================================================================================
Intel DQ57TM UEFI 2.3.1 Development Kit - binary image release notes
SDV.TM.B9 Release -- Feb 18, 2012

These release notes provide information for the BIOS Binary image for use on the
following platform: Intel(r) DQ57TM Desktop Board
================================================================================

================================================================================
                                  DISCLAIMER
================================================================================
This release note as well as the software described in it is furnished under license
and may only be used or copied in accordance with the terms of the license. The
information in this manual is furnished for informational use only, is subject to
change without notice, and should not be construed as a commitment by Intel Corporation.
Intel Corporation assumes no responsibility or liability for any errors or inaccuracies
that may appear in this document or any software that may be provided in association
with this document.
Except as permitted by such license, no part of this document may be reproduced,
stored in a retrieval system, or transmitted in any form or by any means without
the express written consent of Intel Corporation.

================================================================================
                                    INDEX
================================================================================
1. FILES LIST
2. REFERENCE PLATFORMS
3. FIRMWARE DEVICE IMAGE UPDATE PROCEDURE
4. NEW FEATURES AND CHANGES
5. KNOWN LIMITATIONS
6. MISC

================================================================================
                                  FILES LIST
================================================================================
1.  "ReleaseNote.txt" - Release note for the entire package (this document)

2.  "FirmwareUpdate.efi" - Firmware Update Utility for UEFI Shell (x64)

3.  "ReadMe.txt" - README file for FirmwareUpdate.efi

4.  "Getting_Started-UDK2010_FIRMWARE_DEV_PLT_Guide.pdf" - Getting Started Guide

5.  "EULA.pdf" - Intel Software Tools License Agreement

6.  "SourceLevelDebug.txt" - Instructions for enabling Source Level Debugging.
    For use with the UDK2010_TM_B9_srcdbg.rom BIOS image.

7.  Firmware Images ...

	a. UDK2010_TM_B9_release.rom  The release version of the BIOS, with
	   debugging features disabled.
	b. UDK2010_TM_B9_debug.rom  The debug version of the BIOS, with debug
	   output redirected to the serial port (COM1).
	c. UDK2010_TM_B9_srcdbg.rom  The source level debug version of the BIOS,
	   enabling support for the Intel UEFI Development Kit Debugger Tool using
	   the serial port (COM1).

================================================================================
                              REFERENCE PLATFORMS
================================================================================
Baseboard: Intel Motherboard - Intel DQ57TM
Processor: Intel Processor - Intel Core i5 650 (3.2Ghz)
Memory   : 8GB DDR3 (2x4GB DIMM)

================================================================================
			FIRMWARE DEVICE IMAGE UPDATE PROCEDURE
================================================================================
Please refer to the Getting Started - UDK2010 Firmware Development Platform Guide
(Getting Started Guide) for complete instructions.

There are two procedures outlined in this document for upgrading or installing a
BIOS image on the Intel UDK 2010 Firmware Developer Platform Kit. Please review
these procedures before attempting a firmware upgrade or installation.

CAUTION: Installing the BIOS image on an unsupported motherboard may render
the motherboard unusable until it is reflashed with a backup copy of the
motherboard's original BIOS. Use only supported components with the Intel UDK
2010 Firmware Developer Platform.

================================================================================
                            NEW FEATURES AND CHANGES
================================================================================
>>>>>>>>>>>>>>>>>>>> SDV.TM.B9 >>>>>>>>>>>>>>>>>>>>>>>
1. Code Base Update based on changes made after UDK2010.SR1.

2. GOP Update
   Updated GOP driver and configuration file to fix multiple issues seen under
   different OS versions.  This improved the functionality of single display
   configurations on all on-board display connectors.
   2.1 Enabled use of display connectors other than VGA in Windows.
   2.2 Fixed DVI-I display detection.
   2.3 Corrected resolution selection when EDID not present.
   2.4 Fixed video detection under newer versions of Linux.

3. ACPI Update
   3.1 Enable FADT 5.0 which is defined in ACPI 5.0 Spec.
   3.2 Enable BGRT to handle multi ReadyToBoot events. New fix keeps BGRT table
       updated on every ReadyToBoot event.

