Skip to content

v11.0.0

Choose a tag to compare

View all tags
@mu-automation mu-automation released this 17 Dec 00:39
· 8 commits to refs/heads/main since this release
v11.0.0
dc87bca
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Move out HAF and TFA build to pipeline and consume the bins locally @eeshanl (#1227)
    Change Details
      ## Description

    For SBSA, move out HAF and TFA build to GitHub workflow and consume the bins locally.
    Eliminates need for local developer to rely on HAF/TFA build steps via a new HAF_TFA_BUILD build flag set to FALSE by default.

    The GitHub Workflow on Release will run stuart_build with HAF_TFA_BUILD=TRUE and publishes the Hafnium and TFA binaries for consumption as a part of the GitHub release. It will also publish a file fip_blob_manifest.json which is generated using the output of the fiptool from TFA against fip.bin. This is needed because the fiptool reports offsets that are necessary to patch up the fip.bin if we want to employ this method of building SBSA with HAF/TFA bins being pulled down from an extdep.

    The GitHub workflow runs the end-to-end build with HAF_TFA_BUILD=TRUE only on GitHub releases. We will not publish the binaries after building on arbitrary PR runs, but will still run stuart_build with HAF_TFA_BUILD=TRUE.
    On github releases, the version number and sha for the extdep must also be updated for every release, as the contents of the binaries and the json manifest, fip_blob_manifest.json needs to get updated also.

    Once this and #1229 are merged, a developer can build SBSA like they would normally, however the default behavior for building the Hafnium and TFA binaries will be to use the extdep through stuart_update. Along with this, the Post-Build step will now patch the extdep binaries with the contents of the secure partitions that the local developer has built as a part of stuart_build. For more advanced use cases, where the developer would need to modify the secure partition DTS files, or if the developer changes the .fd files to be larger than the size reported in the fip_blob_manifest.json, then the developer would have to use HAF_TFA_BUILD=TRUE in their stuart_build step as an argument.

    After this PR is merged, we need to make a formal GitHub release so that the necessary binaries and artifacts can be published as a part of that release.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Tested on my fork by doing a release and making this pr and watching the pipeline build publish the bins to test13 release on my fork https://github.com/eeshanl/mu_tiano_platforms/releases/tag/test13_tag but skips the just the publish step on this pr.

    pr pipeline run: https://github.com/microsoft/mu_tiano_platforms/actions/runs/17990944480/job/51180666584?pr=1227
    release pipeline run: https://github.com/eeshanl/mu_tiano_platforms/actions/runs/18020305440/job/51275744986

    And then locally tested the ext_deps step by pointing to this release.

    Integration Instructions

    This PR must be merged first, then make a release. Then merge #1229 to enable ext_deps and set HAF_TFA_BUILD = FALSE

      </blockquote>
  <hr>
</details>
  • Fixing watchdog timer driver SBSA @kuqin12 (#1285)
    Change Details
      ## Description

    The current usage of WatchdogTimer (WDT) from MdeModulePkg in SBSA is incorrect.

    This change moves to use the ARM specific version of WDT support.

    For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested on QEMU SBSA and verified system will reset through the interrupt handler as expected.

    Integration Instructions

    N/A

      </blockquote>
  <hr>
</details>
  • Use PR eval for both 32bit and 64bit PEI @kuqin12 (#1271)
    Change Details
      ## Description

    This change resolves a concern around the dsc file being used for PR eval is always the x64 version.

    The change was inherited from EDK2 OvmfPkg.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    The pipeline checks all pass.

    Integration Instructions

    N/A



  • Pick up new binaries of QEMU v10 @kuqin12 (#1270)
    Change Details
      ## Description

    This change picks up the new binary releases of QEMU v10.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    Built QEMU Q35 firmware and booted to UEFI shell.

    Integration Instructions

    N/A



⚠️ Breaking Changes

  • Integrate breaking changes from basecore and supervisor repos @kuqin12 (#1282)
    Change Details
      ## Description

    This change integrates the latest breaking changes from basecore and supervisor repos.

    Specifically, supervisor repo embraced the implementation from edk2 for MM communication protocol, as well as removed privileged instructions from BaseLib. Basecore has pairing changes to accommodate the supervisor update for MMI channel differentiation.

    The platform changes adopted some changes from EDK2 with regards to MemEncryptSevLib and build fixes in dsc and fdf.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This was tested on QEMU Q35 and booted to UEFI shell.

    Integration Instructions

    N/A



  • Fixing memory usage of QEMU SBSA @kuqin12 (#1268)
    Change Details
      ## Description

    This change fixed an issue where the memory available specified in QEMU Runner has to be fixed to 2GB.

    With the integration of FF-A, the MM communication buffer exposed to STMM secure partition has to match what was subscribed in the partition manifest, in this case the PCD is set to match the value in the DTS.

    In addition, the fix includes an update in mu_silicon_arm where the memory for MM communicate buffer is carved out from the system memory. Accordingly, the platform does not need to manipulate the system memory PCDs.

    Lastly, the TF-A manifest needs to be updated to over-subscribe the memory available to the system.

    • Impacts functionality?
    • Impacts security?
    • Breaking change?
    • Includes tests?
    • Includes documentation?

    How This Was Tested

    This change was tested locally and booted to both UEFI shell with 2GB memory and Windows Desktop with 8GB.

    Integration Instructions

    Update to latest mu_silicon_arm_tiano.



Full Changelog: v10.0.0...v11.0.0

Contributors

eeshanl and kuqin12
Assets 4
Loading