patina-v6.2.0
What's Changed
-
patina\_section\_extractor: Add LZMA decompression support @kouchekiniad (#693)
Change Details
## Description
This change adds LZMA decompression support to the composite section extractor using patina_lzma_rs.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Successfully decompressed LZMA-compressed firmware volumes on x64 physical platform.
Integration Instructions
N/A
-
Create patina\_sdk Signature macro. @apop5 (#687)
Change Details
## Description Add rust macro uefi_signature which can be used to create a u16, u32 or u64 signature, similar to SIGNATURE_16, SIGNATURE_32 or SIGNATURE_64.
Ensure endianness of created signature.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Unit tests to verify endianness and that created signatures match
expectations.Integration Instructions
No integration necessary.
-
systemtables: Checksum on specific protocol install @Javagedes (#690)
Change Details
## Description
Adds a core component that registers an event that will re-checksum
the system tables when specific protocols (that would normally replace
functions in the system tables) are installed.This fixes two SCT failures that were caused by the boot services
table and runtime services table having invalid checksums as we were
only performing a checksum on the tables before patina components or
UEFI spec compliant components were executed.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
-
[REBASE\&FF] Resolve all Failing Boot Services SCTs @Javagedes (#689)
Change Details
## Description
This pull request resolves ~160 SCTs in the BootServices test suite. The errors are related to two core parts of patina as discussed in the commit comment.
- Marking efi::UNUSABLE_MEMORY as an invalid memory type for allocations, which goes against specification
- Returning incorrect status codes during close_protocol: 1. returning EFI_UNSUPPORTED when the protocol instance could not be found (expected: EFI_NOT_FOUND). Returning EFI_SUCCESS when the protocol instance was found, but no matching usage was found (expected: EFI_NOT_FOUND).
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
SCTs now pass and all CI tests still succeed.
Integration Instructions
N/A
-
dxe\_services: add unit tests @kat-perez (#682)
Change Details
## Description
Increases unit test coverage for dxe_services to 90.42% and closes #639.
Add unit tests for:
- set_memory_space_attributes
- get_memory_space_map
- get_io_space_map
- set_memory_space_capabilities
- add_io_space
- allocate_io_space
- free_io_space
- remove_io_space
- dispatch
- schedule
- trust
- process_firmware_volume
Additional fixes:
-
Increase test memory allocation from 2MB to 4MB to prevent expansion failures
-
Fix event notification test TPL initialization
-
Improve memory attributes table validation to handle platform-specific GCD state
-
Enhance set_memory_space_attributes error handling for paging vs GCD readiness
-
Impacts functionality?
-
Impacts security?
-
Breaking change?
-
Includes tests?
-
Includes documentation?
How This Was Tested
cargo make coverageIntegration Instructions
N/A
-
Add MaxAddress capability to memory manager @berlin-with0ut-return (#688)
Change Details
## Description Add the ability to allocate with a maximum address for the memory manager.
The immediate use case of this is to unblock ACPI component development, although it may be useful for other memory-restricted operations.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Added a new allocation as part of
memory_manager_allocations_test. Allocates and boots with no issues.Integration Instructions
N/A.
-
[REBASE \& FF] Move Code Coverage to cargo-llvm-cov @os-d (#685)
Change Details
## Description
Cargo.toml: Reduce Optimizations in Test Profile
This commit adds some recommended settings to disable compiler optimizations when running tests. This is a needed step to increase accuracy of code coverage.
Move To Coverage Attribute To Ignore Code in Coverage Report
Rust is in the process of stabilizing a new attribute to prevent code from being part of the coverage calculation: rust-lang/rust#84605
This commit removes the tarpaulin specific cfg attrs and moves to the standard one. This also sets up switching from tarpauling to cargo-llvm-cov which supports the standard coverage attr.
Move to cargo-llvm-cov for Code Coverage
Per RFC 0013, move to cargo-llvm-cov for code coverage. This drops cargo-tarpaulin from docs, required installation, and cargo make coverage. From a developer perspective, the only thing needed is to install cargo-llvm-cov; coverage is still run using cargo make coverage.
Remove Code Coverage From Tests
This commit adds the coverage(off) attribute to all mod test(s) in the codebase as cargo-llvm-cov does not natively ignore test coverage for unit tests.
Closes #663 (other repos will also be done in parallel).
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Running cargo make coverage and cargo make coverage-fail
Integration Instructions
This is not a breaking change for integration, however it does require developers to install cargo-llvm-cov in order to run coverage:
cargo install cargo-llvm-cov --version "0.6.18"</blockquote> <hr> </details>
-
[REBASE \& FF] Implement a memory poke test for debugger @cfernald (#672)
Change Details
## Description
The debugger will attempt to check the page tables to determine if memory is safe to access, but this is not 100% affective as memory will often be mapped that is not actually real or accessible. This can happen in the inherited page tables or for MMIO regions that may not be present.
The poke test is an architecture specific function that will set a marker and touch the memory. During the exception entry if the marker is set then it can be concluded that the memory is bad and we can jump past the faulting instruction and return. This prevents nested faults when actually accessing the memory.
CLOSES #655
Interrupt handler fix
This change exposed a bug in the x64 interrupt handling, where the previously the implementation incorrectly tried to preserve the exception code on the stack for interrupt vectors that originally pushed the code. The SDM details in volume 3 section 6.13 that "Note that the error code is not popped when the IRET instruction is executed to return from an exception handler, so the handler must remove the error code before executing a return"
This changes the hint to be simply for alignment and always pops the exception code whether it is real or not.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Q35
- SBSA
- Physical x64 device
Integration Instructions
N/A
-
chore: Release 6.1.0 @cfernald (#686)
Change Details
## Description
Update crate version
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
🐛 Bug Fixes
-
image: bugfix unload\_image @Javagedes (#694)
Change Details
## Description
Resolves a use-after-free error that originates in unload image. The
unload_image attempt to uninstall the image's loaded image protocol was
fallable due to not calling disconnect_controller first. In this
scenario, the loaded image protocol was not uninstalled, but the
protocol itself was freed, leading to a use-after-free error.This resolves ~10K individual test failures, however it also reduces greatly reduces the amount of tests executed. This is because this test suite is run in two parts. The first part loads over 2500 images in different ways, then unloads them. The second half of the suite then runs validation tests on all of the loaded_image protocols. Due to the bug mentioned above, the 2500 images never had their loaded_image protocols removed (but they were de-allocated), so the test suite was running the test on each of the 2500 deallocated loaded_image protocols.
With this fix, the test suite now only runs on the ~200 images associated with the platform, and all 200 tests now pass.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
SCTs pass, unit tests pass
Integration Instructions
N/A
📖 Documentation Updates
-
mdbook: Add developer pages for debugging @cfernald (#691)
Change Details
## Description
Adds developer pages detailing setting up the debugger and using windbg.
CLOSES: #662
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
Full Changelog: patina-v6.1.0...v6.2.0
