v2023110000.1.0

What's Changed

• Addeding dTPM support for MM Core module type @kuqin12 (#259)
  
  Change Details

  Description

  The current dTPM library instance only supports MM_STANDALONE, which makes the MM core module unable to use this instance.

  This change expands the support for this library to cover MM_CORE_STANDALONE as well.

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  This was tested on QEMU Q35 and verified bootable to UEFI shell.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• [CHERRY-PICK] Device Security Support Changes [REBASE \& FF] @makubacki (#268)
  
  Change Details

  Description

  This cherry-pick series includes the SecurityPkg patches to support SPDM device authentication and measurement.

  • Adds the libspdm submodule - A SPDM implementation in the DMTF repo.

  • Adds TCG PFP 1.06 support - Adds support for the Tpm2ExtendNvIndex() API.

  • Adds core Device Security libraries in SecurityPkg

  • Impacts functionality?

    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...

  • Impacts security?

    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...

  • Breaking change?

    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...

  • Includes tests?

    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...

  • Includes documentation?

    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • EDK II testing
  • Tests in DeviceSecurityTestPkg

  Integration Instructions

  • See some integration examples in DeviceSecurityTestPkg
  • This change depends on the Mu Basecore changes in microsoft/mu_basecore#846. You must ensure those changes are also in your repo.
    

  
  

  ---

🔐 Security Impacting

• [CHERRY-PICK] Device Security Support Changes [REBASE \& FF] @makubacki (#268)
  
  Change Details

  Description

  This cherry-pick series includes the SecurityPkg patches to support SPDM device authentication and measurement.

  • Adds the libspdm submodule - A SPDM implementation in the DMTF repo.

  • Adds TCG PFP 1.06 support - Adds support for the Tpm2ExtendNvIndex() API.

  • Adds core Device Security libraries in SecurityPkg

  • Impacts functionality?

    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...

  • Impacts security?

    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...

  • Breaking change?

    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...

  • Includes tests?

    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...

  • Includes documentation?

    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • EDK II testing
  • Tests in DeviceSecurityTestPkg

  Integration Instructions

  • See some integration examples in DeviceSecurityTestPkg
  • This change depends on the Mu Basecore changes in microsoft/mu_basecore#846. You must ensure those changes are also in your repo.
    

  
  

  ---

Full Changelog: v2023110000.0.5...v2023110000.1.0

v2023110000.0.5

What's Changed

• Add an assert to TCG log function if log is full @cfernald (#257)
  
  Change Details

    ## Description

  Currently, if the TCG log fills up, the firmware will boot only logging some errors and the OS may or may not fail depending on scenario and configuration. This PR adds an assert so that these truncations can be found in testing rather then having to wait for failures in production.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110000.0.4...v2023110000.0.5

v2023110000.0.4

What's Changed

• [CHERRY-PICK] Add StackCheckLib Instances to Platform DSC Files (#252) @TaylorBeebe (#253)
  
  Change Details

    ## Description

  An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.

  • Impacts functionality?
  • Functionality - Does the change ultimately impact how firmware functions?
  • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
  • Security - Does the change have a direct security impact on an application,
    flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ...
  • Breaking change?
  • Breaking change - Will anyone consuming this change experience a break
    in build or boot behavior?
  • Examples: Add a new library class, move a module to a different repo, call
    a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
  • Documentation - Does the change contain explicit documentation additions
    outside direct code modifications (and comments)?
  • Examples: Update readme file, add feature readme file, link to documentation
    on an a separate Web page, ...

  How This Was Tested

  Tested in pipelines

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Delete PK broken on latest integration due to not using CUSTOM MODE or UserPhysicallyPresent(..) @Flickdm (#254)
  
  Change Details

    # Preface

  Description

  This reverts the revert where we reverted the update that supports SHA384 and SHA512.

