v2025110001.0.2

What's Changed

• [Cherry-Pick] BaseTools: Only check for GCC prefixes when targeting @apop5 (#1742)
  
  Change Details

    ## Description

  LinuxGccToolChain is checking for the environment variable GCC_AARCH64_PREFIX when GCC_AARCH64_INSTALL is set in the environment variables. GCC_AARCH64_INSTALL is set when any gcc aarch64 compiler is installed (i.e. aarch64-none-elf, aarch64-linux-gnu, aarch64-unknown-elf all result in a GCC_AARCH64_INSTALL environment variable).

  When compiling for an X86 target, if an AARCH64 tool chain is installed in the system, this will result in an error due to the GCC_AARCH64_PREFIX not being set.

  Add a check based upon TARGET_ARCH and and only verify the prefixes when attempting to build AARCH64.

  Replicate the same check for RISCV and LOONGARCH64 architectures as well.

  (cherry picked from commit b7cf7e465c402f9b32dcadc791ba37f2db750522)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Ubuntu WSL with aarch64 compiler installed building X64 target failed. Passed after change.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

Full Changelog: v2025110001.0.1...v2025110001.0.2

v2025110001.0.1

What's Changed

🐛 Bug Fixes

• UefiCpuPkg: ArmMmuLib: Check if Block Split Following Page Alloc @os-d (#1735)
  
  Change Details

    ## Description

  Currently, there is a bug in UpdateRegionMappingRecursive() when guard pages are enabled and a large page is being split.

  The code checks whether the page table is a block or table and seeing that it is a block, allocates a new page table for the next level. However, when it does this, it will call an additional recursive call into the page table updating logic to make sure the new page table page is mapped. In addition, when guard pages are enabled, it will mark the guard page as RP. If the guard page is in the same block as we are already trying to split, the recursive call will split the block and mark the guard page as RP.

  When we return to the original call, it will fill out the now orphaned page table but never install it into the page table hierarchy (and if it did, it would lose the guard page). This has been observed to cause a driver's code section to still have NX set on it and so crash when trying to execute.

  This commit resolves the issue by checking if the block has already been split when we return from the new page table allocation. If it has, we simply update the existing table mapping instead of trying to split the block.

  The allocated page table page cannot be immediately freed, because this might trigger the block to get re-merged, so a reference to it is held until the end of updating this level and subsequent levels, when it can be safely freed.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on a physical ARM64 platform with NX and page guard enabled. System crashes before this change and boots with it.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2025110001.0.0...v2025110001.0.1

v2025110001.0.0

What's Changed

⚠️ Breaking Changes

• [REBASE \& FF] Revert FltUsedLib @os-d (#1736)
  
  Change Details

    ## Description

  FltUsedLib has been moved to mu_plus in microsoft/mu_plus#864. It has no users outside of mu_plus, so drop it from mu_basecore now.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  Platforms should switch their DSCs to use FltUsedLib|MsCorePkg/Library/FltUsedLib/FltUsedLib.inf.
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.6...v2025110001.0.0

v2025110000.0.6

What's Changed

• [CHERRY-PICK] BaseTools/Plugin: Add lcov error tolerance for vendored source trees @Flickdm (#1732)
  
  Change Details

    ## Description

  lcov v2.0+ treats several gcov/source-related conditions as fatal errors that were previously warnings in v1.x. This causes coverage capture to abort when the build tree includes vendored third-party sources (e.g. OpenSSL) that produce gcov mismatches, missing source references, unexpected gcov output, or non-zero gcov return codes.

  (cherry picked from commit 233eddb8e30d137597119a80a473c449cba3e351)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  OpensslPkg

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Add Uefi Shell test app for the BootManagerPolicy Protocol @spbrogan (#1725)
  
  Change Details

    ## Description

  Add Uefi Shell unit test for the BootManagerPolicy Protocol

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built and run against QemuQ35 x64

  Integration Instructions

  Add to the platform DSC with other UEFI shell based tests

    </blockquote>
    <hr>
  </details>
  

• [release/202511] Update BaseTools ext dep to v2025110000.0.5 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1727)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025110000.0.5.

  ---

🐛 Bug Fixes

• MdeModulePkg: Signal PreReadyToBoot @apop5 (#1728)
  
  Change Details

    ## Description

  Signal the PreReadyToBoot Event prior to ready to
  boot. Missed during dropping PostReadyToBoot event during 202511 integration.

  This is used by platforms which need to avoid
  the flurry of events signaled on ReadyToBoot event.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Platform relying on PreReadyToBootEvent failed to signal event.

