should not have more than 500 entries", "Security.MAT.NumEntries", MemoryMapShouldHaveFewEntries, NULL, NULL, NULL); AddTestCase (TableStructureTests, "Memory Maps should have the same Descriptor size", "Security.MAT.DescriptorSize", ListsShouldHaveTheSameDescriptorSize, NULL, NULL, NULL); - AddTestCase (TableStructureTests, "Standard MemoryMap size should be a multiple of the Descriptor size", "Security.MAT.MemMapSize", LegacyMapSizeShouldBeAMultipleOfDescriptorSize, NULL, NULL, NULL); + AddTestCase (TableStructureTests, "Standard MemoryMap size should be a multiple of the Descriptor size", "Security.MAT.MemMapSize", EfiMemoryMapSizeShouldBeAMultipleOfDescriptorSize, NULL, NULL, NULL); AddTestCase (TableStructureTests, "MAT size should be a multiple of the Descriptor size", "Security.MAT.Size", MatMapSizeShouldBeAMultipleOfDescriptorSize, NULL, NULL, NULL); - AddTestCase (TableStructureTests, "No standard MemoryMap entries should have a 0 size", "Security.MAT.MemMapZeroSizeEntries", NoLegacyMapEntriesShouldHaveZeroSize, NULL, NULL, NULL); + AddTestCase (TableStructureTests, "No standard MemoryMap entries should have a 0 size", "Security.MAT.MemMapZeroSizeEntries", NoEfiMemoryMapEntriesShouldHaveZeroSize, NULL, NULL, NULL); AddTestCase (TableStructureTests, "No MAT entries should have a 0 size", "Security.MAT.MatZeroSizeEntries", NoMatMapEntriesShouldHaveZeroSize, NULL, NULL, NULL); - AddTestCase (TableStructureTests, "All standard MemoryMap entries should be page aligned", "Security.MAT.MemMapAlignment", AllLegacyMapEntriesShouldBePageAligned, NULL, NULL, NULL); - AddTestCase (TableStructureTests, "All MAT entries should be page aligned", "Security.MAT.MatPageAligned", AllMatMapEntriesShouldBePageAligned, NULL, NULL, NULL); + AddTestCase (TableStructureTests, "All standard MemoryMap entries should be correctly aligned", "Security.MAT.MemMapAlignment", AllEfiMemoryMapEntriesShouldBeAligned, NULL, NULL, NULL); // // Populate the MatTableContentTests Unit Test Suite. @@ -720,7 +710,7 @@ MemmapAndMatTestApp ( AddTestCase (MatTableContentTests, "MAT entries should be EfiRuntimeServicesCode or EfiRuntimeServicesData", "Security.MAT.RtMemoryType", AllMatEntriesShouldBeCertainTypes, NULL, NULL, NULL); AddTestCase (MatTableContentTests, "MAT entries should all have the Runtime attribute", "Security.MAT.RtAttributes", AllMatEntriesShouldHaveRuntimeAttribute, NULL, NULL, NULL); AddTestCase (MatTableContentTests, "All MAT entries should have the XP or RO attribute", "Security.MAT.XPorRO", AllMatEntriesShouldHaveNxOrRoAttribute, NULL, NULL, NULL); - AddTestCase (MatTableContentTests, "All MAT entries should be aligned on a 4k boundary", "Security.MAT.4kAlign", AllMatEntriesShouldBe4kAligned, NULL, NULL, NULL); + AddTestCase (MatTableContentTests, "All MAT entries should be aligned on a RUNTIME_PAGE_ALLOCATION_GRANULARITY boundary", "Security.MAT.4kAlign", AllMatEntriesShouldBeRuntimePageGranularityAligned, NULL, NULL, NULL); AddTestCase (MatTableContentTests, "All MAT entries must appear in ascending order by physical start address", "Security.MAT.EntryOrder", AllMatEntriesMustBeInAscendingOrder, NULL, NULL, NULL); // @@ -733,7 +723,7 @@ MemmapAndMatTestApp ( goto EXIT; } - AddTestCase (TableEntryRangeTests, "Entries in standard MemoryMap should not overlap each other at all", "Security.MAT.MemMapEntryOverlap", EntriesInLegacyMapShouldNotOverlapAtAll, NULL, NULL, NULL); + AddTestCase (TableEntryRangeTests, "Entries in standard MemoryMap should not overlap each other at all", "Security.MAT.MemMapEntryOverlap", EntriesInEfiMemoryMapShouldNotOverlapAtAll, NULL, NULL, NULL); AddTestCase (TableEntryRangeTests, "Entries in MAT should not overlap each other at all", "Security.MAT.MatEntryOverlap", EntriesInMatMapShouldNotOverlapAtAll, NULL, NULL, NULL); AddTestCase (TableEntryRangeTests, "Entries in one list should not overlap any of the boundaries of entries in the other", "Security.MAT.EntryOverlap", EntriesBetweenListsShouldNotOverlapBoundaries, NULL, NULL, NULL); AddTestCase (TableEntryRangeTests, "All MAT entries should lie entirely within a standard MemoryMap entry of the same type", "Security.MAT.EntriesWithinMemMap", AllEntriesInMatShouldLieWithinAMatchingEntryInMemmap, NULL, NULL, NULL); @@ -755,9 +745,9 @@ MemmapAndMatTestApp ( Status = RunAllTestSuites (Fw); EXIT: - // Need to free the memory that was allocated for the Legacy Mem Map. - if (mLegacyMapMeta.Map) { - FreePool (mLegacyMapMeta.Map); + // Need to free the memory that was allocated for the EfiMemory Mem Map. + if (mEfiMemoryMapMeta.Map) { + FreePool (mEfiMemoryMapMeta.Map); } if (Fw) { From 3d63a957aaafeca3ae282716f530da291582a72e Mon Sep 17 00:00:00 2001 From: "Project Mu UEFI Bot [bot]" <45776386+uefibot@users.noreply.github.com> Date: Fri, 12 Apr 2024 20:58:33 -0400 Subject: [PATCH 6/7] Repo File Sync: synced file(s) with microsoft/mu_devops (#462) --- .azurepipelines/MuDevOpsWrapper.yml | 6 +++--- .github/workflows/auto-approve.yml | 2 +- .github/workflows/auto-merge.yml | 2 +- .github/workflows/issue-assignment.yml | 2 +- .github/workflows/label-issues.yml | 2 +- .github/workflows/label-sync.yml | 2 +- .github/workflows/release-draft.