Releases: microsoft/mu_basecore
dev-v2025020000.0.5
What's Changed
- Fix the release sha256 after modifying the release by @kuqin12 in #1389
- [CHERRY-PICK] NetworkPkg/HttpBootDxe: Wait for IPv6 DAD before issuing DHCPv6 requests by @kanechen66 in #1392
- Update BaseTool binaries weekly by @Javagedes in #1383
- [CHERRY-PICK] NetworkPkg: Update to make IPv6 prefix length 128 will not be excluded by @Ken-Pong in #1386
- Repo File Sync: Update mu_devops workflow tags to 15.0.1 by @mu-automation in #1393
- [dev/202502] Update BaseTools ext dep to dev-v2025020000.0.3 by @mu-automation in #1394
- UefiCpuPkg: Add Ro to Ap Buffer after copying ApLoopCode. by @apop5 in #1356
New Contributors
Full Changelog: dev-dev-2025020000.0.4...dev-v2025020000.0.5
Contributors
Assets 4
release-2024050004.0.3
Full Changelog: v2024050004.0.2...v2024050004.0.3
dev-v2024050004.0.3
What's Changed
- Repo File Sync: synced file(s) with microsoft/mu_devops by @uefibot in #1300
- RustToolChain: Bump RustToolChain from 1.80 to 1.84. by @uefibot in #1316
- GitHub Action: Bump robinraju/release-downloader from 1.11 to 1.12 by @dependabot in #1318
- [CHERRY-PICK] Reconcile Upstream Standalone MM Perf Changes Back to Mu Basecore [Rebase & FF] by @makubacki in #1319
- Add CPU_INFORMATION_HEADER struct to STM_HEADER by @kenlautner in #1317
- BaseTools/UefiVarPatcher: Add plugin by @makubacki in #1326
- Add MsegSize to the CPU_INFORMATION_HEADER struct by @kenlautner in #1332
- Add TpmLogProtocol + Changes for Tcg2InitEventLib by @Raymond-MS in #1344
- [REVERT] Revert stm header changes by @kenlautner in #1348
- FileSync: bring githhub app backport to 202405 by @apop5 in #1350
- [Cherry-Pick] [202405] MdeModulePkg: Fixes for Null pointer and failed spi access. [Rebase & FF] by @apop5 in #1351
- MdePkg: Add MockSynchronizationLib and MockSmmSxDispatch2 by @TsunFengHuang in #1340
- [REBASE & FF] NvmExpressDxe: Request Number of Queues from Controller by @VivianNK in #1260
- Revert TpmLogProtocol Changes by @Raymond-MS in #1363
- [2405] Prevent memcpy intrinsics in VS22 (17.14.2) [Rebase & FF] by @makubacki in #1375
- NVME: Fix an issue with zero-sized queue allocation [202405] by @apop5 in #1377
- MdeModulePkg/FaultTolerantWriteDxe: Add validation for FtwWorkSpaceHeader by @wenbhou in #1370
- [CHERRY-PICK] NetworkPkg/HttpBootDxe: Wait for IPv6 DAD before issuing DHCPv6 requests by @kanechen66 in #1391
New Contributors
- @TsunFengHuang made their first contribution in #1340
Full Changelog: dev-v2024050004.0.1...dev-v2024050004.0.3
Contributors
Assets 4
dev-2025020000.0.4
What's Changed
- Update to new base tools by @kuqin12 in #1384
- Repo File Sync: Update to Mu DevOps v15.0.0 and Rust 1.85 by @mu-automation in #1388
Full Changelog: dev-v2025020000.0.3...dev-dev-2025020000.0.4
Contributors
Assets 2
release-v2025020000.0.4
Full Changelog: v2025020000.0.3...v2025020000.0.4
release-v2025020000.0.3
What's Changed
-
MdeModulePkg: Refactor MM Services Tables linked in MM Core Perf Lib @makubacki (#1369)
Change Details
## Description
The code used a
MmServicesTableLibdependency for both the Standalone MM and Traditional MM instances and shared code between those. There is not a readily availableMmServicesTablelib instance for Traditional SMM (that can link toPiSmmCore). To ease integration and prevent creating an instance just for this case, this change usesSmmServicesTableLibin the Traditional SMM instance andMmServicesTableLibin the Standalone MM instance and moves code as necessary to accommodate this.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
- Tested Standalone MM on Qemu Q35 and Traditional MM on OvmfPkg X64.
