diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc
index 910e8589c41c..041751e36830 100644
--- a/ArmPkg/ArmPkg.dsc
+++ b/ArmPkg/ArmPkg.dsc
@@ -93,6 +93,10 @@
 
   OemMiscLib|ArmPkg/Universal/Smbios/OemMiscLibNull/OemMiscLibNull.inf
 
+[LibraryClasses.common.SEC]
+  # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEIM]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
@@ -100,17 +104,10 @@
   PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [Components.common]
   ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
   ArmPkg/Library/ArmDisassemblerLib/ArmDisassemblerLib.inf
   ArmPkg/Library/ArmPsciResetSystemLib/ArmPsciResetSystemLib.inf
-  ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
   ArmPkg/Library/DebugAgentSymbolsBaseLib/DebugAgentSymbolsBaseLib.inf
   ArmPkg/Library/DebugPeCoffExtraActionLib/DebugPeCoffExtraActionLib.inf
   ArmPkg/Library/DefaultExceptionHandlerLib/DefaultExceptionHandlerLib.inf
diff --git a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc
index 2818ce65db98..28ebe68b417e 100644
--- a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc
+++ b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc
@@ -43,8 +43,5 @@
   UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
   UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
 
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [Components.common]
   ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.inf
diff --git a/ArmPkg/Drivers/ArmGic/GicV3/AArch64/ArmGicV3.S b/ArmPkg/Drivers/ArmGic/GicV3/AArch64/ArmGicV3.S
index 7316502d2351..504f026a1d00 100644
--- a/ArmPkg/Drivers/ArmGic/GicV3/AArch64/ArmGicV3.S
+++ b/ArmPkg/Drivers/ArmGic/GicV3/AArch64/ArmGicV3.S
@@ -5,7 +5,7 @@
 #
 #
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 #if !defined(__clang__)
 
diff --git a/ArmPkg/Drivers/ArmGic/GicV3/Arm/ArmGicV3.S b/ArmPkg/Drivers/ArmGic/GicV3/Arm/ArmGicV3.S
index 8c43a613dc57..33c0a5846414 100644
--- a/ArmPkg/Drivers/ArmGic/GicV3/Arm/ArmGicV3.S
+++ b/ArmPkg/Drivers/ArmGic/GicV3/Arm/ArmGicV3.S
@@ -5,7 +5,7 @@
 #
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 #include <Library/ArmLib.h>
 
 // For the moment we assume this will run in SVC mode on ARMv7
diff --git a/ArmPkg/Drivers/ArmPsciMpServicesDxe/MpFuncs.S b/ArmPkg/Drivers/ArmPsciMpServicesDxe/MpFuncs.S
index f73edc1792d0..7a52a406e7bb 100644
--- a/ArmPkg/Drivers/ArmPsciMpServicesDxe/MpFuncs.S
+++ b/ArmPkg/Drivers/ArmPsciMpServicesDxe/MpFuncs.S
@@ -7,7 +7,7 @@
 .text
 .align 3
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 #include <IndustryStandard/ArmStdSmc.h>
 #include <Library/ArmLib.h>
 
diff --git a/ArmPkg/Include/AsmMacroIoLib.inc b/ArmPkg/Include/AsmMacroIoLib.inc
deleted file mode 100644
index 66b8d3d33bca..000000000000
--- a/ArmPkg/Include/AsmMacroIoLib.inc
+++ /dev/null
@@ -1,33 +0,0 @@
-;%HEADER%
-;/** @file
-;  Macros to work around lack of Apple support for LDR register, =expr
-;
-;  Copyright (c) 2009, Apple Inc. All rights reserved.<BR>
-;  Copyright (c) 2011-2012, ARM Ltd. All rights reserved.<BR>
-;
-;  SPDX-License-Identifier: BSD-2-Clause-Patent
-;
-;**/
-
-
-  MACRO
-  adrll   $Reg, $Symbol
-  add     $Reg, pc, #-8
-  RELOC   R_ARM_ALU_PC_G0_NC, $Symbol
-  add     $Reg, $Reg, #-4
-  RELOC   R_ARM_ALU_PC_G1_NC, $Symbol
-  add     $Reg, $Reg, #0
-  RELOC   R_ARM_ALU_PC_G2, $Symbol
-  MEND
-
-  MACRO
-  ldrl    $Reg, $Symbol
-  add     $Reg, pc, #-8
-  RELOC   R_ARM_ALU_PC_G0_NC, $Symbol
-  add     $Reg, $Reg, #-4
-  RELOC   R_ARM_ALU_PC_G1_NC, $Symbol
-  ldr     $Reg, [$Reg, #0]
-  RELOC   R_ARM_LDR_PC_G2, $Symbol
-  MEND
-
-  END
diff --git a/ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S b/ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S
index de9d3316de92..5dc6899773ef 100644
--- a/ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S
+++ b/ArmPkg/Library/ArmExceptionLib/AArch64/ExceptionSupport.S
@@ -9,7 +9,7 @@
 
 #include <AArch64/AArch64.h>
 #include <Library/PcdLib.h>
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 #include <Protocol/DebugSupport.h> // for exception type definitions
 
 /*
diff --git a/ArmPkg/Library/ArmHvcLib/AArch64/ArmHvc.S b/ArmPkg/Library/ArmHvcLib/AArch64/ArmHvc.S
index 39d956a02261..57c2d7588554 100644
--- a/ArmPkg/Library/ArmHvcLib/AArch64/ArmHvc.S
+++ b/ArmPkg/Library/ArmHvcLib/AArch64/ArmHvc.S
@@ -6,7 +6,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmCallHvc)
   // Push x0 on the stack - The stack must always be quad-word aligned
diff --git a/ArmPkg/Library/ArmHvcLib/Arm/ArmHvc.S b/ArmPkg/Library/ArmHvcLib/Arm/ArmHvc.S
index 0a5a959196bc..9676529c1763 100644
--- a/ArmPkg/Library/ArmHvcLib/Arm/ArmHvc.S
+++ b/ArmPkg/Library/ArmHvcLib/Arm/ArmHvc.S
@@ -6,7 +6,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .arch_extension virt
 
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64ArchTimerSupport.S b/ArmPkg/Library/ArmLib/AArch64/AArch64ArchTimerSupport.S
index 574e0d593320..be6f073c4894 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64ArchTimerSupport.S
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64ArchTimerSupport.S
@@ -7,7 +7,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmReadCntFrq)
   mrs   x0, cntfrq_el0           // Read CNTFRQ
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
index 6739f5c37d38..53b202ff34a8 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.c
@@ -18,61 +18,6 @@
 #include "AArch64Lib.h"
 #include "ArmLibPrivate.h"
 
-VOID
-AArch64DataCacheOperation (
-  IN  AARCH64_CACHE_OPERATION  DataCacheOperation
-  )
-{
-  UINTN  SavedInterruptState;
-
-  SavedInterruptState = ArmGetInterruptState ();
-  ArmDisableInterrupts ();
-
-  AArch64AllDataCachesOperation (DataCacheOperation);
-
-  ArmDataSynchronizationBarrier ();
-
-  if (SavedInterruptState) {
-    ArmEnableInterrupts ();
-  }
-}
-
-VOID
-EFIAPI
-ArmInvalidateDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  AArch64DataCacheOperation (ArmInvalidateDataCacheEntryBySetWay);
-}
-
-VOID
-EFIAPI
-ArmCleanInvalidateDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  AArch64DataCacheOperation (ArmCleanInvalidateDataCacheEntryBySetWay);
-}
-
-VOID
-EFIAPI
-ArmCleanDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  AArch64DataCacheOperation (ArmCleanDataCacheEntryBySetWay);
-}
-
 /**
   Check whether the CPU supports the GIC system register interface (any version)
 
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
index 6380a019ddc5..7127a768ef8e 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Lib.h
@@ -11,33 +11,6 @@
 #ifndef AARCH64_LIB_H_
 #define AARCH64_LIB_H_
 
-typedef VOID (*AARCH64_CACHE_OPERATION)(
-  UINTN
-  );
-
-VOID
-AArch64AllDataCachesOperation (
-  IN  AARCH64_CACHE_OPERATION  DataCacheOperation
-  );
-
-VOID
-EFIAPI
-ArmInvalidateDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
-VOID
-EFIAPI
-ArmCleanDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
-VOID
-EFIAPI
-ArmCleanInvalidateDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
 UINTN
 EFIAPI
 ArmReadIdAA64Dfr0 (
diff --git a/ArmPkg/Library/ArmLib/AArch64/AArch64Support.S b/ArmPkg/Library/ArmLib/AArch64/AArch64Support.S
index 1ec868ee1243..66daa27fb401 100644
--- a/ArmPkg/Library/ArmLib/AArch64/AArch64Support.S
+++ b/ArmPkg/Library/ArmLib/AArch64/AArch64Support.S
@@ -10,7 +10,7 @@
 #------------------------------------------------------------------------------
 
 #include <AArch64/AArch64.h>
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 .set CTRL_M_BIT,      (1 << 0)
 .set CTRL_A_BIT,      (1 << 1)
@@ -43,22 +43,6 @@ ASM_FUNC(ArmCleanInvalidateDataCacheEntryByMVA)
   dc      civac, x0   // Clean and invalidate single data cache line
   ret
 
-
-ASM_FUNC(ArmInvalidateDataCacheEntryBySetWay)
-  dc      isw, x0     // Invalidate this line
-  ret
-
-
-ASM_FUNC(ArmCleanInvalidateDataCacheEntryBySetWay)
-  dc      cisw, x0    // Clean and Invalidate this line
-  ret
-
-
-ASM_FUNC(ArmCleanDataCacheEntryBySetWay)
-  dc      csw, x0     // Clean this line
-  ret
-
-
 ASM_FUNC(ArmInvalidateInstructionCache)
   ic      iallu       // Invalidate entire instruction cache
   dsb     sy
@@ -257,65 +241,6 @@ ASM_FUNC(ArmDisableBranchPrediction)
   ret
 
