Skip to content

patina-v9.0.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 01 Oct 01:23
· 726 commits to refs/heads/main since this release
patina-v9.0.0
e3ce21f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Handle potentially unaligned pointers from FFI @joschock (#786)
    Change Details
      ## Description

    The UEFI spec does not clearly require that pointers passed to UEFI spec APIs (like AllocatePages) must be aligned.
    This pull request changes various FFI routines to assume that raw pointers passed to them may not be aligned.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Unit tests pass. On systems passing unaligned pointers to core routines, no longer observe crashes. Note: this doesn't constitute broad coverage of these changes; this was only observed with a subset of the routines in the real world.

    Integration Instructions

    N/A



  • Increase stack space for AARCH64 synchronous exceptions. @joschock (#777)
    Change Details
      ## Description

    The current implementation for the aarch64 exception handler reserves 8K of stack for exceptions where the stack pointer may have been corrupted at the time of exception. In practice (especially when optimizations are disabled) this is not enough for all use cases, in particular when the debugger is active.

    This PR increases the space for the alternate stack to 64K.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Fixes debugger behavior on aarch64 platform used for test.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • chore: Release v8.3.0 @os-d (#776)
    Change Details
      ## Description

    Release v8.3.0 was made.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A.

    Integration Instructions

    See release notes.



⚠️ Breaking Changes

  • patina\_dxe\_core: Switch to use external RuntimeDxe implementation @cfernald (#769)
    Change Details
      ## Description

    The current core implements SetVirtualAddressMap within the core itself and does not properly fill the runtime protocol. This means that when the OS calls back into SetVirtualAddressMap, they are invoking code that is executing in boot services memory and will often leverage boot service memory allocated structures. This can cause problems as there is no requirement that this memory is still valid and mapped at the point where SetVirtualAddressMap was called.

    This commit changes the runtime module to instead of exposing runtime functions, to populate the runtime protocol produced by the RuntimeDxe module to provide the event, and image data are available at runtime. The expectation is now that there will be a separate module that will implement the core runtime routines. For now, this will mean that consumers will need to add the traditional RuntimeDxe driver or similar to handle this logic.

    This commit intentionally does not populate the memory map fields of the runtime protocol as they are currently unused. This may change in the future if other implementations are introduced.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Q35 (MSVC)
    • Q35 (GCC)
    • SBSA (GCC)
    • AArch64 platform
    • Intel Platform

    Integration Instructions

    Consumers must introduce a traditional RuntimeDxe driver.



🚀 Features & ✨ Enhancements

  • patina\_dxe\_core: Switch to use external RuntimeDxe implementation @cfernald (#769)
    Change Details
      ## Description

    The current core implements SetVirtualAddressMap within the core itself and does not properly fill the runtime protocol. This means that when the OS calls back into SetVirtualAddressMap, they are invoking code that is executing in boot services memory and will often leverage boot service memory allocated structures. This can cause problems as there is no requirement that this memory is still valid and mapped at the point where SetVirtualAddressMap was called.

    This commit changes the runtime module to instead of exposing runtime functions, to populate the runtime protocol produced by the RuntimeDxe module to provide the event, and image data are available at runtime. The expectation is now that there will be a separate module that will implement the core runtime routines. For now, this will mean that consumers will need to add the traditional RuntimeDxe driver or similar to handle this logic.

    This commit intentionally does not populate the memory map fields of the runtime protocol as they are currently unused. This may change in the future if other implementations are introduced.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Q35 (MSVC)
    • Q35 (GCC)
    • SBSA (GCC)
    • AArch64 platform
    • Intel Platform

    Integration Instructions

    Consumers must introduce a traditional RuntimeDxe driver.



🐛 Bug Fixes

  • patina\_dxe\_core: Switch to use external RuntimeDxe implementation @cfernald (#769)
    Change Details
      ## Description

    The current core implements SetVirtualAddressMap within the core itself and does not properly fill the runtime protocol. This means that when the OS calls back into SetVirtualAddressMap, they are invoking code that is executing in boot services memory and will often leverage boot service memory allocated structures. This can cause problems as there is no requirement that this memory is still valid and mapped at the point where SetVirtualAddressMap was called.

    This commit changes the runtime module to instead of exposing runtime functions, to populate the runtime protocol produced by the RuntimeDxe module to provide the event, and image data are available at runtime. The expectation is now that there will be a separate module that will implement the core runtime routines. For now, this will mean that consumers will need to add the traditional RuntimeDxe driver or similar to handle this logic.

    This commit intentionally does not populate the memory map fields of the runtime protocol as they are currently unused. This may change in the future if other implementations are introduced.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Q35 (MSVC)
    • Q35 (GCC)
    • SBSA (GCC)
    • AArch64 platform
    • Intel Platform

    Integration Instructions

    Consumers must introduce a traditional RuntimeDxe driver.



  • decompress: Bugfixes for SCT compliance @Javagedes (#785)
    Change Details
      ## Description

    This commit provides three bugfixes to the UEFI decompression logic to be compliant with the decompress SCT tests:

    1. return with EFI_SUCCESS if the decompressed size is zero.
    2. Bugfix bitwise OR to logical OR when checking for integer overflow in get_info.
    3. decompress using UefiDecompression algorithm instead of the TianoDecompression algorithm.
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    decompress SCTs now pass

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

📖 Documentation Updates

  • docs/rust\_tools: Add Patina tool overview @makubacki (#792)
    Change Details
      ## Description

    Adds a document to the Patina background section to explain the various tools used in Patina and why they are used. To help readers better relate these tools to what is commonly used in C firmware development, some comparisons are made throughout the document.

    The goal of this document is to explain key tools used in Patina, the unifying interface behind the commands using cargo, and how these align under a single Patina tool philosophy.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all
    • Local markdown lint check

    Integration Instructions

    • N/A

  • SUMMARY.md: Add UEFI Memory Safety Case Studies reference @makubacki (#789)
    Change Details
      ## Description

    Reference the recent UEFI memory safety docs in the summary file.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all

    Integration Instructions

    • N/A

  • Remove outdated `with_section_extractor` documentation @Javagedes (#778)
    Change Details
      ## Description

    with_section_extractor method in the Core was replaced with with_service in 97680e5. When this happened, all documentation was also updated, however the single section being updated in this commit was missed.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A



Full Changelog: patina-v8.3.0...v9.0.0

Contributors

cfernald, makubacki, and 3 other contributors
Assets 2
Loading