Integration Instructions
N/A
-
Prevent memcpy intrinsics in VS22 (17.14.2) [Rebase \& FF] @makubacki (#1373)
Change Details
## Description
The latest VS2022 update replaces some code patterns with struct assignments with
memcpy. This change convert the code to explicitly useCopyMem.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
- VS22 17.14.2 build before and after the changes
Integration Instructions
N/A
-
Update Basetools @kuqin12 (#1368)
Change Details
## Description
It has been 2 years since we update the base tools...
The specific fix needed is https://edk2.groups.io/g/devel/topic/103287393.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
This was tested on hardware platform and verified a bug fix.
Integration Instructions
N/A
</blockquote> <hr> </details>
-
[REBASE \& FF] NvmExpressDxe: Request Number of Queues from Controller @VivianNK (#1359)
Change Details
## Description
Cherry picking the changes from dev/202405: #1260
Request Number of Queues from the Controller. If the number of queues is <2, then we only have a synchronous queue and do not support asynchronous BlockIo2 functionality.
Created issue #1335 for
PcdSupportAlternativeQueueSizeCreated issue #1358 for continuing after failing to install BlockIo2
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
CI and QEMU with NVMe virtualization with max_ioqpairs=1, 2, 64
Used
reconnectandconnect -rcmds in Shell on the virtualized NVMe controller handle to trigger theNvmeControllerResetfunction (saw in the run log).
Confirmed the device was reconnected usingdevtree.
Successfully wrote to file systems on the NVMe drive to test data queues.Integration Instructions
N/A
-
[Cherry-Pick] MdePkg: Add \_CSD and \_STA Acpi definitions. [Rebase \& FF] @apop5 (#1367)
Change Details
## Description
Add _CSD version and number of entries definition. These were introduced in the ACPI 3.0 specification. Reference: ACPI 6.5 specification, section 8.4.1.2, Table 8.3: C-State Dependency Package Values. Adds _STA device status bit definitions. Reference: ACPI 6.5 specification, section 6.3.7- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Local CI only: these are just additional definitions used by silicon vendor code.
Integration Instructions
No integration necessary.
🐛 Bug Fixes
-
NVME: Fix an issue with zero-sized queue allocation @joschock (#1376)
Change Details
## Description
The calculation to determine
AdminQueuePairPageCountresults in a zero page count due Submission Queue and Completion Queue NumberOfEntries fields not being initialized. On some systems, this request for a zero page allocation causes thePciIo->AllocateBuffer()call to fail withEFI_INVALID_PARAMETERwhich results in failure to properly initialize the NVME driver and prevents NVME functioning.This PR adds initialization of the relevant fields from the NVME Admin Queue Attributes to ensure that
AdminQueuePairPageCountis properly initialized to a non-zero value.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Prior to the change, can reproduce
EFI_INVALID_PARAMETERreturn code from NvmeControllerInit. After the change, NVME initializes as expected and storage can be used to boot the OS.Integration Instructions
N/A
</blockquote> <hr> </details>
Contributors
Assets 4
dev-v2025020000.0.3
What's Changed
-
[SQUASH ON REBASE] Revert basetool MU changes @kuqin12 (#1379)
Change Details
## Description
This change reverts 3 commits from last Project MU release branch because they are already upstreamed to EDK2.
The double change is causing the CC and other tools not picking up the intended compiler when doing cross compilation, producing binaries that is the same as the host system instead of target system.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
This change was tested on Linux ARM system and verified functional.
