├── .azurepipelines ├── MuDevOpsWrapper.yml ├── Ubuntu-GCC5.yml └── Windows-VS.yml ├── .devcontainer └── devcontainer.json ├── .git-blame-ignore-revs ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ ├── config.yml │ ├── documentation_request.yml │ └── feature_request.yml ├── advanced-issue-labeler.yml ├── codecov.yml ├── dependabot.yml ├── pull_request_template.md ├── release-draft-config-n-1-dev.yml ├── release-draft-config-n-1.yml ├── release-draft-config-n-dev.yml ├── release-draft-config-n.yml └── workflows │ ├── auto-approve.yml │ ├── auto-merge.yml │ ├── backport-to-release-branch.yml │ ├── codeql.yml │ ├── issue-assignment.yml │ ├── label-issues.yml │ ├── label-issues │ ├── file-paths.yml │ └── regex-pull-requests.yml │ ├── label-sync.yml │ ├── pull-request-formatting-validator.yml │ ├── release-draft.yml │ ├── scheduled-maintenance.yml │ ├── stale.yml │ └── triage-issues.yml ├── .gitignore ├── .markdownlint.yaml ├── .markdownlintignore ├── .pytool └── CISettings.py ├── CONTRIBUTING.md ├── CodeQlFilters.yml ├── Docs ├── Frontpage_Includes │ ├── Frontpage_DSC_Include.md │ ├── Frontpage_FDF_Include.md │ └── colorbar_mu.PNG ├── OemPkg.md ├── Repo_Details.md └── q35_mu.gif ├── FrontpageDsc.inc ├── FrontpageFdf.inc ├── LICENSE.txt ├── OemPkg ├── BootMenu │ ├── BootMenu.c │ ├── BootMenu.h │ ├── BootMenu.inf │ ├── BootMenuStrings.uni │ └── BootMenuVfr.Vfr ├── DeviceStatePei │ ├── DeviceStatePei.c │ └── DeviceStatePei.inf ├── FrontPage │ ├── FrontPage.c │ ├── FrontPage.h │ ├── FrontPage.inf │ ├── FrontPageConfigAccess.c │ ├── FrontPageConfigAccess.h │ ├── FrontPageStrings.uni │ ├── FrontPageUi.c │ ├── FrontPageUi.h │ ├── FrontPageVfr.Vfr │ ├── FrontPageVfr.h │ ├── Resources │ │ ├── BootLogo.bmp │ │ ├── FirmwareSettings.bmp │ │ ├── FrontpageLogo.bmp │ │ ├── FrontpageLogo@2x.bmp │ │ ├── LBAT.bmp │ │ ├── NoBoot.bmp │ │ ├── THOT.bmp │ │ └── VolumeUp.bmp │ ├── String.c │ └── String.h ├── FrontpageButtonsVolumeUp │ ├── FrontpageButtonsVolumeUp.c │ └── FrontpageButtonsVolumeUp.inf ├── HelloUefi │ ├── HelloUefi.c │ ├── HelloUefi.inf │ ├── HelloUefi.ver │ └── Readme.md ├── Include │ ├── Guid │ │ ├── MsNVBootReason.h │ │ ├── OemConfigMetadataPolicy.h │ │ └── PasswordStoreVariable.h │ ├── Library │ │ ├── OemMfciDxeLib.h │ │ ├── OemMfciLib.h │ │ └── PasswordPolicyLib.h │ ├── OemMfciDefines.h │ ├── Protocol │ │ ├── ButtonServices.h │ │ └── MsFrontPageAuthTokenProtocol.h │ └── Settings │ │ └── FrontPageSettings.h ├── Library │ ├── ActiveProfileIndexSelectorPcdLib │ │ ├── ActiveProfileIndexSelectorPcdLib.c │ │ └── ActiveProfileIndexSelectorPcdLib.inf │ ├── BootGraphicsProviderLib │ │ ├── BootGraphicsProviderLib.c │ │ └── BootGraphicsProviderLib.inf │ ├── DeviceBootManagerLib │ │ ├── DeviceBootManagerLib.c │ │ └── DeviceBootManagerLib.inf │ ├── DfciDeviceIdSupportLib │ │ ├── DfciDeviceIdSupportLib.c │ │ └── DfciDeviceIdSupportLib.inf │ ├── DfciGroupLib │ │ ├── DfciGroups.c │ │ └── DfciGroups.inf │ ├── DfciUiSupportLib │ │ ├── DfciUiSupportLib.c │ │ └── DfciUiSupportLib.inf │ ├── MsAltBootLib │ │ ├── MsAltBootLib.c │ │ ├── MsAltBootLib.inf │ │ └── MsAltBootVariables.h │ ├── MsBootManagerSettingsDxeLib │ │ ├── BootManagerSettings.c │ │ └── MsBootManagerSettingsDxeLib.inf │ ├── MsBootPolicyLib │ │ ├── MsBootPolicyLib.c │ │ └── MsBootPolicyLib.inf │ ├── MsNVBootReasonLib │ │ ├── MsNVBootReasonLib.c │ │ └── MsNVBootReasonLib.inf │ ├── MsSecureBootModeSettingLib │ │ ├── MsSecureBootModeSettingLib.inf │ │ └── SecureBootModeSetting.c │ ├── MuUefiVersionLib │ │ ├── MuUefiVersionLib.c │ │ └── MuUefiVersionLib.inf │ ├── OemMfciLib │ │ ├── OemMfciLibDxe.c │ │ ├── OemMfciLibDxe.inf │ │ ├── OemMfciLibPei.c │ │ └── OemMfciLibPei.inf │ ├── PasswordPolicyLib │ │ ├── PasswordPolicyInternal.h │ │ ├── PasswordPolicyLib.c │ │ └── PasswordPolicyLib.inf │ ├── PasswordPolicyLibNull │ │ ├── PasswordPolicyLibNull.c │ │ └── PasswordPolicyLibNull.inf │ ├── PasswordStoreLib │ │ ├── PasswordStoreInternal.h │ │ ├── PasswordStoreLib.c │ │ └── PasswordStoreLib.inf │ └── UpdateFacsHardwareSignatureLib │ │ ├── UpdateFacsHardwareSignatureLib.c │ │ └── UpdateFacsHardwareSignatureLib.inf ├── OemConfigPolicyCreatorPei │ ├── OemConfigPolicyCreatorPei.c │ └── OemConfigPolicyCreatorPei.inf ├── OemPkg.ci.yaml ├── OemPkg.dec ├── OemPkg.dsc └── Override │ └── MdeModulePkg │ └── Universal │ └── BootManagerPolicyDxe │ ├── BootManagerPolicyDxe.c │ ├── BootManagerPolicyDxe.inf │ ├── BootManagerPolicyDxe.uni │ └── BootManagerPolicyDxeExtra.uni ├── Readme.rst ├── SECURITY.md └── pip-requirements.txt /.azurepipelines/MuDevOpsWrapper.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline build file for a build using mu_devops. 3 | # 4 | # To upload coverage results, set `coverage_upload_target` to `ado` or `codecov`. 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | ## 15 | 16 | resources: 17 | repositories: 18 | - repository: mu_devops 19 | type: github 20 | endpoint: microsoft 21 | name: microsoft/mu_devops 22 | ref: refs/tags/v15.0.1 23 | 24 | parameters: 25 | - name: do_ci_build 26 | displayName: Perform Stuart CI Build 27 | type: boolean 28 | default: true 29 | - name: do_ci_setup 30 | displayName: Perform Stuart CI Setup 31 | type: boolean 32 | default: true 33 | - name: do_non_ci_build 34 | displayName: Perform non-CI Stuart Build 35 | type: boolean 36 | default: false 37 | - name: do_non_ci_setup 38 | displayName: Perform non-CI Stuart Setup 39 | type: boolean 40 | default: false 41 | - name: do_pr_eval 42 | displayName: Perform Stuart PR Evaluation 43 | type: boolean 44 | default: true 45 | - name: container_build 46 | displayName: Flag for whether this repo should do stuart_setup 47 | type: boolean 48 | default: false 49 | - name: os_type 50 | displayName: OS type on the self-hosted agent pools 51 | type: string 52 | values: 53 | - Windows_NT 54 | - Linux 55 | default: Windows_NT 56 | - name: build_matrix 57 | displayName: Build matrix for this repository 58 | type: object 59 | - name: pool_name 60 | displayName: Variable name that hosts pool name to be used for self-hosted agents 61 | type: string 62 | default: pool_name 63 | - name: extra_install_step 64 | displayName: Extra Install Steps 65 | type: stepList 66 | default: 67 | - script: echo No extra steps provided 68 | - name: extra_jobs 69 | displayName: Extra Jobs to be run after build 70 | type: jobList 71 | default: [] 72 | - name: rust_build 73 | displayName: Whether Rust code is being built 74 | type: boolean 75 | default: false 76 | - name: extra_cargo_steps 77 | displayName: Extra Steps to Run Before Standard Cargo Steps 78 | type: stepList 79 | default: 80 | - script: echo No extra cargo steps provided 81 | 82 | jobs: 83 | - template: Jobs/PrGate.yml@mu_devops 84 | parameters: 85 | linux_container_image: ghcr.io/microsoft/mu_devops/ubuntu-24-build:68fa63a 86 | ${{ if eq(parameters.rust_build, true) }}: 87 | linux_container_options: --security-opt seccomp=unconfined 88 | do_ci_build: ${{ parameters.do_ci_build }} 89 | do_ci_setup: ${{ parameters.do_ci_setup }} 90 | do_pr_eval: ${{ parameters.do_pr_eval }} 91 | do_non_ci_setup: ${{ parameters.do_non_ci_setup }} 92 | do_non_ci_build: ${{ parameters.do_non_ci_build }} 93 | build_matrix: ${{ parameters.build_matrix }} 94 | os_type: ${{ parameters.os_type }} 95 | pool_name: ${{ parameters.pool_name }} 96 | extra_install_step: ${{ parameters.extra_install_step }} 97 | tool_chain_tag: $(tool_chain_tag) 98 | vm_image: $(vm_image) 99 | container_build: ${{ parameters.container_build }} 100 | rust_build: ${{ parameters.rust_build }} 101 | 102 | - ${{ if eq(parameters.rust_build, true) }}: 103 | - job: CargoCmds 104 | displayName: Workspace Cargo Commands 105 | 106 | container: 107 | 108 | image: ghcr.io/microsoft/mu_devops/ubuntu-24-build:68fa63a 109 | options: --user root --name mu_devops_build_container --security-opt seccomp=unconfined 110 | 111 | steps: 112 | - checkout: self 113 | fetchDepth: 1 114 | clean: true 115 | - ${{ parameters.extra_cargo_steps }} 116 | - template: Steps/RustCargoSteps.yml@mu_devops 117 | parameters: 118 | container_build: true 119 | 120 | - ${{ parameters.extra_jobs }} 121 | 122 | -------------------------------------------------------------------------------- /.azurepipelines/Ubuntu-GCC5.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline build file for a build using ubuntu and GCC5. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | variables: 15 | - group: architectures-arm64-x86-64 16 | - group: tool-chain-ubuntu-gcc 17 | - group: coverage 18 | 19 | extends: 20 | template: MuDevOpsWrapper.yml 21 | parameters: 22 | do_ci_build: true 23 | do_ci_setup: true 24 | do_non_ci_setup: true 25 | container_build: true 26 | os_type: Linux 27 | build_matrix: 28 | TARGET_OEM_DEBUG: 29 | Pkgs: 'OemPkg' 30 | Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' 31 | ArchList: $(arch_list) 32 | TARGET_OEM_DEBUG_ARM: 33 | Pkgs: 'OemPkg' 34 | Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' 35 | ArchList: $(arch_list) 36 | SelfHostAgent: true 37 | -------------------------------------------------------------------------------- /.azurepipelines/Windows-VS.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Azure Pipeline build file for a build using Windows and Visual Studio. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | variables: 15 | - group: architectures-x86-64 16 | - group: tool-chain-windows-visual-studio-latest 17 | - group: coverage 18 | 19 | extends: 20 | template: MuDevOpsWrapper.yml 21 | parameters: 22 | do_ci_build: true 23 | do_ci_setup: true 24 | do_non_ci_setup: true 25 | container_build: false 26 | os_type: Windows_NT 27 | build_matrix: 28 | TARGET_OEM_DEBUG: 29 | Pkgs: 'OemPkg' 30 | Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' 31 | ArchList: $(arch_list) 32 | TARGET_OEM_DEBUG_ARM: 33 | Pkgs: 'OemPkg' 34 | Targets: 'DEBUG,RELEASE,NO-TARGET,NOOPT' 35 | ArchList: $(arch_list) 36 | SelfHostAgent: true 37 | -------------------------------------------------------------------------------- /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "image": "ghcr.io/microsoft/mu_devops/ubuntu-24-dev:latest", 3 | "postCreateCommand": "git config --global --add safe.directory '*' && git config --global --add core.autocrlf false && pip install --upgrade -r pip-requirements.txt", 4 | "customizations": { 5 | "vscode": { 6 | "extensions": [ 7 | "ms-vscode.cpptools", 8 | "DavidAnson.vscode-markdownlint" 9 | ] 10 | } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /.git-blame-ignore-revs: -------------------------------------------------------------------------------- 1 | ################################################### 2 | # Line Ending Only Changes # 3 | ################################################### 4 | # Fix line endings (LF to CRLF) 5 | 66656ef038ac9a34ce3d10f4ef3d19d3cc5b7c06 6 | 7 | ################################################### 8 | # Code Formatting (Uncrustify) Only Changes # 9 | ################################################### 10 | # Fixing Uncrustify break 11 | 2ca270b989185eba7782a24bd19c1fcb9a7b5cd2 12 | # Uncrustify: Fix up all source files to match coding policy 13 | a0db1b30cff65401ed68ef510ddeb725c3c4c868 14 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | * -text 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Bug Report Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 🐛 Bug Report 14 | description: File a bug report 15 | title: "[Bug]: " 16 | labels: ["type:bug", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to fill out this bug report! 23 | 24 | - type: checkboxes 25 | attributes: 26 | label: Is there an existing issue for this? 27 | description: Please search to see if an issue already exists for the bug you encountered. 28 | options: 29 | - label: I have searched existing issues 30 | required: true 31 | 32 | - type: textarea 33 | id: current_behavior 34 | attributes: 35 | label: Current Behavior 36 | description: A concise description of the bug that you're experiencing. 37 | validations: 38 | required: true 39 | 40 | - type: textarea 41 | id: expected_behavior 42 | attributes: 43 | label: Expected Behavior 44 | description: A concise description of what you expected to happen. 45 | validations: 46 | required: true 47 | 48 | - type: textarea 49 | id: steps_to_reproduce 50 | attributes: 51 | label: Steps To Reproduce 52 | description: Steps to reproduce the behavior. 53 | placeholder: | 54 | <example> 55 | 1. In this environment... 56 | 2. With this config... 57 | 3. Boot to '...' 58 | 4. Change option '...' 59 | 4. See error... 60 | validations: 61 | required: true 62 | 63 | - type: textarea 64 | id: build_environment 65 | attributes: 66 | label: Build Environment 67 | description: | 68 | examples: 69 | - **OS**: Ubuntu 20.04 or Windows 11... 70 | - **Tool Chain**: GCC5 or VS2022 or CLANGPDB... 71 | - **Targets Impacted**: RELEASE, DEBUG, NO-TARGET, NOOPT... 72 | value: | 73 | - OS(s): 74 | - Tool Chain(s): 75 | - Targets Impacted: 76 | render: markdown 77 | validations: 78 | required: true 79 | 80 | - type: textarea 81 | id: version_info 82 | attributes: 83 | label: Version Information 84 | description: What version of this repo reproduces the problem? 85 | placeholder: | 86 | Commit: <SHA> 87 | -or- 88 | Tag: <Tag> 89 | render: text 90 | validations: 91 | required: true 92 | 93 | - type: markdown 94 | attributes: 95 | value: | 96 | **Urgency Key** 97 | - 🟢 **Low** 98 | - A minor change with little to no important functional impact 99 | - It is not important to fix this in a specific time frame 100 | - 🟡 **Medium** 101 | - An important change with a functional impact 102 | - Will be prioritized above *low* issues in the normal course of development 103 | - 🔥 **High** 104 | - A critical change that has a significant functional impact 105 | - Must be fixed immediately 106 | 107 | - type: dropdown 108 | id: urgency 109 | attributes: 110 | label: Urgency 111 | description: How urgent is it to fix this bug? 112 | multiple: false 113 | options: 114 | - Low 115 | - Medium 116 | - High 117 | validations: 118 | required: true 119 | 120 | - type: dropdown 121 | id: fix_owner 122 | attributes: 123 | label: Are you going to fix this? 124 | description: Indicate if you are going to fix this or requesting someone else fix it. 125 | multiple: false 126 | options: 127 | - I will fix it 128 | - Someone else needs to fix it 129 | validations: 130 | required: true 131 | 132 | - type: dropdown 133 | id: needs_maintainer_feedback 134 | attributes: 135 | label: Do you need maintainer feedback? 136 | description: Indicate if you would like a maintainer to provide feedback on this submission. 137 | multiple: false 138 | options: 139 | - No maintainer feedback needed 140 | - Maintainer feedback requested 141 | validations: 142 | required: true 143 | 144 | - type: textarea 145 | id: anything_else 146 | attributes: 147 | label: Anything else? 148 | description: | 149 | Links? References? Anything that will give us more context about the issue you are encountering. 150 | 151 | Serial debug logs and/or debugger logs are especially helpful! 152 | 153 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 154 | validations: 155 | required: false 156 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Issue Configuration File 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | contact_links: 14 | - name: 📃 Project Mu Documentation 15 | url: https://microsoft.github.io/mu/ 16 | about: Goals, principles, repo layout, build instructions, and more. 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/documentation_request.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Documentation Request Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 📖 Documentation Request 14 | description: Request a documentation change 15 | title: "[Documentation]: <title>" 16 | labels: ["type:documentation", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to help us improve our documentation! 23 | 24 | - type: textarea 25 | id: request_description 26 | attributes: 27 | label: Request Description 28 | description: A clear and concise description of what needs to change. 29 | validations: 30 | required: true 31 | 32 | - type: dropdown 33 | id: request_owner 34 | attributes: 35 | label: Are you going to make the change? 36 | description: Indicate if you are going to make this change or requesting someone else make it. 37 | multiple: false 38 | options: 39 | - I will make the change 40 | - Someone else needs to make the change 41 | validations: 42 | required: true 43 | 44 | - type: dropdown 45 | id: needs_maintainer_feedback 46 | attributes: 47 | label: Do you need maintainer feedback? 48 | description: Indicate if you would like a maintainer to provide feedback on this submission. 49 | multiple: false 50 | options: 51 | - No maintainer feedback needed 52 | - Maintainer feedback requested 53 | validations: 54 | required: true 55 | 56 | - type: textarea 57 | id: anything_else 58 | attributes: 59 | label: Anything else? 60 | description: | 61 | Links? References? Anything that will give us more context about the request. 62 | 63 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 64 | validations: 65 | required: false 66 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.yml: -------------------------------------------------------------------------------- 1 | # Project Mu GitHub Feature Request Template 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: 🚀 Feature Request 14 | description: Request a feature change 15 | title: "[Feature]: <title>" 16 | labels: ["type:feature-request", "state:needs-triage"] 17 | 18 | body: 19 | - type: markdown 20 | attributes: 21 | value: | 22 | 👋 Thanks for taking the time to help us improve our features! 23 | 24 | - type: textarea 25 | id: feature_overview 26 | attributes: 27 | label: Feature Overview 28 | description: Provide a high-level summary of your feature request. 29 | validations: 30 | required: true 31 | 32 | - type: textarea 33 | id: solution_overview 34 | attributes: 35 | label: Solution Overview 36 | description: Give a clear and concise description of what you want to happen. 37 | validations: 38 | required: true 39 | 40 | - type: textarea 41 | id: alternatives_considered 42 | attributes: 43 | label: Alternatives Considered 44 | description: Describe alternatives you've considered. 45 | validations: 46 | required: false 47 | 48 | - type: markdown 49 | attributes: 50 | value: | 51 | **Urgency Key** 52 | - 🟢 **Low** 53 | - A minor enhancement 54 | - It is not important to address this request in a specific time frame 55 | - 🟡 **Medium** 56 | - An important enhancement 57 | - Will be prioritized above *low* requests in the normal course of development 58 | - 🔥 **High** 59 | - A critical enhancement with significant value 60 | - Should be prioritized above *low* and *medium* requests 61 | 62 | - type: dropdown 63 | id: urgency 64 | attributes: 65 | label: Urgency 66 | description: How urgent is it to resolve this feature request? 67 | multiple: false 68 | options: 69 | - Low 70 | - Medium 71 | - High 72 | validations: 73 | required: true 74 | 75 | - type: dropdown 76 | id: request_owner 77 | attributes: 78 | label: Are you going to implement the feature request? 79 | description: Indicate if you are going to do the work to close this feature request. 80 | multiple: false 81 | options: 82 | - I will implement the feature 83 | - Someone else needs to implement the feature 84 | validations: 85 | required: true 86 | 87 | - type: dropdown 88 | id: needs_maintainer_feedback 89 | attributes: 90 | label: Do you need maintainer feedback? 91 | description: Indicate if you would like a maintainer to provide feedback on this submission. 92 | multiple: false 93 | options: 94 | - No maintainer feedback needed 95 | - Maintainer feedback requested 96 | validations: 97 | required: true 98 | 99 | - type: textarea 100 | id: anything_else 101 | attributes: 102 | label: Anything else? 103 | description: | 104 | Links? References? Anything that will give us more context about the feature you are requesting. 105 | 106 | Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. 107 | validations: 108 | required: false 109 | -------------------------------------------------------------------------------- /.github/advanced-issue-labeler.yml: -------------------------------------------------------------------------------- 1 | # Defines the mappings between GitHub issue responses and labels applied to the issue 2 | # for Project Mu repos. 3 | # 4 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | # For more information, see: 16 | # https://github.com/redhat-plumbers-in-action/advanced-issue-labeler 17 | 18 | policy: 19 | - section: 20 | 21 | # Issue Template - Urgency Dropdown 22 | - id: ['urgency'] 23 | block-list: [] 24 | label: 25 | - name: 'urgency:low' 26 | keys: ['Low'] 27 | - name: 'urgency:medium' 28 | keys: ['Medium'] 29 | - name: 'urgency:high' 30 | keys: ['High'] 31 | 32 | # Issue Template - Fix Owner Dropdown 33 | - id: ['fix_owner', 'request_owner'] 34 | block-list: [] 35 | label: 36 | - name: 'state:needs-owner' 37 | keys: [ 38 | 'Someone else needs to fix it', 39 | 'Someone else needs to make the change', 40 | 'Someone else needs to implement the feature' 41 | ] 42 | - name: 'state:needs-triage' 43 | keys: [ 44 | 'Someone else needs to fix it', 45 | 'Someone else needs to make the change', 46 | 'Someone else needs to implement the feature' 47 | ] 48 | 49 | # Issue Template - Needs Maintainer Feedback Dropdown 50 | - id: ['needs_maintainer_feedback'] 51 | block-list: [] 52 | label: 53 | - name: 'state:needs-maintainer-feedback' 54 | keys: ['Maintainer feedback requested'] 55 | -------------------------------------------------------------------------------- /.github/codecov.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # codecov upload configuration file to carryforward coverage results of 3 | # packages that do not upload coverage results for a given pull request. 4 | ## 5 | # Copyright (c) Microsoft Corporation. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | flags: 9 | OemPkg: 10 | carryforward: true 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Dependabot configuration file to enable GitHub services for managing and updating 3 | # dependencies. 4 | # 5 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 6 | # instead of the file in this repo. 7 | # 8 | # This dependabot file is limited to syncing the following type of dependencies. Other files 9 | # are already available in Mu DevOps to sync other dependency types. 10 | # - Rust Crate Dependencies (`cargo`) 11 | # - GitHub Actions (`github-actions`) 12 | # - Python PIP Modules (`pip`) 13 | # 14 | # Dependabot does not update the microsoft/mu_devops version because that is updated once in mu_devops 15 | # and then synced to all repos when the file sync occurs. 16 | # 17 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 18 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 19 | # 20 | # Copyright (c) Microsoft Corporation. 21 | # SPDX-License-Identifier: BSD-2-Clause-Patent 22 | # 23 | # Please see the documentation for all dependabot configuration options: 24 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 25 | ## 26 | 27 | version: 2 28 | 29 | updates: 30 | - package-ecosystem: "cargo" 31 | directory: "/" 32 | schedule: 33 | interval: "weekly" 34 | day: "monday" 35 | timezone: "America/Los_Angeles" 36 | time: "03:00" 37 | commit-message: 38 | prefix: "Rust Dependency" 39 | labels: 40 | - "type:dependencies" 41 | - "type:dependabot" 42 | rebase-strategy: "disabled" 43 | 44 | - package-ecosystem: "github-actions" 45 | directory: "/" 46 | schedule: 47 | interval: "weekly" 48 | day: "monday" 49 | timezone: "America/Los_Angeles" 50 | time: "06:00" 51 | ignore: 52 | - dependency-name: "microsoft/mu_devops" 53 | commit-message: 54 | prefix: "GitHub Action" 55 | labels: 56 | - "type:dependencies" 57 | - "type:dependabot" 58 | rebase-strategy: "disabled" 59 | 60 | - package-ecosystem: "pip" 61 | directory: "/" 62 | schedule: 63 | interval: "weekly" 64 | day: "wednesday" 65 | timezone: "America/Los_Angeles" 66 | time: "01:00" 67 | commit-message: 68 | prefix: "pip" 69 | labels: 70 | - "language:python" 71 | - "type:dependencies" 72 | - "type:dependabot" 73 | rebase-strategy: "disabled" 74 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | <_Include a description of the change and why this change was made._> 4 | 5 | For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md). 6 | 7 | - [ ] Impacts functionality? 8 | - [ ] Impacts security? 9 | - [ ] Breaking change? 10 | - [ ] Includes tests? 11 | - [ ] Includes documentation? 12 | - [ ] Backport to release branch? 13 | 14 | ## How This Was Tested 15 | 16 | <_Describe the test(s) that were run to verify the changes._> 17 | 18 | ## Integration Instructions 19 | 20 | <_Describe how these changes should be integrated. Use N/A if nothing is required._> 21 | -------------------------------------------------------------------------------- /.github/release-draft-config-n-1-dev.