edk2-stable202211

Release Date 2022-11-26

New Features

• CryptoPkg remove EC PCD and merge optimized openssl libs
• Add GoogleTest unit test support to UnitTestFrameworkPkg
• Add Raw algorithm support using Arm FW-TRNG interface
• TDVF Lazy Accept in OvmfPkg
• Debug code to audit BIOS TPM extend operations
• Add a new feature to enable LoongArch prot for EDKII
• CryptoPkg: Need to add additional cipher algos and TLS API to meet WPA3
• IntelFsp2(Wrapper)Pkg: Support FSP 2.4 MultiPhaseInit
• CryptoPkg: Need to support EC and BN API due to WPA3 feature
• Add PCI_DEVICE_PPI support for NvmExpressPei

Bugzilla List

edk2-stable202208

Release Date 2022-08-29

New Features

• Add CRC16 and CRC32C to MdePkg
• IntelFsp2Pkg/ConfigEditor: Support FSP 2.3 header
• Extend SecureBootVariableLib interfaces
• UEFI HTTPS Boot Support for HTTP Client Authentication (Basic or Digest)
• Support 64bit FspResetType for X64 build
• IntelFsp2Pkg/FspSecCore: Add FSP-I entry for SMM support
• Add PCI_DEVICE_PPI definition to EDK2
• Support to assign the subject name to sign the capsule file

Bugzilla List

edk2-stable202205

Release Date 2022-05-27

New Features

• Support PEI 64bit in IntelFsp2Pkg and IntelFsp2WrapperPkg
• IntelFsp2Pkg: BaseFspCommonLib Support for X64 Build
• Add PrmPkg
• BaseTools Enhance GenFw to support PRM GCC build
• Enable Intel TDX in OvmfPkg
• Generate CloudHv target as PVH ELF binary
• Add parallel hash feature into BaseCryptLib
• Configure/Enable elliptic curve ciphers in OpenSSL
• Add FMMT tool into edk2 BaseTools
• Dynamic variable flash information cannot be passed in Standalone MM

Bugzilla List

edk2-stable202202

Release Date 2022-02-25

New Features

• OvmfPkg Add new target for Cloud Hypervisor
• Add TDVF to OvmfPkg
• Add new APIs to UefiCpuPkg/UefiCpuLib
• Add AMD Secure Nested Paging Support
• Add SSDT PCI generator in DynamicTablesPkg
• Support ACPI 6.4 PPTT changes
• Add FdtHwInfoParser library
• Add DynamicPlatRepo library
• Make package and platform builds reproducible across source format changes
• Add Uncrustify CI Plugin
• Apply uncrustify changes to all package C and H files

Bugzilla List

edk2-stable202111

Release Date 2021-11-26

New Features

• Add SSDT CPU topology generator
• Support ACPI 6.4 in GTDT parser and generator
• Support ACPI 6.4 in DynamicTables FADT parser
• Support ACPI 6.4 in Acpiview PCCT parser
• Support ACPI 6.4 in Acpiview HMAT parser
• Add support for the microvm machine type (qemu)
• OVMF/ArmVirt: add support for virtio-mmio 1.0
• IntelFsp2Pkg: adopt FSP 2.3 specification
• UefiCpuPkg VTF0 X64: Build page tables using Linear-Address Translation to a 1-GByte Page
• Enable wildcard host name matching in HTTPS/TLS implementation
• Add QuickSort function into BaseLib
• Add SMM NV variable support in universal UEFI payload
• Add TDVF to OvmfPkg
• Make package and platform builds reproducible across source format changes

Bugzilla List

edk2-stable202108

Release Date 2021-08-27

New Features

• OvmfPkg: remove Xen support from OvmfPkg*.dsc, in favor of OvmfXen.dsc
• Add CLANGDWARF toolchain for generating ELF+DWARF
• NetworkPkg/IScsiDxe: remotely exploitable buffer overflows
• NetworkPkg/IScsiDxe: add sha256 support to CHAP
• Create header files and multiple Hobs for Universal Payload
• Add search feature in config editor
• Add additional build option to treat Dynamic Pcd as DynamicEx Pcd
• Add a new MicrocodeLib for microcode loading
• Implement key enrolment from default key variables
• StandaloneMm support for 32bit Arm machines
• Add firmware support for Cloud Hypervisor on arm64
• Support architecture-specific openssl acceleration
• Support measured AMD SEV boot with kernel/initrd/cmdline
• Add ACPI 6.4 header
• Add new BootDiscoveryPolicyUiLib