Integration Instructions
N/A
-
MdeModulePkg: Refactor MM Services Tables linked in MM Core Perf Lib @makubacki (#1369)
Change Details
## Description
The code used a
MmServicesTableLibdependency for both the Standalone MM and Traditional MM instances and shared code between those. There is not a readily availableMmServicesTablelib instance for Traditional SMM (that can link toPiSmmCore). To ease integration and prevent creating an instance just for this case, this change usesSmmServicesTableLibin the Traditional SMM instance andMmServicesTableLibin the Standalone MM instance and moves code as necessary to accommodate this.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
- Tested Standalone MM on Qemu Q35 and Traditional MM on OvmfPkg X64.
Integration Instructions
N/A
-
Prevent memcpy intrinsics in VS22 (17.14.2) [Rebase \& FF] @makubacki (#1373)
Change Details
## Description
The latest VS2022 update replaces some code patterns with struct assignments with
memcpy. This change convert the code to explicitly useCopyMem.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
- VS22 17.14.2 build before and after the changes
Integration Instructions
N/A
-
Update Basetools @kuqin12 (#1368)
Change Details
## Description
It has been 2 years since we update the base tools...
The specific fix needed is https://edk2.groups.io/g/devel/topic/103287393.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
This was tested on hardware platform and verified a bug fix.
Integration Instructions
N/A
</blockquote> <hr> </details>
-
[REBASE \& FF] NvmExpressDxe: Request Number of Queues from Controller @VivianNK (#1359)
Change Details
## Description
Cherry picking the changes from dev/202405: #1260
Request Number of Queues from the Controller. If the number of queues is <2, then we only have a synchronous queue and do not support asynchronous BlockIo2 functionality.
Created issue #1335 for
PcdSupportAlternativeQueueSizeCreated issue #1358 for continuing after failing to install BlockIo2
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
CI and QEMU with NVMe virtualization with max_ioqpairs=1, 2, 64
Used
reconnectandconnect -rcmds in Shell on the virtualized NVMe controller handle to trigger theNvmeControllerResetfunction (saw in the run log).
Confirmed the device was reconnected usingdevtree.
Successfully wrote to file systems on the NVMe drive to test data queues.Integration Instructions
N/A
-
[Cherry-Pick] MdePkg: Add \_CSD and \_STA Acpi definitions. [Rebase \& FF] @apop5 (#1367)
Change Details
## Description
Add _CSD version and number of entries definition. These were introduced in the ACPI 3.0 specification. Reference: ACPI 6.5 specification, section 8.4.1.2, Table 8.3: C-State Dependency Package Values. Adds _STA device status bit definitions. Reference: ACPI 6.5 specification, section 6.3.7- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Local CI only: these are just additional definitions used by silicon vendor code.
Integration Instructions
No integration necessary.
🐛 Bug Fixes
-
[SQUASH ON REBASE] MdeModulePkg: Fix macros to convert bytes to pages @VivianNK (#1378)
Change Details
## Description
Fix a bug introduced in 1aa501c
When adding the macro for calculating queue sizes, the EFI_SIZE_TO_PAGES conversion was left out.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested in 202405 CI
Integration Instructions
N/A
-
NVME: Fix an issue with zero-sized queue allocation @joschock (#1376)
Change Details
## Description
The calculation to determine
AdminQueuePairPageCountresults in a zero page count due Submission Queue and Completion Queue NumberOfEntries fields not being initialized. On some systems, this request for a zero page allocation causes thePciIo->AllocateBuffer()call to fail withEFI_INVALID_PARAMETERwhich results in failure to properly initialize the NVME driver and prevents NVME functioning.This PR adds initialization of the relevant fields from the NVME Admin Queue Attributes to ensure that
AdminQueuePairPageCountis properly initialized to a non-zero value.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Prior to the change, can reproduce
EFI_INVALID_PARAMETERreturn code from NvmeControllerInit. After the change, NVME initializes as expected and storage can be used to boot the OS.Integration Instructions
N/A
</blockquote> <hr> </details>
Full Changelog: dev-v2025020000.0.2...dev-v2025020000.0.3
Contributors
Assets 4
release-v2025020000.0.2
What's Changed
-
[Cherry-Pick] StandaloneMmPkg/Core: pass HOB list in MMRAM to library constructor [Rebase \& FF] @apop5 (#1365)
Change Details
## Description
The commit changes the code to initializes new HOB list in MMRAM before the ProcessLibraryConstructorList() and pass the MMRAM HOB list to lib constructor.