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | name-template: 'dev-v$RESOLVED_VERSION' 21 | tag-template: 'dev-v$RESOLVED_VERSION' 22 | 23 | commitish: refs/heads/dev/202405 24 | filter-by-commitish: true 25 | 26 | template: | 27 | # What's Changed 28 | 29 | $CHANGES 30 | 31 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION 32 | 33 | categories: 34 | - title: '⚠️ Breaking Changes' 35 | labels: 36 | - 'impact:breaking-change' 37 | - title: '🚀 Features & ✨ Enhancements' 38 | labels: 39 | - 'type:design-change' 40 | - 'type:enhancement' 41 | - 'type:feature-request' 42 | - title: '🐛 Bug Fixes' 43 | labels: 44 | - 'type:bug' 45 | - title: '🔐 Security Impacting' 46 | labels: 47 | - 'impact:security' 48 | - title: '📖 Documentation Updates' 49 | labels: 50 | - 'type:documentation' 51 | - title: '🛠️ Submodule Updates' 52 | labels: 53 | - 'type:submodules' 54 | 55 | change-template: >- 56 | <ul> 57 | <li> 58 | $TITLE @$AUTHOR (#$NUMBER) 59 | <br> 60 | <details> 61 | <summary>Change Details</summary> 62 | <blockquote> 63 | <!-- Non-breaking space to have content if body is empty --> 64 |   $BODY 65 | </blockquote> 66 | <hr> 67 | </details> 68 | </li> 69 | </ul> 70 | 71 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 72 | 73 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 74 | version-resolver: 75 | major: 76 | labels: 77 | - 'impact:breaking-change' 78 | - 'semver:major' 79 | minor: 80 | labels: 81 | - 'semver:minor' 82 | - 'type:design-change' 83 | - 'type:enhancement' 84 | - 'type:feature-request' 85 | patch: 86 | labels: 87 | - 'impact:non-functional' 88 | - 'semver:patch' 89 | - 'type:bug' 90 | - 'type:documentation' 91 | default: patch 92 | 93 | exclude-labels: 94 | - 'type:dependabot' 95 | - 'type:file-sync' 96 | - 'type:notes' 97 | - 'type:question' 98 | 99 | exclude-contributors: 100 | - 'uefibot' 101 | -------------------------------------------------------------------------------- /.github/release-draft-config-n-1.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | name-template: 'dev-v$RESOLVED_VERSION' 21 | tag-template: 'dev-v$RESOLVED_VERSION' 22 | 23 | commitish: refs/heads/dev/202405 24 | filter-by-commitish: true 25 | include-labels: ["type:backport"] 26 | 27 | template: | 28 | # What's Changed 29 | 30 | $CHANGES 31 | 32 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION 33 | 34 | categories: 35 | - title: '⚠️ Breaking Changes' 36 | labels: 37 | - 'impact:breaking-change' 38 | - title: '🚀 Features & ✨ Enhancements' 39 | labels: 40 | - 'type:design-change' 41 | - 'type:enhancement' 42 | - 'type:feature-request' 43 | - title: '🐛 Bug Fixes' 44 | labels: 45 | - 'type:bug' 46 | - title: '🔐 Security Impacting' 47 | labels: 48 | - 'impact:security' 49 | - title: '📖 Documentation Updates' 50 | labels: 51 | - 'type:documentation' 52 | - title: '🛠️ Submodule Updates' 53 | labels: 54 | - 'type:submodules' 55 | 56 | change-template: >- 57 | <ul> 58 | <li> 59 | $TITLE @$AUTHOR (#$NUMBER) 60 | <br> 61 | <details> 62 | <summary>Change Details</summary> 63 | <blockquote> 64 | <!-- Non-breaking space to have content if body is empty --> 65 |   $BODY 66 | </blockquote> 67 | <hr> 68 | </details> 69 | </li> 70 | </ul> 71 | 72 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 73 | 74 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 75 | version-resolver: 76 | major: 77 | labels: 78 | - 'impact:breaking-change' 79 | - 'semver:major' 80 | minor: 81 | labels: 82 | - 'semver:minor' 83 | - 'type:design-change' 84 | - 'type:enhancement' 85 | - 'type:feature-request' 86 | patch: 87 | labels: 88 | - 'impact:non-functional' 89 | - 'semver:patch' 90 | - 'type:bug' 91 | - 'type:documentation' 92 | default: patch 93 | 94 | exclude-labels: 95 | - 'type:dependabot' 96 | - 'type:file-sync' 97 | - 'type:notes' 98 | - 'type:question' 99 | 100 | exclude-contributors: 101 | - 'uefibot' 102 | -------------------------------------------------------------------------------- /.github/release-draft-config-n-dev.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | name-template: 'dev-v$RESOLVED_VERSION' 21 | tag-template: 'dev-v$RESOLVED_VERSION' 22 | 23 | commitish: refs/heads/dev/202502 24 | filter-by-commitish: true 25 | 26 | template: | 27 | # What's Changed 28 | 29 | $CHANGES 30 | 31 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION 32 | 33 | categories: 34 | - title: '⚠️ Breaking Changes' 35 | labels: 36 | - 'impact:breaking-change' 37 | - title: '🚀 Features & ✨ Enhancements' 38 | labels: 39 | - 'type:design-change' 40 | - 'type:enhancement' 41 | - 'type:feature-request' 42 | - title: '🐛 Bug Fixes' 43 | labels: 44 | - 'type:bug' 45 | - title: '🔐 Security Impacting' 46 | labels: 47 | - 'impact:security' 48 | - title: '📖 Documentation Updates' 49 | labels: 50 | - 'type:documentation' 51 | - title: '🛠️ Submodule Updates' 52 | labels: 53 | - 'type:submodules' 54 | 55 | change-template: >- 56 | <ul> 57 | <li> 58 | $TITLE @$AUTHOR (#$NUMBER) 59 | <br> 60 | <details> 61 | <summary>Change Details</summary> 62 | <blockquote> 63 | <!-- Non-breaking space to have content if body is empty --> 64 |   $BODY 65 | </blockquote> 66 | <hr> 67 | </details> 68 | </li> 69 | </ul> 70 | 71 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 72 | 73 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 74 | version-resolver: 75 | major: 76 | labels: 77 | - 'impact:breaking-change' 78 | - 'semver:major' 79 | minor: 80 | labels: 81 | - 'semver:minor' 82 | - 'type:design-change' 83 | - 'type:enhancement' 84 | - 'type:feature-request' 85 | patch: 86 | labels: 87 | - 'impact:non-functional' 88 | - 'semver:patch' 89 | - 'type:bug' 90 | - 'type:documentation' 91 | default: patch 92 | 93 | exclude-labels: 94 | - 'type:dependabot' 95 | - 'type:file-sync' 96 | - 'type:notes' 97 | - 'type:question' 98 | 99 | exclude-contributors: 100 | - 'uefibot' 101 | -------------------------------------------------------------------------------- /.github/release-draft-config-n.yml: -------------------------------------------------------------------------------- 1 | # Defines the configuration used for drafting new releases. 2 | # 3 | # IMPORTANT: Only use labels defined in the .github/Labels.yml file in this repo. 4 | # 5 | # NOTE: `semver:major`, `semver:minor`, and `semver:patch` can be used to force that 6 | # version to roll regardless of other labels. 7 | # 8 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 9 | # instead of the file in this repo. 10 | # 11 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 12 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 13 | # 14 | # Copyright (c) Microsoft Corporation. 15 | # SPDX-License-Identifier: BSD-2-Clause-Patent 16 | # 17 | # For more information, see: 18 | # https://github.com/release-drafter/release-drafter 19 | 20 | name-template: 'dev-v$RESOLVED_VERSION' 21 | tag-template: 'dev-v$RESOLVED_VERSION' 22 | 23 | commitish: refs/heads/dev/202502 24 | filter-by-commitish: true 25 | include-labels: ["type:backport"] 26 | 27 | template: | 28 | # What's Changed 29 | 30 | $CHANGES 31 | 32 | **Full Changelog**: https://github.com/$OWNER/$REPOSITORY/compare/$PREVIOUS_TAG...dev-v$RESOLVED_VERSION 33 | 34 | categories: 35 | - title: '⚠️ Breaking Changes' 36 | labels: 37 | - 'impact:breaking-change' 38 | - title: '🚀 Features & ✨ Enhancements' 39 | labels: 40 | - 'type:design-change' 41 | - 'type:enhancement' 42 | - 'type:feature-request' 43 | - title: '🐛 Bug Fixes' 44 | labels: 45 | - 'type:bug' 46 | - title: '🔐 Security Impacting' 47 | labels: 48 | - 'impact:security' 49 | - title: '📖 Documentation Updates' 50 | labels: 51 | - 'type:documentation' 52 | - title: '🛠️ Submodule Updates' 53 | labels: 54 | - 'type:submodules' 55 | 56 | change-template: >- 57 | <ul> 58 | <li> 59 | $TITLE @$AUTHOR (#$NUMBER) 60 | <br> 61 | <details> 62 | <summary>Change Details</summary> 63 | <blockquote> 64 | <!-- Non-breaking space to have content if body is empty --> 65 |   $BODY 66 | </blockquote> 67 | <hr> 68 | </details> 69 | </li> 70 | </ul> 71 | 72 | change-title-escapes: '\<*_&@' # Note: @ is added to disable mentions 73 | 74 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 75 | version-resolver: 76 | major: 77 | labels: 78 | - 'impact:breaking-change' 79 | - 'semver:major' 80 | minor: 81 | labels: 82 | - 'semver:minor' 83 | - 'type:design-change' 84 | - 'type:enhancement' 85 | - 'type:feature-request' 86 | patch: 87 | labels: 88 | - 'impact:non-functional' 89 | - 'semver:patch' 90 | - 'type:bug' 91 | - 'type:documentation' 92 | default: patch 93 | 94 | exclude-labels: 95 | - 'type:dependabot' 96 | - 'type:file-sync' 97 | - 'type:notes' 98 | - 'type:question' 99 | 100 | exclude-contributors: 101 | - 'uefibot' 102 | -------------------------------------------------------------------------------- /.github/workflows/auto-approve.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically approves pull requests under certain conditions. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made 7 | # in the common/reusable workflow. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Auto Approve Pull Request 17 | 18 | on: 19 | pull_request_target: 20 | types: 21 | - opened 22 | - reopened 23 | 24 | jobs: 25 | approval_check: 26 | 27 | permissions: 28 | pull-requests: write 29 | 30 | if: | 31 | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' 32 | uses: microsoft/mu_devops/.github/workflows/AutoApprover.yml@v10.0.0 33 | secrets: inherit 34 | -------------------------------------------------------------------------------- /.github/workflows/auto-merge.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically merges pull requests under certain conditions. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made 7 | # in the common/reusable workflow. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Auto Merge Pull Request 17 | 18 | on: 19 | pull_request_target: 20 | types: 21 | - opened 22 | - reopened 23 | - synchronize 24 | 25 | jobs: 26 | merge_check: 27 | 28 | permissions: 29 | contents: read 30 | pull-requests: write 31 | issues: write 32 | 33 | if: | 34 | github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'uefibot' 35 | uses: microsoft/mu_devops/.github/workflows/AutoMerger.yml@v10.0.0 36 | secrets: inherit 37 | -------------------------------------------------------------------------------- /.github/workflows/issue-assignment.yml: -------------------------------------------------------------------------------- 1 | # This workflow provides actions that should be applied when an issue is assigned. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: React to Issue Assignment 14 | 15 | on: 16 | issues: 17 | types: assigned 18 | 19 | jobs: 20 | apply: 21 | 22 | permissions: 23 | contents: read 24 | issues: write 25 | 26 | uses: microsoft/mu_devops/.github/workflows/IssueAssignment.yml@v15.0.1 27 | -------------------------------------------------------------------------------- /.github/workflows/label-issues.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically applies labels to GitHub issues and pull requests based on the 2 | # file paths in a pull request or content in the body of an issue or pull request. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # NOTE: This file uses a reusable workflow. Do not make changes to the file that should be made 8 | # in the common/reusable workflow. 9 | # 10 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 11 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 12 | # 13 | # Copyright (c) Microsoft Corporation. 14 | # SPDX-License-Identifier: BSD-2-Clause-Patent 15 | # 16 | 17 | name: Apply Issue and PR Labels 18 | 19 | on: 20 | issues: 21 | types: 22 | - edited 23 | - opened 24 | pull_request_target: 25 | types: 26 | - edited 27 | - opened 28 | - reopened 29 | - synchronize 30 | workflow_dispatch: 31 | 32 | jobs: 33 | apply: 34 | 35 | permissions: 36 | contents: read 37 | pull-requests: write 38 | 39 | uses: microsoft/mu_devops/.github/workflows/Labeler.yml@v15.0.1 40 | -------------------------------------------------------------------------------- /.github/workflows/label-issues/file-paths.yml: -------------------------------------------------------------------------------- 1 | # Specifies labels to apply to issues and pull requests based on file path patterns in Project Mu repositories. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # For more information, see: 13 | # https://github.com/actions/labeler 14 | 15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 16 | 17 | language:python: 18 | - '**/*.py' 19 | -------------------------------------------------------------------------------- /.github/workflows/label-issues/regex-pull-requests.yml: -------------------------------------------------------------------------------- 1 | # Specifies labels to apply to pull requests in Project Mu repositories based on regular expressions. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # For more information, see: 13 | # https://github.com/srvaroa/labeler 14 | 15 | # Maintenance: Keep labels organized in ascending alphabetical order - easier to scan, identify duplicates, etc. 16 | version: 1 17 | issues: False 18 | 19 | labels: 20 | - label: type:backport 21 | type: "pull_request" 22 | body: '\s*\[\s*(x|X){1}\s*\]\s*Backport to release branch\?' 23 | 24 | - label: type:backport 25 | type: "pull_request" 26 | authors: ["mu-automation[bot]"] 27 | branch : "repo-sync/mu_devops/default" 28 | base-branch: "dev/20[0-9]{4}" 29 | 30 | - label: type:backport 31 | type: "pull_request" 32 | authors: ["dependabot[bot]"] 33 | branch : "dependabot/*" 34 | base-branch: "dev/20[0-9]{4}" 35 | 36 | - label: impact:breaking-change 37 | type: "pull_request" 38 | body: '\s*\[\s*(x|X){1}\s*\]\s*Breaking\s*change\?' 39 | 40 | - label: type:documentation 41 | type: "pull_request" 42 | body: '\s*\[\s*(x|X){1}\s*\]\s*Includes\s*documentation\?' 43 | 44 | - label: impact:non-functional 45 | type: "pull_request" 46 | body: '\s*\[\s*\]\s*Impacts\s*functionality\?' 47 | 48 | - label: impact:security 49 | type: "pull_request" 50 | body: '\s*\[\s*(x|X){1}\s*\]\s*Impacts\s*security\?' 51 | 52 | - label: impact:testing 53 | type: "pull_request" 54 | body: '\[\s*(x|X){1}\s*\]\s*Includes\s*tests\?' 55 | -------------------------------------------------------------------------------- /.github/workflows/label-sync.yml: -------------------------------------------------------------------------------- 1 | # This workflow syncs GitHub labels to the common set of labels defined in Mu DevOps. 2 | # 3 | # All repos should sync at the same time. 4 | # '0 0,12 * * *'' 5 | # 6 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 7 | # instead of the file in this repo. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Sync GitHub Labels 17 | 18 | on: 19 | schedule: 20 | # At minute 0 past hour 0 and 12 21 | # https://crontab.guru/#0_0,12_*_*_* 22 | - cron: '0 0,12 * * *' 23 | workflow_dispatch: 24 | 25 | jobs: 26 | sync: 27 | 28 | permissions: 29 | issues: write 30 | 31 | uses: microsoft/mu_devops/.github/workflows/LabelSyncer.yml@v15.0.1 32 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-formatting-validator.yml: -------------------------------------------------------------------------------- 1 | # This workflow validates basic pull request formatting requirements are met. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | 13 | name: Validate Pull Request Formatting 14 | 15 | on: 16 | pull_request_target: 17 | types: 18 | - edited 19 | - opened 20 | - reopened 21 | - synchronize 22 | 23 | jobs: 24 | validate_pr: 25 | runs-on: ubuntu-latest 26 | 27 | permissions: 28 | contents: read 29 | pull-requests: write 30 | 31 | steps: 32 | - run: | 33 | prTitle="$(gh api graphql -F owner=$OWNER -F name=$REPO -F pr_number=$PR_NUMBER -f query=' 34 | query($name: String!, $owner: String!, $pr_number: Int!) { 35 | repository(owner: $owner, name: $name) { 36 | pullRequest(number: $pr_number) { 37 | title 38 | } 39 | } 40 | }')" 41 | 42 | if [[ "${prTitle}" == *"Personal/"* ]]; then 43 | gh pr comment $PR_URL --body "⚠️ Please add a meaningful PR title (remove the 'Personal/' prefix from the title)." 44 | echo 'VALIDATION_ERROR=true' >> $GITHUB_ENV 45 | fi 46 | 47 | env: 48 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 49 | OWNER: ${{ github.repository_owner }} 50 | PR_NUMBER: ${{ github.event.number }} 51 | PR_URL: ${{ github.event.pull_request.html_url }} 52 | REPO: ${{ github.event.repository.name }} 53 | 54 | - name: Check for Validation Errors 55 | if: env.VALIDATION_ERROR 56 | uses: actions/github-script@v7 57 | with: 58 | script: | 59 | core.setFailed('PR Formatting Validation Check Failed!') 60 | -------------------------------------------------------------------------------- /.github/workflows/release-draft.yml: -------------------------------------------------------------------------------- 1 | # This workflow automatically drafts new project releases so it is obvious 2 | # what a current release will look like at any time. 3 | # 4 | # It takes advantage of the labels used in Project Mu to automatically categorize 5 | # the types of changes in a given release. In addition, the semantic version of 6 | # the code is constantly maintained based on Project Mu label conventions to ensure 7 | # semantic versioning is followed and a release version is always ready. 8 | # 9 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 10 | # instead of the file in this repo. 11 | # 12 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 13 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 14 | # 15 | # Copyright (c) Microsoft Corporation. 16 | # SPDX-License-Identifier: BSD-2-Clause-Patent 17 | # 18 | # For more information, see: 19 | # https://github.com/release-drafter/release-drafter 20 | 21 | name: Update Release Draft 22 | 23 | on: 24 | workflow_run: 25 | workflows: ["Backport Commits to Release Branch"] 26 | branches: [dev/202502] 27 | types: 28 | - completed 29 | 30 | jobs: 31 | draft: 32 | name: Draft Releases 33 | 34 | permissions: 35 | contents: write 36 | pull-requests: write 37 | 38 | uses: microsoft/mu_devops/.github/workflows/ReleaseDrafter.yml@v15.0.1 39 | secrets: inherit 40 | -------------------------------------------------------------------------------- /.github/workflows/scheduled-maintenance.yml: -------------------------------------------------------------------------------- 1 | # This workflow performs scheduled maintenance tasks. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # NOTE: This file uses reusable workflows. Do not make changes to the file that should be made 7 | # in the common/reusable workflows. 8 | # 9 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 10 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 11 | # 12 | # Copyright (c) Microsoft Corporation. 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | # 15 | 16 | name: Scheduled Maintenance 17 | 18 | on: 19 | schedule: 20 | # * is a special character in YAML so you have to quote this string 21 | # Run every hour - https://crontab.guru/#0_*_*_*_* 22 | - cron: '0 * * * *' 23 | 24 | jobs: 25 | repo_cleanup: 26 | runs-on: ubuntu-latest 27 | 28 | permissions: 29 | pull-requests: write 30 | issues: write 31 | 32 | steps: 33 | - name: Get Repository Info 34 | run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV 35 | 36 | - name: Prune Won't Fix Pull Requests 37 | env: 38 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 39 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 40 | run: | 41 | gh api \ 42 | -H "Accept: application/vnd.github+json" \ 43 | /repos/microsoft/${REPOSITORY}/pulls | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 44 | while read -r html_url ; do 45 | read -r labels 46 | if [[ $labels == *"state:wont-fix"* ]]; then 47 | gh pr close $html_url -c "Closed due to being marked as wont fix" --delete-branch 48 | fi 49 | done 50 | 51 | - name: Prune Won't Fix Issues 52 | env: 53 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 54 | REPOSITORY: ${{ env.REPOSITORY_NAME }} 55 | run: | 56 | gh api \ 57 | -H "Accept: application/vnd.github+json" \ 58 | /repos/microsoft/${REPOSITORY}/issues | jq -r '.[]' | jq -rc '.html_url,.labels' | \ 59 | while read -r html_url ; do 60 | read -r labels 61 | if [[ $labels == *"state:wont-fix"* ]]; then 62 | gh issue close $html_url -c "Closed due to being marked as wont fix" -r "not planned" 63 | fi 64 | done 65 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. 2 | # 3 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 4 | # instead of the file in this repo. 5 | # 6 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 7 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 8 | # 9 | # Copyright (c) Microsoft Corporation. 10 | # SPDX-License-Identifier: BSD-2-Clause-Patent 11 | # 12 | # You can adjust the behavior by modifying this file. 13 | # For more information, see: 14 | # https://github.com/actions/stale 15 | 16 | name: Check for Stale Issues and Pull Requests 17 | 18 | on: 19 | schedule: 20 | # At 23:35 on every day-of-week from Sunday through Saturday 21 | # https://crontab.guru/#35_23_*_*_0-6 22 | - cron: '35 23 * * 0-6' 23 | workflow_dispatch: 24 | 25 | jobs: 26 | check: 27 | 28 | permissions: 29 | issues: write 30 | pull-requests: write 31 | 32 | uses: microsoft/mu_devops/.github/workflows/Stale.yml@v15.0.1 33 | -------------------------------------------------------------------------------- /.github/workflows/triage-issues.yml: -------------------------------------------------------------------------------- 1 | # This workflow assists with initial triage of new issues by applying 2 | # labels based on data provided in the issue. 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | # 13 | 14 | name: Initial Triage for New Issue 15 | 16 | on: 17 | issues: 18 | types: [ opened ] 19 | 20 | jobs: 21 | triage: 22 | 23 | permissions: 24 | issues: write 25 | 26 | uses: microsoft/mu_devops/.github/workflows/IssueTriager.yml@v15.0.1 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /Build/ 2 | .DS_Store 3 | *_extdep/ 4 | *.pyc 5 | __pycache__/ 6 | tags/ 7 | .vscode/ 8 | *.bak 9 | BuildConfig.conf 10 | 11 | # Ignore cloned dependencies 12 | /Common 13 | /Features 14 | /Silicon 15 | /MU_BASECORE 16 | 17 | _TEMP_*/ 18 | /Conf/ 19 | -------------------------------------------------------------------------------- /.markdownlint.yaml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # markdownlint configuration 3 | # 4 | # NOTE: This file is automatically synchronized from Mu DevOps. Update the original file there 5 | # instead of the file in this repo. 6 | # 7 | # - Mu DevOps Repo: https://github.com/microsoft/mu_devops 8 | # - File Sync Settings: https://github.com/microsoft/mu_devops/blob/main/.sync/Files.yml 9 | # 10 | # Copyright (c) Microsoft Corporation. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | # Rules can be found here: https://github.com/DavidAnson/markdownlint/blob/main/doc/Rules.md 15 | # Config info: https://github.com/DavidAnson/markdownlint#configuration 16 | 17 | { 18 | "default": true, 19 | "MD013": {"line_length": 120, "code_blocks": false, "tables": false}, 20 | "MD033": {"allowed_elements": ["br"]} 21 | } 22 | -------------------------------------------------------------------------------- /.markdownlintignore: -------------------------------------------------------------------------------- 1 | # Ignore build directory 2 | /Build/ 3 | 4 | # Ignore external dependencies 5 | *_extdep/ 6 | 7 | # Ignore cloned dependencies 8 | /Common/MU_TIANO 9 | /Common/MU 10 | /MU_BASECORE -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Project Mu 2 | 3 | Welcome, and thank you for your interest in contributing to Project Mu! 4 | 5 | There are many ways in which you can contribute, beyond writing code. The goal of this document is to provide a 6 | high-level overview of how you can get involved. 7 | 8 | If this is your first time working with Project Mu, please keep in mind that many project details are maintained in 9 | the [Project Mu Documentation](https://microsoft.github.io/mu/). 10 | 11 | ## Asking Questions 12 | 13 | Have a question? Rather than opening an issue, please post your question under the `Q&A` category in the `Discussions` 14 | section of the relevant Project Mu GitHub repo. 15 | 16 | ## Reporting Issues 17 | 18 | Every Project Mu repo has an `Issues` section. Bug reports, feature requests, and documentation requests can all be 19 | submitted in the issues section. 20 | 21 | ## Security Vulnerabilities 22 | 23 | Please review the repos `Security Policy` but in general every Project Mu repo has `Private vulnerability reporting` 24 | enabled. Please use the security tab to report a potential issue. 25 | 26 | ### Identify Where to Report 27 | 28 | Project Mu is distributed across multiple repositories. Use features such as issues and discussions in the repository 29 | most relevant to the topic. 30 | 31 | Although we prefer items to be filed in the most relevant repo, if you're unsure which repo is most relevant, the item 32 | can be filed in the [Project Mu Documentation Repo](https://github.com/microsoft/mu) and we will review the request and 33 | move it to the relevant repo if necessary. 34 | 35 | ### Look For an Existing Issue 36 | 37 | Before you create a new issue, please do a search in the issues section of the relevant repo to see if the issue or 38 | feature request has already been filed. 