Releases: microsoft/mu_feature_mm_supv
v15.0.1
What's Changed
-
Change override tag to tracking tag @kenlautner (#388)
Change Details
## Description
Changed the override tag for StandaloneMmCore.inf to a tracking tag and we now also track the release branches. This is because some consumers of the supervisor only use the release/branches instead of the dev branch.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on physical platform. The platform can be built while using the release branches with this change.
Integration Instructions
N/A
-
Separate .bss section from the .data sections in the RELEASE image @kenlautner (#386)
Change Details
## Description
Separate the .bss section of the image in RELEASE builds. This is because we typically merge all of the different .data sections in RELEASE builds which normally includes the .bss section. This breaks SEA validation as it expects the .bss section to be ignored during validation but instead we're including it in the normal .data section validation.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on a SEA physical platform. Validation completes successfully with the change.
Integration Instructions
N/A
-
Remove override tags for a few libraries @kuqin12 (#387)
Change Details
## Description
This change got rid of the override/track tags for MmMemLib and HobLib, as the overridden modules are dehydrated enough to not carry meaningful override connection.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This is not functional change, so no testing is required.
Integration Instructions
N/A
</blockquote> <hr> </details>
-
Resolve override validation failure due to hob lib changes @kuqin12 (#384)
Change Details
## Description
This change updates the supervisor's hob lib to add the null implementation of
BuildResourceDescriptorV2.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This change was tested with QEMU Q35 and booted to Windows.
Integration Instructions
N/A
🐛 Bug Fixes
-
Remove `PeCoffLibNegative` from supervisor inf @kuqin12 (#385)
Change Details
## Description
PeCoffLibNegativewas introduced by accident, which should not be pulled into the supervisor core directly.This change removes the cross dependency.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This was tested on QEMU Q35 platform.
Integration Instructions
N/A
</blockquote> <hr> </details>
Full Changelog: v15.0.0...v15.0.1
Contributors
Assets 2
v15.0.0
What's Changed
-
Fix override validation failure @kuqin12 (#380)
Change Details
## Description
This change cherry-picks the basecore update from microsoft/mu_basecore@cd81b47.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This change is tested on QEMU Q35 platfrom.
Integration Instructions
N/A
-
MmSupervisorPkg: Update release version v14.002 @makubacki (#370)
Change Details
## Description
Updates the major and minor version to match the current GitHub release version (14.0.2).
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Verified version printed during boot.
Integration Instructions
N/A - No functional change.
⚠️ Breaking Changes
-
Add SMM Enhanced Attestation (SEA) Changes [Rebase \& FF] @makubacki (#378)
Change Details
## Description
Moves changes for the SEA feature to the
mainbranch.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified SEA functionality
Integration Instructions
- Integration instructions are work-in-progress
- Will be added in a separate, future change
🚀 Features & ✨ Enhancements
-
Add SMM Enhanced Attestation (SEA) Changes [Rebase \& FF] @makubacki (#378)
Change Details
## Description
Moves changes for the SEA feature to the
mainbranch.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified SEA functionality
Integration Instructions
- Integration instructions are work-in-progress
- Will be added in a separate, future change
-
MmSupervisorPkg: Add library to publish MM Supervisor version @makubacki (#371)
Change Details
## Description
Adds a new NULL class library called "DxeMmSupervisorVersionPublicationLib" that can be linked to any DXE module on a platform to publish MM Supervisor Version information. The library is optional for a platform to include as it does not impact MM Supervisor functionality. However, firmware and OS code may make use of the version information produced by this library if the information is published.
The library is meant to be simple to integrate not introducing any new dependency requirements on the module that it is linked against. It abstracts what version information is currently published and the implementation may change over time.
The MM Supevisor version information is queried and published as a UEFI variable that is available in both the firmware boot and OS environment.
The variable information is in Guid/MmSupervisorVersion.h. Variable policy is applied to the variable by this library as well.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified debug prints during boot.
- Checked variable policy.
- Read UEFI variable in OS.
- Read the MM Supervisor version reported in the OS (version here was tested against older MM Supervisor v11.0.1 release):
Integration Instructions
Platforms using the MM Supevisor can optionally add
NULL|MmSupervisorPkg/Library/DxeMmSupervisorVersionPublicationLib/DxeMmSupervisorVersionPublicationLib.inf
to a platform DXE module to publish MM Supervisor version information.
🔐 Security Impacting
-
Remove SMM profile code @kuqin12 (#379)
Change Details
## Description
The SMM memory profile code was some legacy never supported by us.
