patina-v19.0.0

What's Changed

• patina\_performance: Update the FBPT buffer size from 64KB to 256KB @liqiqiii (#1196)
  
  Change Details

    ## Description

  patina_performance: Update the FBPT buffer size from 64KB to 256KB
  After updating the perf record struct to improve debuggability, we need to update the record buffer size to make sure we can still log all entries. The new buffer size should be able to log 10000 entries, which should be enough for most platforms.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested with real hardware, before change I can get 3700 entries and there will be 1000 error msgs of Performance: FBPT is full, can't add more performance records !.
  After this change, it will no longer be seen in the UEFI log and I can get 4700 entries correctly.
  

  
  

  ---

  
  

• patina\_test: Support multiple event triggers @Javagedes (#1194)
  
  Change Details

    ## Description

  This commit does two things:

  1. Adds support for multiple event triggers
  2. Improves the ability to test macros by moving the feature flag conditional to a layer above, so we can consistently test the macro functionality, regardless of feature flags set.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI

  Integration Instructions

  patina tests can now be annotated with multiple triggers:

  #[patina_test]
  #[on(timer = 1000000)]
  #[on(event = patina::guids::EVENT_GROUP_END_OF_DXE)]
  fn multi_triggered_test_case() -> Result {
    todo!()
  }

    </blockquote>
    <hr>
  </details>
  

• debug\_image\_info\_table: rework atomics and add tests. @joschock (#1188)
  
  Change Details

    ## Description

  This change switches the METADATA global static to use RwLock instead of AtomicPtr and adds some comments and tests to the module.

  Closes #1187

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Confirmed Patina debugger operation on x86_64 QEMU. Confirmed that !monitor system_table_ptr and !monitor mod list work as expected.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• patina\_dxe\_core: image.rs: Improve usage of safe abstractions @Javagedes (#1177)
  
  Change Details

    ## Description

  This pull request updates image.rs to use more rust abstractions over the more low-level / raw pointer usage we were using before. While this pull request will be squashed, each commit is cleanly broken out into it's own change. It is suggested to review this PR commit by commit.

  Commit 1: This commit updates the hii_resource_section to be stored in an Option<Box<[u8]>> created via the CoreMemoryManager and the MemoryManager trait rather than a Option<*mut [u8]>. This allows us to remove multiple fields from PrivateImageData that existed purely to manually free the pages when dropped and simplify the management of this field.

  Commit 2:: This commit updates the loaded image buffer to be stored in a Box<[u8]> created via the CoreMemoryManager and the MemoryManager trait for the same reasons as Commit 1.

  Commit 3: This commit updates the ImageStack struct to be a Box<[u8]> created via the CoreMemoryManager and the MemoryManager trait for the same reasons as Commit 1.

  Commit 4: This commit removes the unnecessary image_info_ptr field, which is just a pointer to the image_info: Box<efi::protocols::loaded_image::Protocol>, field. We instead get the pointer directly from the Box.

  Commit 5: This commit updates the image_device_path_ptr to store an Option<Box<[u8]>> rather than a *mut c_void and cleanly manages the lifetime of this data rather then leaking it. NOTE: This commit has a bugfix to re-insert the private_image_data if we fail to uninstall either the loaded_image or loaded_image_device_path protocols for a reason other than NotFound.

  Commit 6: This commit simply pulls out the exit_data as a new struct so that we can mark Send + Sync on only that field. This is to eventually be able to remove the blanket Send + Sync implementation on the DxeCoreGlobalImageData struct.

  Commit 7: Adds tests

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  All CI passes. Continue to boot to shell on Q35

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• Remove stale markdownlint configuration file @makubacki (#1184)
  
  Change Details

    ## Description

  This file is no longer needed as the project has moved to using a synced file from patina-devops called .markdownlint.yaml.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • Run markdownlint

  Integration Instructions

  • N/A
    

  
  

  ---

• Minor Fix: Print size of loaded image @vineelko (#1172)
  
  Change Details

    ## Description

  • Including the image size helps when inspecting memory in the debugger.
  • This is especially useful when loading symbols on demand in lldb.
    --
  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  booted q35 to shell

  Integration Instructions

  NA
  

  
  

  ---

  
  

• Use a lower minimum expansion size for non-BS Data memory types @makubacki (#1169)
  
  Change Details

    ## Description

  Replace the MIN_EXPANSION constant with memory-type-specific expansion sizes to optimize memory usage. Boot Services Data allocators now use HIGH_TRAFFIC_ALLOC_MIN_EXPANSION (1MB), runtime memory types use LOW_TRAFFIC_RUNTIME_ALLOC_MIN_EXPANSION (uses runtime granularity), and other types use LOW_TRAFFIC_ALLOC_MIN_EXPANSION (page size / 4KB).

  ---

  A few other changes are included to better separate these allocator types:

  1. Do not have UefiAllocator directly depend on SpinLockedFixedSizeBlockAllocator. Instead take the parameter as a generic type to decouple the types.
  2. Add a PageAllocator trait that defines the interface UefiAllocator needs to use an allocator. Have SpinLockedFixedSizeBlockAllocator implement this trait.
  3. Because the SpinLockedFixedSizeBlockAllocator type is no longer fixed (e.g. SpinLockedFixedSizeBlockAllocator<A> vs SpinLockedFixedSizeBlockAllocator<B>), a single static array cannot be used to hold all of the static allocators. This change adds a macro module to hold macros that make iterating across the diverse allocator types more ergonomic.

