Skip to content

v12.0.0

Choose a tag to compare

View all tags
@mu-automation mu-automation released this 13 Mar 01:55
· 71 commits to refs/heads/main since this release
v12.0.0
0ef25ab
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Submodule updates to align with latest releases. @Raymond-MS (#1350)
    Change Details
      ## Description

    Updated Features/FFA and MU_BASECORE submodules for their respective releases.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built QemuSbsa Successfully.

    Integration Instructions

    N/A



  • [TPM]Platform Updates for RUST TPM Service @Raymond-MS (#1343)
    Change Details
      ## Description

    Removed code related to the C secure partition. Added the TPM service to the RUST secure partition. Updated the TF-A patch files to reflect the C secure partition removal.

    The TpmStartupLib was removed in the latest updates regarding 202511, added them back in.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built QemuSbsa with TPM enabled. Verified TPM communication. Features/FFA, MU_BASECORE, and Silicon/Arm/MU_TIANO were at latest 202502 release branches.

    Integration Instructions

    N/A



  • QemuQ35,QemuSbsa: Update for 202511 @apop5 (#1329)
    Change Details
      ## Description Changes for 202511
    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Booting Q35, Sbsa to OS.

    Integration Instructions

    No integration necessary.



  • [TPM]Add Tpm2Startup Lib to QemuSbsa PeilessSec @Raymond-MS (#1344)
    Change Details
      ## Description

    Add Tpm2StartupLib to QemuSbsa platform .dsc. This should only be used in PeilessSec.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built QEMU SBSA with TPM enabled, verified TPM communication.

    Integration Instructions

    N/A



  • QemuQ35Pkg: Increase QEMU extended TSEG to 32 MB @Flickdm (#1345)
    Change Details
      ## Description

    Add the -global mch.extended-tseg-mbytes=32 argument to the QEMU runner to increase the extended TSEG from the QEMU default of 16 MB to 32 MB. Update the PcdQ35TsegMbytes PCD comment to note the QEMU default extended TSEG size of 16 MB.

    REF: https://edk2.groups.io/g/devel/message/11505
    REF: https://lists.nongnu.org/archive/html/qemu-devel/2017-06/msg03902.html

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    During OneCrypto testing it was seen that with OneCrypto + existing conditions - this pushed TSEG usage to 16.3 MB causing TSEG memory exhaustion. Increasing the TSEG to 32Mb allows for the platform to boot.

    I will also investigate why we're pushing TSEG usage to 16.3 to determine if this is normal / expected or if there is something we should / can do to reduce the pressure.

    UPDATE:

    It appears that Openssl 3 performs a lot of small allocations during its initialization and when combined with Pool guard - this exhausts a 16Mb TSEG.

    Specifically this line enables pool guard :
    https://github.com/microsoft/mu_tiano_platforms/blob/54f18bd28fe16b41e51785af1aa9b51627f244a7/Platforms/QemuQ35Pkg/PlatformPei/Platform.c#L800

    With this disabled, the platform will be able to boot normally with 16Mb TSEG.

    Leaving it enabled for QemuQ35 is recommended - as it's useful for detecting memory bugs early before they reach physical platforms. Meaning that increasing the TSEG here is acceptable.

    This was tested in both DEBUG and RELEASE using the following commands (after building):

    DEBUG

    python Platforms/QemuQ35Pkg/PlatformBuild.py TOOL_CHAIN_TAG=GCC5 PATH_TO_OS=ValidationOS.qcow2 QEMU_ACCEL=kvm --FlashOnly

    RELEASE

    python Platforms/QemuQ35Pkg/PlatformBuild.py TOOL_CHAIN_TAG=GCC5 PATH_TO_OS=ValidationOS.qcow2 QEMU_ACCEL=kvm TARGET=RELEASE --FlashOnly

    Integration Instructions

    N/A



  • Rename `TEST_REGEX` to `FILE_REGEX` @Javagedes (#1338)
    Change Details
      ## Description

    This commit renames the TEST_REGEX command line option to FILE_REGEX and updates the logic so that files matching FILE_REGEX are always moved to the virtual drive; then if RUN_TESTS=TRUE we will treat those files as platform unit tests and will generate a startup nsh to automatically run the tests.

