v2025110001.0.6

What's Changed

• [CHERRY-PICK] Adding TPM over FFA ACPI table revision fix @kuqin12 (#1786)
  
  Change Details

    ## Description

  This change updates the TPM2 table when using TPM over FFA to support the functionality.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was tested on the latest Windows OS and booted to desktop with expected event log entries.

  Integration Instructions

  • To use this revision, the platforms have to update the table revision to 5 through gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|5.

  • The Windows OS has to be updated to the latest to support this new revision. Otherwise, the event logs will not be recorded.

    </blockquote>
    <hr>
    

• [REBASE \& FF] Support IORT revision 6 @kuqin12 (#1707)
  
  Change Details

    ## Description

  This change reverts the original Project MU changes as the edk2 upstreaming efforts are complete.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This is being tested on physical hardware.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK] SecurityPkg: AuthVariableLib: Handle empty signature lists @kuqin12 (#1785)
  
  Change Details

    ## Description

  The current implementation fails to set authenticated variables when the signature list is empty. This can legitimately occur for dbx when no signatures are revoked after a certificate rotation.

  Update the logic to explicitly handle empty signature lists, avoiding an implicit dependency on the variable being absent from variable storage.

  (cherry picked from commit b980aa07196a5534581b16563cd78cfc67a74074)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was tested on physical ARM64 platforms and booted to OS desktop and can set empty siglist variable from powershell.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK] [REBASE \& FF] Revert MU\_CHANGE in Favor of edk2 Commits @os-d (#1784)
  
  Change Details

    ## Description

  This reverts a MU_CHANGE and pulls in the two relevant edk2 commits replacing it.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• CryptoPkg: Correct MockBaseCryptLib interface @PaddyDeng-v (#1777)
  
  Change Details

    ## Description

  MU_BASECORE has a override (TCBZ3925) in BaseCryptLib.h. So the mock library should align to the change in override.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Enable the current disabled Host Unit Test for CryptoPkg (PaddyDeng-v@c24c879). Make sure MockBaseCryptLib is built and the CI build process passed.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• TlsLib Unit Tests @Flickdm (#1747)
  
  Change Details

    Included in: [MU_CRYPTO_RELEASE Milestone 1](https://github.com/microsoft/mu_crypto_release/milestone/1)

  Description

  Add unit tests for the TlsLib library class. The test suite validates TLS functionality through the TlsLib API surface. Today there are no unit tests.

  The goal with this is to catch regressions as we move through faster crypto changes. Importantly this prints which TLS algorithms are being used to catch regressions against DFCI or other features.

  What's included

  50 test cases across 6 test suites, with both host-based and UEFI Shell entry points:

  Suite	Tests	Coverage
  Function pointer validation	3	TlsInitialize, TlsCtxNew, TlsNew
  Context lifecycle	4	Create/free, client/server endpoint, version setting
  Cipher suite enumeration	8	14 TLS 1.2 ciphers, DFCI required ciphers (hard-fail), EC curves, TLS 1.3, PQC hybrid groups
  Configuration	13	Verify mode, hostname verification, SNI, session ID, signature algorithms, compression, security level, shutdown, handshake state
  Certificate management	10	CA cert set/get, host cert, private key, CRL
  Getter/query functions	12	Version, connection end, cipher, compression, verify, session ID, client/server random, key material

  Key features

  • DFCI/Intune cipher validation: Hard-fails if any of the 4 required ECDHE-RSA cipher suites are missing, catching regressions that would break Surface firmware cloud connectivity
  • Structured capability reports: Outputs machine-parseable SUPPORTED/UNSUPPORTED status for all probed algorithms, suitable for CI action consumption
  • PQC readiness probing: Documents ML-KEM hybrid key exchange group support status (X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024)
  • Firmware policy assertions: Validates that server mode returns EFI_UNSUPPORTED (client-only policy) and TLS compression is disabled (CRIME attack mitigation)

  Code coverage

  File	Line Coverage
  TlsConfig.c	74.3%
  TlsInit.c	72.6%
  TlsProcess.c	8.2% (handshake/IO functions need loopback test)
  Overall	~61%

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This will be added as a automation for MU_CRYPTO_RELEASE on changes to the OpensslPkg and TlsLib

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• MdeModulePkg/NvmExpressDxe: Add NVMe namespace filtering PCD @eeshanl (#1754)
  
  Change Details

    ## Description

  Add PcdNvmeNamespaceFilterId to control NVMe namespace enumeration.
  When != 0, only the specified NSID is discovered and enumerated. When 0 (default), all namespaces are enumerated as before.