  When ProcessVarWithPk(..) is called the expected code path is that you are in CUSTOM MODE and a UserPhysicallyPresent. Neither of which Project MU does or supports. So we end up falling down into VerifyTimeBasedPayloadAndUpdate(..). From there we fall into VerifyTimeBasedPayload and then finally we were depending on a special case where the size wasn't checked to hit the following line

   // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.
   if ((PayloadSize == 0) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0) && !IsVariablePolicyEnabled ()) {
     VerifyStatus = TRUE;
     goto Exit;
   }

  This would work in 202302 and before allow us to delete the PK. However in this commit the logic to detect digest algorithm was changed and now prevents any payload with an invalid signature size (such as a PK Delete payload) from working.

  History:

  1. Original Commit From EDK2
  2. Cherry-pick into MU_TIANO_PLUS
  3. Partial Revert to remove unnecessary logic

  Bug seen where PK cannot be deleted
  See Issue #246

  1. Revert "SecurityPkg/SecureBoot: Support RSA4096 and RSA3072" and follow up change
  2. Revert "SecurityPkg/SecureBoot: Support RSA4096 and RSA3072"

  This patch series contains the original two commits and the bug fix

  1. Cherry-pick into MU_TIANO_PLUS
  2. Partial Revert to remove unnecessary logic
  3. SecurityPkg/SecureBoot: Support special case where PK is being deleted.

  Effectively this adds a special case where if the signature is 0

  For each item, place an "x" in between [ and ] if true. Example: [x].
  (you can also check items in the GitHub UI)

  • Impacts functionality?
    • Functionality - Allows for a PK to be deleted
  • Impacts security?
    • Security - No
  • Breaking change?
    • Breaking change - No
  • Includes tests?
    • Tests - No
  • Includes documentation?
    • Documentation - No

  How This Was Tested

  1. Boot QemuQ35
  2. Enable Secure Boot with the Microsoft Only Certificates
  3. Boot to the Front Page
  4. Go to the Security Tab - Reboot to Front Page
  5. Disable Secure Boot by selecting None
  6. If broken firmware will assert
  7. otherwise proceed

  Additionally, confirmed that authenticated variables with valid signature data using the hash algorithms SHA256, SHA384 and SHA512 still work.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Corrects spelling error in unit test @Flickdm (#250)
  
  Change Details

    # Preface

  Description

  Pipeline just started picking up a spelling mistake in a log message in a unit test

  • Impacts functionality?
    • Functionality - No
  • Impacts security?
    • Security - No
  • Breaking change?
    • Breaking change - No
  • Includes tests?
    • Tests - No
  • Includes documentation?
    • Documentation - No

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Revert "SecurityPkg/SecureBoot: Support RSA4096 and RSA3072" and follow up change. @cfernald (#246)
  
  Change Details

    ## Description

  Reverts commit 36b848b.
  Reverts commit bbf1822.

  This change has created an issue where the PK cannot be deleted after creation because of a hashing signature mismatch. This change is to revert the offending change until this issue can be further debugged.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested oh physical platform

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110000.0.3...v2023110000.0.4

v2023020001.0.1

What's Changed

• Add StackCheckLib Instances to Platform DSC Files @TaylorBeebe (#252)
  
  Change Details

    ## Description

  An instance of StackCheckLib must be in each DSC to accommodate -fstack-protector and /GS flags.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested in pipelines

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020001.0.0...v2023020001.0.1

v2023110000.0.3

What's Changed

• [CHERRY-PICK] FatPkg/FatPei: Check array offset before use @makubacki (#245)
  
  Change Details

    ## Description

  Move the range check before array access to enforce the bounds
  as expected.

  Cc: Ray Ni [email protected]
  Signed-off-by: Michael Kubacki [email protected]
  Reviewed-by: Michael D Kinney [email protected]
  (cherry picked from commit 3ce5f2d)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • Run CodeQL before and after the change.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110000.0.2...v2023110000.0.3

v2023110000.0.2

What's Changed

• remove edk2-basetools @Javagedes (#243)
  
  Change Details

    ## Description

  Removes edk2-basetools from pip-requirements.txt and any usage of it in the CISettings.py. The is done as there are changes in the build tools python source code that are available locally in BaseTools (as it is managed by Project Mu) that is not available in edk2-basetools.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Verified the build system continues to use the local python source

  Integration Instructions

  N/A - only effects this repository's CI system.
  

