Skip to content

v4.7.2
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Dec 20:51
· 223 commits to refs/heads/main since this release
v4.7.2
0e9694c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • Pull mu\_plus, Run DxeMemoryProtectionTestApp in SBSA CI pipelines @TaylorBeebe (#794)
    Change Details
      # Description

    A recent mu_plus commit splits MemoryProtectionTestApp into SMM and DXE versions. Now that they are split, we can run the DXE version of the test on SBSA. This PR adds the new test instances and adds the DXE test to the SBSA CI pipelines.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested in pipelines

    Integration Instructions

    N/A



  • Minor Platform cleanup @Javagedes (#792)
    Change Details
      ## Description

    Resolves syntax warnings in each platform's PlatformBuild.py, which was introduced in python 3.12, responsible for catching invalid escape sequences.

    Additionally updates the conditional for including VsIntrinsicLib.inf when building with VS build tools. It uses the macro $(FAMILY), which contains a list families that are being built (Intel, MSFT, GCC, etc). As seen in tools_def.txt, the family is set to MSFT when building with any of the non-EBC Visual studio toolchains. This prevents the need to update this conditional every time a new Visual Studio compiler is introduced.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    1. Verified syntax warnings dissapeared when building with both platforms
    2. Verified VsIntrinsicLib is compiled when building with QemuQ35Pkg and BLD_*_ENABLE_SHARED_CRYPTO=FALSE

    Integration Instructions

    N/A



🔐 Security Impacting

  • Use secureboot binary blob external dependency @Javagedes (#790)
    Change Details
      ## Description

    Use secureboot binary blobs generated from
    https://github.com/microsoft/secureboot_objects for the PK, KeK, Db, Dbx, and 3PDb. The secureboot binary blobs are downloaded as an external dependency, which enables the contents of the secureboot variables to be strongly versioned and easily tracked.

    This change uses a new version of SecureBootKeyStoreLib (from MsCorePkg), which consumes the secureboob binary values from PCDs and a new helper plugin (BuildSecurebootPcds) generates these PCDs on each build.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Verified QemuPkg and QemuSbsaPkg continue to boot and can have secureboot enabled.

    Integration Instructions

    N/A



  • Update All Submodules, Update Package DSC Files to Use New Stack Cookie Library @TaylorBeebe (#784)
    Change Details
      ## Description

    All submodules have been updated to top of tree to ingest the stack cookie library transition commits. The packages in this repo were updated to use the new stack cookie library.

    • Impacts functionality?
      • Functionality - Does the change ultimately impact how firmware functions?
      • Examples: Add a new library, publish a new PPI, update an algorithm, ...
    • Impacts security?
      • Security - Does the change have a direct security impact on an application,
        flow, or firmware?
      • Examples: Crypto algorithm change, buffer overflow fix, parameter
        validation improvement, ...
    • Breaking change?
      • Breaking change - Will anyone consuming this change experience a break
        in build or boot behavior?
      • Examples: Add a new library class, move a module to a different repo, call
        a function in a new library class in a pre-existing module, ...
    • Includes tests?
      • Tests - Does the change include any explicit test code?
      • Examples: Unit tests, integration tests, robot tests, ...
    • Includes documentation?
      • Documentation - Does the change contain explicit documentation additions
        outside direct code modifications (and comments)?
      • Examples: Update readme file, add feature readme file, link to documentation
        on an a separate Web page, ...

    How This Was Tested

    Tested on Q35 and SBSA

    Integration Instructions

    N/A



🛠️ Submodule Updates

  • Bump Common/MU from 2023020004.0.3 to 2023020004.0.4 @ProjectMuBot (#797)
    Change Details
      Bumps Common/MU from `2023020004.0.3` to `2023020004.0.4`

    Introduces 2 new commits in Common/MU.

    Commits
    • 045991 GitHub Action: Bump actions/setup-python from 4 to 5 (#383)
    • c67a13 Adding policy check for advanced file logger (#384)

    Signed-off-by: Project Mu Bot [email protected]



  • Bump Features/DFCI from 4.0.2 to 4.0.3 @ProjectMuBot (#793)
    Change Details
      Bumps Features/DFCI from `4.0.2` to `4.0.3`

    Introduces 2 new commits in Features/DFCI.

    Commits
    • 753439 pip: bump edk2-pytool-library from 0.19.6 to 0.19.7 (#167)
    • 897808 Fix invalid access of NewRecoveryChallenge when memory allocation fails (#168)

    Signed-off-by: Project Mu Bot [email protected]



  • Bump Common/MU from 2023020003.4.0 to 2023020004.0.0 @ProjectMuBot (#789)
    Change Details
      Bumps Common/MU from `2023020003.4.0` to `2023020004.0.0`

    Introduces 1 new commits in Common/MU.

    Commits
    • 730904 Create separate FrameBufferMemDrawLib inf for PEI and DXE (#373)

    Signed-off-by: Project Mu Bot [email protected]



  • Bump Common/MU\_TIANO from 2023020000.1.1 to 2023020000.1.2 @ProjectMuBot (#787)
    Change Details
      Bumps Common/MU_TIANO from `2023020000.1.1` to `2023020000.1.2`

    Introduces 12 new commits in Common/MU_TIANO.

    Commits
    • eb7f59 pip: bump edk2-pytool-library from 0.19.1 to 0.19.3 (#196)
    • 02b3e8 Repo File Sync: MuDevOpsWrapper.yml - Add code coverage calculation parameter (#197)
    • e62832 pip: bump edk2-pytool-library from 0.19.3 to 0.19.4 (#198)
    • a21e32 pip: bump edk2-pytool-extensions from 0.25.1 to 0.26.0 (#199)
    • ac5de7 Repo File Sync: Update to Mu DevOps 7.2.0 (#200)
    • aaba05 pip: bump edk2-pytool-extensions from 0.26.0 to 0.26.2 (#201)
    • 2600fc GitHub Action: Bump actions/github-script from 6 to 7 (#203)
    • 459acd Integration Steps for [email protected]
    • 622951 Repo File Sync: synced file(s) with microsoft/mu_devops
    • 3e8662 Use New Stack Cookie Library (#204)
    • 5eea2c pip: bump edk2-pytool-library from 0.19.4 to 0.19.6 (#206)
    • 5242b4 Repo File Sync: synced file(s) with microsoft/mu_devops (#205)

    Signed-off-by: Project Mu Bot [email protected]



Full Changelog: v4.7.1...v4.7.2

Contributors

Javagedes, TaylorBeebe, and ProjectMuBot
Assets 7
Loading