dev-v2025020001.0.3

What's Changed

• build\_rule.template: Update version to 3.00 @makubacki (#1475)
  
  Change Details

    ## Description

  Right now, the 2502 build_rule.template version is 2.04 while the 2405 file version is 2.24. This causes users to not be informed that the file is different in their local workspace when they move to 2502 causing the build to use the incorrect (2405) build_rule file. This updates the version to 3.00. Even if, 2405 continues to update the version (e.g. 2.25), 2502 can update in the 3.xx series independently and always be considered greater so when a user does transition they will be notified to update their Conf dir.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  • Local build

  Integration Instructions

  • N/A - Users will now be informed they need to delete/update their local Conf directory
    

  
  

  ---

• Add the functions from LocalApicLib.h to MockLocalApicLib. @ElvisYangGit (#1444)
  
  Change Details

    ## Description

  Add mock function "GetInitialApicId" for unit testing.
  EDK2 PR: tianocore/edk2#11330

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  The mock library API can be consumed successfully in unit test.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] [REBASE \& FF] MdeModulePkg: XhciDxe: Fix USB reset issue @berlin-with0ut-return (#1473)
  
  Change Details

    ## Description

  Cherry-picks a fix from edk2 to fix USB reset issue seen on Intel platforms.
  Original PR: tianocore/edk2#11382

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Booted to frontpage on Intel device and observed the page fault no longer occurs when unplugging USB externals.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [202502] pip-requirements.txt: Update edk2-pytools to latest @Javagedes (#1468)
  
  Change Details

    ## Description

  This commit updates to the most recent version of the edk2-pytools to ensure they stay up to date.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Revert "[dev/202502] Update BaseTools ext dep to dev-v2025020001.0.3 (#1467)" @apop5 (#1471)
  
  Change Details

    ## Description

  This reverts commit b535851.

  After the commit went in, CI is failing with

  ERROR - ran into an issue when resolving ext_dep Mu-Basetools at https://github.com/microsoft/mu_basecore/releases/download/dev-v2025020001.0.3/basetools-dev-v2025020001.0.3.tar.gz

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Reverted back to the last known good version of basetools

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [dev/202502] Update BaseTools ext dep to dev-v2025020001.0.3 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1467)
  
  Change Details

    This PR updates the BaseTools external dependency to version dev-v2025020001.0.3.

  ---

Full Changelog: dev-v2025020001.0.2...dev-v2025020001.0.3

dev-v2025020001.0.2

What's Changed

• [Rebase \& FF] MdePkg: TpmPtp: Add CRB Interface Version 2 Definition @kuqin12 (#1465)
  
  Change Details

    ## Description

  Introduces support for CRB Interface Version 2 as defined in the TCG PC Client Platform TPM Profile (PTP) Specification v1.06:
  https://trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2p0-Version-1p06_pub.pdf

  This enables firmware to identify TPMs that support the CRB buffer interface.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  This change was tested on proprietary hardware platform.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [dev/202502] Update BaseTools ext dep to dev-v2025020001.0.1 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1455)
  
  Change Details

    This PR updates the BaseTools external dependency to version dev-v2025020001.0.1.

  ---

• [Cherry-Pick] Update ArmFfaLib to support SEC and STMM phase @kuqin12 (#1464)
  
  Change Details

    ## Description

  This change cherry-picks the change from EDK2 to support STMM and SEC phase.

  Original EDK2 PR:
  tianocore/edk2#11166

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  This is tested on both virtual and physical platforms and booted to OS desktop.

  Integration Instructions

  For platforms that needs to use TPM in SEC phase needs to use the following library:
  ArmFfaLib|MdeModulePkg/Library/ArmFfaLib/ArmFfaSecLib.inf
  

  
  

  ---

  
  

• MdeModulePkg: Fix CoherentPciIoUnmap @eeshanl (#1454)
  
  Change Details

    ## Description

  Fixes CoherentPciIoUnmap and properly undoes CoherentPciIoMap
  Add check for above 4GB case so that we only copy the data and free it for the bounce buffer case.
  Currently, it will try to copy and free no matter what and crash.