  This improves security on NVMe devices with multiple namespaces.
  Without filtering, UEFI enumerates all namespaces and an attacker could place malicious boot media in a secondary namespace. By restricting enumeration to only the first namespace, we ensure the system boots exclusively from the intended namespace and prevents exploitation of additional namespaces as an attack vector.

  Changes:

  • NvmExpress.c: Add FilteringEnabled parameter to DiscoverAllNamespaces, EnumerateNvmeDevNamespace with namespace ID check when filtering
  • NvmExpressDxe.inf: Add PcdNvmeNamespaceFilterId to [Pcd] section
  • MdeModulePkg.dec: Define PcdNvmeNamespaceFilterId (default 0)

  Ref: microsoft/mu_msvm@9337285

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on:

  • OpenVMM platform where namespace filtering is required and successfully booted to OS via DDA NVMe with Namespace filtering on & off.

  • Physical platform and booted to OS with physical NVMe with Namespace filtering on & off.

  • Qemu Q35 by booting to OS via NVMe with Namespace filtering on & off:

    Modified QemuCommandBuilder.py with the following:

    elif device == "ssd" and self._architecture == QemuArchitecture.Q35:
        # Create NVMe controller with 2 namespaces for testing namespace filtering
        # NS1: boot media, NS2: empty 1GB drive
        self._args.extend([
            "-drive",
            f"file={path},format={format},if=none,id=nvme_ns1",
            "-drive",
            "if=none,id=nvme_ns2,format=raw,file.driver=null-co,file.size=1G",
            "-device",
            "nvme,id=nvme0,serial=nvme-1",
            "-device",
            "nvme-ns,drive=...
    

v2025110001.0.5

What's Changed

• [SQUASH ON REBASE] Rename TpmTestApp to TpmShellApp @Raymond-MS (#1775)
  
  Change Details

    ## Description

  Renamed TpmTestApp to TpmShellApp. This removes the need for a TPM_TEST_APP_ENABLE gate due to the name being *TestApp. This was causing issues in CI where the TpmTestApp was being auto included as a unit test when it isn't set up as a unit test app.

  Commit to squash into:
  8cbf776 SecurityPkg: Introduce TpmTestApp

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Build both QEMU SBSA and Q35 with the TpmShellApp enabled (TPM_ENABLE/TPM2_ENABLE == TRUE). Verified TpmShellApp functionality.

  Integration Instructions

  N/A

Full Changelog: v2025110001.0.4...v2025110001.0.5

v2025110001.0.4

What's Changed

• [CHERRY-PICK] MdeModulePkg: Don't Allow Guard Pages to Cross Bin Boundaries @os-d (#1774)
  
  Change Details

    ## Description

  Currently, the DXE page allocator does not ensure that guard page allocations stay within the bin that it is attempting to allocate within. As a result, S4 resume is jeopardized by bins expanding due to guard pages, either into other bins or out of bins. This is caught by a new assert in CoreGetMemoryMap() to ensure the bins are correct.

  This fixes this by changing the internal heap guard API to return the adjusted size and start address of a proposed allocation. The page allocator then can ensure that the adjusted allocation still fits within the bin it is attempting to allocate within; if not, it will search for another descriptor.