 
-ASM_FUNC(AArch64AllDataCachesOperation)
-// We can use regs 0-7 and 9-15 without having to save/restore.
-// Save our link register on the stack. - The stack must always be quad-word aligned
-  stp   x29, x30, [sp, #-16]!
-  mov   x29, sp
-  mov   x1, x0                  // Save Function call in x1
-  mrs   x6, clidr_el1           // Read EL1 CLIDR
-  and   x3, x6, #0x7000000      // Mask out all but Level of Coherency (LoC)
-  lsr   x3, x3, #23             // Left align cache level value - the level is shifted by 1 to the
-                                // right to ease the access to CSSELR and the Set/Way operation.
-  cbz   x3, L_Finished          // No need to clean if LoC is 0
-  mov   x10, #0                 // Start clean at cache level 0
-
-Loop1:
-  add   x2, x10, x10, lsr #1    // Work out 3x cachelevel for cache info
-  lsr   x12, x6, x2             // bottom 3 bits are the Cache type for this level
-  and   x12, x12, #7            // get those 3 bits alone
-  cmp   x12, #2                 // what cache at this level?
-  b.lt  L_Skip                  // no cache or only instruction cache at this level
-  msr   csselr_el1, x10         // write the Cache Size selection register with current level (CSSELR)
-  isb                           // isb to sync the change to the CacheSizeID reg
-  mrs   x12, ccsidr_el1         // reads current Cache Size ID register (CCSIDR)
-  and   x2, x12, #0x7           // extract the line length field
-  add   x2, x2, #4              // add 4 for the line length offset (log2 16 bytes)
-  mov   x4, #0x400
-  sub   x4, x4, #1
-  and   x4, x4, x12, lsr #3     // x4 is the max number on the way size (right aligned)
-  clz   w5, w4                  // w5 is the bit position of the way size increment
-  mov   x7, #0x00008000
-  sub   x7, x7, #1
-  and   x7, x7, x12, lsr #13    // x7 is the max number of the index size (right aligned)
-
-Loop2:
-  mov   x9, x4                  // x9 working copy of the max way size (right aligned)
-
-Loop3:
-  lsl   x11, x9, x5
-  orr   x0, x10, x11            // factor in the way number and cache number
-  lsl   x11, x7, x2
-  orr   x0, x0, x11             // factor in the index number
-
-  blr   x1                      // Goto requested cache operation
-
-  subs  x9, x9, #1              // decrement the way number
-  b.ge  Loop3
-  subs  x7, x7, #1              // decrement the index
-  b.ge  Loop2
-L_Skip:
-  add   x10, x10, #2            // increment the cache number
-  cmp   x3, x10
-  b.gt  Loop1
-
-L_Finished:
-  dsb   sy
-  isb
-  ldp   x29, x30, [sp], #0x10
-  ret
-
-
 ASM_FUNC(ArmDataMemoryBarrier)
   dmb   sy
   ret
diff --git a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S
index ec34200d4dba..d35730704d42 100644
--- a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S
+++ b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupport.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 .set DAIF_RD_FIQ_BIT,   (1 << 6)
 .set DAIF_RD_IRQ_BIT,   (1 << 7)
diff --git a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupportV8.S b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupportV8.S
index 0ae75e4cb9f9..145980566421 100644
--- a/ArmPkg/Library/ArmLib/AArch64/ArmLibSupportV8.S
+++ b/ArmPkg/Library/ArmLib/AArch64/ArmLibSupportV8.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 .set MPIDR_U_BIT,    (30)
 .set MPIDR_U_MASK,   (1 << MPIDR_U_BIT)
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
index 7e032dd07c13..86635cc093ee 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmLibSupport.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmReadMidr)
   mrc     p15,0,R0,c0,c0,0
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmLibSupportV7.S b/ArmPkg/Library/ArmLib/Arm/ArmLibSupportV7.S
index d843f91dfca8..d207876a2198 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmLibSupportV7.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmLibSupportV7.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmIsMpCore)
   mrc     p15,0,R0,c0,c0,5
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7ArchTimerSupport.S b/ArmPkg/Library/ArmLib/Arm/ArmV7ArchTimerSupport.S
index 7abaa79639ff..2ad9b480d195 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7ArchTimerSupport.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7ArchTimerSupport.S
@@ -7,7 +7,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmReadCntFrq)
   mrc    p15, 0, r0, c14, c0, 0    @ Read CNTFRQ
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
index 6acc4d3e7cc5..dd1e8c5930c2 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.c
@@ -18,61 +18,6 @@
 #include "ArmV7Lib.h"
 #include "ArmLibPrivate.h"
 
-VOID
-ArmV7DataCacheOperation (
-  IN  ARM_V7_CACHE_OPERATION  DataCacheOperation
-  )
-{
-  UINTN  SavedInterruptState;
-
-  SavedInterruptState = ArmGetInterruptState ();
-  ArmDisableInterrupts ();
-
-  ArmV7AllDataCachesOperation (DataCacheOperation);
-
-  ArmDataSynchronizationBarrier ();
-
-  if (SavedInterruptState) {
-    ArmEnableInterrupts ();
-  }
-}
-
-VOID
-EFIAPI
-ArmInvalidateDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  ArmV7DataCacheOperation (ArmInvalidateDataCacheEntryBySetWay);
-}
-
-VOID
-EFIAPI
-ArmCleanInvalidateDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  ArmV7DataCacheOperation (ArmCleanInvalidateDataCacheEntryBySetWay);
-}
-
-VOID
-EFIAPI
-ArmCleanDataCache (
-  VOID
-  )
-{
-  ASSERT (!ArmMmuEnabled ());
-
-  ArmDataSynchronizationBarrier ();
-  ArmV7DataCacheOperation (ArmCleanDataCacheEntryBySetWay);
-}
-
 /**
   Check whether the CPU supports the GIC system register interface (any version)
 
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
index 404ff92c4e06..548be5cf28b0 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Lib.h
@@ -23,33 +23,6 @@
 #define ID_MMFR0_SHR_IMP_HW_COHERENT  1
 #define ID_MMFR0_SHR_IGNORED          0xf
 
-typedef VOID (*ARM_V7_CACHE_OPERATION)(
-  UINT32
-  );
-
-VOID
-ArmV7AllDataCachesOperation (
-  IN  ARM_V7_CACHE_OPERATION  DataCacheOperation
-  );
-
-VOID
-EFIAPI
-ArmInvalidateDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
-VOID
-EFIAPI
-ArmCleanDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
-VOID
-EFIAPI
-ArmCleanInvalidateDataCacheEntryBySetWay (
-  IN  UINTN  SetWayFormat
-  );
-
 /** Reads the ID_MMFR4 register.
 
    @return The contents of the ID_MMFR4 register.
diff --git a/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S b/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S
index 1f396adffc11..0bfb5f1c9971 100644
--- a/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S
+++ b/ArmPkg/Library/ArmLib/Arm/ArmV7Support.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .set DC_ON, (0x1<<2)
 .set IC_ON, (0x1<<12)
@@ -42,20 +42,6 @@ ASM_FUNC(ArmCleanInvalidateDataCacheEntryByMVA)
   bx      lr
 
 
-ASM_FUNC(ArmInvalidateDataCacheEntryBySetWay)
-  mcr     p15, 0, r0, c7, c6, 2        @ Invalidate this line
-  bx      lr
-
-
-ASM_FUNC(ArmCleanInvalidateDataCacheEntryBySetWay)
-  mcr     p15, 0, r0, c7, c14, 2       @ Clean and Invalidate this line
-  bx      lr
-
-
-ASM_FUNC(ArmCleanDataCacheEntryBySetWay)
-  mcr     p15, 0, r0, c7, c10, 2       @ Clean this line
-  bx      lr
-
 ASM_FUNC(ArmInvalidateInstructionCache)
   mcr     p15,0,R0,c7,c5,0      @Invalidate entire instruction cache
   dsb
@@ -171,59 +157,6 @@ ASM_FUNC(ArmSetHighVectors)
   isb
   bx      LR
 
-ASM_FUNC(ArmV7AllDataCachesOperation)
-  stmfd SP!,{r4-r12, LR}
-  mov   R1, R0                @ Save Function call in R1
-  mrc   p15, 1, R6, c0, c0, 1 @ Read CLIDR
-  ands  R3, R6, #0x7000000    @ Mask out all but Level of Coherency (LoC)
-  mov   R3, R3, LSR #23       @ Cache level value (naturally aligned)
-  beq   L_Finished
-  mov   R10, #0
-
-Loop1:
-  add   R2, R10, R10, LSR #1  @ Work out 3xcachelevel
-  mov   R12, R6, LSR R2       @ bottom 3 bits are the Cache type for this level
-  and   R12, R12, #7          @ get those 3 bits alone
-  cmp   R12, #2
-  blt   L_Skip                  @ no cache or only instruction cache at this level
-  mcr   p15, 2, R10, c0, c0, 0  @ write the Cache Size selection register (CSSELR) // OR in 1 for Instruction
-  isb                           @ isb to sync the change to the CacheSizeID reg
-  mrc   p15, 1, R12, c0, c0, 0  @ reads current Cache Size ID register (CCSIDR)
-  and   R2, R12, #0x7           @ extract the line length field
-  add   R2, R2, #4              @ add 4 for the line length offset (log2 16 bytes)
-@  ldr   R4, =0x3FF
-  mov   R4, #0x400
-  sub   R4, R4, #1
-  ands  R4, R4, R12, LSR #3     @ R4 is the max number on the way size (right aligned)
-  clz   R5, R4                  @ R5 is the bit position of the way size increment
-@  ldr   R7, =0x00007FFF
-  mov   R7, #0x00008000
-  sub   R7, R7, #1
-  ands  R7, R7, R12, LSR #13    @ R7 is the max number of the index size (right aligned)
-
-Loop2:
-  mov   R9, R4                  @ R9 working copy of the max way size (right aligned)
-
-Loop3:
-  orr   R0, R10, R9, LSL R5     @ factor in the way number and cache number into R11
-  orr   R0, R0, R7, LSL R2      @ factor in the index number
-
-  blx   R1
-
-  subs  R9, R9, #1              @ decrement the way number
-  bge   Loop3
-  subs  R7, R7, #1              @ decrement the index
-  bge   Loop2
-L_Skip:
-  add   R10, R10, #2            @ increment the cache number
-  cmp   R3, R10
-  bgt   Loop1
-
-L_Finished:
-  dsb
-  ldmfd SP!, {r4-r12, lr}
-  bx    LR
-
 ASM_FUNC(ArmDataMemoryBarrier)
   dmb
   bx      LR
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S
index 0332cf7ce15c..97204141541c 100644
--- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S
+++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibReplaceEntry.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
   .set CTRL_M_BIT,      (1 << 0)
 
diff --git a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibV7Support.S b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibV7Support.S
index a97e3fabb22d..05f553aba6ff 100644
--- a/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibV7Support.S
+++ b/ArmPkg/Library/ArmMmuLib/Arm/ArmMmuLibV7Support.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .text
 .align 2
diff --git a/ArmPkg/Library/ArmMonitorLib/AArch64/ArmMonitorLib.S b/ArmPkg/Library/ArmMonitorLib/AArch64/ArmMonitorLib.S
index a99adf00ade0..6ca1be5ba8d8 100644
--- a/ArmPkg/Library/ArmMonitorLib/AArch64/ArmMonitorLib.S
+++ b/ArmPkg/Library/ArmMonitorLib/AArch64/ArmMonitorLib.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 /** Monitor call.
 
diff --git a/ArmPkg/Library/ArmMonitorLib/Arm/ArmMonitorLib.S b/ArmPkg/Library/ArmMonitorLib/Arm/ArmMonitorLib.S
index 9029059cf4a4..f3605cb8d93c 100644
--- a/ArmPkg/Library/ArmMonitorLib/Arm/ArmMonitorLib.S
+++ b/ArmPkg/Library/ArmMonitorLib/Arm/ArmMonitorLib.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 /** Monitor call.
 