39 | 40 | If you find your issue already exists, make relevant comments and add your 41 | [reaction](https://github.com/blog/2119-add-reactions-to-pull-requests-issues-and-comments). Use a reaction in place 42 | of a "+1" comment: 43 | 44 | * 👍 - upvote 45 | * 👎 - downvote 46 | 47 | If you cannot find an existing issue that describes your bug or feature, create a new issue using the guidelines below. 48 | 49 | ### Follow Your Issue 50 | 51 | Please continue to follow your request after it is submitted to assist with any additional information that might be 52 | requested. 53 | 54 | ### Pull Request Best Practices 55 | 56 | Pull requests for UEFI code can become large and difficult to review due to the large number of build and 57 | configuration files. To aid maintainers in reviewing your code, we suggest adhering to the following guidelines: 58 | 59 | 1. Do keep code reviews single purpose; don't add more than one feature at a time. 60 | 2. Do fix bugs independently of adding features. 61 | 3. Do provide documentation and unit tests. 62 | 4. Do introduce code in digestible amounts. 63 | * If the contribution logically be broken up into separate pull requests that independently build and function 64 | successfully, do use multiple pull requests. 65 | 66 | #### Pull Request Description Checkboxes 67 | 68 | Project Mu pull requests autopopulate a PR description from a template in most repositories. You should: 69 | 70 | 1. **Replace** this text with an actual descrption: 71 | 72 | ```txt 73 | <_Include a description of the change and why this change was made._> 74 | ``` 75 | 76 | 2. **Remove** this line of instructions so the PR description shows cleanly in release notes: 77 | 78 | `"For details on how to complete these options and their meaning refer to [CONTRIBUTING.md](https://github.com/microsoft/mu/blob/HEAD/CONTRIBUTING.md)."` 79 | 80 | 3. For each checkbox in the PR description, **place an "x"** in between `[` and `]` if true. Example: `[x]`. 81 | _(you can also check items in the GitHub UI)_ 82 | 83 | * **[] Impacts functionality?** 84 | * **Functionality** - Does the change ultimately impact how firmware functions? 85 | * Examples: Add a new library, publish a new PPI, update an algorithm, ... 86 | * **[] Impacts security?** 87 | * **Security** - Does the change have a direct security impact on an application, 88 | flow, or firmware? 89 | * Examples: Crypto algorithm change, buffer overflow fix, parameter 90 | validation improvement, ... 91 | * **[] Breaking change?** 92 | * **Breaking change** - Will anyone consuming this change experience a break 93 | in build or boot behavior? 94 | * Examples: Add a new library class, move a module to a different repo, call 95 | a function in a new library class in a pre-existing module, ... 96 | * [] **Includes tests?** 97 | * **Tests** - Does the change include any explicit test code? 98 | * Examples: Unit tests, integration tests, robot tests, ... 99 | * [] **Includes documentation?** 100 | * **Documentation** - Does the change contain explicit documentation additions 101 | outside direct code modifications (and comments)? 102 | * Examples: Update readme file, add feature readme file, link to documentation 103 | on an a separate Web page, ... 104 | 105 | 4. **Replace** this text as instructed: 106 | 107 | ```txt 108 | <_Describe the test(s) that were run to verify the changes._> 109 | ``` 110 | 111 | 5. **Replace** this text as instructed: 112 | 113 | ```txt 114 | <_Describe how these changes should be integrated. Use N/A if nothing is required._> 115 | ``` 116 | 117 | #### Code Categories 118 | 119 | To keep code digestible, you may consider breaking large pull requests into three categories of commits within the pull 120 | request. 121 | 122 | 1. **Interfaces**: .h, .inf, .dec, documentation 123 | 2. **Implementation**: .c, unit tests, unit test build file; unit tests should build and run at this point 124 | 3. **Integration/Build**: .dec, .dsc, .fdf, (.yml) configuration files, integration tests; code added to platform and 125 | affects downstream consumers 126 | 127 | By breaking the pull request into these three categories, the pull request reviewers can digest each piece 128 | independently. 129 | 130 | If your commits are still very large after adhering to these categories, consider further breaking the pull request 131 | down by library/driver; break each component into its own commit. 132 | 133 | #### Implementation Limits 134 | 135 | Implementation is ultimately composed of functions as logical units of code. 136 | 137 | To help maintainers review the code and improve long-term maintainability, limit functions to 60 lines of code. If your 138 | function exceeds 60 lines of code, it likely has also exceeded a single responsibility and should be broken up. 139 | 140 | Files are easier to review and maintain if they contain functions that serves similar purpose. Limit files to around 141 | 1,000 lines of code (excluding comments). If your file exceeds 1,000 lines of code, it may have functions that should 142 | be split into separate files. 143 | 144 | --- 145 | 146 | By following these guidelines, your pull requests will be reviewed faster, and you'll avoid being asked to refactor the 147 | code to follow the guidelines. 148 | 149 | Feel free to create a draft pull request and ask for suggestions on how to split the pull request if you are unsure. 150 | 151 | ## Thank You 152 | 153 | Thank you for your interest in Project Mu and taking the time to contribute! 154 | -------------------------------------------------------------------------------- /CodeQlFilters.yml: -------------------------------------------------------------------------------- 1 | ## @file 2 | # CodeQL Result Filters for Packages in oem_sample 3 | # 4 | # Note: 5 | # 1. Packages that use Mu Basecore can reuse this file to quickly pick up the 6 | # same filters applied to results in the Mu Basecore repo. 7 | # 2. It is recommended paths begin with `**/` in filter files residing in repos that 8 | # are used as dependencies by other repos. That way the filter 9 | # will apply both in the current repo directly and regardless of where the repo is 10 | # located within a downstream repos directory hierarchy. 11 | # 12 | # Copyright (c) Microsoft Corporation 13 | # SPDX-License-Identifier: BSD-2-Clause-Patent 14 | ## 15 | 16 | { 17 | "Filters": 18 | [ 19 | "-**/OemPkg/Library/MsBootManagerSettingsDxeLib/BootManagerSettings.c:cpp/unsigned-comparison-zero", 20 | "-**/OemPkg/Library/PasswordPolicyLib/PasswordPolicyLib.c:cpp/unused-static-variable", 21 | ], 22 | } 23 | -------------------------------------------------------------------------------- /Docs/Frontpage_Includes/Frontpage_FDF_Include.md: -------------------------------------------------------------------------------- 1 | # FDF Include File in Detail 2 | 3 | This readme aims to describe FrontpageDsc.inc in detail, providing details and justification for 4 | the libraries and components included for Frontpage. 5 | 6 | ## Preliminaries 7 | 8 | ### What is an FDF File 9 | 10 | The .fdf filetype is an EDK2 Platform Description file format. The FDF file is used to describe the content and 11 | layout of binary images. It is used in conjunction with an EDK2 DSC file to generate bootable images, 12 | option ROM images, and update capsules for bootable images that comply with the UEFI specifications. To 13 | learn more about FDF files, look at the 14 | [specification](https://edk2-docs.gitbook.io/edk-ii-fdf-specification/) 15 | on the tianocore-docs github. 16 | 17 | ### What is an INF File 18 | 19 | The .inf filetype is an EDK2 Platform Description file format. The INF file describes properties of a module, 20 | how it is coded, what it provides, what it depends on, architecture specific items, features, etc. regarding 21 | the module. To learn more about INF files, look at the 22 | [specification](https://edk2-docs.gitbook.io/edk-ii-inf-specification/) 23 | on the tianocore-docs github. 24 | 25 | ### How do I Include an FDF File 26 | 27 | This file will be included in the DSC file for the platform being built. The syntax for including a file 28 | is: 29 | 30 | !include path/to/fdf/inc/file 31 | 32 | ### What is DFCI 33 | 34 | From the [feature document](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/): 35 | *The Device Firmware Configuration Interface (DFCI) brings new levels of security and usability to 36 | PC configuration management. It is a new feature of UEFI that enables secure programmatic configuration 37 | of hardware settings that are typically configured within a BIOS menu.* 38 | 39 | ## FDF Breakdown 40 | 41 | This first line is a comment simply alerting the dev to include this file at some point under the 42 | [FV.FvMain] section of the platform FDF file. 43 | 44 | # Continuation of [FV.FvMain] 45 | 46 | Finds and takes ownership of gEfiGraphicsOutputProtocolGuid so RenderingEngine can use it by uninstalling 47 | it on its current handle and reinstalling it on a new one. 48 | 49 | INF MsGraphicsPkg/GopOverrideDxe/GopOverrideDxe.inf 50 | 51 | AuthManager provides authentication for [DFCI](#what-is-dfci). 52 | 53 | INF DfciPkg/IdentityAndAuthManager/IdentityAndAuthManagerDxe.inf 54 | 55 | The main component of [DFCI](#what-is-dfci) which manages and enforces all DFCI settings 56 | 57 | INF DfciPkg/SettingsManager/SettingsManagerDxe.inf 58 | 59 | Installs protocol to share the UI theme. 60 | 61 | INF MsGraphicsPkg/MsUiTheme/Dxe/MsUiThemeProtocol.inf 62 | 63 | Produces EfiGraphicsOutputProtocol to draw graphics to the screen 64 | 65 | INF MsGraphicsPkg/RenderingEngineDxe/RenderingEngineDxe.inf 66 | 67 | Produces gEdkiiFormDisplayEngineProtocolGuid protocol which handles input and displays strings 68 | 69 | INF MsGraphicsPkg/DisplayEngineDxe/DisplayEngineDxe.inf 70 | 71 | Application that presents & manages the Boot Menu Setup on Front Page. 72 | 73 | INF OemPkg/BootMenu/BootMenu.inf 74 | 75 | Application that presents and manages FrontPage. 76 | 77 | INF OemPkg/FrontPage/FrontPage.inf 78 | 79 | Enables MsBootPolicy which implements the desired boot behavior when no UEFI boot options are present (or they 80 | failed) and a alternate boot has been requested (ex. booting from USB). 81 | 82 | INF PcBdsPkg/MsBootPolicy/MsBootPolicy.inf 83 | 84 | A module which produces Boot Manager Policy protocol. 85 | 86 | INF MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf 87 | 88 | A regular expression library to support Remote/IT/Admin Settings such as [DFCI](#what-is-dfci). 89 | 90 | INF MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf 91 | 92 | Processes ingoing and outgoing [DFCI](#what-is-dfci) settings requests 93 | 94 | INF DfciPkg/DfciManager/DfciManager.inf 95 | 96 | Driver for On Screen Keyboard. 97 | 98 | INF MsGraphicsPkg/OnScreenKeyboardDxe/OnScreenKeyboardDxe.inf 99 | 100 | Spoofs button press to automatically boot to FrontPage. 101 | 102 | INF OemPkg/FrontpageButtonsVolumeUp/FrontpageButtonsVolumeUp.inf 103 | 104 | Manages windows and fonts to be drawn by the rendering engine 105 | 106 | INF MsGraphicsPkg/SimpleWindowManagerDxe/SimpleWindowManagerDxe.inf 107 | 108 | This final bit places the bmp files and shell.efi file within this firmware volume so they can be 109 | accessed by UEFI drivers. 110 | 111 | FILE APPLICATION=PCD(gPcBdsPkgTokenSpaceGuid.PcdShellFile) { 112 | SECTION PE32=$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/AARCH64/Shell.efi 113 | SECTION UI= "EdkShell" 114 | } 115 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdLogoFile) { 116 | SECTION RAW = OemPkg/FrontPage/Resources/BootLogo.bmp 117 | SECTION UI = "Logo" 118 | } 119 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdFrontPageLogoFile) { 120 | SECTION RAW = OemPkg/FrontPage/Resources/FrontpageLogo.bmp 121 | } 122 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdLowBatteryFile) { 123 | SECTION RAW = OemPkg/FrontPage/Resources/LBAT.bmp 124 | } 125 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdThermalFile) { 126 | SECTION RAW = OemPkg/FrontPage/Resources/THOT.bmp 127 | } 128 | -------------------------------------------------------------------------------- /Docs/Frontpage_Includes/colorbar_mu.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/Docs/Frontpage_Includes/colorbar_mu.PNG -------------------------------------------------------------------------------- /Docs/Repo_Details.md: -------------------------------------------------------------------------------- 1 | # Project Mu Oem Sample Repository 2 | 3 | ??? info "Git Details" 4 | Repository Url: {{mu_oem_sample.url}} 5 | Branch: {{mu_oem_sample.branch}} 6 | Commit: [{{mu_oem_sample.commit}}]({{mu_oem_sample.commitlink}}) 7 | Commit Date: {{mu_oem_sample.date}} 8 | 9 | This repository is considered sample code for any entity building devices using Project Mu. It is 10 | likely that any device manufacturer will want to customize the device behavior by changing the modules 11 | in this package. 12 | 13 | * Numerous libraries to support UEFI Boot Device Selection phase (BDS) 14 | * Firmware Version information 15 | * UI App / "FrontPage" application support as well as example 16 | 17 | ## More Info 18 | 19 | FrontpageDsc and FrontpageFdf that can be included so you don't have to unravel all of the libraries and 20 | protocols that are required to get started with FrontPage. Includes contain comments for clarity, and 21 | there is a more extensive explanation for each library in the Docs/Frontpage_Includes. 22 | 23 | Please see the Project Mu [docs](https://github.com/Microsoft/mu) for more information. 24 | 25 | This project has adopted the 26 | [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 27 | 28 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or 29 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 30 | 31 | ## Per Platform Libraries 32 | 33 | **NOTE:** Three libraries (MsPlatformDevicesLib, DfciDeviceIdSupportLib, PlatformThemeLib) will need 34 | to be implemented per platform and included in the DSC file. An example can be found in the 35 | [NXP iMX8 platform](https://github.com/ms-iot/MU_SILICON_NXP/tree/master/iMX8Pkg). 36 | 37 | ## Issues 38 | 39 | Please open any issues in the Project Mu GitHub tracker. 40 | [More Details](https://microsoft.github.io/mu/How/contributing/) 41 | 42 | ## Contributing Code or Docs 43 | 44 | Please follow the general Project Mu Pull Request process. 45 | [More Details](https://microsoft.github.io/mu/How/contributing/) 46 | 47 | * [Code Requirements](/DeveloperDocs/code_requirements) 48 | * [Doc Requirements](/DeveloperDocs/doc_requirements) 49 | 50 | ## PR-Gate Builds 51 | 52 | ```cmd 53 | pip install --upgrade -r requirements.txt 54 | mu_build -c corebuild.mu.json 55 | ``` 56 | 57 | [![Build Status](https://dev.azure.com/projectmu/mu/_apis/build/status/mu_oem_sample%20PR%20gate)](https://dev.azure.com/projectmu/mu/_build/latest?definitionId=7) 58 | 59 | ## Copyright & License 60 | 61 | Copyright (C) Microsoft Corporation SPDX-License-Identifier: BSD-2-Clause-Patent 62 | 63 | All rights reserved. Redistribution and use in source and binary forms, with or without modification, 64 | are permitted provided that the following conditions are met: 65 | 66 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and 67 | the following disclaimer. 68 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the 69 | following disclaimer in the documentation and/or other materials provided with the distribution. 70 | 71 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED 72 | WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 73 | PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 74 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 75 | TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 76 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 77 | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 78 | POSSIBILITY OF SUCH DAMAGE. 79 | -------------------------------------------------------------------------------- /Docs/q35_mu.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/Docs/q35_mu.gif -------------------------------------------------------------------------------- /FrontpageFdf.inc: -------------------------------------------------------------------------------- 1 | # Continuation of [FV.FvMain] 2 | INF MsGraphicsPkg/GopOverrideDxe/GopOverrideDxe.inf 3 | INF DfciPkg/AuthManagerNull/AuthManagerNull.inf 4 | INF DfciPkg/SettingsManager/SettingsManagerDxe.inf 5 | INF MsGraphicsPkg/MsUiTheme/Dxe/MsUiThemeProtocol.inf 6 | INF MsGraphicsPkg/RenderingEngineDxe/RenderingEngineDxe.inf 7 | INF MsGraphicsPkg/DisplayEngineDxe/DisplayEngineDxe.inf 8 | INF OemPkg/BootMenu/BootMenu.inf 9 | INF OemPkg/FrontPage/FrontPage.inf 10 | INF PcBdsPkg/MsBootPolicy/MsBootPolicy.inf 11 | INF MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf 12 | INF MdeModulePkg/Universal/RegularExpressionDxe/RegularExpressionDxe.inf 13 | INF DfciPkg/DfciManager/DfciManager.inf 14 | INF MsGraphicsPkg/OnScreenKeyboardDxe/OnScreenKeyboardDxe.inf 15 | INF OemPkg/FrontpageButtonsVolumeUp/FrontpageButtonsVolumeUp.inf 16 | INF MsGraphicsPkg/SimpleWindowManagerDxe/SimpleWindowManagerDxe.inf 17 | # Change AARCH64 to the appropriate architecture for your platform. 18 | FILE APPLICATION=PCD(gPcBdsPkgTokenSpaceGuid.PcdShellFile) { 19 | SECTION PE32=$(OUTPUT_DIRECTORY)/$(TARGET)_$(TOOL_CHAIN_TAG)/AARCH64/Shell.efi 20 | SECTION UI= "EdkShell" 21 | } 22 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdLogoFile) { 23 | SECTION RAW = OemPkg/FrontPage/Resources/BootLogo.bmp 24 | SECTION UI = "Logo" 25 | } 26 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdFrontPageLogoFile) { 27 | SECTION RAW = OemPkg/FrontPage/Resources/FrontpageLogo.bmp 28 | } 29 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdLowBatteryFile) { 30 | SECTION RAW = OemPkg/FrontPage/Resources/LBAT.bmp 31 | } 32 | FILE FREEFORM = PCD(gOemPkgTokenSpaceGuid.PcdThermalFile) { 33 | SECTION RAW = OemPkg/FrontPage/Resources/THOT.bmp 34 | } -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | BSD-2-Clause-Patent License 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | -------------------------------------------------------------------------------- /OemPkg/BootMenu/BootMenu.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | *BootMemu 3 | 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | **/ 8 | 9 | #ifndef _BOOT_MENU_H_ 10 | #define _BOOT_MENU_H_ 11 | 12 | // The following defines are from MsBootMenuGuid.h. Keep these in mind when altering 13 | // the values used in this formset. The dynamic question id's are QUESTION_START + boot order index 14 | 15 | #define MS_BOOT_ORDER_FORM_ID 0x1000 16 | 17 | #include <Guid/MsBootMenuGuid.h> // defines MS_BOOT_* items 18 | 19 | // The following defines are defined in Guid/MedModuleHii.h, but this header 20 | // doesn't play well with the VFR compiler. 21 | #define EFI_OTHER_DEVICE_CLASS 0x20 22 | #define EFI_GENERAL_APPLICATION_SUBCLASS 0x01 23 | 24 | #define MAX_BOOT_OPTIONS_SUPPORTED 6 // Maximum number of boot options to display in listbox 25 | 26 | #define MS_BOOT_ORDER_VARID 0x0031 27 | #define MS_BOOT_SETTINGS_VARID 0x0033 28 | #define MS_BOOT_GRAYOUT_VARID 0x0034 29 | #define MS_BOOT_SUPPRESS_VARID 0x0035 30 | 31 | #define MS_BOOT_ORDER_INIT_KEY 0x0041 32 | 33 | #define MS_BOOT_DEVICE_QUESTION_ID 0x0050 34 | #define MS_BOOT_ORDER_QUESTION_ID 0x0051 35 | 36 | #define MS_ENABLE_IPV6_QUESTION_ID 0x0061 37 | #define MS_ENABLE_ALT_BOOT_QUESTION_ID 0x0062 38 | #define MS_ENABLE_BOOT_ORDER_LOCK_QUESTION_ID 0x0063 39 | #define MS_ENABLE_USB_BOOT_QUESTION_ID 0x0064 40 | // 41 | // These are the VFR compiler generated data representing our VFR data. 42 | // 43 | extern UINT8 BootMenuVfrBin[]; 44 | 45 | #define LABEL_ORDER_OPTIONS 0x1021 46 | #define LABEL_ORDER_END 0x1022 47 | 48 | // Grid class Start delimeter (GUID opcode). 49 | // 50 | #define GRID_START_OPCODE_GUID \ 51 | { \ 52 | 0xc0b6e247, 0xe140, 0x4b4d, { 0xa6, 0x4, 0xc3, 0xae, 0x1f, 0xa6, 0xcc, 0x12 } \ 53 | } 54 | 55 | // Grid class End delimeter (GUID opcode). 56 | // 57 | #define GRID_END_OPCODE_GUID \ 58 | { \ 59 | 0x30879de9, 0x7e69, 0x4f1b, { 0xb5, 0xa5, 0xda, 0x15, 0xbf, 0x6, 0x25, 0xce } \ 60 | } 61 | 62 | // Grid class select cell location (GUID opcode). 63 | // 64 | #define GRID_SELECT_CELL_OPCODE_GUID \ 65 | { \ 66 | 0x3147b040, 0xeac3, 0x4b9f, { 0xb5, 0xec, 0xc2, 0xe2, 0x88, 0x45, 0x17, 0x4e } \ 67 | } 68 | 69 | typedef struct { 70 | UINT32 OrderOptions[MAX_BOOT_OPTIONS_SUPPORTED]; 71 | } ORDER_MENU_CONFIGURATION; 72 | 73 | typedef struct { 74 | BOOLEAN IPv6; 75 | BOOLEAN AltBoot; 76 | BOOLEAN BootOrderLock; 77 | BOOLEAN EnableUsbBoot; 78 | } SETTINGS_MENU_CONFIGURATION; 79 | 80 | typedef struct { 81 | BOOLEAN IPv6; 82 | BOOLEAN AltBoot; 83 | BOOLEAN BootOrderLock; 84 | BOOLEAN EnableUsbBoot; 85 | // 86 | BOOLEAN RestrictedAccessString; 87 | } SETTINGS_GRAYOUT_CONFIGURATION; 88 | 89 | typedef struct { 90 | BOOLEAN IPv6; 91 | BOOLEAN AltBoot; 92 | BOOLEAN BootOrderLock; 93 | BOOLEAN EnableUsbBoot; 94 | } SETTINGS_SUPPRESS_CONFIGURATION; 95 | 96 | #endif // _BOOT_MENU_H_ 97 | -------------------------------------------------------------------------------- /OemPkg/BootMenu/BootMenu.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Application that presents & manages the Boot Menu Setup on Front Page. 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | [Defines] 9 | INF_VERSION = 0x00010005 10 | BASE_NAME = BootMenu 11 | FILE_GUID = 8d865e53-bd58-4e4c-8eca-ee96b620f40f 12 | MODULE_TYPE = DXE_DRIVER 13 | VERSION_STRING = 1.0 14 | ENTRY_POINT = BootMenuEntry 15 | 16 | # 17 | # The following information is for reference only and not required by the build tools. 18 | # 19 | # VALID_ARCHITECTURES = IA32 X64 IPF EBC 20 | # 21 | 22 | [Sources] 23 | BootMenu.c 24 | BootMenuVfr.Vfr 25 | BootMenuStrings.uni 26 | 27 | [Packages] 28 | OemPkg/OemPkg.dec 29 | PcBdsPkg/PcBdsPkg.dec 30 | MdePkg/MdePkg.dec 31 | MdeModulePkg/MdeModulePkg.dec 32 | DfciPkg/DfciPkg.dec 33 | MsGraphicsPkg/MsGraphicsPkg.dec 34 | 35 | [LibraryClasses] 36 | DebugLib 37 | PrintLib 38 | HiiLib 39 | UefiDriverEntryPoint 40 | UefiBootServicesTableLib 41 | UefiRuntimeServicesTableLib 42 | UefiHiiServicesLib 43 | UefiLib 44 | UefiBootManagerLib 45 | MsBootPolicyLib 46 | BootGraphicsProviderLib 47 | BootGraphicsLib 48 | GraphicsConsoleHelperLib 49 | MsBootOptionsLib 50 | SwmDialogsLib 51 | 52 | [Guids] 53 | gEfiGlobalVariableGuid ## SOMETIMES_PRODUCES ## Variable:L"BootNext" (The number of next boot option) 54 | gEfiIfrTianoGuid 55 | gMsBootMenuFormsetGuid 56 | 57 | [Protocols] 58 | gEfiHiiConfigAccessProtocolGuid 59 | gEdkiiFormBrowserEx2ProtocolGuid 60 | gEfiSimpleFileSystemProtocolGuid 61 | gEfiLoadFileProtocolGuid 62 | gMsSWMProtocolGuid 63 | gDfciSettingAccessProtocolGuid 64 | gMsFrontPageAuthTokenProtocolGuid 65 | 66 | [FeaturePcd] 67 | 68 | [Pcd] 69 | 70 | [Depex] 71 | gEdkiiFormBrowserEx2ProtocolGuid 72 | -------------------------------------------------------------------------------- /OemPkg/BootMenu/BootMenuStrings.uni: -------------------------------------------------------------------------------- 1 | // *++ 2 | // 3 | // Copyright (c) 2006, Intel Corporation. All rights reserved.<BR> 4 | // Copyright (C) Microsoft Corporation. All rights reserved. 5 | // SPDX-License-Identifier: BSD-2-Clause-Patent 6 | // 7 | // Module Name: 8 | // 9 | // BootMenuStrings.uni 10 | // 11 | // Abstract: 12 | // 13 | // String definition 14 | // Revision History: 15 | // 16 | // --*/ 17 | 18 | #langdef en-US " English " 19 | #langdef en " Standard English " 20 | 21 | #string STR_BOOT_MENU_TITLE #language en-US "Boot Menu" 22 | 23 | #string STR_RESTRICTED_STRING #language en-US "\fc!Red!Some settings are managed by your organization." 24 | 25 | #string STR_NULL_STRING #language en-US "" 26 | 27 | #string STR_BOOT_ORDER_TITLE #language en-US "Configure boot device order" 28 | 29 | #string STR_BOOT_ORDER_HEADER #language en-US "\fh!48!Configure boot device order" 30 | 31 | #string STR_BOOT_ORDER_LIST #language en-US "To change the order devices are searched for a bootable operating system, drag each boot option to the desired location in the list. Use the checkbox to enable or disable a boot option. Click the trash icon to permanently remove a boot option from the list. Swipe left on a device to boot that device immediately." 32 | 33 | #string STR_ADVANCED_OPTIONS_HEADER #language en-US "\fh!48!Advanced options" 34 | 35 | #string STR_DEV_ENABLE_IPV6 #language en-US "\fh!28!Enable IPv6 for PXE Network boot option" 36 | 37 | #string STR_DEV_ENABLE_ALT_BOOT #language en-US "\fh!28!Enable alternate boot sequence" 38 | 39 | #string STR_DEV_ENABLE_BOOT_ORDER_LOCK #language en-US "\fh!28!Enable Boot Configuration Lock" 40 | 41 | #string STR_DEV_ENABLE_USB_BOOT #language en-US "\fh!28!Enable Boot from USB devices" 42 | 43 | #string STR_BOOT_DELETE_TITLE #language en-US "Delete option" 44 | 45 | #string STR_BOOT_DELETE_CAPTION #language en-US "Delete boot option" 46 | 47 | #string STR_BOOT_DELETE_WARNING #language en-US "The following boot option will be permanently removed from the system:\r\r\r\r%s" 48 | 49 | #string STR_BOOT_BOOT_TITLE #language en-US "Boot device" 50 | 51 | #string STR_BOOT_BOOT_CAPTION #language en-US "Boot this device immediately" 52 | 53 | #string STR_BOOT_BOOT_WARNING #language en-US "Exit UEFI Settings and boot the following device immediately:\r\r%s" 54 | 55 | -------------------------------------------------------------------------------- /OemPkg/DeviceStatePei/DeviceStatePei.c: -------------------------------------------------------------------------------- 1 | /** @file DeviceStatePei.c 2 | 3 | This platform module sets the DEVICE_STATE bits prior to display. 