Bugzilla List

Update Notes

• UefiCpuPkg Library CpuCacheInfoLib depends on SortLib. So, SortLib library instance is required to be specified in PlatformPkg.dsc
  SortLib|MdeModulePkg/Library/BaseSortLib/BaseSortLib.inf
• Smbios definition is updated.

MemoryArrayLocationCXLFlexbus10AddonCard ==> MemoryArrayLocationCXLAddonCard
MemoryTechnologyIntelPersistentMemory ==> MemoryTechnologyIntelOptanePersistentMemory

edk2-stable202105

Release Date 2021-05-28

New Features

• OVMF RFE: VCPU hot-unplug with SMI
• Add non-MMRAM memory protection for Standalone MM environment
• OpenSSL Update OpenSSL version to version 1.1.1j to include CVE fix
• Add a new library class RegisterFilterLib
• Add a new MicrocodeLib for microcode loading
• EDKII Redfish Config Handler Protocol
• Implementation of UEFI spec 31.1 Redfish Discover Protocol
• Add RedfishLib (from libredfish)
• Add the ArmPlatformPkg to the azurepipeline
• Add the ArmPkg to the azurepipeline
• Support Tcg2Smm under Standalone MM environment
• UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support
• Add support for AARCH64 to RngDxe and BaseRngLib
• Add support for RSASSA-PSS signature scheme in Crypto package

Bugzilla List

Update Notes

• MdeModulePkg VariableSmmRuntimeDxe.inf depends on library class MmUnblockMemoryLib. Platforms supporting variable service through SMM should configure platform DSC in [LibraryClasses]
  MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
• SecurityPkg Tcg2Smm is split into 2 drivers: Tcg2Smm and Tcg2Acpi. Platforms supporting TCG2 Physical Presence and Memory Clear through ACPI method should add a new entry in [Components] section of platform DSC as well as the corresponding FV section in platform FDF
  SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf
• Platform DSC needs to include MdePkg/MdeLibs.dsc.inc for the required library instance.

edk2-stable202102

Release Date 2021-03-05

New Features

• ArmVirtPkg: support extra pci root bridges (pxb)
• SEV Encrypted Boot for Ovmf (remote attestation)
• virtio-fs driver for OvmfPkg and ArmVirtPkg
• Apply SEV-ES mitigations for encryption bit position and MMIO
• Add Core CI support for StandaloneMmPkg
• Update LZMA module to LZMA SDK latest version 19.00
• IntelFsp2Pkg: Support FSP private temporary memory
• Port open source JSON library (jansson)
• add file buffering to the UEFI shell's COMP command
• Shell: pathname / filename sorting
• Extend support of peripheral x64 MM_STANDALONE drivers
• BaseTools: Convert the Split tool from C language to Python
• ArmPkg: Add Universal/Smbios
• Move to Pip based Basetools python
• Add support for use of FF-A calls

Bugzilla List

Update Notes

• If the user has the windows bat script that calls Split in it，it needs to change to "call Split" because Split will be a bat script but not an executable file.
• Shell depends on library class OrderedCollectionLib. Platform DSC needs to configure it in [LibraryClasses]
  OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib/BaseOrderedCollectionRedBlackTreeLib.inf
• Some struct fields in SmBios.h have typos and get fixed in these code change 0db8, bd9d, e157. Details are listed below.
  In struct SMBIOS_TABLE_TYPE17:
   FirwareVersion ==> FirmwareVersion
  In struct SMBIOS_TABLE_TYPE4:
   ProcessorManufacture ==> ProcessorManufacturer
  In struct PROCESSOR_CHARACTERISTIC_FLAGS:
   Processor64BitCapble ==> Processor64BitCapable
 ProcessorEnhancedVirtulization ==> ProcessorEnhancedVirtualization
 Processor128bitCapble ==> Processor128BitCapable
  Platform code that uses those fields need modifications.