diff --git a/ArmPkg/Library/ArmSmcLib/AArch64/ArmSmc.S b/ArmPkg/Library/ArmSmcLib/AArch64/ArmSmc.S
index 4a8c2a8f59ea..a4443a41fe6c 100644
--- a/ArmPkg/Library/ArmSmcLib/AArch64/ArmSmc.S
+++ b/ArmPkg/Library/ArmSmcLib/AArch64/ArmSmc.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(ArmCallSmc)
   // Push x0 on the stack - The stack must always be quad-word aligned
diff --git a/ArmPkg/Library/ArmSmcLib/Arm/ArmSmc.S b/ArmPkg/Library/ArmSmcLib/Arm/ArmSmc.S
index d218e7e70952..4b3d0db69715 100644
--- a/ArmPkg/Library/ArmSmcLib/Arm/ArmSmc.S
+++ b/ArmPkg/Library/ArmSmcLib/Arm/ArmSmc.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .arch_extension sec
 
diff --git a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S b/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
index bdba9d7fe941..6bcb10e88ad7 100644
--- a/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
+++ b/ArmPkg/Library/ArmSvcLib/AArch64/ArmSvc.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 .text
 .align 3
diff --git a/ArmPkg/Library/SemihostLib/AArch64/GccSemihost.S b/ArmPkg/Library/SemihostLib/AArch64/GccSemihost.S
index a44307563933..10ecbcade62e 100644
--- a/ArmPkg/Library/SemihostLib/AArch64/GccSemihost.S
+++ b/ArmPkg/Library/SemihostLib/AArch64/GccSemihost.S
@@ -7,7 +7,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(GccSemihostCall)
   hlt     #0xf000
diff --git a/ArmPkg/Library/SemihostLib/Arm/GccSemihost.S b/ArmPkg/Library/SemihostLib/Arm/GccSemihost.S
index d6f81ec2c957..da02a1f1cf0b 100644
--- a/ArmPkg/Library/SemihostLib/Arm/GccSemihost.S
+++ b/ArmPkg/Library/SemihostLib/Arm/GccSemihost.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 /*
   Semihosting operation request mechanism
diff --git a/ArmPlatformPkg/ArmPlatformPkg.dsc b/ArmPlatformPkg/ArmPlatformPkg.dsc
index 919e4cf80a3a..bfe1b99e8bfb 100644
--- a/ArmPlatformPkg/ArmPlatformPkg.dsc
+++ b/ArmPlatformPkg/ArmPlatformPkg.dsc
@@ -73,9 +73,6 @@
   DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
   UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
 
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.common.PEIM]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
@@ -89,6 +86,9 @@
   MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf
   PrePiHobListPointerLib|ArmPlatformPkg/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf
 
+  # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.AARCH64.MM_STANDALONE]
   HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf
   MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf
diff --git a/ArmPlatformPkg/Library/ArmPlatformLibNull/AArch64/ArmPlatformHelper.S b/ArmPlatformPkg/Library/ArmPlatformLibNull/AArch64/ArmPlatformHelper.S
index 1eeb7fed6f19..873729343cfa 100644
--- a/ArmPlatformPkg/Library/ArmPlatformLibNull/AArch64/ArmPlatformHelper.S
+++ b/ArmPlatformPkg/Library/ArmPlatformLibNull/AArch64/ArmPlatformHelper.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 #include <Library/ArmLib.h>
 
 ASM_FUNC(ArmPlatformPeiBootAction)
diff --git a/ArmPlatformPkg/Library/ArmPlatformLibNull/Arm/ArmPlatformHelper.S b/ArmPlatformPkg/Library/ArmPlatformLibNull/Arm/ArmPlatformHelper.S
index 342d6d5e0a9d..0e11c34af5d1 100644
--- a/ArmPlatformPkg/Library/ArmPlatformLibNull/Arm/ArmPlatformHelper.S
+++ b/ArmPlatformPkg/Library/ArmPlatformLibNull/Arm/ArmPlatformHelper.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 #include <Library/ArmLib.h>
 
 ASM_FUNC(ArmPlatformPeiBootAction)
diff --git a/ArmPlatformPkg/PeilessSec/AArch64/ModuleEntryPoint.S b/ArmPlatformPkg/PeilessSec/AArch64/ModuleEntryPoint.S
index efb6c5ade946..7263ee9374d1 100644
--- a/ArmPlatformPkg/PeilessSec/AArch64/ModuleEntryPoint.S
+++ b/ArmPlatformPkg/PeilessSec/AArch64/ModuleEntryPoint.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(_ModuleEntryPoint)
   // Do early platform specific actions
diff --git a/ArmPlatformPkg/PeilessSec/Arm/ModuleEntryPoint.S b/ArmPlatformPkg/PeilessSec/Arm/ModuleEntryPoint.S
index ab5b023fa974..fc28939afe48 100644
--- a/ArmPlatformPkg/PeilessSec/Arm/ModuleEntryPoint.S
+++ b/ArmPlatformPkg/PeilessSec/Arm/ModuleEntryPoint.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #include <Arm/AArch32.h>
 
diff --git a/ArmPlatformPkg/Sec/AArch64/Exception.S b/ArmPlatformPkg/Sec/AArch64/Exception.S
index d0d6bc44f78c..433761e3eb72 100644
--- a/ArmPlatformPkg/Sec/AArch64/Exception.S
+++ b/ArmPlatformPkg/Sec/AArch64/Exception.S
@@ -6,7 +6,7 @@
 #
 
 #include <AArch64/AArch64.h>
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 #include <Base.h>
 #include <AutoGen.h>
 
diff --git a/ArmPlatformPkg/Sec/AArch64/Helper.S b/ArmPlatformPkg/Sec/AArch64/Helper.S
index 9b81b96a4949..c784c4a1cd45 100644
--- a/ArmPlatformPkg/Sec/AArch64/Helper.S
+++ b/ArmPlatformPkg/Sec/AArch64/Helper.S
@@ -5,7 +5,7 @@
 #
 #=======================================================================================
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 #include <AArch64/AArch64.h>
 
 // Setup EL1 while in EL1
diff --git a/ArmPlatformPkg/Sec/AArch64/ModuleEntryPoint.S b/ArmPlatformPkg/Sec/AArch64/ModuleEntryPoint.S
index 7addae6cffd3..154be1111d09 100644
--- a/ArmPlatformPkg/Sec/AArch64/ModuleEntryPoint.S
+++ b/ArmPlatformPkg/Sec/AArch64/ModuleEntryPoint.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(_ModuleEntryPoint)
   // Do early platform specific actions
diff --git a/ArmPlatformPkg/Sec/AArch64/SwitchStack.S b/ArmPlatformPkg/Sec/AArch64/SwitchStack.S
index 308b8764fc69..707404043578 100644
--- a/ArmPlatformPkg/Sec/AArch64/SwitchStack.S
+++ b/ArmPlatformPkg/Sec/AArch64/SwitchStack.S
@@ -8,7 +8,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 #/**
 #  This allows the caller to switch the stack and return
diff --git a/ArmPlatformPkg/Sec/Arm/Exception.S b/ArmPlatformPkg/Sec/Arm/Exception.S
index 956ae8471459..364b51260424 100644
--- a/ArmPlatformPkg/Sec/Arm/Exception.S
+++ b/ArmPlatformPkg/Sec/Arm/Exception.S
@@ -5,7 +5,7 @@
 #
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 #include <Base.h>
 #include <AutoGen.h>
 
diff --git a/ArmPlatformPkg/Sec/Arm/ModuleEntryPoint.S b/ArmPlatformPkg/Sec/Arm/ModuleEntryPoint.S
index b3c67234e9c9..1207497dc709 100644
--- a/ArmPlatformPkg/Sec/Arm/ModuleEntryPoint.S
+++ b/ArmPlatformPkg/Sec/Arm/ModuleEntryPoint.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(_ModuleEntryPoint)
   // Do early platform specific actions
diff --git a/ArmPlatformPkg/Sec/Arm/SwitchStack.S b/ArmPlatformPkg/Sec/Arm/SwitchStack.S
index d64772b8edbf..028ee26e89e4 100644
--- a/ArmPlatformPkg/Sec/Arm/SwitchStack.S
+++ b/ArmPlatformPkg/Sec/Arm/SwitchStack.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #/**
 #  This allows the caller to switch the stack and return
diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
index 04394553044b..890a056cd018 100644
--- a/ArmVirtPkg/ArmVirt.dsc.inc
+++ b/ArmVirtPkg/ArmVirt.dsc.inc
@@ -88,15 +88,6 @@
   # Networking Requirements
 !include NetworkPkg/NetworkLibs.dsc.inc
 
-  #
-  # It is not possible to prevent the ARM compiler from inserting calls to intrinsic functions.
-  # This library provides the instrinsic functions such a compiler may generate calls to.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
   # ARM Architectural Libraries
   CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
   DefaultExceptionHandlerLib|ArmPkg/Library/DefaultExceptionHandlerLib/DefaultExceptionHandlerLib.inf
@@ -191,6 +182,9 @@
   DebugLib|ArmVirtPkg/Library/DebugLibFdtPL011Uart/DebugLibFdtPL011UartFlash.inf
 !endif
 
+  # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
   BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
diff --git a/ArmVirtPkg/ArmVirtQemu.dsc b/ArmVirtPkg/ArmVirtQemu.dsc
index 56512594ad59..6826edab93a3 100644
--- a/ArmVirtPkg/ArmVirtQemu.dsc
+++ b/ArmVirtPkg/ArmVirtQemu.dsc
@@ -299,11 +299,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
 
+!if $(NETWORK_ENABLE) == TRUE
   #
   # IPv4 and IPv6 PXE Boot support.
   #
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   #
   # TPM2 support
diff --git a/ArmVirtPkg/ArmVirtQemuKernel.dsc b/ArmVirtPkg/ArmVirtQemuKernel.dsc
index f4fb8ee69ee7..c5fdcfd9c72a 100644
--- a/ArmVirtPkg/ArmVirtQemuKernel.dsc
+++ b/ArmVirtPkg/ArmVirtQemuKernel.dsc
@@ -260,11 +260,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdSmbiosDocRev|0x0
   gUefiOvmfPkgTokenSpaceGuid.PcdQemuSmbiosValidated|FALSE
 
+!if $(NETWORK_ENABLE) == TRUE
   #
   # IPv4 and IPv6 PXE Boot support.
   #
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
 ################################################################################
 #
diff --git a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S
index bdb460c7ee7b..f20395c38b7d 100644
--- a/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S
+++ b/ArmVirtPkg/Library/ArmPlatformLibQemu/AArch64/ArmPlatformHelper.S
@@ -5,7 +5,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
   .macro mov_i, reg:req, imm:req
   movz   \reg, :abs_g1:\imm
diff --git a/ArmVirtPkg/PrePi/AArch64/ModuleEntryPoint.S b/ArmVirtPkg/PrePi/AArch64/ModuleEntryPoint.S
index fc06c28daaf4..06a0020f250c 100644
--- a/ArmVirtPkg/PrePi/AArch64/ModuleEntryPoint.S
+++ b/ArmVirtPkg/PrePi/AArch64/ModuleEntryPoint.S
@@ -6,7 +6,7 @@
 //
 //
 