  (cherry picked from edk2 commit 0f2dc7558713f1774bb7317e9fdcd371fcbb10cc)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  On OvmfPkg and a physical Intel system.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• [Squash On Rebase] MdeModulePkg: Unconditionally ApplyMemoryProtectionPolicy @apop5 (#1773)
  
  Change Details

    ## Description

  When a non-NX_COMPAT EFI_APPLICATION (e.g. grubx64.efi) is loaded,
  ActivateCompatibilityMode() sets mEnhancedMemoryProtectionActive = FALSE.
  From then on, GetPermissionAttributeForMemoryType() returns 0 for every
  memory type.

  ApplyMemoryProtectionPolicy() would get OldAttributes and NewAttributes
  based upon the memory type, not the actual memory settings, and if attributes
  matched, return early without a call to SetMemoryAttributes. This could result
  in the system providing memory with unintended attributes.

  Skip the type-compare shortcut. Always call SetMemoryAttributes
  when returning allocated memory.

  Squash on Rebase with b837426
  (Implement Compatibility Mode for Enhanced Memory Protection)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Physical platform booting grubx64.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [release/202511] Update BaseTools ext dep to v2025110001.0.3 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1772)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025110001.0.3.

  ---

🐛 Bug Fixes

• EmbeddedPkg/VirtualRealTimeClockLib: Fix RTC offset logic for negative TimeZone @capohuang (#1765)
  
  Change Details

    ## Description

  [Problem]
  A logic defect in VirtualRealTimeClockLib causes incorrect RTC calculation when Time->TimeZone is negative (e.g., -480 for UTC+8). The comparison EpochSeconds > (Time->TimeZone * SEC_PER_MIN) performs unsigned comparison due to C type promotion rules. This treats the negative offset as a very large unsigned integer, causing the code to skip necessary timezone compensation.

  [Solution]
  Updated the logic to ensure the timezone offset calculation and comparison handle signed values correctly. This allows the library to properly apply compensation for both positive and negative timezones.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  [Steps]
  Set the system timezone to UTC+8 (which translates to a -480 offset in the UEFI variable).
  Perform a shutdown or hibernate and cold boot.
  Observe the RTC time in the UEFI shell and OS.

  [Result]
  The RTC correctly reflects the local time, and the signed/unsigned comparison issue is resolved.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2025110001.0.3...v2025110001.0.4

v2025020003.0.6

What's Changed

• [2502] NetworkPkg/DxeNetLib: Reduce SNP media detect timeout and retry attempts [Rebase \& FF] @makubacki (#1764)
  
  Change Details

    ## Description

  Straight port of a 2511 PR to 2502.

  #1715

  ---

  Originally, NetLibDetectMediaWaitTimeout() only used a timeout when detecting media through AIP. When AIP is not available or fails, media detection falls back to SNP. Commit ef7bb4d made the SNP media detection process more robust with a timeout and retry mechanism. This improved detection reliability and overall stability on the network devices targeted by the change. However, it also applied conservative timeout and retry values that may cause longer wait times in some cases where AIP is not used and the SNP media state is already known to be "not present".

  This change reduces SNP retry attempts to 0 and the waiting time to 2 seconds. This leaves the retry logic in place but avoids using it for now. The maximum connection time observed in this fallback case has been 1.5 seconds, so 2 seconds is chosen to provide a reasonable buffer while avoiding unnecessarily long waits.

  ---

  A commit is also included to make timeout code in DxeNetLib consistent:

  NetworkPkg/DxeNetLib: Clamp timeouts to MAX_INT64

  The original implementation of tracking remaining time in the NetLibDetectMediaWaitTimeout() used a UINT64 to track the remaining time, which could wrap around depending on whether the subtracted time interval (MEDIA_STATE_DETECT_TIME_INTERVAL) was a factor of the timeout given.