Previously, the HOB list in non-MMRAM range is passed to the lib constructor. Then code in the library constructor would consume unverified HOB list in non-MMRAM buffer. With this commit, the HOB validation and memory allocation HOB migration are doned before the library constructor.
Cherry-Picked from edk2
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Server platform was failing to boot prior to these cherry-picks
Integration Instructions
No Integration Necessary.
-
Revert "Add X509CompareDateTime Function (#1355)" @Flickdm (#1366)
Change Details
This reverts commit 05c7a52.
Description
This change was brought in before the crypto side was prepared to make this change.
In order to unblock MU_BASECORE - this commit will be reverted and will be brought in in order.This is not considered a breaking change because this is not in the release.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
reverted this commit on a platform and confirmed that this resolved the issue.
Integration Instructions
N/A
-
MdePkg: Add MockSynchronizationLib and MockSmmSxDispatch2 [Merge \& FF] @apop5 (#1361)
Change Details
## Description Cherry-Pick PR that was completed into the 202405 after 202502 became available.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
CI.
Integration Instructions
No integration necessary.
-
Add X509CompareDateTime Function @liqiqiii (#1355)
Change Details
## Description
Add X509CompareDateTime function.
This function was missed before because it has a return type of INT32 which is not included in current generate_cryptodriver.py.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested with X64 STANDARD/TINY_SHA, build successfully.
Integration Instructions
When integrating this, consume the latest MU_CRYPTO_RELEASE PR too.
-
Minor Plugin Tweaks @apop5 (#1353)
Change Details
## Description
Minor Plugin Tweaks
Set of minor plugin changes made in Project Mu such as adjusting
output messages, etc.Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Local CI runs to verify that nothing is broken.
Integration Instructions
No integration necessary.
-
[Cherry-Pick] [202502] MdeModulePkg: Fixes for Null pointer and failed spi access. [Rebase \& FF] @apop5 (#1352)
Change Details
## Description
CherryPick two commits from edk2.
https://github.com/tianocore/edk2/pull/10945/files
https://github.com/tianocore/edk2/pull/10924/files- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
On platform using these modules, observed failures prior to changes. (failure to access SPI, null pointer dereference)
After integrating changes, verified that platforms functions as expected
Integration Instructions
No Integration Necessary
🔐 Security Impacting
-
[REBASE \& FF] Integrate edk2 Memory Protection Fixes and Fix the Ensuing Chaos @os-d (#1362)
Change Details
## Description
This PR reverts a Mu commit that was upstreamed to edk2 as well as cherry-picking some new edk2 functionality. Changing the behavior in edk2 exposed a number of Mu bugs in memory protections that are now fixed.
Revert "MdeModulePkg: Update Memory Logging"
This reverts commit 7006e33 as it has been upstreamed to edk2 in commits d6101ac, 5ccb5ff, and 6c6d6f4.
Four edk2 Cherry-Picks
These cherry-picks cover the commit that was reverted and better align image memory protections with the GCD, to keep it in sync, enabling a use case to apply CPU_CRYPTO to all memory near the end of boot.
[SQUASH ON REBASE]MdeModulePkg: Don't Set EFI_MEMORY_RP in the GCD
EFI_MEMORY_RP is set on free memory when the corresponding bit in the memory protection HOB is enabled. It is directly set in the page table using the CPU arch protocol because it cannot go through the GCD; it is not feasible with the current locking structure for the paging code to unset it in the GCD, as that may require new pages to be allocated, etc.
This commit fixes the memory protection code to not apply RP in the GCD on accident when trying to apply NX protections. This
causes issues as RP is never cleared and if a driver tries to get attributes from the GCD and update a caching attribute, say, it can end up marking the page RP and then fault trying to acces it.This also prevents UefiCpuPkg's CpuDxe from applying RP to the GCD when refreshing the GCD from paging, for the same reason.