-#include <AsmMacroIoLibV8.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(_ModuleEntryPoint)
   //
diff --git a/ArmVirtPkg/PrePi/Arm/ModuleEntryPoint.S b/ArmVirtPkg/PrePi/Arm/ModuleEntryPoint.S
index f0536c65eb52..cfb5de864fb9 100644
--- a/ArmVirtPkg/PrePi/Arm/ModuleEntryPoint.S
+++ b/ArmVirtPkg/PrePi/Arm/ModuleEntryPoint.S
@@ -6,7 +6,7 @@
 //
 //
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(_ModuleEntryPoint)
   // Do early platform specific actions
diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
index c2c24ca98c19..87f035a56e64 100755
--- a/BaseTools/Conf/tools_def.template
+++ b/BaseTools/Conf/tools_def.template
@@ -21,8 +21,9 @@
 #      - Add GCC and GCCNOLTO
 #      - Deprecate GCC48, GCC49 and GCC5.
 # 3.01 - Add toolchain for VS2022
+# 3.02 - Enable stack cookies for IA32, X64, ARM, and AARCH64 builds for GCC and MSVC
 #
-#!VERSION=3.01
+#!VERSION=3.02
 
 IDENTIFIER = Default TOOL_CHAIN_CONF
 
@@ -635,9 +636,9 @@ NOOPT_VS2017_AARCH64_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 *_VS2019_IA32_PP_PATH      = DEF(VS2019_BIN_IA32)\cl.exe
 *_VS2019_IA32_ASM_PATH     = DEF(VS2019_BIN_IA32)\ml.exe
 
-  DEBUG_VS2019_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Gw
-RELEASE_VS2019_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw
-NOOPT_VS2019_IA32_CC_FLAGS      = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Od
+  DEBUG_VS2019_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Gw
+RELEASE_VS2019_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw
+NOOPT_VS2019_IA32_CC_FLAGS      = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Od
 
   DEBUG_VS2019_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
 RELEASE_VS2019_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd
@@ -665,9 +666,9 @@ NOOPT_VS2019_IA32_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /O
 *_VS2019_X64_DLINK_PATH    = DEF(VS2019_BIN_X64)\link.exe
 *_VS2019_X64_ASLDLINK_PATH = DEF(VS2019_BIN_X64)\link.exe
 
-  DEBUG_VS2019_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Gw /volatileMetadata-
-RELEASE_VS2019_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Gw /volatileMetadata-
-NOOPT_VS2019_X64_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Od /volatileMetadata-
+  DEBUG_VS2019_X64_CC_FLAGS     = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Gw /volatileMetadata-
+RELEASE_VS2019_X64_CC_FLAGS     = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Gw /volatileMetadata-
+NOOPT_VS2019_X64_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Od /volatileMetadata-
 
   DEBUG_VS2019_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd /Zi
 RELEASE_VS2019_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd
@@ -695,9 +696,9 @@ NOOPT_VS2019_X64_DLINK_FLAGS    = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:428
 *_VS2019_ARM_ASLPP_PATH           = DEF(VS2019_BIN_ARM)\cl.exe
 *_VS2019_ARM_ASLDLINK_PATH        = DEF(VS2019_BIN_ARM)\link.exe
 
-  DEBUG_VS2019_ARM_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
-RELEASE_VS2019_ARM_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
-NOOPT_VS2019_ARM_CC_FLAGS         = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
+  DEBUG_VS2019_ARM_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
+RELEASE_VS2019_ARM_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
+NOOPT_VS2019_ARM_CC_FLAGS         = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
 
   DEBUG_VS2019_ARM_ASM_FLAGS      = /nologo /g
 RELEASE_VS2019_ARM_ASM_FLAGS      = /nologo
@@ -721,9 +722,9 @@ NOOPT_VS2019_ARM_DLINK_FLAGS      = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 *_VS2019_AARCH64_ASLPP_PATH        = DEF(VS2019_BIN_AARCH64)\cl.exe
 *_VS2019_AARCH64_ASLDLINK_PATH     = DEF(VS2019_BIN_AARCH64)\link.exe
 
-  DEBUG_VS2019_AARCH64_CC_FLAGS    = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
-RELEASE_VS2019_AARCH64_CC_FLAGS    = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
-NOOPT_VS2019_AARCH64_CC_FLAGS      = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
+  DEBUG_VS2019_AARCH64_CC_FLAGS    = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
+RELEASE_VS2019_AARCH64_CC_FLAGS    = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
+NOOPT_VS2019_AARCH64_CC_FLAGS      = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
 
   DEBUG_VS2019_AARCH64_ASM_FLAGS   = /nologo /g
 RELEASE_VS2019_AARCH64_ASM_FLAGS   = /nologo
@@ -778,9 +779,9 @@ NOOPT_VS2019_AARCH64_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 *_VS2022_IA32_ASM_PATH     = DEF(VS2022_BIN_IA32)\ml.exe
 
       *_VS2022_IA32_MAKE_FLAGS  = /nologo
-  DEBUG_VS2022_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Gw
-RELEASE_VS2022_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw
-NOOPT_VS2022_IA32_CC_FLAGS      = /nologo /arch:IA32 /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Od
+  DEBUG_VS2022_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Gw
+RELEASE_VS2022_IA32_CC_FLAGS    = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw
+NOOPT_VS2022_IA32_CC_FLAGS      = /nologo /arch:IA32 /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Z7 /Od
 
   DEBUG_VS2022_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd /Zi
 RELEASE_VS2022_IA32_ASM_FLAGS   = /nologo /c /WX /W3 /Cx /coff /Zd
@@ -808,9 +809,9 @@ NOOPT_VS2022_IA32_DLINK_FLAGS   = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF /O
 *_VS2022_X64_DLINK_PATH    = DEF(VS2022_BIN_X64)\link.exe
 *_VS2022_X64_ASLDLINK_PATH = DEF(VS2022_BIN_X64)\link.exe
 
-  DEBUG_VS2022_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Gw /volatileMetadata-
-RELEASE_VS2022_X64_CC_FLAGS     = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Gw /volatileMetadata-
-NOOPT_VS2022_X64_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Od /volatileMetadata-
+  DEBUG_VS2022_X64_CC_FLAGS     = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Gw /volatileMetadata-
+RELEASE_VS2022_X64_CC_FLAGS     = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2s /GL /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Gw /volatileMetadata-
+NOOPT_VS2022_X64_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /Gy /FIAutoGen.h /EHs-c- /GR- /GF /Z7 /Od /volatileMetadata-
 
   DEBUG_VS2022_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd /Zi
 RELEASE_VS2022_X64_ASM_FLAGS    = /nologo /c /WX /W3 /Cx /Zd
@@ -839,9 +840,9 @@ NOOPT_VS2022_X64_DLINK_FLAGS    = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /IGNORE:428
 *_VS2022_ARM_ASLDLINK_PATH        = DEF(VS2022_BIN_ARM)\link.exe
 
       *_VS2022_ARM_MAKE_FLAGS     = /nologo
-  DEBUG_VS2022_ARM_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
-RELEASE_VS2022_ARM_CC_FLAGS       = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
-NOOPT_VS2022_ARM_CC_FLAGS         = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
+  DEBUG_VS2022_ARM_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
+RELEASE_VS2022_ARM_CC_FLAGS       = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
+NOOPT_VS2022_ARM_CC_FLAGS         = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
 
   DEBUG_VS2022_ARM_ASM_FLAGS      = /nologo /g
 RELEASE_VS2022_ARM_ASM_FLAGS      = /nologo
@@ -866,9 +867,9 @@ NOOPT_VS2022_ARM_DLINK_FLAGS      = /NOLOGO /NODEFAULTLIB /IGNORE:4001 /OPT:REF
 *_VS2022_AARCH64_ASLDLINK_PATH     = DEF(VS2022_BIN_AARCH64)\link.exe
 
       *_VS2022_AARCH64_MAKE_FLAGS  = /nologo
-  DEBUG_VS2022_AARCH64_CC_FLAGS    = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
-RELEASE_VS2022_AARCH64_CC_FLAGS    = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
-NOOPT_VS2022_AARCH64_CC_FLAGS      = /nologo /c /WX /GS- /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
+  DEBUG_VS2022_AARCH64_CC_FLAGS    = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Gw /Oi-
+RELEASE_VS2022_AARCH64_CC_FLAGS    = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /O1b2 /GL /FIAutoGen.h /EHs-c- /GR- /GF /Gw /Oi-
+NOOPT_VS2022_AARCH64_CC_FLAGS      = /nologo /c /WX /GS /W4 /Gs32768 /D UNICODE /FIAutoGen.h /EHs-c- /GR- /GF /Gy /Zi /Od /Oi-
 
   DEBUG_VS2022_AARCH64_ASM_FLAGS   = /nologo /g
 RELEASE_VS2022_AARCH64_ASM_FLAGS   = /nologo
@@ -894,11 +895,13 @@ NOOPT_*_*_OBJCOPY_ADDDEBUGFLAG     = --add-gnu-debuglink="$(DEBUG_DIR)/$(MODULE_
 *_*_*_DTCPP_PATH                   = DEF(DTCPP_BIN)
 *_*_*_DTC_PATH                     = DEF(DTC_BIN)
 
-DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common
-DEFINE GCC_ARM_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie
+# All supported GCC archs except LOONGARCH64 support -mstack-protector-guard=global, so set that on everything except LOONGARCH64
+DEFINE GCC_ALL_CC_FLAGS            = -g -Os -fshort-wchar -fno-builtin -fno-strict-aliasing -Wall -Werror -Wno-array-bounds -include AutoGen.h -fno-common -fstack-protector
+DEFINE GCC_IA32_X64_CC_FLAGS       = -mstack-protector-guard=global
+DEFINE GCC_ARM_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -mabi=aapcs -fno-short-enums -funsigned-char -ffunction-sections -fdata-sections -fomit-frame-pointer -Wno-address -mthumb -fno-pic -fno-pie -mstack-protector-guard=global
 DEFINE GCC_LOONGARCH64_CC_FLAGS    = DEF(GCC_ALL_CC_FLAGS) -mabi=lp64d -fno-asynchronous-unwind-tables -Wno-address -fno-short-enums -fsigned-char -ffunction-sections -fdata-sections
 DEFINE GCC_ARM_CC_XIPFLAGS         = -mno-unaligned-access
-DEFINE GCC_AARCH64_CC_FLAGS        = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char  -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18
+DEFINE GCC_AARCH64_CC_FLAGS        = DEF(GCC_ALL_CC_FLAGS) -mlittle-endian -fno-short-enums -fverbose-asm -funsigned-char  -ffunction-sections -fdata-sections -Wno-address -fno-asynchronous-unwind-tables -fno-unwind-tables -fno-pic -fno-pie -ffixed-x18 -mstack-protector-guard=global
 DEFINE GCC_AARCH64_CC_XIPFLAGS     = -mstrict-align -mgeneral-regs-only
 DEFINE GCC_RISCV64_CC_XIPFLAGS     = -mstrict-align -mgeneral-regs-only
 DEFINE GCC_DLINK_FLAGS_COMMON      = -nostdlib --pie
@@ -935,8 +938,8 @@ DEFINE GCC_DEPS_FLAGS              = -MMD -MF $@.deps
 
