Skip to content

v20.0.0

Choose a tag to compare

View all tags
@mu-automation mu-automation released this 02 Dec 18:36
· 69 commits to refs/heads/main since this release
v20.0.0
f032260
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • MmSupervisorPkg: BaseCpuLibSysCall Adding x86BaseCpuLib.c @apop5 (#557)
    Change Details
      ## Description

    A platform was found to need the CpuId instructions in x86BaseCpuLib.

    Adding the source file from BaseCpuLib to SysCall version.

    The CpuId instructions are not Privileged instructions. Should have no effect on existing consumers.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Platform that needed the function would fail during link process due to missing calls.
    After adding, platform was able to build.

    Integration Instructions

    No integration necessary.



  • SeaPkg: ImageValidation: Make aux rule debugging easier @Javagedes (#560)
    Change Details
      ## Description

    Adds a debug log message before each image validation rule runs that logs the offset of the symbol in the target image. This offset is directly indexable in the json file that gets generated with each aux.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    CI

    Integration Instructions

    N/A



  • test-aux: Make it clear we are skipping some tests @Javagedes (#559)
    Change Details
      This update makes it clear when running the test-aux tool that the memory attribute tests are currently skipped as I have not implemented the page table functionality (if even possible). It does this by reporting skipped tests instead of quietly passing it.

    Description

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Compiles

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • MmSupervisorPkg: Remove refactored code. @apop5 (#554)
    Change Details
      ## Description

    When SeaPkg was merged, the code under Policy/* in MmSupervisorCore was moved into SecurePolicyLib.
    The code in MmSupervisorCore was missed for removal.

    Prune the code since it was already consumed from the SecurePolicyLib.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Local CI after removal still compiled successfully.

    Integration Instructions

    No integration necessary.



  • Update MM Supervisor version to v19.002 @makubacki (#551)
    Change Details
      ## Description

    Matches the current GitHub release version.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • N/A

    Integration Instructions

    • N/A

⚠️ Breaking Changes

  • Remove MM\_CORE\_PRIVATE\_DATA @kuqin12 (#567)
    Change Details
      ## Description

    EDK2 removes the definition of MM_CORE_PRIVATE_DATA structure a while back. Since then the deviation between our supervisor and EDK2 standalone MM grows further and further.

    This change removes the dependency on MM_CORE_PRIVATE_DATA and moved to embrace the EDK2 implementation by using a slightly modified MM_COMM_BUFFER_STATUS structure from MdeModulePkg.

    This change also consolidates the communication buffer setup routine, which will use the same data hob to initialize the communication buffer for user channel.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested on QEMU Q35 and hardware x86 platform.

    Integration Instructions

    The platform will need to carry a few new modules with the given change:

    StandaloneMmPkg/Drivers/MmCommunicationDxe/MmCommunicationDxe.inf
    Add corresponding SmmAccess2Dxe
    StandaloneMmHob is removed.



  • Remove Ring 0 instructions @kuqin12 (#542)
    Change Details
      ## Description

    This is a change that removes knowing faulting instructions when the running code is in Ring 3.

    The intention is to make sure the build time failure will prevent the #GP during runtime.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This is being tested on QEMU Q35 platform.

    Integration Instructions

    N/A. If unresolved symbols are found, one needs to reach out to us to see what it takes to update the syscall interface.

      </blockquote>
  <hr>
</details>

🐛 Bug Fixes

  • Signal `gEfiMmEndOfPeiProtocol` into MM environment @kuqin12 (#578)
    Change Details
      ## Description

    The current logic neither properly translate gEfiEndOfPeiSignalPpiGuid into gEfiMmEndOfPeiProtocol, nor register the corresponding MMI handler to signal the event to the rest of the user modules.

    This change first added the translation logic into MmIplPei module, then a MMI handler is registered through Ring3 broker which will install a protocol as a signal to the entire user space.

    The translation is done in MmIplPei specifically due to this is also done in StandaloneMmIplPei.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This change is tested on QEMU Q35 platform. During the test, MmEndOfPeiHandler print was observed and system booted to UEFI shell.

    Integration Instructions

    N/A



🔐 Security Impacting

  • Remove Ring 0 instructions @kuqin12 (#542)
    Change Details
      ## Description

    This is a change that removes knowing faulting instructions when the running code is in Ring 3.

    The intention is to make sure the build time failure will prevent the #GP during runtime.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This is being tested on QEMU Q35 platform.

    Integration Instructions

    N/A. If unresolved symbols are found, one needs to reach out to us to see what it takes to update the syscall interface.

      </blockquote>
  <hr>
</details>

📖 Documentation Updates

  • Remove Ring 0 instructions @kuqin12 (#542)
    Change Details
      ## Description

    This is a change that removes knowing faulting instructions when the running code is in Ring 3.

    The intention is to make sure the build time failure will prevent the #GP during runtime.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This is being tested on QEMU Q35 platform.

    Integration Instructions

    N/A. If unresolved symbols are found, one needs to reach out to us to see what it takes to update the syscall interface.

      </blockquote>
  <hr>
</details>

Full Changelog: v19.0.2...v20.0.0

Contributors

makubacki, Javagedes, and 2 other contributors
Assets 2
Loading