Skip to content

v9.2.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Apr 20:12
· 1256 commits to refs/heads/main since this release
v9.2.0
8901a7e

What's Changed

  • Add explicit check for image section alignment @kouchekiniad (#352)
    Change Details
      ## Description

    This change adds an explicit check to ensure that loaded images have a section alignment that is a multiple of one page. Without this explicit check any attempt to load an image with a section alignment that is not a multiple of one page will panic in spin_locked_gcd.rs due to an unaligned call to SetMemoryAttributes() with no indication the error stems from bad section alignment. Note that section aligned pages are a Patina requirement, as well as a requirement for the Microsoft 3rd Party UEFI Certificate Authority memory migration.

    • Impacts functionality?
      This change impacts the functionality of release builds. As of now, attempts to load an image with bad section alignment will result in the image being loaded without memory capabilities and attributes being appropriately set, which could lead to errors down the line. With this change, a load error is explicitly returned.

    • Impacts security?

    • Breaking change?

    • Includes tests?

    • Includes documentation?

    How This Was Tested

    Booted images with page-aligned sections and non-page-aligned sections, ensuring that the check only indicates errors for images with bad section alignment.

    Integration Instructions

    N/A



  • add events unit tests @kat-perez (#341)
    Change Details
      ## Description

    Add unit tests for create_event, close_event, signal_event, and set_timer functions in events module

    Fixes #252 (updates coverage to 50%)

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Run cargo make coverage

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • Add repo contribution and compliance files @makubacki (#335)
    Change Details
      ## Description

    Closes #74

    Adds the following files to define code of conduct, the contribution process, and security vulnerability process within ODP.

    CONTRIBUTING.md is slightly modified for UEFI contributors.

    Relicensing code under "MIT" is a todo but expected to occur, so that license is left in the file.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all

    Integration Instructions

    • N/A

  • Rename markdownlint file @makubacki (#329)
    Change Details
      ## Description

    Update the file name to match the expected default name by the DavidAnson.vscode-markdownlint VS Code plugin so the rules are applied automatically.

    Rules can be enabled, disabled, and customized by creating a
    JSON file named .markdownlint.jsonc/.markdownlint.json or a YAML
    file named .markdownlint.yaml/.markdownlint.yml or a JavaScript
    file named .markdownlint.cjs in any directory of a project.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Use markdownlint plugin locally without further configuration.

    Integration Instructions

    Rename markdownlint.yml to .markdownlint.yml.



  • Add SMM Perf Records @magravel (#284)
    Change Details
      ## Description

    Add smm performance record to the FPDT in an event running at ready to boot.

    Some abstraction for communication protocol has been added here. Will get move eventually to a common place when we will be satisfied with those.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Tested in QEMU
      Add some random perf measurements in smm to be able to validate that we can parse them in dxe core

    • Tested on real hardware
      Can boot to windows.

    Integration Instructions

    N/A

    Note:

    Some comments are in this pr: #271

      </blockquote>
  <hr>
</details>
  • add timer tick test @kat-perez (#327)
    Change Details
      ## Description

    Adds a basic timer tick unit test to events.rs and increases unit test coverage for the events.rs 19%

    Fixes #252

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    cargo make coverage

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • [REBASE\&FF] Update project configurations @Javagedes (#318)
    Change Details
      ## Description

    Applies the two project configuration changes:

    1. Consider rust MSV for the crate when doing dependency resolution.
    2. Tell Cargo Make not to auto install cargo tools.
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A



  • chore: Release v9.1.1 @os-d (#317)
    Change Details
      ## Description

    Release v9.1.1.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A.

    Integration Instructions

    Follow release notes.

      </blockquote>
  <hr>
</details>

🐛 Bug Fixes

  • interface.md: Fix code examples @makubacki (#328)
    Change Details
      ## Description

    Update the code examples so the code is valid for compilation.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Temporarily add .md file to tests

    Integration Instructions

    • N/A

🔐 Security Impacting

  • [REBASE \& FF] Add Compatibility Mode @os-d (#338)
    Change Details
      ## Description

    This PR adds the following commits (note that memory protections and compatibility mode documentation is actively being written):

    Remove ensure_capacity Allocator API

    This API is unused and was added to support the paging crate, but it ended up never being needed.