 DEFINE GCC48_ALL_CC_FLAGS            = DEF(GCC_ALL_CC_FLAGS) -ffunction-sections -fdata-sections -DSTRING_ARRAY_NAME=$(BASE_NAME)Strings
 DEFINE GCC48_IA32_X64_DLINK_COMMON   = -nostdlib -Wl,-n,-q,--gc-sections -z common-page-size=0x20
-DEFINE GCC48_IA32_CC_FLAGS           = DEF(GCC48_ALL_CC_FLAGS) -m32 -march=i586 -malign-double -fno-stack-protector -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
-DEFINE GCC48_X64_CC_FLAGS            = DEF(GCC48_ALL_CC_FLAGS) -m64 -fno-stack-protector "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address  -fno-omit-frame-pointer
+DEFINE GCC48_IA32_CC_FLAGS           = DEF(GCC48_ALL_CC_FLAGS) DEF(GCC_IA32_X64_CC_FLAGS) -m32 -march=i586 -malign-double -D EFI32 -fno-asynchronous-unwind-tables -Wno-address -fno-omit-frame-pointer
+DEFINE GCC48_X64_CC_FLAGS            = DEF(GCC48_ALL_CC_FLAGS) DEF(GCC_IA32_X64_CC_FLAGS) -m64 "-DEFIAPI=__attribute__((ms_abi))" -maccumulate-outgoing-args -mno-red-zone -Wno-address -mcmodel=small -fpie -fno-asynchronous-unwind-tables -Wno-address  -fno-omit-frame-pointer
 DEFINE GCC48_IA32_X64_ASLDLINK_FLAGS = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,ReferenceAcpiTable -u ReferenceAcpiTable
 DEFINE GCC48_IA32_X64_DLINK_FLAGS    = DEF(GCC48_IA32_X64_DLINK_COMMON) -Wl,--entry,$(IMAGE_ENTRY_POINT) -u $(IMAGE_ENTRY_POINT) -Wl,-Map,$(DEST_DIR_DEBUG)/$(BASE_NAME).map,--whole-archive
 DEFINE GCC48_IA32_DLINK2_FLAGS       = -Wl,--defsym=PECOFF_HEADER_SIZE=0x220 DEF(GCC_DLINK2_FLAGS_COMMON)
@@ -945,7 +948,7 @@ DEFINE GCC48_X64_DLINK2_FLAGS        = -Wl,--defsym=PECOFF_HEADER_SIZE=0x228 DEF
 DEFINE GCC48_ASM_FLAGS               = DEF(GCC_ASM_FLAGS)
 DEFINE GCC48_ARM_ASM_FLAGS           = $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
 DEFINE GCC48_AARCH64_ASM_FLAGS       = $(PLATFORM_FLAGS) DEF(GCC_ASM_FLAGS) -mlittle-endian
-DEFINE GCC48_ARM_CC_FLAGS            = $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -fstack-protector -mword-relocations
+DEFINE GCC48_ARM_CC_FLAGS            = $(PLATFORM_FLAGS) DEF(GCC_ARM_CC_FLAGS) -mword-relocations
 DEFINE GCC48_ARM_CC_XIPFLAGS         = DEF(GCC_ARM_CC_XIPFLAGS)
 DEFINE GCC48_AARCH64_CC_FLAGS        = $(PLATFORM_FLAGS) -mcmodel=large DEF(GCC_AARCH64_CC_FLAGS)
 DEFINE GCC48_AARCH64_CC_XIPFLAGS     = DEF(GCC_AARCH64_CC_XIPFLAGS)
diff --git a/BaseTools/Source/Python/AutoGen/GenC.py b/BaseTools/Source/Python/AutoGen/GenC.py
index 5ad10cee2898..86991e7675de 100755
--- a/BaseTools/Source/Python/AutoGen/GenC.py
+++ b/BaseTools/Source/Python/AutoGen/GenC.py
@@ -21,6 +21,9 @@
 from .GenPcdDb import CreatePcdDatabaseCode
 from .IdfClassObject import *
 
+import json
+import secrets
+
 ## PCD type string
 gItemTypeStringDatabase  = {
     TAB_PCDS_FEATURE_FLAG       :   TAB_PCDS_FIXED_AT_BUILD,
@@ -2039,6 +2042,34 @@ def CreateFooterCode(Info, AutoGenC, AutoGenH):
 def CreateCode(Info, AutoGenC, AutoGenH, StringH, UniGenCFlag, UniGenBinBuffer, StringIdf, IdfGenCFlag, IdfGenBinBuffer):
     CreateHeaderCode(Info, AutoGenC, AutoGenH)
 
+    # The only 32 bit archs we have are IA32 and ARM, everything else is 64 bit
+    Bitwidth = 32 if Info.Arch == 'IA32' or Info.Arch == 'ARM' else 64
+
+    if GlobalData.gStackCookieValues64 == [] and os.path.exists(os.path.join(Info.PlatformInfo.BuildDir, "StackCookieValues64.json")):
+        with open (os.path.join(Info.PlatformInfo.BuildDir, "StackCookieValues64.json"), "r") as file:
+            GlobalData.gStackCookieValues64 = json.load(file)
+    if GlobalData.gStackCookieValues32 == [] and os.path.exists(os.path.join(Info.PlatformInfo.BuildDir, "StackCookieValues32.json")):
+        with open (os.path.join(Info.PlatformInfo.BuildDir, "StackCookieValues32.json"), "r") as file:
+            GlobalData.gStackCookieValues32 = json.load(file)
+
+    try:
+        if Bitwidth == 32:
+            CookieValue = int(GlobalData.gStackCookieValues32[hash(Info.Guid) % len(GlobalData.gStackCookieValues32)])
+        else:
+            CookieValue = int(GlobalData.gStackCookieValues64[hash(Info.Guid) % len(GlobalData.gStackCookieValues64)])
+    except:
+        EdkLogger.warn("build", "Failed to get Stack Cookie Value List! Generating random value.", ExtraData="[%s]" % str(Info))
+        if Bitwidth == 32:
+            CookieValue = secrets.randbelow (0xFFFFFFFF)
+        else:
+            CookieValue = secrets.randbelow (0xFFFFFFFFFFFFFFFF)
+
+    AutoGenH.Append((
+        '#define STACK_COOKIE_VALUE 0x%XULL\n' % CookieValue
+        if Bitwidth == 64 else
+        '#define STACK_COOKIE_VALUE 0x%X\n' % CookieValue
+    ))
+
     CreateGuidDefinitionCode(Info, AutoGenC, AutoGenH)
     CreateProtocolDefinitionCode(Info, AutoGenC, AutoGenH)
     CreatePpiDefinitionCode(Info, AutoGenC, AutoGenH)
diff --git a/BaseTools/Source/Python/Common/GlobalData.py b/BaseTools/Source/Python/Common/GlobalData.py
index 11849e863f53..dd5316d2831e 100755
--- a/BaseTools/Source/Python/Common/GlobalData.py
+++ b/BaseTools/Source/Python/Common/GlobalData.py
@@ -122,4 +122,5 @@
 gSikpAutoGenCache = set()
 # Common lock for the file access in multiple process AutoGens
 file_lock = None
-
+gStackCookieValues32 = []
+gStackCookieValues64 = []
diff --git a/BaseTools/Source/Python/build/build.py b/BaseTools/Source/Python/build/build.py
index 51fb1f433eb7..ce1bb8712693 100755
--- a/BaseTools/Source/Python/build/build.py
+++ b/BaseTools/Source/Python/build/build.py
@@ -28,6 +28,8 @@
 from linecache import getlines
 from subprocess import Popen,PIPE, STDOUT
 from collections import OrderedDict, defaultdict
+import json
+import secrets
 
 from AutoGen.PlatformAutoGen import PlatformAutoGen
 from AutoGen.ModuleAutoGen import ModuleAutoGen
@@ -282,6 +284,22 @@ def LaunchCommand(Command, WorkingDir,ModuleAuto = None):
         iau.CreateDepsTarget()
     return "%dms" % (int(round((time.time() - BeginTime) * 1000)))
 
+def GenerateStackCookieValues():
+    if GlobalData.gBuildDirectory == "":
+        return
+
+    # Check if the 32 bit values array needs to be created
+    if not os.path.exists(os.path.join(GlobalData.gBuildDirectory, "StackCookieValues32.json")):
+        StackCookieValues32 = [secrets.randbelow(0xFFFFFFFF) for _ in range(0, 100)]
+        with open (os.path.join(GlobalData.gBuildDirectory, "StackCookieValues32.json"), "w") as file:
+            json.dump(StackCookieValues32, file)
+
+    # Check if the 64 bit values array needs to be created
+    if not os.path.exists(os.path.join(GlobalData.gBuildDirectory, "StackCookieValues64.json")):
+        StackCookieValues64 = [secrets.randbelow(0xFFFFFFFFFFFFFFFF) for _ in range(0, 100)]
+        with open (os.path.join(GlobalData.gBuildDirectory, "StackCookieValues64.json"), "w") as file:
+            json.dump(StackCookieValues64, file)
+
 ## The smallest unit that can be built in multi-thread build mode
 #
 # This is the base class of build unit. The "Obj" parameter must provide
@@ -1794,6 +1812,7 @@ def _BuildPlatform(self):
                         self.UniFlag,
                         self.Progress
                         )
+                GenerateStackCookieValues()
                 self.Fdf = Wa.FdfFile
                 self.LoadFixAddress = Wa.Platform.LoadFixAddress
                 self.BuildReport.AddPlatformReport(Wa)
@@ -1897,6 +1916,7 @@ def _BuildModule(self):
                         self.Progress,
                         self.ModuleFile
                         )
+                GenerateStackCookieValues()
                 self.Fdf = Wa.FdfFile
                 self.LoadFixAddress = Wa.Platform.LoadFixAddress
                 Wa.CreateMakeFile(False)
@@ -2147,6 +2167,7 @@ def PerformAutoGen(self,BuildTarget,ToolChain):
                 self.UniFlag,
                 self.Progress
                 )
+        GenerateStackCookieValues()
         self.Fdf = Wa.FdfFile
         self.LoadFixAddress = Wa.Platform.LoadFixAddress
         self.BuildReport.AddPlatformReport(Wa)
diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc
index f08808d5d18e..f23fb6f945e1 100644
--- a/CryptoPkg/CryptoPkg.dsc
+++ b/CryptoPkg/CryptoPkg.dsc
@@ -117,16 +117,6 @@
 
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the instrinsic functions generate by a given compiler.
-  # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
-  # into all ARM and AARCH64 images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
 