  ---

  A follow up change will be made to simplify overall allocator design and management, tracked in #1174.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • QEMU platform boot to EFI shell

  Integration Instructions

  • N/A
    

  
  

  ---

• Rework memory\_attributes\_table to remove the MEMORY\_ATTRIBUTES\_TABLE static @joschock (#1173)
  
  Change Details

    ## Description

  Remove MEMORY_ATTRIBUTES_TABLE global static - the pointer in question is stored in the global configuration table. Instead of keeping a duplicate copy, use the entry in the global table.

  • adjust core_install_configuration_table return value to include the old pointer if the table is removed or modified.
  • add get_configuration_table API to return a pointer from the configuration table for the given vendor guid.
  • rework MAT logic to use the config table exclusively.
  • Replace POST_RTB atomic bool with Once and add a TestOnce capability for test support to allow resetting the Once for testing purposes.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  ...

patina-v18.1.0

What's Changed

• [REBASE\&FF] Log bad components rather than panic @Javagedes (#1153)
  
  Change Details

    ## Description

  This change updates the logic of component initialization to track a component that failed to initialize, and log it towards the end of boot, rather than panic on debug builds or possibly have UB on release builds.

  Example output:

  INFO - WARN - Components not dispatched:
  INFO - WARN - ------------------------------- -------------------------------------------------
  INFO - WARN - name                            error message
  INFO - WARN - qemu_q35_dxe_core::BadComponent ConflictingParam Param Conflicts with everything.
  

  Note: While tests still need to be written, this is ready for review.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  1. CI passes
  2. Created a test parameter that alwys fails to initialize. Ensured it was logged during boot
  3. Q35 continues to boot.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• [REBASE \& FF] Implement reloading the core through the debugger @cfernald (#1157)
  
  Change Details

    ## Description

  patina_dxe_core: Add support for reloading the core from the debugger

  This commit implements a new feature that allows the Patina core to be
  reloaded from the debugger without needing a full system reboot or reflash.
  This is particularly useful for development and debugging, as it enables
  rapid iteration on core changes. This feature is intended to be coordinated
  from the UefiExt debugger extension. This feature is experimental and
  is likely to evolve and change.

  patina_debugger: Send nack packet on debugger reset

  When a error occurs, it may because a packet was a packet was corrupted
  or partially received. In this case, it is better to send a NACK packet
  to the host to request a retransmission, rather than sending a stop code.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Q35
  • SBSA
  • Intel Platform

  Integration Instructions

  Platforms may add the debugger_reload feature from patina_dxe_core to enable this feature.

    </blockquote>
    <hr>
  </details>
  

• patina\_debugger: Implement single register access @cfernald (#1151)
  
  Change Details

    ## Description

  Implement the single register read and write functionality for the debugger target. Windbg uses the P<index:value> packets for write altered register instead of sending the full register context every time.

  This resolves an issue where register edits appear to work, until the resume where the edits are lost.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on Q35 & SBSA

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

📖 Documentation Updates

• [REBASE \& FF] Implement reloading the core through the debugger @cfernald (#1157)
  
  Change Details

    ## Description

  patina_dxe_core: Add support for reloading the core from the debugger

  This commit implements a new feature that allows the Patina core to be
  reloaded from the debugger without needing a full system reboot or reflash.
  This is particularly useful for development and debugging, as it enables
  rapid iteration on core changes. This feature is intended to be coordinated
  from the UefiExt debugger extension. This feature is experimental and
  is likely to evolve and change.

  patina_debugger: Send nack packet on debugger reset

  When a error occurs, it may because a packet was a packet was corrupted
  or partially received. In this case, it is better to send a NACK packet
  to the host to request a retransmission, rather than sending a stop code.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Q35
  • SBSA
  • Intel Platform

  Integration Instructions

  Platforms may add the debugger_reload feature from patina_dxe_core to enable this feature.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: patina-v18.0.0...v18.1.0

patina-v18.0.0

What's Changed

• Switch AtomicPtr to spin::Once primitives for managing architectural protocol pointers in misc\_boot\_services. @joschock (#1155)
  
  Change Details

    ## Description

  Switches out AtomicPtr for spin::Once primitives for managing architectural protocol pointers in misc_boot_services.

  While this still relies on underlying atomics in spin::Once, it provides semantics that better match the usage model of these globals.

  Closes #1149

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Booted to OS on AARCH64 hardware.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

⚠️ Breaking Changes

• TplMutex: own BootServices instead of borrowing @kat-perez (#1147)
  
  Change Details

    ## Description

  This eliminates the lifetime parameter from TplMutex, removing the need for unsafe lifetime casts when creating static TplMutex instances.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  cargo make all

  Integrated this branch into patina-dxe-core-qemu and tested that it boots to UEFI shell in patina-qemu

  Integration Instructions

  Update all TplMutex::new call sites to pass an owned BootServices instead of a reference:

  // Before
  let mutex = TplMutex::new(&boot_services, Tpl::NOTIFY, data);
  
  // After
  let mutex = TplMutex::new(boot_services.clone(), Tpl::NOTIFY, data);
  

  Remove any 'static lifetime parameters from TplMutex type annotations:

  // Before
  TplMutex<'static, MyData, StandardBootServices>
  
  // After
  TplMutex<MyData, StandardBootServices>
  

    </blockquote>
    <hr>
  </details>
  

🐛 Bug Fixes

• [AArch64] Move hardware interrupt handlers to be guarded by per-handler RwLock @kuqin12 (#1165)
  
  Change Details

    ## Description

  The current code guards all the interrupt handlers in a common TPL mutex. This will have 2 side effects:

  1. All interrupt handlers will run under the TPL defined by the handler mutex, which is set to TPL_HIGH. This will prevent a lot of fundamental functionalities from core to panic;
  2. All interrupt IDs will be guarded by the same mutex, which could potentially run into re-entrant mutex access if a different interrupt comes in while the first interrupt is still being processed.

