Skip to content

v2025020003.0.1

Choose a tag to compare

View all tags
@mu-automation mu-automation released this 10 Feb 05:10
· 9 commits to refs/heads/release/202502 since this release
v2025020003.0.1
3496fc1

What's Changed

  • [REBASE \& FF] Fix Memory Tests to Run on Patina @os-d (#825)
    Change Details
      ## Description

    See individual commit descriptions for full details. This changeset updates the paging audit simple test, full audit, and memory protections test app to run on Patina.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested on physical Intel, Q35, and SBSA.

    Integration Instructions

    Ensure the platform is producing the memory protection HOB with:

    DxeSettings.HeapGuardPolicy.Fields.UefiPageGuard = 0;
DxeSettings.HeapGuardPolicy.Fields.UefiPoolGuard = 0;

    Until Patina enables those features, otherwise those tests will execute and will fail due to no guard pages enabled.

    This is a breaking change because it depends on mu_basecore version >= v2025020003.0.2 as some header definitions are depended on in that release.



  • Update Adv Logger Info to V6 [Rebase \& FF] @makubacki (#826)
    Change Details
      ## Description

    AdvLoggerPkg: Define a single advanced logger info version

    Currrently, ADVANCED_LOGGER_INFO_VER is being used to set and check
    the version field in the ADVANCED_LOGGER_INFO struct.

    This more clearly defines that version to be associated with the
    log info structure and breaks out the Hardware Level version to a
    macro (ADVANCED_LOGGER_INFO_HW_LVL_SUPPORTED_VER) that clearly shows
    that is an identifier for hardware level support being present in
    the logger info version.

    AdvLoggerPkg: Bump ADVANCED_LOGGER_INFO_VER to 6

    Updates the major version to 6 to account for the NewLoggerInfoAddress
    field that was added to ADVANCED_LOGGER_INFO.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • AdvLoggerPkg CI build
    • AdvLoggerPkg QEMU Q35 boot to EFI shell and dump log with EFI app
    • Intel physical platform boot to OS and decode log (in progress)
    • Arm platform test (todo)

    Integration Instructions

    • Ensure all adv logger code is updated to the same version and you're using the latest version of the applications in AdvLoggerPkg.

  • AdvLoggerPkg: DecodeUefiLog handle frequency errors. @apop5 (#824)
    Change Details
      ## Description

    When calling DecodeUefiLog, if the system was not able to provide a frequency in the log, it will be reported as 0. With no verification check of a zero frequency, DecodeUefiLog would attempt a divide by zero when converting time to nano seconds.

    Add a check that prevents divide by zero. This will report times of 0 for all timestamps in the decoded log.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    On a physical platform where no timer frequency was reported, encountered a python exception.
    After change, log was correctly retrieved and displays a timestamp of 0.

    Integration Instructions

    No integration necessary.



  • Refactor HID Keyboard Reset support @joschock (#823)
    Change Details
      ## Description

    This PR changes how CTRL-ALT-DEL resets are handled by the HID stack. Previously, they were handled by the lower layer key processing code; but this caused them to be handled at an implementation-defined TPL based on what TPL the input reports are generated at by the HID I/O layer.

    This change moves the CTRL-ALT-DEL to use the existing SimpleTextInEx key registration infrastructure to handle the reset logic, effectively moving the reset handling up to a higher level of abstraction.

    This also simplifies disabling this capability behind a feature flag should it be desirable in the future to separate reset logic from the HID stack entirely.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Verified CTRL-ALT-DEL resets system from UEFI shell and that reset occurs at TPL_CALLBACK.

    Integration Instructions

    N/A



  • Configure watchdog interrupt for ARM platform @rohansenUSA (#820)
    Change Details
      ## Description

    When using MpManagement to suspend all cores to a C-state that powers down the core the non-secure watchdog is being used to wake up a core after a certain amount of time.

    On ARM reference platforms the non-secure watchdog interrupt is a level interrupt and active high. and this PR configures the interrupt trigger accordingly. Also, when all cores are powered down interrupt IRM (Interrupt Routing Mode) can't be used and the interrupt have to be routed to a specific core using the affinity fields. This PR programs the interrupt to go to the BSP.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested on custom Microsoft hardware.

    Following use case was run:

    1. Program watchdog timer.
    2. Power down cores.
    3. Watchdog interrupt to wake up BSP.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • MsWheaPkg: Change debug prints to avoid confusion @kuqin12 (#819)
    Change Details
      ## Description

    The current debug output labels all HwErrRec entries as error records. While technically accurate given the “Hardware Error Record” naming, this can be misleading, as some entries are informational rather than actual errors.

