What's Changed

Add cargo-vet [Rebase \& FF] @makubacki (#314)
Change Details
## Description
Closes #28

Adds a new tool - cargo-vet which will check crate dependencies against
first party and third-party security audits.

Add initial cargo vet files

Adds support for a new tool to the dev worfkflow cargo vet:
https://mozilla.github.io/cargo-vet

This is used to verify crate dependencies against either our own
audits or those traceable and provided by external organizations.

Prune exemptions from external project audits

Imports audits from the following projects to remove exemptions from
trusted audit organizations:
- EmbarkStudios (tool creator):
  - https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml
- Google:
  - https://raw.githubusercontent.com/google/supply-chain/main/audits.toml
- Mozilla:
  - https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml
- OpenDevicePartnership
  - https://raw.githubusercontent.com/OpenDevicePartnership/rust-crate-audits/main/audits.toml
The exemptions were then updates with cargo vet prune to
automatically remove exemptions now trusted.

Add trusted publishers and prune exemptions

To reduce audit list to meaningful entries, some crate publishers
trusted by trusted organizations are added.

The crates published by these publishers have been pruned.

Add cargo vet to Makefile.toml and CI
- Adds cargo vet as a CI check
- Adds a vet task to the makefile to run cargo vet with
  cargo make vet and as part of cargo make all.
supply-chain: Regenerate cargo vet exemptions for latest

Cargo vet generates exemptions by default when it is initialized
in a repository. Cargo vet was initialized months ago in Patina.

To track exemptions on a clean slate moving forward, this change
regenerates the exemptions to get clean cargo-vet output.

Committing changes from cargo vet regenerate exemptions.

cargo make vet output after this commit:
```
Vetting Succeeded
(123 fully audited, 4 partially audited, 126 exempted)
```
docs/rust_tool: Add cargo-vet

Adds cargo-vet to the Patina Rust tool overview.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make vet
Integration Instructions
- N/A

Makefile.tom: Add `cspell` to `all` @makubacki (#827)
Change Details
## Description
Include spell checking as part of the all task.

The CI workflow uses streetsidesoftware/cspell-action. This will run spell check again in the CI workflow in cargo make all, but I don't think that's a big deal. This catches spelling errors locally to better reflect all CI testing.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make all
Integration Instructions
- N/A

chore: Release v11.1.1 @makubacki (#828)
Change Details
## Description
Update version for the 11.1.1 release.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

N/A

Integration Instructions

N/A

🚀 Features & ✨ Enhancements

Signal events in reverse order of creation @joschock (#838)
Change Details
## Description
Presently Patina signals events in order of creation (assuming that they are signaled at the same time with the same notify TPL). However, the traditional EDK2 core signals events in reverse order of creation (i.e. the most recently created events are signaled before older events). This PR changes the signaling order to match EDK2 behavior.

The UEFI spec does not specify what order events should be signaled if they are signaled at the same time and have the same notify TPL, but this aligns Patina with existing implementations for maximum compatibility.

This PR also adds a test to verify the ordering.

This PR also contains a minor refactor of the Ord::cmp implementation for TaggedEventNotification. This does not functionally change the comparison order, but cleans up the style to avoid redundant comparisons.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

Existing and new unit tests pass, verified on platform hardware that ordering of platform event signaling now matches EDK2 core.

Integration Instructions

N/A

🐛 Bug Fixes

.github/action.yml: Fix cache key expansion @makubacki (#839)
Change Details
## Description
The cache key is getting truncated due to double template expansion, so it looks like this in an action log:
```
Run actions/cache@v4
  with:
    path: ~/.cargo/bin/
  ~/.rustup/toolchains/

    key: Linux-rust-tools-
    enableCrossOsArchive: false
    fail-on-cache-miss: false
    lookup-only: false
```
This causes the cache to get hit when it shouldn't. In this case, causing a change in rust-toolchain.toml to get missed in the file hash calculation.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Tested the workflow on a fork and saw the cache key is resolved as expected (e.g. "Linux-rust-tools-64374eb3836192205d8b657e5f0a81999d29c54659eb9b2a59ac29c0ab8f9d44").
Integration Instructions
- N/A

patina\_dxe\_core: Use global lock for runtime tests @cfernald (#834)
Change Details
## Description
The runtime tests use a static runtime allocator which in turn uses a TPL lock. This can cause panics if the locks run at in parallel and try to acquire the TPL lock at the same time.