    This makes it easy for developers to move files onto the virtual drive automatically without necessarily treating those files as on-platform unit tests.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Platform CI

    Integration Instructions

    Users must update any automation that uses TEST_REGEX to now use FILE_REGEX

  • Update submodules to latest of 202502 branches. @apop5 (#1332)
    Change Details
      ## Description

    mu_basecore from v2025020003.0.3 to v2025020003.0.4
    mu_plus from v2025020003.0.1 to v2025020003.0.3
    mu_tiano_plus from v2025020005.0.0 to v2025020006.0.0
    mu_silicon_arm_tiano from v2025020002.0.0 to v2025020003.0.0
    mu_feature_config from 6.0.3 to 6.0.4
    mu_feature_debugger from 0.2.7 to 1.0.0
    mu_feature_ffa from 0.1.2 to 0.1.3
    mu_feature_mm_supv from 21.0.2 to 22.0.0

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    CI

    Integration Instructions

    No Integration necessary.



  • QemuQ35 Acceleration @Flickdm (#1319)
    Change Details
      ## Description

    This pull request introduces configuration changes to support QEMU acceleration mode (KVM) for the QemuQ35Pkg platform

    Configuration Improvements:

    • Set PcdFirstTimeWakeUpAPsBySipi to FALSE in QemuQ35PkgCommon.dsc.inc to ensure proper multi-core SMP initialization under Hyper-V nested virtualization (e.g., WSL2), addressing known issues with SIPI-only wakeup.

    REF: tianocore/edk2@1d76560

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Validation OS

    Integration Instructions

    N/A



  • TF-A Patch for Locality Management @Raymond-MS (#1286)
    Change Details
      ## Description

    Added support for logical secure partitions in TF-A. Added a logical secure-partition to handle locality management. Initializes the locality states upon start-up. Added code to handle DRTM locality management when measuring to the TPM. Added support for sending DIRECT_REQ2 messages from TF-A. Added support for closing localities 2 and 3 as an SMC to TF-A.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built QEMU SBSA with TPM enabled. Ran to shell successfully. Verified LSP is launched and locality states are updated in the TPM service.

    Integration Instructions

    N/A

  • Remove PEI modules in SBSA @kuqin12 (#1299)
    Change Details
      ## Description

    This change removes the PEI phase from SBSA platform.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was built locally and booted to UEFI shell and Windows VOS.

    Integration Instructions

    N/A

  • VirtualDriveManager: Do not assume `mkfs.vfat` location @Javagedes (#1301)
    Change Details
      ## Description

    This commit updates the helper plugin to no longer assume the mkfs.vfat is on the users $PATH. Instead it searches the path, then /sbin and /usr/sbin in case those are not on the path. If it cannot find the command, it will now cleanly exit with an error. Additionally, we now check the rest of the command return values. If there is an error, we delete the created drive, log an error, and cleanly exit.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Validated that we properly report an error if we cannot find the command.

    Integration Instructions

    N/A



  • Update haf\_tfa ext\_dep yaml to latest v11.0.2 release @eeshanl (#1229)
    Change Details
      ## Description

    Update haf_tfa ext_dep yaml to latest v11.0.2 release

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested by running qemu sbsa locally by consuming the ext_deps from the latest release: https://github.com/microsoft/mu_tiano_platforms/releases/tag/v11.0.2

    Integration Instructions

    Update this file when there is a new release.



⚠️ Breaking Changes

  • Q35: Remove NO\_SMM support. @apop5 (#1323)
    Change Details
      ## Description Drop support for NO_SMM builds of Q35.

    The NO_SMM builds of Q35 increase pipeline build time and are not widely used.
    Remove the pipeline build, and remove the associated code added to support this configuraiton.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Local compile an boot to OS.

    Integration Instructions

    No integration necessary.



🐛 Bug Fixes

  • Fix MmControlPei does not send MMI to all cores @kuqin12 (#1318)
    Change Details
      ## Description

    Because there was no negotiation, the SMM controller from QEMU will not broadcast the SMI to all cores, causing only the BSP getting interrupted into MMI.