  This change moves the hardware interrupt handler to be guarded using per-handler RwLock to resolve above issues.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This change is tested on QEMU SBSA and physical platform.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• patina\_smbios: Fix protocol installation and cleanup implementation @kat-perez (#1112)
  
  Change Details

    ## Description Fixes SMBIOS protocol initialization to prevent allocation failures during SmbiosAdd() operations.

  What changed

  Fixed initialization order:

  • Allocate SMBIOS buffers before installing protocol (was failing when SmbiosAdd() called during install)
  • Publish initial table with Type 127 (End-Of-Table) marker immediately after protocol install
  • Subsequent SmbiosAdd() calls update buffer in-place

  C protocol compatibility improvements:

  • GetNext now returns pointers into the published table (not internal buffer), ensuring RecordA != RecordB for different records
  • Added checksum-based table integrity verification to detect direct modifications
  • Returns TableDirectlyModified error if published table was modified directly instead of using protocol APIs
  • Error message guides users to use Remove() + Add() or UpdateString() instead

  Safety improvements:

  • Scoped manager locks to prevent TplMutex re-entrant lock panic during republish
  • Use write_unaligned() for FFI pointer writes
  • Narrowed unsafe scopes in protocol layer

  Code cleanup:

  • Use MemoryManager service for allocations
  • Replace hard-coded sizes with SIZE_(n)KB constants
  • Enhanced error handling and debug_asserts

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Integrated with Tiano DXE Core to test C FFI protocol functions
  • Integrated with patched branch in patina-dxe-core-qemu to ensure it also works with Patina DXE Core
  • Verified direct modification detection with test in PatinaSmbiosDxe driver

  Integration Instructions

  N/A
  

  
  

  ---

  
  

Full Changelog: patina-v17.1.0...v18.0.0

patina-v17.1.0

What's Changed

• Add compile-time validation for Storage parameter conflicts @makubacki (#1158)
  
  Change Details

    ## Description

  Implement validation rules for component `Storage`` parameters that follow normal Rust borrowing semantics:

  • Allow multiple &Storage parameters (multiple immutable references)
  • Allow a single &mut Storage parameter (exclusive mutable reference)
  • Prevent mixing &Storage with &mut Storage
  • Prevent duplicate &mut Storage parameters

  Adds macro unit tests and UI compilation failure message tests.

  ---

  Note: This was not clearly handled in the past (since component inception). An error would have been thrown but it would have misrepresented the problem to a conflicting ConfigMut<T> instead of the real issue which is a conflicting &mut Storage parameter.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • QEMU platform boot

  Integration Instructions

  • N/A - These rules should already be followed by components
    

  
  

  ---

🚀 Features & ✨ Enhancements

• patina\_dxe\_core: PI dispatcher subsystem / removal of statics @Javagedes (#1121)
  
  Change Details

    ## Description

  This pull-request combines fv.rs and dispatcher.rs into a single module (pi_dispatcher) and removes the statics currently used in fv.rs and dispatcher.rs. This is a part of the work to remove all statics in patina_dxe_core.

  This also begins the work of removing any efiapi functions from the public interface and only making them available via system tables.

  There may be extra work in a separate PR to bring image.rs into the fold of pi_dispatcher.

  Reviewing This PR

  This PR, while it has a lot of LoC Changes, This is mainly due to the re-organization of dispatcher.rs and fv.rs. The main things to review, that actually changed are:

  1. fv.rs needs a complete review. This changed the internal data structure of the self-managed FV/FVB protocols and changed the interface for the Pure rust methods to use NonNull
  2. A new struct defintion inpi_dispatcher called PiDispatcher that has some abstractions over the DispatcherContext and FvData (Now called FvProtocolData) code
  3. Changes to all tests to create a static core and set it as the singleton instance for the test. This is unforuntely going to be necessary until we get the major systems like protocol db switched over.
  4. Minor changes to dxe_services.rs to account for needing to call Self::instance() in some efiapi functions.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI continues to pass. Boot to shell in Q35.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

🐛 Bug Fixes

• [AArch64] Fixing a SPI interrupt ID miscalculation @kuqin12 (#1156)
  
  Change Details

    ## Description

  The SPI interrupt ID range comes after the PPI range, which starts from 32. The current logic compensates this by subtracting the the starting index, however the subtraction expression is incorrect.

  This change fixed the index miscalculation.

  In addition, it also removes 2 redundant steps for setting the priority as it is already covered in gic setup step.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  This was tested on both QEMU SBSA and proprietary hardware platform, verified that the ARM watchdog timer can fire properly through the corresponding interrupt handler.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• patina\_debugger/x64: Fix FPU and ST register index calculation @makubacki (#1154)
  
  Change Details

    ## Description

  Correct the register ID offset calculation for FPU (registers 29-35) and ST (registers 36-44) to properly map to array indices 0-6 and 0-8 respectively.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

📖 Documentation Updates

• [REBASE \& FF] Add Stability Patina Tests @os-d (#1146)
  
  Change Details

    ## Description

  This PR adds stability tests to Patina DXE Core. It also adds timer based patina test dispatch.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on Q35 and SBSA.

  Integration Instructions

  See docs.
  

  
  

  ---

  
  

• patina\_mm: Include readme in module docs @Javagedes (#1139)
  
  Change Details

    ## Description

  1. It partially reworks the README to provide additional information and examples regarding both platform and component integration of patina_mm.
  2. It replaces the current crate-level module documentation with the readme. This has two effects: The first is that the examples provided in the readme are now tested and secondly the readme and module documentation will always match.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

Full Changelog: patina-v17.0.0...v17.1.0

patina-v17.0.0

What's Changed

• Update events::wait\_for\_event() semantics @joschock (#1140)
  
  Change Details

    ## Description

  Adjusts wait_for_event semantics to better match historical behavior of core:

  • make out_index parameter optional
  • invoke CPU sleep function during idle loop.