Closes: #816
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

cargo make test

Integration Instructions

N/A

Makefile.toml: Add `patina-test` task @makubacki (#829)
Change Details
## Description
Right now, cargo make test does not support common test arguments
like -p:
```
  error: invalid character `;` in package name: `;patina`, the first
  character must be a Unicode XID start character (most letters or `_`)

  Error while executing command, exit code: 101
```
It is useful to only against test in a given package during
development. This change proposes cargo make test behaving similar
to cargo test so users don't have to know when to switch between
the two and can use cargo make as their common command root.

Now something like this works:

cargo make test -p patina_mm -- --nocapture

In the course of changing the test command, this is also fixed:

enable_patina_tests is a feature that is used to build test code
to execute on platforms. It can be thought of conceptually like
UEFI application testing on a given platform. It is not related
to unit testing on a host machine.

This change removes the feature from the test command entirely
and builds code with that feature under its own patina-test
task using the underlying build command.

Also, not all crates support enable_patina_tests. Previously,
you'd run into errors like this even if individual crates were
supported in the test command if the crate didn't support the
feature:
```
error: the package 'patina_adv_logger' does not contain this feature:
enable_patina_tests
```
That feature can be enabled against all workspace:
```
cargo make patina-test
```
The all task now includes both test (for host-based tests) and
patina-tests (for building the on-platform tests).

patina-test can be run against an individual package that supports
the feature. For example:
```
cargo make patina-test -p patina_macro
```
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make test
- cargo make test -p patina_mm
- cargo make test -p patina_mm -- --nocapture
- cargo make patina-test
- cargo make patina-test -p patina_macro
- cargo make all
Integration Instructions
- No integration needed. But developers should review how each test command is used.

🔐 Security Impacting

patina\_mm: Improve API, validation, and logging [Rebase \& FF] @makubacki (#820)
Change Details
## Description
Series of commits to make general improves to patina_mm.

Note: I'm going to move patina_mm to use Patina GUIDs in a future change, but that's not here.

patina_mm: Enhance CommunicateBuffer memory safety and API

Add some improvements to the CommunicateBuffer API.

Memory Safety:
- Improve validation in from_raw_parts
- Add page alignment checks and address overflow validation
- Add new from_firmware_region method with additional checks
  for using a comm buffer with a given address and size
- Replace panics with Result return types
API Improvements:
- Make EfiMmCommunicateHeader fields private with safe accessors
- Add Copy trait to EfiMmCommunicateHeader
- Add a constructor
- Add compile-time constants for the comm recipient GUID and message
  length
Buffer Management:
- Add validate_capacity method for upfront validation
  - Use in set_message()
- Make internal buffer access methods private
- Add zero-initialization for new buffers
Error Handling:
- Add more error types to CommunicateBufferStatus to better
  identify specific error cases
- Add additional validation for some operations
Testing:
- Update all tests to use the Result-based APIs
- Include page-aligned buffer testing and test alignment
patina_mm: Add Display trait for MmCommunicationConfiguration

Implement the Display trait for MmCommunicationConfiguration so
MM Communication Configuration structures are easier to read.

patina_mm: Add MmiPort and AcpiBase display traits

Adds a Display implementation for:
- MmiPort
- AcpiBase
With simple unit tests to check formatting.

patina_mm: Add targeted logging to MM communication flow

Adds a mm_comm log target to MM communication related flows to be
able to trace communicate behavior in more detail.

patina_mm: Add targeted logging to SW MMI management

Adds detailed logging message to sw_mmi_manager under the sw_mmi
log target. These can be used to trace the SW MMI flow.

patina_mm: Improve CommunicateBuffer state management

Adds private state tracking to CommunicateBuffer so the comm buffer
in memory can be regularly audited during API operations against the
internal private data.
- Adds private_recipient and private_message_length fields for
  independent state verification. Allows consistency to be verified
  between in-memory structures and API state
- Updated get_message() return type to allow better error handling
  (return Result instead of just a Vec<u8>)
- Add more logging through the 'mm_comm' target
- Improved set_message_info() and set_message() validation and
  added consistency checking to their implementation
- Updated the MmCommunicator service to better handle get_message()
  responses with a new Status::InvalidResponse error
patina_mm: Add comm buffer state verification

Adds a new method to CommunicateBuffer called verify_state_consistency
that actually does the verification of internal state against the comm
buffer.