  This change makes the TimeRemaining variable a INT64 to prevent the wrap around and clamps the incoming timeout to MAX_INT64 to prevent overflow.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  See the original 2511 PR: #1715

  Integration Instructions

  See the original 2511 PR: #1715
  

  
  

  ---

  
  

• NetworkPkg/UefiPxeBcDxe: Add UDP Completion Tokens to PXEBC\_PRIVATE\_DATA @makubacki (#1632)
  
  Change Details

    ## Description

  This change tracks UDP completion tokens in the PXEBC_PRIVATE_DATA structure, so they are persisted for cleanup in the Stop function in case it is called while a UDP operation is still pending.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • PXE boot with USB NIC disconnect to trigger EfiPxeBcStop() during UDP read

  Integration Instructions

  • N/A

  ---

  Note: A following PR may apply a similar change to the UDP write functions, but the issue was only observed in the UDP read functions, so this change is applied immediately for the time being.
  

  
  

  ---

  
  

• Fix retry logic in UFS device detection APIs @NishanthSanjeevi (#1577)
  
  Change Details

    ## Description

  Fix the retry logic in the UFS device detection APIs

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on physical Hardware

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [release/202502] Update BaseTools ext dep to v2025020003.0.5 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1685)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025020003.0.5.

  ---

• [CHERRY-PICK][REBASE \& FF][FF-A]Remove Globals from ArmFfaCommon @Raymond-MS (#1683)
  
  Change Details

    ## Description

  Added ArmFfaLibIsFfaSupported to ArmFfaCommon to allow for queries of FF-A support outside of ArmFfaCommonInit. Removed global variables in ArmFfaCommon. Moved the globals to locals in each phase's ArmFfaLib implementation. SEC and PEI will query when necessary to avoid setting globals when memory is unavailable. Removed the global variables in ArmFfaSecRxTxMap. Rx/Tx buffer HOB is now created within the Map function rather than in the constructor of ArmFfaSecLib. This allows for the use of the HOB to find the Rx/Tx buffer information. Add Unmap callback for when PEI and SEC need to invalidate the Rx/Tx buffer HOB on a call to Unmap.

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built and ran QEMU SBSA with TPM enabled. Verified TPM communication and boot to shell.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [release/202502] Update BaseTools ext dep to v2025020003.0.4 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1663)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025020003.0.4.

  ---

Full Changelog: v2025020003.0.5...v2025020003.0.6

v2025110001.0.3

What's Changed

• SecurityPkg: Add missing TpmTestApp markdown information @Raymond-MS (#1768)
  
  Change Details

    ## Description

  Added missing information to the TpmTestApp markdown document.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Added several mock libraries for google test @PaddyDengAmi (#1750)
  
  Change Details

    ## Description

  Added several mock libraries for google test

  For details on how to complete these options and their meaning refer to CONTRIBUTING.md.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested with pipelines.

  Integration Instructions

  N/A

• [CHERRY-PICK] [SQUASH ON REBASE] Update FlattenPdbs Plugin to pick up additional symbols. @os-d (#1769)
  
  Change Details

    ## Description

  This commit was missed bringing from 2502 to 2511. Cherry-pick it. On the next integration, it can be squashed with
  7784980.

  (cherry picked from commit f90aa00)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.

• SecurityPkg: Introduce TpmTestApp @Raymond-MS (#1760)
  
  Change Details

    ## Description

  Implemented a TPM UEFI shell application that can be used to test the platform's physical presence interface through the TCG2 protocol that is installed during DXE.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built both SBSA and Q35 with TPM enabled and verified TpmTestApp functionality.

  Integration Instructions

  Add the TpmTestApp.inf to your platform .dsc and .fdf. Please see the .md file for more information.
  

  
  

  ---

  
  

• SecurityPkg: Remove Globals from HashLibTpm2PeilessSec @Raymond-MS (#1752)
  
  Change Details

    ## Description

  Updated the HashLibTpm2PeilessSec library to no longer use globals in SEC. When enabled on SBSA, this was causing a hang as functions attempted to set RO memory. Changed the code to query the relevant information each time it was needed either through the TPM or Transfer List. Added new helper functions to Tpm2Help which removes the need to have a duplicate hash struct.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built with the PeilessSecMeasureLib not set to the NULL instance on QEMU SBSA with the TPM enabled. Verified the library measure the FV and CRTM version.