  When using CoherentPciIo functionality in NonDiscoverablePciDeviceIo, fixes error seen with connected devices.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Tested on physical arm platform

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add MockDxeServicesLib and MockBlockIo for unit testing @PaddyDengAmi (#1442)
  
  Change Details

    ## Description

  Add MockDxeServicesLib and MockBlockIo for unit testing
  EDK2 PR: tianocore/edk2#11132

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Unit test consumes the mock library and protocols without issue.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [dev/202502] Update BaseTools ext dep to dev-v2025020001.0.0 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1449)
  
  Change Details

    This PR updates the BaseTools external dependency to version dev-v2025020001.0.0.

  ---

🔐 Security Impacting

• [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on SMM entry @makubacki (#1457)
  
  Change Details

    ## Description

  Mitigates CVE-2025-3770

  Do not assume that IDT.limit is loaded with a zero value upon SMM entry. Delay enabling Machine Check Exceptions in SMM until after the SMM IDT has been reloaded.

  (cherry picked from branch security-advisory/cve-2025-3770/advisory)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  • CI

  Integration Instructions

  • N/A
    

  
  

  ---

Full Changelog: dev-v2025020001.0.1...dev-v2025020001.0.2

release-v2025020001.0.2

What's Changed

• [Cherry-Pick] Update ArmFfaLib to support SEC and STMM phase @kuqin12 (#1464)
  
  Change Details

    ## Description

  This change cherry-picks the change from EDK2 to support STMM and SEC phase.

  Original EDK2 PR:
  tianocore/edk2#11166

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  This is tested on both virtual and physical platforms and booted to OS desktop.

  Integration Instructions

  For platforms that needs to use TPM in SEC phase needs to use the following library:
  ArmFfaLib|MdeModulePkg/Library/ArmFfaLib/ArmFfaSecLib.inf
  

  
  

  ---

  
  

• MdeModulePkg: Fix CoherentPciIoUnmap @eeshanl (#1454)
  
  Change Details

    ## Description

  Fixes CoherentPciIoUnmap and properly undoes CoherentPciIoMap
  Add check for above 4GB case so that we only copy the data and free it for the bounce buffer case.
  Currently, it will try to copy and free no matter what and crash.

  When using CoherentPciIo functionality in NonDiscoverablePciDeviceIo, fixes error seen with connected devices.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Tested on physical arm platform

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add MockDxeServicesLib and MockBlockIo for unit testing @PaddyDengAmi (#1442)
  
  Change Details

    ## Description

  Add MockDxeServicesLib and MockBlockIo for unit testing
  EDK2 PR: tianocore/edk2#11132

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Unit test consumes the mock library and protocols without issue.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

🔐 Security Impacting

• [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Safe handling of IDT register on SMM entry @makubacki (#1457)
  
  Change Details

    ## Description

  Mitigates CVE-2025-3770

  Do not assume that IDT.limit is loaded with a zero value upon SMM entry. Delay enabling Machine Check Exceptions in SMM until after the SMM IDT has been reloaded.

  (cherry picked from branch security-advisory/cve-2025-3770/advisory)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  • CI

  Integration Instructions

  • N/A
    

  
  

  ---

release-v2025020001.0.1

What's Changed

• [Cherry-Pick] UefiCpuPkg: Add back gEdkiiPeiMpServices2PpiGuid @apop5 (#1451)
  
  Change Details

    ## Description

  Commit tianocore/edk2@aef5044
  removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec which causes build breaks if an INF [Ppis] section lists gEdkiiPeiMpServices2PpiGuid. There is no method for a DEC file for conditionally declare a PPI.

  In order to support the migration from use of
  gEdkiiPeiMpServices2PpiGuid to the preferred use of the gPeiMpServices2Ppi, add gEdkiiPeiMpServices2PpiGuid back to the UefiCpuPkg.dec and update MpServices2.h in MdePkg to define EDKII_PEI_MP_SERVICES2_PPI_GUID and
  EDKII_PEI_MP_SERVICES2_PPI.