    This change updates the debug output to use “telemetry record” instead, reducing the risk of confusion.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Debug print change only, non-functional.

    Integration Instructions

    N/A



  • Rendering Engine Fixes [Rebase \& FF] @makubacki (#818)
    Change Details
      ## Description

    MsGraphicsPkg/RenderingEngineDxe: Defensive checks for global GOP pointer

    Verify mParentGop is valid before use.

    MsGraphicsPkg/RenderingEngineDxe: Defensive checks for global GOP pointer

    Verify mParentGop is valid before use.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • CI, build and verify GOP start and operation in QEMU Q35, and "disconnect -r" succeeds

    Integration Instructions

    • N/A

  • Revise OSK error messages @joschock (#817)
    Change Details
      ## Description

    Present OSK messages include the error level (e.g. "[ERROR] OSK: ").

    This PR removes those tags. This allows better filtering of logs for actual actionable errors, as well as avoiding redundancy when interpreted by a log viewer that also tags each message according to the error level.

    Debug message changes only, no functional change.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Booted system, observed error messages changed as expected.

    Integration Instructions

    N/A



  • AdvLoggerPkg: Fix memory bucket stability @makubacki (#799)
    Change Details
      ## Description

    Right now, the PEI Core instance of AdvancedLoggerLib will always allocate the logger buffer as EfiRuntimeServicesData. This means it is not allocated into the DXE Core managed RT Services Data memory bucket. The DXE Core instance of AdvancedLoggerLib either continues to use this buffer it is provided or allocates a new EfiReservedMemoryType buffer.

    This change always allocates a EfiReservedMemoryType buffer in the DXE Core instance to ensure it is allocated from the reserved memory type buckets setup by the DXE Core. The PEI Core logger buffer is updated to be EfiBootServicesData so it does not affect runtime allocations.

    The logger buffer will not attempt to be migrated if PcdAdvancedLoggerFixedInRAM is FALSE.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • CI
    • Boot on a virtual and physical Intel platform and confirm the logger is functional
      • Note: Has not been tested on an ARM64 platform yet

    Integration Instructions

    • N/A

  • Adding advanced logger support for ARM's SEC phase @kuqin12 (#810)
    Change Details
      ## Description

    The current setup does not have the support of advanced logger if an ARM64 platform would like to start the logging into static buffer from SEC phase.

    This change adds the support of this use case. The assumption is that the ARM64 platform will have a static carve out of the advanced log buffer and hands off to DXE phase directly, because PEI phase memory manager is not sophisticated enough to reserve carveout memory backed by DRAM and thus could run into memory corruption issues.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This is tested on QEMU SBSA PEI-less builds and booted to both UEFI shell and OS.

    Integration Instructions

    Add AdvancedLoggerLib|AdvLoggerPkg/Library/AdvancedLoggerLib/SecArm/AdvancedLoggerLib.inf to the library SEC phase.

      </blockquote>
  <hr>
</details>
  • UefiHidDxeV2: fix cargo clippy issues for toolchain 1.92.0 @antklein (#804)
    Change Details
      ## Description
    • Update UefiHidDxeV2 tests for absolute_pointer to meet clippy requirements.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Local CI validation and cargo testing with rust toolchain 1.92.0

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • MfciPkg: Fix MfciDxeRoT unit test. @apop5 (#805)
    Change Details
      ## Description

    Unit tests are failing due to use of setjump/longjump.

    There are multiple bug reports about the use of setjump/longjump when dealing with address sanitizer. There are a lot of false positives triggered because the address sanitizer is unable to verify the stack when it is directly manipulated.

    Fixing the failing case by removing setjump/longjump from the failing unit test.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Pipeline is failing.
    Local CI fails.

    After integrating changes, local CI is passing.

    Integration Instructions

    No Integration necessary.



  • Add allow list to DMAProtectionAudit tests for IVRS. @eeshanl (#802)
    Change Details
      ## Description

    Add allow list to DMAProtectionAudit tests for IVRS.