This should be squashed with ea5dd58 on rebase.
[SQUASH ON REBASE] MdeModulePkg: Page Align Access Attr Removal
Currently, when the image loading code decides not to protect an image, it will attempt to remove any protection attributes from the image region to remove NX. However, it does not take into account that the primary reason we do not protect images is if they are not page aligned. This causes asserts when trying to unset these attributes through the GCD.
This patch aligns the access attribute removal to page boundaries.
It should be squashed on rebase with b95a42d.
[SQUASH ON REBASE] MdeModulePkg: Remove Image Access Attributes Correctly
We support loading non-page aligned images, however, in order to do so, we must remove any protection attributes set on them, for example NX protections applied early in DXE Core.
However, when we encounter non-page aligned images, we attempt to take their image base (which is not page aligned) and set attributes on it, which causes an assert to be hit that page attributes are only set on page aligned memory.
This commit removes the protection attributes for the entire page(s) containing the non-aligned image.
It should be squashed with e7e74b9 on rebase.
[SQUASH ON REBASE] MdeModulePkg: Don't Unset Memory Attrs to Unprotected Images
Currently, UnprotectUefiImage will attempt to unset memory attributes on any image record it finds for the given image, protected or unprotected. However, this is both a waste of time for unprotected images and can cause asserts when the image is unprotected because it does not have page aligned sections.
This patch fixes that behavior and does not attempt to unset the memory protections that were never applied.
It should be squashed with b95a42d on rebase.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested on an Intel server with aligned and unaligned images booting to shell.
Integration Instructions
N/A.
</blockquote> <hr> </details>
Contributors
Assets 4
dev-v2025020000.0.2
What's Changed
-
[Cherry-Pick] StandaloneMmPkg/Core: pass HOB list in MMRAM to library constructor [Rebase \& FF] @apop5 (#1365)
Change Details
## Description
The commit changes the code to initializes new HOB list in MMRAM before the ProcessLibraryConstructorList() and pass the MMRAM HOB list to lib constructor.
Previously, the HOB list in non-MMRAM range is passed to the lib constructor. Then code in the library constructor would consume unverified HOB list in non-MMRAM buffer. With this commit, the HOB validation and memory allocation HOB migration are doned before the library constructor.
Cherry-Picked from edk2
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Server platform was failing to boot prior to these cherry-picks
Integration Instructions
No Integration Necessary.
-
Revert "Add X509CompareDateTime Function (#1355)" @Flickdm (#1366)
Change Details
This reverts commit 05c7a52.
Description
This change was brought in before the crypto side was prepared to make this change.
In order to unblock MU_BASECORE - this commit will be reverted and will be brought in in order.This is not considered a breaking change because this is not in the release.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
reverted this commit on a platform and confirmed that this resolved the issue.
Integration Instructions
N/A
-
MdePkg: Add MockSynchronizationLib and MockSmmSxDispatch2 [Merge \& FF] @apop5 (#1361)
Change Details
## Description Cherry-Pick PR that was completed into the 202405 after 202502 became available.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
CI.
Integration Instructions
No integration necessary.
-
Add X509CompareDateTime Function @liqiqiii (#1355)
Change Details
## Description
Add X509CompareDateTime function.
This function was missed before because it has a return type of INT32 which is not included in current generate_cryptodriver.py.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested with X64 STANDARD/TINY_SHA, build successfully.
Integration Instructions
When integrating this, consume the latest MU_CRYPTO_RELEASE PR too.
-
Minor Plugin Tweaks @apop5 (#1353)
Change Details
## Description
Minor Plugin Tweaks
Set of minor plugin changes made in Project Mu such as adjusting
output messages, etc.Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Local CI runs to verify that nothing is broken.
Integration Instructions
No integration necessary.