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
@@ -134,6 +124,8 @@
 [LibraryClasses.common.SEC]
   BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
   TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [LibraryClasses.common.PEIM]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc
index c97b28c0b5dd..17f41c4f3612 100644
--- a/CryptoPkg/CryptoPkgMbedTls.dsc
+++ b/CryptoPkg/CryptoPkgMbedTls.dsc
@@ -51,18 +51,6 @@
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
   SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the instrinsic functions generate by a given compiler.
-  # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
-  # into all ARM and AARCH64 images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.common.PEIM]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
   MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
diff --git a/DynamicTablesPkg/DynamicTablesPkg.dsc b/DynamicTablesPkg/DynamicTablesPkg.dsc
index cf06f0731a23..8cac9d579e37 100644
--- a/DynamicTablesPkg/DynamicTablesPkg.dsc
+++ b/DynamicTablesPkg/DynamicTablesPkg.dsc
@@ -34,9 +34,11 @@
   UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
   UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
   PL011UartLib|ArmPlatformPkg/Library/PL011UartLib/PL011UartLib.inf
 
 [Components.common]
diff --git a/EmbeddedPkg/EmbeddedPkg.dsc b/EmbeddedPkg/EmbeddedPkg.dsc
index 67034dd7dc9e..503d7cc6d506 100644
--- a/EmbeddedPkg/EmbeddedPkg.dsc
+++ b/EmbeddedPkg/EmbeddedPkg.dsc
@@ -122,15 +122,13 @@
 
 [LibraryClasses.common.SEC]
   ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
   ArmGicLib|ArmPkg/Drivers/ArmGic/ArmGicLib.inf
   ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
   SemihostLib|ArmPkg/Library/SemihostLib/SemihostLib.inf
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
 
   ArmLib|ArmPkg/Library/ArmLib/ArmBaseLib.inf
 
diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc
index 1c356bc8c732..e4bf3ce4165e 100644
--- a/EmulatorPkg/EmulatorPkg.dsc
+++ b/EmulatorPkg/EmulatorPkg.dsc
@@ -151,6 +151,8 @@
   PpiListLib|EmulatorPkg/Library/SecPpiListLib/SecPpiListLib.inf
   DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf
   TimerLib|EmulatorPkg/Library/PeiTimerLib/PeiTimerLib.inf
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [LibraryClasses.common.USER_DEFINED, LibraryClasses.common.BASE]
   DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
@@ -319,13 +321,25 @@
     #  Emulator, OS WIN application
     #  CLANGPDB is cross OS tool chain. It depends on WIN_HOST_BUILD flag
     #  to build WinHost application.
+    #
+    # USER_DEFINED components skip normal NULL lib linking, so we have to link this
+    # specially here for the libs that have stack guard enabled
     ##
-    EmulatorPkg/Win/Host/WinHost.inf
+    EmulatorPkg/Win/Host/WinHost.inf {
+      <LibraryClasses>
+        NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+    }
   !else
     ##
     #  Emulator, OS POSIX application
+    #
+    # USER_DEFINED components skip normal NULL lib linking, so we have to link this
+    # specially here for the libs that have stack guard enabled
     ##
-    EmulatorPkg/Unix/Host/Host.inf
+    EmulatorPkg/Unix/Host/Host.inf {
+      <LibraryClasses>
+        NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+    }
   !endif
 !endif
 
diff --git a/FatPkg/FatPkg.dsc b/FatPkg/FatPkg.dsc
index 076b57797220..76dddaa6907e 100644
--- a/FatPkg/FatPkg.dsc
+++ b/FatPkg/FatPkg.dsc
@@ -49,6 +49,10 @@
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
   DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEIM]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
   PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
@@ -56,10 +60,6 @@
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 ###################################################################################################
 #
 # Components Section - list of the modules and components that will be processed by compilation
diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc
index f9f26c54bb79..c38cbc480b72 100644
--- a/FmpDevicePkg/FmpDevicePkg.dsc
+++ b/FmpDevicePkg/FmpDevicePkg.dsc
@@ -72,17 +72,9 @@
   FmpDependencyDeviceLib|FmpDevicePkg/Library/FmpDependencyDeviceLibNull/FmpDependencyDeviceLibNull.inf
   TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the intrinsic functions generate by a given compiler.
-  # [LibraryClasses.ARM, LibraryClasses.AARCH64] and NULL mean link this library
-  # into all ARM and AARCH64 images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dsc b/IntelFsp2Pkg/IntelFsp2Pkg.dsc
index 991ab014904d..ea61c5d9b447 100644
--- a/IntelFsp2Pkg/IntelFsp2Pkg.dsc
+++ b/IntelFsp2Pkg/IntelFsp2Pkg.dsc
@@ -46,6 +46,10 @@
   FspSecPlatformLib|IntelFsp2Pkg/Library/SecFspSecPlatformLibNull/SecFspSecPlatformLibNull.inf
   FspMultiPhaseLib|IntelFsp2Pkg/Library/BaseFspMultiPhaseLib/BaseFspMultiPhaseLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEIM, LibraryClasses.common.SEC]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index fe621244a61b..f904e6f258fe 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -57,6 +57,10 @@
 
   Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+   NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
diff --git a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
index 58b947423a0e..a11c455ab598 100644
--- a/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
+++ b/MdeModulePkg/Core/Dxe/Misc/MemoryAttributesTable.c
@@ -395,11 +395,14 @@ MergeMemoryMap (
   NewMemoryMapEntry = MemoryMap;
   MemoryMapEnd      = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MemoryMap + *MemoryMapSize);
   while ((UINTN)MemoryMapEntry < (UINTN)MemoryMapEnd) {
-    CopyMem (NewMemoryMapEntry, MemoryMapEntry, sizeof (EFI_MEMORY_DESCRIPTOR));
+    CopyMem (NewMemoryMapEntry, MemoryMapEntry, DescriptorSize);
     NextMemoryMapEntry = NEXT_MEMORY_DESCRIPTOR (MemoryMapEntry, DescriptorSize);
 
     do {
-      MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);
+      if ((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) {
+        MergeGuardPages (NewMemoryMapEntry, NextMemoryMapEntry->PhysicalStart);
+      }
+
       MemoryBlockLength = LShiftU64 (NewMemoryMapEntry->NumberOfPages, EFI_PAGE_SHIFT);
       if (((UINTN)NextMemoryMapEntry < (UINTN)MemoryMapEnd) &&
           (NewMemoryMapEntry->Type == NextMemoryMapEntry->Type) &&
diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc
index 8c864fe1838e..f8204f787553 100644
--- a/MdeModulePkg/MdeModulePkg.dsc
+++ b/MdeModulePkg/MdeModulePkg.dsc
@@ -109,6 +109,10 @@
   IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf
   SpiHcPlatformLib|MdeModulePkg/Library/BaseSpiHcPlatformLibNull/BaseSpiHcPlatformLibNull.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.EBC.PEIM]
   IoLib|MdePkg/Library/PeiIoLibCpuIo/PeiIoLibCpuIo.inf
 
@@ -184,19 +188,6 @@
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
   LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
 
-  #
-  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-  # This library provides the instrinsic functions generated by a given compiler.
-  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  #
-  # Since software stack checking may be heuristically enabled by the compiler
-  # include BaseStackCheckLib unconditionally.
-  #
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.EBC, LibraryClasses.RISCV64, LibraryClasses.LOONGARCH64]
   LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf
 
diff --git a/ArmPkg/Include/AsmMacroIoLibV8.h b/MdePkg/Include/AArch64/AsmMacroLib.h
similarity index 100%
rename from ArmPkg/Include/AsmMacroIoLibV8.h
rename to MdePkg/Include/AArch64/AsmMacroLib.h
diff --git a/ArmPkg/Include/AsmMacroIoLib.h b/MdePkg/Include/Arm/AsmMacroLib.h
similarity index 100%
rename from ArmPkg/Include/AsmMacroIoLib.h
rename to MdePkg/Include/Arm/AsmMacroLib.h
diff --git a/MdePkg/Include/IndustryStandard/Acpi65.h b/MdePkg/Include/IndustryStandard/Acpi65.h
index 42a9aaf860e2..62d2fac1bfb6 100644
--- a/MdePkg/Include/IndustryStandard/Acpi65.h
+++ b/MdePkg/Include/IndustryStandard/Acpi65.h
@@ -1056,6 +1056,26 @@ typedef struct {
 #define EFI_ACPI_6_5_RASF_PATROL_SCRUB_COMMAND_START_PATROL_SCRUBBER  0x02
 #define EFI_ACPI_6_5_RASF_PATROL_SCRUB_COMMAND_STOP_PATROL_SCRUBBER   0x03
 
+///
+/// ACPI RAS2 PCC Descriptor
+///
+typedef struct {
+  UINT8     PccId;
+  UINT8     Reserved[2];
+  UINT8     RasFeatureType;
+  UINT32    Instance;
+} EFI_ACPI_RAS2_PCC_DESCRIPTOR;
+
+///
+/// ACPI RAS2 Feature Table definition.
+///
+typedef struct {
+  EFI_ACPI_DESCRIPTION_HEADER    Header;
+  UINT16                         Reserved;
+  UINT16                         PccCount;
+  // EFI_ACPI_RAS2_PCC_DESCRIPTOR Descriptors[PccCount];
+} EFI_ACPI_6_5_RAS2_FEATURE_TABLE;
+
 ///
 /// Memory Power State Table definition.
 ///
@@ -3121,6 +3141,11 @@ typedef struct {
 ///
 #define EFI_ACPI_6_5_PERSISTENT_SYSTEM_DESCRIPTION_TABLE_SIGNATURE  SIGNATURE_32('P', 'S', 'D', 'T')
 
+///
+/// "RAS2" ACPI RAS2 Feature Table
+///
+#define EFI_ACPI_6_5_ACPI_RAS2_FEATURE_TABLE_SIGNATURE  SIGNATURE_32('R', 'A', 'S', '2')
+
 ///
 /// "RASF" ACPI RAS Feature Table
 ///
diff --git a/MdePkg/Include/IndustryStandard/Http11.h b/MdePkg/Include/IndustryStandard/Http11.h
index 2137ef1f1ac3..7636a9e92562 100644
--- a/MdePkg/Include/IndustryStandard/Http11.h
+++ b/MdePkg/Include/IndustryStandard/Http11.h
@@ -248,6 +248,34 @@
 ///
 #define  HTTP_EXPECT_100_CONTINUE  "100-continue"
 
+///
+/// Content-Range Response Header
+/// The Content-Range response HTTP header indicates where in a
+/// full body message a partial message belongs.
+///
+#define HTTP_HEADER_CONTENT_RANGE  "Content-Range"
+
+///
+/// Last-Modified Response Header
+/// The Last-Modified response HTTP header contains a date and time when
+/// the origin server believes the resource was last modified. It is used
+/// as a validator to determine if the resource is the same as the
+/// previously stored one. Less accurate than an ETag header,
+/// it is a fallback mechanism. Conditional requests containing
+/// If-Modified-Since or If-Unmodified-Since headers make use of this field.
+///
+#define HTTP_HEADER_LAST_MODIFIED  "Last-Modified"
+
+///
+/// If Unmodified Since Request Header
+/// Makes the request for the resource conditional: the server will send
+/// the requested resource or accept it in the case of a POST or another
+/// non-safe method only if the resource has not been modified after the
+/// date specified by this HTTP header. If the resource has been modified
+/// after the specified date, the response will be a 412 Precondition Failed error.
+///
+#define HTTP_HEADER_IF_UNMODIFIED_SINCE  "If-Unmodified-Since"
+
 #pragma pack()
 