4 | 5 | This driver currently implements the following bits in a standard method: 6 | DEVICE_STATE_SECUREBOOT_OFF 7 | 8 | This library can either mask those bits (force low) or add other bits. See the 9 | MdeModulePkg/Include/Library/DeviceStateLib.h file for bit definitions. 10 | 11 | Copyright (C) Microsoft Corporation. 12 | 13 | SPDX-License-Identifier: BSD-2-Clause-Patent 14 | **/ 15 | #include <PiPei.h> 16 | #include <Library/DebugLib.h> 17 | #include <Library/DeviceStateLib.h> 18 | #include <Library/PeiServicesLib.h> 19 | 20 | #include <Ppi/ReadOnlyVariable2.h> 21 | 22 | #include <Guid/GlobalVariable.h> 23 | 24 | /** 25 | Helper function to query whether the secure boot variable is in place. 26 | For Project Mu Code if the PK is set then Secure Boot is enforced (there is no 27 | SetupMode) 28 | 29 | @retval TRUE if secure boot is enabled, FALSE otherwise. 30 | **/ 31 | BOOLEAN 32 | IsSecureBootOn ( 33 | ) 34 | { 35 | EFI_STATUS Status; 36 | EFI_PEI_READ_ONLY_VARIABLE2_PPI *VarPpi = NULL; 37 | UINTN PkSize = 0; 38 | 39 | Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID *)&VarPpi); 40 | if (EFI_ERROR (Status)) { 41 | DEBUG ((DEBUG_ERROR, "Failed to locate EFI_PEI_READ_ONLY_VARIABLE2_PPI. \n")); 42 | return FALSE; 43 | } 44 | 45 | Status = VarPpi->GetVariable (VarPpi, EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &PkSize, NULL); 46 | if ((Status == EFI_BUFFER_TOO_SMALL) && (PkSize > 0)) { 47 | DEBUG ((DEBUG_INFO, "%a - PK exists. Secure boot on. Pk Size is 0x%X\n", __FUNCTION__, PkSize)); 48 | return TRUE; 49 | } 50 | 51 | DEBUG ((DEBUG_INFO, "%a - PK doesn't exist. Secure boot off\n", __FUNCTION__)); 52 | return FALSE; 53 | } 54 | 55 | /** 56 | Module Entrypoint. 57 | Check States and Set State 58 | 59 | @param[in] FileHandle Handle of the file being invoked. 60 | 61 | @param[in] PeiServices General purpose services available to every PEIM. 62 | 63 | @retval EFI_SUCCESS Always returns success. 64 | **/ 65 | EFI_STATUS 66 | EFIAPI 67 | DeviceStatePeiEntry ( 68 | IN EFI_PEI_FILE_HANDLE FileHandle, 69 | IN CONST EFI_PEI_SERVICES **PeiServices 70 | ) 71 | { 72 | DEVICE_STATE State; 73 | 74 | State = 0; 75 | 76 | if (!IsSecureBootOn ()) { 77 | State |= DEVICE_STATE_SECUREBOOT_OFF; 78 | } 79 | 80 | AddDeviceState (State); 81 | 82 | return EFI_SUCCESS; 83 | } 84 | -------------------------------------------------------------------------------- /OemPkg/DeviceStatePei/DeviceStatePei.inf: -------------------------------------------------------------------------------- 1 | ## @file DeviceStatePei.inf 2 | # 3 | # This module checks a device state platform conditions and sets the state 4 | # accordingly. 5 | # 6 | # This driver currently implements the following bits in a standard method: 7 | # DEVICE_STATE_SECUREBOOT_OFF 8 | # 9 | # Copyright (C) Microsoft Corporation. 10 | # 11 | # 12 | # SPDX-License-Identifier: BSD-2-Clause-Patent 13 | ## 14 | 15 | [Defines] 16 | INF_VERSION = 0x00010017 17 | BASE_NAME = DeviceStatePei 18 | FILE_GUID = 974931ef-cf18-4b45-bcbf-4b62d5c9a061 19 | MODULE_TYPE = PEIM 20 | VERSION_STRING = 1.0 21 | ENTRY_POINT = DeviceStatePeiEntry 22 | 23 | [Sources] 24 | DeviceStatePei.c 25 | 26 | [Packages] 27 | MdePkg/MdePkg.dec 28 | MdeModulePkg/MdeModulePkg.dec 29 | 30 | [LibraryClasses] 31 | PeimEntryPoint 32 | PeiServicesLib 33 | DebugLib 34 | DeviceStateLib 35 | 36 | [Ppis] 37 | gEfiPeiReadOnlyVariable2PpiGuid 38 | 39 | [Guids] 40 | gEfiGlobalVariableGuid 41 | 42 | [Pcd] 43 | 44 | [Depex] 45 | gEfiPeiReadOnlyVariable2PpiGuid # Needed to query variable storage 46 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/FrontPage.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | FrontPage routines to handle the callbacks and browser calls 3 | 4 | Copyright (c) 2004 - 2012, Intel Corporation. All rights reserved.<BR> 5 | Copyright (c), Microsoft Corporation. All rights reserved.<BR> 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef _FRONT_PAGE_H_ 11 | #define _FRONT_PAGE_H_ 12 | 13 | #include <Protocol/FormBrowser2.h> 14 | #include <Protocol/HiiConfigAccess.h> 15 | #include "FrontPageVfr.h" // all shared VFR / C constants here. 16 | #include <DfciSystemSettingTypes.h> 17 | #include <Protocol/DfciSettingAccess.h> 18 | #include <Library/HiiLib.h> 19 | #include <Protocol/MsFrontPageAuthTokenProtocol.h> 20 | #include <Protocol/DfciAuthentication.h> 21 | #include <Library/UefiBootServicesTableLib.h> 22 | #include <Protocol/HiiConfigRouting.h> 23 | 24 | // 25 | // These are the VFR compiler generated data representing our VFR data. 26 | // 27 | extern UINT8 FrontPageVfrBin[]; 28 | 29 | extern UINTN mCallbackKey; 30 | 31 | #define FRONT_PAGE_CALLBACK_DATA_SIGNATURE SIGNATURE_32 ('F', 'P', 'C', 'B') 32 | 33 | typedef struct { 34 | UINTN Signature; 35 | 36 | // 37 | // HII relative handles 38 | // 39 | EFI_HII_HANDLE HiiHandle; 40 | EFI_HANDLE DriverHandle; 41 | EFI_STRING_ID *LanguageToken; 42 | 43 | // 44 | // Produced protocols 45 | // 46 | EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; 47 | } FRONT_PAGE_CALLBACK_DATA; 48 | 49 | extern FRONT_PAGE_CALLBACK_DATA mFrontPagePrivate; 50 | extern EFI_GUID gMuFrontPageConfigFormSetGuid; 51 | 52 | /** 53 | Initialize HII information for the FrontPage 54 | 55 | 56 | @param InitializeHiiData TRUE if HII elements need to be initialized. 57 | 58 | @retval EFI_SUCCESS The operation is successful. 59 | @retval EFI_DEVICE_ERROR If the dynamic opcode creation failed. 60 | 61 | **/ 62 | EFI_STATUS 63 | InitializeFrontPage ( 64 | BOOLEAN InitializeHiiData 65 | ); 66 | 67 | /** 68 | Acquire an Auth Token and save it in a protocol 69 | **/ 70 | EFI_STATUS 71 | GetAuthToken ( 72 | CHAR16 *PasswordBuffer 73 | ); 74 | 75 | #endif // _FRONT_PAGE_H_ 76 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/FrontPage.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Application that presents & manages the Front Page. 3 | # 4 | # Copyright (c) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | [Defines] 9 | INF_VERSION = 0x00010005 10 | BASE_NAME = FrontPage 11 | FILE_GUID = 4042708A-0F2D-4823-AC60-0D77B3111889 12 | MODULE_TYPE = UEFI_APPLICATION 13 | VERSION_STRING = 1.0 14 | ENTRY_POINT = UefiMain 15 | 16 | # 17 | # The following information is for reference only and not required by the build tools. 18 | # 19 | # VALID_ARCHITECTURES = IA32 X64 IPF EBC AARCH64 20 | # 21 | 22 | [Sources] 23 | FrontPage.c 24 | FrontPageConfigAccess.c 25 | FrontPageUi.c 26 | FrontPageStrings.uni 27 | FrontPageVfr.Vfr 28 | String.c 29 | 30 | [Packages] 31 | MdePkg/MdePkg.dec 32 | MdeModulePkg/MdeModulePkg.dec 33 | MsGraphicsPkg/MsGraphicsPkg.dec 34 | MsCorePkg/MsCorePkg.dec 35 | PcBdsPkg/PcBdsPkg.dec 36 | OemPkg/OemPkg.dec 37 | DfciPkg/DfciPkg.dec 38 | MsWheaPkg/MsWheaPkg.dec 39 | SecurityPkg/SecurityPkg.dec 40 | 41 | [LibraryClasses] 42 | BaseLib 43 | DebugLib 44 | PrintLib 45 | HiiLib 46 | UefiApplicationEntryPoint 47 | PcdLib 48 | UefiBootManagerLib 49 | PasswordPolicyLib 50 | UIToolKitLib 51 | DxeServicesLib 52 | BmpSupportLib 53 | MsUiThemeLib 54 | ResetUtilityLib 55 | BootGraphicsLib 56 | BootGraphicsProviderLib 57 | MsColorTableLib 58 | MsNVBootReasonLib 59 | GraphicsConsoleHelperLib 60 | SwmDialogsLib 61 | SecureBootVariableLib 62 | MuSecureBootKeySelectorLib 63 | SecureBootKeyStoreLib 64 | SafeIntLib 65 | 66 | [Guids] 67 | gEfiGlobalVariableGuid ## SOMETIMES_PRODUCES ## Variable:L"BootNext" (The number of next boot option) 68 | gEfiImageSecurityDatabaseGuid ## CONSUMES 69 | gEfiIfrTianoGuid ## CONSUMES ## GUID (Extended IFR Guid Opcode) 70 | gEfiCertPkcs7Guid ## CONSUMES 71 | gMsEventMasterFrameNotifyGroupGuid ## CONSUMES 72 | gFrontPageResetGuid ## CONSUMES ## Used to signal a specific reset type, in case anyone wants to handle it. 73 | gDfciMenuFormsetGuid ## CONSUMES 74 | gHwhMenuFormsetGuid ## CONSUMES 75 | gMuVarPolicyDxePhaseGuid ## CONSUMES 76 | 77 | [Protocols] 78 | gEfiSmbiosProtocolGuid ## PROTOCOL CONSUMES 79 | gEfiGraphicsOutputProtocolGuid ## PROTOCOL SOMETIMES_CONSUMES 80 | gEfiHiiConfigAccessProtocolGuid ## PROTOCOL CONSUMES 81 | gEfiFormBrowser2ProtocolGuid ## PROTOCOL CONSUMES 82 | gEfiDevicePathProtocolGuid ## PROTOCOL CONSUMES 83 | gEfiFirmwareVolume2ProtocolGuid ## PROTOCOL CONSUMES 84 | gMsOSKProtocolGuid ## PROTOCOL CONSUMES 85 | gMsSWMProtocolGuid ## PROTOCOL CONSUMES 86 | gEfiHiiConfigRoutingProtocolGuid ## PROTOCOL CONSUMES 87 | gEfiSmmVariableProtocolGuid ## PROTOCOL CONSUMES 88 | gEfiSmmCommunicationProtocolGuid ## PROTOCOL CONSUMES 89 | gEfiSmbiosProtocolGuid ## PROTOCOL CONSUMES 90 | gDfciSettingAccessProtocolGuid ## PROTOCOL CONSUMES 91 | gMsFrontPageAuthTokenProtocolGuid ## PROTOCOL CONSUMES 92 | gDfciAuthenticationProtocolGuid ## PROTOCOL CONSUMES 93 | gEdkiiFormBrowserEx2ProtocolGuid ## PROTOCOL CONSUMES 94 | gEfiFirmwareManagementProtocolGuid ## PROTOCOL CONSUMES 95 | gEdkiiVariablePolicyProtocolGuid ## PROTOCOL CONSUMES 96 | 97 | [FeaturePcd] 98 | #gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangDeprecate 99 | 100 | [Pcd] 101 | #gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLangCodes 102 | #gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultLang 103 | #gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultPlatformLangCodes 104 | #gEfiMdePkgTokenSpaceGuid.PcdUefiVariableDefaultPlatformLang 105 | #gEfiMdeModulePkgTokenSpaceGuid.PcdConOutRow 106 | #gEfiMdeModulePkgTokenSpaceGuid.PcdConOutColumn 107 | #gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution 108 | #gEfiMdeModulePkgTokenSpaceGuid.PcdVideoVerticalResolution 109 | gOemPkgTokenSpaceGuid.PcdVolumeUpIndicatorFile 110 | gOemPkgTokenSpaceGuid.PcdFirmwareSettingsIndicatorFile 111 | gOemPkgTokenSpaceGuid.PcdFrontPageLogoFile 112 | gOemPkgTokenSpaceGuid.PcdBootFailIndicatorFile 113 | gOemPkgTokenSpaceGuid.PcdMaxPasswordAttempts 114 | gMsGraphicsPkgTokenSpaceGuid.PcdCurrentPointerState 115 | gDfciPkgTokenSpaceGuid.PcdSetupUiReducedFunction 116 | gDfciPkgTokenSpaceGuid.PcdDfciEnabled 117 | 118 | [Depex] 119 | TRUE 120 | 121 | [BuildOptions] 122 | # Needed because multiple floating-point components define _fltused. 123 | # 124 | *_VS2013x86_*_DLINK_FLAGS = /FORCE:MULTIPLE 125 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/FrontPageConfigAccess.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | HiiConfigAccess definitions for FrontPage. 3 | 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | **/ 8 | 9 | #ifndef _FRONT_PAGE_CONFIG_ACCESS_H_ 10 | #define _FRONT_PAGE_CONFIG_ACCESS_H_ 11 | 12 | #include <Library/UefiHiiServicesLib.h> 13 | #include <Protocol/HiiConfigAccess.h> 14 | 15 | /** 16 | This function allows a caller to extract the current configuration for one 17 | or more named elements from the target driver. 18 | 19 | 20 | @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. 21 | @param Request A null-terminated Unicode string in <ConfigRequest> format. 22 | @param Progress On return, points to a character in the Request string. 23 | Points to the string's null terminator if request was successful. 24 | Points to the most recent '&' before the first failing name/value 25 | pair (or the beginning of the string if the failure is in the 26 | first name/value pair) if the request was not successful. 27 | @param Results A null-terminated Unicode string in <ConfigAltResp> format which 28 | has all values filled in for the names in the Request string. 29 | String to be allocated by the called function. 30 | 31 | @retval EFI_SUCCESS The Results is filled with the requested values. 32 | @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. 33 | @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. 34 | @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. 35 | 36 | **/ 37 | EFI_STATUS 38 | EFIAPI 39 | ExtractConfig ( 40 | IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, 41 | IN CONST EFI_STRING Request, 42 | OUT EFI_STRING *Progress, 43 | OUT EFI_STRING *Results 44 | ); 45 | 46 | /** 47 | This function processes the results of changes in configuration. 48 | 49 | 50 | @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. 51 | @param Configuration A null-terminated Unicode string in <ConfigResp> format. 52 | @param Progress A pointer to a string filled in with the offset of the most 53 | recent '&' before the first failing name/value pair (or the 54 | beginning of the string if the failure is in the first 55 | name/value pair) or the terminating NULL if all was successful. 56 | 57 | @retval EFI_SUCCESS The Results is processed successfully. 58 | @retval EFI_INVALID_PARAMETER Configuration is NULL. 59 | @retval EFI_NOT_FOUND Routing data doesn't match any storage in this driver. 60 | 61 | **/ 62 | EFI_STATUS 63 | EFIAPI 64 | RouteConfig ( 65 | IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, 66 | IN CONST EFI_STRING Configuration, 67 | OUT EFI_STRING *Progress 68 | ); 69 | 70 | #endif // _FRONT_PAGE_CONFIG_ACCESS_H_ 71 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/FrontPageUi.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | User interaction functions for the FrontPage. 3 | 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | **/ 8 | 9 | #ifndef _FRONT_PAGE_UI_H_ 10 | #define _FRONT_PAGE_UI_H_ 11 | 12 | /** 13 | This function processes the results of changes in configuration. 14 | 15 | 16 | @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. 17 | @param Action Specifies the type of action taken by the browser. 18 | @param QuestionId A unique value which is sent to the original exporting driver 19 | so that it can identify the type of data to expect. 20 | @param Type The type of value for the question. 21 | @param Value A pointer to the data being sent to the original exporting driver. 22 | @param ActionRequest On return, points to the action requested by the callback function. 23 | 24 | @retval EFI_SUCCESS The callback successfully handled the action. 25 | @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. 26 | @retval EFI_DEVICE_ERROR The variable could not be saved. 27 | @retval EFI_UNSUPPORTED The specified Action is not supported by the callback. 28 | 29 | **/ 30 | EFI_STATUS 31 | EFIAPI 32 | UiCallback ( 33 | IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, 34 | IN EFI_BROWSER_ACTION Action, 35 | IN EFI_QUESTION_ID QuestionId, 36 | UINT8 Type, 37 | IN EFI_IFR_TYPE_VALUE *Value, 38 | OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest 39 | ); 40 | 41 | /** 42 | Determines the current SecureBoot state and updates the status strings accordingly. 43 | 44 | @param[in] RefreshScreen BOOLEAN indicating whether to force a screen refresh after updating the strings. 45 | 46 | **/ 47 | VOID 48 | UpdateSecureBootStatusStrings ( 49 | BOOLEAN RefreshScreen 50 | ); 51 | 52 | /** 53 | Present user with password prompt and attempt to validate password. 54 | 55 | NOTE: If user enters password incorrectly too many times, return FALSE. 56 | 57 | @param MaxAttempts The number of invalid password attempts before the 58 | system will halt with an appropriate message. 59 | If 0, user receives unlimited opportunites. 60 | 61 | @retval TRUE User entered the password correctly. 62 | @retval FALSE User cancelled password attempt or failed to authenticate. 63 | 64 | **/ 65 | BOOLEAN 66 | ChallengeUserPassword ( 67 | UINT8 MaxAttempts 68 | ); 69 | 70 | #endif // _FRONT_PAGE_UI_H_ 71 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/FrontPageVfr.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Front Page vfr and c file common definitions 3 | 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | **/ 8 | 9 | // 10 | // THIS FILE MUST ONLY CONTAIN DEFINTIONS THAT CAN BE INTERPRETED 11 | // BY BOTH THE VFR AND C COMPILERS. 12 | // 13 | 14 | #ifndef FRONT_PAGE_VFR_H 15 | #define FRONT_PAGE_VFR_H 16 | 17 | #define FRONT_PAGE_CLASS 0x0000 18 | #define FRONT_PAGE_SUBCLASS 0x0002 19 | 20 | // 21 | // This is the VFR compiler generated header file which defines the 22 | // string identifiers. 23 | // 24 | #define PRINTABLE_LANGUAGE_NAME_STRING_ID 0x0001 25 | 26 | // Front Page exposes the following forms 27 | // 28 | // NOTE: Form ID order and values must align with VFR code. 29 | // 30 | #define FRONT_PAGE_FORM_ID_NONE 0x0000 31 | #define FRONT_PAGE_FORM_ID_SECURITY 0x0001 32 | #define FRONT_PAGE_FORM_ID_PCINFO 0x0002 33 | #define FRONT_PAGE_FORM_ID_BOOTMENU 0x0003 34 | #define FRONT_PAGE_FORM_ID_EXIT 0x0004 35 | 36 | // Front Page triggers the following actions 37 | // 38 | // NOTE: Form ID order and values must align with VFR code. 39 | // 40 | #define FRONT_PAGE_ACTION_DEFAULTS 0x1000 41 | #define FRONT_PAGE_ACTION_SEC_CHANGE_SB_CONFIG 0x1003 42 | #define FRONT_PAGE_ACTION_SEC_DISPLAY_SB_WHAT_IS 0x1004 43 | #define FRONT_PAGE_ACTION_SEC_SET_SYSTEM_PASSWORD 0x1006 44 | #define FRONT_PAGE_ACTION_REBOOT_TO_FRONTPAGE 0x1007 45 | #define FRONT_PAGE_ACTION_EXIT_FRONTPAGE 0x1001 46 | 47 | #define LABEL_PCINFO_FW_VERSION_TAG_START 0x2000 48 | #define LABEL_PCINFO_FW_VERSION_TAG_END 0x2001 49 | 50 | #define LABEL_UPDATE_SECURITY_START 0x2002 51 | #define LABEL_UPDATE_SECURITY_END 0x2003 52 | // Grid class Start delimeter (GUID opcode). 53 | // 54 | #define GRID_START_OPCODE_GUID \ 55 | { \ 56 | 0xc0b6e247, 0xe140, 0x4b4d, { 0xa6, 0x4, 0xc3, 0xae, 0x1f, 0xa6, 0xcc, 0x12 } \ 57 | } 58 | 59 | // Grid class End delimeter (GUID opcode). 60 | // 61 | #define GRID_END_OPCODE_GUID \ 62 | { \ 63 | 0x30879de9, 0x7e69, 0x4f1b, { 0xb5, 0xa5, 0xda, 0x15, 0xbf, 0x6, 0x25, 0xce } \ 64 | } 65 | 66 | // Front Page Formset Guid 67 | // {7F98EFE9-50AA-4598-B7C1-CB72E1CC5224} 68 | #define FRONT_PAGE_CONFIG_FORMSET_GUID \ 69 | { \ 70 | 0x7f98efe9, 0x50aa, 0x4598, { 0xb7, 0xc1, 0xcb, 0x72, 0xe1, 0xcc, 0x52, 0x24 } \ 71 | } 72 | 73 | typedef struct _FRONT_PAGE_UI_CONTROLS { 74 | // Used to indicate that a restart is required prior to altering any 75 | // security-sensitive controls. 76 | BOOLEAN PostSecurityLocks; 77 | } FRONT_PAGE_UI_CONTROLS; 78 | 79 | #define FRONT_PAGE_UI_CONTROLS_VARID 0x0072 // Presentation-layer controls. 80 | #define FRONT_PAGE_SECURITY_VARID 0x0074 81 | 82 | #endif // FRONT_PAGE_VFR_H 83 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/BootLogo.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/BootLogo.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/FirmwareSettings.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/FirmwareSettings.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/FrontpageLogo.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/FrontpageLogo.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/FrontpageLogo@2x.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/FrontpageLogo@2x.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/LBAT.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/LBAT.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/NoBoot.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/NoBoot.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/THOT.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/THOT.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/Resources/VolumeUp.bmp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/microsoft/mu_oem_sample/b8bf04ccaca3c387f0a6c29e525d492962e20afb/OemPkg/FrontPage/Resources/VolumeUp.bmp -------------------------------------------------------------------------------- /OemPkg/FrontPage/String.c: -------------------------------------------------------------------------------- 1 | /** @file String.c 2 | 3 | Copyright (c) 2004 - 2010, Intel Corporation. All rights reserved.<BR> 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | String support 8 | 9 | **/ 10 | 11 | #include "FrontPage.h" 12 | 13 | #include <Library/DebugLib.h> 14 | #include <Library/UefiBootServicesTableLib.h> 15 | #include <Library/HiiLib.h> 16 | 17 | EFI_HII_HANDLE gStringPackHandle; 18 | 19 | EFI_GUID mFrontPageStringPackGuid = { 20 | // {9CA9EC7A-BC96-45E4-A500-1D4B79141553} 21 | 0x9ca9ec7a, 0xbc96, 0x45e4, { 0xa5, 0x0, 0x1d, 0x4b, 0x79, 0x14, 0x15, 0x53 } 22 | }; 23 | 24 | /** 25 | Initialize HII global accessor for string support. 26 | 27 | **/ 28 | VOID 29 | InitializeStringSupport ( 30 | VOID 31 | ) 32 | { 33 | gStringPackHandle = HiiAddPackages ( 34 | &mFrontPageStringPackGuid, 35 | gImageHandle, 36 | FrontPageStrings, 37 | NULL 38 | ); 39 | } 40 | 41 | /** 42 | Get string by string id from HII Interface 43 | 44 | 45 | @param Id String ID. 46 | 47 | @retval CHAR16 * String from ID. 48 | @retval NULL If error occurs. 49 | 50 | **/ 51 | CHAR16 * 52 | GetStringById ( 53 | IN EFI_STRING_ID Id 54 | ) 55 | { 56 | return HiiGetString (gStringPackHandle, Id, NULL); 57 | } 58 | -------------------------------------------------------------------------------- /OemPkg/FrontPage/String.h: -------------------------------------------------------------------------------- 1 | /** @file String.h 2 | 3 | Copyright (c) 2004 - 2009, Intel Corporation. All rights reserved. 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | String support 8 | 9 | **/ 10 | 11 | #ifndef _STRING_H_ 12 | #define _STRING_H_ 13 | 14 | extern EFI_HII_HANDLE gStringPackHandle; 15 | 16 | // 17 | // This is the VFR compiler generated header file which defines the 18 | // string identifiers. 19 | // 20 | 21 | extern UINT8 FrontPageStrings[]; 22 | 23 | /** 24 | Get string by string id from HII Interface 25 | 26 | 27 | @param Id String ID. 28 | 29 | @retval CHAR16 * String from ID. 30 | @retval NULL If error occurs. 31 | 32 | **/ 33 | CHAR16 * 34 | GetStringById ( 35 | IN EFI_STRING_ID Id 36 | ); 37 | 38 | /** 39 | Initialize HII global accessor for string support. 40 | 41 | **/ 42 | VOID 43 | InitializeStringSupport ( 44 | VOID 45 | ); 46 | 47 | /** 48 | Call the browser and display the front page 49 | 50 | @return Status code that will be returned by 51 | EFI_FORM_BROWSER2_PROTOCOL.SendForm (). 52 | 53 | **/ 54 | EFI_STATUS 55 | CallFrontPage ( 56 | IN UINT32 FormIndex 57 | ); 58 | 59 | #endif // _STRING_H_ 60 | -------------------------------------------------------------------------------- /OemPkg/FrontpageButtonsVolumeUp/FrontpageButtonsVolumeUp.c: -------------------------------------------------------------------------------- 1 | /** @file FrontpageButtonsVolumeUp.c 2 | 3 | This module installs the MsButtonServicesProtocol and reports that Vol+ and power are being pressed. 4 | This will cause FrontPage to be selected on each boot. 5 | Not to be used in production. 6 | 7 | Copyright (C) Microsoft Corporation. All rights reserved. 8 | SPDX-License-Identifier: BSD-2-Clause-Patent 9 | 10 | **/ 11 | 12 | #include <Library/DebugLib.h> 13 | #include <Library/MemoryAllocationLib.h> 14 | #include <Library/UefiBootServicesTableLib.h> 15 | 16 | #include <Protocol/ButtonServices.h> 17 | 18 | /* 19 | Say volume button is pressed because we wan to go to frontpage. 20 | */ 21 | EFI_STATUS 22 | EFIAPI 23 | PreBootVolumeUpButtonThenPowerButtonCheck ( 24 | IN MS_BUTTON_SERVICES_PROTOCOL *This, 25 | OUT BOOLEAN *PreBootVolumeUpButtonThenPowerButton // TRUE if button combo set else FALSE 26 | ) 27 | { 28 | DEBUG ((DEBUG_ERROR, "%a \n", __FUNCTION__)); 29 | *PreBootVolumeUpButtonThenPowerButton = TRUE; 30 | return EFI_SUCCESS; 31 | } 32 | 33 | /* 34 | Say no because we don't want alt boot. 35 | */ 36 | EFI_STATUS 37 | EFIAPI 38 | PreBootVolumeDownButtonThenPowerButtonCheck ( 39 | IN MS_BUTTON_SERVICES_PROTOCOL *This, 40 | OUT BOOLEAN *PreBootVolumeDownButtonThenPowerButton // TRUE if button combo set else FALSE 41 | ) 42 | { 43 | DEBUG ((DEBUG_ERROR, "%a \n", __FUNCTION__)); 44 | *PreBootVolumeDownButtonThenPowerButton = FALSE; // default to not pressed 45 | return EFI_SUCCESS; 46 | } 47 | 48 | EFI_STATUS 49 | EFIAPI 50 | PreBootClearVolumeButtonState ( 51 | MS_BUTTON_SERVICES_PROTOCOL *This 52 | ) 53 | { 54 | DEBUG ((DEBUG_ERROR, "%a \n", __FUNCTION__)); 55 | return EFI_SUCCESS; 56 | } 57 | 58 | /** 59 | Init routine to install protocol and init anything related to buttons 60 | 61 | **/ 62 | EFI_STATUS 63 | EFIAPI 64 | ButtonsInit ( 65 | IN EFI_HANDLE ImageHandle, 66 | IN EFI_SYSTEM_TABLE *SystemTable 67 | ) 68 | { 69 | MS_BUTTON_SERVICES_PROTOCOL *Protocol = NULL; 70 | EFI_STATUS Status = EFI_SUCCESS; 71 | 72 | DEBUG ((DEBUG_ERROR, "%a \n", __FUNCTION__)); 73 | 74 | Protocol = AllocateZeroPool (sizeof (MS_BUTTON_SERVICES_PROTOCOL)); 75 | if (Protocol == NULL) { 76 | DEBUG ((DEBUG_ERROR, "Failed to allocate memory for button service protocol.\n")); 77 | return EFI_OUT_OF_RESOURCES; 78 | } 79 | 80 | Protocol->PreBootVolumeDownButtonThenPowerButtonCheck = PreBootVolumeDownButtonThenPowerButtonCheck; 81 | Protocol->PreBootVolumeUpButtonThenPowerButtonCheck = PreBootVolumeUpButtonThenPowerButtonCheck; 82 | Protocol->PreBootClearVolumeButtonState = PreBootClearVolumeButtonState; 83 | 84 | // Install the protocol 85 | Status = gBS->InstallMultipleProtocolInterfaces ( 86 | &ImageHandle, 87 | &gMsButtonServicesProtocolGuid, 88 | Protocol, 89 | NULL 90 | ); 91 | 92 | if (EFI_ERROR (Status)) { 93 | DEBUG ((DEBUG_ERROR, "Button Services Protocol Publisher: install protocol error, Status = %r.