  Closes #791

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Boot to OS on AARCH64 hardware.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Make `create_performance_measurement` safer for internal (Rust) usage @berlin-with0ut-return (#1008)
  
  Change Details

    ## Description Removes raw pointers from `create_performance_measurement` and adds a `CallerIdentifier` enum to distinguish different perf id `caller_identifier` interpretations.

  The main goal of this PR is to make internal performance logging (ie through log_performance_measuresurement) use Rust-compliant interfaces like Option or enums instead of raw pointers, since raw pointers aren't necessary for the operation of internal performance instrumentation. The edk2 protocol interface remains unchanged.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?
  • Creates a new crate?

  How This Was Tested

  Boot and gather perf records on QEMU.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• Makefile.toml: Add doc test task to `all` [Rebase \& FF] @makubacki (#1141)
  
  Change Details

    ## Description

  Resolves #1125

  Add a new test-doc task that runs cargo test --doc and include it in the all task dependencies to ensure documentation tests are validated as part of the "all" flow.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make test-doc
  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

• patina\_debugger: Implement initial breakpoint timeout @cfernald (#1135)
  
  Change Details

    ## Description

  Implements a timeout for the initial breakpoint using a timer provided by the core. This allows for the platform to configure a timeout for the debugger to wait for a connection before proceeding with normal execution.

  This change also drops the notion that force_enable may not be used with a timeout. This may change when a runtime enablement story is further developed.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Manual tests on Q35

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• [patina\_dxe\_core] Safety comments for lib.rs @Raymond-MS (#1104)
  
  Change Details

    ## Description

  Updated lib.rs to include safety comments around unsafe blocks and added checks where necessary. Added test code for the updated function.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Built and ran with QEMU SBSA platform. Booted to UEFI shell successfully.

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• patina\_dxe\_core/fv: Fix `test_fv_functionality()` panic [Rebase \& FF] @makubacki (#1134)
  
  Change Details

    ## Description

  Fixes #1127

  Code is currently commented out in test_fv_functionality() that calls fv_read_file() with a non-null buffer and buffer size of zero.

  This change updates fv_read_file() to follow the same behavior as the C DXE Core FvReadFile() function in FwVolRead.c that will return BUFFER_TOO_SMALL in this scenario.

  Another difference in behavior is that if the caller provides a non-null buffer but a buffer size less than the file content size, the C implementation will truncate the copy size to the size provided and perform the copy with that size. To prevent further discrepancies between caller expectations, that change is made in a second commit.

  ---

  patina_dxe_core: Truncate copies in fv_read_file()

  Matches the C implementation more closely by performing truncated copies
  when the provided buffer is too small.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

• Remove debug asserts in tests [Rebase \& FF[ @makubacki (#1123)
  
  Change Details

    ## Description

  ---

  Note: The debug asserts in the component parameter validation code in the first phase of enforcing strong parameter validation as described in #1122.

  ---

  patina_dxe_core/image: Remove debug asserts from unit tests

  Closes #1108

  • Return EfiError::LoadError for an invalid HII resource section.
  • Remove complex logic in some unit tests for testing different
    conditions with debug asserts enabled or disabled.

  ---

  Remove debug_assert!() expectations in unit tests

  Debug assertions will no longer be enabled when running unit tests.

  While the assertions can still be used in the code, they are removed
  from unit test expectations.

  ---

  Disable debug assertions in the test profile

  Closes #1054

  To have unit tests stay focused on production expectations and
  reduce complexity in tests for managing debug assertions, debug
  assertions are disabled in the test profile.

  • Debug asserts may still be used but we're avoiding writing tests
    around them
  • Non-debug asserts may be used and tested in unit tests

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

• patina\_dxe\_core: Clean up HOB init flow @makubacki (#1120)
  
  Change Details

    ## Description

  The HOB list is relocated to DXE allocated memory shortly into DXE core entry. The Rust allocated HOB list is not binary compatible with the C HOB list. The Rust HOB list is a vector of references to HOB structures while the C hob list is a compact series of binary HOB structures.

  While the Rust HOB list is sufficient for most use cases that simply need information from the HOBs in a more type safe and ergonomic interface, there are still use cases that require binary compatibility of the HOB list such as placement of the HOB into the system table where it is discovered by other modules, including C modules.

  Today, this works because the HOB list pointer is directly passed to the system table initialization function where it is placed into the HOB list system table. This change relocates both HOB lists in the same place in the init_memory() function. Later DXE functionality consistently works on a relocated HOB list after init_memory() returns.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • QEMU SBSA and Q35 EFI shell boot

  Integration Instructions

  • N/A
    

  
  

  ---

• Move `serializable_fv` from readiness tool to `patina` @berlin-with0ut-return (#1116)
  
  Change Details

    ## Description As per https://github.com/OpenDevicePartnership/patina-readiness-tool/issues/26, move the `common` crate serializable structs to patina for consistency with `serializable_hob`.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Build and run readiness tool on Q35.

  Integration Instructions

  Depends on OpenDevicePartnership/patina-readiness-tool#32.
  

  
  

  ---

  
  

• patina\_dxe\_core: Create `cpu` module @Javagedes (#1115)
  
  Cha...

patina-v16.0.1

What's Changed

• Add test coverage for memory protection error handling @garybeihl (#1051)
  
  Change Details

    ## Description

  Task #1030 requests improved unit test coverage for memory protection error handling. This commit adds comprehensive test coverage for all three error paths introduced by #176, improving overall coverage metrics.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • All 387 tests pass successfully with no regressions.
  • Coverage verified with cargo llvm-cov

  Integration Instructions

  N/A if nothing is required.
  