    This change fixed the issue by invoking the negotiation routine and program the register to enable broadcasting.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested on Q35 and ensured that all cores are now seen in the MMI.

    Integration Instructions

    N/A



🔐 Security Impacting

  • Add SMMU Sbsa support @eeshanl (#1085)
    Change Details
      ## Description

    This change adds SMMU/IOMMU support to mu_tiano_platforms. Actual SmmuDxe driver can be found in ArmPkg.

    Configure SMMU config HOB in PlatformSmmuConfigLib with IORT data.
    SmmuDxe module to setup SMMUV3 hardware and install IoMmu protocol.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested on Qemu Sbsa with mu_tiano_platforms

    Integration Instructions

    N/A



🛠️ Submodule Updates

  • Bump MU\_BASECORE from 2025020003.0.2 to 2025020003.0.3 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1317)
    Change Details
      Bumps MU_BASECORE from `2025020003.0.2` to `2025020003.0.3`

    Introduces 2 new commits in MU_BASECORE.

    Commits
    • c4a845 MdePkg/Acpi50: Add revision macro for Serial Bus UART structure
    • 2739de NetworkPkg: Add timeout polling for PXE media detection (#1636)

    Signed-off-by: Project Mu Bot mubot@microsoft.com



  • Bump MU\_BASECORE from 2025020003.0.0 to 2025020003.0.2 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1314)
    Change Details
      Bumps MU_BASECORE from `2025020003.0.0` to `2025020003.0.2`

    Introduces 22 new commits in MU_BASECORE.

    Commits
    • b67716 [release/202502] Update BaseTools ext dep to v2025020003.0.0 (#1610)
    • 2f3151 [CHERRY-PICK] MdePkg, MdeModulePkg/ArmFfaLib: add funcs to get partition info via regs
    • 9a0675 [CHERRY-PICK] MdeModulePkg/ArmFfaLib: support ArmFfaLib wihtout Rx/Tx buffer
    • f282e9 [CHERRY-PICK] MdePkg,MdeModulePkg/ArmFfaLib: introduce ArmFfaGetPartitionInfo()
    • 25b93e ArmPlatformPkg,EmbeddedPkg,MdeModulePkg: Move RealTimeClockLib header
    • f90aa0 Update FlattenPdbs Plugin to pick up additional symbols.
    • d5c455 CryptoPkg: Add BaseCryptInit(..)
    • a4ebcf BaseTools: Add support for preserving build ID (#1609)
    • 9332b6 pip: bump regex from 2025.11.3 to 2026.1.15 (#1617)
    • d9764a NetworkPkg: Handle UDP4 polling failures (#1595)
    • ba9f76 Revert Handle UDP4 polling failures (#1619)
    • 668bdb BaseTools/Plugin/FlattenPdbs: Add plugin id to allow for easier overrides (#1622)
    • c29fe9 [CHERRY-PICK] MdePkg/IndustryStandard: update Tpm2Acpi table to revision 5
    • 6f83b1 NetworkPkg/Mtftp4Dxe: Prevent invalid memory dereference on MTFTP poll (#1623)
    • eb18dc NetworkPkg: Reset DHCP Service Binding IO Status on Stop (#1620)
    • e9e821 NetworkPkg/DxeNetLib: Initialize MediaState to EFI_NOT_READY
    • 35544b NetworkPkg/DxeNetLib: Make NetLibDetectMedia() calls at TPL_CALLBACK
    • 60b5a5 NetworkPkg/UefiPxeBcDxe: Initialize IPV4 token in IPV4 branch (#1625)
    • 7d5ba9 .pytool: Add uncrustify disable/enable inline strings
    • 2eaecf StandaloneMmPkg/MmCommunicationDxe: Enforce CommSize validation (#1629)
    • afb0c8 ShellPkg: SMBIOS type 20 Extended Starting/Ending Address print type error
    • b09f1f UefiCpuPkg: Make X64 Page Table Definitions Public

    Signed-off-by: Project Mu Bot mubot@microsoft.com



  • Bump Features/MM\_SUPV from 21.0.0 to 21.0.2 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1307)
    Change Details
      Bumps Features/MM_SUPV from `21.0.0` to `21.0.2`

    Introduces 11 new commits in Features/MM_SUPV.