4. Network Update
   Fix a bug for IPv6 PXE when Proxy DHCP6 service and DHCP6 service are located at
   the same server. Now use multicast message to communicate with Proxy DHCP6 port 4011
   after complete the standard DHCP6 process.

>>>>>>>>>>>>>>>>>>>> SDV.TM.B8 >>>>>>>>>>>>>>>>>>>>>>>
1.  Support UEFI 2.3.1 a and PI1.2 c.
2.  Support Secure Boot, TPM PP 1.2 and SMM variable.
3.  Support ACPI 5.0 FPDT and BGRT.
4.  Support USB 3.0 XHCI. A new XhciDxe driver is introduced to produce
    EFI_USB2_HC_PROTOCOL on various XHCI chipsets.
5.  Support SMBIOS 2.7.0 and 2.7.1.
6.  Support x64 1G page table. Add PcdUse1GPageTable to specify whether 1G page
    table is enabled.
7.  Support UEFI 2.3.1 HII IFR opcodes.
8.  Update PciBusDxe to support SR-IOV.
9.  Add the generic HpetTimerDxe driver to provide the Timer Architectural
    Protocol using the High Precision Event Timer (HPET).
10. CPU enhancements:
    1) Add support for Nehalem, Sandy Bridge and Ivy Bridge processors.
    2) Enhance the implementation for SMBIOS Type-4 and Type-7 records.
    3) Update the LocalApic.h and Local APIC library class for Message Signaled
       Interrupt (MSI) support.
11. Added setup control for legacy BIOS features (Device Manager -> Boot). This
    replaces the CSM Enabled/Disabled versions of the ROM in previous releases.
	The "enable" setting of "Legacy Support" is equivalent to CSM ON.
	The "disable" setting of "Legacy Support" is equivalent to CSM OFF.

>>>>>>>>>>>>>>>>>>>> SDV.TM.B7 >>>>>>>>>>>>>>>>>>>>>>>
1. Source Level Debug
   Source level debug is enabled at this release. It supports source level debug
   through serial cable. For how to use source level debug feature, please refer
   to "SourceLevelDebug.txt"

2. Add Ability to enable and disable legacy boot devices.
   Add setup option to enable or disable legacy boot options from being used. By 
   default the legacy options will not be included. This option only applies to
   systems that have CSM enable.

3. Add Setup option to connect all devices at boot
   Add an option that allow the user to select if BdsLibConectAll should be called
   as part of the boot process. By default the connection of all devices is disabled
   to improve boot time.

4. Bug Fixes
   4.1  Fix Serial I/O SCT failures
   4.2  Fix FVB2 SCT failures
   4.3  Fix MAC registers not being cleared on S4 resume
        (Fix the MCA registers were not getting correctly initialized on S4 resume.)
   4.4  Fix HII memory leak

5. Secure Boot Update
   5.1 Clear KEK, DB and DBX as well as PK when user request to disable secure boot.
   5.2 Update DxeImageVerificationLib to support enroll unsigned PE/COFF image's Hash in 
       allowed DB.
   5.3 Not change SecureBoot Variable in runtime, only update it in boot time since this
       Variable indicates firmware operating mode.
   5.4 Save time stamp of PK when PK is set with TIME_BASE_WRITE_ACCESS attribute in setup
       mode.

NOTES:
   1. If CSM is turned off in firmware, the Ubuntu 10.10 only can boot successfully by
      recovery mode (select the second option in OS boot menu, then type "Start X" to boot).
   2. When installing SUSE SLES 11 SP2, it needs to connect both a VGA monitor and a DVI
      monitor, otherwise there will be not output during installation.
   3. Please make sure the BIOS CFG Jumper is set to normal operating mode (pin 1-2) before
      running any Secure Boot tests.


>>>>>>>>>>>>>>>>>>>> SDV.TM.B6 >>>>>>>>>>>>>>>>>>>>>>>
1. Partial Keystrokes support in SimpleTextInputEx Protocol
   Add Partial keystroke support. With EFI_KEY_STATE_EXPOSED bit is enabled, the
   ReadKeyStrokeEx function will allow the return of incomplete keystrokes such
   as the holding down of certain keys which are expressed as a part of KeyState
   when there is no Key data. For the detail, see the UEFI2.3.1.a chapter 11.2.

