From 891b789542574c803f66d72b0fb9e724073a33aa Mon Sep 17 00:00:00 2001 From: Taylor Beebe Date: Tue, 8 Nov 2022 12:23:52 -0800 Subject: [PATCH 01/18] initial upload --- .../AuditTests/PagingAudit/Windows/PagingReportGenerator.py | 1 - 1 file changed, 1 deletion(-) diff --git a/UefiTestingPkg/AuditTests/PagingAudit/Windows/PagingReportGenerator.py b/UefiTestingPkg/AuditTests/PagingAudit/Windows/PagingReportGenerator.py index 1d0cd84c4e..64d13a0582 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/Windows/PagingReportGenerator.py +++ b/UefiTestingPkg/AuditTests/PagingAudit/Windows/PagingReportGenerator.py @@ -138,7 +138,6 @@ def Parse(self): if pte.GcdType is None: pte.GcdType = mr.GcdType - logging.info("pte.GcdType: %d"% (pte.GcdType)) else: logging.error("Multiple memory types found for one region " + pte.pteDebugStr() +" " + mr.MemoryRangeToString()) self.ErrorMsg.append("Multiple memory types found for one region. Base: 0x%X. GCD Memory Type: %d and %d"% (pte.PhysicalStart, pte.GcdType,mr.GcdType)) From 29041634f19be47a2f48f5b63253d21f0835695f Mon Sep 17 00:00:00 2001 From: Taylor Beebe <31827475+TaylorBeebe@users.noreply.github.com> Date: Thu, 10 Nov 2022 08:06:57 -0800 Subject: [PATCH 02/18] Update Stack Cookie Exception Handler to Register Based on Fixed PCD (#98) ## Description To enable more easily setting the stack cookie failure vector, update the check to reference a fixed at build PCD in MdePkg. ## Breaking change? No ## How This Was Tested Triggering the interrupt on Q35 ## Integration Instructions N/A --- .../MemoryProtectionExceptionHandlerLib.c | 6 +++--- .../MemoryProtectionExceptionHandlerLib.inf | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.c b/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.c index ee1b5b9897..de01e9406d 100644 --- a/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.c +++ b/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.c @@ -23,9 +23,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include -#define IA32_PF_EC_ID BIT4 -#define EXCEPT_STACK_COOKIE 0x40 +#define IA32_PF_EC_ID BIT4 STATIC EFI_HANDLE mImageHandle = NULL; @@ -202,7 +202,7 @@ CpuArchRegisterMemoryProtectionExceptionHandler ( Status = mCpu->RegisterInterruptHandler ( mCpu, - EXCEPT_STACK_COOKIE, + PcdGet8 (PcdStackCookieExceptionVector), MemoryProtectionStackCookieFailureHandler ); diff --git a/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.inf b/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.inf index b17aec94a1..aeb8bdcc94 100644 --- a/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.inf +++ b/MsCorePkg/Library/MemoryProtectionExceptionHandlerLib/MemoryProtectionExceptionHandlerLib.inf @@ -39,6 +39,7 @@ HwResetSystemLib MsWheaEarlyStorageLib PeCoffGetEntryPointLib + PcdLib [Guids] gMemoryProtectionExceptionHandlerGuid ## PRODUCES @@ -49,5 +50,8 @@ [Guids] gMemoryProtectionExceptionHandlerGuid +[FixedPcd] + gEfiMdePkgTokenSpaceGuid.PcdStackCookieExceptionVector + [DEPEX] TRUE From 97b24409e7c34daf4c3e67c6223d19dcc96e0b2f Mon Sep 17 00:00:00 2001 From: Taylor Beebe <31827475+TaylorBeebe@users.noreply.github.com> Date: Fri, 11 Nov 2022 16:46:51 -0800 Subject: [PATCH 03/18] Update DXE Paging Audit App to Include RWX Test (#101) ## Description Our memory protection policy is now robust enough to ensure that platforms have no read/write/execute pages before ExitBootServices. This update adds a test to the DxePagingAuditApp to check the page table for RWX pages and only exempt them if the region is part of a nonprotected image or special region. Users can still utilize the app to dump paging data to the EFI partition by calling the application with the '-d' flag. By default, the app will run the RWX test. ## Breaking change? No ## How This Was Tested Running the test on Q35 ## Integration Instructions The test will identify RWX regions. Platforms should identify these regions to determine if they must be RWX. If they really must be RWX, the platform can utilize the Memory Protection Special Region Protocol to create a special region. --- .../UEFI/Dxe/App/DxePagingAuditTestApp.c | 264 +++++++++++++++++- .../UEFI/DxePagingAuditTestApp.inf | 5 + UefiTestingPkg/UefiTestingPkg.dsc | 1 + 3 files changed, 267 insertions(+), 3 deletions(-) diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c index 5a49a9c019..0614092d06 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c +++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/Dxe/App/DxePagingAuditTestApp.c @@ -1,5 +1,6 @@ /** @file -- DxePagingAuditTestApp.c -This Shell App writes page table and memory map information to SFS. +This Shell App tests the page table or writes page table and +memory map information to SFS Copyright (c) Microsoft Corporation. SPDX-License-Identifier: BSD-2-Clause-Patent @@ -8,10 +9,145 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include "../../PagingAuditCommon.h" +#include +#include +#include +#include +#include +#include + +#define UNIT_TEST_APP_NAME "Paging Audit Test" +#define UNIT_TEST_APP_VERSION "1" +#define MAX_CHARS_TO_READ 3 + +// TRUE if A interval subsumes B interval +#define CHECK_SUBSUMPTION(AStart, AEnd, BStart, BEnd) \ + ((AStart <= BStart) && (AEnd >= BEnd)) + +typedef struct _PAGING_AUDIT_TEST_CONTEXT { + IA32_MAP_ENTRY *Entries; + UINTN Count; +} PAGING_AUDIT_TEST_CONTEXT; + CHAR8 *mMemoryInfoDatabaseBuffer = NULL; UINTN mMemoryInfoDatabaseSize = 0; UINTN mMemoryInfoDatabaseAllocSize = 0; +/** + Check the page table for Read/Write/Execute regions. + + @param[in] Context Unit test context + + @retval UNIT_TEST_PASSED The unit test passed + @retval other The unit test failed + +**/ +UNIT_TEST_STATUS +EFIAPI +NoReadWriteExcecute ( + IN UNIT_TEST_CONTEXT Context + ) +{ + IA32_MAP_ENTRY *Map = ((PAGING_AUDIT_TEST_CONTEXT *)Context)->Entries; + UINTN MapCount = ((PAGING_AUDIT_TEST_CONTEXT *)Context)->Count; + UINTN Index = 0; + BOOLEAN FoundRWXAddress = FALSE; + BOOLEAN IgnoreRWXAddress = FALSE; + MEMORY_PROTECTION_DEBUG_PROTOCOL *MemoryProtectionProtocol = NULL; + MEMORY_PROTECTION_SPECIAL_REGION_PROTOCOL *SpecialRegionProtocol = NULL; + MEMORY_PROTECTION_SPECIAL_REGION *SpecialRegions = NULL; + UINTN SpecialRegionCount = 0; + UINTN SpecialRegionIndex = 0; + IMAGE_RANGE_DESCRIPTOR *NonProtectedImageList = NULL; + LIST_ENTRY *NonProtectedImageLink = NULL; + IMAGE_RANGE_DESCRIPTOR *NonProtectedImage = NULL; + + UT_ASSERT_NOT_EFI_ERROR ( + gBS->LocateProtocol ( + &gMemoryProtectionDebugProtocolGuid, + NULL, + (VOID **)&MemoryProtectionProtocol + ) + ); + + UT_ASSERT_NOT_EFI_ERROR ( + MemoryProtectionProtocol->GetImageList ( + &NonProtectedImageList, + NonProtected + ) + ); + + UT_ASSERT_NOT_EFI_ERROR ( + gBS->LocateProtocol ( + &gMemoryProtectionSpecialRegionProtocolGuid, + NULL, + (VOID **)&SpecialRegionProtocol + ) + ); + + UT_ASSERT_NOT_EFI_ERROR ( + SpecialRegionProtocol->GetSpecialRegions ( + &SpecialRegions, + &SpecialRegionCount + ) + ); + + for ( ; Index < MapCount; Index++) { + if ((Map[Index].Attribute.Bits.ReadWrite != 0) && (Map[Index].Attribute.Bits.Nx == 0)) { + IgnoreRWXAddress = FALSE; + if (NonProtectedImageList != NULL) { + for (NonProtectedImageLink = NonProtectedImageList->Link.ForwardLink; + NonProtectedImageLink != &NonProtectedImageList->Link; + NonProtectedImageLink = NonProtectedImageLink->ForwardLink) + { + NonProtectedImage = CR ( + NonProtectedImageLink, + IMAGE_RANGE_DESCRIPTOR, + Link, + IMAGE_RANGE_DESCRIPTOR_SIGNATURE + ); + if CHECK_SUBSUMPTION ( + NonProtectedImage->Base, + NonProtectedImage->Base + NonProtectedImage->Length, + Map[Index].LinearAddress, + Map[Index].LinearAddress + Map[Index].Length + ) { + IgnoreRWXAddress = TRUE; + break; + } + } + } + + if ((SpecialRegionCount > 0) && !IgnoreRWXAddress) { + for (SpecialRegionIndex = 0; SpecialRegionIndex < SpecialRegionCount; SpecialRegionIndex++) { + if (CHECK_SUBSUMPTION ( + SpecialRegions[SpecialRegionIndex].Start, + SpecialRegions[SpecialRegionIndex].Start + SpecialRegions[SpecialRegionIndex].Length, + Map[Index].LinearAddress, + Map[Index].LinearAddress + Map[Index].Length + ) && + (SpecialRegions[SpecialRegionIndex].EfiAttributes == 0)) + { + IgnoreRWXAddress = TRUE; + break; + } + } + } + + if (!IgnoreRWXAddress) { + UT_LOG_ERROR ("Memory Range 0x%llx-0x%llx is Read/Write/Execute\n", Map[Index].LinearAddress, Map[Index].LinearAddress + Map[Index].Length); + FoundRWXAddress = TRUE; + } else { + UT_LOG_WARNING ("Memory Range 0x%llx-0x%llx is Read/Write/Execute. This range is excepted from the test.