  Integration Instructions

  It is better for us to continue using the NULL instance of the PeilessSecMeasureLib as the time it took to measure the FV was ~15 mins on QEMU SBSA with TPM support.
  

  
  

  ---

  
  

• NetworkPkg/DxeNetLib: Reduce SNP media detect timeout and retry attempts [Rebase \& FF] @makubacki (#1715)
  
  Change Details

    ## Description

  Originally, NetLibDetectMediaWaitTimeout() only used a timeout when detecting media through AIP. When AIP is not available or fails, media detection falls back to SNP. Commit ef7bb4d made the SNP media detection process more robust with a timeout and retry mechanism. This improved detection reliability and overall stability on the network devices targeted by the change. However, it also applied conservative timeout and retry values that may cause longer wait times in some cases where AIP is not used and the SNP media state is already known to be "not present".

  This change reduces SNP retry attempts to 0 and the waiting time to 2 seconds. This leaves the retry logic in place but avoids using it for now. The maximum connection time observed in this fallback case has been 1.5 seconds, so 2 seconds is chosen to provide a reasonable buffer while avoiding unnecessarily long waits.

  ---

  A commit is also included to make timeout code in DxeNetLib consistent:

  NetworkPkg/DxeNetLib: Clamp timeouts to MAX_INT64

  The original implementation of tracking remaining time in the NetLibDetectMediaWaitTimeout() used a UINT64 to track the remaining time, which could wrap around depending on whether the subtracted time interval (MEDIA_STATE_DETECT_TIME_INTERVAL) was a factor of the timeout given.

  This change makes the TimeRemaining variable a INT64 to prevent the wrap around and clamps the incoming timeout to MAX_INT64 to prevent overflow.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Tested with platforms that do not install AIP for the network device and fall back to SNP media detection.
  • Client testing is complete. PXE boot remains successful in cases where network media is present. When network media is not present total wait time is reduced from 160s to 8s.
  • Server platform testing complete. PXE boot remains successful with the change.

  Integration Instructions

  • N/A
    

  
  

  ---

• [CHERRY-PICK][REBASE \& FF] Revert Mu Commit in Favor of edk2 Commit @os-d (#1758)
  
  Change Details

    ## Description

  Revert a Mu commit in favor of the edk2 commit.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• mu-pr-validation-pending.yml: Temporarily disable commit status upates @makubacki (#1755)
  
  Change Details

    ## Description

  The Mu Automation GitHub app requires a permission update to be accepted by a microsoft org admin. Until that happens, disable the calling the GitHub API to update the commit status.

  This will still run validation and post PR comments. The pass/fail result just won't be reported in the status check area of the PR until the permission is allowed.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • N/A

  Integration Instructions

  • N/A

• .github: Add Mu PR Validation workflow @makubacki (#1737)
  
  Change Details

    ## Description

  Adds workflows to run QEMU-based platform validation on pull requests to mu_basecore. This includes:

  • mu-pr-validation.yml: The main workflow that performs the actual QEMU validation, including building and booting.

  • mu-pr-validation-pending.yml: A workflow that posts an immediate "pending" notification on a pull request when it's pushed, indicating that QEMU validation is waiting for CI to complete. This is broken out to its own workflow to use the pull_request_target trigger (access to secrets on PRs from public forks) while minimizing the amount of code that runs with those elevated permissions.

  • mu-pr-validation-post.yml: A workflow that posts the results of the QEMU validation run to the pull request once the validation is complete.

  ---

  Notes

  1. Depends on #1734 to be completed first since the CLANGPDB Package CI workflow is a trigger upon its completion.
  2. The workflows here will call a reusable workflow on the add_mu_pr_val_workflow_e2e_val branch on mu_devops during this initial rollout period. This allows any necessary adjustments to be made quickly based on observations and feedback.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ran the workflow under various conditions on my mu_basecore fork. Some examples of output are shown below.

