Skip to content

patina-v19.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 17 Dec 21:14
· 386 commits to refs/heads/main since this release
patina-v19.0.0
2c6c71d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • patina\_performance: Update the FBPT buffer size from 64KB to 256KB @liqiqiii (#1196)
    Change Details
      ## Description

    patina_performance: Update the FBPT buffer size from 64KB to 256KB
    After updating the perf record struct to improve debuggability, we need to update the record buffer size to make sure we can still log all entries. The new buffer size should be able to log 10000 entries, which should be enough for most platforms.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested with real hardware, before change I can get 3700 entries and there will be 1000 error msgs of Performance: FBPT is full, can't add more performance records !.
    After this change, it will no longer be seen in the UEFI log and I can get 4700 entries correctly.



  • patina\_test: Support multiple event triggers @Javagedes (#1194)
    Change Details
      ## Description

    This commit does two things:

    1. Adds support for multiple event triggers
    2. Improves the ability to test macros by moving the feature flag conditional to a layer above, so we can consistently test the macro functionality, regardless of feature flags set.
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    CI

    Integration Instructions

    patina tests can now be annotated with multiple triggers:

    #[patina_test]
#[on(timer = 1000000)]
#[on(event = patina::guids::EVENT_GROUP_END_OF_DXE)]
fn multi_triggered_test_case() -> Result {
  todo!()
}
      </blockquote>
  <hr>
</details>
  • debug\_image\_info\_table: rework atomics and add tests. @joschock (#1188)
    Change Details
      ## Description

    This change switches the METADATA global static to use RwLock instead of AtomicPtr and adds some comments and tests to the module.

    Closes #1187

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Confirmed Patina debugger operation on x86_64 QEMU. Confirmed that !monitor system_table_ptr and !monitor mod list work as expected.

    Integration Instructions

    N/A



  • patina\_dxe\_core: image.rs: Improve usage of safe abstractions @Javagedes (#1177)
    Change Details
      ## Description

    This pull request updates image.rs to use more rust abstractions over the more low-level / raw pointer usage we were using before. While this pull request will be squashed, each commit is cleanly broken out into it's own change. It is suggested to review this PR commit by commit.

    Commit 1: This commit updates the hii_resource_section to be stored in an Option<Box<[u8]>> created via the CoreMemoryManager and the MemoryManager trait rather than a Option<*mut [u8]>. This allows us to remove multiple fields from PrivateImageData that existed purely to manually free the pages when dropped and simplify the management of this field.

    Commit 2:: This commit updates the loaded image buffer to be stored in a Box<[u8]> created via the CoreMemoryManager and the MemoryManager trait for the same reasons as Commit 1.

    Commit 3: This commit updates the ImageStack struct to be a Box<[u8]> created via the CoreMemoryManager and the MemoryManager trait for the same reasons as Commit 1.

    Commit 4: This commit removes the unnecessary image_info_ptr field, which is just a pointer to the image_info: Box<efi::protocols::loaded_image::Protocol>, field. We instead get the pointer directly from the Box.

    Commit 5: This commit updates the image_device_path_ptr to store an Option<Box<[u8]>> rather than a *mut c_void and cleanly manages the lifetime of this data rather then leaking it. NOTE: This commit has a bugfix to re-insert the private_image_data if we fail to uninstall either the loaded_image or loaded_image_device_path protocols for a reason other than NotFound.

    Commit 6: This commit simply pulls out the exit_data as a new struct so that we can mark Send + Sync on only that field. This is to eventually be able to remove the blanket Send + Sync implementation on the DxeCoreGlobalImageData struct.

    Commit 7: Adds tests

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    All CI passes. Continue to boot to shell on Q35

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • Remove stale markdownlint configuration file @makubacki (#1184)
    Change Details
      ## Description

    This file is no longer needed as the project has moved to using a synced file from patina-devops called .markdownlint.yaml.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all
    • Run markdownlint

    Integration Instructions

    • N/A

  • Minor Fix: Print size of loaded image @vineelko (#1172)
    Change Details
      ## Description
    • Including the image size helps when inspecting memory in the debugger.
    • This is especially useful when loading symbols on demand in lldb.
      --
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    booted q35 to shell

    Integration Instructions

    NA



  • Use a lower minimum expansion size for non-BS Data memory types @makubacki (#1169)
    Change Details
      ## Description

    Replace the MIN_EXPANSION constant with memory-type-specific expansion sizes to optimize memory usage. Boot Services Data allocators now use HIGH_TRAFFIC_ALLOC_MIN_EXPANSION (1MB), runtime memory types use LOW_TRAFFIC_RUNTIME_ALLOC_MIN_EXPANSION (uses runtime granularity), and other types use LOW_TRAFFIC_ALLOC_MIN_EXPANSION (page size / 4KB).