    Allow list to now include [EfiReservedMemoryType, EfiACPIMemoryNVS]

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    N/A

    Integration Instructions

    N/A



  • QrEncoderLib: Prevent memcpy intrinisc in PolynomialDivision() @makubacki (#761)
    Change Details
      ## Description

    Use CopyMem() to prevent memcpy on recent MSVC versions.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • CI
    • QrEncoderLib platform integration with MSVC 14.44.35207

    Integration Instructions

    • N/A

  • Mask non-affinity bits for mCpuInfo MPIDR values @Shrirammc55 (#763)
    Change Details
      ## Description

    Current core's MPIDR value has masked non-affinity bits before comparing with MPIDR values populated in mCpuInfo. This change is to apply the same mask for MPIDR values within mCpuInfo before the compare

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested in custom Microsoft hardware

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>

🐛 Bug Fixes

  • AdvLoggerPkg: Remove added HII package before application returns @kuqin12 (#822)
    Change Details
      ## Description

    Current log dumper application will add an HII entry to the database but never removes it. This will cause the system to crash if we were to invoke it again.

    This change removes the added package before returning.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested on QEMU SBSA and double invoked the application without asserts.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • MfciPkg: Fix alignment handling of multiple XDR certs in PCD @thomashinds (#816)
    Change Details
      ## Description

    Fixes an issue where XDR certificates may not be correctly parsed in MfciDxe - ValidateBlobWithXdrCertificates when the buffer containing the certs is not aligned to a 4-byte boundary, even if the certs are aligned within the buffer itself. The alignment should be taken with respect to the start of the buffer, rather than the absolute position in memory.

    Fixes #814

    Related fix in EDK2 FmpDevicePkg: tianocore/edk2#11529

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Verified using the second cert on a platform with the cert buffer pointer forced to be unaligned.

    Before fix:

    00:00:06.656 : [DXE  ] [INFO] MfciDxe: VerifyPolicyAndChange() - Enter
00:00:06.659 : [DXE  ] [INFO] VerifyPolicyAndChange - Step 2: Check current policy related variables.
00:00:06.660 : [DXE  ] [INFO] VerifyPolicyAndChange - Get current MFCI Policy blob - Not Found
00:00:06.662 : [DXE  ] [INFO] VerifyPolicyAndChange - Clear other current variables returned, proceeding to TARGET step.
00:00:06.662 : [DXE  ] [ERR ] VerifyPolicyAndChange - Verify targeting step!
00:00:06.663 : [DXE  ] [INFO] ValidateBlobWithXdrCertificates: Certificate #1 [E8CDE29E..E8CDF126].
00:00:06.663 : [DXE  ] [INFO] ValidateBlob()
00:00:06.663 : [DXE  ] [INFO] ValidateSignature()
00:00:06.663 : [DXE  ] [ERR ] Pkcs7Verify() returns FALSE
00:00:06.663 : [DXE  ] [ERR ] ValidateSignature() returned EFI_ERROR: Security Violation
00:00:06.663 : [DXE  ] [INFO] ValidateBlobWithXdrCertificates: Certificate #2 [E8CDE9B4..E8CDF126].
00:00:06.663 : [DXE  ] [INFO] ValidateBlob()
00:00:06.663 : [DXE  ] [INFO] ValidateSignature()
00:00:06.663 : [DXE  ] [ERR ] SignedPolicy NULL or Size == 0, or TrustAnchorCert NULL or Size 0, or EKU NULL
00:00:06.664 : [DXE  ] [ERR ] ValidateSignature() returned EFI_ERROR: Invalid Parameter
00:00:06.664 : [DXE  ] [INFO] ValidateBlobWithXdrCertificates: Certificate #3 [E8CDE9B8..E8CDF126].
00:00:06.664 : [DXE  ] [ERR ] ValidateBlobWithXdrCertificates - PcdMfciPkcs7CertBufferXdr size incorrect: PublicKeyData(0xE8CDE9BC) PublicKeyDataLength(0x76C3082) PublicKeyDataXdrEnd(0xE8CDF126)
00:00:06.664 : [DXE  ] [ERR ] VerifyPolicyAndChange - Target blob validation failed - Aborted.