-
[Cherry-Pick] [202502] MdeModulePkg: Fixes for Null pointer and failed spi access. [Rebase \& FF] @apop5 (#1352)
Change Details
## Description
CherryPick two commits from edk2.
https://github.com/tianocore/edk2/pull/10945/files
https://github.com/tianocore/edk2/pull/10924/files- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
On platform using these modules, observed failures prior to changes. (failure to access SPI, null pointer dereference)
After integrating changes, verified that platforms functions as expected
Integration Instructions
No Integration Necessary
🔐 Security Impacting
-
[REBASE \& FF] Integrate edk2 Memory Protection Fixes and Fix the Ensuing Chaos @os-d (#1362)
Change Details
## Description
This PR reverts a Mu commit that was upstreamed to edk2 as well as cherry-picking some new edk2 functionality. Changing the behavior in edk2 exposed a number of Mu bugs in memory protections that are now fixed.
Revert "MdeModulePkg: Update Memory Logging"
This reverts commit 7006e33 as it has been upstreamed to edk2 in commits d6101ac, 5ccb5ff, and 6c6d6f4.
Four edk2 Cherry-Picks
These cherry-picks cover the commit that was reverted and better align image memory protections with the GCD, to keep it in sync, enabling a use case to apply CPU_CRYPTO to all memory near the end of boot.
[SQUASH ON REBASE]MdeModulePkg: Don't Set EFI_MEMORY_RP in the GCD
EFI_MEMORY_RP is set on free memory when the corresponding bit in the memory protection HOB is enabled. It is directly set in the page table using the CPU arch protocol because it cannot go through the GCD; it is not feasible with the current locking structure for the paging code to unset it in the GCD, as that may require new pages to be allocated, etc.
This commit fixes the memory protection code to not apply RP in the GCD on accident when trying to apply NX protections. This
causes issues as RP is never cleared and if a driver tries to get attributes from the GCD and update a caching attribute, say, it can end up marking the page RP and then fault trying to acces it.This also prevents UefiCpuPkg's CpuDxe from applying RP to the GCD when refreshing the GCD from paging, for the same reason.
This should be squashed with ea5dd58 on rebase.
[SQUASH ON REBASE] MdeModulePkg: Page Align Access Attr Removal
Currently, when the image loading code decides not to protect an image, it will attempt to remove any protection attributes from the image region to remove NX. However, it does not take into account that the primary reason we do not protect images is if they are not page aligned. This causes asserts when trying to unset these attributes through the GCD.
This patch aligns the access attribute removal to page boundaries.
It should be squashed on rebase with b95a42d.
[SQUASH ON REBASE] MdeModulePkg: Remove Image Access Attributes Correctly
We support loading non-page aligned images, however, in order to do so, we must remove any protection attributes set on them, for example NX protections applied early in DXE Core.
However, when we encounter non-page aligned images, we attempt to take their image base (which is not page aligned) and set attributes on it, which causes an assert to be hit that page attributes are only set on page aligned memory.
This commit removes the protection attributes for the entire page(s) containing the non-aligned image.
It should be squashed with e7e74b9 on rebase.
[SQUASH ON REBASE] MdeModulePkg: Don't Unset Memory Attrs to Unprotected Images
Currently, UnprotectUefiImage will attempt to unset memory attributes on any image record it finds for the given image, protected or unprotected. However, this is both a waste of time for unprotected images and can cause asserts when the image is unprotected because it does not have page aligned sections.
This patch fixes that behavior and does not attempt to unset the memory protections that were never applied.
It should be squashed with b95a42d on rebase.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Tested on an Intel server with aligned and unaligned images booting to shell.
Integration Instructions
N/A.
</blockquote> <hr> </details>
Full Changelog: dev-v2025020000.0.1...dev-v2025020000.0.2
Contributors
Assets 4
release-v2025020000.0.1
What's Changed
-
Add Missed Mock Functions @apop5 (#1349)
Change Details
## Description Add mock functions under MockUefiLib and Create Mock for CapsuleLib, PerformanceLib, MockUefiBootManagerLib and GenericMemoryTestProtocol
Add mock functions under MockUefiLib and Create Mock for CapsuleLib, PerformanceLib and GenericMemoryTestProtocol
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
- Backport to release branch?
How This Was Tested
Unit tests component can call these mock functions success
Integration Instructions
N/A
</blockquote> <hr> </details>