edk2-stable202011

Release Date 2020-11-27

New Features

• ShellPkg: add HttpDynamicCommand
• OvmfPkg, ArmVirtPkg: enable HttpDynamicCommand
• CryptoPkg/BaseCryptLib: fix NULL dereference (CVE-2019-14584)
• Security fix: possible heap corruption with LzmaUefiDecompressGetInfo
• Security fix: unlimited FV recursion, round 2 (DXE Core)
• Remove DEPRECATED code wrapped by new macro DISABLE_NEW_DEPRECATED_INTERFACES
• MdePkg: Add definitions for HTTP Chunked Transfer
• Add SMBIOS 3.4.0 DDR5 Support
• UefiCpuPkg: MpServices2Ppi and MpServicesPpi compatibility support.
• Add RngLib instead of TimerLib for OpensslLib
• SecurityPkg/DxeImageVerificationLib: Disable SHA1 base on MACRO
• Remove the deprecated MD5 and SHA1 support of Hash2DxeCrypto
• Adopt VariablePolicy, Deprecate VarLock and VarCheckPolicy.
• BaseCryptLib: Add Host and Shell based unit tests
• Implementation of UEFI EFI_REST_JSON_STRUCTURE_PROTOCOL
• Implementation of UEFI Redfish Host Interface Dxe
• Add SATA port error recovery when operating in AHCI mode
• Restart failed ATA packets when operating in AHCI mode
• Extend usage of LastAttemptStatus in FmpDxe
• Add firmware support for Kvmtool
• EmulatorPkg: Add CI build for SECURE_BOOT_ENABLE
• BaseTools: Add EDKII_DSC_PLATFORM_GUID MACRO
• BaseTools: Enable Module Scope Structure Pcd
• BaseTools: Incremental build enhancement

Bugzilla List

Wiki

• VariablePolicy Protocol Enhanced Method for Managing Variables
• TianoCore: Who we are

Update Notes

1. DEPRECATED functions are removed. New secure version functions are required to be used.
2. RngLib library instance is required to be specified in [LibraryClasses] section of Platform.dsc file.
3. VariablePolicyLib and VariablePolicyHelperLib library instances are requried to be specified in [LibraryClasses] section of Platform.dsc file. The detail changes can refer to platform porting wiki.

edk2-stable202008

Release Date 2020-09-04

New Features

• BootGuard TOCTOU vulnerability (CVE-2019-11098)
• Provide MACROs to disable SHA1 support
• Update openssl version to latest stable version 1.1.1g
• TPM Add capability to let PEIM extend TcgEvent
• TPM Bios to verify TPM2_ChangeEPS Support through TPM Capabilities command request and enable it if available
• Add FSP binary measurement
• CXL 1.1 Base Specification Register definitions
• BaseTools: Add support on C files to consume ASL files
• Enable BSD-2-Clause-Patent license checker for new added files in open CI
• Enable ECC (EFI Code Checker) checker in open CI
• Add UNIT_TESTING_DEBUG define to enable source level debugging of host based unit tests
• Add new instance of BaseLib that for host based unit tests called UnitTestHostBaseLib
• Add a pre-memory AP vector at 0xFF000
• IntelFsp2Pkg: Add FSP*_ARCH_UPD
• Dynamic AML: A solution to simplify runtime generation of Definition Block tables
• Add support to OVMF for AMD SEV-ES
• Add bhyve hypervisor support to EDK2
• Add LSI 53C895A SCSI controller support to OVMF

Bugzilla List

Wiki

• How to debug OVMF with QEMU using WinDbg
• Boot Guard TOCTOU Vulnerability Mitigation

Update Notes

1. Add the below library instances into [LibraryClasses.common.PEIM] section of platform dsc If this platforms depend on Intel FSP
   FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
   TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
   TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf

2. The SEV-ES feature adds new library dependencies. If your DSC file uses the UefiCpuPkg CpuExceptionHandlerLib library or the UefiCpuPkg MpInitLib library, then you must add an entry for the UefiCpuPkg VmgExitLib library (VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf).