From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.4611.1635823822372162155 for ; Mon, 01 Nov 2021 20:30:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=IeW4musY; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: ray.ni@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10155"; a="254781995" X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="254781995" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Nov 2021 20:30:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.87,201,1631602800"; d="scan'208";a="638059970" Received: from fmsmsx605.amr.corp.intel.com ([10.18.126.85]) by fmsmga001.fm.intel.com with ESMTP; 01 Nov 2021 20:30:21 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 1 Nov 2021 20:30:21 -0700 Received: from fmsmsx607.amr.corp.intel.com (10.18.126.87) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 1 Nov 2021 20:30:20 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx607.amr.corp.intel.com (10.18.126.87) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 1 Nov 2021 20:30:20 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.101) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 1 Nov 2021 20:30:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mL/0em0lmuafP6XxaMRedNLYrlZ59bt8ovlHaTcktsm8DvVeWnhHqL1yK6/Ue1acieO0KxVU/+H2qXpRuvRwC8ctrwi8oQ4EPbrdXgVx1GfO9i4lJzxgSRogulQbK00MSLWpg9ZXSI1zLUT4MUnBVbtTfgMHNAp/+qP8P4IfsJVzPF5lUZrxmmkUIFJuKZZeAGehyybvt1CtN47r1SWFWDPMfonmMxt5S0uQFy/GnzQhRHarMhAMH9DuQeN6XfvF1Xbhp0C2IzfpmNSn5rYmlVgT+d98G4e7uzm11IAoee8hacxKIbH/mudy6JnL8ZSdDaVwfmbxRLGQ1ltLXgVedw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jcaYyGHcBaYRYn9ufN2CQTsRX58M473zfV3QQoqdko8=; b=Nj5PpTwWfESq9+VTfJuxlg1FhDT0Uq+N1qgO3Yl0znkzd8nbjTiWNRGFllwfjUP8aO9LvCrX+rBicokr+um4x6QiaE5PBcbl8VbcgLKSXkSuADtnrYlKiHhLa/mZOks1Bt5v7GUf/BocS6rO7gecuLmpJHUUFo3jA3GzViERvYg7Xjb1zUsEfzNEZUxzYkZkSNKe2S06y0jwrSDA4aJKLonqRx4yj8UrMBCDiLGqQeuOJbmymkDt6xuE3omzJTeee4z1RR5iEmm00i0gW8hvPfW7s3M38/55PIR2dOf8kVMtAN82aWQhxjmb4udJUilBJIWa74e9d5r2JFnTalsMxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jcaYyGHcBaYRYn9ufN2CQTsRX58M473zfV3QQoqdko8=; b=IeW4musYs84hTICO184F9tEdYYmmEhK+G9LNqvS3Ri0ngoTH3lvtrd8TsC6mldVTAkZe+H9IqCfeJo9z764HlDthGOrhlYSKkppxzNQsv/VQJO0tXoSAM+XV4xytfvGcnZbqY/SNcg3eEEkJ04q3+w05REeQPPIanUiKH0r4Hbs= Received: from BN0PR11MB5696.namprd11.prod.outlook.com (2603:10b6:408:14b::11) by BN9PR11MB5337.namprd11.prod.outlook.com (2603:10b6:408:136::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Tue, 2 Nov 2021 03:30:19 +0000 Received: from BN0PR11MB5696.namprd11.prod.outlook.com ([fe80::317e:de35:e920:7778]) by BN0PR11MB5696.namprd11.prod.outlook.com ([fe80::317e:de35:e920:7778%3]) with mapi id 15.20.4649.020; Tue, 2 Nov 2021 03:30:19 +0000 From: "Ni, Ray" To: "devel@edk2.groups.io" , "Ni, Ray" , "Yang, Longlong" CC: "Dong, Eric" , "Kumar, Rahul1" , "Yao, Jiewen" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Topic: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Index: AQHXy8ywZnkRFnMUC0S2pt7DmYy3BKvvf1LggAAYsZA= Date: Tue, 2 Nov 2021 03:30:19 +0000 Message-ID: References: <69d53dbbfe4bb2fdd27d5098850a9e91a43d63bb.1635405564.git.longlong.yang@intel.com> <16B397E9723CF0A5.13015@groups.io> In-Reply-To: <16B397E9723CF0A5.13015@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24bc02c4-93b9-44fe-e6ec-08d99db11872 x-ms-traffictypediagnostic: BN9PR11MB5337: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2WKAKaL2RsYf6GfgNQjDYvjPtLm0//SDaHb5vVh2RuFQgsLwBJ77Zfx4V4a0lj6PDIs3UGOAiKlMtMyE+CaqXJmyGtLW9u/fjJOC5rRwZxhduuiTEsqegPjdvYLvZ1mA2V1ZZmWYNVrE58+PYkucfHSAXxztrNYZxtl2/a4dG2KSAaV8HrkrrTDg0UIsybUBmxmIxJnXkoYr9ssqYChnkFSOUusgStTdhm93G/4nW1WVrVZvqqsLc2lwV3oDSzxrwugTIyJ/qL1LbR/LFvcaCbXfpkYC4NZN3oHYgdWKzgSNJalvlMAimsPDFc96ySh3xsVkWu6BClt1S4Vbg/lRDkSldPUBzU3jC2WUis+8CKHemkqkdlo0OVlJjkeanb+qfY76QTviFp2JlmVp+OWxBpHUu9kFhuWRQBlRxv59N1cc+6dKS3hO7rOb8TACQRf8kE+Vt7v/IL5Tn39z+16tY1j4+G48oGh5NbAv15zRs4dZbvV8UOKrctOkHoHPauw10wfTBXSsA0fuwkUz2d0nVcqRr0WmvaseDY8gxoli3KNoLoY1+Aiqk2oQJZSMEdyzXa7AtTSm3NbryEALBXk6FZCv1ZXrtN2zrnwf7jFhtf1cXz3Cbw0RVFs/RxJ4kP2A/yzghzBYwaLqaz9nYqsLjJWT6SDlX1gCeAOp5uBInkiPe8P/wt8VTfAbIkXD7zCnCbgjZScpIMB4um7mleRBEti0kVWuHqBOnw5eoShls1arp0fzyq1TokNKm0DUJZrzryN4GwGlxCCqUxk0C8Bj+ZE2rp6XUbxMQh4ZAtfyX9M= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN0PR11MB5696.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(82960400001)(316002)(9686003)(38070700005)(53546011)(6506007)(71200400001)(2906002)(38100700002)(107886003)(33656002)(54906003)(55016002)(122000001)(66946007)(66556008)(64756008)(66476007)(186003)(508600001)(8936002)(966005)(5660300002)(6636002)(83380400001)(110136005)(76116006)(66446008)(26005)(52536014)(86362001)(7696005)(4326008)(8676002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?RUf62elkP2CARrJQ4p3/IAJz1tpJiVc1dMoWnhJifdcHx8f4YmokZfX8WC7d?= =?us-ascii?Q?LJcW0VJ/fBCNoXmarFj9Jan724FBoP06tKH4KXxG56XwFS3IZKvr6LwoR0A1?= =?us-ascii?Q?ykHJDn039fH/J72lt9WvfHwSyXeuPJgNfVsWNW1v+E7U2E9wCxTNcaxrv8Sz?= =?us-ascii?Q?XbhaHqvVfEbJ1YeY02emkjCrvwJwnoNR0umMEC5rdtxgY7Pn4F2RZWK9ep91?= =?us-ascii?Q?5sZEp+hkDJQEmyRrPseUr6JXDQ4zF9CA/40FJGrVahd+6bT6AwcEJ9jvQJW/?= =?us-ascii?Q?/gOqHzE+4uIcVcwS40rw3/xubQV+jufdr7Y1m6gKPkuWwtjuDCzjgpmsh5uZ?= =?us-ascii?Q?xGT4m08IHo25/hMlcj5oF9yfVx+YC78uX9XvbleP78LP79dSEdGxzMVbGjui?= =?us-ascii?Q?slu7eMpCX/MWlIOFnKjaC0M4elQXhI1mhTpp6nYxR3pu8/XitLKAr9nZnS4f?= =?us-ascii?Q?CBXa1+Q8atRkK13cjaoBH76ehRUowW2mjB5cDSvnp9HjUcsd8L7OrDh0QHb5?= =?us-ascii?Q?TPOLSp5d7uhp4fW7fDcqYssUsoRz5ofSE0XL6hHtHafGP/Y0f55amLF9y+jL?= =?us-ascii?Q?qGr8Io/wkXPG9Oxs0VSBZBnRLdYvp7eQPT46ln3LsJ2cRUwCYaW+Oj6n9j4g?= =?us-ascii?Q?KwFgiz1BVvZ5upwIiufqxjkUwdbqRettXQg2PAyXVC5CyucZwjwB9Mljd0Fu?= =?us-ascii?Q?SOdAdnvpDKHBZeMPS6l7X92zJldYx9MJfuT3HeBId6AxWoee+gpGzzS/nliG?= =?us-ascii?Q?A35M9mgTsYj9UvZXAH/hYXPAzZl8Ivka4cOX5b2N4nmlavuAKn3OiwAYi9DQ?= =?us-ascii?Q?xol8/HpAAIp0MVfgsJXhcByks4UR5Wdj3+Z5ySbQFHVIXr1LB3zBLLlVpJ1r?= =?us-ascii?Q?m86CwKS42oefYKcY+PatRnPosPynX9DIp4l5UY1Whugb7F8hIJcb7m8b4kO/?= =?us-ascii?Q?t3uYuA+6wR9sKI6p9m87Wv9W6UOk/qyw10tXMAjo7irGVpkF2eXzJEugknPy?= =?us-ascii?Q?FODw8GwRqstdDUNaQItTsneZl5G0UBrJVX2HOwKTMNVhyn1o+HKB610v4fm5?= =?us-ascii?Q?AwrMJLg3+JVjvB+kTcmXPneOvXpLTZj/cWx0FKw7ObP/WrJL4tTNBcmVD9j+?= =?us-ascii?Q?eB3TgKCW4i6Gx6WAf7HZlemh3cro6yE2jaS/rpXhtEs+s39HzxXfrciU2wYq?= =?us-ascii?Q?qE6ZslOeU9piLr975A5gYvk64nyVqNMh6bVAOB58TnJk5vfQepOEKyNN7U45?= =?us-ascii?Q?fkj9T69WUlyMN2hPdXYiqPpb7Yf3Z41cN7iPuJuRVC1FvShLU+FkRp0+inws?= =?us-ascii?Q?cwMMOVagqIYqwh/dYv6fWuiVEtn272jQBYBfrXezGugqy+j38V2DnYo9sOIN?= =?us-ascii?Q?Zh9SkbwTe77Hjq9fgYme9e1Nxuvwm7ucA1Qb5/1b4k9Ejz76sYckLrSeqMug?= =?us-ascii?Q?SBk6QzQRiejIKbE5Nj0vRs+d1Ffpv0BhPe/NxjGuu+cCQYWg+Bb42p1C8CU1?= =?us-ascii?Q?YPqmDn3uKfzT1H/GqhziNngar1gBuwcC6qkIkG9VeZV6qfdy73LPaObbM3h0?= =?us-ascii?Q?8bKxBAWQHa+24MPK1Dx6yTU6Q70u724kyzewGvWfRk1vYrXYUI4fbKZu3sIi?= =?us-ascii?Q?wSKMOiBTzlu4EynCNxLQpGw=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN0PR11MB5696.