Instead, we have auditing test to assist the same functionality. Removing the code to get rid of certain global variables and unnecessary code.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This change was tested on QEMU Q35 platform.
Integration Instructions
N/A
📖 Documentation Updates
-
MmSupervisorPkg: Add library to publish MM Supervisor version @makubacki (#371)
Change Details
## Description
Adds a new NULL class library called "DxeMmSupervisorVersionPublicationLib" that can be linked to any DXE module on a platform to publish MM Supervisor Version information. The library is optional for a platform to include as it does not impact MM Supervisor functionality. However, firmware and OS code may make use of the version information produced by this library if the information is published.
The library is meant to be simple to integrate not introducing any new dependency requirements on the module that it is linked against. It abstracts what version information is currently published and the implementation may change over time.
The MM Supevisor version information is queried and published as a UEFI variable that is available in both the firmware boot and OS environment.
The variable information is in Guid/MmSupervisorVersion.h. Variable policy is applied to the variable by this library as well.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Verified debug prints during boot.
- Checked variable policy.
- Read UEFI variable in OS.
- Read the MM Supervisor version reported in the OS (version here was tested against older MM Supervisor v11.0.1 release):
Integration Instructions
Platforms using the MM Supevisor can optionally add
NULL|MmSupervisorPkg/Library/DxeMmSupervisorVersionPublicationLib/DxeMmSupervisorVersionPublicationLib.inf
to a platform DXE module to publish MM Supervisor version information.
Full Changelog: v14.0.2...v15.0.0
Contributors
Assets 2
v14.0.2
What's Changed
-
Updated BASECORE override tags @kenlautner (#368)
Change Details
## Description
Updated Override tags to work with the latest MU_BASECORE release/202405 commit
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested with CI
Integration Instructions
N/A
Full Changelog: v14.0.1...v14.0.2
Contributors
Assets 2
v14.0.1
What's Changed
-
Updated OverrideValidation hashes for new basecore @apop5 (#364)
Change Details
## Description
Update the override validation for StandaloneMmPkg changes that were cherry-picked from edk2.
No code changes are required, because the code changes were picked from a previous commit.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Local CI
Integration Instructions
N/A
-
Update override and tracking tags for StandaloneMmHobLib @kenlautner (#357)
Change Details
## Description
Basecore updated StandaloneMmHobLib so the relevant tags need to be updated.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Tested on physical platform. No issues seen.
Integration Instructions
N/A
🐛 Bug Fixes
-
Fix override tag @kenlautner (#360)
Change Details
## Description
The last override tag update accidentally added one that shouldn't be included in BaseLib.inf. This PR removes it.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Pipelines
Integration Instructions
N/A
Full Changelog: v14.0.0...v14.0.1
Contributors
Assets 2
v14.0.0
What's Changed
⚠️ Breaking Changes
-
Update override hash on PiSmmCore @kuqin12 (#349)
Change Details
## Description
Fixing an override hash failure from PiSmmCore
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This change was tested on Q35.
Integration Instructions
N/A
</blockquote> <hr> </details>
🐛 Bug Fixes
-
Fixing MmRanges would pull in extra data from the next hob @kuqin12 (#337)
Change Details
## Description
Currently the MmRanges reported through initialization steps will be manipulated by the IPL code to extend the last entry to be an empty placeholder so that it will be populated during the
ExecuteMmCoreFromMmramroutine.However, the preemptively extended range will pull in extra data from the next hob, which could cause the rest of supervisor initialization to fault. This change fixed such issue by not overly copying data from hob.
For details on how to complete to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This was tested on both QEMU Q35 and proprietary hardware platforms.
Integration Instructions
N/A
</blockquote> <hr> </details>
🔐 Security Impacting
-
Update override hash on PiSmmCore @kuqin12 (#349)
Change Details
## Description
Fixing an override hash failure from PiSmmCore from:
microsoft/mu_basecore@36f763dFor details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This change was tested on Q35.
Integration Instructions
N/A
</blockquote> <hr> </details>
Full Changelog: v13.0.2...v14.0.0
Contributors
Assets 2
v13.0.2
What's Changed
-
Fix override from CodeQL and cherry-picks from latest basecore @kuqin12 (#331)
Change Details
## Description
This change updated the override validation tags. It also integrates the cherry-pick commit from microsoft/mu_basecore@4d722ac.
For details on how to complete to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This was tested on pipeline and passed override check. Also booted on Q35 branch.
Integration Instructions
The change needs to pair with basecore commit microsoft/mu_basecore@4d722ac or later.