\n", Map[Index].LinearAddress, Map[Index].LinearAddress + Map[Index].Length); + } + } + } + + UT_ASSERT_FALSE (FoundRWXAddress); + + return UNIT_TEST_PASSED; +} + /** DxePagingAuditTestAppEntryPoint @@ -29,7 +165,129 @@ DxePagingAuditTestAppEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable ) { - DumpPagingInfo (NULL, NULL); + EFI_STATUS Status; + UNIT_TEST_FRAMEWORK_HANDLE Fw = NULL; + UNIT_TEST_SUITE_HANDLE Misc = NULL; + PAGING_AUDIT_TEST_CONTEXT *Context; + IA32_CR4 Cr4; + PAGING_MODE PagingMode; + IA32_MAP_ENTRY *Map = NULL; + UINTN MapCount = 0; + UINTN PagesAllocated = 0; + BOOLEAN RunTests = TRUE; + EFI_SHELL_PARAMETERS_PROTOCOL *ShellParams; + + DEBUG ((DEBUG_ERROR, "%a()\n", __FUNCTION__)); + + DEBUG ((DEBUG_ERROR, "%a v%a\n", UNIT_TEST_APP_NAME, UNIT_TEST_APP_VERSION)); + + Status = gBS->HandleProtocol ( + gImageHandle, + &gEfiShellParametersProtocolGuid, + (VOID **)&ShellParams + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "%a Could not retrieve command line args!\n", __FUNCTION__)); + return EFI_PROTOCOL_ERROR; + } + + if (ShellParams->Argc > 1) { + RunTests = FALSE; + if (StrnCmp (ShellParams->Argv[1], L"-r", 4) == 0) { + RunTests = TRUE; + } else if (StrnCmp (ShellParams->Argv[1], L"-d", 4) == 0) { + DumpPagingInfo (NULL, NULL); + } else { + if (StrnCmp (ShellParams->Argv[1], L"-h", 4) != 0) { + DEBUG ((DEBUG_INFO, "Invalid argument!\n")); + } + + DEBUG ((DEBUG_INFO, "-h : Print available flags\n")); + DEBUG ((DEBUG_INFO, "-d : Dump the page table files to the EFI partition\n")); + DEBUG ((DEBUG_INFO, "-r : Run the application tests\n")); + DEBUG ((DEBUG_INFO, "NOTE: Combined flags (i.e. -rd) is not supported\n")); + } + } + + if (RunTests) { + Context = (PAGING_AUDIT_TEST_CONTEXT *)AllocateZeroPool (sizeof (PAGING_AUDIT_TEST_CONTEXT)); + + if (Context == NULL) { + DEBUG ((DEBUG_ERROR, "Failed to allocate test context\n")); + goto EXIT; + } + + // + // Start setting up the test framework for running the tests. + // + Status = InitUnitTestFramework (&Fw, UNIT_TEST_APP_NAME, gEfiCallerBaseName, UNIT_TEST_APP_VERSION); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed in InitUnitTestFramework. Status = %r\n", Status)); + goto EXIT; + } + + // Poll CR4 to deterimine the page table depth + Cr4.UintN = AsmReadCr4 (); + + if (Cr4.Bits.LA57 != 0) { + PagingMode = Paging5Level; + } else { + PagingMode = Paging4Level; + } + + // CR3 is the page table pointer + Status = PageTableParse (AsmReadCr3 (), PagingMode, NULL, &MapCount); + + while (Status == RETURN_BUFFER_TOO_SMALL) { + if ((Map != NULL) && (PagesAllocated > 0)) { + FreePages (Map, PagesAllocated); + } + + PagesAllocated = EFI_SIZE_TO_PAGES (MapCount * sizeof (IA32_MAP_ENTRY)); + Map = AllocatePages (PagesAllocated); + + if (Map == NULL) { + DEBUG ((DEBUG_ERROR, "Failed to allocate page table map\n")); + goto EXIT; + } + + Status = PageTableParse (AsmReadCr3 (), PagingMode, Map, &MapCount); + } + + Context->Entries = Map; + Context->Count = MapCount; + + // + // Create test suite + // + CreateUnitTestSuite (&Misc, Fw, "Miscellaneous tests", "Security.Misc", NULL, NULL); + + if (Misc == NULL) { + DEBUG ((DEBUG_ERROR, "Failed in CreateUnitTestSuite for TestSuite\n")); + goto EXIT; + } + + AddTestCase (Misc, "No pages can be read,write,execute", "Security.Misc.NoReadWriteExecute", NoReadWriteExcecute, NULL, NULL, Context); + + // + // Execute the tests. + // + Status = RunAllTestSuites (Fw); +EXIT: + + if (Fw) { + FreeUnitTestFramework (Fw); + } + + if ((Map != NULL) && (PagesAllocated > 0)) { + FreePages (Map, PagesAllocated); + } + + if (Context != NULL) { + FreePool (Context); + } + } return EFI_SUCCESS; -} // DxePagingAuditTestAppEntryPoint() +} // DxePagingAuditTestAppEntryPoint() diff --git a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditTestApp.inf b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditTestApp.inf index 57f8b1a67f..d13080adc4 100644 --- a/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditTestApp.inf +++ b/UefiTestingPkg/AuditTests/PagingAudit/UEFI/DxePagingAuditTestApp.inf @@ -44,6 +44,9 @@ UefiCpuLib HobLib DxeServicesTableLib + UnitTestLib + CpuPageTableLib + DxeMemoryProtectionHobLib [Guids] gEfiDebugImageInfoTableGuid ## SOMETIMES_CONSUMES ## GUID @@ -53,6 +56,8 @@ gEfiBlockIoProtocolGuid gMemoryProtectionDebugProtocolGuid gEfiSimpleFileSystemProtocolGuid + gMemoryProtectionSpecialRegionProtocolGuid + gEfiShellParametersProtocolGuid [FixedPcd] gUefiTestingPkgTokenSpaceGuid.PcdPlatformSmrrUnsupported ## SOMETIMES_CONSUMES diff --git a/UefiTestingPkg/UefiTestingPkg.dsc b/UefiTestingPkg/UefiTestingPkg.dsc index fefdd110e1..445741fbe6 100644 --- a/UefiTestingPkg/UefiTestingPkg.dsc +++ b/UefiTestingPkg/UefiTestingPkg.dsc @@ -58,6 +58,7 @@ PlatformSmmProtectionsTestLib|UefiTestingPkg/Library/PlatformSmmProtectionsTestLibNull/PlatformSmmProtectionsTestLibNull.inf ExceptionPersistenceLib|MdeModulePkg/Library/BaseExceptionPersistenceLibNull/BaseExceptionPersistenceLibNull.inf CpuPageTableLib|UefiCpuPkg/Library/CpuPageTableLib/CpuPageTableLib.inf + DxeMemoryProtectionHobLib|MdeModulePkg/Library/MemoryProtectionHobLibNull/DxeMemoryProtectionHobLibNull.inf [LibraryClasses.common.DXE_SMM_DRIVER] SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf From 9b238c2821def8fd08636006cc5dca21cf100fed Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Tue, 15 Nov 2022 13:05:04 -0500 Subject: [PATCH 04/18] MfciPkg/MfciDxe: Fix GCC compilation issue in a test (#107) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description Fixes #106 GCC states `Dummy` and `FakeCertificate` may be used uninitialized since it is not assigned an initial value before being passed to functions in some tests. `Dummy` Example: ``` INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:317:12: error: ‘Dummy’ may be used uninitialized [-Werror=maybe-uninitialized] INFO - 317 | Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), NULL, sizeof (mCert_Trusted_CA_Root_xdr)); INFO - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:144:1: note: by argument 1 of type ‘const UINT8 *’ {aka ‘const unsigned char *’} to ‘ValidateBlobWithXdrCertificates’ declared here ``` `FakeCertificate` Example: ``` INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:358:12: error: ‘FakeCertificate’ may be used uninitialized [-Werror=maybe-uninitialized] INFO - 358 | Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), &FakeCertificate, sizeof (FakeCertificate)); INFO - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` This change initializes the values as necessary to prevent the error. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** - Simple GCC compilation fix ## How This Was Tested Verified compilation before (fails as shown above) and after (does not fail) with fix in this change. ## Integration Instructions None - This will resolve a GCC build error that may have been encountered in the MFCI tests. Signed-off-by: Michael Kubacki --- MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c b/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c index 44cb0a7b7b..7e9c53170b 100644 --- a/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c +++ b/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c @@ -193,6 +193,8 @@ MfciMultipleCertificatesShouldParseSingleCert ( EFI_STATUS Status; UINT8 Dummy; + Dummy = 0; + expect_value (ValidateBlob, SignedPolicy, &Dummy); expect_value (ValidateBlob, SignedPolicySize, sizeof (Dummy)); expect_value (ValidateBlob, TrustAnchorCertSize, sizeof (mCert_Trusted_CA)); @@ -314,6 +316,8 @@ MfciMultipleCertificatesShouldCheckInputs ( EFI_STATUS Status; UINT8 Dummy; + Dummy = 0; + Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), NULL, sizeof (mCert_Trusted_CA_Root_xdr)); UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); @@ -355,6 +359,9 @@ MfciMultipleCertificatesShouldCheckGeneralCertificates ( UINT8 Dummy; UINT8 FakeCertificate; + Dummy = 0; + FakeCertificate = 0; + Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), &FakeCertificate, sizeof (FakeCertificate)); UT_ASSERT_STATUS_EQUAL (Status, EFI_ABORTED); @@ -385,6 +392,9 @@ MfciMultipleCertificatesShouldCheckIndividualCertificate ( { EFI_STATUS Status; UINT8 Dummy; + + Dummy = 0; + // Not enough for individual size field UINT8 FakeCertificate1[] = { 0x00, 0x01, 0x02, 0x03, 0x04 }; // No content individual certificate From 87f4da7d712b33c4c5f544a42669186c8cd266c7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Nov 2022 04:12:54 +0000 Subject: [PATCH 05/18] pip: update pytool-library to ~=0.12.1 pytool-extensions to ~= 0.20.0 **edk2-pytool-library** Updates the requirements on [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) to permit the latest version. - [Release notes](https://github.com/tianocore/edk2-pytool-library/releases) - [Commits](https://github.com/tianocore/edk2-pytool-library/compare/v0.11.6...v0.12.1) --- updated-dependencies: - dependency-name: edk2-pytool-library dependency-type: direct:production ... **edk2-pytool-extensions** Updates the requirements on [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) to permit the latest version. - [Release notes](https://github.com/tianocore/edk2-pytool-extensions/releases) - [Commits](https://github.com/tianocore/edk2-pytool-extensions/compare/v0.19.1...v0.20.0) --- updated-dependencies: - dependency-name: edk2-pytool-extensions dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pip-requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 752cc3e6c8..047bba374a 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -12,8 +12,8 @@ # https://www.python.org/dev/peps/pep-0440/#version-specifiers ## -edk2-pytool-library~=0.11.6 -edk2-pytool-extensions~=0.19.1 +edk2-pytool-library~=0.12.1 +edk2-pytool-extensions~=0.20.0 edk2-basetools==0.1.29 antlr4-python3-runtime==4.11.1 regex==2022.10.31 From 494ae5406c69cc1506155e690f60f7e8fc4e747b Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Tue, 15 Nov 2022 15:23:26 -0500 Subject: [PATCH 06/18] pip-requirements.txt: Use exact match instead of compatible release Now that we're using dependabot, strictly manage exact version of dependencies using an exact match instead of a "compatible release". Compatible releases (~= syntax) are described here: - https://peps.python.org/pep-0440/#compatible-release Signed-off-by: Michael Kubacki --- pip-requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pip-requirements.txt b/pip-requirements.txt index 047bba374a..5d8eb18c4a 100644 --- a/pip-requirements.txt +++ b/pip-requirements.txt @@ -12,8 +12,8 @@ # https://www.python.org/dev/peps/pep-0440/#version-specifiers ## -edk2-pytool-library~=0.12.1 -edk2-pytool-extensions~=0.20.0 +edk2-pytool-library==0.12.1 +edk2-pytool-extensions==0.20.0 edk2-basetools==0.1.29 antlr4-python3-runtime==4.11.1 regex==2022.10.31 From ca21da4fb768f1aabd214c3cdb9525a6bcd445b5 Mon Sep 17 00:00:00 2001 From: antklein <59579659+antklein@users.noreply.github.com> Date: Tue, 15 Nov 2022 15:18:57 -0800 Subject: [PATCH 07/18] Fix MfciDxe Debug error print missing new line character (#97) ## Description * Add missing new line character to the end of a Debug print in MfciDxe. * This improves readability of debug logs. - [ ] Breaking change? No breaking change. - Will this change break pre-existing builds or functionality without action being taken? ## How This Was Tested * Verified log output is now properly formatted. ## Integration Instructions N/A --- MfciPkg/MfciDxe/MfciDxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MfciPkg/MfciDxe/MfciDxe.c b/MfciPkg/MfciDxe/MfciDxe.c index 52331beb65..ffd818e862 100644 --- a/MfciPkg/MfciDxe/MfciDxe.c +++ b/MfciPkg/MfciDxe/MfciDxe.c @@ -652,7 +652,7 @@ ValidateBlobWithXdrCertificates ( if ((PublicKeyData + ALIGN_VALUE (PublicKeyDataLength, 4)) > PublicKeyDataXdrEnd) { DEBUG (( DEBUG_ERROR, - "%a - PcdMfciPkcs7CertBufferXdr size incorrect: PublicKeyData(0x%x) PublicKeyDataLength(0x%x) PublicKeyDataXdrEnd(0x%x)", + "%a - PcdMfciPkcs7CertBufferXdr size incorrect: PublicKeyData(0x%x) PublicKeyDataLength(0x%x) PublicKeyDataXdrEnd(0x%x)\n", __FUNCTION__, PublicKeyData, PublicKeyDataLength, From 9be975314f7cedc387f8623cec6d99ae4414ea6b Mon Sep 17 00:00:00 2001 From: Chris Fernald Date: Wed, 16 Nov 2022 08:13:49 -0800 Subject: [PATCH 08/18] Fix unitialized variable found in clang compiler experiments (#108) Fix a uninitialized variable usage case found when experimenting with new clang compiler configuration. If the first `goto exit` statement is used then a comparison will be done against the uninitialized value of the variable --- MsCorePkg/AcpiRGRT/AcpiRgrt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/MsCorePkg/AcpiRGRT/AcpiRgrt.c b/MsCorePkg/AcpiRGRT/AcpiRgrt.c index ad863d5f26..153346f942 100644 --- a/MsCorePkg/AcpiRGRT/AcpiRgrt.c +++ b/MsCorePkg/AcpiRGRT/AcpiRgrt.c @@ -52,6 +52,8 @@ InstallAcpiTable ( UINT32 RgrtTableSize; UINT64 OemTableId; + RgrtAcpiTable = NULL; + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); if (EFI_ERROR (Status)) { // we are expected to be called at least once before ACPI is installed From cf429a736580827fda38843f80bbaf8481b3653d Mon Sep 17 00:00:00 2001 From: Gary Beihl Date: Mon, 21 Nov 2022 11:23:43 -0500 Subject: [PATCH 09/18] Add missing braces to gPciRootBridge #define for GCC (#110) ## Description GCC compiler warns about missing braces with existing defintion of gPciRootBridge. This change fixes that. - [ ] Breaking change? No ## How This Was Tested Local build on workstation. Ran GCC build on internal Microsoft code base. ## Integration Instructions N/A --- MsCorePkg/Library/PlatformBootManagerLib/BdsPlatform.h | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/MsCorePkg/Library/PlatformBootManagerLib/BdsPlatform.h b/MsCorePkg/Library/PlatformBootManagerLib/BdsPlatform.h index 6e4d4fe3a7..621e22b98f 100644 --- a/MsCorePkg/Library/PlatformBootManagerLib/BdsPlatform.h +++ b/MsCorePkg/Library/PlatformBootManagerLib/BdsPlatform.h @@ -47,8 +47,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define gPciRootBridge \ { \ - ACPI_DEVICE_PATH, ACPI_DP, (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), (UINT8) \ - ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8), EISA_PNP_ID (0x0A03), 0 \ + { \ + ACPI_DEVICE_PATH, ACPI_DP, \ + { \ + (UINT8) (sizeof (ACPI_HID_DEVICE_PATH)), (UINT8) \ + ((sizeof (ACPI_HID_DEVICE_PATH)) >> 8) \ + } \ + }, \ + EISA_PNP_ID (0x0A03), 0 \ } #define gEndEntire \ From 7b13b0077384cfca5ab69d209f17566e02b0fe9f Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Wed, 23 Nov 2022 00:07:51 -0500 Subject: [PATCH 10/18] Enable stale bot GitHub action (#111) ## Description Enables stale bot to automatically closed old issues in this repo. https://github.com/actions/stale This action is largely based on a reusable workflow from Mu DevOps. Current configuration: - Stale PR: After 60 days - Stale Issue: After 45 days - Days until PR and Issue close: 7 days - Exempt labels: - `impact:security` - `state:backlog` - `state:under-discussion` - Stale Issue label: `state:stale` - Stale PR label: `state:stale` - Comments are left when marked stale and when closed These settings come directly from the default setting values in the Mu DevOps reusable workflow. Note: The `workflow_dispatch` trigger is added to allow the workflow to be manually invoked if ever needed. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested - Verified workflow on mu_basecore fork - Example run: https://github.com/makubacki/mu_basecore/actions/runs/3526648651 - Verified workflow in mu_basecore release/202208 branch ## Integration Instructions N/A - Only affects the GitHub workflow in this repo Signed-off-by: Michael Kubacki --- .github/workflows/stale.