  
  

  ---

  
  

• Section Extractor: Improve code coverage @vineelko (#1100)
  
  Change Details

    ## Description

  Added few basic unit tests to improve code coverage for Section Extractor

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  cargo make coverage

  Integration Instructions

  NA
  

  
  

  ---

  
  

• patina\_dxe\_core: Make GicBases a field struct @Javagedes (#1102)
  
  Change Details

    ## Description

  Updates GicBases and HwInterruptProtocolInstaller to be field structs instead of tuple structs

  Closes #1091

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• patina\_dxe\_core: Delete std example @Javagedes (#1101)
  
  Change Details

    ## Description

  This commit deletes the std example for reasoning described in #1090.

  closes #1090

  ref patina-devops removal of build command: OpenDevicePartnership/patina-devops#50

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

🐛 Bug Fixes

• patina\_dxe\_core: Do not wrap `set_hob_list` in debug\_assert @Javagedes (#1106)
  
  Change Details

    ## Description

  The compiler, on release builds, is removing the set_hob_list call due to being wrapped in a debug_assert. This results in in the hob list not being set, and us failing to get the hob list later. Due to lack to tests down the main setup code path, this was missed.

  This commit wraps the code in an assert instead and changes the interface.

  REF: OpenDevicePartnership/patina-qemu#86

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Boot to shell Q35 RELEASE

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• [Partial Revert]: Do not include the console logger for tests @vineelko (#1099)
  
  Change Details

    ## Description

  • The console logger was added to tests to improve code coverage for the log::* APIs in #1069.
  • However, the patina_dxe_core crate currently has a few tests (uefi_memory_map) that use their own logger for custom behavior.
  • Since both loggers end up in the same test binary (patina_dxe_core-0fa2c65cbd247021.exe), we cannot have two loggers in the same process (the uefi_memory_map logger initialization can panic if the console logger is already enabled).
  • Until we finalize a proper mechanism that supports both scenarios(code coverage + uefi_memory_map debug logs), this
    PR reverts the previously added console logger.

  ===

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  cargo make all

  Integration Instructions

  NA
  

  
  

  ---

  
  

Full Changelog: patina-v16.0.0...v16.0.1

patina-v16.0.0

What's Changed

• PE Image Load: Include image name on failure @vineelko (#1069)
  
  Change Details

    ## Description

  PE Image Load: Include image name on failure

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Validated on Q35

  Integration Instructions

  NA
  

  
  

  ---

  
  

• patina\_debugger: Switch breakpoint to be conditional @cfernald (#1087)
  
  Change Details

    ## Description

  The breakpoint always causing an exception may not be well understood and could lead to people leaving breakpoints in production code causing unexpected exceptions. This commit changes the existing breakpoint function to only trigger a breakpoint if the debugger is enabled, and renames the existing breakpoint function to breakpoint_unchecked to indicate that it will always trigger a breakpoint regardless of the debugger state.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Unit tests

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• Resolve issues with compiling on aarch64 hosts @cfernald (#1089)
  
  Change Details

    ## Description

  1. Resolves non-comprehensive conditional compilation causing compilation errors on aarch64 hosts for test.
  2. Disables testing failing on aarch64 hosts due to issue #1071.
  3. Fixes compiler warnings due to unused includes in aarch64 test compilation.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  CI tested

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

⚠️ Breaking Changes

• [REBASE\&FF] Move the `Core` to be 'static for the platform binary @Javagedes (#1049)
  
  Change Details

    ## Description

  This pull request implements the major breaking changes that will be introduced as a part of RFC #22. Overall, this pull request does the following things:

  1. This commit moves platform configuration of the core into the
     PlatformInfo trait. This trait has multiple type associations for
     configuring the different subsystems of the core. As of this commit
     the following type associations exist:
     • ComponentInfo used to attach and configure patina components to
       be dispatched by the core.
     • CpuInfo used to configure cpu releated functionality such as the
       GIC Bases for AARCH64 systems.
     • MemoryInfo used to configure memory related functionality such as
       prioritizing 32 bit memory allocations.
  2. It requires the core to be static within the platform binary and simplifies the initialization process for the platform.
  3. Updates all documentation to reflect the new interface

  Side Effects

  Due to the changes listed above, there are some minor side effects that have occurred:

  1. Initialization of the advanced logger (To get the address) is now implemented on the Logger itself, and not the component (and renamed to init).
  2. Patina component dispatch has been moved into its own subsystem with its own TPL Mutex
  3. The Decompress trait is no longer a service but rather specified as an associated type by the Plaform trait. SectionExtractorNull has been added back.
  4. GicBases is no longer a config, but a required Platform trait method for AARCH64 systems that will cause a compilation error if not provided
  5. The timer frequency is no longer a config, but an optional Platform trait method.