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/triage-issues.yml | 2 +- rust-toolchain.toml | 2 +- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.azurepipelines/MuDevOpsWrapper.yml b/.azurepipelines/MuDevOpsWrapper.yml index 755132f3d1..5950bd9308 100644 --- a/.azurepipelines/MuDevOpsWrapper.yml +++ b/.azurepipelines/MuDevOpsWrapper.yml @@ -19,7 +19,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v9.1.8 + ref: refs/tags/v9.1.9 parameters: - name: do_ci_build @@ -82,7 +82,7 @@ parameters: jobs: - template: Jobs/PrGate.yml@mu_devops parameters: - linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:16d82ba + linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 ${{ if eq(parameters.rust_build, true) }}: linux_container_options: --security-opt seccomp=unconfined do_ci_build: ${{ parameters.do_ci_build }} @@ -105,7 +105,7 @@ jobs: container: - image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:16d82ba + image: ghcr.io/microsoft/mu_devops/ubuntu-22-build:0e124c1 options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined steps: diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index b745950d39..4d8c5ec178 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -29,5 +29,5 @@ jobs: if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v9.1.9 secrets: inherit diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml index d3d61c7d8d..84cf27a116 100644 --- a/.github/workflows/auto-merge.yml +++ b/.github/workflows/auto-merge.yml @@ -32,5 +32,5 @@ jobs: if: | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' - uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v9.1.9 secrets: inherit diff --git a/.github/workflows/issue-assignment.yml b/.github/workflows/issue-assignment.yml index 61c69e7bb4..94735ebcdb 100644 --- a/.github/workflows/issue-assignment.yml +++ b/.github/workflows/issue-assignment.yml @@ -23,4 +23,4 @@ jobs: contents: read issues: write - uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v9.1.9 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 27cbdfa7fc..dd78cb86be 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -36,4 +36,4 @@ jobs: contents: read pull-requests: write - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v9.1.9 diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 6d3e8a1484..c8b8f2a427 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -28,4 +28,4 @@ jobs: permissions: issues: write - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v9.1.9 diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml index aeb24c093d..f171216053 100644 --- a/.github/workflows/release-draft.yml +++ b/.github/workflows/release-draft.yml @@ -32,5 +32,5 @@ jobs: contents: write pull-requests: write - uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v9.1.9 secrets: inherit diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index bd8d7626f8..fc34d6bf0a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -29,4 +29,4 @@ jobs: issues: write pull-requests: write - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v9.1.9 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml index 30461ee66a..3c68005d89 100644 --- a/.github/workflows/triage-issues.yml +++ b/.github/workflows/triage-issues.yml @@ -23,4 +23,4 @@ jobs: permissions: issues: write - uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.8 + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v9.1.9 diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 84cdf354e5..f15049ea9d 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,5 +1,5 @@ [toolchain] -channel = "1.74.0" +channel = "1.76.0" [tool] cargo-make = "0.37.9" From e4889cd20c4b8dc12812d341b2e914821aafdbb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 12:31:16 -0700 Subject: [PATCH 7/7] GitHub Action: Bump robinraju/release-downloader from 1.9 to 1.10 (#465) Bumps [robinraju/release-downloader](https://github.com/robinraju/release-downloader) from 1.9 to 1.10. Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2ee07366db..3ccb42177c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -198,7 +198,7 @@ jobs: - name: Download cargo-make if: steps.cargo_make_cache.outputs.cache-hit != 'true' - uses: robinraju/release-downloader@v1.9 + uses: robinraju/release-downloader@v1.10 with: repository: 'sagiegurari/cargo-make' tag: '${{ steps.get_cargo_tool_details.outputs.cargo_make_version }}'