New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Page Audit Report Generator Print #96
Remove Page Audit Report Generator Print #96
Commits on Nov 8, 2022
Commits on Dec 9, 2022
-
Update Stack Cookie Exception Handler to Register Based on Fixed PCD (m…
…icrosoft#98) ## Description To enable more easily setting the stack cookie failure vector, update the check to reference a fixed at build PCD in MdePkg. ## Breaking change? No ## How This Was Tested Triggering the interrupt on Q35 ## Integration Instructions N/A
-
Update DXE Paging Audit App to Include RWX Test (microsoft#101)
## Description Our memory protection policy is now robust enough to ensure that platforms have no read/write/execute pages before ExitBootServices. This update adds a test to the DxePagingAuditApp to check the page table for RWX pages and only exempt them if the region is part of a nonprotected image or special region. Users can still utilize the app to dump paging data to the EFI partition by calling the application with the '-d' flag. By default, the app will run the RWX test. ## Breaking change? No ## How This Was Tested Running the test on Q35 ## Integration Instructions The test will identify RWX regions. Platforms should identify these regions to determine if they must be RWX. If they really must be RWX, the platform can utilize the Memory Protection Special Region Protocol to create a special region.
-
MfciPkg/MfciDxe: Fix GCC compilation issue in a test (microsoft#107)
## Description Fixes microsoft#106 GCC states `Dummy` and `FakeCertificate` may be used uninitialized since it is not assigned an initial value before being passed to functions in some tests. `Dummy` Example: ``` INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:317:12: error: ‘Dummy’ may be used uninitialized [-Werror=maybe-uninitialized] INFO - 317 | Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), NULL, sizeof (mCert_Trusted_CA_Root_xdr)); INFO - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:144:1: note: by argument 1 of type ‘const UINT8 *’ {aka ‘const unsigned char *’} to ‘ValidateBlobWithXdrCertificates’ declared here ``` `FakeCertificate` Example: ``` INFO - /s/MfciPkg/MfciDxe/Test/MfciMultipleCertsHostTest.c:358:12: error: ‘FakeCertificate’ may be used uninitialized [-Werror=maybe-uninitialized] INFO - 358 | Status = ValidateBlobWithXdrCertificates (&Dummy, sizeof (Dummy), &FakeCertificate, sizeof (FakeCertificate)); INFO - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` This change initializes the values as necessary to prevent the error. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** - Simple GCC compilation fix ## How This Was Tested Verified compilation before (fails as shown above) and after (does not fail) with fix in this change. ## Integration Instructions None - This will resolve a GCC build error that may have been encountered in the MFCI tests. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-
pip: update pytool-library to ~=0.12.1 pytool-extensions to ~= 0.20.0
**edk2-pytool-library** Updates the requirements on [edk2-pytool-library](https://github.com/tianocore/edk2-pytool-library) to permit the latest version. - [Release notes](https://github.com/tianocore/edk2-pytool-library/releases) - [Commits](tianocore/edk2-pytool-library@v0.11.6...v0.12.1) --- updated-dependencies: - dependency-name: edk2-pytool-library dependency-type: direct:production ... **edk2-pytool-extensions** Updates the requirements on [edk2-pytool-extensions](https://github.com/tianocore/edk2-pytool-extensions) to permit the latest version. - [Release notes](https://github.com/tianocore/edk2-pytool-extensions/releases) - [Commits](tianocore/edk2-pytool-extensions@v0.19.1...v0.20.0) --- updated-dependencies: - dependency-name: edk2-pytool-extensions dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
-
pip-requirements.txt: Use exact match instead of compatible release
Now that we're using dependabot, strictly manage exact version of dependencies using an exact match instead of a "compatible release". Compatible releases (~= syntax) are described here: - https://peps.python.org/pep-0440/#compatible-release Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-
Fix MfciDxe Debug error print missing new line character (microsoft#97)
## Description * Add missing new line character to the end of a Debug print in MfciDxe. * This improves readability of debug logs. - [ ] Breaking change? No breaking change. - Will this change break pre-existing builds or functionality without action being taken? ## How This Was Tested * Verified log output is now properly formatted. ## Integration Instructions N/A
-
Fix unitialized variable found in clang compiler experiments (microso…
…ft#108) Fix a uninitialized variable usage case found when experimenting with new clang compiler configuration. If the first `goto exit` statement is used then a comparison will be done against the uninitialized value of the variable
-
Add missing braces to gPciRootBridge #define for GCC (microsoft#110)