  
  

  ---

  
  

Full Changelog: v2023110000.0.1...v2023110000.0.2

v2023110000.0.1

What's Changed

• Partial Revert "SecurityPkg/SecureBoot: Support RSA4096 and RSA3072" @kenlautner (#224)
  
  Change Details

    ## Description

  Edk2 updated AuthVariable and secureboot to allow them to use SHA384 and SHA512. The AuthVariable addition is good because it allows signing this with the PK but the secureboot addition is unnecessary.

  The secureboot change has things hashed by all three algorithms and then checking them in the DBX for SHA256, SHA384 and SHA512 lists to make sure it's not on any of them. The issue with this is two fold.

  1. This will have a performance impact. One that many platforms will not want.
  2. This is completely unnecessary because the only group putting things in the DBX is Microsoft and we only use SHA256.

  For these reasons it makes sense to revert the change in the secureboot logic and keep the AuthVariable changes.
  Commit in edk2 for reference: tianocore/edk2@bbf1822

  • [] Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • [] Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested on Intel Physical systems. No issues seen.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023110000.0.0...v2023110000.0.1

v2023110000.0.0

What's Changed

First 202311 Mu Tiano Plus release 🎉.

• [Rebase \& FF] [Cherry-pick] Get all the missing commits from 202302 into 202311 @kenlautner (#237)
  
  Change Details

    ## Description

  Cherry-pick the commits from 202302 that are missing from 202311 since the creation of the release branch.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Updated CISettings.py to use the edk2toolext codeql helpers @kenlautner (#228)
  
  Change Details

    ## Description

  The 202311 rebase moved the codeql plugin from .pytool to Basetools. This requires a change in CISettings.py to reference the correct codeql helper functions. Instead of using the internal versions we instead move to the edk2 pytool extensions version.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Tested with CI.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🔐 Security Impacting

• [Release/202311] SecurityPkg: SECURITY PATCH 4117 - 4118 CVE-2022-36763 @Flickdm (#226)
  
  Change Details

    # Preface

  Description

  Security Patches for CVE-2022-36763 for release/202311

  • Impacts functionality?
  • Impacts security?
    • Security - Patches CVE-2022-36763
  • Breaking change?
  • Includes tests?
    • Tests - Unit tests
  • Includes documentation?

  How This Was Tested

  These have been shipping in MSFT firmware for months now and have been unit tested.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: ...v0.1.0

v2023020001.0.0

What's Changed

⚠️ Breaking Changes

• Remove TempPreUefiEventLogLib since Tcg2PreUefiEventLogLibNull is available @apop5 (#236)
  
  Change Details

    ## Description

  The TempPreUefiEventLogLib is an instance of the Tcg2PreUefiEventLogLib, but it contains an assert for when the library instance is used.

  Tcg2PreUefiEventLogNull is now available. TempPreUefiEventLogLib is no longer necessary to allow builds to complete.

  Remove the TempPreUefiEventLogLib instance of TempPreUefiEventLogLib.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  • CI
  • Local build of platform with included change.

  Integration Instructions

  Dsc files that made use of TempPreUefiEventLogLib need to update to point to the Tcg2PreUefiEventLogLibNull library instance.
  

  
  

  ---

  
  

Full Changelog: v2023020000.2.1...v2023020001.0.0

v2023020000.2.1

What's Changed

• Added NULL implementation for Tcg2PreUefiEventLogLib @v-bhavanisu (#235)
  
  Change Details

    ## Description

  Added NULL implementation for Tcg2PreUefiEventLogLib

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

  How This Was Tested

  Consumed this null library under C41A8 project and verified Build successful

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2023020000.2.0...v2023020000.2.1