  Note that the "boot times" are not precise. They are the total time for the `--flas...

v2025110001.0.2

What's Changed

• [Cherry-Pick] BaseTools: Only check for GCC prefixes when targeting @apop5 (#1742)
  
  Change Details

    ## Description

  LinuxGccToolChain is checking for the environment variable GCC_AARCH64_PREFIX when GCC_AARCH64_INSTALL is set in the environment variables. GCC_AARCH64_INSTALL is set when any gcc aarch64 compiler is installed (i.e. aarch64-none-elf, aarch64-linux-gnu, aarch64-unknown-elf all result in a GCC_AARCH64_INSTALL environment variable).

  When compiling for an X86 target, if an AARCH64 tool chain is installed in the system, this will result in an error due to the GCC_AARCH64_PREFIX not being set.

  Add a check based upon TARGET_ARCH and and only verify the prefixes when attempting to build AARCH64.

  Replicate the same check for RISCV and LOONGARCH64 architectures as well.

  (cherry picked from commit b7cf7e465c402f9b32dcadc791ba37f2db750522)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ubuntu WSL with aarch64 compiler installed building X64 target failed. Passed after change.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

Full Changelog: v2025110001.0.1...v2025110001.0.2

v2025110001.0.1

What's Changed

🐛 Bug Fixes

• UefiCpuPkg: ArmMmuLib: Check if Block Split Following Page Alloc @os-d (#1735)
  
  Change Details

    ## Description

  Currently, there is a bug in UpdateRegionMappingRecursive() when guard pages are enabled and a large page is being split.

  The code checks whether the page table is a block or table and seeing that it is a block, allocates a new page table for the next level. However, when it does this, it will call an additional recursive call into the page table updating logic to make sure the new page table page is mapped. In addition, when guard pages are enabled, it will mark the guard page as RP. If the guard page is in the same block as we are already trying to split, the recursive call will split the block and mark the guard page as RP.

  When we return to the original call, it will fill out the now orphaned page table but never install it into the page table hierarchy (and if it did, it would lose the guard page). This has been observed to cause a driver's code section to still have NX set on it and so crash when trying to execute.

  This commit resolves the issue by checking if the block has already been split when we return from the new page table allocation. If it has, we simply update the existing table mapping instead of trying to split the block.

  The allocated page table page cannot be immediately freed, because this might trigger the block to get re-merged, so a reference to it is held until the end of updating this level and subsequent levels, when it can be safely freed.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on a physical ARM64 platform with NX and page guard enabled. System crashes before this change and boots with it.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2025110001.0.0...v2025110001.0.1

v2025110001.0.0

What's Changed

⚠️ Breaking Changes

• [REBASE \& FF] Revert FltUsedLib @os-d (#1736)
  
  Change Details

    ## Description

  FltUsedLib has been moved to mu_plus in microsoft/mu_plus#864. It has no users outside of mu_plus, so drop it from mu_basecore now.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  Platforms should switch their DSCs to use FltUsedLib|MsCorePkg/Library/FltUsedLib/FltUsedLib.inf.
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.6...v2025110001.0.0

v2025110000.0.6

What's Changed

• [CHERRY-PICK] BaseTools/Plugin: Add lcov error tolerance for vendored source trees @Flickdm (#1732)
  
  Change Details

    ## Description

  lcov v2.0+ treats several gcov/source-related conditions as fatal errors that were previously warnings in v1.x. This causes coverage capture to abort when the build tree includes vendored third-party sources (e.g. OpenSSL) that produce gcov mismatches, missing source references, unexpected gcov output, or non-zero gcov return codes.

  (cherry picked from commit 233eddb8e30d137597119a80a473c449cba3e351)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  OpensslPkg

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add Uefi Shell test app for the BootManagerPolicy Protocol @spbrogan (#1725)
  
  Change Details

    ## Description

  Add Uefi Shell unit test for the BootManagerPolicy Protocol

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built and run against QemuQ35 x64

  Integration Instructions

  Add to the platform DSC with other UEFI shell based tests

    </blockquote>
    <hr>
  </details>
  

• [release/202511] Update BaseTools ext dep to v2025110000.0.5 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1727)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025110000.0.5.