  Integration Instructions

  No Integration necessary.
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.5...v2025110000.0.6

v2025110000.0.5

What's Changed

• [Cherry-Pick] Revert "MdeModulePkg/PciBusDxe: Degrade MEM64 to PMEM64… @apop5 (#1716)
  
  Change Details

   

  Description

  This reverts commit f6489621b8ae1164c5e4930902988ba7c86847ba.

  MdeModulePkg/PciBusDxe: Degrade MEM64 to PMEM64 when bridge lacks MEM64

  A number of compatibility issues have been reported with this change to the PciBusDxe behavior. Revert this change at this time to give time for all the issues to be reviewed and options for supporting this new behavior to be evaluated and fully validated.

  (cherry picked from commit defbd14d637313bdded40c717892497deec89be0)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Booting windows on physical platform failed prior to revert.

  Integration Instructions

  No Integration necessary.
  

  
  

  ---

  
  

• NetworkPkg/Dhcp6Dxe: Prevent potential infinite hang in EfiDhcp6Stop() @makubacki (#1722)
  
  Change Details

    ## Description

  When a USB network adapter is removed while a DHCPv6 lease is active, the USB stack calls DisconnectController() at TPL_CALLBACK. The network stack teardown eventually invokes EfiDhcp6Stop(), which sends a Release message and enters a while loop polling Udp6->Poll() for the server's Reply:

  while (Instance->UdpSts == EFI_ALREADY_STARTED) {
  Udp6->Poll (Udp6);
  }

  This loop never terminates because:

  1. The NIC hardware is physically gone
  2. The timeout mechanism relies on Dhcp6OnTimerTick(), a timer event registered at TPL_CALLBACK. Since EfiDhcp6Stop() is already running at TPL_CALLBACK (called from DisconnectController()), the timer event does not fire. So, UdpSts is never updated, and the loop never exits.

  Note: Dhcp6OnTimerTick() is not in the packet receive path.

  Udp6->Poll() drives packet reception synchronously through the network stack (MNP -> IP6 -> UDP6 -> Dhcp6ReceivePacket()), and Dhcp6HandleReplyMsg() sets Instance->UdpSts = EFI_SUCCESS when a Release Reply arrives.

  The timer event's role for Release messages is retransmission and to reach timeout. Which are blocked because of the TPL in this case.

  This change removes the synchronous polling loop from EfiDhcp6Stop().

  This matches how Dhcp4Dxe handles EfiDhcp4Stop() and EfiDhcp4Release(), which send the Release and immediately clean up without polling.

  This is considered acceptable because:

  • Dhcp6SendReleaseMsg() calls Dhcp6TransmitPacket(), which synchronously hands the packet to hardware by calling SNP->Transmit() before returning.

  • The server acts on the Release immediately upon receipt per RFC 8415 Section 18.3.7. It does not wait for client acknowledgment.

  • RFC 8415 Section 18.2.7 states:

    "implementations SHOULD retransmit one or more times, but MAY choose to terminate the retransmission procedure early"

  • The Release Reply carries no information we (the client) need.

  • Dhcp6CleanupSession(), called immediately after sending Release, invokes Dhcp6CleanupRetry(DHCP6_PACKET_STATEFUL) which iterates TxList and frees the Release TxCb and its packet. The same memory cleanup occurs whether or not a Reply was received.

  ---

  For reference: RFC 8415 Section 18.2.7

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • PR is in draft while platform testing occurs

  Integration Instructions

  • N/A
    

  
  

  ---

Full Changelog: v2025110000.0.4...v2025110000.0.5

v2025110000.0.4

What's Changed

• [CHERRY-PICK] Update basetools to build with control flow guard provided through msvc @kuqin12 (#1721)
  
  Change Details

    ## Description

  This change cherry-picks the commits into edk2 that enables the control flow guard feature (not CET) in basetool applications.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was verified by building Q35 firmware and booted to UEFI shell properly.

  Integration Instructions

  Update to later basetools once this change merges.
  

  
  

  ---

  
  

• Global: Remove backport workflow. @apop5 (#1719)
  
  Change Details

   

  Description

  The switch from dev/release to just relase left the backport workflow in the repo. Though it will
  not be triggered, dependabot will co
  ntinue
  to attempt to update the github actions used.

  Remove the workflow to reduce unused workflows and to prevent dependabot from attempting to update.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Cherry-Pick] MdePkg/BaseFdtLib: Implement new libfdt wrappers @apop5 (#1717)
  
  Change Details

    ## Description

  Add support for the #define FdtForEachPropertyOffset and FdtFindMaxPhandle() wrapper.
  Updates FdtOverlayApply() to mark the Fdt pointer as an IN OUT variable. The internal fdt_overlay_apply() function returns the merged blob in the Fdt variable.