\n", Status)); 94 | FreePool (Protocol); 95 | return Status; 96 | } 97 | 98 | DEBUG ((DEBUG_INFO, "Button Services Protocol Installed!\n")); 99 | return Status; 100 | } 101 | -------------------------------------------------------------------------------- /OemPkg/FrontpageButtonsVolumeUp/FrontpageButtonsVolumeUp.inf: -------------------------------------------------------------------------------- 1 | ## @file FrontpageButtonsVolumeUp.inf 2 | # 3 | # This module installs the MsButtonServicesProtocol and reports that Vol+ and power are being pressed. 4 | # This will cause FrontPage to be selected on each boot. 5 | # Not to be used in production. 6 | # 7 | # Copyright (C) Microsoft Corporation. All rights reserved. 8 | # SPDX-License-Identifier: BSD-2-Clause-Patent 9 | ## 10 | 11 | [Defines] 12 | INF_VERSION = 0x00010005 13 | BASE_NAME = FrontpageButtonsVolumeUp 14 | FILE_GUID = 964EFA94-9929-4EF8-9E68-8F6F6FA62E62 15 | MODULE_TYPE = DXE_DRIVER 16 | VERSION_STRING = 1.0 17 | ENTRY_POINT = ButtonsInit 18 | 19 | # 20 | # The following information is for reference only and not required by the build tools. 21 | # 22 | # VALID_ARCHITECTURES = IA32 X64 IPF EBC AARCH64 23 | # 24 | 25 | [Sources] 26 | FrontpageButtonsVolumeUp.c 27 | 28 | [Packages] 29 | MdePkg/MdePkg.dec 30 | OemPkg/OemPkg.dec 31 | 32 | [LibraryClasses] 33 | UefiDriverEntryPoint 34 | DebugLib 35 | UefiBootServicesTableLib 36 | MemoryAllocationLib 37 | 38 | [Guids] 39 | 40 | [Protocols] 41 | gMsButtonServicesProtocolGuid #Produces 42 | 43 | [Pcd] 44 | 45 | [Depex] 46 | TRUE 47 | -------------------------------------------------------------------------------- /OemPkg/HelloUefi/HelloUefi.c: -------------------------------------------------------------------------------- 1 | /** @file 2 | This sample application that is the simplest UEFI application possible. 3 | It simply prints "Hello Uefi!" to the UEFI Console Out device and stalls the CPU for 30 seconds. 4 | 5 | Copyright (C) Microsoft Corporation 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | **/ 8 | 9 | #include <Uefi.h> 10 | #include <Library/UefiApplicationEntryPoint.h> 11 | 12 | // 30 seconds in microseconds 13 | #define STALL_30_SECONDS 30000000 14 | 15 | /** 16 | The user Entry Point for Application. The user code starts with this function 17 | as the real entry point for the application. 18 | 19 | @param[in] ImageHandle The firmware allocated handle for the EFI image. 20 | @param[in] SystemTable A pointer to the EFI System Table. 21 | 22 | @retval EFI_SUCCESS The entry point is executed successfully. 23 | @retval EFI_INVALID_PARAMETER SystemTable provided was not valid. 24 | @retval other Some error occurs when executing this entry point. 25 | 26 | **/ 27 | EFI_STATUS 28 | EFIAPI 29 | UefiMain ( 30 | IN EFI_HANDLE ImageHandle, 31 | IN EFI_SYSTEM_TABLE *SystemTable 32 | ) 33 | { 34 | EFI_STATUS Status; 35 | 36 | if (SystemTable == NULL) { 37 | return EFI_INVALID_PARAMETER; 38 | } 39 | 40 | if ((SystemTable->ConOut == NULL) || (SystemTable->ConOut->OutputString == NULL) || (SystemTable->ConOut->ClearScreen == NULL)) { 41 | return EFI_INVALID_PARAMETER; 42 | } 43 | 44 | if ((SystemTable->BootServices == NULL) || (SystemTable->BootServices->Stall == NULL)) { 45 | return EFI_INVALID_PARAMETER; 46 | } 47 | 48 | Status = SystemTable->ConOut->ClearScreen (SystemTable->ConOut); 49 | if (EFI_ERROR (Status)) { 50 | return Status; 51 | } 52 | 53 | Status = SystemTable->ConOut->OutputString (SystemTable->ConOut, L"\r\nHello Uefi!\r\n"); 54 | if (EFI_ERROR (Status)) { 55 | return Status; 56 | } 57 | 58 | SystemTable->BootServices->Stall (STALL_30_SECONDS); 59 | 60 | return EFI_SUCCESS; 61 | } 62 | -------------------------------------------------------------------------------- /OemPkg/HelloUefi/HelloUefi.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Sample UEFI Application Reference Module. 3 | # 4 | # This sample application that is the simplest UEFI application possible. 5 | # It simply prints "Hello Uefi!" to the UEFI Console Out device and stalls the CPU for 30 seconds. 6 | # 7 | # Copyright (C) Microsoft Corporation 8 | # SPDX-License-Identifier: BSD-2-Clause-Patent 9 | ## 10 | 11 | [Defines] 12 | INF_VERSION = 0x00010005 13 | BASE_NAME = HelloUefi 14 | MODULE_UNI_FILE = HelloUefi.uni 15 | FILE_GUID = 1C50FE8C-8607-4CB0-9050-48F6EE46BB82 16 | MODULE_TYPE = UEFI_APPLICATION 17 | VERSION_STRING = 1.0 18 | ENTRY_POINT = UefiMain 19 | 20 | # 21 | # The following information is for reference only and not required by the build tools. 22 | # 23 | # VALID_ARCHITECTURES = IA32 X64 ARM AARCH64 24 | # 25 | 26 | [Sources] 27 | HelloUefi.c 28 | HelloUefi.ver 29 | 30 | [LibraryClasses] 31 | UefiApplicationEntryPoint 32 | 33 | [Packages] 34 | MdePkg/MdePkg.dec 35 | MdeModulePkg/MdeModulePkg.dec 36 | 37 | [BuildOptions] 38 | RELEASE_GCC5_*_GENFW_FLAGS = -z 39 | -------------------------------------------------------------------------------- /OemPkg/HelloUefi/HelloUefi.ver: -------------------------------------------------------------------------------- 1 | { 2 | "FileVersion" : "1.0.0.0", 3 | "OriginalFilename" : "HelloUefi.efi", 4 | "CompanyName" : "Example Company Name" 5 | } 6 | -------------------------------------------------------------------------------- /OemPkg/HelloUefi/Readme.md: -------------------------------------------------------------------------------- 1 | # Simple Bootable Media Example 2 | 3 | Barebones example of how to boot to an EFI Application with no dependencies. 4 | 5 | ## Boot Directions 6 | 7 | 1. Format a usb drive as FAT32 8 | 2. At the root of this usb drive create the following folders: `EFI/Boot/` 9 | 3. Build and rename `HelloUefi.efi` as `boot<arch>.efi` and place at `EFI/BOOT/` 10 | 11 | * IA32 - `bootx86.efi` 12 | * AMD64 - `bootx64.efi` 13 | * AARCH64 - `bootaa64.efi` 14 | 15 | 4. On your platform, boot into UEFI Menu and change the boot order to boot USB first 16 | 5. Turn off your platform 17 | 6. Plug in usb drive 18 | 7. Reboot 19 | 8. If successful, you should now see `Hello Uefi!` in the top left corner 20 | -------------------------------------------------------------------------------- /OemPkg/Include/Guid/MsNVBootReason.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | Header file to support the Reboot Reason non volatile variables 3 | 4 | Copyright (C) Microsoft Corporation. All rights reserved. 5 | SPDX-License-Identifier: BSD-2-Clause-Patent 6 | 7 | **/ 8 | 9 | #ifndef _MS_NV_BOOT_REASON_H_ 10 | #define _MS_NV_BOOT_REASON_H_ 11 | 12 | // ========================================== 13 | // Data Structure GUID and Definitions 14 | // ========================================== 15 | 16 | // {9B09B8C1-3CC0-4F3B-A6CB-A0214B7F4C63} 17 | #define OEM_BOOT_NV_VAR_GUID \ 18 | { \ 19 | 0x9b09b8c1, 0x3cc0, 0x4f3b, { 0xa6, 0xcb, 0xa0, 0x21, 0x4b, 0x7f, 0x4c, 0x63 }\ 20 | } 21 | 22 | extern EFI_GUID gOemBootNVVarGuid; 23 | 24 | // ========================================== 25 | // Event GUIDs and Definitions 26 | // ========================================== 27 | 28 | // 29 | // Create definitions for the FrontPage variables. 30 | #define SFP_NV_SETTINGS_VAR_NAME L"FPConfigNVData" 31 | #define SFP_NV_ATTRIBUTES (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) 32 | #define SFP_SB_VIOLATION_SIGNAL_VAR_NAME L"SecureBootAlert" 33 | 34 | #define MSP_REBOOT_REASON_VAR_NAME L"RebootReason" 35 | #define MSP_REBOOT_REASON_LENGTH 8 36 | 37 | // Reboot Reasons used for setting the front page icon 38 | #define MSP_REBOOT_REASON_SETUP_KEY "VOL+ " // Display VOL+ Icon 39 | #define MSP_REBOOT_REASON_SETUP_BOOTFAIL "BOOTFAIL" // Display Disk Icon 40 | #define MSP_REBOOT_REASON_SETUP_SEC_FAIL "BSecFail" 41 | #define MSP_REBOOT_REASON_SETUP_OS "OS " 42 | #define MSP_REBOOT_REASON_SETUP_NONE " " // Not a fail 43 | 44 | #endif // _MS_NV_BOOT_REASON_H_ 45 | -------------------------------------------------------------------------------- /OemPkg/Include/Guid/OemConfigMetadataPolicy.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | This file defines GUIDs and data structures for the OEM Config Metadata Policy. 3 | 4 | Copyright (c) Microsoft Corporation. 5 | 6 | **/ 7 | 8 | #include <Uefi.h> 9 | 10 | #ifndef OEM_CONFIG_METADATA_POLICY_H_ 11 | #define OEM_CONFIG_METADATA_POLICY_H_ 12 | 13 | #define OEM_CONFIG_METADATA_POLICY_GUID \ 14 | { \ 15 | 0X44E9778F, 0X3DAF, 0X46BA, { 0XB1, 0X86, 0X78, 0X4D, 0X0B, 0X05, 0X50, 0X72 } \ 16 | } 17 | 18 | #define OEM_CONFIG_METADATA_POLICY_SIZE sizeof(OEM_CONFIG_METADATA_POLICY) 19 | 20 | #define GENERIC_PROFILE_FLAVOR_NAME "GN" 21 | 22 | #pragma pack(1) 23 | 24 | typedef struct { 25 | UINT32 ActiveProfileIndex; 26 | CHAR8 ActiveProfileFlavorName[PROFILE_FLAVOR_NAME_LENGTH]; 27 | } OEM_CONFIG_METADATA_POLICY; 28 | 29 | #pragma pack() 30 | 31 | extern EFI_GUID gOemConfigMetadataPolicyGuid; 32 | 33 | #endif // OEM_CONFIG_METADATA_POLICY_H_ 34 | -------------------------------------------------------------------------------- /OemPkg/Include/Guid/PasswordStoreVariable.h: -------------------------------------------------------------------------------- 1 | /** @file PasswordStoreVariable.h 2 | 3 | This file defines the GUID and variable names for a variable backed PasswordStore 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef __PASSWORD_STORE_VARIABLE_GUID_H__ 11 | #define __PASSWORD_STORE_VARIABLE_GUID_H__ 12 | 13 | #define PASSWORD_STORE_ADMIN_NAMESPACE_GUID gOemPkgPasswordStoreVarGuid 14 | #define PASSWORD_STORE_ADMIN_VARIABLE_NAME L"Passw0rd" 15 | #define PASSWORD_STORE_ADMIN_VARIABLE_ATTRS (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS) // Non-volatile, BS-only. 16 | 17 | extern EFI_GUID gOemPkgPasswordStoreVarGuid; 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /OemPkg/Include/Library/OemMfciDxeLib.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | 3 | Helper library to support the registration of MFCI policy change notification 4 | during DXE phase. 5 | 6 | Copyright (c) Microsoft Corporation 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | **/ 9 | 10 | #ifndef OEM_MFCI_DXE_LIB_H_ 11 | #define OEM_MFCI_DXE_LIB_H_ 12 | 13 | #include <MfciPolicyType.h> 14 | #include <Protocol/MfciProtocol.h> 15 | #include <Library/OemMfciLib.h> 16 | 17 | /** 18 | Library function to register a callback when the operation mode encounters 19 | a transition. 20 | 21 | The registered callbacks will be dispatched at gMsStartOfBdsNotifyGuid event 22 | prior to EndOfDxe. 23 | 24 | @param[in] Callback Pointer to the callback function being registered. 25 | 26 | @retval EFI_SUCCESS Callback was successfully registered. 27 | @retval EFI_ALREADY_STARTED We have passed EndOfDxe and this callback no longer 28 | makes sense. 29 | @retval Others Callback registration failed. 30 | 31 | **/ 32 | EFI_STATUS 33 | EFIAPI 34 | RegisterMfciOperationModeChangeNotifyCallback ( 35 | IN MFCI_POLICY_CHANGE_CALLBACK Callback 36 | ); 37 | 38 | #endif //OEM_MFCI_DXE_LIB_H_ 39 | -------------------------------------------------------------------------------- /OemPkg/Include/Library/OemMfciLib.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | 3 | Helper library to support the query of the in-effect MFCI policy and 4 | translate raw policy to OEM defined operation modes. 5 | 6 | Copyright (c) Microsoft Corporation 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | **/ 9 | 10 | #ifndef OEM_MFCI_LIB_H_ 11 | #define OEM_MFCI_LIB_H_ 12 | 13 | #define OEM_UEFI_CUSTOMER_MODE 0 14 | #define OEM_UEFI_MANUFACTURING_MODE 1 15 | 16 | typedef UINT64 OEM_UEFI_OPERATION_MODE; 17 | 18 | /** 19 | * Inspect whether the current operation mode is categorized as manufacturing mode. 20 | * 21 | * @param[out] OperationMode 64 bit value from MFCI framework, indicating the current operation mode 22 | * 23 | * @return OEM_UEFI_CUSTOMER_MODE Current mode is customer mode. 24 | * @return OEM_UEFI_MANUFACTURING_MODE Current operation mode is manufacturing mode. 25 | */ 26 | OEM_UEFI_OPERATION_MODE 27 | EFIAPI 28 | GetMfciSystemOperationMode ( 29 | VOID 30 | ); 31 | 32 | #endif //OEM_MFCI_LIB_H_ 33 | -------------------------------------------------------------------------------- /OemPkg/Include/Library/PasswordPolicyLib.h: -------------------------------------------------------------------------------- 1 | /** @file -- PasswordPolicyLib.h 2 | 3 | Interface to PasswordPolicyLib. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef _PASSWORD_POLICY_LIB_H_ 11 | #define _PASSWORD_POLICY_LIB_H_ 12 | 13 | // 14 | // Standard definitions for working with password buffers. 15 | // 16 | #define PW_MIN_LENGTH 6 17 | #define PW_MAX_LENGTH 128 18 | 19 | typedef UINT8 *PASSWORD_HASH; 20 | 21 | // 22 | // Definitions for the test failures for the password. 23 | // 24 | typedef UINT32 PW_TEST_BITMAP; 25 | #define PW_TEST_STRING_NULL (1 << 0) 26 | #define PW_TEST_STRING_TOO_SHORT (1 << 1) 27 | #define PW_TEST_STRING_TOO_LONG (1 << 2) 28 | #define PW_TEST_STRING_INVALID_CHAR (1 << 3) 29 | 30 | /** 31 | Copies a password to a buffer, but will only copy the maximum 32 | characters. Always places a NULL terminator at the end of the 33 | output string. 34 | 35 | NOTE: Buffer MUST be at least PW_MAX_LENGTH + 1 in length. 36 | 37 | @param[out] Buffer Pointer to an output buffer for the final password. 38 | MUST be at least PW_MAX_LENGTH + 1 of CHAR16 in size. 39 | @param[in] BufferLength Length of the output buffer (in CHAR16s). 40 | @param[in] Password Pointer to the password to be copied. 41 | 42 | @retval EFI_SUCCESS String copied. 43 | @retval EFI_BUFFER_TOO_SMALL Buffer cannot hold a max-length password. 44 | 45 | **/ 46 | EFI_STATUS 47 | EFIAPI 48 | PasswordPolicySafeCopyPassword ( 49 | OUT CHAR16 *Buffer, 50 | IN UINTN BufferLength, 51 | IN CONST CHAR16 *Password 52 | ); 53 | 54 | /** 55 | Takes in a buffer and destroys the data within it. 56 | 57 | @param[in] Data Pointer to the buffer in question. 58 | @param[in] Size Size of Data. 59 | 60 | **/ 61 | VOID 62 | EFIAPI 63 | PasswordPolicyCleansePwBuffer ( 64 | IN CHAR16 *Data, 65 | IN UINTN Size 66 | ); 67 | 68 | /** 69 | Public interface for validating password strings. 70 | 71 | Will evaluate all current password strength/validity requirements and 72 | return a BOOLEAN for whether the password is valid. Also uses an optional 73 | pointer to return a bitmap of which tests failed. 74 | 75 | NOTE: Returns FALSE on NULL strings. 76 | 77 | @param[in] String CHAR16 pointer to the string that's being evaluated. 78 | @param[out] Failures [Optional] Pointer to a UINT32 that will have bits (defined 79 | in MsPasswordLib.h) set according to which tests may have failed. 80 | If NULL, will not return a test bitmap and will fail ASAP. 81 | 82 | @retval TRUE Password is valid. "Failures" should be 0. 83 | @retval FALSE Password is invalid. "Failures" will have bits set for which tests failed. 84 | 85 | **/ 86 | BOOLEAN 87 | EFIAPI 88 | PasswordPolicyIsPwStringValid ( 89 | IN CONST CHAR16 *String, 90 | OUT PW_TEST_BITMAP *Failures OPTIONAL 91 | ); 92 | 93 | /** 94 | Public interface for validating a password hash. 95 | 96 | Will run internal checks on the password before setting it. Returns an 97 | error if the password cannot be set. 98 | 99 | If CurPassword is NULL and a password is currently set, will pass only if Authentication 100 | has previously been cached. 101 | 102 | @param[in] PasswordHash Pointer to the buffer containing the hash 103 | @param[in] PasswordHashSize Size of buffer containing the hash. 104 | 105 | @retval EFI_SUCCESS Requested operation has been successfully performed. 106 | @retval EFI_INVALID_PARAMETER There is something wrong with the formatting of 107 | the NewPassword. 108 | @retval <other> Something else went wrong with the internal logic. 109 | 110 | **/ 111 | EFI_STATUS 112 | EFIAPI 113 | PasswordPolicyValidatePasswordHash ( 114 | IN CONST PASSWORD_HASH PasswordHash, 115 | IN UINTN PasswordHashSize 116 | ); 117 | 118 | /** 119 | Public interface for generating a password hash. 120 | 121 | Will run internal checks on the password before setting it. Returns an 122 | error if the password cannot be set. 123 | 124 | @param[in] OldSalt Pass in old PASSWORD_HASH to use the existing salt 125 | @param[in] Password Pointer to a buffer containing the clear text password. 126 | If Password == NULL, generate a no-password "hash" 127 | @param[out] PasswordHash Pointer to a pointer that will contain the address of the password hash 128 | OldSalt == NULL : Version, Salt, and Key fields stored. 129 | OldSalt != NULL : Key field updated using existing Version and Salt. 130 | @param[out] PasswordHashSize Pointer where to store the new has size 131 | 132 | 133 | @retval EFI_SUCCESS Requested operation has been successfully performed. 134 | @retval EFI_INVALID_PARAMETER There is something wrong with the formatting of 135 | the NewPassword. 136 | @retval <other> Something else went wrong with the internal logic. 137 | 138 | Caller is responsible for freeing the allocated PASSWORD_HASH 139 | 140 | **/ 141 | EFI_STATUS 142 | EFIAPI 143 | PasswordPolicyGeneratePasswordHash ( 144 | IN CONST PASSWORD_HASH OldSalt OPTIONAL, 145 | IN CONST CHAR16 *Password OPTIONAL, 146 | OUT PASSWORD_HASH *PasswordHash, 147 | OUT UINTN *PasswordHashSize 148 | ); 149 | 150 | #endif // _PASSWORD_POLICY_LIB_H_ 151 | -------------------------------------------------------------------------------- /OemPkg/Include/OemMfciDefines.h: -------------------------------------------------------------------------------- 1 | /* @file OemMfciDefines.h 2 | 3 | OEM's sample MFG mode definitions based on MFCI policy value. 4 | 5 | Copyright (c) Microsoft Corporation. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef OEM_MFCI_DEFINES_H_ 11 | #define OEM_MFCI_DEFINES_H_ 12 | 13 | #include <MfciPolicyType.h> 14 | 15 | #define OEM_MFCI_STATE_MFG_MODE BIT48 16 | 17 | #endif // OEM_MFCI_DEFINES_H_ 18 | -------------------------------------------------------------------------------- /OemPkg/Include/Protocol/ButtonServices.h: -------------------------------------------------------------------------------- 1 | /** Header file for Button Services 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | 6 | **/ 7 | 8 | #ifndef __MS_BUTTON_SERVICES_PROTOCOL_H__ 9 | #define __MS_BUTTON_SERVICES_PROTOCOL_H__ 10 | 11 | typedef struct _MS_BUTTON_SERVICES_PROTOCOL MS_BUTTON_SERVICES_PROTOCOL; 12 | 13 | /** 14 | Checks for the PreBoot key sequence of volume down button pressed then power button pressed 15 | 16 | @param This A pointer to the MS_BUTTON_SERVICES_PROTOCOL 17 | instance. 18 | 19 | @param PreBootVolumeDownButtonThenPowerButton TRUE if the button combo set else FALSE 20 | 21 | @retval EFI_SUCCESS The PreBoot key sequence could be checked and 22 | PreBootVolumeDownButtonThenPowerButton is valid. 23 | 24 | @retval EFI_INVALID_PARAMETER This error or any other error indicates something went wrong and 25 | the value PreBootVolumeDownButtonThenPowerButton is invalid. 26 | 27 | **/ 28 | typedef 29 | EFI_STATUS 30 | (EFIAPI *PRE_BOOT_VOLUME_DOWN_BUTTON_THEN_POWER_BUTTON_CHECK)( 31 | IN MS_BUTTON_SERVICES_PROTOCOL *This, 32 | OUT BOOLEAN *PreBootVolumeDownButtonThenPowerButton 33 | ); 34 | 35 | /** 36 | Checks for the PreBoot key sequence of volume up button pressed then power button pressed 37 | 38 | @param This A pointer to the MS_BUTTON_SERVICES_PROTOCOL 39 | instance. 40 | 41 | @param PreBootVolumeUpButtonThenPowerButton TRUE if the button combo set else FALSE 42 | 43 | @retval EFI_SUCCESS The PreBoot key sequence could be checked and 44 | PreBootVolumeUpButtonThenPowerButton is valid. 45 | 46 | @retval EFI_INVALID_PARAMETER This error or any other error indicates something went wrong 47 | and the value PreBootVolumeUpButtonThenPowerButton is invalid. 48 | 49 | **/ 50 | typedef 51 | EFI_STATUS 52 | (EFIAPI *PRE_BOOT_VOLUME_UP_BUTTON_THEN_POWER_BUTTON_CHECK)( 53 | IN MS_BUTTON_SERVICES_PROTOCOL *This, 54 | OUT BOOLEAN *PreBootVolumeUpButtonThenPowerButton 55 | ); 56 | 57 | /** 58 | Clears the PreBoot key sequence 59 | 60 | @param This A pointer to the MS_BUTTON_SERVICES_PROTOCOL 61 | instance. 62 | 63 | @retval EFI_SUCCESS The PreBoot key sequence could be cleared 64 | 65 | @retval EFI_INVALID_PARAMETER This error or any other error indicates something went wrong and 66 | the button state may not be cleared 67 | 68 | **/ 69 | typedef 70 | EFI_STATUS 71 | (EFIAPI *PRE_BOOT_CLEAR_VOLUME_BUTTON_STATE)( 72 | IN MS_BUTTON_SERVICES_PROTOCOL *This 73 | ); 74 | 75 | /// 76 | /// Button services protocol that drivers can use and publish 77 | /// 78 | struct _MS_BUTTON_SERVICES_PROTOCOL { 79 | PRE_BOOT_VOLUME_DOWN_BUTTON_THEN_POWER_BUTTON_CHECK PreBootVolumeDownButtonThenPowerButtonCheck; 80 | PRE_BOOT_VOLUME_UP_BUTTON_THEN_POWER_BUTTON_CHECK PreBootVolumeUpButtonThenPowerButtonCheck; 81 | PRE_BOOT_CLEAR_VOLUME_BUTTON_STATE PreBootClearVolumeButtonState; 82 | }; 83 | 84 | extern EFI_GUID gMsButtonServicesProtocolGuid; 85 | 86 | #endif 87 | -------------------------------------------------------------------------------- /OemPkg/Include/Protocol/MsFrontPageAuthTokenProtocol.h: -------------------------------------------------------------------------------- 1 | /** @file 2 | MsFrontPageAuthTokenProtocol is used to hold the auth token generated during the front page launch and will be accessed from across 3 | all frontpage applications to retrieve provider data from the settingsprovider. The authtoken should be disposed off on front page 4 | exit and protocol unregistered. 5 | 6 | Copyright (C) Microsoft Corporation. All rights reserved. 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | 9 | **/ 10 | 11 | #ifndef _FRONT_PAGE_AUTH_TOKEN_PROTOCOL_h 12 | #define _FRONT_PAGE_AUTH_TOKEN_PROTOCOL_h 13 | 14 | typedef struct _FRONT_PAGE_AUTH_TOKEN_PROTOCOL FRONT_PAGE_AUTH_TOKEN_PROTOCOL; 15 | 16 | struct _FRONT_PAGE_AUTH_TOKEN_PROTOCOL { 17 | UINTN AuthToken; 18 | }; 19 | 20 | extern EFI_GUID gMsFrontPageAuthTokenProtocolGuid; 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /OemPkg/Include/Settings/FrontPageSettings.h: -------------------------------------------------------------------------------- 1 | /** @file FrontPageSettings.h 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | 6 | Header file for settings related to Front Page 7 | 8 | **/ 9 | 10 | #ifndef __FRONT_PAGE_SETTINGS_H__ 11 | #define __FRONT_PAGE_SETTINGS_H__ 12 | 13 | // 14 | // Security settings 15 | // 16 | #define DFCI_SETTING_ID__SECURE_BOOT_KEYS_ENUM "Device.SecureBootKeys.Enum" 17 | #define DFCI_SETTING_ID__PASSWORD "Device.Password.Password" 18 | 19 | #endif // __FRONT_PAGE_SETTINGS_H__ 20 | -------------------------------------------------------------------------------- /OemPkg/Library/ActiveProfileIndexSelectorPcdLib/ActiveProfileIndexSelectorPcdLib.c: -------------------------------------------------------------------------------- 1 | /** @file ActiveProfileIndexSelectorPcdLib.c 2 | PCD instance of ActiveProfileIndexSelectorLib. It is expected that the OEM/Platform 3 | will override this library to query the current boot active profile index from the 4 | proper source of truth. 5 | 6 | This library reads gOemPkgTokenSpaceGuid.PcdActiveProfileIndex and returns the active 7 | profile index. 8 | 9 | Copyright (c) Microsoft Corporation. 10 | SPDX-License-Identifier: BSD-2-Clause-Patent 11 | 12 | **/ 13 | #include <Uefi.h> 14 | #include <Library/BaseLib.h> 15 | #include <Library/PcdLib.h> 16 | #include <Library/ActiveProfileIndexSelectorLib.h> 17 | 18 | /** 19 | Return which profile is the active profile for this boot. 20 | This function validates the profile GUID is valid. 21 | 22 | @param[out] ActiveProfileIndex The index for the active profile. A value of MAX_UINT32, when combined with a return 23 | value of EFI_SUCCESS, indicates that the default profile has been chosen. If the 24 | return value is not EFI_SUCCESS, the value of ActiveProfileIndex shall not be updated. 25 | 26 | @retval EFI_INVALID_PARAMETER Input argument is null. 27 | @retval EFI_NO_RESPONSE The source of truth for profile selection has returned a garbage value or not replied. 28 | @retval EFI_SUCCESS The operation succeeds and ActiveProfileIndex contains the valid active profile 29 | index for this boot. 30 | **/ 31 | EFI_STATUS 32 | EFIAPI 33 | GetActiveProfileIndex ( 34 | OUT UINT32 *ActiveProfileIndex 35 | ) 36 | { 37 | if (ActiveProfileIndex == NULL) { 38 | return EFI_INVALID_PARAMETER; 39 | } 40 | 41 | // Just return what the PCD has, the caller should validate it 42 | *ActiveProfileIndex = FixedPcdGet32 (PcdActiveProfileIndex); 43 | 44 | return EFI_SUCCESS; 45 | } 46 | -------------------------------------------------------------------------------- /OemPkg/Library/ActiveProfileIndexSelectorPcdLib/ActiveProfileIndexSelectorPcdLib.inf: -------------------------------------------------------------------------------- 1 | ## @file ActiveProfileIndexSelectorPcdLib.inf 2 | # PCD instance of ActiveProfileIndexSelectorLib to pick a profile based on 3 | # value of PcdActiveProfileIndex 4 | # 5 | # Copyright (c) Microsoft Corporation 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010017 11 | BASE_NAME = ActiveProfileIndexSelectorPcdLib 12 | FILE_GUID = 4F334BDD-9C31-4244-8E27-153E450C8B58 13 | VERSION_STRING = 1.0 14 | MODULE_TYPE = BASE 15 | LIBRARY_CLASS = ActiveProfileIndexSelectorLib 16 | 17 | [Sources] 18 | ActiveProfileIndexSelectorPcdLib.c 19 | 20 | [Packages] 21 | MdePkg/MdePkg.dec 22 | SetupDataPkg/SetupDataPkg.dec 23 | OemPkg/OemPkg.dec 24 | 25 | [LibraryClasses] 26 | BaseLib 27 | PcdLib 28 | 29 | [Pcd] 30 | gOemPkgTokenSpaceGuid.PcdActiveProfileIndex ## CONSUMES 31 | -------------------------------------------------------------------------------- /OemPkg/Library/BootGraphicsProviderLib/BootGraphicsProviderLib.c: -------------------------------------------------------------------------------- 1 | /** @file 2 | This BootGraphicsProviderLib is intended to abstract the source of the 3 | BMP files from the caller 4 | 5 | This instance uses defined PCDs and RAW FFS files 6 | 7 | Copyright (C) Microsoft Corporation. All rights reserved. 