  Reference Q35 / SBSA implementation: OpenDevicePartnership/patina-dxe-core-qemu#74

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Boot to Shell on Q35, SBSA

  Integration Instructions

  PlatformInfo trait

  Platforms must now implement the PlatformInfo trait which describes the platform customizations for the Core. This trait has multiple type associations to provide customizations to the different subsystems of the core. They can be implemented on the same type (example below), or implemented on separate types to support re-use for different platforms. See below:

  use patina_dxe_core::*;
  use patina_adv_logger::components
  
  struct Q35;
  
  impl ComponentInfo for Q35 {
      fn components(mut add: Add<Component>) {
          add.component(q35_services::mm_config_provider::MmConfigurationProvider);
          add.component(q35_services::mm_control::QemuQ35PlatformMmControl::new());
          add.component(patina_mm::component::sw_mmi_manager::SwMmiManager::new());
      }
  
      fn configs(mut add: Add<Config>) {
          add.config(patina_mm::config::MmCommunicationConfiguration {
                  acpi_base: patina_mm::config::AcpiBase::Mmio(0x0), // Actual ACPI base address will be set during boot
                  cmd_port: patina_mm::config::MmiPort::Smi(0xB2),
                  data_port: patina_mm::config::MmiPort::Smi(0xB3),
                  comm_buffers: vec![],
              });
      }
  }
  
  impl MemoryInfo for Q35 { }
  
  impl CpuInfo for Q35 { }
  
  impl Platform for Q35 {
      type MemoryInfo = Self;
      type ComponentInfo = Self;
      type CpuInfo = Self;
      type Extractor = CompositeSectionExtractor;
  }

  Core must now be 'static

  The core must now be initialized as a static. Its interface has now also changed. Building off the above example, you would add:

  static CORE: Core<Q35> = Core::new(CompositeSectionExtractor::new());
  
  #[cfg_attr(target_os = "uefi", unsafe(export_name = "efi_main"))]
  pub extern "efiapi" fn _start(physical_hob_list: *const c_void) -> ! {
      CORE.entry_point(physical_hob_list)
  }

  Advanced Logger init changes

  The init_advanced_logger method has moved to the static logger struct and is renamed to init, rather than the component.

  static LOGGER: AdvancedLogger<Uart16550> = AdvancedLogger::new(
      Format::Standard,
      &[
          ("goblin", log::LevelFilter::Off),
          ("gcd_measure", log::LevelFilter::Off),
          ("allocations", log::LevelFilter::Off),
          ("efi_memory_map", log::LevelFilter::Off),
      ],
      log::LevelFilter::Info,
      Uart16550::Io { base: 0x402 },
  );
  
  #[cfg_attr(target_os = "uefi", unsafe(export_name = "efi_main"))]
  pub extern "efiapi" fn _start(physical_hob_list: *const c_void) -> ! {
        // SAFETY: The physical_hob_list pointer is considered valid at this point as it's provided by the core
      // to the entry point.
      unsafe { LOGGER.init(physical_hob_list).unwrap(); }
      log::set_logger(&LOGGER).map(|()| log::set_max_level(log::LevelFilter::Trace)).unwrap();
  
      CORE.entry_point(physical_hob_list)
  }

    </blockquote>
    <hr>
  </details>
  

🐛 Bug Fixes

• patina\_dxe\_core: Tests: Fix Intermittent Test Failure @os-d (#1094)
  
  Change Details

    ## Description

  Recent tests added a MockPageTable to the static GCD, but this is not cleaned up on GCD.reset(). As a result, there is a race condition where certain tests that expect there not to be a page table installed in the GCD can fail. This fixes that by removing the page table if installed in GCD.reset().

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Had a 100% repro with cargo test after this no repro. Confirmed this was the issue under the debugger.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

📖 Documentation Updates

• [REBASE\&FF] Move the `Core` to be 'static for the platform binary @Javagedes (#1049)
  
  Change Details

    ## Description

  This pull request implements the major breaking changes that will be introduced as a part of RFC #22. Overall, this pull request does the following things:

  1. This commit moves platform configuration of the core into the
     PlatformInfo trait. This trait has multiple type associations for
     configuring the different subsystems of the core. As of this commit
     the following type associations exist:
     • ComponentInfo used to attach and configure patina components to
       be dispatched by the core.
     • CpuInfo used to configure cpu releated functionality such as the
       GIC Bases for AARCH64 systems.
     • MemoryInfo used to configure memory related functionality such as
       prioritizing 32 bit memory allocations.
  2. It requires the core to be static within the platform binary and...

patina-v15.1.0

What's Changed

• Additional zerocopy\_derive imports @makubacki (#1084)
  
  Change Details

    ## Description

  Adds more imports to those in e9bcdea.

  We opted to depend on zerocopy and zerocopy-derive directly instead of using the re-export of the derive macros in the zerocopy crate using the derives feature.

  In this case, the documentation states:

  derive Provides derives for the core marker traits via the
  zerocopy-derive crate. These derives are re-exported from
  zerocopy, so it is not necessary to depend on zerocopy-derive
  directly.

  However, you may experience better compile times if you instead
  directly depend on both zerocopy and zerocopy-derive in your
  Cargo.toml, since doing so will allow Rust to compile these crates
  in parallel. To do so, do not enable the derive feature, and list
  both dependencies in your Cargo.toml with the same leading non-zero
  version number; e.g:

  [dependencies]
  zerocopy = "0.X"
  zerocopy-derive = "0.X"

  To avoid the risk of duplicate import errors if one of your
  dependencies enables zerocopy’s derive feature, import derives as
  use zerocopy_derive::* rather than by name
  (e.g., use zerocopy_derive::FromBytes).

  From: https://docs.rs/zerocopy/latest/zerocopy/#cargo-features

  This follows the advice there to import derives from zerocopy_derive using a wildcard.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • cargo make build on each crate

  Integration Instructions

  • N/A

    </blockquote>
    <hr>
    

🐛 Bug Fixes

• [REBASE \& FF] Memory Management Improvements @os-d (#1072)
  
  Change Details

    ## Description

  This PR has a series of improvements for the memory management subsystem. The most substantial is the introduction of the MemoryProtectionPolicy struct where all memory protection policy decisions are centralized. Other code will call rules in implemented as associated functions (except in one case that requires an instance of the struct; the GCD owns this sole instance). This provides better auditability and ensuring consistency.