    The functionality is removed in this commit.

    Move Memory Protection Enforcement to GCD Layer

    Part of memory protection management (specifically setting RP on free memory and XP on newly allocated memory) was occurring in the memory block layer instead of the GCD layer. This was inappropriate coupling of the memory protection feature to a more generic layer and caused the feature to unnecessarily and complexly span layers. This was necessary at the time because of a different design, but is no longer required.

    This commit moves the memory protections to the GCD layer and out of the memory block layer.

    Allocate Initial Memory Blocks with Page Granularity

    The memory block initialization code was not setting UEFI_PAGE_SHIFT as the required align when calling allocate_memory_space, which could cause it be non-page aligned, which would be fatal. This was unlikely because the PHIT HOB should pass in a page aligned base address, but the memory block code should ensure this.

    This commit also updates some tests to use UEFI_PAGE_SHIFT.

    Move MAT Publishing Out of Page Change Callback

    The page change callback hosts the MAT publication code. However, when booting Linux, this causes a locking issue because where the callback is invoked from.

    This commits moves the MAT publishing logic out of the locked code to avoid this.

    Print EBS Success Message

    Add a simple info message identifying that EBS succeeded. This is helpful to tell if an OS hangs that EBS succeeded and was not the failure.

    Track NX_COMPAT in pe_info Struct

    This commits adds setting the NX compat bit in the pe_info struct based on the PE/COFF DLL Characteristic. This is used to determine whether to enter compatibility mode.

    Add get_memory_ranges_for_memory_type API to Allocator

    This commit adds an API to the allocator to return a Vec of the ranges owned by the allocator for a given memory type.

    The primary use case of this API is for compatibility mode to find all the memory ranges owned by the EFI loader code and data allocators and set them to RWX.

    Add Compatibility Mode Support

    This patch adds compatibility mode (to be documented soon). This adds a build flag (disabled by default) to enable compatibility mode when launching EFI_APPLICATIONS without the NX_COMPAT flag. The primary use case for this is to launch shim/grub which do not work with memory protections.

    When compatibility mode is enabled the following occurs:

    • The loaded image that triggered the mode has its memory set to RWX

    • All newly allocated memory is allocated RWX

    • All existing EFI loader code and data memory is marked RWX

    • The memory attributes protocol is uninstalled

    • The range 0 - 0xA000 is set to RWX if it is system memory

    • Impacts functionality?

    • Impacts security?

    • Breaking change?

    • Includes tests?

    • Includes documentation?

    How This Was Tested

    Tested by booting Windows and Linux on Q35/SBSA.

    Integration Instructions

    Platforms must include the compatibility_mode_allowed feature in their Cargo.toml to enable compatibility mode.

      </blockquote>
  <hr>
</details>

📖 Documentation Updates

  • Move to PR based RFC process @makubacki (#345)
    Change Details
      ## Description

    Pull requests allow phases of the PR to be tracked more clearly and provide features like threaded conversations in GitHub that make tracking individual conversation topics easier.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all

    Integration Instructions

    • N/A

  • docs: Add RFC template @makubacki (#339)
    Change Details
      ## Description

    Add a template for new design & feature proposals.

    Instructions for usage are in introduction.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all

    Integration Instructions

    • N/A

  • Add Code Organization doc @makubacki (#334)
    Change Details
      ## Description

    Closes #15

    The Rust DXE Core is a complex system with many constituent parts. This document describes the organization of the overall codebase, including the key dependencies that are shared between the Rust DXE Core and other components. The goal is to provide a high-level overview of these relationships.

    This is meant to be a living document, and as the code base evolves, this document should be updated to reflect the current state.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • cargo make all

    Integration Instructions

    • N/A

  • interface.md: Fix code examples @makubacki (#328)
    Change Details
      ## Description

    Update the code examples so the code is valid for compilation.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Temporarily add .md file to tests

    Integration Instructions

    • N/A

  • Initial Memory Manager TOPs documentation @joschock (#320)
    Change Details
      ## Description

    Add Memory Manager Theory of Operations documentation.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Confirmed pages render as expected in mdbook; checked links manually.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

Full Changelog: v9.1.1...v9.2.0

Contributors

makubacki, Javagedes, and 5 other contributors
Assets 2
Loading