8 | SPDX-License-Identifier: BSD-2-Clause-Patent 9 | 10 | **/ 11 | 12 | #include <Uefi.h> 13 | 14 | #include <Pi/PiFirmwareFile.h> 15 | 16 | #include <Library/PcdLib.h> 17 | #include <Library/DebugLib.h> 18 | #include <Library/BootGraphicsProviderLib.h> 19 | #include <Library/DxeServicesLib.h> 20 | 21 | /** 22 | Get the requested boot graphic 23 | 24 | **/ 25 | EFI_STATUS 26 | EFIAPI 27 | GetBootGraphic ( 28 | BOOT_GRAPHIC Graphic, 29 | OUT UINTN *ImageSize, 30 | OUT UINT8 **ImageData 31 | ) 32 | { 33 | EFI_GUID *g = NULL; 34 | 35 | switch (Graphic) { 36 | case BG_SYSTEM_LOGO: 37 | g = PcdGetPtr (PcdLogoFile); 38 | break; 39 | case BG_CRITICAL_OVER_TEMP: 40 | g = PcdGetPtr (PcdThermalFile); 41 | break; 42 | case BG_CRITICAL_LOW_BATTERY: 43 | g = PcdGetPtr (PcdLowBatteryFile); 44 | break; 45 | default: 46 | DEBUG ((DEBUG_ERROR, "Unsupported Boot Graphic Type 0x%X\n", Graphic)); 47 | return EFI_UNSUPPORTED; 48 | } 49 | 50 | // 51 | // Get the specified image from FV. 52 | // 53 | return GetSectionFromAnyFv (g, EFI_SECTION_RAW, 0, (VOID **)ImageData, ImageSize); 54 | } 55 | 56 | UINT32 57 | EFIAPI 58 | GetBackgroundColor ( 59 | ) 60 | { 61 | return PcdGet32 (PcdPostBackgroundColor); 62 | } 63 | -------------------------------------------------------------------------------- /OemPkg/Library/BootGraphicsProviderLib/BootGraphicsProviderLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # BootGraphicsProviderLib that uses PCDs and raw files in the firmware volumes 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010005 11 | BASE_NAME = BootGraphicsProviderLib 12 | FILE_GUID = 3f7bd07a-1436-4486-8a8b-e7957d171ad7 13 | MODULE_TYPE = DXE_DRIVER 14 | VERSION_STRING = 1.0 15 | LIBRARY_CLASS = BootGraphicsProviderLib|DXE_DRIVER UEFI_APPLICATION 16 | 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 21 | # 22 | 23 | [Sources] 24 | BootGraphicsProviderLib.c 25 | 26 | [Packages] 27 | MdePkg/MdePkg.dec 28 | MdeModulePkg/MdeModulePkg.dec 29 | OemPkg/OemPkg.dec 30 | MsGraphicsPkg/MsGraphicsPkg.dec 31 | 32 | [LibraryClasses] 33 | UefiBootServicesTableLib 34 | DebugLib 35 | PcdLib 36 | DxeServicesLib 37 | 38 | 39 | [Protocols] 40 | 41 | 42 | [Pcd] 43 | gOemPkgTokenSpaceGuid.PcdLogoFile 44 | gOemPkgTokenSpaceGuid.PcdLowBatteryFile 45 | gOemPkgTokenSpaceGuid.PcdThermalFile 46 | gOemPkgTokenSpaceGuid.PcdPostBackgroundColor 47 | -------------------------------------------------------------------------------- /OemPkg/Library/DeviceBootManagerLib/DeviceBootManagerLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # DeviceBootManager - Ms Device specific extensions to BdsDxe. 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | [Defines] 9 | EDK_RELEASE_VERSION = 0x00020000 10 | INF_VERSION = 0x00010017 11 | BASE_NAME = DeviceBootManagerLib 12 | FILE_GUID = 4734dddd-9054-4d42-acab-f8907886cc6f 13 | VERSION_STRING = 1.0 14 | MODULE_TYPE = DXE_DRIVER 15 | UEFI_SPECIFICATION_VERSION = 2.70 16 | LIBRARY_CLASS = DeviceBootManagerLib|DXE_DRIVER 17 | CONSTRUCTOR = DeviceBootManagerConstructor 18 | 19 | [Sources] 20 | DeviceBootManagerLib.c 21 | 22 | [Packages] 23 | MdePkg/MdePkg.dec 24 | MdeModulePkg/MdeModulePkg.dec 25 | MsCorePkg/MsCorePkg.dec 26 | MsGraphicsPkg/MsGraphicsPkg.dec 27 | PcBdsPkg/PcBdsPkg.dec 28 | DfciPkg/DfciPkg.dec 29 | ShellPkg/ShellPkg.dec 30 | MsWheaPkg/MsWheaPkg.dec 31 | 32 | [LibraryClasses] 33 | DebugLib 34 | HobLib 35 | MemoryAllocationLib 36 | BaseMemoryLib 37 | DevicePathLib 38 | UefiBootServicesTableLib 39 | UefiRuntimeServicesTableLib 40 | MsPlatformDevicesLib 41 | MsNetworkDependencyLib 42 | MsBootOptionsLib 43 | ConsoleMsgLib 44 | MsBootPolicyLib 45 | MsBootManagerSettingsLib 46 | MsPlatformPowerCheckLib 47 | ThermalServicesLib 48 | PowerServicesLib 49 | MsNVBootReasonLib 50 | BootGraphicsLib 51 | GraphicsConsoleHelperLib 52 | MuTelemetryHelperLib 53 | VariablePolicyHelperLib 54 | UpdateFacsHardwareSignatureLib 55 | 56 | [Guids] 57 | gUefiShellFileGuid 58 | gMsStartOfBdsNotifyGuid 59 | gDfciStartOfBdsNotifyGuid 60 | gMsBootMenuFormsetGuid 61 | gEfiEventPreReadyToBootGuid 62 | gEfiEventPostReadyToBootGuid 63 | gDfciSettingsManagerVarNamespace 64 | 65 | [Protocols] 66 | gMsOSKProtocolGuid ## CONSUMES 67 | gMsSWMProtocolGuid ## CONSUMES 68 | gTpmPpProtocolGuid ## CONSUMES 69 | gEdkiiVariablePolicyProtocolGuid ## CONSUMES 70 | 71 | [Pcd] 72 | gPcBdsPkgTokenSpaceGuid.PcdPowerAndThermalRetries 73 | gPcBdsPkgTokenSpaceGuid.PcdShutdownGraphicDisplayTime 74 | gPcBdsPkgTokenSpaceGuid.PcdThermalControlRetryWait 75 | gPcBdsPkgTokenSpaceGuid.PcdShellFile 76 | gPcBdsPkgTokenSpaceGuid.PcdEnableMemMapOutput 77 | gPcBdsPkgTokenSpaceGuid.PcdEnableMemMapTypes 78 | gPcBdsPkgTokenSpaceGuid.PcdEnableMemMapDumpOutput 79 | gPcBdsPkgTokenSpaceGuid.PcdLowResolutionInternalShell 80 | 81 | [Depex] 82 | TRUE -------------------------------------------------------------------------------- /OemPkg/Library/DfciDeviceIdSupportLib/DfciDeviceIdSupportLib.inf: -------------------------------------------------------------------------------- 1 | ## @file DfciDeviceIdSupportLib.inf 2 | # 3 | # Implementation sample for DfciDeviceIdSupportLib. 4 | # 5 | # Copyright (C) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010005 12 | BASE_NAME = DfciDeviceIdSupportLib 13 | FILE_GUID = CC3386FC-7047-4B53-A60C-E7F1C4D7B397 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = DfciDeviceIdSupportLib|DXE_DRIVER UEFI_APPLICATION 17 | CONSTRUCTOR = DfciIdSupportConstructor 18 | 19 | 20 | # 21 | # The following information is for reference only and not required by the build tools. 22 | # 23 | # VALID_ARCHITECTURES = ANY 24 | # 25 | 26 | [Sources] 27 | DfciDeviceIdSupportLib.c 28 | 29 | [Packages] 30 | MdePkg/MdePkg.dec 31 | MdeModulePkg/MdeModulePkg.dec 32 | DfciPkg/DfciPkg.dec 33 | 34 | [LibraryClasses] 35 | DebugLib 36 | BaseLib 37 | UefiLib 38 | MemoryAllocationLib 39 | UefiBootServicesTableLib 40 | BaseMemoryLib 41 | 42 | [Protocols] 43 | gEfiSmbiosProtocolGuid ## CONSUMES 44 | 45 | [Guids] 46 | 47 | [Pcd] 48 | gEfiMdeModulePkgTokenSpaceGuid.PcdSystemFmpCapsuleImageTypeIdGuid 49 | 50 | [Depex] 51 | gEfiSmbiosProtocolGuid -------------------------------------------------------------------------------- /OemPkg/Library/DfciGroupLib/DfciGroups.c: -------------------------------------------------------------------------------- 1 | /** @file DfciGroups.c 2 | 3 | Library Instance for Dfci to establish platform settings that are part of Dfci Group settings. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #include <Uefi.h> 11 | 12 | #include <DfciSystemSettingTypes.h> 13 | 14 | #include <Library/BaseMemoryLib.h> 15 | #include <Library/MemoryAllocationLib.h> 16 | #include <Library/DebugLib.h> 17 | #include <Library/DfciGroupLib.h> 18 | #include <Library/UefiBootServicesTableLib.h> 19 | #include <Library/UefiLib.h> 20 | #include <Library/UefiRuntimeServicesTableLib.h> 21 | 22 | #include <Settings/BootMenuSettings.h> 23 | #include <Settings/DfciSettings.h> 24 | 25 | STATIC DFCI_SETTING_ID_STRING mExternalMediaSettings[] = { 26 | DFCI_SETTING_ID__ENABLE_USB_BOOT, 27 | NULL 28 | }; 29 | 30 | STATIC DFCI_GROUP_ENTRY mMyGroups[] = { 31 | { DFCI_STD_SETTING_ID__EXTERNAL_MEDIA, (DFCI_SETTING_ID_STRING *)&mExternalMediaSettings }, 32 | { NULL, NULL } 33 | }; 34 | 35 | /** 36 | * Return a pointer to the Group Array to DFCI 37 | * 38 | */ 39 | DFCI_GROUP_ENTRY * 40 | EFIAPI 41 | DfciGetGroupEntries ( 42 | VOID 43 | ) 44 | { 45 | return (DFCI_GROUP_ENTRY *)&mMyGroups; 46 | } 47 | -------------------------------------------------------------------------------- /OemPkg/Library/DfciGroupLib/DfciGroups.inf: -------------------------------------------------------------------------------- 1 | ## @file DfciGroups.inf 2 | # 3 | # Implementation sample for support Dfci Groups 4 | # 5 | # Copyright (C) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = DfciGroupLib 13 | FILE_GUID = CA514A50-C93D-4276-AD3D-CB7DC4EBC1F9 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = DfciGroupLib | DXE_DRIVER 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = ANY 21 | # 22 | 23 | [Sources] 24 | DfciGroups.c 25 | 26 | [Packages] 27 | DfciPkg/DfciPkg.dec 28 | MdePkg/MdePkg.dec 29 | PcBdsPkg/PcBdsPkg.dec 30 | 31 | [LibraryClasses] 32 | BaseLib 33 | BaseMemoryLib 34 | DebugLib 35 | MemoryAllocationLib 36 | PcdLib 37 | UefiBootServicesTableLib 38 | UefiLib 39 | UefiRuntimeServicesTableLib 40 | 41 | [Guids] 42 | 43 | [Protocols] 44 | 45 | [Pcd] 46 | 47 | [Depex] 48 | TRUE 49 | -------------------------------------------------------------------------------- /OemPkg/Library/DfciUiSupportLib/DfciUiSupportLib.c: -------------------------------------------------------------------------------- 1 | /* @file DfciUiSupportLib.c 2 | 3 | Library Instance for UI support functions for DFCI. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | #include <Uefi.h> 10 | #include <DfciSystemSettingTypes.h> 11 | 12 | #include <Library/BaseLib.h> 13 | #include <Library/DebugLib.h> 14 | #include <Library/DfciUiSupportLib.h> 15 | #include <Library/MemoryAllocationLib.h> 16 | #include <Library/SwmDialogsLib.h> 17 | #include <Library/UefiBootServicesTableLib.h> 18 | #include <Library/UefiLib.h> 19 | 20 | #include <Protocol/OnScreenKeyboard.h> 21 | #include <Protocol/SimpleWindowManager.h> 22 | 23 | /** 24 | * DfciUiDisplayDfciAuthDialog 25 | * 26 | * @param TitleText 27 | * @param CaptionText 28 | * @param BodyText 29 | * @param CertText 30 | * @param ConfirmText 31 | * @param ErrorText 32 | * @param PasswordType 33 | * @param Thumbprint 34 | * @param Result 35 | * @param OPTIONAL 36 | * 37 | * @return EFI_STATUS EFIAPI 38 | */ 39 | EFI_STATUS 40 | EFIAPI 41 | DfciUiDisplayAuthDialog ( 42 | IN CHAR16 *TitleText, 43 | IN CHAR16 *CaptionText, 44 | IN CHAR16 *BodyText, 45 | IN CHAR16 *CertText, 46 | IN CHAR16 *ConfirmText, 47 | IN CHAR16 *ErrorText, 48 | IN BOOLEAN PasswordType, 49 | IN CHAR16 *Thumbprint, 50 | OUT DFCI_MB_RESULT *Result, 51 | OUT CHAR16 **Password OPTIONAL 52 | ) 53 | { 54 | EFI_STATUS Status; 55 | CHAR16 *ThumbprintFromUser; 56 | 57 | if (DfciUiIsManufacturingMode ()) { 58 | *Result = DFCI_MB_IDOK; 59 | return EFI_SUCCESS; 60 | } 61 | 62 | ThumbprintFromUser = NULL; 63 | 64 | Status = SwmDialogsVerifyThumbprintPrompt ( 65 | TitleText, 66 | CaptionText, 67 | BodyText, 68 | CertText, 69 | ConfirmText, 70 | ErrorText, 71 | PasswordType ? SWM_THMB_TYPE_ALERT_PASSWORD : SWM_THMB_TYPE_ALERT_THUMBPRINT, 72 | (SWM_MB_RESULT *)Result, 73 | Password, 74 | &ThumbprintFromUser 75 | ); 76 | 77 | if (!EFI_ERROR (Status)) { 78 | if (*Result == DFCI_MB_IDOK) { 79 | if (NULL == ThumbprintFromUser) { 80 | DEBUG ((DEBUG_ERROR, "%a: Failed to get Thumbprint from Dialog\n", __FUNCTION__)); 81 | *Result = DFCI_MB_IDTRYAGAIN; 82 | ASSERT (ThumbprintFromUser != NULL); 83 | } else { 84 | if (StrCmp (ThumbprintFromUser, Thumbprint) != 0) { 85 | *Result = DFCI_MB_IDTRYAGAIN; 86 | } 87 | 88 | FreePool (ThumbprintFromUser); 89 | } 90 | } 91 | } 92 | 93 | return Status; 94 | } 95 | 96 | EFI_STATUS 97 | EFIAPI 98 | DfciUiDisplayPasswordDialog ( 99 | IN CHAR16 *TitleText, 100 | IN CHAR16 *CaptionText, 101 | IN CHAR16 *BodyText, 102 | IN CHAR16 *ErrorText, 103 | OUT DFCI_MB_RESULT *Result, 104 | OUT CHAR16 **Password 105 | ) 106 | { 107 | return SwmDialogsPasswordPrompt ( 108 | TitleText, 109 | CaptionText, 110 | BodyText, 111 | ErrorText, 112 | SWM_PWD_TYPE_ALERT_PASSWORD, 113 | (SWM_MB_RESULT *)Result, 114 | Password 115 | ); 116 | } 117 | 118 | EFI_STATUS 119 | EFIAPI 120 | DfciUiDisplayMessageBox ( 121 | IN CHAR16 *TitleBarText, 122 | IN CHAR16 *Text, 123 | IN CHAR16 *Caption, 124 | IN UINT32 Type, 125 | IN UINT64 Timeout, 126 | OUT DFCI_MB_RESULT *Result 127 | ) 128 | { 129 | return SwmDialogsMessageBox ( 130 | TitleBarText, 131 | Text, 132 | Caption, 133 | Type, 134 | Timeout, 135 | (SWM_MB_RESULT *)Result 136 | ); 137 | } 138 | 139 | /** 140 | This routine indicates if the system is in Manufacturing Mode. 141 | 142 | @retval ManufacturingMode - Platforms may have a manufacturing mode. 143 | DFCI Auto opt-in's the management cert included 144 | in the firmware volume in Manufacturing Mode. 145 | TRUE if the device is in Manufacturing Mode 146 | **/ 147 | BOOLEAN 148 | EFIAPI 149 | DfciUiIsManufacturingMode ( 150 | VOID 151 | ) 152 | { 153 | return FALSE; 154 | } 155 | 156 | /** 157 | 158 | This routine indicates if the UI is ready and can be used. 159 | 160 | @retval TRUE if the UI is ready to use, else FALSE. 161 | 162 | **/ 163 | BOOLEAN 164 | EFIAPI 165 | DfciUiIsUiAvailable ( 166 | VOID 167 | ) 168 | { 169 | EFI_STATUS Status; 170 | VOID *Ptr; 171 | 172 | // Locate the Simple Window Manager protocol. 173 | // 174 | Status = gBS->LocateProtocol ( 175 | &gMsSWMProtocolGuid, 176 | NULL, 177 | &Ptr 178 | ); 179 | 180 | return (Status == EFI_SUCCESS); 181 | } 182 | 183 | /** 184 | DfciUiExitSecurityBoundary 185 | 186 | UEFI that support locked settings variables can lock those 187 | variable when this function is called. DFCI will call this function 188 | before enabling USB or the Network device which are considered unsafe. 189 | 190 | Signal PreReadyToBoot - lock private settings variable to ensure 191 | USB or Network don't have access to locked settings. 192 | Disable the OSK from being displayed (PreReadyToBoot also enables the OSK) 193 | **/ 194 | VOID 195 | EFIAPI 196 | DfciUiExitSecurityBoundary ( 197 | VOID 198 | ) 199 | { 200 | UINT32 OSKMode; 201 | MS_ONSCREEN_KEYBOARD_PROTOCOL *OSKProtocol; 202 | EFI_STATUS Status; 203 | 204 | // Platform Late Locking event. For now, just signal 205 | // PreReadyToBoot() to exit the trust boundary. 206 | // 207 | // All exits from now on should restart the system to get back 208 | // inside the security boundary to continue making changes. 209 | EfiEventGroupSignal (&gEfiEventPreReadyToBootGuid); 210 | 211 | // This also enables auto keyboard enable, so turn it back off: 212 | 213 | // Locate the on-screen keyboard (OSK) protocol. It may be used for input on a touch-only device. 214 | // 215 | OSKProtocol = NULL; 216 | Status = gBS->LocateProtocol ( 217 | &gMsOSKProtocolGuid, 218 | NULL, 219 | (VOID **)&OSKProtocol 220 | ); 221 | if (EFI_ERROR (Status)) { 222 | DEBUG ((DEBUG_WARN, "%a: Failed to locate on-screen keyboard protocol (%r).\r\n", __FUNCTION__, Status)); 223 | OSKProtocol = NULL; 224 | } 225 | 226 | if (NULL != OSKProtocol) { 227 | // Disable OSK icon auto-activation and self-refresh, and ensure keyboard is disabled. 228 | // 229 | OSKProtocol->GetKeyboardMode (OSKProtocol, &OSKMode); 230 | OSKMode &= ~(OSK_MODE_AUTOENABLEICON | OSK_MODE_SELF_REFRESH); 231 | OSKProtocol->ShowKeyboard (OSKProtocol, FALSE); 232 | OSKProtocol->ShowKeyboardIcon (OSKProtocol, FALSE); 233 | OSKProtocol->SetKeyboardMode (OSKProtocol, OSKMode); 234 | } 235 | } 236 | -------------------------------------------------------------------------------- /OemPkg/Library/DfciUiSupportLib/DfciUiSupportLib.inf: -------------------------------------------------------------------------------- 1 | ## @file DfciUiSupportLib.inf 2 | # 3 | # Library Instance for UI support functions for DFCI. 4 | # 5 | # Copyright (C) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | ## 9 | 10 | 11 | [Defines] 12 | INF_VERSION = 0x00010017 13 | BASE_NAME = DfciUiSupportLib 14 | FILE_GUID = 522EBB9A-D224-40CF-BD3D-700C2D2E789C 15 | VERSION_STRING = 1.0 16 | MODULE_TYPE = DXE_DRIVER 17 | LIBRARY_CLASS = DfciUiSupportLib | DXE_DRIVER 18 | 19 | # 20 | # The following information is for reference only and not required by the build tools. 21 | # 22 | # VALID_ARCHITECTURES = ANY 23 | # 24 | 25 | 26 | [Sources] 27 | DfciUiSupportLib.c 28 | 29 | [Packages] 30 | MdePkg/MdePkg.dec 31 | DfciPkg/DfciPkg.dec 32 | MsGraphicsPkg/MsGraphicsPkg.dec 33 | OemPkg/OemPkg.dec 34 | 35 | [LibraryClasses] 36 | BaseLib 37 | DebugLib 38 | MemoryAllocationLib 39 | SwmDialogsLib 40 | UefiBootServicesTableLib 41 | UefiLib 42 | 43 | [Protocols] 44 | gMsSWMProtocolGuid #sometimes consumes 45 | 46 | [Guids] 47 | gEfiEventPreReadyToBootGuid 48 | 49 | -------------------------------------------------------------------------------- /OemPkg/Library/MsAltBootLib/MsAltBootLib.c: -------------------------------------------------------------------------------- 1 | /**@file Library to interface with alternate boot variable 2 | 3 | Copyright (C) Microsoft Corporation. All rights reserved. 4 | SPDX-License-Identifier: BSD-2-Clause-Patent 5 | 6 | **/ 7 | 8 | #include <Uefi.h> 9 | #include <Library/DebugLib.h> 10 | #include <Library/UefiRuntimeServicesTableLib.h> 11 | #include <Library/MuUefiVersionLib.h> 12 | #include "MsAltBootVariables.h" 13 | 14 | /** 15 | Clears the Alternate boot flag 16 | **/ 17 | VOID 18 | EFIAPI 19 | ClearAltBoot ( 20 | VOID 21 | ) 22 | { 23 | EFI_STATUS Status; 24 | UINTN AltBootFlag, FlagSize; 25 | UINT32 Attributes; 26 | 27 | FlagSize = sizeof (UINTN); 28 | Status = gRT->GetVariable ( 29 | kszAltBootFlagVariableName, 30 | &gAltBootGuid, 31 | &Attributes, 32 | &FlagSize, 33 | &AltBootFlag 34 | ); 35 | 36 | // Alt boot flag exists and value is 1, so set it back to 0 37 | if ((Status == EFI_SUCCESS) && (AltBootFlag == 1)) { 38 | AltBootFlag = 0; 39 | Status = gRT->SetVariable ( 40 | kszAltBootFlagVariableName, 41 | &gAltBootGuid, 42 | Attributes, 43 | FlagSize, 44 | &AltBootFlag 45 | ); 46 | if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { 47 | DEBUG ((DEBUG_ERROR, "%a - Failed to clear Alternate Boot Flag! %r\n", __FUNCTION__, Status)); 48 | ASSERT (FALSE); 49 | } 50 | } 51 | } 52 | 53 | /** 54 | Set the Alternate boot flag 55 | 56 | @retval EFI_SUCCESS Set AltBoot successfully 57 | @retval !EFI_SUCCESS Failed to set AltBoot 58 | **/ 59 | EFI_STATUS 60 | EFIAPI 61 | SetAltBoot ( 62 | VOID 63 | ) 64 | { 65 | EFI_STATUS Status; 66 | UINTN AltBootFlag, FlagSize; 67 | 68 | FlagSize = sizeof (UINTN); 69 | 70 | Status = gRT->GetVariable ( 71 | kszAltBootFlagVariableName, 72 | &gAltBootGuid, 73 | 0, 74 | &FlagSize, 75 | &AltBootFlag 76 | ); 77 | if (EFI_ERROR (Status) && (Status != EFI_NOT_FOUND)) { 78 | // some error besides EFI_NOT_FOUND 79 | DEBUG ((DEBUG_ERROR, "%a - Failed to retrieve alt boot variable! %r\n", __FUNCTION__, Status)); 80 | } 81 | 82 | if ((Status == EFI_SUCCESS) && (AltBootFlag == 0)) { 83 | AltBootFlag = 1; 84 | Status = gRT->SetVariable ( 85 | kszAltBootFlagVariableName, 86 | &gAltBootGuid, 87 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS, 88 | FlagSize, 89 | &AltBootFlag 90 | ); 91 | if (EFI_ERROR (Status)) { 92 | DEBUG ((DEBUG_ERROR, "%a - Failed to set alt boot variable! %r\n", __FUNCTION__, Status)); 93 | } 94 | } 95 | 96 | return Status; 97 | } 98 | -------------------------------------------------------------------------------- /OemPkg/Library/MsAltBootLib/MsAltBootLib.inf: -------------------------------------------------------------------------------- 1 | ## 2 | # @file Library to interface with alternate boot variable 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010005 11 | BASE_NAME = MsAltBootLib 12 | FILE_GUID = 104ED46A-2D13-4B46-AEE6-5F9122F9F525 13 | MODULE_TYPE = DXE_DRIVER 14 | VERSION_STRING = 1.0 15 | LIBRARY_CLASS = MsAltBootLib 16 | 17 | # 18 | # The following information is for reference only and not required by the build 19 | # tools. 20 | # 21 | # VALID_ARCHITECTURES = IA32 X64 22 | # 23 | 24 | [Sources] 25 | MsAltBootLib.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | OemPkg/OemPkg.dec 30 | PcBdsPkg/PcBdsPkg.dec 31 | 32 | [LibraryClasses] 33 | 34 | [Protocols] 35 | 36 | [Guids] 37 | gAltBootGuid 38 | 39 | [Pcd] 40 | 41 | [Depex] 42 | TRUE 43 | -------------------------------------------------------------------------------- /OemPkg/Library/MsAltBootLib/MsAltBootVariables.h: -------------------------------------------------------------------------------- 1 | /*++ @file 2 | 3 | This file defines the variables used by the USB and PXE Boot 4 | Detection feature. 5 | 6 | Copyright (C) Microsoft Corporation. All rights reserved. 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | 9 | **/ 10 | 11 | #ifndef __MS_ALT_BOOT_VARIABLES_INC__ 12 | #define __MS_ALT_BOOT_VARIABLES_INC__ 13 | 14 | /** 15 | This variable is a flag to track whether or not a system has been 16 | booted from USB or PXE 17 | **/ 18 | #define kszAltBootFlagVariableName (L"AltBootFlag") 19 | 20 | /** 21 | Namespace GUID for the Boot Type Tracking feature. 22 | {26D75FF0-D5CD-49EC-8092-F8EC4D18EF33} 23 | **/ 24 | extern EFI_GUID gAltBootGuid; 25 | 26 | #endif // __MS_ALT_BOOT_VARIABLES_INC__ 27 | -------------------------------------------------------------------------------- /OemPkg/Library/MsBootManagerSettingsDxeLib/MsBootManagerSettingsDxeLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Library to support Device disable Settings (get/set) 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | [Defines] 9 | INF_VERSION = 0x00010017 10 | BASE_NAME = MsBootManagerSettingsDxeLib 11 | FILE_GUID = 75a0b4be-9b94-45dd-a8c8-9ecd1ed08a34 12 | MODULE_TYPE = DXE_DRIVER 13 | VERSION_STRING = 1.0 14 | LIBRARY_CLASS = MsBootManagerSettingsLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER 15 | CONSTRUCTOR = MsBootManagerSettingsConstructor 16 | # 17 | # The following information is for reference only and not required by the build tools. 18 | # 19 | # VALID_ARCHITECTURES = IA32 X64 IPF EBC 20 | # 21 | 22 | [Sources] 23 | BootManagerSettings.c 24 | 25 | [Packages] 26 | MdePkg/MdePkg.dec 27 | PcBdsPkg/PcBdsPkg.dec 28 | DfciPkg/DfciPkg.dec 29 | 30 | [LibraryClasses] 31 | DebugLib 32 | UefiBootServicesTableLib 33 | UefiRuntimeServicesTableLib 34 | MemoryAllocationLib 35 | BaseLib 36 | BaseMemoryLib 37 | UefiLib 38 | PcdLib 39 | 40 | [Guids] 41 | gMsBootManagerSettingsGuid 42 | 43 | [Protocols] 44 | gDfciSettingsProviderSupportProtocolGuid 45 | 46 | [FeaturePcd] 47 | gDfciPkgTokenSpaceGuid.PcdSettingsManagerInstallProvider 48 | 49 | [Pcd] 50 | gPcBdsPkgTokenSpaceGuid.PcdEnableIPv6Boot 51 | gPcBdsPkgTokenSpaceGuid.PcdEnableAltBoot 52 | gPcBdsPkgTokenSpaceGuid.PcdEnableBootOrderLock 53 | gPcBdsPkgTokenSpaceGuid.PcdEnableUsbBoot 54 | gPcBdsPkgTokenSpaceGuid.PcdStartNetwork 55 | gPcBdsPkgTokenSpaceGuid.PcdEnableMemMapOutput 56 | gPcBdsPkgTokenSpaceGuid.PcdEnableMemMapTypes 57 | 58 | [Depex] 59 | TRUE 60 | -------------------------------------------------------------------------------- /OemPkg/Library/MsBootPolicyLib/MsBootPolicyLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Library that platform implemented to determine boot type 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | 8 | [Defines] 9 | INF_VERSION = 0x00010005 10 | BASE_NAME = MsBootPolicyLib 11 | FILE_GUID = 8F9D1D45-AA09-4028-BFB6-58B9EEAB3B25 12 | MODULE_TYPE = DXE_DRIVER 13 | VERSION_STRING = 1.0 14 | LIBRARY_CLASS = MsBootPolicyLib|DXE_DRIVER UEFI_APPLICATION 15 | CONSTRUCTOR = MsBootPolicyLibConstructor 16 | 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = IA32 X64 IPF EBC 21 | # 22 | 23 | [Sources] 24 | MsBootPolicyLib.c 25 | 26 | [Packages] 27 | MdePkg/MdePkg.dec 28 | PcBdsPkg/PcBdsPkg.dec 29 | OemPkg/OemPkg.dec 30 | DfciPkg/DfciPkg.dec 31 | MsCorePkg/MsCorePkg.dec 32 | MdeModulePkg/MdeModulePkg.dec 33 | 34 | [LibraryClasses] 35 | DebugLib 36 | DevicePathLib 37 | MemoryAllocationLib 38 | UefiBootServicesTableLib 39 | UefiRuntimeServicesTableLib 40 | MsPlatformDevicesLib 41 | 42 | [Protocols] 43 | gDfciSettingAccessProtocolGuid ## CONSUMES 44 | gMsButtonServicesProtocolGuid ## CONSUMES 45 | 46 | [Guids] 47 | 48 | [Pcd] 49 | gPcBdsPkgTokenSpaceGuid.PcdBdsBootPolicy 50 | -------------------------------------------------------------------------------- /OemPkg/Library/MsNVBootReasonLib/MsNVBootReasonLib.c: -------------------------------------------------------------------------------- 1 | /*++ 2 | Copyright (C) Microsoft Corporation. All rights reserved. 3 | SPDX-License-Identifier: BSD-2-Clause-Patent 4 | 5 | Library to provide interface on Reboot Reason non volatile variables 6 | 7 | **/ 8 | 9 | #include <Uefi.h> // UEFI base types 10 | 11 | #include <Guid/GlobalVariable.h> 12 | 13 | #include <Library/UefiRuntimeServicesTableLib.h> // gRT 14 | #include <Library/DebugLib.h> // DEBUG tracing 15 | #include <Library/DeviceBootManagerLib.h> 16 | #include <Library/MsNVBootReasonLib.h> 17 | 18 | #include <Guid/MsNVBootReason.h> 19 | 20 | /** 21 | Update secure boot violation 22 | 23 | @param[in] RebootStatus Reboot Status from BDS 24 | 25 | @retval EFI_SUCCESS Update secure boot violation successfully 26 | @retval !EFI_SUCCESS Failed to update secure boot violation 27 | **/ 28 | EFI_STATUS 29 | UpdateSecureBootViolation ( 30 | IN EFI_STATUS RebootStatus 31 | ) 32 | { 33 | CHAR16 *SbViolationVarName = SFP_SB_VIOLATION_SIGNAL_VAR_NAME; 34 | BOOLEAN SecViolation; 35 | EFI_STATUS Status; 36 | 37 | if (EFI_SECURITY_VIOLATION == RebootStatus) { 38 | SecViolation = TRUE; 39 | Status = gRT->SetVariable ( 40 | SbViolationVarName, 41 | &gOemBootNVVarGuid, 42 | EFI_VARIABLE_BOOTSERVICE_ACCESS, // This variable is volatile. 