2. Network Update
   2.1 PXE bug fix
       2.1.1 Fix PXE bug to handle the IP fragmentation in UdpRead function.
       2.1.2 Fix PXE bug to catch the return status when perform Mtftp operations.
       
   2.2 iSCSI Update
       2.2.1 Fix potential memory leak issue in IScsiConfig.c.
       2.2.2 Update behavior of adding an attempt: without explicitly pressing 
             'Save Changes' in Attempt Configuration menu, the new attempt will 
             not be added into system.
       2.2.3 Update Port **-**-**-**-**-** to MAC **:**:**:**:**:** in MAC 
             Selection page.
       2.2.4 Update iqn. format to IQN format in help info.
       2.2.5 Add help info 'Must reboot system manually for changes to take place' 
             to 'Save Changes'.
       2.2.6 Add help info to 'Internet Protocol' to indicate initiator IPv6 
             address is system assigned.
       2.2.7 Update connection timeout value from 1 second to 8 seconds.

3. HDD/CDROM device connection issue on warm reset
   Fix issue of after warm resetting, the HDD/CDROM device cannot be showed up 
   under the boot option menu.

4. Bug fix for S3/S4/S5 resume
   4.1 Fixed issue with inconsistent programming of PCH SATA controller for Legacy
       mode on different boot paths.

   4.2 Enhance BDS library to fix S4 resume problems when the platform pre-allocated 
       memory is large enough.

5. Secure Boot Part
   5.1 Update PKCS#7 SignedData format
       5.1.1 Remove SignedData.contentInfo.content.
       5.1.2 Remove SignedData.signerInfo.authenticatedAttributes.
       5.1.3 Update SignedData format from a ContentInfo structure to content only.
   
   5.2 Update VariableRuntimeDxe driver to support MSFT SecureBoot Test package
       5.2.1 Add NULL pointer check for TimeStamp.
       5.2.2 Remove memory allocation in runtime.
       5.2.3 Exclude NULL terminator in VariableName for serialization data in 
             time-based variable authentication.
       5.2.4 Add support for enroll PK with WRITE_ACCESS attribute.
       5.2.5 Initialize SetupMode variable with correct NV attribute.
       5.2.6 Add support for APPEND_WRITE attribute for non-existing Variable.
       5.2.7 Update DxeImageVerificationLib to check image digest against dbx 
             before execute.
   
>>>>>>>>>>>>>>>>>>>> SDV.TM.B5 >>>>>>>>>>>>>>>>>>>>>>>

1. 3T harddisk support bug fix
   Update the AtaPassThru driver to follow the SATA1.0a spec section 5.2 to fix
   the 3T hard disk not stable issue.

2. CryptoLib update
   2.1 Code clean up and refinement for better readability.
   2.2 Bug Fix
       2.2.1 Set MIN_REQUIRED_BLOCKS to 600 for RuntimeCryptLib.
       2.2.2 Fix memory allocation issue in gmtime() and qsort().
       2.2.3 Update SmmCryptLib.inf to make sure the library be processed as SMM library by build tool.

3. TPM update
   3.1 TPM PP1.2 Support
       Enable physical presence version 1.2 feature to support OS auto-provisioning, including support 3 optional request
       commands DEFERRED_PP_UNOWNERED_FIELD_UPGRADE, SET_NO_PPI_MAINTENANCE_FALSE and SET_NO_PPI_MAINTENANCE_TRUE.
       Enhance TPM driver to lock TPM physical presence in PEI phase if there is no pending TPM request.
   3.2 TPM Bug fix
       Fix the GPT measurement issue in Tpm measure boot library.
       Update the return value from TPM MOR function index 0 of the ACPI query method.
       Update the return result when the operation value is zero for Get User Confirmation Status for Operation.

   3.3 TPM UI update

4. Network part update
   4.1 Performance enhancement
       Enhance EfiPxeBcSetIpFilter() to eliminate unnecessary re-configure
       UdpRead operation.Restore PXE performance back to normal.