  Update FdtGetName() and FdtGetPath() to correctly mark the VOID *Fdt as a CONST variable. This aligns with the internal libfdt implementation.
  libfdt implementation of fdt_get_name(): https://github.com/devicetree-org/pylibfdt/blob/0dd30a1815414a54327094ff3b8223026ebb673c/libfdt/fdt_ro.c#L303
  libfdt implementation of fdt_get_path(): https://github.com/devicetree-org/pylibfdt/blob/0dd30a1815414a54327094ff3b8223026ebb673c/libfdt/fdt_ro.c#L571

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI build validation passes.
  Usage of FdtGetName, FdtForEachPropertyOffset, and FdtFindMaxPhandle verified as part of a migration from the EmbeddedPkg implementation of FdtLib.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRYPICK] BaseTools: Prevent Subsection PCDs from polluting global expressions @PaddyDengAmi (#1654)
  
  Change Details

    ## Description

  The PCD value defined in module subsections can be added to global PCD database. Therefore the unsolved expressions, even belongs to the global scope, can incorrectly refer to the value from module subsection.

  This only happens when the referred PCD has no value assignment in the platform dsc file. Which also should raise an error.

  This PR cherry-picks tianocore/edk2#12009

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Use test code from PaddyDengAmi/edk2@8673d40
  Run test_build.bat after setting up edk2 build environment.

  Check the produced build_report.log, the value of PcdIpmiKcsIoBaseAddress in both HelloWorld.inf instances are polluted by gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifSmbusSlaveAddr|2 in the subsection.

  Compares to build_report_gPcd.log, which produced by TestPkg_gPcd.dsc that has a proper global value of PcdIpmiSsifSmbusSlaveAddr, the subsection override of PcdIpmiSsifSmbusSlaveAddr|2 only affects this PCD itself.
  All value evaluated by gEfiMdePkgTokenSpaceGuid.PcdIpmiKcsIoBaseAddress|gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifSmbusSlaveAddr are not affected and correctly refer to PcdIpmiSsifSmbusSlaveAddr|1 in global scope.

  After applying the change of this PR, the build for TestPkg.dsc will fail due to gEfiMdePkgTokenSpaceGuid.PcdIpmiKcsIoBaseAddress|gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifSmbusSlaveAddr is referring PcdIpmiSsifSmbusSlaveAddr which is not given a default value in this dsc and raising an error:

  D:\work\edk2\TestPkg.dsc(36): error 3000: The PCD should be FeatureFlag type or FixedAtBuild type: [gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifSmbusSlaveAddr].
          PCD [gEfiMdePkgTokenSpaceGuid.PcdIpmiKcsIoBaseAddress] Value "gEfiMdePkgTokenSpaceGuid.PcdIpmiSsifSmbusSlaveAddr"
  

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [release/202511] Update BaseTools ext dep to v2025110000.0.2 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1713)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025110000.0.2.

  ---

Full Changelog: v2025110000.0.3...v2025110000.0.4

v2025110000.0.3

What's Changed

• [SQUASH ON REBASE] Clang/Gcc: Move EnableInterruptsAndSleep out of EnableInterrupts.nasm. @jaykrell (#1712)
  
  Change Details

    ## Description

  EnableInterrupts.nasm does not build for clang/gcc, so they cannot link to EnableInterruptsAndSleep.

  Squash with 4969b55.

  • Impacts functionality? No.
  • Impacts security? No.
  • Breaking change? No.
  • Includes tests? No.
  • Includes documentation? No.

  How This Was Tested

  No. But the opposite. I cannot build HyperV-UEFI with Clang or Gcc because of this.

  Integration Instructions

  Easy.

    </blockquote>
    <hr>
  </details>
  

• [SQUASH ON REBASE]DisableNullDetection: Make calling convention consistent. @jaykrell (#1710)
  
  Change Details

    ## Description

  The calling convention on DisableNullDetection is inconsistent and this breaks builds.
  EFIAPI is for separately compiled code, and, pragmatically, assembly.
  You don't have to use it everywhere, but functions declarations and definitions need to be consistent.
  Some compilers ignore EFIAPI, some do not.

  These should all be moved to .h files?

  Squash with b837426 on rebase.

  • Impacts functionality? No.
  • Impacts security? No.
  • Breaking change? No.
  • Includes tests? No, not needed.
  • Includes documentation? No, not needed.

  How This Was Tested

  Build.

  Integration Instructions

  Nothing special.