43 | sizeof (SecViolation), 44 | (UINT8 *)&SecViolation 45 | ); 46 | DEBUG ((DEBUG_INFO, "Detected SecureBootFail (2)\n")); 47 | } else { 48 | Status = EFI_SUCCESS; 49 | } 50 | 51 | return Status; 52 | } 53 | 54 | /** 55 | Set the Reboot Reason 56 | 57 | @param[in] RebootStatus Reboot Status from BDS 58 | 59 | @retval EFI_SUCCESS Set reboot reason successfully 60 | @retval !EFI_SUCCESS Failed to set reboot reason 61 | **/ 62 | EFI_STATUS 63 | SetRebootReason ( 64 | IN EFI_STATUS RebootStatus 65 | ) 66 | { 67 | CHAR8 *RebootReason; 68 | EFI_STATUS Status; 69 | 70 | if (EFI_SECURITY_VIOLATION == RebootStatus) { 71 | Status = UpdateSecureBootViolation (RebootStatus); 72 | RebootReason = MSP_REBOOT_REASON_SETUP_SEC_FAIL; 73 | } else if (OEM_REBOOT_TO_SETUP_KEY == RebootStatus) { 74 | RebootReason = MSP_REBOOT_REASON_SETUP_KEY; 75 | } else if (OEM_REBOOT_TO_SETUP_OS == RebootStatus) { 76 | RebootReason = MSP_REBOOT_REASON_SETUP_OS; 77 | } else if (EFI_ERROR (RebootStatus)) { 78 | RebootReason = MSP_REBOOT_REASON_SETUP_BOOTFAIL; 79 | } else { 80 | RebootReason = MSP_REBOOT_REASON_SETUP_NONE; 81 | } 82 | 83 | Status = gRT->SetVariable ( 84 | MSP_REBOOT_REASON_VAR_NAME, 85 | &gOemBootNVVarGuid, 86 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, 87 | MSP_REBOOT_REASON_LENGTH, 88 | RebootReason 89 | ); 90 | if (EFI_ERROR (Status)) { 91 | DEBUG ((DEBUG_ERROR, "%a unable to update RebootReason. Code=%r\n", __FUNCTION__, Status)); 92 | } 93 | 94 | DEBUG ((DEBUG_INFO, "%a new reboot reason is %a. Code=%r\n", __FUNCTION__, RebootReason, Status)); 95 | 96 | return Status; 97 | } 98 | 99 | /** 100 | Remove reboot reason 101 | 102 | @retval EFI_SUCCESS Cleaned Reboot reason successfully 103 | @retval !EFI_SUCCESS Failed to clean Reboot reason 104 | **/ 105 | EFI_STATUS 106 | EFIAPI 107 | ClearRebootReason ( 108 | VOID 109 | ) 110 | { 111 | EFI_STATUS Status; 112 | 113 | Status = gRT->SetVariable ( 114 | MSP_REBOOT_REASON_VAR_NAME, 115 | &gOemBootNVVarGuid, 116 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE, 117 | 0, 118 | NULL 119 | ); 120 | return Status; 121 | } 122 | 123 | /** 124 | Read reboot reason 125 | 126 | @param[out] Buffer Buffer to hold returned data 127 | @param[in, out] BufferSize Input as available data buffer size, output as data 128 | size filled 129 | 130 | @retval EFI_SUCCESS Fetched version information successfully 131 | @retval !EFI_SUCCESS Failed to fetch version information 132 | **/ 133 | EFI_STATUS 134 | EFIAPI 135 | GetRebootReason ( 136 | OUT UINT8 *Buffer, OPTIONAL 137 | IN OUT UINTN *BufferSize 138 | ) 139 | { 140 | EFI_STATUS Status; 141 | 142 | if ((BufferSize == NULL) || 143 | ((*BufferSize != 0) && (Buffer == NULL))) 144 | { 145 | Status = EFI_INVALID_PARAMETER; 146 | goto Done; 147 | } 148 | 149 | if (*BufferSize < MSP_REBOOT_REASON_LENGTH) { 150 | *BufferSize = MSP_REBOOT_REASON_LENGTH; 151 | Status = EFI_BUFFER_TOO_SMALL; 152 | goto Done; 153 | } 154 | 155 | *BufferSize = MSP_REBOOT_REASON_LENGTH; 156 | Status = gRT->GetVariable ( 157 | MSP_REBOOT_REASON_VAR_NAME, 158 | &gOemBootNVVarGuid, 159 | NULL, 160 | BufferSize, 161 | Buffer 162 | ); 163 | 164 | Done: 165 | return Status; 166 | } 167 | 168 | /** 169 | Get the current Reboot Reason and update based on OS entry to FrontPage 170 | 171 | @retval EFI_SUCCESS Updated reboot reason successfully 172 | @retval !EFI_SUCCESS Failed to update reboot reason 173 | **/ 174 | EFI_STATUS 175 | EFIAPI 176 | UpdateRebootReason ( 177 | VOID 178 | ) 179 | { 180 | UINTN DataSize; 181 | UINT64 OsIndication; 182 | CHAR8 RebootReason[MSP_REBOOT_REASON_LENGTH + 1] = MSP_REBOOT_REASON_SETUP_NONE; 183 | EFI_STATUS Status; 184 | 185 | DataSize = MSP_REBOOT_REASON_LENGTH; 186 | Status = gRT->GetVariable ( 187 | MSP_REBOOT_REASON_VAR_NAME, 188 | &gOemBootNVVarGuid, 189 | NULL, 190 | &DataSize, 191 | RebootReason 192 | ); 193 | if (EFI_ERROR (Status) && (EFI_NOT_FOUND != Status)) { 194 | DEBUG ((DEBUG_ERROR, "%a error reading RebootReason. Code = %r\n", __FUNCTION__, Status)); 195 | } else { 196 | if ((RebootReason[0] == 'B') && (RebootReason[1] == 'S')) { 197 | Status = UpdateSecureBootViolation (EFI_SECURITY_VIOLATION); 198 | } 199 | 200 | // Check for OS Indications to set FrontPage icon if there is no other reboot reason 201 | // 202 | if (RebootReason[0] != 'B') { 203 | OsIndication = 0; 204 | DataSize = sizeof (UINT64); 205 | Status = gRT->GetVariable ( 206 | EFI_OS_INDICATIONS_VARIABLE_NAME, 207 | &gEfiGlobalVariableGuid, 208 | NULL, 209 | &DataSize, 210 | &OsIndication 211 | ); 212 | 213 | if ((DataSize == sizeof (OsIndication)) && 214 | ((OsIndication & EFI_OS_INDICATIONS_BOOT_TO_FW_UI) != 0)) 215 | { 216 | Status = SetRebootReason (OEM_REBOOT_TO_SETUP_OS); 217 | } 218 | } 219 | } 220 | 221 | DEBUG ((DEBUG_INFO, "%a current reboot reason is %a. Code=%r\n", __FUNCTION__, RebootReason, Status)); 222 | return Status; 223 | } 224 | -------------------------------------------------------------------------------- /OemPkg/Library/MsNVBootReasonLib/MsNVBootReasonLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Library to provide interface on Reboot Reason non volatile variables 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010005 11 | BASE_NAME = MsNVBootReasonLib 12 | FILE_GUID = 4D3B9FF6-5790-4781-8D72-257A006C842A 13 | MODULE_TYPE = DXE_DRIVER 14 | VERSION_STRING = 1.0 15 | LIBRARY_CLASS = MsNVBootReasonLib|DXE_DRIVER UEFI_APPLICATION 16 | 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 21 | # 22 | 23 | [Sources] 24 | MsNVBootReasonLib.c 25 | 26 | [Packages] 27 | MdePkg/MdePkg.dec 28 | PcBdsPkg/PcBdsPkg.dec 29 | OemPkg/OemPkg.dec 30 | MsCorePkg/MsCorePkg.dec 31 | MdeModulePkg/MdeModulePkg.dec 32 | 33 | [LibraryClasses] 34 | UefiRuntimeServicesTableLib 35 | DebugLib 36 | 37 | [Protocols] 38 | 39 | [Guids] 40 | gOemBootNVVarGuid 41 | 42 | [Pcd] 43 | -------------------------------------------------------------------------------- /OemPkg/Library/MsSecureBootModeSettingLib/MsSecureBootModeSettingLib.inf: -------------------------------------------------------------------------------- 1 | ## @file MsSecureBootModeSettingLib.inf 2 | # 3 | # Copyright (C) Microsoft Corporation. All rights reserved. 4 | # SPDX-License-Identifier: BSD-2-Clause-Patent 5 | # 6 | # Library to support Secure Boot Settings (get/set) 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = MsSecureBootModeSettingLib 13 | FILE_GUID = A5498DCA-6F34-4080-ABCF-DE9C05C334DE 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = MsSecureBootModeSettingLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER 17 | CONSTRUCTOR = MsSecureBootModeSettingLibConstructor 18 | # 19 | # The following information is for reference only and not required by the build tools. 20 | # 21 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 22 | # 23 | 24 | [Sources] 25 | SecureBootModeSetting.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | OemPkg/OemPkg.dec 30 | MsCorePkg/MsCorePkg.dec 31 | DfciPkg/DfciPkg.dec 32 | SecurityPkg/SecurityPkg.dec 33 | 34 | [LibraryClasses] 35 | DebugLib 36 | UefiBootServicesTableLib 37 | UefiRuntimeServicesTableLib 38 | BaseLib 39 | BaseMemoryLib 40 | UefiLib 41 | PcdLib 42 | SecureBootVariableLib 43 | MuSecureBootKeySelectorLib 44 | SecureBootKeyStoreLib 45 | 46 | [Guids] 47 | 48 | [Protocols] 49 | gDfciSettingsProviderSupportProtocolGuid 50 | 51 | [FeaturePcd] 52 | gDfciPkgTokenSpaceGuid.PcdSettingsManagerInstallProvider 53 | 54 | [Pcd] 55 | 56 | [Depex] 57 | TRUE 58 | -------------------------------------------------------------------------------- /OemPkg/Library/MuUefiVersionLib/MuUefiVersionLib.inf: -------------------------------------------------------------------------------- 1 | ## 2 | # @file Library to provide platform version information 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010005 11 | BASE_NAME = MuUefiVersionLib 12 | FILE_GUID = 287318BB-52BD-427A-929F-C4B6A0AD3E7E 13 | MODULE_TYPE = BASE 14 | VERSION_STRING = 1.0 15 | LIBRARY_CLASS = MuUefiVersionLib 16 | 17 | # 18 | # The following information is for reference only and not required by the build 19 | # tools. 20 | # 21 | # VALID_ARCHITECTURES = IA32 X64 22 | # 23 | 24 | [Sources] 25 | MuUefiVersionLib.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | PcBdsPkg/PcBdsPkg.dec 30 | OemPkg/OemPkg.dec 31 | 32 | [LibraryClasses] 33 | BaseLib 34 | DebugLib 35 | PrintLib 36 | PcdLib 37 | 38 | [Protocols] 39 | 40 | [Guids] 41 | 42 | [Pcd] 43 | gOemPkgTokenSpaceGuid.PcdUefiVersionNumber 44 | gOemPkgTokenSpaceGuid.PcdUefiBuildDate 45 | 46 | [Depex] 47 | TRUE 48 | -------------------------------------------------------------------------------- /OemPkg/Library/OemMfciLib/OemMfciLibDxe.c: -------------------------------------------------------------------------------- 1 | /* @file OemMfciLibDxe.c 2 | 3 | MFCI based library instance for system mode related functions for 4 | configuration modules on QEMU Q35 platform. 5 | 6 | Copyright (c) Microsoft Corporation. 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | 9 | **/ 10 | #include <PiDxe.h> 11 | #include <MfciPolicyType.h> 12 | #include <OemMfciDefines.h> 13 | #include <Protocol/MfciProtocol.h> 14 | 15 | #include <Library/DebugLib.h> 16 | #include <Library/UefiBootServicesTableLib.h> 17 | #include <Library/OemMfciLib.h> 18 | 19 | MFCI_PROTOCOL *mMfciPolicyProtocol = NULL; 20 | 21 | /** 22 | Library function to register a callback when the operation mode encounters 23 | a transition. 24 | 25 | The registered callbacks will be dispatched at gMsStartOfBdsNotifyGuid event 26 | prior to EndOfDxe. 27 | 28 | @param[in] Callback Pointer to the callback function being registered. 29 | 30 | @retval EFI_SUCCESS Callback was successfully registered. 31 | @retval EFI_ALREADY_STARTED We have passed EndOfDxe and this callback no longer 32 | makes sense. 33 | @retval Others Callback registration failed. 34 | 35 | **/ 36 | EFI_STATUS 37 | EFIAPI 38 | RegisterMfciOperationModeChangeNotifyCallback ( 39 | IN MFCI_POLICY_CHANGE_CALLBACK Callback 40 | ) 41 | { 42 | EFI_STATUS Status; 43 | 44 | // First, locate the required protocol, if not already available 45 | if (mMfciPolicyProtocol == NULL) { 46 | Status = gBS->LocateProtocol (&gMfciProtocolGuid, NULL, (VOID **)&mMfciPolicyProtocol); 47 | if (EFI_ERROR (Status)) { 48 | DEBUG ((DEBUG_ERROR, "%a Failed to locate MFCI Protocol - %r!!!\n", __FUNCTION__, Status)); 49 | goto Exit; 50 | } 51 | } 52 | 53 | // Then we can get to the real work... 54 | Status = mMfciPolicyProtocol->RegisterMfciPolicyChangeCallback (mMfciPolicyProtocol, Callback); 55 | if (EFI_ERROR (Status)) { 56 | // Failed to register this callback, propagate the error code to caller. 57 | DEBUG ((DEBUG_ERROR, "%a Failed to register MFCI change callback - %r!!!\n", __FUNCTION__, Status)); 58 | goto Exit; 59 | } 60 | 61 | Exit: 62 | return Status; 63 | } 64 | 65 | /** 66 | * Inspect whether the current operation mode is categorized as manufacturing mode. 67 | * 68 | * @param[out] OperationMode 64 bit value from MFCI framework, indicating the current operation mode 69 | * 70 | * @return OEM_UEFI_CUSTOMER_MODE Current mode is customer mode. 71 | * @return OEM_UEFI_MANUFACTURING_MODE Current operation mode is manufacturing mode. 72 | */ 73 | OEM_UEFI_OPERATION_MODE 74 | EFIAPI 75 | GetMfciSystemOperationMode ( 76 | VOID 77 | ) 78 | { 79 | EFI_STATUS Status; 80 | MFCI_POLICY_TYPE CurrentMfciPolicy; 81 | OEM_UEFI_OPERATION_MODE Result; 82 | 83 | // First, locate the required protocol. 84 | if (mMfciPolicyProtocol == NULL) { 85 | Status = gBS->LocateProtocol (&gMfciProtocolGuid, NULL, (VOID **)&mMfciPolicyProtocol); 86 | if (EFI_ERROR (Status)) { 87 | // If we can't locate the protocol we need to default to the CUSTOMER mode to be on the safe side. 88 | DEBUG ((DEBUG_ERROR, "%a Failed to locate MFCI Protocol - %r!!!\n", __FUNCTION__, Status)); 89 | Result = OEM_UEFI_CUSTOMER_MODE; 90 | goto Exit; 91 | } 92 | } 93 | 94 | // Check the OEM Manufacturing mode state bit in the 64 bit MFCI Policy. 95 | CurrentMfciPolicy = mMfciPolicyProtocol->GetMfciPolicy (mMfciPolicyProtocol); 96 | if (CurrentMfciPolicy & OEM_MFCI_STATE_MFG_MODE) { 97 | // UEFI is in Manufacturing mode 98 | Result = OEM_UEFI_MANUFACTURING_MODE; 99 | goto Exit; 100 | } else { 101 | // UEFI is in Customer mode. 102 | Result = OEM_UEFI_CUSTOMER_MODE; 103 | goto Exit; 104 | } 105 | 106 | Exit: 107 | return Result; 108 | } 109 | -------------------------------------------------------------------------------- /OemPkg/Library/OemMfciLib/OemMfciLibDxe.inf: -------------------------------------------------------------------------------- 1 | ## @file OemMfciLibDxe.inf 2 | # 3 | # MFCI based library instance for system mode related functions for 4 | # configuration modules. 5 | # 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | # 9 | ## 10 | 11 | 12 | [Defines] 13 | INF_VERSION = 0x00010017 14 | BASE_NAME = OemMfciLibDxe 15 | FILE_GUID = 484BDBBF-9589-4CCE-996F-BB22618055EB 16 | VERSION_STRING = 1.0 17 | MODULE_TYPE = DXE_DRIVER 18 | LIBRARY_CLASS = OemMfciLib 19 | 20 | # 21 | # The following information is for reference only and not required by the build tools. 22 | # 23 | # VALID_ARCHITECTURES = ANY 24 | # 25 | 26 | [Sources] 27 | OemMfciLibDxe.c 28 | 29 | [LibraryClasses] 30 | UefiBootServicesTableLib 31 | DebugLib 32 | 33 | [Packages] 34 | MdePkg/MdePkg.dec 35 | MfciPkg/MfciPkg.dec 36 | OemPkg/OemPkg.dec 37 | 38 | [Protocols] 39 | gMfciProtocolGuid ## CONSUMES 40 | 41 | [Depex] 42 | gMfciProtocolGuid 43 | -------------------------------------------------------------------------------- /OemPkg/Library/OemMfciLib/OemMfciLibPei.c: -------------------------------------------------------------------------------- 1 | /* @file OemMfciLibPei.c 2 | 3 | MFCI based library instance for system mode related functions for 4 | configuration modules on QEMU Q35 platform. 5 | 6 | Copyright (c) Microsoft Corporation. 7 | SPDX-License-Identifier: BSD-2-Clause-Patent 8 | 9 | **/ 10 | #include <PiPei.h> 11 | #include <OemMfciDefines.h> 12 | #include <Ppi/MfciPolicyPpi.h> 13 | 14 | #include <Library/DebugLib.h> 15 | #include <Library/PeiServicesLib.h> 16 | #include <Library/OemMfciLib.h> 17 | 18 | /** 19 | * Inspect whether the current operation mode is categorized as manufacturing mode. 20 | * 21 | * @param[out] OperationMode 64 bit value from MFCI framework, indicating the current operation mode 22 | * 23 | * @return OEM_UEFI_CUSTOMER_MODE Current mode is customer mode. 24 | * @return OEM_UEFI_MANUFACTURING_MODE Current operation mode is manufacturing mode. 25 | */ 26 | OEM_UEFI_OPERATION_MODE 27 | EFIAPI 28 | GetMfciSystemOperationMode ( 29 | VOID 30 | ) 31 | { 32 | EFI_STATUS Status; 33 | MFCI_POLICY_PPI *MfciPpi; 34 | MFCI_POLICY_TYPE CurrentMfciPolicy; 35 | OEM_UEFI_OPERATION_MODE Result; 36 | 37 | // First, locate the required PPI. 38 | Status = PeiServicesLocatePpi (&gMfciPpiGuid, 0, NULL, (VOID **)&MfciPpi); 39 | if (EFI_ERROR (Status)) { 40 | // If we can't locate the PPI we need to default to the CUSTOMER mode to be on the safe side. 41 | DEBUG ((DEBUG_ERROR, "%a Failed to locate MFCI PPI - %r!!!\n", __FUNCTION__, Status)); 42 | Result = OEM_UEFI_CUSTOMER_MODE; 43 | goto Exit; 44 | } 45 | 46 | // Check the OEM Manufacturing mode state bit in the 64 bit MFCI Policy. 47 | CurrentMfciPolicy = MfciPpi->GetMfciPolicy (MfciPpi); 48 | if (CurrentMfciPolicy & OEM_MFCI_STATE_MFG_MODE) { 49 | // UEFI is in Manufacturing mode 50 | Result = OEM_UEFI_MANUFACTURING_MODE; 51 | goto Exit; 52 | } else { 53 | // UEFI is in Customer mode. 54 | Result = OEM_UEFI_CUSTOMER_MODE; 55 | goto Exit; 56 | } 57 | 58 | Exit: 59 | return Result; 60 | } 61 | -------------------------------------------------------------------------------- /OemPkg/Library/OemMfciLib/OemMfciLibPei.inf: -------------------------------------------------------------------------------- 1 | ## @file OemMfciLibPei.inf 2 | # 3 | # MFCI based library instance for system mode related functions for 4 | # configuration modules. 5 | # 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | # 9 | ## 10 | 11 | 12 | [Defines] 13 | INF_VERSION = 0x00010017 14 | BASE_NAME = OemMfciLibPei 15 | FILE_GUID = 7822FA17-4EFA-4BFB-8CB5-CD08F0C44408 16 | VERSION_STRING = 1.0 17 | MODULE_TYPE = PEIM 18 | LIBRARY_CLASS = OemMfciLib 19 | 20 | # 21 | # The following information is for reference only and not required by the build tools. 22 | # 23 | # VALID_ARCHITECTURES = ANY 24 | # 25 | 26 | [Sources] 27 | OemMfciLibPei.c 28 | 29 | [LibraryClasses] 30 | PeiServicesLib 31 | DebugLib 32 | 33 | [Packages] 34 | MdePkg/MdePkg.dec 35 | MfciPkg/MfciPkg.dec 36 | OemPkg/OemPkg.dec 37 | 38 | [Ppis] 39 | gMfciPpiGuid ## CONSUMES 40 | 41 | [Depex] 42 | gMfciPpiGuid 43 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordPolicyLib/PasswordPolicyInternal.h: -------------------------------------------------------------------------------- 1 | /** @file -- PasswordPolicyInternal.h 2 | 3 | Internal password structure for password hash. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef _PASSWORD_POLICY_INTERNAL_H_ 11 | #define _PASSWORD_POLICY_INTERNAL_H_ 12 | 13 | #pragma pack(1) 14 | 15 | // This structure is required to be at the top of all password entries. 16 | typedef struct { 17 | UINT16 Version; 18 | } PASSWORD_HASH_HEADER; 19 | 20 | // 21 | // Version 1 Definitions 22 | // 23 | #define PRIVATE_HASH_VER_1_VERSION 1 24 | #define PRIVATE_HASH_VER_1_HASH_DIGEST_SIZE SHA256_DIGEST_SIZE 25 | #define PRIVATE_HASH_VER_1_SALT_SIZE 32 26 | #define PRIVATE_HASH_VER_1_ITERATION_COUNT 60000 // Tuned for ~0.5 sec computation. 27 | #define PRIVATE_HASH_VER_1_KEY_SIZE 40 28 | 29 | typedef struct { 30 | UINT32 DeletedHash; 31 | } PASSWORD_HASH_DELETED; 32 | 33 | typedef struct { 34 | PASSWORD_HASH_HEADER Header; 35 | UINT8 Salt[PRIVATE_HASH_VER_1_SALT_SIZE]; 36 | UINT8 Key[PRIVATE_HASH_VER_1_KEY_SIZE]; 37 | } PRIVATE_HASH_VER_1; 38 | 39 | #define PRIVATE_HASH_VER_1_VERSION_SIZE sizeof(PRIVATE_HASH_VER_1) 40 | 41 | #pragma pack() 42 | 43 | // Special version for Deleting a password 44 | #define PASSWORD_HASH_VER_DELETE 0xADDEADDE // Version reserved for deleting a password 45 | #define PASSWORD_HASH_VER_DELETE_SIZE sizeof(UINT32) 46 | 47 | // 48 | // Definitions for working with password tests. 49 | // 50 | typedef UINT32 PW_TEST_BITMAP; 51 | #define PW_TEST_STRING_NULL (1 << 0) 52 | #define PW_TEST_STRING_TOO_SHORT (1 << 1) 53 | #define PW_TEST_STRING_TOO_LONG (1 << 2) 54 | #define PW_TEST_STRING_INVALID_CHAR (1 << 3) 55 | // 56 | // Data Store Union - A structure large enough to hold any password store. 57 | // 58 | typedef union { 59 | UINT8 HashBytes; 60 | PASSWORD_HASH_DELETED Deleted; 61 | PASSWORD_HASH_HEADER Hdr; 62 | PRIVATE_HASH_VER_1 Ver1; 63 | } INTERNAL_PASSWORD_HASH; 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordPolicyLib/PasswordPolicyLib.inf: -------------------------------------------------------------------------------- 1 | ## @file PasswordPolicyLib.inf 2 | # 3 | # Library to support Password hashes 4 | # 5 | # Copyright (C) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = PasswordPolicyLib 13 | FILE_GUID = 6917de11-041a-483f-980f-4018ffc33368 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = PasswordPolicyLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 21 | # 22 | 23 | [Sources] 24 | PasswordPolicyInternal.h 25 | PasswordPolicyLib.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | CryptoPkg/CryptoPkg.dec 30 | MsCorePkg/MsCorePkg.dec 31 | OemPkg/OemPkg.dec 32 | 33 | [LibraryClasses] 34 | BaseLib 35 | BaseCryptLib 36 | BaseMemoryLib 37 | DebugLib 38 | MemoryAllocationLib 39 | 40 | [Guids] 41 | gEfiRngAlgorithmSp80090Ctr256Guid 42 | gEfiRngAlgorithmSp80090Hmac256Guid 43 | gEfiRngAlgorithmSp80090Hash256Guid 44 | 45 | [Protocols] 46 | gMuPKCS5PasswordHashProtocolGuid 47 | gEfiRngProtocolGuid 48 | 49 | [FeaturePcd] 50 | 51 | [Pcd] 52 | 53 | [Depex] 54 | TRUE 55 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordPolicyLibNull/PasswordPolicyLibNull.c: -------------------------------------------------------------------------------- 1 | /** @file PasswordPolicyLib.c 2 | 3 | Library to support password hashes. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #include <PiDxe.h> 11 | 12 | #include <Library/PasswordPolicyLib.h> 13 | 14 | /** 15 | Copies a password to a buffer, but will only copy the maximum 16 | characters. Always places a NULL terminator at the end of the 17 | output string. 18 | 19 | NOTE: Buffer MUST be at least PW_MAX_LENGTH + 1 in length. 20 | 21 | @param[out] Buffer Pointer to an output buffer for the final password. 22 | MUST be at least PW_MAX_LENGTH + 1 of CHAR16 in size. 23 | @param[in] BufferLength Length of the output buffer (in CHAR16s). 24 | @param[in] Password Pointer to the password to be copied. 25 | 26 | @retval EFI_SUCCESS String copied. 27 | @retval EFI_BUFFER_TOO_SMALL Buffer cannot hold a max-length password. 28 | 29 | **/ 30 | EFI_STATUS 31 | EFIAPI 32 | PasswordPolicySafeCopyPassword ( 33 | OUT CHAR16 *Buffer, 34 | IN UINTN BufferLength, 35 | IN CONST CHAR16 *Password 36 | ) 37 | { 38 | return EFI_UNSUPPORTED; 39 | } // PasswordPolicySafeCopyPassword() 40 | 41 | /** 42 | Takes in a buffer and destroys the data within it. 43 | 44 | @param[in] Data Pointer to the buffer in question. 45 | @param[in] Size Size of Data. 46 | 47 | **/ 48 | VOID 49 | EFIAPI 50 | PasswordPolicyCleansePwBuffer ( 51 | IN CHAR16 *Data, 52 | IN UINTN Size 53 | ) 54 | { 55 | return; 56 | } // PasswordPolicyCleansePwBuffer() 57 | 58 | /** 59 | Public interface for validating password strings. 60 | 61 | Will evaluate all current password strength/validity requirements and 62 | return a BOOLEAN for whether the password is valid. Also uses an optional 63 | pointer to return a bitmap of which tests failed. 64 | 65 | NOTE: Returns FALSE on NULL strings. 66 | 67 | @param[in] String CHAR16 pointer to the string that's being evaluated. 68 | @param[out] Failures [Optional] Pointer to a UINT32 that will have bits (defined 69 | in PasswordPolicyLib.h) set according to which tests may have failed. 70 | If NULL, will not return a test bitmap and will fail ASAP. 71 | 72 | @retval TRUE Password is valid. "Failures" should be 0. 73 | @retval FALSE Password is invalid. "Failures" will have bits set for which tests failed. 74 | 75 | **/ 76 | BOOLEAN 77 | EFIAPI 78 | PasswordPolicyIsPwStringValid ( 79 | IN CONST CHAR16 *String, 80 | OUT PW_TEST_BITMAP *Failures OPTIONAL 81 | ) 82 | { 83 | return FALSE; 84 | } // PasswordPolicyIsPwStringValid() 85 | 86 | /** 87 | Public interface for validating a password hash. 88 | 89 | Will run internal checks on the password hash to verify that it has a supported 90 | version and proper length. 91 | 92 | @param[in] PasswordHash Pointer to the buffer containing the hash 93 | @param[in] PasswordHashSize Size of the buffer containing the hash. 94 | 95 | @retval EFI_SUCCESS Requested operation has been successfully performed. 96 | @retval EFI_INVALID_PARAMETER There is something wrong with the formatting of 97 | the password hash. 98 | 99 | **/ 100 | EFI_STATUS 101 | EFIAPI 102 | PasswordPolicyValidatePasswordHash ( 103 | IN CONST PASSWORD_HASH PasswordHash, 104 | IN UINTN PasswordHashSize 105 | ) 106 | { 107 | return EFI_UNSUPPORTED; 108 | } 109 | 110 | /** 111 | Public interface for generating the password hash. 112 | 113 | Will run internal checks on the password before setting it. Returns an 114 | error if the password cannot be set. 115 | 116 | @param[in] OldSalt Pass in old PASSWORD_HASH to use the existing salt 117 | @param[in] Password Pointer to a buffer containing the clear text password. 118 | If Password == NULL, generate a no-password "hash" 119 | @param[out] PasswordHash Pointer to a pointer that will contain the address of the password hash 120 | OldSalt == NULL : Version, Salt, and Key fields stored. 121 | OldSalt != NULL : Key field updated using existing Version and Salt. 122 | @param[out] PasswordHashSize Pointer where to store the new has size 123 | 124 | @retval EFI_SUCCESS Requested operation has been successfully performed. 125 | @retval EFI_INVALID_PARAMETER There is something wrong with the formatting of 126 | the NewPassword. 127 | @retval <other> Something else went wrong with the internal logic. 128 | 129 | **/ 130 | EFI_STATUS 131 | EFIAPI 132 | PasswordPolicyGeneratePasswordHash ( 133 | IN CONST PASSWORD_HASH OldSalt OPTIONAL, 134 | IN CONST CHAR16 *Password OPTIONAL, 135 | OUT PASSWORD_HASH *PasswordHash, 136 | OUT UINTN *PasswordHashSize 137 | ) 138 | { 139 | return EFI_UNSUPPORTED; 140 | } // PasswordSupportGeneratePasswordHash() 141 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordPolicyLibNull/PasswordPolicyLibNull.inf: -------------------------------------------------------------------------------- 1 | ## @file PasswordPolicyLibNull.inf 2 | # 3 | # NULL Library to support Password hashes 4 | # 5 | # Copyright (C) Microsoft Corporation. All rights reserved. 