   4.2 Bug Fix
       4.2.1 Fix a bug in PxeBcDhcp6 of response error when the DHCP6 message is
             no IA_NA option
       4.2.2 Fix issue of PXE-IPV6 when the proxy DHCP6 service and DHCP6 service
             on different servers
       4.2.3 Fix PXE_IPv6 hang issue when there is no DHCP server exists
       4.2.4 Support Netboot6 tftp URL format
       4.2.5 Enhance DHCP6 driver to use DUID-UUID in all phase (first boot,
             normal DHCPv6 and PXE-DHCPv6)
       4.2.6 Fix PXE bug to avoid hang in case boot file option are not receive
             in DHCPv4 or DHCPv6 process.
       4.2.7 Fix DHCPv6 and PXE bug to avoid hang issue when a DHCPv6 Advertisement
             without any netboot6 info is received.
       4.2.8 Fix IPv6 and PXE bug to accommodate separate DHCP and PXE servers.
             (Router Advertisement disabled/enabled on DHCP server).
       4.2.9 Fix DHCPv6 and PXE bug to accommodate win8 WDS server Response Delay
             Setting network topology.
       4.2.10 Update ISID to be fixed value and configurable via iSCSI setup pages.

   4.3 Update Gigundi driver to version 4.4.06
       The version solves the issue when there is large amount of UDP and DHCP traffic Gigundi driver would cease to receive packets.

5. Secure Boot Part
   5.1 Enhance ImageVerificationLib to be more flexible in case AuthVar driver
       is not built-in.

   5.2 Retire "ClearPk" short-term solution which provides a dedicated UI screen.
       Enable "ClearPk" production solution which allows platform owners to use
       a Jumper as physical present operation. Please set BIOS CFG Jumper at pin 2-3,
       then reset system to delete PK during system startup. Eventually, restore
       BIOS CFG Jumper to 1-2 as default.

   5.3 Enable PK X509 certificate support.

   5.4 Bug fixes
       5.4.1 Update library instance of BaseCryptLib to RuntimeCryptLib for
             VariableRuntimeDxe driver.
       5.4.2 Allow PlatformSecureLib to support SMM drivers link

6. eDrive Reset
    Enable TPer Reset through native TCG protocol for ATA eDrives only.

7. Enable S3 and S4 support
   Note: BIOS CFG jumper need be set to 1-2 to support S3 and S4.

8. ACPI FPDT (Firmware Performance Data Table) update
   FPDT support is temporarily disabled.

>>>>>>>>>>>>>>>>>>>> SDV.TM.B3 >>>>>>>>>>>>>>>>>>>>>>>
1. Secure Boot Part
   1.1 Enlarge maximum variable size and variable space.
       Update maximum variable size from 4K to 8K and extend variable space from
       64K to 128K in order to reserve more than 64K of memory for secure boot
       UEFI variables used by Windows.
   1.2 Support a new usage case for intermediate certificate support.
       Update BaseCryptLib to enable a new use case in intermediate certificate
       scenario. 
       For Example: if any certificate from certificate chain in PKCS7 SignedData
       is already enrolled in KEK, trust the certificate chain and continue PKCS7
       verification.
   1.3 Support read-only variable "SecureBoot" for spec compliance.
   1.4 Enhance Authenticode format support in secure boot.
       Add a new interface AuthenticodeVerify() to BaseCryptLib to verify the
       validity of a PE/COFF Authenticode signature. In previous release
       Pkcs7Verify() was used for standard PKCS7 format and Authenticode format.
       New interface removes any assumption about ASN.1 encoding and does some
       light-weight ASN.1 parsing on Authenticode-specific data.

2. Platform feature update
   2.1 Enable recovery capability
       Copy FvMain.fv in one UDisk and insert it to DQ57TM board
       Set BIOS CFG Jumper as empty
       Power on the system and wait for about 2 minutes, system could boot to Shell
   2.2 Enable capsule update
   2.3 Fix serial port issue
       Fix the issue that serial port is always being added to ConIn and ConOut
       even it is removed with setup. The updated code fixes this and provides a
       clean serial port for the debugger.