    A few other changes are included to better separate these allocator types:

    1. Do not have UefiAllocator directly depend on SpinLockedFixedSizeBlockAllocator. Instead take the parameter as a generic type to decouple the types.
    2. Add a PageAllocator trait that defines the interface UefiAllocator needs to use an allocator. Have SpinLockedFixedSizeBlockAllocator implement this trait.
    3. Because the SpinLockedFixedSizeBlockAllocator type is no longer fixed (e.g. SpinLockedFixedSizeBlockAllocator<A> vs SpinLockedFixedSizeBlockAllocator<B>), a single static array cannot be used to hold all of the static allocators. This change adds a macro module to hold macros that make iterating across the diverse allocator types more ergonomic.

    A follow up change will be made to simplify overall allocator design and management, tracked in #1174.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all
    • QEMU platform boot to EFI shell

    Integration Instructions

    • N/A

  • Rework memory\_attributes\_table to remove the MEMORY\_ATTRIBUTES\_TABLE static @joschock (#1173)
    Change Details
      ## Description

    Remove MEMORY_ATTRIBUTES_TABLE global static - the pointer in question is stored in the global configuration table. Instead of keeping a duplicate copy, use the entry in the global table.

    • adjust core_install_configuration_table return value to include the old pointer if the table is removed or modified.
    • add get_configuration_table API to return a pointer from the configuration table for the given vendor guid.
    • rework MAT logic to use the config table exclusively.
    • Replace POST_RTB atomic bool with Once and add a TestOnce capability for test support to allow resetting the Once for testing purposes.
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Passes unit tests; booted on AARCH64 HW, checked MAT table as dumped in UEFI logs.

    Integration Instructions

    N/A



⚠️ Breaking Changes

  • Replaced AtomicPtr with Once in boot\_services and runtime\_services @joschock (#1198)
    Change Details
      ## Description

    Replaces the AtomicPtr usage with Once for semantics that better align with intended usages. Also makes the static lifetime requirement on BootServices (which was effectively there when it was being used as a raw pointer) more explicit.

    Closes #1197

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Passes unit testing, confirmed boot to EFI shell in QEMU Q35.

    Integration Instructions

    Construction of StandardBootServices and StandardRuntimeServices will need to supply a static-lifetime reference to the appropriate structure. This should already be the case since most instantiations will be from the global boot services or runtime services pointers from the system table that already have static semantics (i.e. they live for the lifetime of UEFI). For test usages, leaking a Box should suffice.

      </blockquote>
  <hr>
</details>

🐛 Bug Fixes

  • patina\_dxe\_core: image.rs: uninstall hii\_package\_list @Javagedes (#1180)
    Change Details
      ## Description

    Updates the unload_image logic to uninstall the hii_package_list to match C DXE Core logic.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Boots to Shell on Q35

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

🔐 Security Impacting

  • image: do not finish loading image if platform policy prevents it. @Javagedes (#1191)
    Change Details
      ## Description

    In the EDKII implementation of the DXE Core, load_image will only continue loading an image when authentication fails if the error is a EFI_SECURITY_VIOLATION error. Any other error (and specifically EFI_ACCESS_DENIED) will immediately abort without actually loading the image.

    The Patina DXE Core loads the image regardless of the result of the authentication, and only reports the result to the caller after the load has completed. This appears to be a security risk because even though the handle is returned as null, the protocols are still loaded and accessible. A call to LocateHandleBuffer could get you the handle and then a StartImage could start it.

    This commit stops the loading of an image if authentication returns any error other then EFI_SECURITY_VIOLATION.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    CI, Boot to shell.

    Integration Instructions

    N/A



📖 Documentation Updates

  • Docs: Add Resource Descriptor Hob additional guidance @apop5 (#1059)
    Change Details
      ## Description

    Add additional guidance for resource descriptor hob creation.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Markdown lint locally

    Integration Instructions

    No integration necessary.



  • patina\_smbios: update platform integration documentation @kat-perez (#1182)
    Change Details
      ## Description

    Updates the instructions in the patina_smbios crate README for platform integration. Closes #1178

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • Docs: Fix incorrect link in core reload documentation @cfernald (#1193)
    Change Details
      ## Description

    The initial commit inverted the link brackets, leading to a broken link.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

Full Changelog: patina-v18.1.0...v19.0.0

Contributors

cfernald, makubacki, and 6 other contributors
Assets 2
Loading