v4.0.10

What's Changed

• Convert docx files to readme.md format @[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent) (#307)
  
  Change Details

    This PR addresses the documentation improvement request by converting the existing Microsoft Word document to markdown format for better accessibility and version control integration.

  Changes Made

  • Converted: DfciPkg/SettingsManager/Overview.docx → DfciPkg/SettingsManager/readme.md
  • Removed: Original docx file as it's no longer needed
  • Applied: Proper markdown formatting following the repository's style guidelines

  Technical Details

  The conversion was performed using pandoc to ensure accurate content preservation, followed by markdownlint auto-fixing to meet the repository's markdown standards defined in .markdownlint.yaml. The resulting markdown document maintains all the original technical content including:

  • Microsoft Settings Manager implementation details
  • File descriptions and responsibilities
  • Error code definitions
  • Proper hierarchical structure with headers and lists

  Benefits

  • Version Control Friendly: Markdown files can be properly diffed and tracked in git
  • Accessibility: No special software required to view documentation
  • Consistency: Aligns with the repository's existing markdown documentation standards
  • Maintainability: Easier to update and maintain documentation alongside code changes

  Fixes #306.

  [!WARNING]

  Firewall rules blocked me from connecting to one or more addresses (expand for details)

  I tried to connect to the following addresses, but was blocked by firewall rules:

  • esm.ubuntu.com
    • Triggering command: /usr/lib/apt/methods/https (dns block)

  If you need me to access, download, or install something from one of these locations, you can either:

  • Configure Actions setup steps to set up my environment, which run before the firewall is enabled
  • Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

  ---

  💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.
  

  
  

  ---

  
  

• DfciPkg: DfciMenu Fix ClangDwarf compile. @apop5 (#299)
  
  Change Details

    ## Description When comping with clangdwarf, the abi defaults to system v abi. The use of VA_ARG with clang, defaults to the msabi version.

  Functions that use VA_ARG should be declared as EFIAPI. In this particular case, the function is internal, and was not declared with EFIAPI. Adding the missing declaration resolves the build error.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Testing while building a platform using TOOL_CHAIN_TAG=CLANGDWARF

  Integration Instructions

  No integration necessary
  

  
  

  ---

  
  

• Fix: Use raw string evaluation to prevent invalid escape sequence warning in signPfx check @abhinav-karthik (#287)
  
  Change Details

    Use raw string evaluation to prevent invalid escape sequence warning in signPfx check

  Description

  Replaced direct string comparison in IF condition with a raw string evaluation to avoid runtime warnings caused by invalid escape sequences.

  Details:

  The previous implementation:

  IF "${signPfx}" == "UNSIGNED"

  caused issues when ${signPfx} contained backslashes (e.g., \D), resulting in:

  SyntaxWarning: invalid escape sequence '\D'

  This was especially problematic in Azure Devops YAML pipelines, where the warning is treated as a failure due to being written to stderr.

  To resolve this, the logic was updated as follows:

  ${is_unsigned}=    Evaluate    r"""${signPfx}""" == "UNSIGNED"
  IF    ${is_unsigned}
  

  Using a raw string with triple quotes ensures that any backslashes in the value are treated literally, avoiding escape sequence interpretation by Python.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality? No
  • Impacts security? No
  • Breaking change? No
  • Includes tests? No
  • Includes documentation? Np

  How This Was Tested

  Tested locally on a physical DUT

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• CISettings.py: Update Common/MU branch to 202502 @makubacki (#298)
  
  Change Details

    ## Description

  The branch is still on release/202405 while MU_BASECORE is on release/202502. Now they are both on release/202502.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Local CI
  • Verify Common/MU resolves to release/202502 with stuart_ci_setup

  Integration Instructions

  • N/A
    

  
  

  ---

🔐 Security Impacting

• DfciPkg/DfciRecoveryLib: Add support for Arm RNDR RNG algorithm @makubacki (#297)
  
  Change Details

    ## Description

  1. Consolidate logic for determining whether the RNG protocol is available and a secure algorithm is supported by the platform in DfciRecoveryLib.c.
  2. Update the list of algorithms that are considered secure for the purposes of DFCI usage to include gEfiRngAlgorithmArmRndr for a DRBG via the Arm RNDR register.

  Platforms producing gEfiRngAlgorithmArmRndr should ensure it supports NIST SP800-90B compliance as described in https://developer.arm.com/documentation/100685/0000/Overview-of-Arm-True-Random-Number-Generator--TRNG-.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • CI
  • Platform test in progress

  Integration Instructions

  • gEfiRngAlgorithmArmRndr will be used if present in the RNG algorithm.
    

  
  

  ---

Full Changelog: v4.0.9...v4.0.10