What's Changed
-
Update MM Supervisor version to 23.0.3 @makubacki (#647)
Change Details
## Description
For an upcoming release.
Note: The version is updated from 23.0.1 to 23.0.3 since it was not
updated for the 23.0.2 release made on GitHub.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- N/A
Integration Instructions
- N/A
-
MmSupervisorPkg: Update MmiHandlerProfileInfo hash @makubacki (#648)
Change Details
## Description
The hash for the latest 2502 and 2511 branches is different. Move to track tags with updated hash values.
2511 does not currently have the CodeQL change as it is waiting for the changes to be merged into edk2 (PR is active).
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
- Run OverrideValidation plugin against the 2502 and 2511
SmiHandlerProfileAuditTestAppmodules.
Integration Instructions
- Update release/202502 and release/202511 to latest commits. Currently:
- release/202511: 2a8e32f2f098dd120cf91b0cc6013b02c0501a0d
- release/202502: 2f423645f34fafd5fde43ec813305361f0807dad
-
MmSupervisorPkg: Core: Return status value from SaveStateRead2 @zurcher (#644)
Change Details
## Description
When consumers of
gEfiSmmCpuProtocolGuidare given aReadSaveStatefunction that callsSysCallMmReadSaveStatein MmSupervisorRing3Broker, they cannot rely on the returned Status value and may proceed to use invalid data present in theBufferargument, since the Buffer is not manipulated in non-Success paths.
This change ensures that the function interface for this protocol works as expected by protocol consumers.- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
Exposing failure case was this function returning Success on all CPUs, not just the CPU where a Software MMI was triggered.
Verified after the change that only the intended CPU returned Success.Integration Instructions
Likely N/A; consumers of
gEfiSmmCpuProtocolGuidshould review handling of the return Status in case they were expecting Success in non-success cases.</blockquote> <hr> </details>
-
.pytool: Add PR Eval support @Javagedes (#640)
Change Details
## Description
Add PR Eval support in support of CLANGPDB github workflows
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
N/A
Integration Instructions
N/A
</blockquote> <hr> </details>
🐛 Bug Fixes
-
SeaPkg: Build compatibility with ClangPdb @apop5 (#642)
Change Details
## Description
Changes to allow SeaPkg to pass clangpdb build.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
ClangPDB CI is failing due to finding this error.
After fixing, compilation completes.Integration Instructions
No integration necessary.
🔐 Security Impacting
-
Bump `MessageLength` to buffer size for supervisor communications @kuqin12 (#650)
Change Details
## Description
The
MessageLengthhas been tied to input buffer size in the recent movement of removing core private data.This makes the caller having to change to compensate this because the buffer size was meant to indicate the total buffer size the MM core can use for the return.
Given this supervised MM environment has fixed buffer size, already pre-unblocked, it could be treated that the message length will always be covering the entire prepared buffer region.
The test is also reverted to verify the corresponding change.
- Impacts functionality?
- Impacts security?
- Breaking change?
- Includes tests?
- Includes documentation?
How This Was Tested
This was tested on QEMU Q35 and passed the updated test app.
Integration Instructions
N/A
Full Changelog: v23.0.2...v23.0.3