 #endif
diff --git a/MdePkg/Include/Library/ArmLib.h b/MdePkg/Include/Library/ArmLib.h
index 6a1503a7e5ba..087cddfb76c3 100644
--- a/MdePkg/Include/Library/ArmLib.h
+++ b/MdePkg/Include/Library/ArmLib.h
@@ -180,24 +180,6 @@ ArmIsMpCore (
   VOID
   );
 
-VOID
-EFIAPI
-ArmInvalidateDataCache (
-  VOID
-  );
-
-VOID
-EFIAPI
-ArmCleanInvalidateDataCache (
-  VOID
-  );
-
-VOID
-EFIAPI
-ArmCleanDataCache (
-  VOID
-  );
-
 VOID
 EFIAPI
 ArmInvalidateInstructionCache (
diff --git a/MdePkg/Include/Library/StackCheckFailureHookLib.h b/MdePkg/Include/Library/StackCheckFailureHookLib.h
new file mode 100644
index 000000000000..f0657ddfa084
--- /dev/null
+++ b/MdePkg/Include/Library/StackCheckFailureHookLib.h
@@ -0,0 +1,26 @@
+/** @file
+  Library provides a hook called when a stack cookie check fails.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef STACK_COOKIE_FAILURE_HOOK_LIB_H_
+#define STACK_COOKIE_FAILURE_HOOK_LIB_H_
+
+#include <Uefi.h>
+
+/**
+  This function gets called when a compiler generated stack cookie fails. This allows a platform to hook this
+  call and perform any required actions/telemetry at that time.
+
+  @param  FailureAddress  The address of the function that failed the stack cookie check.
+
+**/
+VOID
+EFIAPI
+StackCheckFailureHook (
+  VOID  *FailureAddress
+  );
+
+#endif
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
deleted file mode 100644
index ea168841b617..000000000000
--- a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckGcc.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/** @file
- Base Stack Check library for GCC/clang.
-
- Use -fstack-protector-all compiler flag to make the compiler insert the
- __stack_chk_guard "canary" value into the stack and check the value prior
- to exiting the function. If the "canary" is overwritten __stack_chk_fail()
- is called. This is GCC specific code.
-
- Copyright (c) 2023, NVIDIA CORPORATION & AFFILIATES. All rights reserved.
- Copyright (c) 2012, Apple Inc. All rights reserved.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#include <Base.h>
-#include <Library/BaseLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
-
-/// "canary" value that is inserted by the compiler into the stack frame.
-VOID  *__stack_chk_guard = (VOID *)0x0AFF;
-
-// If ASLR was enabled we could use
-// void (*__stack_chk_guard)(void) = __stack_chk_fail;
-
-/**
- Error path for compiler generated stack "canary" value check code. If the
- stack canary has been overwritten this function gets called on exit of the
- function.
-**/
-VOID
-__stack_chk_fail (
-  VOID
-  )
-{
-  UINT8  DebugPropertyMask;
-
-  DEBUG ((DEBUG_ERROR, "STACK FAULT: Buffer Overflow at 0x%p.\n", RETURN_ADDRESS (0)));
-
-  //
-  // Generate a Breakpoint, DeadLoop, or NOP based on PCD settings even if
-  // BaseDebugLibNull is in use.
-  //
-  DebugPropertyMask = PcdGet8 (PcdDebugPropertyMask);
-  if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_BREAKPOINT_ENABLED) != 0) {
-    CpuBreakpoint ();
-  } else if ((DebugPropertyMask & DEBUG_PROPERTY_ASSERT_DEADLOOP_ENABLED) != 0) {
-    CpuDeadLoop ();
-  }
-}
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
deleted file mode 100644
index b827645d72b9..000000000000
--- a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+++ /dev/null
@@ -1,39 +0,0 @@
-## @file
-#  Stack Check Library
-#
-#  Stack Check Library
-#
-#  Copyright (c) 2014, ARM Ltd. All rights reserved.<BR>
-#
-#  SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-#
-##
-
-[Defines]
-  INF_VERSION                    = 0x00010005
-  BASE_NAME                      = BaseStackCheckLib
-  MODULE_UNI_FILE                = BaseStackCheckLib.uni
-  FILE_GUID                      = 5f6579f7-b648-4fdb-9f19-4c17e27e8eff
-  MODULE_TYPE                    = BASE
-  VERSION_STRING                 = 1.0
-  LIBRARY_CLASS                  = NULL
-
-
-#
-#  VALID_ARCHITECTURES           = ARM AARCH64
-#
-
-[Sources]
-  BaseStackCheckGcc.c  | GCC
-  BaseStackCheckNull.c | MSFT
-
-[Packages]
-  MdePkg/MdePkg.dec
-
-[LibraryClasses]
-  BaseLib
-  DebugLib
-
-[Pcd]
-  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask  ## CONSUMES
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.uni b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.uni
deleted file mode 100644
index 03b9d7cd5320..000000000000
--- a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.uni
+++ /dev/null
@@ -1,16 +0,0 @@
-// /** @file
-// Stack Check Library
-//
-// Stack Check Library
-//
-// Copyright (c) 2014, ARM Ltd. All rights reserved.<BR>
-//
-// SPDX-License-Identifier: BSD-2-Clause-Patent
-//
-// **/
-
-
-#string STR_MODULE_ABSTRACT             #language en-US "Stack Check Library"
-
-#string STR_MODULE_DESCRIPTION          #language en-US "Stack Check Library"
-
diff --git a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckNull.c b/MdePkg/Library/BaseStackCheckLib/BaseStackCheckNull.c
deleted file mode 100644
index 32932002fa13..000000000000
--- a/MdePkg/Library/BaseStackCheckLib/BaseStackCheckNull.c
+++ /dev/null
@@ -1,9 +0,0 @@
-/** @file
- This file is purely empty as a work around for BaseStackCheck to pass MSVC build.
-
- Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-extern int  __BaseStackCheckNull;
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S b/MdePkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
rename to MdePkg/Library/CompilerIntrinsicsLib/AArch64/Atomics.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S b/MdePkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S
similarity index 90%
rename from ArmPkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S
index 79a7b3514c57..77348a0cff7a 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/AArch64/ashlti3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__ashlti3)
   # return if shift is 0
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S
index dee659b66320..f5f14509c5e9 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ashldi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__ashldi3)
   cmp  r2, #31
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S
index d60c1c64fe36..855497e7d1e4 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ashrdi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__ashrdi3)
   cmp  r2, #31
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S
index 493392a9f9e2..54a7f3cd8350 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/clzsi2.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__clzsi2)
   @ frame_needed = 1, uses_anonymous_args = 0
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S
similarity index 92%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S
index 5b21ec749e4c..d1ff500d5dc5 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ctzsi2.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__ctzsi2)
   uxth  r3, r0
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/div.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/div.S
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/div.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/div.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/div.asm b/MdePkg/Library/CompilerIntrinsicsLib/Arm/div.asm
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/div.asm
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/div.asm
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S
index f809a7dfeff9..c1c3c77b25dc 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/divdi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__divdi3)
   @ args = 0, pretend = 0, frame = 0
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S
similarity index 92%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S
index 45c0fcc3f759..eb4c30f6a220 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/divsi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__divsi3)
   eor  r3, r0, r0, asr #31
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/lasr.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/lasr.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/lasr.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/lasr.S
index feeea9edd12a..27201de4bef8 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/lasr.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/lasr.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #
 #UINT64
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S
index 9f4dddad798d..15c99c5099e8 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.S
@@ -6,7 +6,7 @@
 //
 //------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 //
 // A pair of (unsigned) long longs is returned in {{r0, r1}, {r2, r3}},
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.asm b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.asm
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.asm
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ldivmod.asm
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsl.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/llsl.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsl.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/llsl.S
index cc63a15b3cf6..d0a4acd8bda4 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsl.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/llsl.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #
 #VOID
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsr.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/llsr.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsr.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/llsr.S
index 246d5651e8d9..af6fd27028d1 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsr.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/llsr.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #VOID
 #EFIAPI
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsr.asm b/MdePkg/Library/CompilerIntrinsicsLib/Arm/llsr.asm
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/llsr.asm
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/llsr.asm
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S
index 829d8deb07b6..288573c855d3 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/lshrdi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__lshrdi3)
   cmp  r2, #31
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/memmove.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/memmove.S
similarity index 92%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/memmove.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/memmove.S
index f9f1932c6dea..d8588d3d98eb 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/memmove.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/memmove.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 # VOID
 # EFIAPI
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S
similarity index 92%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S
index faf077dc6bd6..e208f8fd2837 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/moddi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__moddi3)
   stmfd  sp!, {r4, r5, r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S
index b3299851bd8b..d67f88f717a7 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/modsi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__modsi3)
   stmfd  sp!, {r4, r5, r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S
index adee64782e56..6fdc527ecce5 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/muldi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__muldi3)
   stmfd  sp!, {r4, r5, r6, r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/mullu.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/mullu.S
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/mullu.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/mullu.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/sourcery.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/sourcery.S
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/sourcery.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/sourcery.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch16.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch16.S
similarity index 89%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch16.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/switch16.S
index e6d55673cb69..32870878b32a 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch16.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch16.S
@@ -7,7 +7,7 @@
 #**/
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch32.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch32.S
similarity index 89%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch32.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/switch32.S
index fbf72dd5f10b..040d65d6dc27 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch32.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch32.S
@@ -7,7 +7,7 @@
 #**/
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch8.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch8.S
similarity index 88%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch8.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/switch8.S
index aea048f4fba2..08fec9a8a0f2 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switch8.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switch8.S
@@ -7,7 +7,7 @@
 #**/
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S
similarity index 88%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S
index 22aeacdecaaf..a94b368ef911 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/switchu8.S
@@ -7,7 +7,7 @@
 #**/
 #
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S
similarity index 90%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S
index 681e3cf6e9c5..8d199fb0e288 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/ucmpdi2.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__ucmpdi2)
   stmfd  sp!, {r4, r5, r8, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S
similarity index 90%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S
index 505ae545f10a..ccb6f6c6c0f9 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivdi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__udivdi3)
   stmfd  sp!, {r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S
index a74db6fad193..edee8fc33687 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivmoddi4.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
   .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S
similarity index 92%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S
index e1f7da782af6..100a6a00d899 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/udivsi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
   .syntax unified
 