  All references to the EDK II PEI MP Services 2 PPI can be removed after all downstream consumers have had a chance to perform the migration.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Integration Instructions

    </blockquote>
    <hr>
  </details>
  

⚠️ Breaking Changes

• [REBASE \& FF] MdeModulePkg: Create IoMmuLib and add support to - PciBusDxe, PciHostBridgeDxe, NonDiscoverablePciDeviceDxe @eeshanl (#1364)
  
  Change Details

    ## Description

  Reverts PcdRequireIommu change, removes PcdRequireIommu.
  Create IoMmuLib
  Create IoMmuLibNull
  Wrapper library for IoMmu Protocol functions.

  Add IoMmuLib support to NonDiscoverablePciDeviceDxe
  Modify IoMmu protocol usage and add IoMmuLib support to PciBusDxe and PciHostBridgeDxe

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Tested on QEMU SBSA, physical arm device, physical x64 device.

  Integration Instructions

  Platform Integration

  The library automatically adapts to platform capabilities. On platforms without IOMMU support, use IoMmuLibNull.
  On platforms with IOMMU support, use IoMmuLib.

  For integrating with a platform, in the top level DSC, you can do the following for example:

    # Enable IoMmu/Smmu support
    DEFINE REQUIRE_IOMMU             = TRUE
  
  !if $(REQUIRE_IOMMU) == TRUE
    IoMmuLib|MdeModulePkg/Library/IoMmuLib/IoMmuLib.inf
  !else
    IoMmuLib|MdeModulePkg/Library/IoMmuLibNull/IoMmuLibNull.inf
  !endif
  

    </blockquote>
    <hr>
  </details>
  

dev-v2025020001.0.1

What's Changed

• [Cherry-Pick] UefiCpuPkg: Add back gEdkiiPeiMpServices2PpiGuid @apop5 (#1451)
  
  Change Details

    ## Description

  Commit tianocore/edk2@aef5044
  removed gEdkiiPeiMpServices2PpiGuid from UefiCpuPkg.dec which causes build breaks if an INF [Ppis] section lists gEdkiiPeiMpServices2PpiGuid. There is no method for a DEC file for conditionally declare a PPI.

  In order to support the migration from use of
  gEdkiiPeiMpServices2PpiGuid to the preferred use of the gPeiMpServices2Ppi, add gEdkiiPeiMpServices2PpiGuid back to the UefiCpuPkg.dec and update MpServices2.h in MdePkg to define EDKII_PEI_MP_SERVICES2_PPI_GUID and
  EDKII_PEI_MP_SERVICES2_PPI.

  All references to the EDK II PEI MP Services 2 PPI can be removed after all downstream consumers have had a chance to perform the migration.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Integration Instructions

    </blockquote>
    <hr>
  </details>
  

Full Changelog: dev-v2025020001.0.0...dev-v2025020001.0.1

release-v2025020000.0.7

What's Changed

• [Cherry-Pick] ShellPkg: Shell Validate parameter before use. @apop5 (#1447)
  
  Change Details

    ## Description

  When FvSimpleFileSystem is included in a firmware image, the FV is accessible as a simple file system.

  Shell contained a bad assumption that the FileDevicepath, the path where the efi shell was loaded from, was always a Media device path/media vendor device path. It would make a blind cast of the device path node.

  Add a check to verify device path type/subtype before casting the node to a FILEPATH_DEVICE_PATH.

  (cherry picked from commit c27552f)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Booted Q35 with FvSimpleFileSystem added to observe error.
  After fix, test with custom startup.nsh included (EMPTY_DRIVE=TRUE) and without startup.nsh
  FILE FREEFORM = gPcBdsPkgTokenSpaceGuid { SECTION RAW = startup.nsh SECTION UI = "startup.nsh" }

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [REBASE \& FF] [CHERRY-PICK] Revert Mu Changes and CP edk2 Commits @os-d (#1448)
  
  Change Details

    ## Description

  Printing driver loading statements unconditionally was upstreamed to edk2 in a different fashion that always printed the filename, as this is one of the most useful things a debug log contains and didn't print at error level as loading drivers is not an error.

  This reverts the mu commits and cherry-picks the edk2 commits. It also reapplies one of the Mu commits as it contained unrelated perf code.