    With fix:

    00:00:06.944 : [DXE  ] [INFO] MfciDxe: VerifyPolicyAndChange() - Enter
00:00:06.947 : [DXE  ] [INFO] VerifyPolicyAndChange - Step 2: Check current policy related variables.
00:00:06.948 : [DXE  ] [INFO] ValidateBlobWithXdrCertificates: Certificate #1 [E8CDE1AE..E8CDF036].
00:00:06.948 : [DXE  ] [INFO] ValidateBlob()
00:00:06.948 : [DXE  ] [INFO] ValidateSignature()
00:00:06.949 : [DXE  ] [ERR ] Pkcs7Verify() returns FALSE
00:00:06.949 : [DXE  ] [ERR ] ValidateSignature() returned EFI_ERROR: Security Violation
00:00:06.949 : [DXE  ] [INFO] ValidateBlobWithXdrCertificates: Certificate #2 [E8CDE8C6..E8CDF036].
00:00:06.949 : [DXE  ] [INFO] ValidateBlob()
00:00:06.949 : [DXE  ] [INFO] ValidateSignature()
00:00:06.950 : [DXE  ] [INFO] SanityCheckSignedPolicy()
00:00:06.950 : [DXE  ] [INFO] SanityCheckPolicy()
00:00:06.950 : [DXE  ] [INFO] MfciDxe: VerifyTargeting() - Enter
00:00:06.950 : [DXE  ] [INFO] ExtractChar16()
00:00:06.950 : [DXE  ] [INFO] ExtractChar16()
00:00:06.951 : [DXE  ] [INFO] ExtractChar16()
00:00:06.951 : [DXE  ] [INFO] ExtractChar16()
00:00:06.952 : [DXE  ] [INFO] ExtractChar16()
00:00:06.952 : [DXE  ] [INFO] ExtractUint64()
00:00:06.953 : [DXE  ] [INFO] ExtractUint64()
00:00:06.953 : [DXE  ] [ERR ] VerifyPolicyAndChange - Verify targeting step!
00:00:06.953 : [DXE  ] [INFO] VerifyPolicyAndChange - No target blob found, bail here.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • AdvLoggerPkg: Minor fix in DecodeUefiLog.py \_GetNextMessageBlock() @makubacki (#813)
    Change Details
      ## Description

    This is a minor issue that has been present in the script for a very long time.

    The function calls self._ReadMessageEntry() to read the next message entry from the log file. That function can return None for the MessageEntry if it encounters an invalid signature.

    This function needs to handle that case properly to avoid trying to access fields of a None object, which would lead to an AttributeError.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Force self._ReadMessageEntry() to enter the case where it returns (None, None) and verify the AttributeError does not occur.

    Integration Instructions

    • N/A

    Note: I'd normally use f-strings here, but this follows the convention used in the rest of the file.



  • AdvLoggerPkg: Fix AdvancedLogDumper HII initialization bug @makubacki (#812)
    Change Details
      ## Description

    Commit 005cfdd added HII support to AdvancedLogDumper but did not link UefiHiiServicesLib to the application.

    Running the EFI app will give an assert similar to the following:

    INFO - ASSERT_EFI_ERROR (Status = Invalid Parameter)
INFO - ASSERT [AdvancedLogDumper]
  AdvLoggerPkg\Application\AdvancedLogDumper\LogDumperCommon.c(337):
    !(((RETURN_STATUS)(Status)) >= 0x8000000000000000ULL)

    UefiHiiServicesLib needs to be linked (added to the INF file) for gHiiDatabase to be initialized properly.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    • Run the AdvancedLogDumper EFI application before and after the change
      • It dumps the log successfully after the change

    Integration Instructions

    • N/A

  • HidPkg/UefiHidDxeV2: Prevent TPL escalation when sending output reports @wenbhou (#787)
    Change Details
      ## Description

    Fixes #788

    Separate send_output_reports from send_led_reports to avoid issues caused by an elevated TPL when invoked from simple_text_in_ex_set_state, simple_text_in_ex_reset or simple_text_in_reset. These functions raise the TPL to TPL_NOTIFY, but the HID I/O instance may require the TPL to be at or below TPL_CALLBACK.
    By decoupling these operations, we ensure proper TPL handling and prevent conflicts during HID output report transmission.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested on laptop and no TPL conflicts observed.

    Integration Instructions

    N/A



  • Fixing use after free issue for extra data in WHEA record @kuqin12 (#790)
    Change Details
      ## Description

    The current implementation will free the extra data immediately after the entry is logged. This is fine if the log is directly materialized into HwErrRec UEFI variables.

    However, if this logic occurs in the early DXE stage, it will cause the collected linked list contain dangling pointer.

    This change fixed the issue by duplicating the buffer when it is added to the linked list and freed after linked list is processed.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested by adding a telemetry entry before variable service is available and verified that the WHEA driver collected and then later processed the entry properly.

    Integration Instructions

    N/A



Full Changelog: v2025020003.0.0...v2025020003.0.1

Contributors

eeshanl, makubacki, and 9 other contributors
Assets 2
Loading