v21.0.1
What's Changed
-
Update MM Supervisor version to 21.0.1 @makubacki (#607)
Change Details
## Description
For an upcoming release.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- N/A
Integration Instructions
- N/A
-
SeaPkg: Add SmrrLib and use in SmmCpuFeaturesLib @makubacki (#606)
Change Details
## Description
Some SMRR configuration relies on resources that are not fully described in discovered public documentation.
To allow for flexibility in SMRR configuration, add a new library class called SmrrLib is added that allows a SeaPkg integrating platform to provide platform-specific SMRR configuration.
The SeaPkg SmmCpuFeaturesLib instance is updated to use the SmrrLib for SMRR configuration.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- SeaPkg build and CI
- Verify SMRR configuration with "SMM Security Configuration Tests" HSTI using the platform-specific (non-null) SmrrLib instance
Integration Instructions
If building SEA create a platform-specific instance of SmrrLib that configures SMRRs securely. This is linked against
SmmCpuFeaturesLib(theSeaPkginstance) which is linked againstMmSupervisorCoreto prevent requiring user mode MM policy from needing to unblock SMRR MSRs and allowing the library to program SMRRs on all cores.
-
MmSupervisorPkg: Add back override tracking tags to MmSupervisorCore @apop5 (#603)
Change Details
## Description
Override tags were removed in #600.
Add back the override tags to catch changes.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI
Integration Instructions
No integration necessary.
-
MmSupervisorPkg: Add MmCommunicate V3 support. @apop5 (#600)
Change Details
## Description
Add EFI_MM_COMMUNICATE_HEADER_V3 support to Mm Supervisor
This is adding support for processing mm communicate v3 requests from the protocol.
v3 support is not being added to the supervisor communication channel. The supervisor channel, as can be viewed in MmDxeSupport.c, directly crafts a v2 communicate packet.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Testing Q35 with 202511.
Would not boot previously, asserted when mm communicate v3 attempted to access variables.
Booted afterIntegration Instructions
No integration necessary, should be backward compatible previous mm communicate protocols.
-
MmSupervisorPkg: Add DXE\_CORE to MmSupervisorUnblockMemoryLibDxe @makubacki (#602)
Change Details
## Description
Adds
DXE_COREas an allowable link module type for theMmSupervisorUnblockMemoryLibDxelibrary instance.This enables other linked libraries to the DXE Core to be able to unblock memory. This instance links against
UefiBootServicesTableLibto get the boot services table.gBSwill be populated by the DXE Core when it callsProcessLibraryConstructorList().Autogen places library constructors for linked DXE Core libraries in dependency order (since they're ordered by DAG in BaseTools). This orders
UefiBootServicesTableLibprior to
MmSupervisorUnblockMemoryLibDxewhich would be prior to any other DXE Core linked library that usesMmMmUnblockMemoryLib.At this moment, this is used for an advanced logger DXE core library instance to set up an End of DXE notify that unblocks memory for a new logger buffer.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Link against DXE Core
- Call
MmUnblockMemoryRequest()from an End of DXE notification function
Integration Instructions
- N/A
-
Update MM Supervisor version to v21.000 @kuqin12 (#597)
Change Details
## Description
Matches the current GitHub release version.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
CI build completes
Integration Instructions
No changes required. MM Supervisor version will be updated.
</blockquote> <hr> </details>
🐛 Bug Fixes
-
MmSupervisorPkg: Fix buffer size calculation for MmiManage() @makubacki (#605)
Change Details
## Description
The supervisor communication channel size calculation changed from:
BufferSize = CommunicateHeader->MessageLength;To:
BufferSize = OFFSET_OF(..., Data) + CommunicateHeader->MessageLength;This new calculation includes the header size in BufferSize, but the header needed to be subtracted from
BufferSizebefore passing itMmiManage()since it expects only the message data size, not the total buffer size including the header.This caused
MmiManage()to read/write beyond the actual message data.This was addressed by subtracting
CommHeaderSizebefore callingMmiManage(), restoring the original behavior whereMmiManage()receives only the message data size.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Boot QemuQ35Pkg with a MM unblock request made in DXE that failed before the change and passes after
Integration Instructions
- N/A
🔐 Security Impacting
-
Fixing CLANGPDB build for unresolved `invd` function @kuqin12 (#601)
Change Details
## Description
The previous fix only covered the case of MSFT compiler. However, as EDK2 starts to expand the support to CLANGPDB, the fix does not provide the same coverage. This change removes the original specifier to cover all compilers.
For details on how to complete these options and their meaning refer to CONTRIBUTING.md.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Pipeline build passes.
Integration Instructions
N/A
Full Changelog: v21.0.0...v21.0.1