Update some operations like set_message_info(), set_message(),
get_message(), get_header_guid(), and get_messgage_length()
to verify state consistency when they're called.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make all
- Q35 boot with MM Communicate service
Integration Instructions
- Review the changes to the API to understand what has changed. Not marked as breaking as this does not require platforms using Patina to make any changes.

📖 Documentation Updates

Miscellaneous link fixes @Javagedes (#837)
Change Details
## Description
Resolves currently broken links and removes a few stale admonishments
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

CI

Integration Instructions

N/A

Remove "Configuration in Code" Best practices page @Javagedes (#836)
Change Details
## Description
Remove the "Configuration in Code" best practices page as it is outdated with the new (since written) configuration system for patina components. The page being removed refers to what is now considered "private configuration" (configuration specific to a component instance).

Documentation regarding public (shared) configuration and private configuration is located in the Patina Component Model.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

CI

Integration Instructions

N/A

Update mdbook landing page to be clear and concise @Javagedes (#833)

Change Details

## Description
The landing page is updated to provide a welcome page and minimal information regarding what "Patina" is, and it's goals. It then links across other pages in this book to provide more detailed information on the different topics this book covers.

It also relocates the RFC Lifecycle and rust language information to other parts of the book, as to not clutter the landing page. Some additional information was added to the RFC Lifecycle page - regarding when to use, and when not to use the RFC process. Specifically, this section:
Typically, small to medium changes such as bugfixes, existing implementation improvements, and documentation are handled
via pull requests. Depending on the size they may also have an associated github issue or discussion. These are
expected to be simple changes without much controversy.

The RFC processes come into play when a particular change become large, introduce new features, or breaks existing
interfaces. In these scenarios, the developer is expected to follow the RFC process outlined below to ensure not only
proper involvement from maintainers, but also from the community as a whole. The goal is to reach a community consensus
before introducing large changes as described above.

As a developer, you should use your best judgement to determine if an RFC is required or not. Maintainers have the right
to ask that an RFC based on a submitted pull-request, or request an RFC be converted directly to a pull-request,
depending on the proposal.
Ref: New landing page

Impacts functionality?

Impacts security?

Breaking change?

Includes tests?

Includes documentation?

How This Was Tested

CI, review of the mdbook

Integration Instructions

N/A

docs: Refactor platform integration docs @makubacki (#830)
Change Details
## Description
This is part 3 of 3 of a recent set of changes to documentation to provide a broader perspective on Patina practices.

The other two for reference:
1. #757
2. #792
This PR focuses on platform integration. Originally, this was going to add a new document to the background directory, but quite a bit of documentation for platform integration already existed outside of the directory. Therefore, this task became bringing focus to that documentation, updating it and remocing stale concepts/content, and elaborating on some details to provide further context. In particular, how platform integration is impacted today in an EDK II workspace integrating the Patina DXE Core.

Restructures and updates platform integration content to remove stale content and focus platform integration information. Platform details are consolidated into a single document.