6 | # SPDX-License-Identifier: BSD-2-Clause-Patent 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = PasswordPolicyLib 13 | FILE_GUID = d288a9ad-d990-4594-a9bf-60d435b75471 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = PasswordPolicyLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER 17 | # 18 | # The following information is for reference only and not required by the build tools. 19 | # 20 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 21 | # 22 | 23 | [Sources] 24 | PasswordPolicyLibNull.c 25 | 26 | [Packages] 27 | MdePkg/MdePkg.dec 28 | OemPkg/OemPkg.dec 29 | 30 | [LibraryClasses] 31 | BaseLib 32 | DebugLib 33 | 34 | [Guids] 35 | 36 | [Protocols] 37 | 38 | [FeaturePcd] 39 | 40 | [Pcd] 41 | 42 | [Depex] 43 | TRUE 44 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordStoreLib/PasswordStoreInternal.h: -------------------------------------------------------------------------------- 1 | /** @file -- PasswordStoreLib.h 2 | 3 | Interfaces to the password store. 4 | 5 | Copyright (C) Microsoft Corporation. All rights reserved. 6 | SPDX-License-Identifier: BSD-2-Clause-Patent 7 | 8 | **/ 9 | 10 | #ifndef __PASSWORD_STORE_INTERNAL_H__ 11 | #define __PASSWORD_STORE_INTERNAL_H__ 12 | 13 | /** 14 | Performs any initialization that is necessary for the functions in this 15 | library to behave as expected. 16 | 17 | Only necessary to run once per boot. 18 | Published as a public function so that it can be invoked in a useful driver. 19 | 20 | @retval EFI_SUCCESS Initialization is complete. 21 | @retval Others Something went wrong. Investigate further. 22 | 23 | **/ 24 | EFI_STATUS 25 | EFIAPI 26 | PasswordStoreInitializeLib ( 27 | VOID 28 | ); 29 | 30 | /** 31 | Deletes all passwords and resets password infrastructure to factory condition. 32 | Published as a public function so that it can be invoked in a useful driver. 33 | 34 | @retval EFI_SUCCESS Reset is complete. 35 | @retval Others Something went wrong. Investigate further. 36 | 37 | **/ 38 | EFI_STATUS 39 | EFIAPI 40 | PasswordStoreResetPasswordLib ( 41 | VOID 42 | ); 43 | 44 | #endif // _PASSWORD_STORE_INTERNAL_H_ 45 | -------------------------------------------------------------------------------- /OemPkg/Library/PasswordStoreLib/PasswordStoreLib.inf: -------------------------------------------------------------------------------- 1 | ## @file PasswordStoreLib.inf 2 | # 3 | # Copyright (C) Microsoft Corporation. All rights reserved. 4 | # SPDX-License-Identifier: BSD-2-Clause-Patent 5 | # 6 | # Manages storage location for the platform ADMIN Password. 7 | # 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = PasswordStoreLib 13 | FILE_GUID = 3993a5d4-5c7a-4eb2-a2ab-43968e4453f7 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | LIBRARY_CLASS = PasswordStoreLib|DXE_DRIVER UEFI_APPLICATION UEFI_DRIVER 17 | CONSTRUCTOR = PasswordStoreLibConstructor 18 | # 19 | # The following information is for reference only and not required by the build tools. 20 | # 21 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 22 | # 23 | 24 | [Sources] 25 | PasswordStoreLib.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | MsCorePkg/MsCorePkg.dec 30 | DfciPkg/DfciPkg.dec 31 | OemPkg/OemPkg.dec 32 | 33 | [LibraryClasses] 34 | BaseLib 35 | BaseMemoryLib 36 | DebugLib 37 | PasswordPolicyLib 38 | UefiLib 39 | UefiBootServicesTableLib 40 | UefiRuntimeServicesTableLib 41 | 42 | [Guids] 43 | gOemPkgPasswordStoreVarGuid 44 | 45 | [Protocols] 46 | 47 | [FeaturePcd] 48 | 49 | [Pcd] 50 | 51 | [Depex] 52 | gEfiVariableWriteArchProtocolGuid AND gEfiVariableArchProtocolGuid 53 | -------------------------------------------------------------------------------- /OemPkg/Library/UpdateFacsHardwareSignatureLib/UpdateFacsHardwareSignatureLib.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Update FACS Hardware Signature library definition. A device can implement 3 | # instances to support device specific behavior. 4 | # 5 | # Note: This library instance assumes system settings are stored using DFCI in 6 | # a variable called L"DfciSettingsCurrent". If that variable is not present, 7 | # the hardware signature will fail to be calculated properly and a different 8 | # library instance of UpdateFacsHardwareSignatureLib should be used. 9 | # 10 | # Copyright (C) Microsoft Corporation. All rights reserved. 11 | # SPDX-License-Identifier: BSD-2-Clause-Patent 12 | ## 13 | 14 | [Defines] 15 | EDK_RELEASE_VERSION = 0x00020000 16 | INF_VERSION = 0x00010017 17 | BASE_NAME = UpdateFacsHardwareSignatureLib 18 | FILE_GUID = ce08016b-8d1d-41df-b300-f9d0a2c328e4 19 | VERSION_STRING = 1.0 20 | MODULE_TYPE = DXE_DRIVER 21 | UEFI_SPECIFICATION_VERSION = 2.70 22 | LIBRARY_CLASS = UpdateFacsHardwareSignatureLib|DXE_DRIVER 23 | 24 | [Sources] 25 | UpdateFacsHardwareSignatureLib.c 26 | 27 | [Packages] 28 | MdePkg/MdePkg.dec 29 | MdeModulePkg/MdeModulePkg.dec 30 | MsCorePkg/MsCorePkg.dec 31 | DfciPkg/DfciPkg.dec 32 | PcBdsPkg/PcBdsPkg.dec 33 | 34 | [LibraryClasses] 35 | DebugLib 36 | MemoryAllocationLib 37 | MuUefiVersionLib 38 | UefiBootServicesTableLib 39 | UefiRuntimeServicesTableLib 40 | 41 | [Guids] 42 | gDfciSettingsManagerVarNamespace 43 | 44 | [Protocols] 45 | gEfiAcpiSdtProtocolGuid ## CONSUMES 46 | gEfiPciIoProtocolGuid ## CONSUMES -------------------------------------------------------------------------------- /OemPkg/OemConfigPolicyCreatorPei/OemConfigPolicyCreatorPei.inf: -------------------------------------------------------------------------------- 1 | ## @file OemConfigPolicyCreatorPei.inf 2 | # 3 | # This module receives the static platform data for a platform and creates a config policy. It is intended to run 4 | # before a platform level Silicon Policy Creator that maps this config policy to silicon policy. 5 | # 6 | # Copyright (C) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | ## 9 | 10 | [Defines] 11 | INF_VERSION = 0x00010017 12 | BASE_NAME = OemConfigPolicyCreatorPei 13 | FILE_GUID = E0AD89AA-0499-49A7-90BF-77C5A71307B1 14 | MODULE_TYPE = PEIM 15 | VERSION_STRING = 1.0 16 | ENTRY_POINT = OemConfigPolicyCreatorPeiEntry 17 | 18 | [Sources] 19 | OemConfigPolicyCreatorPei.c 20 | 21 | [Packages] 22 | MdePkg/MdePkg.dec 23 | MdeModulePkg/MdeModulePkg.dec 24 | PolicyServicePkg/PolicyServicePkg.dec 25 | SetupDataPkg/SetupDataPkg.dec 26 | OemPkg/OemPkg.dec 27 | 28 | [LibraryClasses] 29 | PeimEntryPoint 30 | PeiServicesLib 31 | DebugLib 32 | ConfigVariableListLib 33 | ConfigKnobShimLib 34 | SafeIntLib 35 | ActiveProfileIndexSelectorLib 36 | PolicyLib 37 | 38 | [Ppis] 39 | gPeiPolicyPpiGuid ## CONSUMES 40 | gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES 41 | 42 | [Guids] 43 | gOemConfigPolicyGuid # Guid that config policy is filed under 44 | gOemConfigMetadataPolicyGuid # Guid that config metadata policy is filed under 45 | 46 | [Depex] 47 | gPeiPolicyPpiGuid AND # Needed to file config policy 48 | gEfiPeiReadOnlyVariable2PpiGuid # Needed to query variable storage 49 | -------------------------------------------------------------------------------- /OemPkg/OemPkg.ci.yaml: -------------------------------------------------------------------------------- 1 | ## 2 | # CI configuration for MsWheaPkg 3 | # 4 | # Copyright (c) Microsoft Corporation 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | ## 7 | { 8 | "PrEval": { 9 | "DscPath": "OemPkg.dsc", 10 | }, 11 | ## options defined ci/Plugin/CompilerPlugin 12 | "CompilerPlugin": { 13 | "DscPath": "OemPkg.dsc" 14 | }, 15 | ## options defined ci/Plugin/CharEncodingCheck 16 | "CharEncodingCheck": { 17 | "IgnoreFiles": [] 18 | }, 19 | ## options defined ci/Plugin/DependencyCheck 20 | "DependencyCheck": { 21 | "AcceptableDependencies": [ 22 | "MdePkg/MdePkg.dec", 23 | "MdeModulePkg/MdeModulePkg.dec", 24 | "MsCorePkg/MsCorePkg.dec", 25 | "MsGraphicsPkg/MsGraphicsPkg.dec", 26 | "PcBdsPkg/PcBdsPkg.dec", 27 | "DfciPkg/DfciPkg.dec", 28 | "SecurityPkg/SecurityPkg.dec", 29 | "CryptoPkg/CryptoPkg.dec", 30 | "OemPkg/OemPkg.dec", 31 | "MsWheaPkg/MsWheaPkg.dec", 32 | "MfciPkg/MfciPkg.dec", 33 | "ShellPkg/ShellPkg.dec", 34 | "PolicyServicePkg/PolicyServicePkg.dec", 35 | "SetupDataPkg/SetupDataPkg.dec" 36 | ], 37 | "AcceptableDependencies-HOST_APPLICATION":[ # for host based unit tests 38 | "MdePkg/MdePkg.dec", 39 | "MdeModulePkg/MdeModulePkg.dec", 40 | "MsCorePkg/MsCorePkg.dec", 41 | "MsGraphicsPkg/MsGraphicsPkg.dec", 42 | "PcBdsPkg/PcBdsPkg.dec", 43 | "OemPkg/OemPkg.dec" 44 | ], 45 | "IgnoreInf": [] 46 | }, 47 | ## options defined ci/Plugin/DscCompleteCheck 48 | "DscCompleteCheck": { 49 | "IgnoreInf": [], 50 | "DscPath": "OemPkg.dsc" 51 | }, 52 | ## options defined ci/Plugin/GuidCheck 53 | "GuidCheck": { 54 | "IgnoreGuidName": [], 55 | "IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"], 56 | "IgnoreFoldersAndFiles": [], 57 | "IgnoreDuplicates": [] 58 | }, 59 | ## options defined ci/Plugin/LibraryClassCheck 60 | "LibraryClassCheck": { 61 | "IgnoreLibraryClass": [], 62 | "IgnoreHeaderFile": [] 63 | }, 64 | ## options defined ci/Plugin/SpellCheck 65 | "SpellCheck": { 66 | "IgnoreStandardPaths": [ # Standard Plugin defined paths that should be ignore 67 | ], 68 | "IgnoreFiles": [ # use gitignore syntax to ignore errors in matching files 69 | ], 70 | "ExtendWords": [ # words to extend to the dictionary for this package 71 | "IDCANCEL", # Used in FrontPage dialogs. 72 | "OKCANCEL", 73 | "IDTRYAGAIN", 74 | "blitting", 75 | "FrontPage", 76 | "fltused", 77 | "MSLOGO", 78 | "PCINFO", 79 | "MFRAME", 80 | "Passw", # Partial string for password name. Actual name is Passw0rd. 81 | "OEM's", 82 | "Bootxxxx", 83 | "SECUREBOOT", 84 | "bootaa", 85 | "bootx", 86 | ], 87 | "AdditionalIncludePaths": [] # Additional paths to spell check relative to package root (wildcards supported) 88 | } 89 | } -------------------------------------------------------------------------------- /OemPkg/OemPkg.dec: -------------------------------------------------------------------------------- 1 | ## @file 2 | # Component declaration file for the oem sample package. 3 | # 4 | # Copyright (C) Microsoft Corporation. All rights reserved. 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | DEC_SPECIFICATION = 0x00010005 11 | PACKAGE_NAME = OemPkg 12 | PACKAGE_GUID = 1CF89F9A-7C15-4702-A4D9-933B6C49D9AF 13 | PACKAGE_VERSION = 0.1 14 | 15 | [Includes] 16 | Include 17 | 18 | [LibraryClasses] 19 | ## @libraryclass Provides the password rules and hashing 20 | # 21 | PasswordPolicyLib|Include/Library/PasswordPolicyLib.h 22 | 23 | ## @libraryclass Provides the abstracted MFCI policy query function 24 | # 25 | OemMfciLib|Include/Library/OemMfciLib.h 26 | 27 | ## @libraryclass Provides the abstracted MFCI policy query and notification registration function 28 | # 29 | OemMfciDxeLib|Include/Library/OemMfciDxeLib.h 30 | 31 | [Guids] 32 | # {B20F1063-8C75-4A83-BFE0-969EFB5AF0AA} 33 | gOemPkgTokenSpaceGuid = { 0xB20F1063, 0x8C75, 0x4A83, { 0xBF, 0xE0, 0x96, 0x9E, 0xFB, 0x5A, 0xF0, 0xAA } } 34 | 35 | # 36 | # Guid for Alt Boot tracking variables namespace 37 | # 38 | gAltBootGuid = {0x26D75FF0, 0xD5CD, 0x49EC, {0x80, 0x92, 0xF8, 0xEC, 0x4D, 0x18, 0xEF, 0x33}} 39 | 40 | # 41 | # Guid for FrontPage NV variable 42 | # 9B09B8C1-3CC0-4F3B-A6CB-A0214B7F4C63 43 | gOemBootNVVarGuid = { 0x9b09b8c1, 0x3cc0, 0x4f3b, { 0xa6, 0xcb, 0xa0, 0x21, 0x4b, 0x7f, 0x4c, 0x63 } } 44 | 45 | gFrontPageResetGuid = {0xa6fa93d3, 0x9e09, 0x4192, {0x84, 0x79, 0xf0, 0x81, 0x29, 0x6f, 0x74, 0xde}} 46 | 47 | # Include/Guid/PasswordStoreVariable.h 48 | gOemPkgPasswordStoreVarGuid = {0xa2ee0f0b, 0xac46, 0x436e, {0xaf, 0xe6, 0x40, 0x60, 0xee, 0x63, 0xd6, 0xa2} } 49 | 50 | # Oem Config Policy Guid 51 | gOemConfigPolicyGuid = { 0xba320ade, 0xe132, 0x4c99, { 0xa3, 0xdf, 0x74, 0xd6, 0x73, 0xea, 0x6f, 0x76 } } 52 | 53 | # 54 | # Guid that the config metadata policy is registered under 55 | # 44E9778F-3DAF-46BA-B186-784D0B055072 56 | gOemConfigMetadataPolicyGuid = { 0x44e9778f, 0x3daf, 0x46ba, { 0xb1, 0x86, 0x78, 0x4d, 0x0b, 0x05, 0x50, 0x72 } } 57 | 58 | [Protocols] 59 | gMsButtonServicesProtocolGuid = { 0xe0084c50, 0x3efd, 0x43f7, { 0x88, 0xdf, 0x19, 0x4d, 0xf2, 0xd1, 0x60, 0xf0 }} 60 | 61 | gMsFrontPageAuthTokenProtocolGuid = { 0xed285037, 0x228b, 0x4d48, { 0xad, 0xa0, 0x8b, 0x1, 0x8a, 0xcf, 0xef, 0xb1 }} 62 | 63 | [PcdsFixedAtBuild] 64 | gOemPkgTokenSpaceGuid.PcdUefiVersionNumber |00000000|UINT32|0x00000001 65 | gOemPkgTokenSpaceGuid.PcdUefiBuildDate |00000000|UINT32|0x00000002 66 | 67 | ## 68 | # POST background color (default: black). 69 | # 70 | gOemPkgTokenSpaceGuid.PcdPostBackgroundColor|0x0|UINT32|0x00000003 71 | 72 | ## FFS filename to find the default BMP Logo file. 73 | # @Prompt FFS Name of Boot Logo File 74 | gOemPkgTokenSpaceGuid.PcdLogoFile |{ 0x99, 0x8b, 0xB2, 0x7B, 0xBB, 0x61, 0xD5, 0x11, 0x9A, 0x5D, 0x00, 0x90, 0x27, 0x3F, 0xC1, 0x4D }|VOID*|0x00000004 75 | 76 | ## FFS filename to find the Too Hot BMP file. 77 | # {7C3A8851-A6D2-445B-A53B-155F867AB4DA} 78 | gOemPkgTokenSpaceGuid.PcdThermalFile |{ 0x51, 0x88, 0x3A, 0x7C, 0xD2, 0xA6, 0x5B, 0x44, 0xA5, 0x3B, 0x15, 0x5F, 0x86, 0x7A, 0xB4, 0xDA }|VOID*|0x00000005 79 | 80 | ## FFS filename to find the Low Battery BMP file. 81 | # {D2AF039E-9F1F-4616-97AF-BE4509A365EA} 82 | gOemPkgTokenSpaceGuid.PcdLowBatteryFile |{ 0x9E, 0x03, 0xAF, 0xD2, 0x1F, 0x9F, 0x16, 0x46, 0x97, 0xAF, 0xBE, 0x45, 0x09, 0xA3, 0x65, 0xEA }|VOID*|0x00000006 83 | 84 | ## FFS filename to find the Front Page Title Bar BMP file. 85 | # {afdaeab5-3f81-934e-8ee3-228434ba283d} 86 | gOemPkgTokenSpaceGuid.PcdFrontPageLogoFile |{ 0xb5, 0xea, 0xda, 0xaf, 0x81, 0x3f, 0x93, 0x4e, 0x8e, 0xe3, 0x22, 0x84, 0x34, 0xba, 0x28, 0x3d } | VOID* | 0x00000007 87 | 88 | ## FFS filename to find the No Boot BMP file. 89 | # {f1e7a352-46ae-4912-af92-36ab51781d8e} 90 | gOemPkgTokenSpaceGuid.PcdBootFailIndicatorFile |{ 0x52, 0xa3, 0xe7, 0xf1, 0xae, 0x46, 0x12, 0x49, 0x92, 0xaf, 0x36, 0xab, 0x51, 0x78, 0x1d, 0x8e }|VOID*|0x00000008 91 | 92 | ## FFS filename to find the Firmware Settings BMP file. 93 | # {4f7fe6d5-b396-40f9-9246-7a8e4a821720 } 94 | gOemPkgTokenSpaceGuid.PcdFirmwareSettingsIndicatorFile | { 0xd5, 0xe6, 0xfe, 0x4f, 0x96, 0xb3, 0xf9, 0x40, 0x92, 0x46, 0x7a, 0x8e, 0x4a, 0x82, 0x17, 0x20 }|VOID*|0x00000009 95 | 96 | ## FFS filename to find the Volume Up BMP file. 97 | # {ae2d011c-4128-4960-a536-b424ccc3d1ea} 98 | gOemPkgTokenSpaceGuid.PcdVolumeUpIndicatorFile |{ 0x1c, 0x01, 0x2d, 0xae, 0x28, 0x41, 0x60, 0x49, 0xa5, 0x36, 0xb4, 0x24, 0xcc, 0xc3, 0xd1, 0xea }|VOID*|0x0000000A 99 | 100 | # The number of attempts the user has to type in the password. 101 | # If the number of attempts is exceeded, a message dialog is displayed, and 102 | # then user can access the front page as a limited user. 103 | # If set to 0 gives an unlimited number of attempts. 104 | gOemPkgTokenSpaceGuid.PcdMaxPasswordAttempts|0x3|UINT8|0x0000000B 105 | 106 | ## Pcd for ActiveProfileIndexSelectorPcdLib to query ActiveProfileIndex from 107 | # MAX_UINT32 indicates the default profile 108 | gOemPkgTokenSpaceGuid.PcdActiveProfileIndex|0xffffffff|UINT32|0x0000000C 109 | -------------------------------------------------------------------------------- /OemPkg/Override/MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf: -------------------------------------------------------------------------------- 1 | ## @file 2 | # This module produces Boot Manager Policy protocol. 3 | # 4 | # Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> 5 | # SPDX-License-Identifier: BSD-2-Clause-Patent 6 | # 7 | ## 8 | 9 | [Defines] 10 | INF_VERSION = 0x00010005 11 | BASE_NAME = BootManagerPolicyDxe 12 | MODULE_UNI_FILE = BootManagerPolicyDxe.uni 13 | FILE_GUID = A1BB8452-623A-410F-A72F-53A7E98EC94B 14 | MODULE_TYPE = DXE_DRIVER 15 | VERSION_STRING = 1.0 16 | ENTRY_POINT = BootManagerPolicyInitialize 17 | 18 | # 19 | # The following information is for reference only and not required by the build tools. 20 | # 21 | # VALID_ARCHITECTURES = IA32 X64 EBC 22 | # 23 | 24 | # This driver 1. satisfies the NetworkDependency Protocol, 2. does a ConnectAll to insure the network stack and related devices start. 25 | # The override is here in case TianoCore changes the other functionality of the original driver. 26 | #Override : 00000002 | MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.inf | 1394582abed01310637425761cf02e4e | 2022-02-06T04-32-51 | 683ed68b7ecab2be6740359535a52a3ea086dd8a 27 | 28 | 29 | [Sources] 30 | BootManagerPolicyDxe.c 31 | 32 | 33 | [Packages] 34 | MdePkg/MdePkg.dec 35 | MdeModulePkg/MdeModulePkg.dec 36 | PcBdsPkg/PcBdsPkg.dec 37 | 38 | [LibraryClasses] 39 | BaseMemoryLib 40 | MemoryAllocationLib 41 | UefiLib 42 | DevicePathLib 43 | DebugLib 44 | UefiDriverEntryPoint 45 | UefiBootServicesTableLib 46 | UefiRuntimeServicesTableLib 47 | UefiBootManagerLib 48 | 49 | [Guids] 50 | gEfiBootManagerPolicyConnectAllGuid ## CONSUMES ## GUID 51 | gEfiBootManagerPolicyNetworkGuid ## CONSUMES ## GUID 52 | gEfiBootManagerPolicyConsoleGuid ## CONSUMES ## GUID 53 | 54 | [Protocols] 55 | gEfiManagedNetworkServiceBindingProtocolGuid ## CONSUMES 56 | gEfiBootManagerPolicyProtocolGuid ## PRODUCES 57 | gMsNetworkDelayProtocolGuid ## PRODUCES ## MS_CHANGE 58 | 59 | [Depex] 60 | TRUE 61 | 62 | [UserExtensions.TianoCore."ExtraFiles"] 63 | BootManagerPolicyDxeExtra.uni 64 | -------------------------------------------------------------------------------- /OemPkg/Override/MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxe.uni: -------------------------------------------------------------------------------- 1 | // /** @file 2 | // This module produces Boot Manager Policy protocol. 3 | // 4 | // Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> 5 | // SPDX-License-Identifier: BSD-2-Clause-Patent 6 | // 7 | // **/ 8 | 9 | 10 | #string STR_MODULE_ABSTRACT #language en-US "This module produces Boot Manager Policy protocol" 11 | 12 | #string STR_MODULE_DESCRIPTION #language en-US "This module produces Boot Manager Policy protocol, which is used by EFI Applications to request the UEFI Boot Manager to connect devices using platform policy." 13 | 14 | -------------------------------------------------------------------------------- /OemPkg/Override/MdeModulePkg/Universal/BootManagerPolicyDxe/BootManagerPolicyDxeExtra.uni: -------------------------------------------------------------------------------- 1 | // /** @file 2 | // This module produces Boot Manager Policy protocol. 3 | // 4 | // Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> 5 | // 6 | // SPDX-License-Identifier: BSD-2-Clause-Patent 7 | // 8 | // **/ 9 | 10 | #string STR_PROPERTIES_MODULE_NAME 11 | #language en-US 12 | "Boot Manager Policy DXE Driver" 13 | 14 | 15 | -------------------------------------------------------------------------------- /Readme.rst: -------------------------------------------------------------------------------- 1 | ================================ 2 | Project Mu Oem Sample Repository 3 | ================================ 4 | 5 | ============================= ================= =============== =================== 6 | Host Type & Toolchain Build Status Test Status Code Coverage 7 | ============================= ================= =============== =================== 8 | Windows_VS_ |WindowsCiBuild| |WindowsCiTest| |WindowsCiCoverage| 9 | Ubuntu_GCC5_ |UbuntuCiBuild| |UbuntuCiTest| |UbuntuCiCoverage| 10 | ============================= ================= =============== =================== 11 | 12 | This repository is part of Project Mu. Please see Project Mu for details https://microsoft.github.io/mu 13 | 14 | Branch Status - release/202502 15 | ============================== 16 | 17 | :Status:git 18 | In Development 19 | 20 | :Entered Development: 21 | 2025/02/21 (Date Edk2 started accepting changes which were not in a previous release) 22 | 23 | 24 | :Anticipated Stabilization: 25 | May 2025 26 | 27 | 28 | Breaking Changes-dev 29 | -------------------- 30 | 31 | 32 | Main Changes-dev 33 | ---------------- 34 | - OemPkg: OemPkg.dsc Removed StackCheckLib instance since it should be included via MdeLibs.dsc.inc 35 | 36 | 37 | Code of Conduct 38 | =============== 39 | 40 | This project has adopted the Microsoft Open Source Code of Conduct https://opensource.microsoft.com/codeofconduct/ 41 | 42 | For more information see the Code of Conduct FAQ https://opensource.microsoft.com/codeofconduct/faq/ 43 | or contact `opencode@microsoft.com <mailto:opencode@microsoft.com>`_. with any additional questions or comments. 44 | 45 | Contributions 46 | ============= 47 | 48 | Contributions are always welcome and encouraged! 49 | Please open any issues in the Project Mu GitHub tracker and read https://microsoft.github.io/mu/How/contributing/ 50 | 51 | 52 | Copyright & License 53 | =================== 54 | 55 | | Copyright (C) Microsoft Corporation 56 | | SPDX-License-Identifier: BSD-2-Clause-Patent 57 | 58 | .. =================================================================== 59 | .. This is a bunch of directives to make the README file more readable 60 | .. =================================================================== 61 | 62 | .. CoreCI 63 | 64 | .. _Windows_VS: https://dev.azure.com/projectmu/mu/_build/latest?definitionId=47&&branchName=release%2F202502 65 | .. |WindowsCiBuild| image:: https://dev.azure.com/projectmu/mu/_apis/build/status/CI/OEM%20Sample/Mu%20OEM%20Sample%20-%20CI%20-%20Windows%20VS?repoName=microsoft%2Fmu_oem_sample&branchName=release%2F202502 66 | .. |WindowsCiTest| image:: https://img.shields.io/azure-devops/tests/projectmu/mu/47.svg 67 | .. |WindowsCiCoverage| image:: https://img.shields.io/badge/coverage-coming_soon-blue 68 | 69 | .. _Ubuntu_GCC5: https://dev.azure.com/projectmu/mu/_build/latest?definitionId=48&&branchName=release%2F202502 70 | .. |UbuntuCiBuild| image:: https://dev.azure.com/projectmu/mu/_apis/build/status/CI/OEM%20Sample/Mu%20OEM%20Sample%20-%20CI%20-%20GCC5?repoName=microsoft%2Fmu_oem_sample&branchName=release%2F202502 71 | .. |UbuntuCiTest| image:: https://img.shields.io/azure-devops/tests/projectmu/mu/48.svg 72 | .. |UbuntuCiCoverage| image:: https://img.shields.io/badge/coverage-coming_soon-blue 73 | 74 | .. |build_status_windows| image:: https://img.shields.io/badge/build-coming_soon-red 75 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Project Mu Security Policy 2 | 3 | Project Mu is an open source firmware project that is leveraged by and combined into 4 | other projects to build the firmware for a given product. We build and maintain this 5 | code with the intent that any consuming projects can use this code as-is. If features 6 | or fixes are necessary we ask that they contribute them back to the project. **But**, that 7 | said, in the firmware ecosystem there is a lot of variation and differentiation, and 8 | the license in this project allows flexibility for use without contribution back to 9 | Project Mu. Therefore, any issues found here may or may not exist in products using Project Mu. 10 | 11 | ## Supported Versions 12 | 13 | Due to the usage model we generally only supply fixes to the most recent release branch (or main). 14 | For a serious vulnerability we may patch older release branches. 15 | 16 | ## Additional Notes 17 | 18 | Project Mu contains code that is available and/or originally authored in other 19 | repositories (see <https://github.com/tianocore/edk2> as one such example). For any 20 | vulnerability found, we may be subject to their security policy and may need to work 21 | with those groups to resolve amicably and patch the "upstream". This might involve 22 | additional time to release and/or additional confidentiality requirements. 23 | 24 | ## Reporting a Vulnerability 25 | 26 | **Please do not report security vulnerabilities through public GitHub issues.** 27 | 28 | Instead please use **Github Private vulnerability reporting**, which is enabled for each Project Mu 29 | repository. This process is well documented by github in their documentation [here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). 30 | 31 | This process will allow us to privately discuss the issue, collaborate on a solution, and then disclose the vulnerability. 32 | 33 | ## Preferred Languages 34 | 35 | We prefer all communications to be in English. 36 | 37 | ## Policy 38 | 39 | Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd). 40 | -------------------------------------------------------------------------------- /pip-requirements.txt: -------------------------------------------------------------------------------- 1 | ## @file 2 | # EDK II Python PIP requirements file 3 | # 4 | # This file provides the list of python components to install using PIP. 5 | # 6 | # Copyright (c) Microsoft Corporation. 7 | # SPDX-License-Identifier: BSD-2-Clause-Patent 8 | # 9 | # https://pypi.org/project/pip/ 10 | # https://pip.pypa.io/en/stable/user_guide/#requirements-files 11 | # https://pip.pypa.io/en/stable/reference/pip_install/#requirements-file-format 12 | # https://www.python.org/dev/peps/pep-0440/#version-specifiers 13 | ## 14 | 15 | edk2-pytool-library~=0.23.2 16 | edk2-pytool-extensions~=0.29.2 17 | antlr4-python3-runtime==4.13.2 18 | regex==2024.11.6 19 | pygount==3.1.0 20 | --------------------------------------------------------------------------------