  ---

🐛 Bug Fixes

• MdeModulePkg: Signal PreReadyToBoot @apop5 (#1728)
  
  Change Details

    ## Description

  Signal the PreReadyToBoot Event prior to ready to
  boot. Missed during dropping PostReadyToBoot event during 202511 integration.

  This is used by platforms which need to avoid
  the flurry of events signaled on ReadyToBoot event.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Platform relying on PreReadyToBootEvent failed to signal event.

  Integration Instructions

  No Integration necessary.
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.5...v2025110000.0.6

v2025110000.0.5

What's Changed

• [Cherry-Pick] Revert "MdeModulePkg/PciBusDxe: Degrade MEM64 to PMEM64… @apop5 (#1716)
  
  Change Details

   

  Description

  This reverts commit f648962.

  MdeModulePkg/PciBusDxe: Degrade MEM64 to PMEM64 when bridge lacks MEM64

  A number of compatibility issues have been reported with this change to the PciBusDxe behavior. Revert this change at this time to give time for all the issues to be reviewed and options for supporting this new behavior to be evaluated and fully validated.

  (cherry picked from commit defbd14d637313bdded40c717892497deec89be0)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Booting windows on physical platform failed prior to revert.

  Integration Instructions

  No Integration necessary.
  

  
  

  ---

  
  

• NetworkPkg/Dhcp6Dxe: Prevent potential infinite hang in EfiDhcp6Stop() @makubacki (#1722)
  
  Change Details

    ## Description

  When a USB network adapter is removed while a DHCPv6 lease is active, the USB stack calls DisconnectController() at TPL_CALLBACK. The network stack teardown eventually invokes EfiDhcp6Stop(), which sends a Release message and enters a while loop polling Udp6->Poll() for the server's Reply:

  while (Instance->UdpSts == EFI_ALREADY_STARTED) {
  Udp6->Poll (Udp6);
  }

  This loop never terminates because:

  1. The NIC hardware is physically gone
  2. The timeout mechanism relies on Dhcp6OnTimerTick(), a timer event registered at TPL_CALLBACK. Since EfiDhcp6Stop() is already running at TPL_CALLBACK (called from DisconnectController()), the timer event does not fire. So, UdpSts is never updated, and the loop never exits.

  Note: Dhcp6OnTimerTick() is not in the packet receive path.

  Udp6->Poll() drives packet reception synchronously through the network stack (MNP -> IP6 -> UDP6 -> Dhcp6ReceivePacket()), and Dhcp6HandleReplyMsg() sets Instance->UdpSts = EFI_SUCCESS when a Release Reply arrives.

  The timer event's role for Release messages is retransmission and to reach timeout. Which are blocked because of the TPL in this case.

  This change removes the synchronous polling loop from EfiDhcp6Stop().

  This matches how Dhcp4Dxe handles EfiDhcp4Stop() and EfiDhcp4Release(), which send the Release and immediately clean up without polling.

  This is considered acceptable because:

  • Dhcp6SendReleaseMsg() calls Dhcp6TransmitPacket(), which synchronously hands the packet to hardware by calling SNP->Transmit() before returning.

  • The server acts on the Release immediately upon receipt per RFC 8415 Section 18.3.7. It does not wait for client acknowledgment.

  • RFC 8415 Section 18.2.7 states:

    "implementations SHOULD retransmit one or more times, but MAY choose to terminate the retransmission procedure early"

  • The Release Reply carries no information we (the client) need.

  • Dhcp6CleanupSession(), called immediately after sending Release, invokes Dhcp6CleanupRetry(DHCP6_PACKET_STATEFUL) which iterates TxList and frees the Release TxCb and its packet. The same memory cleanup occurs whether or not a Reply was received.

  ---

  For reference: RFC 8415 Section 18.2.7

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • PR is in draft while platform testing occurs

  Integration Instructions

  • N/A
    

  
  

  ---

Full Changelog: v2025110000.0.4...v2025110000.0.5