Removes:
- concepts.md - Covered concepts like LibraryClasses, PCD, and other concepts that are not necessary to cover for Patina platform integration some minor references to these concepts are included an "EDK II" of the single document for those coming from EDK II.
- integrate/compile_external.md - Was a compilation guide for building Patina in its own repo. This is the only supported model now. A separate document is not needed.
- integrate/compile_local.md - Removed as this approach is now deprecated.
- integrate/platform_external.md - Any relevant content was moved into the unified document.
In integrate/dxe_core.md:
- Unified platform integration workflow from workspace setup to firmware integration
- Expanded coverage of:
  - Dependency selection and minimal entry details
  - Core initialization and component registration procedures
  - Logging and debugging facility configuration
  - Platform-specific service and component integration guidance
  - Build and feature options with UEFI target compilation details
  - EDK II integration process for replacing C DXE Core with Patina binary
This is meant to make it easier to find platform integration in a less fragmented way, so it is easier to maintain and read.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make all
- Markdown lint
Integration Instructions
- N/A

docs: Update debugging documentation references @cfernald (#832)
Change Details
## Description
Updates all of the out-of-date references to the debug tools that were moved from mu_feature_debugger to uefi_debug_tools.

Additionally fixes and clarifies other points in the debuging documentation.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested

N/A

Integration Instructions

N/A

patina\_mm: Improve API, validation, and logging [Rebase \& FF] @makubacki (#820)
Change Details
## Description
Series of commits to make general improves to patina_mm.

Note: I'm going to move patina_mm to use Patina GUIDs in a future change, but that's not here.

patina_mm: Enhance CommunicateBuffer memory safety and API

Add some improvements to the CommunicateBuffer API.

Memory Safety:
- Improve validation in from_raw_parts
- Add page alignment checks and address overflow validation
- Add new from_firmware_region method with additional checks
  for using a comm buffer with a given address and size
- Replace panics with Result return types
API Improvements:
- Make EfiMmCommunicateHeader fields private with safe accessors
- Add Copy trait to EfiMmCommunicateHeader
- Add a constructor
- Add compile-time constants for the comm recipient GUID and message
  length
Buffer Management:
- Add validate_capacity method for upfront validation
  - Use in set_message()
- Make internal buffer access methods private
- Add zero-initialization for new buffers
Error Handling:
- Add more error types to CommunicateBufferStatus to better
  identify specific error cases
- Add additional validation for some operations
Testing:
- Update all tests to use the Result-based APIs
- Include page-aligned buffer testing and test alignment
patina_mm: Add Display trait for MmCommunicationConfiguration

Implement the Display trait for MmCommunicationConfiguration so
MM Communication Configuration structures are easier to read.

patina_mm: Add MmiPort and AcpiBase display traits

Adds a Display implementation for:
- MmiPort
- AcpiBase
With simple unit tests to check formatting.

patina_mm: Add targeted logging to MM communication flow

Adds a mm_comm log target to MM communication related flows to be
able to trace communicate behavior in more detail.

patina_mm: Add targeted logging to SW MMI management

Adds detailed logging message to sw_mmi_manager under the sw_mmi
log target. These can be used to trace the SW MMI flow.

patina_mm: Improve CommunicateBuffer state management

Adds private state tracking to CommunicateBuffer so the comm buffer
in memory can be regularly audited during API operations against the
internal private data.
- Adds private_recipient and private_message_length fields for
  independent state verification. Allows consistency to be verified
  between in-memory structures and API state
- Updated get_message() return type to allow better error handling
  (return Result instead of just a Vec<u8>)
- Add more logging through the 'mm_comm' target
- Improved set_message_info() and set_message() validation and
  added consistency checking to their implementation
- Updated the MmCommunicator service to better handle get_message()
  responses with a new Status::InvalidResponse error
patina_mm: Add comm buffer state verification

Adds a new method to CommunicateBuffer called verify_state_consistency
that actually does the verification of internal state against the comm
buffer.

Update some operations like set_message_info(), set_message(),
get_message(), get_header_guid(), and get_messgage_length()
to verify state consistency when they're called.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- cargo make all
- Q35 boot with MM Communicate service
Integration Instructions
- Review the changes to the API to understand what has changed. Not marked as breaking as this does not require platforms using Patina to make any changes.

Full Changelog: patina-v11.1.1...v11.2.0

patina-v11.2.0

What's Changed

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🚀 Features & ✨ Enhancements

How This Was Tested

Integration Instructions

🐛 Bug Fixes

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

🔐 Security Impacting

How This Was Tested

Integration Instructions

📖 Documentation Updates

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

How This Was Tested

Integration Instructions

Contributors

Uh oh!