Skip to content

v19.0.0

Choose a tag to compare

View all tags
@mu-automation mu-automation released this 04 Sep 18:34
· 99 commits to refs/heads/main since this release
v19.0.0
66ab32d

What's Changed

  • MmSupervisorPkg: Add MM Supv Comm Protocol callback for version publication @makubacki (#524)
    Change Details
      ## Description

    Add a protocol notification on gMmSupervisorCommunicationProtocolGuid to account for all protocol dependencies to publish the supervsior version UEFI variable.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • CI and platform integration build
    • Verify the UEFI variable is published after both protocols are produced

    Integration Instructions

    N/A - The same requirements as before



  • MmSupervisorPkg/MmPeiLaunchers: Update override tags @zurcher (#523)
    Change Details
      ## Description

    Update override tags targeting PiSmmIpl.inf

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A



  • Sync Mu DevOps Files, add new cargo checks, and fix resulting errors @magravel (#517)
    Change Details
      ## Description

    The file sync commit was cherry-picked from this branch: #515

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested by running the PR pipeline ( clippy, fmt, build, test, coverage, doc ).

    Integration Instructions

    N/A



  • SmmCpuFeaturesLib: Tweak MSEG error handling logic @makubacki (#511)
    Change Details
      ## Description

    Right now, if MSEG is too small the error message gets buried behind an irrelevant message about not being able to find required SEA entries in present FVs:

    MSEG too small.  Min MSEG Size = 00204000  Current MSEG Size = 00200000
  StmHeader->SwStmHdr.StaticImageSize             = 0001D5A0
  StmHeader->SwStmHdr.AdditionalDynamicMemorySize = 00146000
  StmHeader->SwStmHdr.PerProcDynamicMemorySize    = 00008000
  VMCS Size                                       = 00001000
  Max CPUs                                        = 00000010
  StmHeader->HwStmHdr.Cr3Offset                   = 0001E000
[DiscoverSmiEntryInFvHobs]   Failed to load SEA [E7F9ABC2-61A6-4AF3-A00F-1150CC6EFE20]
  in FV at 0x6D7E4C98 of 6D7E4CAC bytes - Buffer Too Small.
[DiscoverSmiEntryInFvHobs] Found FV HOB referencing FV at 0x6C0CD000. Size is 0x9F000.
[DiscoverSmiEntryInFvHobs]   FV GUID = {1B5C27FE-F01C-4FBC-AEAE-341B2E992A17}.
[DiscoverSmiEntryInFvHobs] Found FV HOB referencing FV at 0x6BDB0000. Size is 0x185E78.
[DiscoverSmiEntryInFvHobs] Found FV HOB referencing FV at 0x6C21D000. Size is 0xA52EA0.
[DiscoverSmiEntryInFvHobs]   FV GUID = {A881D567-6CB0-4EEE-8435-2E72D33E45B5}.
[DiscoverSmiEntryInFvHobs]   Required entries for SEA not found in any FV.

ASSERT_EFI_ERROR (Status = Not Found)
ASSERT [MmSupervisorCore] SeaPkg\Library\SmmCpuFeaturesLib\SmmStm.c(387): !(((INTN)(RETURN_STATUS)(Status)) < 0)

    That's misleading in the MSEG is too small case because the required entries were indeed found but failed to load.

    This change modifies the logic such that the load function fails earlier with the MSEG too small error as the error message for this case.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Make MSEG size too small and inspect debug message before and after the change.

    Integration Instructions

    • N/A

⚠️ Breaking Changes

  • MmSupervisorPkg: Add MmSupervisorCoreInitLib @makubacki (#520)
    Change Details
      ## Description

    Adds a new library class that can be used to add initialization points into the MM Supervisor Core. Right now, this library just provides an opportunity to run initialization code at the very beginning of MM Supervisor Core execution. A null library instance is provided in MmSupervisorPkg.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Build and boot with the null lib
    • Build and boot with a library instance that adds custom functionality

    Integration Instructions

    • Add the MmSupervisorPkg/Library/BaseMmSupervisorCoreInitLibNull/BaseMmSupervisorCoreInitLibNull.inf as shown in PlatformIntegrationSteps.md to the platform DSC file.

🔐 Security Impacting

  • Remove unused crypto functions from MbedTls libraries @kuqin12 (#514)
    Change Details
      ## Description

    We really only need the SHA256 functionality from MbedTls. Even the linker will remove the unused functions eventually, there is still no need to compile them if they are knowingly not getting used.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested by passing the pipeline build that has failed due to unresolved symbols

    Integration Instructions

    N/A



  • Integrate CVE 2025-3770 (Safe Handling of IDT on SMM Entry) @makubacki (#516)
    Change Details
      ## Description

    Updates comments around MM Supervisor-specific bits (SMEP and UMIP) set in CR4 and integrates the changes from edk2 commit:

    d2d8d38ee08c5e602fb092f940dfecc1f5a4eb38

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • MM Supervisor physical platform boot
    • Q35 boot

    Integration Instructions

    • N/A

Full Changelog: v18.0.1...v19.0.0

Contributors

zurcher, makubacki, and 2 other contributors
Assets 2
Loading