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000000..ce96011c43 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,21 @@ +# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# You can adjust the behavior by modifying this file. +# For more information, see: +# https://github.com/actions/stale + +name: Check for Stale Issues and Pull Requests + +on: + schedule: + # At 23:35 on every day-of-week from Sunday through Saturday + # https://crontab.guru/#35_23_*_*_0-6 + - cron: '35 23 * * 0-6' + workflow_dispatch: + +jobs: + check: + uses: microsoft/mu_devops/.github/workflows/Stale.yml@main From 57f3b4bb5f4f59f4c59b245d428b307680ab556f Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Mon, 28 Nov 2022 20:43:38 -0500 Subject: [PATCH 11/18] Enable Label Sync GitHub Action (#112) ## Description Adds an action to automatically sync labels used in this repository from a centralized file in Project Mu DevOps. https://github.com/microsoft/mu_devops New labels should be added to the `Labels.yml` file in mu_devops. Repo-specific labels are allowed to be defined. Those can either be created in a repo-local config YAML file (preferred) or manually in the "Labels" section of the repo. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested On fork repositories. ## Integration Instructions Now downstream integration required, only impacts this repo Repo users should understand label definitions and read instructions noted in this change regarding how to modify labels in the future. Signed-off-by: Michael Kubacki --- .github/workflows/label-sync.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/label-sync.yml diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml new file mode 100644 index 0000000000..e65acc45a5 --- /dev/null +++ b/.github/workflows/label-sync.yml @@ -0,0 +1,21 @@ +# This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps. +# +# All repos should sync at the same time. +# '0 0,12 * * *'' +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Sync GitHub Labels + +on: + schedule: + # At minute 0 past hour 0 and 12 + # https://crontab.guru/#0_0,12_*_*_* + - cron: '0 0,12 * * *' + workflow_dispatch: + +jobs: + sync: + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@main From 509a609b98b11d18f06e9cc273820fa062bd8f2d Mon Sep 17 00:00:00 2001 From: Michael Turner Date: Tue, 29 Nov 2022 14:48:22 -0800 Subject: [PATCH 12/18] Update reset notification list to be notified before NVMe (#80) ## Description Reset notification was handled by the NVMe driver before the AdvLogger could write the log to disk. - [No] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? ## How This Was Tested Tested on multiple systems. ## Integration Instructions N/A --- AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.c | 6 +++--- AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.inf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.c b/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.c index 1adb9fa08b..eaf7ee28ad 100644 --- a/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.c +++ b/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.c @@ -126,7 +126,7 @@ OnResetNotificationProtocolInstalled ( // Get a pointer to the report status code protocol. // Status = gBS->LocateProtocol ( - &gEfiResetNotificationProtocolGuid, + &gEdkiiPlatformSpecificResetFilterProtocolGuid, NULL, (VOID **)&ResetNotificationProtocol ); @@ -408,7 +408,7 @@ ProcessResetEventRegistration ( // handler and we'll register when the protocol is installed. // Status = gBS->LocateProtocol ( - &gEfiResetNotificationProtocolGuid, + &gEdkiiPlatformSpecificResetFilterProtocolGuid, NULL, (VOID **)&ResetNotificationProtocol ); @@ -436,7 +436,7 @@ ProcessResetEventRegistration ( DEBUG ((DEBUG_ERROR, "%a: failed to create Reset Protocol protocol callback event (%r)\n", __FUNCTION__, Status)); } else { Status = gBS->RegisterProtocolNotify ( - &gEfiResetNotificationProtocolGuid, + &gEdkiiPlatformSpecificResetFilterProtocolGuid, ResetNotificationEvent, &ResetNotificationRegistration ); diff --git a/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.inf b/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.inf index 0c1a79720c..ac12d4b710 100644 --- a/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.inf +++ b/AdvLoggerPkg/AdvancedFileLogger/AdvancedFileLogger.inf @@ -53,7 +53,7 @@ gMuEventPreExitBootServicesGuid [Protocols] - gEfiResetNotificationProtocolGuid ## CONSUMES + gEdkiiPlatformSpecificResetFilterProtocolGuid ## CONSUMES gEfiSimpleFileSystemProtocolGuid ## CONSUMES [Pcd] From 348b96dc9c1d2240a9df11fe45af78c57093a565 Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Tue, 29 Nov 2022 20:18:27 -0500 Subject: [PATCH 13/18] pull_request_template.md: Remove since file is in .github now (#113) ## Description Removes the template from the old location (repo root). File sync will track this file in the `.github` directory now. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested Code review. ## Integration Instructions N/A Signed-off-by: Michael Kubacki --- pull_request_template.md | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 pull_request_template.md diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index b66f77c995..0000000000 --- a/pull_request_template.md +++ /dev/null @@ -1,14 +0,0 @@ -## Description - -<_Please include a description of the change and why this change was made._> - -- [ ] Breaking change? - - Will this change break pre-existing builds or functionality without action being taken? - -## How This Was Tested - -<_Please describe the test(s) that were run to verify the changes._> - -## Integration Instructions - -<_Describe how these changes should be integrated. Use N/A if nothing is required._> From 49706d1c916eb78a4865a73853b0d46fca6d4bb6 Mon Sep 17 00:00:00 2001 From: Project Mu Uefibot <45776386+uefibot@users.noreply.github.com> Date: Wed, 30 Nov 2022 08:40:52 -0800 Subject: [PATCH 14/18] Repo File Sync: Synced file(s) with microsoft/mu_devops (#114) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3578665266](https://github.com/microsoft/mu_devops/actions/runs/3578665266) Signed-off-by: Project Mu UEFI Bot --- .azurepipelines/Ubuntu-GCC5.yml | 72 +++++---- .azurepipelines/Windows-VS.yml | 60 ++++---- .github/ISSUE_TEMPLATE/bug_report.yml | 143 ++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 20 +++ .../ISSUE_TEMPLATE/documentation_request.yml | 53 +++++++ .github/ISSUE_TEMPLATE/feature_request.yml | 96 ++++++++++++ .github/dependabot.yml | 39 ++++- .github/pull_request_template.md | 20 +++ .github/workflows/label-issues.yml | 34 +++++ .github/workflows/label-issues/file-paths.yml | 12 ++ .../label-issues/regex-pull-requests.yml | 24 +++ .github/workflows/label-sync.yml | 6 + .github/workflows/stale.yml | 6 + .markdownlint.yaml | 35 +++-- CONTRIBUTING.md | 51 +++++++ LICENSE.txt | 8 +- 16 files changed, 598 insertions(+), 81 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/documentation_request.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.yml create mode 100644 .github/pull_request_template.md create mode 100644 .github/workflows/label-issues.yml create mode 100644 .github/workflows/label-issues/file-paths.yml create mode 100644 .github/workflows/label-issues/regex-pull-requests.yml create mode 100644 CONTRIBUTING.md diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml index 367e414499..2199b6a8ac 100644 --- a/.azurepipelines/Ubuntu-GCC5.yml +++ b/.azurepipelines/Ubuntu-GCC5.yml @@ -1,32 +1,40 @@ -## @file -# Azure Pipeline build file for a build using Ubuntu and GCC. -# -# Copyright (c) Microsoft Corporation. -# Copyright (c) 2020, Hewlett Packard Enterprise Development LP. All rights reserved.
-# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -resources: - repositories: - - repository: mu_devops - type: github - endpoint: microsoft - name: microsoft/mu_devops - ref: main - -variables: -- group: architectures-arm-64-x86-64 -- group: tool-chain-ubuntu-gcc - -jobs: -- template: Matrix-Build-Job.yml - parameters: - arch_list: $(arch_list) - extra_build_args: CODE_COVERAGE=TRUE CC_HTML=TRUE - extra_install_step: - - script: | - sudo apt-get install -y mingw-w64 lcov - pip install lcov_cobertura pycobertura - displayName: Install Windows Resource Compiler for Linux & Code Coverage Tools - tool_chain_tag: $(tool_chain_tag) - vm_image: $(vm_image) +## @file +# Azure Pipeline build file for a build using Ubuntu and GCC. +# +# IMPORTANT: This file requires the local repo to contain a .azurepipelines/Matrix-Build-Job.yml file that +# performs the actual build steps for the configurations and packages supported by the repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +resources: + repositories: + - repository: mu_devops + type: github + endpoint: microsoft + name: microsoft/mu_devops + ref: main + +variables: +- group: architectures-arm-64-x86-64 +- group: tool-chain-ubuntu-gcc + +jobs: +- template: Matrix-Build-Job.yml + parameters: + arch_list: $(arch_list) + extra_build_args: CODE_COVERAGE=TRUE CC_HTML=TRUE + extra_install_step: + - script: | + sudo apt-get install -y mingw-w64 lcov + pip install lcov_cobertura pycobertura + displayName: Install Windows Resource Compiler for Linux & Code Coverage Tools + tool_chain_tag: $(tool_chain_tag) + vm_image: $(vm_image) diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml index 9806316528..1e8357e6b1 100644 --- a/.azurepipelines/Windows-VS.yml +++ b/.azurepipelines/Windows-VS.yml @@ -1,26 +1,34 @@ -## @file -# Azure Pipeline build file for a build using Windows and the latest Visual Studio toolchain supported. -# -# Copyright (c) Microsoft Corporation. -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -resources: - repositories: - - repository: mu_devops - type: github - endpoint: microsoft - name: microsoft/mu_devops - ref: main - -variables: -- group: architectures-x86-64 -- group: tool-chain-windows-visual-studio-latest - -jobs: -- template: Matrix-Build-Job.yml - parameters: - arch_list: $(arch_list) - tool_chain_tag: $(tool_chain_tag) - vm_image: $(vm_image) - +## @file +# Azure Pipeline build file for a build using Windows and the latest Visual Studio toolchain supported. +# +# IMPORTANT: This file requires the local repo to contain a .azurepipelines/Matrix-Build-Job.yml file that +# performs the actual build steps for the configurations and packages supported by the repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +resources: + repositories: + - repository: mu_devops + type: github + endpoint: microsoft + name: microsoft/mu_devops + ref: main + +variables: +- group: architectures-x86-64 +- group: tool-chain-windows-visual-studio-latest + +jobs: +- template: Matrix-Build-Job.yml + parameters: + arch_list: $(arch_list) + tool_chain_tag: $(tool_chain_tag) + vm_image: $(vm_image) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000000..12b5b4bdab --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,143 @@ +# Project Mu GitHub Bug Report Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🐛 Bug Report +description: File a bug report +title: "[Bug]: " +labels: ["type:bug", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to fill out this bug report! + + - type: checkboxes + attributes: + label: Is there an existing issue for this? + description: Please search to see if an issue already exists for the bug you encountered. + options: + - label: I have searched existing issues + required: true + + - type: textarea + id: current_behavior + attributes: + label: Current Behavior + description: A concise description of the bug that you're experiencing. + validations: + required: true + + - type: textarea + id: expected_behavior + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + validations: + required: true + + - type: textarea + id: steps_to_reproduce + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + <example> + 1. In this environment... + 2. With this config... + 3. Boot to '...' + 4. Change option '...' + 4. See error... + validations: + required: true + + - type: textarea + id: build_environment + attributes: + label: Build Environment + description: | + examples: + - **OS**: Ubuntu 20.04 or Windows 11... + - **Tool Chain**: GCC5 or VS2022 or CLANGPDB... + - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT... + value: | + - OS(s): + - Tool Chain(s): + - Targets Impacted: + render: markdown + validations: + required: true + + - type: textarea + id: version_info + attributes: + label: Version Information + description: What version of this repo reproduces the problem? + placeholder: | + Commit: <SHA> + -or- + Tag: <Tag> + render: text + validations: + required: true + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor change with little to no important functional impact + - It is not important to fix this in a specific time frame + - 🟡 **Medium** + - An important change with a functional impact + - Will be prioritized above *low* issues in the normal course of development + - 🔥 **High** + - A critical change that has a significant functional impact + - Must be fixed immediately + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to fix this bug? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: fix_owner + attributes: + label: Are you going to fix this? + description: Indicate if you are going to fix this or requesting someone else fix it. + multiple: false + options: + - I will fix it + - Someone else needs to fix it + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the issue you are encountering. + + Serial debug logs and/or debugger logs are especially helpful! + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..f9b067c655 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,20 @@ +# Project Mu GitHub Issue Configuration File +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +contact_links: + - name: 📃 Project Mu Documentation + url: https://microsoft.github.io/mu/ + about: Goals, principles, repo layout, build instructions, and more. + + - name: 🔐 Security Reporting Policy + url: https://github.com/microsoft/.github/blob/main/SECURITY.md + about: A special process is used to report security vulnerabilities. diff --git a/.github/ISSUE_TEMPLATE/documentation_request.yml b/.github/ISSUE_TEMPLATE/documentation_request.yml new file mode 100644 index 0000000000..d8ed7cf09a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/documentation_request.yml @@ -0,0 +1,53 @@ +# Project Mu GitHub Documentation Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 📖 Documentation Request +description: Request a documentation change +title: "[Documentation]: <title>" +labels: ["type:documentation", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our documentation! + + - type: textarea + id: request_description + attributes: + label: Request Description + description: A clear and concise description of what needs to change. + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to make the change? + description: Indicate if you are going to make this change or requesting someone else make it. + multiple: false + options: + - I will make the change + - Someone else needs to make the change + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the request. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000000..28bf8842f2 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,96 @@ +# Project Mu GitHub Feature Request Template +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: 🚀 Feature Request +description: Request a feature change +title: "[Feature]: <title>" +labels: ["type:feature-request", "state:needs-triage"] + +body: + - type: markdown + attributes: + value: | + 👋 Thanks for taking the time to help us improve our features! + + - type: textarea + id: feature_overview + attributes: + label: Feature Overview + description: Provide a high-level summary of your feature request. + validations: + required: true + + - type: textarea + id: solution_overview + attributes: + label: Solution Overview + description: Give a clear and concise description of what you want to happen. + validations: + required: true + + - type: textarea + id: alternatives_considered + attributes: + label: Alternatives Considered + description: Describe alternatives you've considered. + validations: + required: false + + - type: markdown + attributes: + value: | + **Urgency Key** + - 🟢 **Low** + - A minor enhancement + - It is not important to address this request in a specific time frame + - 🟡 **Medium** + - An important enhancement + - Will be prioritized above *low* requests in the normal course of development + - 🔥 **High** + - A critical enhancement with significant