    Commits
    • 44f88b Update MM Supervisor version to v21.000 (#597)
    • 4faddd Repo File Sync: synced file(s) with microsoft/mu_devops (#598)
    • 7ffdf2 Fixing CLANGPDB build for unresolved `invd` function (#601)
    • 85663c MmSupervisorPkg: Add DXE_CORE to MmSupervisorUnblockMemoryLibDxe (#602)
    • f15737 MmSupervisorPkg: Add MmCommunicate V3 support. (#600)
    • 66be82 MmSupervisorPkg: Add back override tracking tags to MmSupervisorCore (#603)
    • a6d0a6 MmSupervisorPkg: Fix buffer size calculation for MmiManage() (#605)
    • 4a532e SeaPkg: Add SmrrLib and use in SmmCpuFeaturesLib (#606)
    • 08c044 Update MM Supervisor version to 21.0.1 (#607)
    • 4888a0 MmSupervisorPkg: Resolve uninitialized variable in V3 communication flow (#608)
    • a3880e Update MM Supervisor version to 21.0.2 (#609)

    Signed-off-by: Project Mu Bot mubot@microsoft.com



  • Bump MU\_BASECORE from 2025020002.1.3 to 2025020003.0.0 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1304)
    Change Details
      Bumps MU_BASECORE from `2025020002.1.3` to `2025020003.0.0`

    Introduces 26 new commits in MU_BASECORE.

    Commits
    • 7a1328 Revert "Fix alignment of PE/COFF image address to section alignment (#1580)"
    • fb48ef [CHERRY-PICK] MdeModulePkg: Remove ambiguous negation of narrower type
    • c7ea0e MdeModulePkg/Variable: Add PCD to control RT cache allocation (#1588)
    • 98bf86 Repo File Sync: Bump actions/checkout from 5 to 6 (#1584)
    • 1d4510 pip: update edk2-pytool-library requirement from ~=0.23.10 to ~=0.23.11 (#1592)
    • 13e0ea CryptoPkg: Add GetCryptoProviderVersionString to BaseCryptLib
    • 1c1bcf CryptoPkg: Delete ParallelHash256HashAll
    • b2bcad CryptoPkg: Update GetCryptoProviderVersionText
    • 60fd7d MdeModulePkg: Support for 64bit IoMmu Operations if allowed by attributes in NonDiscoverablePciDeviceDxe (#1589)
    • 860256 CLANGPDB: SBSA: UnSafeUint64Mult undefined lld-link failure
    • ec5281 CryptoPkg: Update BaseCryptLib unit tests
    • 6f0791 CryptoPkg: Add OneCrypto protocol definition
    • 8e009b CryptoPkg: Add BaseCryptLibOnOneCrypto library implementations
    • ee5b2b CryptoPkg: Add OneCrypto protocol GUIDs and remove unused PCD include
    • 796bda CryptoPkg: Update Readmes to reflect OneCrypto changes
    • 100904 Repo File Sync: Update to Rust 1.92 (#1604)
    • fa93e7 MdeModulePkg: Add unit tests for DxeReportStatusCodeLib
    • 9b4e0f MdeModulePkg: DxeReportStatusCodeLib: Do not query protocol.
    • 557324 MdeModulePkg: RuntimeDxeReportStatusCodeLib: Do not query protocol.
    • 1f3aa6 Repo File Sync: synced file(s) with microsoft/mu_devops (#1606)
    • 6905b8 Update to enable branch protection
    • 77db37 BaseTools: Fix MSVC AARCH64 Building of tools. (#1597)
    • 0f88a3 GitHub Action: Bump actions/upload-artifact from 4 to 6 (#1598)
    • cc8a0d GitHub Action: Bump actions/checkout from 4 to 6 (#1581)
    • 63bb30 NetworkPkg: Add IP address error handling in PxeBcDhcp6Sarr() (#1596)
    • 6f0bf2 Add MockSmmVariableProtocol for GoogleTest (#1608)

    Signed-off-by: Project Mu Bot mubot@microsoft.com



Full Changelog: v11.0.2...v12.0.0

Contributors

eeshanl, Flickdm, and 4 other contributors
Assets 4
Loading