## Description GCC compiler warns about missing braces with existing defintion of gPciRootBridge. This change fixes that. - [ ] Breaking change? No ## How This Was Tested Local build on workstation. Ran GCC build on internal Microsoft code base. ## Integration Instructions N/A
-
Enable stale bot GitHub action (microsoft#111)
## Description Enables stale bot to automatically closed old issues in this repo. https://github.com/actions/stale This action is largely based on a reusable workflow from Mu DevOps. Current configuration: - Stale PR: After 60 days - Stale Issue: After 45 days - Days until PR and Issue close: 7 days - Exempt labels: - `impact:security` - `state:backlog` - `state:under-discussion` - Stale Issue label: `state:stale` - Stale PR label: `state:stale` - Comments are left when marked stale and when closed These settings come directly from the default setting values in the Mu DevOps reusable workflow. Note: The `workflow_dispatch` trigger is added to allow the workflow to be manually invoked if ever needed. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested - Verified workflow on mu_basecore fork - Example run: https://github.com/makubacki/mu_basecore/actions/runs/3526648651 - Verified workflow in mu_basecore release/202208 branch ## Integration Instructions N/A - Only affects the GitHub workflow in this repo Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-
Enable Label Sync GitHub Action (microsoft#112)
## Description Adds an action to automatically sync labels used in this repository from a centralized file in Project Mu DevOps. https://github.com/microsoft/mu_devops New labels should be added to the `Labels.yml` file in mu_devops. Repo-specific labels are allowed to be defined. Those can either be created in a repo-local config YAML file (preferred) or manually in the "Labels" section of the repo. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested On fork repositories. ## Integration Instructions Now downstream integration required, only impacts this repo Repo users should understand label definitions and read instructions noted in this change regarding how to modify labels in the future. Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-
Update reset notification list to be notified before NVMe (microsoft#80)
## Description Reset notification was handled by the NVMe driver before the AdvLogger could write the log to disk. - [No] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? ## How This Was Tested Tested on multiple systems. ## Integration Instructions N/A
-
pull_request_template.md: Remove since file is in .github now (micros…
…oft#113) ## Description Removes the template from the old location (repo root). File sync will track this file in the `.github` directory now. - [ ] Breaking change? - Will this change break pre-existing builds or functionality without action being taken? **No** ## How This Was Tested Code review. ## Integration Instructions N/A Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
-
Repo File Sync: Synced file(s) with microsoft/mu_devops (microsoft#114)
Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3578665266](https://github.com/microsoft/mu_devops/actions/runs/3578665266) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com>
-
Add PcdShellFvGuid to allow platforms to provide FV GUID to search sh…
…ell image in (microsoft#116) ## Description Add PcdShellFvGuid to allow platforms to provide FV GUID to search shell image in - [x] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested When a FV GUID is provided, a default boot option for shell with the FV device path is created. as long as the device path exists, system is able to boot to internal UEFI shell. If the PCD is not updated by platform and is at default value (zero guid), then all FV's are searched and shell is located to create a boot option device path. ## Integration Instructions N/A
-
Repo File Sync: Synced file(s) with microsoft/mu_devops (microsoft#117)
Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3598065818](https://github.com/microsoft/mu_devops/actions/runs/3598065818) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com>
-
Add logic for container build to Matrix-Build-Job.yml (microsoft#118)
## Description Changes the matrix build job to be able to take input for the container image used in the generic mu_devops file generated. Will be used by: microsoft/mu_devops#59 - [ ] Impacts functionality? - [ ] Impacts security? - [ ] Breaking change? - [ ] Includes tests? - [ ] Includes documentation? ## How This Was Tested Tested on test pipeline with mu_devops changes made locally ## Integration Instructions N/A
-
Repo File Sync: Synced file(s) with microsoft/mu_devops (microsoft#119)
Synced local file(s) with [microsoft/mu_devops](https://github.com/microsoft/mu_devops). 🤖: View the [Repo File Sync Configuration File](https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml) to see how files are synced. --- This PR was created automatically by the [repo-file-sync-action](https://github.com/BetaHuhn/repo-file-sync-action) workflow run [#3641761478](https://github.com/microsoft/mu_devops/actions/runs/3641761478) Signed-off-by: Project Mu UEFI Bot <uefibot@microsoft.com>
-