  I chose to backport this to the release branch because platforms have requested not having driver load statements at error level.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] MdePkg/AArch64: fix AsmMacroLib signed value handling for MOV32/MOV64 @makubacki (#1446)
  
  Change Details

    ## Description

  MOV32 and MOV64, defined in AsmMacrolib.h, use a combination of movz and movk instructions to fill a register with an immediate value. With each instruction supplying 16 of the bits.

  CLANGPDB builds have been reported to fail on the current implementation when provided with negative values with:
  error: immediate must be an integer in range [0, 65535].

  To resolve this, add a mask for the line filling the top 16 bits, like the other lines already had.

  Reported-by: Michael Kubacki mikuback@linux.microsoft.com

  (cherry picked from edk2 commit 3e7e3e2)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  • QemuSbsaPkg CLANGPDB build

  Integration Instructions

  • Include this commit if seeing this issue:

  error: immediate must be an integer in range [0, 65535].
  movz x9, (-1) >> 48, lsl #48
  movk x9, ((-1) >> 32) & 0xffff, lsl #32
  movk x9, ((-1) >> 16) & 0xffff, lsl #16
  movk x9, (-1) & 0xffff
  

  From MOV64 (x9, ARM_FFA_RET_NOT_SUPPORTED) in MdePkg/Include/AArch64/AsmMacroLib.h.
  

  
  

  ---

  
  

• [CHERRY-PICK] Remove dynamic PcdStatusCodeUseSerial usage in MM [Rebase \& FF] @K-Pavana (#1443)
  
  Change Details

    ## Description

  This is cherry-pick of EDK2 change: tianocore/edk2#10879

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Cherry-Pick EDK2 change.
  Without this change, PcdStatusCodeUseSerial, a dynamic Pcd is accessed in MM driver, resulting in assert.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] HobLib: Add two new APIs in HobLib @K-Pavana (#1440)
  
  Change Details

    This is cherry-pick from EDK2: https://github.com/tianocore/edk2/pull/10941

  Description:

  This commit is to add two new APIs in HobLib.h:
  GetNextMemoryAllocationGuidHob ()
  TagMemoryAllocationHobWithGuid ()

  The UEFI_PI_SPEC defines the EFI_GUID Name in the EFI_HOB_MEMORY_ALLOCATION_HEADER as:
  A GUID that defines the memory allocation region’s type and purpose, as well as other fields within the memory allocation HOB.

  Currently there is no API in HobLib to handle this Name GUID in EFI_HOB_MEMORY_ALLOCATION_HEADER, and the code logic is common. So the following 2 APIs are added to:

  1.The GetNextMemoryAllocationGuidHob () returns the next instance of the Memory Allocation HOB with the matched GUID from a starting HOB pointer.

  2.The TagMemoryAllocationHobWithGuid () searchs the HOB list for the Memory Allocation HOB with a matching base address and set the Name GUID. Then the instance of the tagged Memory Allocation HOB with matched base address is returned.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  EDK2 cherry-pick

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• ShellPkg: Add definitions for PCIe extended capabilities @K-Pavana (#1438)
  
  Change Details

    ## Description

  This is Cherry-pick of EDK2 changes: tianocore/edk2#10957
  Commit IDs: aa32d2c and defdccd.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Integrated the changes on MUEFI Intel Gen12 along with Intel reference code. Build and Boot test on Intel simics was successful.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] MdePkg: Add DEBUG\_SECURITY Bit in PcdDebugPrintErrorLevel @os-d (#1435)
  
  Change Details

    ## Description

  Tcg2Dxe and its libraries are currently the noisiest modules in edk2. For a sample platform printing at INFO level, Tcg2Dxe printed 4,000 lines out of 5,700 total lines printed.

  This commit defines a DEBUG_SECURITY bit to control the debug output of Tcg2Dxe and other security related components. Most of the output is not useful except for deep debugging of TPM transactions, so it is appropriate to only print when the DEBUG_SECURITY bit is present.