  The other commits were various issues discovered when refactoring. All commits have detailed descriptions. I attempted to nicely organize the commits to allow for bisectability, but don't guarantee it.

  Closes #385 and #765 .

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested booting Q35/SBSA to Windows/Linux. Tested booting physical ARM64 and Intel platforms to Windows.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

🔐 Security Impacting

• [REBASE \& FF] Memory Management Improvements @os-d (#1072)
  
  Change Details

    ## Description

  This PR has a series of improvements for the memory management subsystem. The most substantial is the introduction of the MemoryProtectionPolicy struct where all memory protection policy decisions are centralized. Other code will call rules in implemented as associated functions (except in one case that requires an instance of the struct; the GCD owns this sole instance). This provides better auditability and ensuring consistency.

  The other commits were various issues discovered when refactoring. All commits have detailed descriptions. I attempted to nicely organize the commits to allow for bisectability, but don't guarantee it.

  Closes #385 and #765 .

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested booting Q35/SBSA to Windows/Linux. Tested booting physical ARM64 and Intel platforms to Windows.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

Full Changelog: patina-v15.0.1...v15.1.0

patina-v15.0.1

What's Changed

• Update zerocopy derive imports @makubacki (#1081)
  
  Change Details

    ## Description

  We opted to depend on zerocopy and zerocopy-derive directly instead of using the re-export of the derive macros in the zerocopy crate using the derives feature.

  In this case, the documentation states:

  derive Provides derives for the core marker traits via the
  zerocopy-derive crate. These derives are re-exported from
  zerocopy, so it is not necessary to depend on zerocopy-derive
  directly.

  However, you may experience better compile times if you instead
  directly depend on both zerocopy and zerocopy-derive in your
  Cargo.toml, since doing so will allow Rust to compile these crates
  in parallel. To do so, do not enable the derive feature, and list
  both dependencies in your Cargo.toml with the same leading non-zero
  version number; e.g:

  [dependencies]
  zerocopy = "0.X"
  zerocopy-derive = "0.X"

  To avoid the risk of duplicate import errors if one of your
  dependencies enables zerocopy’s derive feature, import derives as
  use zerocopy_derive::* rather than by name
  (e.g., use zerocopy_derive::FromBytes).

  From: https://docs.rs/zerocopy/latest/zerocopy/#cargo-features

  This follows the advice there to import derives from zerocopy_derive using a wildcard.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

Full Changelog: patina-v15.0.0...v15.0.1

patina-v15.0.0

What's Changed

⚠️ Breaking Changes

• Refactor Patina Perf MM Code and Use the MM Comm Service [Rebase \& FF] @makubacki (#746)
  
  Change Details

    ## Description

  Closes #444

  Refactors performance code interacting with MM to be more ergonomic and use the MM Communication service (instead of the MM Communication protocol). Use zerocopy in some places to reduce overhead from scroll. General other improvements for error handling and adding more testing.

  ---

  perf: Update dependencies for MM communication support

  Add patina_mm dependency to workspace and performance component to
  enable MM communication. Replace scroll with zerocopy for improved
  serialization performance and reduced dependency weight.

  • Add patina_mm dependency to workspace Cargo.toml
  • Add patina_mm and zerocopy dependencies to performance component
  • Remove scroll dependency in favor of zerocopy for serialization
  • Add zerocopy with derive features to SDK

  This establishes the foundation for modernizing MM communication in the
  performance component by replacing HOB-based communication with a
  service-based approach.

  ---

  patina_performance: Add MM module

  Add a dedicated MM communication module for performance related
  MM definitions and functionality such as record fetching.

  • SmmCommHeader is zerocopy wire format compatible
  • Adds GetRecordSize for querying total performance record size
  • Adds GetRecordDataByOffset for chunked record retrieval wit
    configurable buffer sizes

  ---

  patina_sdk/performance: Improve perf record serialization infra

  • Adds the PerformanceRecordHeader struct to represent and manage
    performance record headers.
  • Replaces scroll::Error with Error::Serialization so scroll errror
    types are not leaking into performance code.
  • Implement direct little-endian serialization helpers for certain
    primitives
  • Favors zerocopy instead of scroll in relevant places.
  • Adds improved bounds checking for serialization operations.

  ---

  patina_performance: Update configuration with explicit defaults

  Enhance PerfConfig with explicit default values and improved
  documentation to provide clearer configuration semantics.

  • Add explicit DEFAULT_ENABLE_COMPONENT and
    DEFAULT_ENABLED_MEASUREMENTS constants
  • Implement custom Default trait instead of derive to better
    control defaults
  • Improve documentation
  • Improve PerfConfig usage ergonomics

  ---

  patina_performance: Use the MM Communication service

  Drop HOB-based MM comm buffers and the Communicate protocol being
  used in the performance component to instead use the Communicate
  service.

  Implements more robust error handling, general code cleanup, and
  additional tests.

  • Uses the MmCommunication service

  • Adds better error handling using the MmPerformanceError enum

  • Implements chunked MM record fetching with configurable buffer
    sizes

  • Adds PerformanceRecordIterator for more memory-efficient perf
    record processing

  • Adds unit tests covering different scenarios such as zero records,
    single record, and multi-chunk scenarios

  • Mocks the MmCommunication service implementations to better
    isolate testing

  ---

  patina_sdk: Refactor perf measurement module to drop MM comm protocol

  Remove protocol-based MM communication in the patina_sdk perf code
  and clean up the event_callback namespace.

  • Remove Vec import as it's no longer needed for temporary buffers
  • Remove fetch_and_add_mm_performance_records from event_callback
    module
  • Clean up unused imports and simplify module dependencies

  ---

  patina_sdk/performance: Remove temp SMM module

  Remove the temporary _smm module that provided scroll-based MM
  communication.