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 24bc02c4-93b9-44fe-e6ec-08d99db11872 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Nov 2021 03:30:19.3336 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kNdbTRBgrtxKeqhkHx3b2RwAWc5B5IYv9X1TR+ocaZbB9lIKLLrXLM+33wftzD5k14rgCs0dtphDauG7knSZ1w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN9PR11MB5337 Return-Path: ray.ni@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Just offline discussed with Longlong, measuring the entire microcode buffer= might spend more time comparing to only measuring the applied microcode, w= hen the platform firmware includes lots of microcode. 10 comments embedded in code change in below. -----Original Message----- From: devel@edk2.groups.io On Behalf Of Ni, Ray Sent: Tuesday, November 2, 2021 9:55 AM To: Yang, Longlong ; devel@edk2.groups.io Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: Re: [edk2-devel] [PATCH 1/1] UefiCpuPkg: Extend measurement of mic= rocode patches to TPM Longlong, Your code creates a big buffer that holds microcode data for all threads. MicrocodeCpu[i] =3D MicrocodePatchHob->MicrocodePatchAddress + MicrocodePa= tchHob->ProcessorSpecificPatchOffset[i] BigBuffer =3D GetMicrocodeBuffer (MicrocodeOfCpu[0]) + GetMicrocodeBuffer = (MicrocodeOfCpu[1]) + ... HashValue =3D Hash (BigBuffer) I am not sure if we can do like below: BigBuffer =3D Micro= codePatchAddress> + ProcessorSpecificP= atchOffset[]> HashValue =3D Hash (BigBuffer) The second approach doesn't require sorting, one-by-one-copying. Thanks, Ray -----Original Message----- From: Yang, Longlong Sent: Thursday, October 28, 2021 3:21 PM To: devel@edk2.groups.io Cc: Yang, Longlong ; Dong, Eric ; Ni, Ray ; Kumar, Rahul1 ; Ya= o, Jiewen ; Xu, Min M ; Zhang, Qi= 1 Subject: [PATCH 1/1] UefiCpuPkg: Extend measurement of microcode patches to= TPM REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3683 TCG specification says BIOS should extend measurement of microcode to TPM. However, reference BIOS is not doing this. This patch consumes gEdkiiMicroc= odePatchHobGuid to checkout all applied microcode patches, then all applied= microcode patches are packed in order to form a single binary blob which i= s measured with event type EV_CPU_MICROCODE to PCR[1] in TPM. Cc: Eric Dong Cc: Ray Ni Cc: Rahul Kumar Cc: Jiewen Yao Cc: Min M Xu Cc: Qi Zhang Signed-off-by: Longlong Yang --- .../MicrocodeMeasurementDxe.c | 254 ++++++++++++++++++ .../MicrocodeMeasurementDxe.inf | 58 ++++ .../MicrocodeMeasurementDxe.uni | 15 ++ .../MicrocodeMeasurementDxeExtra.uni | 12 + UefiCpuPkg/UefiCpuPkg.dsc | 2 + 5 files changed, 341 insertions(+) create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.c create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.inf create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= Dxe.uni create mode 100644 UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurement= DxeExtra.uni diff --git a/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c b= /UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c new file mode 100644 index 000000000000..1898a2bff023 --- /dev/null +++ b/UefiCpuPkg/MicrocodeMeasurementDxe/MicrocodeMeasurementDxe.c @@ -0,0 +1,254 @@ +/** @file + + + if (TRUE =3D=3D mMicrocodeMeasured) { 1. Remove "TRUE =3D=3D " please 2. Can you please duplicate the MicrocodePatchHob->ProcessorSpecificPatchOf= fset in a new array and sort the "PatchOffset" before calculating the total= microcode size? This avoids big memory consumption in many-core platforms. + + // + // Extract all microcode patches to a list from MicrocodePatchHob //=20 + MicrocodePatchesList =3D AllocatePool (MicrocodePatchHob->ProcessorCount + * sizeof (MICROCODE_PATCH_TYPE)); if (NULL =3D=3D MicrocodePatchesList) = { + DEBUG ((DEBUG_ERROR, "ERROR: AllocatePool to MicrocodePatchesList Fail= ed!