</blockquote> <hr> </details>
Full Changelog: v13.0.1...v13.0.2
Contributors
Assets 2
v13.0.1
What's Changed
-
Document update and version change @kuqin12 (#322)
Change Details
## Description
This change updates the version information of this package and module. It also updates the document on how to integrate the latest changes into platforms that are picking up 202405.
The version number is updated from
11to13to match the release version, which was missed in v12 release.- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
N/A
Integration Instructions
N/A
- Impacts functionality?
Full Changelog: v13.0.0...v13.0.1
Contributors
Assets 2
v13.0.0
What's Changed
⚠️ Breaking Changes
-
[Rebase \& FF] [202405] 2405 integration for supervisor @kuqin12 (#321)
Change Details
## Description
This change integrates the upstream changes from 2405 release tag into supervisor
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Change is tested on QEMU Q35 branch.
Integration Instructions
N/A
- Impacts functionality?
🔐 Security Impacting
-
[Rebase \& FF] [202405] 2405 integration for supervisor @kuqin12 (#321)
Change Details
## Description
This change integrates the upstream changes from 2405 release tag into supervisor
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Change is tested on QEMU Q35 branch.
Integration Instructions
N/A
- Impacts functionality?
Full Changelog: v12.0.2...v13.0.0
Contributors
Assets 2
v12.0.2
What's Changed
🐛 Bug Fixes
-
Changed AllocatePageTableMemory to include a new variable @kenlautner (#317)
Change Details
## Description
Updated AllocatePageTableMemory to include a new input variable *NewAllocation. This variable is used to keep track of if new pages were allocated for use in the page table page pool. This fixes a bug where if we run out of page table pool pages while changing some pages memory attributes we'll recursively call into ConvertMemoryPageAttributes while allocating pages leading to unaccounted for pages in the original call. This leads to an assert by the ConvertMemoryPageAttributes code.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on two separate physical platforms that experienced the issue in different circumstances. This fix tested on those reproing platforms have the issue resolved and no longer saw any asserts.
Integration Instructions
N/A
- Impacts functionality?
🔐 Security Impacting
-
Changed AllocatePageTableMemory to include a new variable @kenlautner (#317)
Change Details
## Description
Updated AllocatePageTableMemory to include a new input variable *NewAllocation. This variable is used to keep track of if new pages were allocated for use in the page table page pool. This fixes a bug where if we run out of page table pool pages while changing some pages memory attributes we'll recursively call into ConvertMemoryPageAttributes while allocating pages leading to unaccounted for pages in the original call. This leads to an assert by the ConvertMemoryPageAttributes code.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Tested on two separate physical platforms that experienced the issue in different circumstances. This fix tested on those reproing platforms have the issue resolved and no longer saw any asserts.
Integration Instructions
N/A
- Impacts functionality?
Full Changelog: v12.0.1...v12.0.2
Contributors
Assets 2
v12.0.1
What's Changed
-
Fixing override validation for basecore 2023110009.0.0. @apop5 (#315)
Change Details
## Description
Basecore 2023110009.0.0 included the change for consuming panic lib in place of CpuDeadloop.
Replaced CpuDeadloops in MmSupervisorCore with calls to PanicLib.
- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Local CI.
Integration Instructions
N/A - Panic lib was already consumed in module.
- Impacts functionality?
-
Fixing override break due to PiSmmCpuDxeSmm updates. @apop5 (#307)
Change Details
## Description
PiSmmCpuDxeSmm was updated to use Panic library and Panic calls instead of CPU_DEADLOOPs for error conditions.
This changed the generated override validation tag. mu_feature_mm_supv needed updated.The consumption of PanicLib was not introduced at this time. Details can be seen at link below:
microsoft/mu_basecore@bbbff00- Impacts functionality?
- Functionality - Does the change ultimately impact how firmware functions?
- Examples: Add a new library, publish a new PPI, update an algorithm, ...
- Impacts security?
- Security - Does the change have a direct security impact on an application,
flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter
validation improvement, ...
- Security - Does the change have a direct security impact on an application,
- Breaking change?
- Breaking change - Will anyone consuming this change experience a break
in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call
a function in a new library class in a pre-existing module, ...
- Breaking change - Will anyone consuming this change experience a break
- Includes tests?
- Tests - Does the change include any explicit test code?
- Examples: Unit tests, integration tests, robot tests, ...
- Includes documentation?
- Documentation - Does the change contain explicit documentation additions
outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation
on an a separate Web page, ...
- Documentation - Does the change contain explicit documentation additions
How This Was Tested
Local CI, and a mu_tiano_platforms build with newer version.
Integration Instructions
N/A
- Impacts functionality?
Full Changelog: v12.0.0...v12.0.1