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK][REBASE\&FF] Update perf infrastructure @Javagedes (#1709)
  
  Change Details

    ## Description

  This pull request is a cherry pick of tianocore/edk2#12005 while reverting applicable commits made prior to upstream.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [CHERRY-PICK][REBASE\&FF] Markdownlint updates @Javagedes (#1708)
  
  Change Details

    ## Description

  Markdown lint updates made upstream to be cherry-picked here. Appropriate changes reverted and cherry-picks applied.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [CHERRY-PICK][REBASE\&FF] BdsDxe: Introduce infinite boot retries @Javagedes (#1705)
  
  Change Details

    ## Description

  This commit reverts 18d57e4 in favor of the upstreamed version (tianocore/edk2@64ad6f2)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.2...v2025110000.0.3

v2025110000.0.2

What's Changed

• [CHERRY-PICK][REBASE \& FF] Revert Mu Commit in Favor of edk2 Commits @os-d (#1704)
  
  Change Details

    ## Description

  Making the page table definitions public was upstreamed to edk2. Revert Mu commit in favor of edk2 commit.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  The location of the definitions changed in the edk2 review process, so this is marked as a breaking change. Consumers must switch from using <Library/CpuPageTableLib.h> for definitions and switch to <Register/X86/CpuPageTable.h>.

    </blockquote>
    <hr>
  </details>
  

• [release/202511] Update BaseTools ext dep to v2025110000.0.1 @[mu-automation[bot]](https://github.com/apps/mu-automation) (#1700)
  
  Change Details

    This PR updates the BaseTools external dependency to version v2025110000.0.1.

  ---

• [Cherry-Pick] Ensure section alignment for clangpdb aarch64 builds @apop5 (#1698)
  
  Change Details

    ## Description

  ClangPdb/Msvc do not align the virtual address section lengths.
  This needs to be handled by the loader to ensure that lengths are
  aligned correctly.

  Found while compiling Standalone Mm for a virtual platform using
  ClangPdb. This has been masked in GCC/ClangDwarf builds by
  GenFw conversion enforcing section alignments during conversion.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Compiling the virtual platform with ClangPdb resulted in an assert when attempting
  to set memory protection on an unaligned section length.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

• [Cherry-Pick] MdePkg/BaseFdtLib: Add more wrappers @apop5 (#1694)
  
  Change Details

    ## Description

  Add FDT_HEADER field accessors and FdtOverlayApply() wrapper.

  (cherry picked from commit 74c508abe8dd57ec713e0d2aec9cc8a5cec4d57b)

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI.

  Integration Instructions

  No integration necessary.
  

  
  

  ---

  
  

Full Changelog: v2025110000.0.1...v2025110000.0.2

v2025110000.0.1

What's Changed

• MdeModulePkg: Add RealTimeClockLibNull @Flickdm (#1696)
  
  Change Details

    ## Description

  Add a NULL implementation of RealTimeClockLib in MdeModulePkg that returns EFI_UNSUPPORTED for all time operations. This allows packages to satisfy the RealTimeClockLib dependency without pulling in EmbeddedPkg.

  Trying to get this upstreamed - but I suspect that larger changes will need to made. I will merge those changes in once we have a conclusion on edk2

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  MU_CRYPTO_RELASE CI

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [REBASE \& FF]Pulling in CHERRY-PICKS from release/202502 @Raymond-MS (#1691)
  
  Change Details

    ## Description

  Pulling in the CHERRY-PICKS from release/202502 related to removing globals from ArmFfaCommon which came from EDK2.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• ArmPkg/PeilessSec: Consume Tpm2StartupLib @Raymond-MS (#1692)
  
  Change Details

    ## Description

  Pulling in the commits made to Silicon/Arm/MU_TIANO release/202502 regarding PeilessSec. Adding TpmStartupLib to PeilessSec.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• Fix VariableSmmRuntimeDxe MM communicate v3 buffer sizing @liqiqiii (#1695)
  
  Change Details

    ## Description

  Fix VariableSmmRuntimeDxe MM communicate v3 buffer sizing

  This change fixes VariableSmmRuntimeDxe to size its runtime communication buffer correctly when EFI_MM_COMMUNICATION3_PROTOCOL is available.
  Since 202511 branch, the variable runtime path can use MM communicate v3, which requires the larger EFI_MM_COMMUNICATE_HEADER_V3 header (56KB vs 24KB), but the driver was still allocating the buffer using the legacy header size. This update makes the allocation v3-aware so the runtime variable communication buffer matches the header format actually in use and avoids failures on larger variable transactions.

  How This Was Tested

  Tested on real hardware, now work as expected.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: v2025110000.0.0...v2025110000.0.1

v2025110000.0.0

What's Changed

Please view Readme.rst for release information.