value + - Should be prioritized above *low* and *medium* requests + + - type: dropdown + id: urgency + attributes: + label: Urgency + description: How urgent is it to resolve this feature request? + multiple: false + options: + - Low + - Medium + - High + validations: + required: true + + - type: dropdown + id: request_owner + attributes: + label: Are you going to implement the feature request? + description: Indicate if you are going to do the work to close this feature request. + multiple: false + options: + - I will implement the feature + - Someone else needs to implement the feature + validations: + required: true + + - type: textarea + id: anything_else + attributes: + label: Anything else? + description: | + Links? References? Anything that will give us more context about the feature you are requesting. + + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + validations: + required: false diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 51a7e915cf..bfd0adc4b7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -2,18 +2,47 @@ # Dependabot configuration file to enable GitHub services for managing and updating # dependencies. # -# Copyright (c) Microsoft Corporation. All rights reserved. +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# This dependabot file is limited to syncing the following type of dependencies. Other files +# are already available in Mu DevOps to sync other dependency types. +# - GitHub Actions (`github-actions`) +# - Python PIP Modules (`pip`) +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # -# Please see the documentation for all configuration options: +# Please see the documentation for all dependabot configuration options: # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates ## + version: 2 + updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + commit-message: + prefix: "GitHub Action" + labels: + - "type:dependencies" + reviewers: + - "microsoft/project-mu-dependency-reviewers" + + - package-ecosystem: "pip" + directory: "/" schedule: interval: "daily" commit-message: - # Prefix all commit messages with "pip" prefix: "pip" + labels: + - "language:python" + - "type:dependencies" + reviewers: + - "microsoft/project-mu-dependency-reviewers" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000..1004868c1d --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,20 @@ +## Description + +<_Please include a description of the change and why this change was made._> + +For each item, place an "x" in between `[` and `]` if true. Example: `[x]`. +_(you can also check items in the GitHub UI)_ + +- [ ] Impacts functionality? +- [ ] Impacts security? +- [ ] Breaking change? +- [ ] Includes tests? +- [ ] Includes documentation? + +## How This Was Tested + +<_Please describe the test(s) that were run to verify the changes._> + +## Integration Instructions + +<_Describe how these changes should be integrated. Use N/A if nothing is required._> diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml new file mode 100644 index 0000000000..2ad0297809 --- /dev/null +++ b/.github/workflows/label-issues.yml @@ -0,0 +1,34 @@ +# This workflow automatically applies labels to GitHub issues and pull requests based on the +# file paths in a pull request or content in the body of an issue or pull request. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Apply Issue and PR Labels + +on: + issues: + types: + - edited + - opened + pull_request_target: + types: + - edited + - opened + - reopened + - synchronize + workflow_dispatch: + +jobs: + apply: + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@main diff --git a/.github/workflows/label-issues/file-paths.yml b/.github/workflows/label-issues/file-paths.yml new file mode 100644 index 0000000000..5cd3a7bf61 --- /dev/null +++ b/.github/workflows/label-issues/file-paths.yml @@ -0,0 +1,12 @@ +# Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/actions/labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +language:python: + - '**/*.py' diff --git a/.github/workflows/label-issues/regex-pull-requests.yml b/.github/workflows/label-issues/regex-pull-requests.yml new file mode 100644 index 0000000000..175d3c3eed --- /dev/null +++ b/.github/workflows/label-issues/regex-pull-requests.yml @@ -0,0 +1,24 @@ +# Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/github/issue-labeler + +# Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. + +impact:breaking-change: + - '\s*-\s*\[\s*[x|X]\s*\] Breaking change\?' + +impact:non-functional: + - '\s*-\s*\[\s*[x|X]\s*\] Impacts functionality\?' + +impact:security: + - '\s*-\s*\[\s*[x|X]\s*\] Impacts security\?' + +impact:testing: + - '\s*-\s*\[\s*[x|X]\s*\] Includes tests\?' + +type:documentation: + - '\s*-\s*\[\s*[x|X]\s*\] Includes documentation\?' diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index e65acc45a5..e7b493eed1 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -3,6 +3,12 @@ # All repos should sync at the same time. # '0 0,12 * * *'' # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index ce96011c43..043c26b852 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,5 +1,11 @@ # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 83b980f91c..d9ec238b34 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -1,14 +1,21 @@ -## @file -# markdownlint configuration -# -# Copyright (c) Microsoft Corporation -# SPDX-License-Identifier: BSD-2-Clause-Patent -## - -# Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md -# Config info: https://github.com/DavidAnson/markdownlint#configuration -{ - "default": true, - "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, - "MD033": {"allowed_elements": ["br"]} -} +## @file +# markdownlint configuration +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +# Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md +# Config info: https://github.com/DavidAnson/markdownlint#configuration + +{ + "default": true, + "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, + "MD033": {"allowed_elements": ["br"]} +} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000000..b7df7bff81 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,51 @@ +# Contributing to Project Mu + +Welcome, and thank you for your interest in contributing to Project Mu! + +There are many ways in which you can contribute, beyond writing code. The goal of this document is to provide a +high-level overview of how you can get involved. + +If this is your first time working with Project Mu, please keep in mind that many project details are maintained in +the [Project Mu Documentation](https://microsoft.github.io/mu/). + +## Asking Questions + +Have a question? Rather than opening an issue, please post your question under the `Q&A` category in the `Discussions` +section of the relevant Project Mu GitHub repo. + +## Reporting Issues + +Every Project Mu repo has an `Issues` section. Bug reports, feature requests, and documentation requests can all be +submitted in the issues section. + +### Identify Where to Report + +Project Mu is distributed across multiple repositories. Use features such as issues and discussions in the repository +most relevant to the topic. + +Although we prefer items to be filed in the most relevant repo, if you're unsure which repo is most relevant, the item +can be filed in the [Project Mu Documentation Repo](https://github.com/microsoft/mu) and we will review the request and +move it to the relevant repo if necessary. + +### Look For an Existing Issue + +Before you create a new issue, please do a search in the issues section of the relevant repo to see if the issue or +feature request has already been filed. + +If you find your issue already exists, make relevant comments and add your +[reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place +of a "+1" comment: + +* 👍 - upvote +* 👎 - downvote + +If you cannot find an existing issue that describes your bug or feature, create a new issue using the guidelines below. + +### Follow Your Issue + +Please continue to follow your request after it is submitted to assist with any additional information that might be +requested. + +## Thank You + +Thank you for your interest in