  (cherry picked from commit dbf45a8)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  edk2 cherry-pick

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [Cherry-Pick] Apply Read only on AP Wakeup Buffers [Rebase \& FF] @apop5 (#1434)
  
  Change Details

    ## Description Revert original mu version of patch. Cherry-Pick the up streamed version of Applying Read only on AP Wakeup buffers.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Booted Q35 with changes applied and verified page audit did not report AP buffers.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [Cherry-Pick] BaseTools: Improve report generation for Nested Fvs. @apop5 (#1433)
  
  Change Details

    ## Description Build report would not detect a nested FV if the nested FV was not in a subsection of an FFS statement.

  Modify the build report to better handle some of the variations of nested FVs.

  Failing Exampl...

dev-v2025020001.0.0

What's Changed

• [Cherry-Pick] ShellPkg: Shell Validate parameter before use. @apop5 (#1447)
  
  Change Details

    ## Description

  When FvSimpleFileSystem is included in a firmware image, the FV is accessible as a simple file system.

  Shell contained a bad assumption that the FileDevicepath, the path where the efi shell was loaded from, was always a Media device path/media vendor device path. It would make a blind cast of the device path node.

  Add a check to verify device path type/subtype before casting the node to a FILEPATH_DEVICE_PATH.

  (cherry picked from commit c27552f)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Booted Q35 with FvSimpleFileSystem added to observe error.
  After fix, test with custom startup.nsh included (EMPTY_DRIVE=TRUE) and without startup.nsh
  FILE FREEFORM = gPcBdsPkgTokenSpaceGuid { SECTION RAW = startup.nsh SECTION UI = "startup.nsh" }

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [REBASE \& FF] [CHERRY-PICK] Revert Mu Changes and CP edk2 Commits @os-d (#1448)
  
  Change Details

    ## Description

  Printing driver loading statements unconditionally was upstreamed to edk2 in a different fashion that always printed the filename, as this is one of the most useful things a debug log contains and didn't print at error level as loading drivers is not an error.

  This reverts the mu commits and cherry-picks the edk2 commits. It also reapplies one of the Mu commits as it contained unrelated perf code.

  I chose to backport this to the release branch because platforms have requested not having driver load statements at error level.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] MdePkg/AArch64: fix AsmMacroLib signed value handling for MOV32/MOV64 @makubacki (#1446)
  
  Change Details

    ## Description

  MOV32 and MOV64, defined in AsmMacrolib.h, use a combination of movz and movk instructions to fill a register with an immediate value. With each instruction supplying 16 of the bits.

  CLANGPDB builds have been reported to fail on the current implementation when provided with negative values with:
  error: immediate must be an integer in range [0, 65535].

  To resolve this, add a mask for the line filling the top 16 bits, like the other lines already had.

  Reported-by: Michael Kubacki mikuback@linux.microsoft.com

  (cherry picked from edk2 commit 3e7e3e2)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  • QemuSbsaPkg CLANGPDB build

  Integration Instructions

  • Include this commit if seeing this issue:

  error: immediate must be an integer in range [0, 65535].
  movz x9, (-1) >> 48, lsl #48
  movk x9, ((-1) >> 32) & 0xffff, lsl #32
  movk x9, ((-1) >> 16) & 0xffff, lsl #16
  movk x9, (-1) & 0xffff
  

  From MOV64 (x9, ARM_FFA_RET_NOT_SUPPORTED) in MdePkg/Include/AArch64/AsmMacroLib.h.
  

  
  

  ---

  
  

• [CHERRY-PICK] Remove dynamic PcdStatusCodeUseSerial usage in MM [Rebase \& FF] @K-Pavana (#1443)
  
  Change Details

    ## Description

  This is cherry-pick of EDK2 change: tianocore/edk2#10879

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Cherry-Pick EDK2 change.
  Without this change, PcdStatusCodeUseSerial, a dynamic Pcd is accessed in MM driver, resulting in assert.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] HobLib: Add two new APIs in HobLib @K-Pavana (#1440)
  
  Change Details

    This is cherry-pick from EDK2: https://github.com/tianocore/edk2/pull/10941

  Description:

  This commit is to add two new APIs in HobLib.h:
  GetNextMemoryAllocationGuidHob ()
  TagMemoryAllocationHobWithGuid ()

  The UEFI_PI_SPEC defines the EFI_GUID Name in the EFI_HOB_MEMORY_ALLOCATION_HEADER as:
  A GUID that defines the memory allocation region’s type and purpose, as well as other fields within the memory allocation HOB.