\n")); + return; + } + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + if (MAX_UINT64 =3D=3D MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]) { + // + // If no microcode patch was found in a slot, set the address of the= microcode patch + // in that slot to MAX_UINTN, and the size to 0, thus indicates no p= atch in that slot. + // + MicrocodePatchesList[Index].Address =3D MAX_UINTN; + MicrocodePatchesList[Index].Size =3D 0; + + DEBUG ((DEBUG_INFO, "INFO: Processor#%d: detected no microcode patch= \n", Index)); + } else { + MicrocodePatchesList[Index].Address =3D (UINTN)(MicrocodePatchHo= b->MicrocodePatchAddress + MicrocodePatchHob->ProcessorSpecificPatchOffset[= Index]); + MicrocodePatchesList[Index].Size =3D ((CPU_MICROCODE_HEADER*)= ((UINTN)(MicrocodePatchHob->MicrocodePatchAddress + MicrocodePatchHob->Proc= essorSpecificPatchOffset[Index])))->TotalSize; 3. Can you please use GetMicrocodeLength() from MicrocodeLib? + PerformQuickSort ( + MicrocodePatchesList, + MicrocodePatchHob->ProcessorCount, + sizeof (MICROCODE_PATCH_TYPE), + MicrocodePatchesListSortFunction + ); 4. Can you please use QuickSort() in BaseLib? This avoids UefiCpuPkg depend= s on MdeModulePkg. + for (Index =3D 0; Index < MicrocodePatchHob->ProcessorCount; Index++) { + DEBUG ((DEBUG_INFO, "INFO: After sorting: Processor#%d: Microcode=20 + patch address: 0x%x, size: 0x%x\n", Index,=20 + MicrocodePatchesList[Index].Address, + MicrocodePatchesList[Index].Size)); + } 5. There are lots of debug messages in this module. Please review them and = think about what are necessary. Try to remove some unnecessary messages. + // + // LastPackedMicrocodeAddress is used to skip duplicate microcode patch. 6. You might need a "LastPatchOffset" to skip duplicate the PatchOffset aft= er sorting. + + if (0 =3D=3D MicrocodePatchesBlobSize) { + DEBUG ((DEBUG_INFO, "INFO: No microcode patch was ever applied!")); + FreePool (MicrocodePatchesList); + FreePool (MicrocodePatchesBlob); + return; + } 7. Please confirm with Jiewen or Qi whether no measurement is fine if there= is no microcode. + + Status =3D TpmMeasureAndLogData ( + PCRIndex, // PCRIndex + EventType, // EventType + &EventLog, // EventLog + EventLogSize, // LogLen + MicrocodePatchesBlob, // HashData + MicrocodePatchesBlobSize // HashDataLen + ); + if (!EFI_ERROR (Status)) { + mMicrocodeMeasured =3D TRUE; + gBS->CloseEvent (Event); 8. I think if you CloseEvent() there is no need to use mMicrocodeMeasured f= lag because the event won't be signaled again. + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 EBC ARM AARCH64 9. Can you just list "IA32" and "X64"? The microcode HOB doesn't apply to A= RM. EBC can be added to the supported list if we verified it works. VmgExitLib|UefiCpuPkg/Library/VmgExitLibNull/VmgExitLibNull.inf MicrocodeLib|UefiCpuPkg/Library/MicrocodeLib/MicrocodeLib.inf + SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf 10. No need the above SortLib.