Project Mu and taking the time to contribute! diff --git a/LICENSE.txt b/LICENSE.txt index 6de3d8cd88..28acc5270d 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,4 +1,4 @@ -BSD-2-Clause-Patent License - -Copyright (C) Microsoft Corporation. All rights reserved. -SPDX-License-Identifier: BSD-2-Clause-Patent +BSD-2-Clause-Patent License + +Copyright (C) Microsoft Corporation. All rights reserved. +SPDX-License-Identifier: BSD-2-Clause-Patent From 03f9725e10cf76cd8487c6c86b55cd07cd1ddc6d Mon Sep 17 00:00:00 2001 From: Srilatha Sridharan <38865230+srisrid@users.noreply.github.com> Date: Wed, 30 Nov 2022 17:23:51 -0800 Subject: [PATCH 15/18] Add PcdShellFvGuid to allow platforms to provide FV GUID to search shell image in (#116) ## Description Add PcdShellFvGuid to allow platforms to provide FV GUID to search shell image in - [x] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested When a FV GUID is provided, a default boot option for shell with the FV device path is created. as long as the device path exists, system is able to boot to internal UEFI shell. If the PCD is not updated by platform and is at default value (zero guid), then all FV's are searched and shell is located to create a boot option device path. ## Integration Instructions N/A --- .../MsBootOptionsLib/MsBootOptionsLib.c | 52 +++++++++++++++++-- .../MsBootOptionsLib/MsBootOptionsLib.inf | 1 + PcBdsPkg/PcBdsPkg.dec | 4 ++ 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.c b/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.c index 5f8282976c..05b9dd5d37 100644 --- a/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.c +++ b/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.c @@ -30,6 +30,33 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define MS_PXE_BOOT L"PXE Network" #define MS_PXE_BOOT_PARM "PXE" +typedef struct { + MEDIA_FW_VOL_DEVICE_PATH FvDevPath; + EFI_DEVICE_PATH_PROTOCOL EndDevPath; +} FV_PIWG_DEVICE_PATH; + +FV_PIWG_DEVICE_PATH mFvPIWGDevicePathTemplate = { + { + { + MEDIA_DEVICE_PATH, + MEDIA_PIWG_FW_VOL_DP, + { + (UINT8)(sizeof (MEDIA_FW_VOL_DEVICE_PATH)), + (UINT8)(sizeof (MEDIA_FW_VOL_DEVICE_PATH) >> 8) + } + }, + { 0 } + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + END_DEVICE_PATH_LENGTH, + 0 + } + } +}; + /** * Constructor * @@ -303,13 +330,24 @@ CreateFvBootOption ( (EFI_DEVICE_PATH_PROTOCOL *)&FileNode ); } else { - DevicePath = CreateShellDevicePath (); - if (DevicePath == NULL) { - return EFI_NOT_FOUND; + if (IsZeroGuid (PcdGetPtr (PcdShellFvGuid))) { + // Search all FV's for Shell. + DevicePath = CreateShellDevicePath (); + if (DevicePath == NULL) { + return EFI_NOT_FOUND; + } + } else { + // Create FV devicepath from template + DevicePath = (EFI_DEVICE_PATH_PROTOCOL *)AllocateCopyPool (sizeof (FV_PIWG_DEVICE_PATH), &mFvPIWGDevicePathTemplate); + // Update FvName to the Shell GUID from PCD if it is not ZeroGuid + CopyGuid ( + &((FV_PIWG_DEVICE_PATH *)DevicePath)->FvDevPath.FvName, + PcdGetPtr (PcdShellFvGuid) + ); } DevicePath = AppendDevicePathNode ( - DevicePath, + (EFI_DEVICE_PATH_PROTOCOL *)DevicePath, (EFI_DEVICE_PATH_PROTOCOL *)&FileNode ); } @@ -324,7 +362,11 @@ CreateFvBootOption ( OptionalData, OptionalDataSize ); - FreePool (DevicePath); + + if (DevicePath != NULL) { + FreePool (DevicePath); + } + return Status; } diff --git a/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.inf b/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.inf index 303ca008ba..7edf3e2245 100644 --- a/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.inf +++ b/PcBdsPkg/Library/MsBootOptionsLib/MsBootOptionsLib.inf @@ -48,6 +48,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile gPcBdsPkgTokenSpaceGuid.PcdShellFile + gPcBdsPkgTokenSpaceGuid.PcdShellFvGuid [Depex] TRUE diff --git a/PcBdsPkg/PcBdsPkg.dec b/PcBdsPkg/PcBdsPkg.dec index 0ddcb11787..7fde755942 100644 --- a/PcBdsPkg/PcBdsPkg.dec +++ b/PcBdsPkg/PcBdsPkg.dec @@ -125,6 +125,10 @@ # @Prompt FFS Name of Shell Application gPcBdsPkgTokenSpaceGuid.PcdShellFile|{ 0xB7, 0xD6, 0x7A, 0xC5, 0x15, 0x05, 0xA8, 0x40, 0x9D, 0x21, 0x55, 0x16, 0x52, 0x85, 0x4E, 0x37 }|VOID*|0x40000129 + ## GUID of the FV to locate the shell in. + # If left at default zero guid value, all FV's will be searched to find Shell image. + gPcBdsPkgTokenSpaceGuid.PcdShellFvGuid|{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x40000130 + ## This fixed at build flag tells MsBootPolicyLib that it is part of BDS gPcBdsPkgTokenSpaceGuid.PcdBdsBootPolicy|FALSE|BOOLEAN|0x40000141 From f6ddfd2ee4ee3e98ec526a4b1f6280b7e8cfbd84 Mon Sep 17 00:00:00 2001 From: Project Mu Uefibot <45776386+uefibot@users.noreply.github.com> Date: Tue, 6 Dec 2022 06:48:26 -0800 Subject: [PATCH 16/18] Repo File Sync: Synced file(s) with microsoft/mu_devops (#117) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3598065818](https://github.com/microsoft/mu_devops/actions/runs/3598065818) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com> --- .azurepipelines/Ubuntu-GCC5.yml | 2 +- .azurepipelines/Windows-VS.yml | 2 +- .github/workflows/label-issues.yml | 2 +- .github/workflows/label-issues/regex-pull-requests.yml | 2 +- .github/workflows/label-sync.yml | 2 +- .github/workflows/stale.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml index 2199b6a8ac..358fd1f67e 100644 --- a/.azurepipelines/Ubuntu-GCC5.yml +++ b/.azurepipelines/Ubuntu-GCC5.yml @@ -20,7 +20,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: main + ref: refs/tags/v1.1.1 variables: - group: architectures-arm-64-x86-64 diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml index 1e8357e6b1..7275181faa 100644 --- a/.azurepipelines/Windows-VS.yml +++ b/.azurepipelines/Windows-VS.yml @@ -20,7 +20,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: main + ref: refs/tags/v1.1.1 variables: - group: architectures-x86-64 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 2ad0297809..5896397090 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -31,4 +31,4 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@main + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v1.1.1 diff --git a/.github/workflows/label-issues/regex-pull-requests.yml b/.github/workflows/label-issues/regex-pull-requests.yml index 175d3c3eed..26d6e5d3e0 100644 --- a/.github/workflows/label-issues/regex-pull-requests.yml +++ b/.github/workflows/label-issues/regex-pull-requests.yml @@ -12,7 +12,7 @@ impact:breaking-change: - '\s*-\s*\[\s*[x|X]\s*\] Breaking change\?' impact:non-functional: - - '\s*-\s*\[\s*[x|X]\s*\] Impacts functionality\?' + - '\s*-\s*\[\s*(?![x|X])\s*\] Impacts functionality\?' impact:security: - '\s*-\s*\[\s*[x|X]\s*\] Impacts security\?' diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index e7b493eed1..274b0fc1e3 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -24,4 +24,4 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@main + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v1.1.1 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 043c26b852..0db0a5260f 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,4 +24,4 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@main + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v1.1.1 From 41fea2f011afd58fe97113ef26f489e22a81382e Mon Sep 17 00:00:00 2001 From: Chris Fernald <chfernal@microsoft.com> Date: Tue, 6 Dec 2022 10:55:09 -0800 Subject: [PATCH 17/18] Add logic for container build to Matrix-Build-Job.yml (#118) ## Description Changes the matrix build job to be able to take input for the container image used in the generic mu_devops file generated. Will be used by: https://github.com/microsoft/mu_devops/pull/59 - [ ] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested Tested on test pipeline with mu_devops changes made locally ## Integration Instructions N/A --- .azurepipelines/Matrix-Build-Job.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.azurepipelines/Matrix-Build-Job.yml b/.azurepipelines/Matrix-Build-Job.yml index 97024d1c46..29051b5058 100644 --- a/.azurepipelines/Matrix-Build-Job.yml +++ b/.azurepipelines/Matrix-Build-Job.yml @@ -29,6 +29,10 @@ parameters: displayName: Virtual Machine Image (e.g. windows-latest) type: string default: 'windows-latest' +- name: container_image + displayName: Container Image + type: string + default: '' jobs: @@ -53,10 +57,16 @@ jobs: workspace: clean: all + ${{ if ne(parameters.container_image, '') }}: + container: ${{ parameters.container_image }} + pool: vmImage: ${{ parameters.vm_image }} steps: + - ${{ if and(ne(parameters.container_image, ''), not(contains(parameters.vm_image, 'windows'))) }}: + - script: echo "##vso[task.prependpath]/home/vsts_azpcontainer/.local/bin" + displayName: Add User Local Bin to Path - template: Steps/PrGate.yml@mu_devops parameters: build_archs: ${{ parameters.arch_list }} @@ -70,3 +80,4 @@ jobs: extra_build_args: ${{ parameters.extra_build_args }} extra_install_step: ${{ parameters.extra_install_step }} tool_chain_tag: ${{ parameters.tool_chain_tag }} + install_tools: ${{ eq(parameters.container_image, '') }} From a92e6c5c3f15d8ef372d1cb66988bcb77787b4cb Mon Sep 17 00:00:00 2001 From: Project Mu Uefibot <45776386+uefibot@users.noreply.github.com> Date: Fri, 9 Dec 2022 06:04:12 -0800 Subject: [PATCH 18/18] Repo File Sync: Synced file(s) with microsoft/mu_devops (#119) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3641761478](https://github.com/microsoft/mu_devops/actions/runs/3641761478) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com> --- .azurepipelines/Ubuntu-GCC5.yml | 8 +++- .azurepipelines/Windows-VS.yml | 2 +- .devcontainer/devcontainer.json | 12 +++++ .github/advanced-issue-labeler.yml | 48 +++++++++++++++++++ .github/workflows/auto-merge.yml | 39 +++++++++++++++ .github/workflows/label-issues.yml | 2 +- .github/workflows/label-issues/file-paths.yml | 6 +++ .../label-issues/regex-pull-requests.yml | 6 +++ .github/workflows/label-sync.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/triage-issues.yml | 22 +++++++++ 11 files changed, 143 insertions(+), 6 deletions(-) create mode 100644 .devcontainer/devcontainer.json create mode 100644 .github/advanced-issue-labeler.yml create mode 100644 .github/workflows/auto-merge.yml create mode 100644 .github/workflows/triage-issues.yml diff --git a/.azurepipelines/Ubuntu-GCC5.yml b/.azurepipelines/Ubuntu-GCC5.yml index 358fd1f67e..90f2af19cc 100644 --- a/.azurepipelines/Ubuntu-GCC5.yml +++ b/.azurepipelines/Ubuntu-GCC5.yml @@ -20,7 +20,10 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v1.1.1 + ref: refs/tags/v1.3.0 + containers: + - container: linux-gcc + image: ghcr.io/tianocore/containers/fedora-35-build:2113a0e variables: - group: architectures-arm-64-x86-64 @@ -33,8 +36,9 @@ jobs: extra_build_args: CODE_COVERAGE=TRUE CC_HTML=TRUE extra_install_step: - script: | - sudo apt-get install -y mingw-w64 lcov + sudo microdnf install --assumeyes mingw64-gcc lcov pip install lcov_cobertura pycobertura displayName: Install Windows Resource Compiler for Linux & Code Coverage Tools tool_chain_tag: $(tool_chain_tag) vm_image: $(vm_image) + container_image: linux-gcc diff --git a/.azurepipelines/Windows-VS.yml b/.azurepipelines/Windows-VS.yml index 7275181faa..fd416fb93a 100644 --- a/.azurepipelines/Windows-VS.yml +++ b/.azurepipelines/Windows-VS.yml @@ -20,7 +20,7 @@ resources: type: github endpoint: microsoft name: microsoft/mu_devops - ref: refs/tags/v1.1.1 + ref: refs/tags/v1.3.0 variables: - group: architectures-x86-64 diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000000..ebcf852c90 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,12 @@ +{ + "image": "ghcr.io/tianocore/containers/fedora-35-dev:latest", + "postCreateCommand": "git config --global --add safe.directory * && pip install --upgrade -r pip-requirements.txt", + "customizations": { + "vscode": { + "extensions": [ + "ms-vscode.cpptools", + "DavidAnson.vscode-markdownlint" + ] + } + } +} \ No newline at end of file diff --git a/.github/advanced-issue-labeler.yml b/.github/advanced-issue-labeler.yml new file mode 100644 index 0000000000..b003c650ad --- /dev/null +++ b/.github/advanced-issue-labeler.yml @@ -0,0 +1,48 @@ +# Defines the mappings between GitHub issue responses and labels applied to the issue +# for Project Mu repos. +# +# IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +# For more information, see: +# https://github.com/redhat-plumbers-in-action/advanced-issue-labeler + +policy: + - template: [bug_report.yml, documentation_request.yml, feature_request.yml] + section: + + # Issue Template - Urgency Dropdown + - id: ['urgency'] + block-list: [] + label: + - name: 'urgency:low' + keys: ['Low'] + - name: 'urgency:medium' + keys: ['Medium'] + - name: 'urgency:high' + keys: ['High'] + + # Issue Template - Fix Owner Dropdown + - id: ['fix_owner', 'request_owner'] + block-list: [] + label: + - name: 'state:needs-owner' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] + - name: 'state:needs-triage' + keys: [ + 'Someone else needs to fix it', + 'Someone else needs to make the change', + 'Someone else needs to implement the feature' + ] diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 0000000000..22da5d62cc --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,39 @@ +# This workflow automatically merges pull requests under certain conditions. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made +# in the common/reusable workflow. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Auto Merge Pull Request + +on: + pull_request_target: + types: + - edited + - labeled + - opened + - ready_for_review + - reopened + - synchronize + - unlabeled + - unlocked + pull_request_review: + types: + - submitted + check_suite: + types: + - completed + status: {} + +jobs: + merge_check: + uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v1.3.0 diff --git a/.github/workflows/label-issues.yml b/.github/workflows/label-issues.yml index 5896397090..9c530d34ee 100644 --- a/.github/workflows/label-issues.yml +++ b/.github/workflows/label-issues.yml @@ -31,4 +31,4 @@ on: jobs: apply: - uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v1.1.1 + uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v1.3.0 diff --git a/.github/workflows/label-issues/file-paths.yml b/.github/workflows/label-issues/file-paths.yml index 5cd3a7bf61..c3b3cc8039 100644 --- a/.github/workflows/label-issues/file-paths.yml +++ b/.github/workflows/label-issues/file-paths.yml @@ -1,5 +1,11 @@ # Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/.github/workflows/label-issues/regex-pull-requests.yml b/.github/workflows/label-issues/regex-pull-requests.yml index 26d6e5d3e0..484fc6ce7e 100644 --- a/.github/workflows/label-issues/regex-pull-requests.yml +++ b/.github/workflows/label-issues/regex-pull-requests.yml @@ -1,5 +1,11 @@ # Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. # +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# # Copyright (c) Microsoft Corporation. # SPDX-License-Identifier: BSD-2-Clause-Patent # diff --git a/.github/workflows/label-sync.yml b/.github/workflows/label-sync.yml index 274b0fc1e3..9fe1f0ab5f 100644 --- a/.github/workflows/label-sync.yml +++ b/.github/workflows/label-sync.yml @@ -24,4 +24,4 @@ on: jobs: sync: - uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v1.1.1 + uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v1.3.0 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 0db0a5260f..50990e5680 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -24,4 +24,4 @@ on: jobs: check: - uses: microsoft/mu_devops/.github/workflows/Stale.yml@v1.1.1 + uses: microsoft/mu_devops/.github/workflows/Stale.yml@v1.3.0 diff --git a/.github/workflows/triage-issues.yml b/.github/workflows/triage-issues.yml new file mode 100644 index 0000000000..8a12fb739c --- /dev/null +++ b/.github/workflows/triage-issues.yml @@ -0,0 +1,22 @@ +# This workflow assists with initial triage of new issues by applying +# labels based on data provided in the issue. +# +# NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there +# instead of the file in this repo. +# +# - Mu DevOps Repo: https://github.com/microsoft/mu_devops +# - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# + +name: Initial Triage for New Issue + +on: + issues: + types: [ opened ] + +jobs: + sync: + uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v1.3.0