3. BlockIo2 update
   Roll back the DiskIo module to the original one and remove its relationship
   with BlockIo2.


>>>>>>>>>>>>>>>>>>>> SDV.TM.2 >>>>>>>>>>>>>>>>>>>>>>>>>
1. Secure Boot Part
  1.1 Fixed some bugs in time-based authenticated variable driver.
      Updated time-based authenticated variable driver for performance enhancement.
      Supported intermediate certificate chain with enhanced BaseCryptLib.
      Fixed bug to pass secure variable NVRAM stress test.
      Updated to not check image's hash in the database in case image verification
      against enrolled certificate(root or intermediate).
  1.2 Enhanced ImageVerificationLib to support SHA2(SHA-256) hash algorithm.
      Enhanced ImageVerificationLib to remove "pop-up box" in case security violation.
  1.3 Enabled ClearPK/KEK screen to clear PK/KEK directly in case incorrect enrollment mis-haps.

2. Network Part
  2.1 Fixed an ICMPv6 interrupt bug in the DHCPv6 S.A.R.R process.
  2.2 Enabled DHCPv6 DUID-UUID option for Netboot6 PXE.

3. eDrive Part
  3.1 Fixed a bug for eDrive-ATA for ATA-8 PIO Security Command.
      Fixed an alignment bug for eDrive-ATA devices.
  3.2 Enabled eDrive-SCSI for SCSI devices supporting SPC-4 commands set.

4. Add EFI Block I/O2 Protocol
   It is an extension to Block I/O protocol which is enable the ability to read
   and write data at a block level in a non-blocking manner.

5. Add ACPI FPDT (Firmware Performance Data Table) support
   ACPI FPDT table provides information to describe the platform initialization
   performance records.
   Current implementation conforms to ACPI FPDT proposal 4.

6. Add CSM on/off support
   Turn on or turn off CSM is supported at build time.
     if CSM_ENABLE is set to TRUE, CSM is turned on in the built firmware;
     if CSM_ENABLE is set to FALSE, CSM is turned off in the built firmware;

7. BaseCryptLib Update
   7.1 Enabled Pkcs7Sign() to support sign data in PKCS7 SignedData format.
       Enabled intermediate certificate support by adding application callback.
   7.2 Fixed some bugs in Pkcs7Verify() for validation of PKCS7 signed data.
       Enabled MD5/SHA2(SHA-256) hash algorithm support when performing Pkcs7Verify().
   7.3 Added new interfaces to BaseCryptLib.
       Added X509ConstructCertificate () and X509ConstructCertificateStack ()
         to support build X509 certificate chain.
       Added X509Free() and X509StackFree for free existing X509 certificate
         or X509 certificate chain.
       Added gmtime() functionality.

8. Enable Flash Protection
   8.1 Added support for setting and locking protected ranges in the SPI controller.
   8.2 Enabled the ability to detect if the system is booting in configuration
       mode or normal mode.
   8.3 Updated code to lock BIOS region as read only and ME/LAN/Flash Descriptor
       as No Access in normal mode. In configuration mode the flash is not
       protected.
   Please use FirmwareUpdate.efi to update fd file in configuration mode(BIOS
   CFG Jumper is setting at pin 2-3). Please shutdown the system after the flash
   updates successfully and restore the system to normal mode(BIOS CFG Jumper is
   setting at pin 1-2).

9. Update System Timer Ticker to 1ms
   Update System Timer Ticker from 54 ms to 1ms for better performance and resume
   it to 54ms before starting legacy boot.

================================================================================
                                KNOWN LIMITATIONS
================================================================================
1. Secure Boot Part
  1.1 Only SHA2(SHA-256) hash algorithm is supported for ImageVerificationLib.
      The others, such as SHA2(SHA-224,SHA-384,SHA-512), are not supported.
  1.2 MD5 hash algorithm support is deprecated due to some known security
      vulnerabilities.

2. If OS wants BGRT logo center on screen during boot time, it should use the same
   display resolution as logo showed by BDS.

================================================================================
                                     MISC
================================================================================
1. Virus scanned by McAfee VirusScan Enterprise + AntiSpyware Enterprise
   8.8.0.777, Definition File (DAT) Version 6594.0000, no threats detected.

2. Compatibility Support Module (CSM) provided by Insyde Software

* Other names and brands may be claimed as the property of others.

[END OF RELEASE NOTES]