  The new MM communication approach in the mm.rs module provides
  the same functionality with improved error handling, better
  resource management, and integration with the Patina service
  architecture.

  ---

  patina_performance: Add records module

  Adds structures that represent performance records so they can
  be parsed and printed in debug messages.

  ---

  patina_mm: Add MM communication buffer update protocol

  Implements the MM communication buffer update protocol to support`
  dynamic updates to MM communication buffers during boot. This is
  an option that can be enabled in the MM Comm buffer config. The
  protocol is currently published the Mu MM Supervisor Standalone MM
  implementation.

  High-level changes:

  • Add support for the MmCommBufferUpdate protocol
  • Update the patina_mm component to support MM Comm buffer updates
  • Update patina_mm config to support MM Comm buffer updates
  • Integration with SW MMI manager for buffer update handling
  • Component integration tests for buffer update functionality

  An example of a pending MM Communication buffer being applied when
  the perf component triggers a SW MMI:

  DEBUG - Starting MM communication: buffer_id=1, data_size=40, recipient=C095791A-3001-47B2-80C9-EAC7319F2FA4
  INFO - Pending buffer update detected, applying now
  INFO - Adding new comm buffer 1: addr=0x7ddd9000, size=0x10000
  INFO - Successfully applied pending comm buffer 1 update
  TRACE - patina_mm\src\component\communicator.rs:466: Buffer validation: buffer_len=65536, required_len=64
  TRACE - patina_mm\src\component\communicator.rs:473: Resetting the comm buffer and internal tracking state
  TRACE - patina_mm\src\component\communicator.rs:476: Setting up communication buffer for MM request
  TRACE - patina_mm\src\config.rs:569: Setting message info for buffer 1: recipient=C095791A-3001-47B2-80C9-EAC7319F2FA4
  TRACE - patina_mm\src\config.rs:540: Validating capacity for buffer 1: buffer_size=65536, message_size=0
  TRACE - patina_mm\src\config.rs:558: Buffer 1 capacity validation passed
  TRACE - patina_mm\src\config.rs:527: Buffer 1 state consistency was verified successfully
  TRACE - patina_mm\src\config.rs:586: Message info set successfully for buffer 1
  TRACE - patina_mm\src\config.rs:598: Setting message for buffer 1: message_size=40
  TRACE - patina_mm\src\config.rs:540: Validating capacity for buffer 1: buffer_size=65536, message_size=40
  TRACE - patina_mm\src\config.rs:558: Buffer 1 capacity validation passed
  TRACE - patina_mm\src\config.rs:610: Buffer 1: writing header and message data
  TRACE - patina_mm\src\config.rs:527: Buffer 1 state consistency was verified successfully
  DEBUG - Buffer 1 message set successfully: header_size=24, message_size=40
  DEBUG - Outgoing MM communication request: buffer_id=1, data_size=40, recipient=C095791A-3001-47B2-80C9-EAC7319F2FA4
  DEBUG - Request Data (hex): [01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00]
  TRACE - patina_mm\src\component\communicator.rs:488: Comm buffer before request: CommunicateBuffer(id: 0x1. len: 0x10000)
  . . .
  

  ---

  Add additional MM Communicator unit tests

  Coverage for:

  • Debug output
  • Default trait implementation
  • Using an MM executor

  ---

  Improve MM perf record debuggability

  Prints additional information about MM performance records retrieved,
  including record-specific information. That allows better visibility
  into the records themselves and MM communication between the Patina
  Performance component the MM performance code.

  An example of two MM performance records received from the MM UEFI
  variable driver:

  DEBUG - MM communication response received: size=156
  INFO - Performance: Processing 116 bytes of MM performance data
  DEBUG - Performance: MM record #1 - type: 0x1011 (Dynamic String Event), length: 58, revision: 1, data_len: 54
  DEBUG -   Record #1: progress_id: 0x0030, apic_id: 0, timestamp: 4105960673, guid: 7EE2C0C1-C21A-4113-A53A-66824A95696F
  DEBUG -     String: "MmVariableServiceInitia"
  DEBUG - Performance: MM record #2 - type: 0x1011 (Dynamic String Event), length: 58, revision: 1, data_len: 54
  DEBUG -   Record #2: progress_id: 0x0031, apic_id: 0, timestamp: 4157443753, guid: 7EE2C0C1-C21A-4113-A53A-66824A95696F
  DEBUG -     String: "MmVariableServiceInitia"
  INFO - Performance: MM record summary - total: 2, added: 2, failed: 0
  

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • Boot on QEMU Q35 with default Q35 build and run settings
  • Boot on QEMU Q35 with PERF_TRACE_ENABLE
  • Add two MM perf records for testing and verify they are found using MM communication
  • Verify the MM communicate buffer can be updated successfully when the MM Communication Buffer update protocol is published and the following performance configuration is used:

    enable_comm_buffer_updates: true,
    updatable_buffer_id: Some(1),
  

  Integration Instructions

  Update performance configuration to include the following fields:

    enable_comm_buffer_updates: false,
    updatable_buffer_id: None,
  

  If the MM Communication Buffer Update protocol is installed on the platform (protocol with GUID 2a22e38f-9d1c-49d0-bdce-7ddac16da45d), then use the following configration:

    enable_comm_buffer_updates: true,
    updatable_buffer_id: Some(1),
  

  Where updatable_buffer_id is the ID of the comm buffer that should be updated with the information in the protocol.
  

  
  

  ---

  
  

🚀 Features & ✨ Enhancements

• Refactor TplMutex @joschock (#1056)
  
  Change Details

    ## Description

  Renames the tpl_lock.rs mod...