  Currently there is no API in HobLib to handle this Name GUID in EFI_HOB_MEMORY_ALLOCATION_HEADER, and the code logic is common. So the following 2 APIs are added to:

  1.The GetNextMemoryAllocationGuidHob () returns the next instance of the Memory Allocation HOB with the matched GUID from a starting HOB pointer.

  2.The TagMemoryAllocationHobWithGuid () searchs the HOB list for the Memory Allocation HOB with a matching base address and set the Name GUID. Then the instance of the tagged Memory Allocation HOB with matched base address is returned.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  EDK2 cherry-pick

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• ShellPkg: Add definitions for PCIe extended capabilities @K-Pavana (#1438)
  
  Change Details

    ## Description

  This is Cherry-pick of EDK2 changes: tianocore/edk2#10957
  Commit IDs: aa32d2c and defdccd.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Integrated the changes on MUEFI Intel Gen12 along with Intel reference code. Build and Boot test on Intel simics was successful.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] MdePkg: Add DEBUG\_SECURITY Bit in PcdDebugPrintErrorLevel @os-d (#1435)
  
  Change Details

    ## Description

  Tcg2Dxe and its libraries are currently the noisiest modules in edk2. For a sample platform printing at INFO level, Tcg2Dxe printed 4,000 lines out of 5,700 total lines printed.

  This commit defines a DEBUG_SECURITY bit to control the debug output of Tcg2Dxe and other security related components. Most of the output is not useful except for deep debugging of TPM transactions, so it is appropriate to only print when the DEBUG_SECURITY bit is present.

  (cherry picked from commit dbf45a8)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  edk2 cherry-pick

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [Cherry-Pick] Apply Read only on AP Wakeup Buffers [Rebase \& FF] @apop5 (#1434)
  
  Change Details

    ## Description Revert original mu version of patch. Cherry-Pick the up streamed version of Applying Read only on AP Wakeup buffers.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Backport to release branch?

  How This Was Tested

  Booted Q35 with changes applied and verified page audit did not report AP buffers.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [Cherry-Pick] BaseTools: Improve report generation for Nested Fvs. @apop5 (#1433)
  
  Change Details

    ## Description Build report would not detect a nested FV if the nested FV was not in a subsection of an FFS statement.

  Modify the build report to better handle some of the variations of nested FVs.

  Failing Exampl...

release-v2025020000.0.6

What's Changed

• UefiCpuPkg: Remove Nx From EfiBootServicesCode allocation. by @apop5 in #1397

Full Changelog: v2025020000.0.5...v2025020000.0.6

dev-v2025020000.0.6

What's Changed

• UefiCpuPkg: Remove Nx From EfiBootServicesCode allocation. by @apop5 in #1397

Full Changelog: dev-v2025020000.0.5...dev-v2025020000.0.6

release-v2025020000.0.5

What's Changed

• Fix the release sha256 after modifying the release by @kuqin12 in #1389
• [CHERRY-PICK] NetworkPkg/HttpBootDxe: Wait for IPv6 DAD before issuing DHCPv6 requests by @kanechen66 in #1392
• Update BaseTool binaries weekly by @Javagedes in #1383
• [CHERRY-PICK] NetworkPkg: Update to make IPv6 prefix length 128 will not be excluded by @Ken-Pong in #1386
• Repo File Sync: Update mu_devops workflow tags to 15.0.1 by @mu-automation in #1393
• [dev/202502] Update BaseTools ext dep to v2025020000.0.3 by @mu-automation in #1395
• UefiCpuPkg: Add Ro to Ap Buffer after copying ApLoopCode. by @apop5 in #1356

New Contributors

• @Ken-Pong made their first contribution in #1386

Full Changelog: v2025020000.0.4...v2025020000.0.5