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uldiv.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uldiv.S
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/uldiv.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/uldiv.S
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uldiv.asm b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uldiv.asm
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/uldiv.asm
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/uldiv.asm
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S
similarity index 91%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S
index 3f26e2c5c81b..b22a785e0823 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/umoddi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__umoddi3)
   stmfd  sp!, {r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S
similarity index 90%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S
index b48b25b7dce5..ee548afe17da 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/umodsi3.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 ASM_FUNC(__umodsi3)
   stmfd  sp!, {r4, r5, r7, lr}
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uread.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uread.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/uread.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/uread.S
index e8a1dbad8692..132975c6a146 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uread.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uread.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #
 #UINT32
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S
similarity index 93%
rename from ArmPkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S
rename to MdePkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S
index 9432ac431799..2c56ba3e063b 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S
+++ b/MdePkg/Library/CompilerIntrinsicsLib/Arm/uwrite.S
@@ -6,7 +6,7 @@
 #
 #------------------------------------------------------------------------------
 
-#include <AsmMacroIoLib.h>
+#include <AsmMacroLib.h>
 
 #
 #UINT32
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf b/MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
similarity index 89%
rename from ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
rename to MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
index 054e68130730..ac48b4624653 100644
--- a/ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+++ b/MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
@@ -10,9 +10,9 @@
 #**/
 
 [Defines]
-  INF_VERSION                    = 0x00010005
+  INF_VERSION                    = 1.29
   BASE_NAME                      = CompilerIntrinsicsLib
-  FILE_GUID                      = 855274FA-3575-4C20-9709-C031DC5589FA
+  FILE_GUID                      = 2A6B451F-B99D-47B1-8F29-D805433C62E0
   MODULE_TYPE                    = BASE
   VERSION_STRING                 = 1.0
   LIBRARY_CLASS                  = CompilerIntrinsicsLib
@@ -70,7 +70,6 @@
 
 [Packages]
   MdePkg/MdePkg.dec
-  ArmPkg/ArmPkg.dec
 
 [BuildOptions]
   MSFT:*_*_*_CC_FLAGS = /GL-
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memcmp_ms.c b/MdePkg/Library/CompilerIntrinsicsLib/memcmp_ms.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memcmp_ms.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memcmp_ms.c
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memcpy.c b/MdePkg/Library/CompilerIntrinsicsLib/memcpy.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memcpy.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memcpy.c
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memcpy_ms.c b/MdePkg/Library/CompilerIntrinsicsLib/memcpy_ms.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memcpy_ms.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memcpy_ms.c
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memmove_ms.c b/MdePkg/Library/CompilerIntrinsicsLib/memmove_ms.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memmove_ms.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memmove_ms.c
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memset.c b/MdePkg/Library/CompilerIntrinsicsLib/memset.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memset.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memset.c
diff --git a/ArmPkg/Library/CompilerIntrinsicsLib/memset_ms.c b/MdePkg/Library/CompilerIntrinsicsLib/memset_ms.c
similarity index 100%
rename from ArmPkg/Library/CompilerIntrinsicsLib/memset_ms.c
rename to MdePkg/Library/CompilerIntrinsicsLib/memset_ms.c
diff --git a/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHook.c b/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHook.c
new file mode 100644
index 000000000000..0a258e4773eb
--- /dev/null
+++ b/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHook.c
@@ -0,0 +1,25 @@
+/** @file
+  Library provides a hook called when a stack cookie check fails.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Base.h>
+#include <Uefi.h>
+
+/**
+  This function gets called when a compiler generated stack cookie fails. This allows a platform to hook this
+  call and perform any required actions/telemetry at that time.
+
+  @param  FailureAddress  The address of the function that failed the stack cookie check.
+
+**/
+VOID
+EFIAPI
+StackCheckFailureHook (
+  VOID  *FailureAddress
+  )
+{
+  return;
+}
diff --git a/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHookLibNull.inf b/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHookLibNull.inf
new file mode 100644
index 000000000000..300073a7e7b9
--- /dev/null
+++ b/MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHookLibNull.inf
@@ -0,0 +1,20 @@
+## @file
+#  Library provides a hook called when a stack cookie check fails.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = StackCheckFailureHookLibNull
+  FILE_GUID                      = 9ca2587c-d1f2-451a-989a-d49a9a0a613e
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = StackCheckFailureHookLib
+
+[Sources]
+  StackCheckFailureHook.c
+
+[Packages]
+  MdePkg/MdePkg.dec
diff --git a/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.S b/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.S
new file mode 100644
index 000000000000..bce13643e3d2
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.S
@@ -0,0 +1,21 @@
+//------------------------------------------------------------------------------
+// AArch64/StackCookieInterrupt.S
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//------------------------------------------------------------------------------
+
+    .text
+
+//------------------------------------------------------------------------------
+// Calls an interrupt using the vector specified by PcdStackCookieExceptionVector
+//
+// VOID
+// TriggerStackCookieInterrupt (
+//   VOID
+//   );
+//------------------------------------------------------------------------------
+.global ASM_PFX(TriggerStackCookieInterrupt)
+ASM_PFX(TriggerStackCookieInterrupt):
+    svc FixedPcdGet8 (PcdStackCookieExceptionVector)
+    ret
diff --git a/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.asm b/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.asm
new file mode 100644
index 000000000000..ff5ee35acce8
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/AArch64/StackCookieInterrupt.asm
@@ -0,0 +1,25 @@
+;------------------------------------------------------------------------------
+; AArch64/StackCookieInterrupt.asm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    EXPORT TriggerStackCookieInterrupt
+
+    AREA |.text|, CODE, READONLY
+
+;------------------------------------------------------------------------------
+; Calls an interrupt using the vector specified by PcdStackCookieExceptionVector
+;
+; VOID
+; TriggerStackCookieInterrupt (
+;   VOID
+;   );
+;------------------------------------------------------------------------------
+TriggerStackCookieInterrupt PROC
+    SVC     FixedPcdGet8 (PcdStackCookieExceptionVector)
+    RET
+TriggerStackCookieInterrupt ENDP
+
+    END
diff --git a/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.S b/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.S
new file mode 100644
index 000000000000..1f10bb8aea52
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.S
@@ -0,0 +1,21 @@
+//------------------------------------------------------------------------------
+// Arm/StackCookieInterrupt.S
+//
+// Copyright (c) Microsoft Corporation.
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//------------------------------------------------------------------------------
+
+    .text
+
+//------------------------------------------------------------------------------
+// Calls an interrupt using the vector specified by PcdStackCookieExceptionVector
+//
+// VOID
+// TriggerStackCookieInterrupt (
+//   VOID
+//   );
+//------------------------------------------------------------------------------
+.global ASM_PFX(TriggerStackCookieInterrupt)
+ASM_PFX(TriggerStackCookieInterrupt):
+    swi FixedPcdGet8 (PcdStackCookieExceptionVector)
+    bx lr
diff --git a/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.asm b/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.asm
new file mode 100644
index 000000000000..f1b1e539438a
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/Arm/StackCookieInterrupt.asm
@@ -0,0 +1,25 @@
+;------------------------------------------------------------------------------
+; Arm/StackCookieInterrupt.asm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    EXPORT TriggerStackCookieInterrupt
+
+    AREA |.text|, CODE, READONLY
+
+;------------------------------------------------------------------------------
+; Calls an interrupt using the vector specified by PcdStackCookieExceptionVector
+;
+; VOID
+; TriggerStackCookieInterrupt (
+;   VOID
+;   );
+;------------------------------------------------------------------------------
+TriggerStackCookieInterrupt PROC
+    SWI     FixedPcdGet8 (PcdStackCookieExceptionVector)
+    BX      LR
+TriggerStackCookieInterrupt ENDP
+
+    END
diff --git a/MdePkg/Library/StackCheckLib/IA32/CheckCookieMsvc.nasm b/MdePkg/Library/StackCheckLib/IA32/CheckCookieMsvc.nasm
new file mode 100644
index 000000000000..a52ee90ad9f1
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/IA32/CheckCookieMsvc.nasm
@@ -0,0 +1,43 @@
+;------------------------------------------------------------------------------
+; IA32/CheckCookieMsvc.nasm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+extern ASM_PFX(StackCheckFailure)
+extern ASM_PFX(__security_cookie)
+extern ASM_PFX(CpuDeadLoop)
+
+; Called when a buffer check fails. This functionality is dependent on MSVC
+; C runtime libraries and so is unsupported in UEFI.
+global ASM_PFX(__report_rangecheckfailure)
+ASM_PFX(__report_rangecheckfailure):
+    jmp ASM_PFX(CpuDeadLoop)
+    ret
+
+; The GS handler is for checking the stack cookie during SEH or
+; EH exceptions and is unsupported in UEFI.
+global ASM_PFX(__GSHandlerCheck)
+ASM_PFX(__GSHandlerCheck):
+    jmp ASM_PFX(CpuDeadLoop)
+    ret
+
+;------------------------------------------------------------------------------
+; Checks the stack cookie value against __security_cookie and calls the
+; stack cookie failure handler if there is a mismatch.
+;
+; VOID
+; EFIAPI
+; __security_check_cookie (
+;   IN UINTN CheckValue
+;   );
+;------------------------------------------------------------------------------
+global @__security_check_cookie@4
+@__security_check_cookie@4:
+    cmp    ecx, [ASM_PFX(__security_cookie)]
+    jne    ASM_PFX(StackCheckFailure)
+    ret
diff --git a/MdePkg/Library/StackCheckLib/IA32/StackCookieInterrupt.nasm b/MdePkg/Library/StackCheckLib/IA32/StackCookieInterrupt.nasm
new file mode 100644
index 000000000000..83a686ddb309
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/IA32/StackCookieInterrupt.nasm
@@ -0,0 +1,23 @@
+;------------------------------------------------------------------------------
+; IA32/StackCookieInterrupt.nasm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+;------------------------------------------------------------------------------
+; Checks the stack cookie value against __security_cookie and calls the
+; stack cookie failure handler if there is a mismatch.
+;
+; VOID
+; TriggerStackCookieInterrupt (
+;   VOID
+;   );
+;------------------------------------------------------------------------------
+global ASM_PFX(TriggerStackCookieInterrupt)
+ASM_PFX(TriggerStackCookieInterrupt):
+    int     FixedPcdGet8 (PcdStackCookieExceptionVector)
+    ret
diff --git a/MdePkg/Library/StackCheckLib/Readme.md b/MdePkg/Library/StackCheckLib/Readme.md
new file mode 100644
index 000000000000..636cd047f086
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/Readme.md
@@ -0,0 +1,126 @@
+# StackCheckLib
+
+## Table of Contents
+
+- [StackCheckLib](#stackchecklib)
+  - [Table of Contents](#table-of-contents)
+  - [Introduction and Library Instances](#introduction-and-library-instances)
+    - [StackCheckLibStaticInit](#stackchecklibstaticinit)
+    - [StackCheckLibDynamicInit](#stackchecklibdynamicinit)
+    - [StackCheckLibNull](#stackchecklibnull)
+  - [How Failures are Handled](#how-failures-are-handled)
+  - [Debugging Stack Cookie Check Failures](#debugging-stack-cookie-check-failures)
+  - [Usage](#usage)
+
+## Introduction and Library Instances
+
+`StackCheckLib` contains the required functionality for initializing the stack cookie
+value, checking the value, and triggering an interrupt when a mismatch occurs.
+The stack cookie is a random value placed on the stack between the stack variables
+and the return address so that continuously writing past the stack variables will
+cause the stack cookie to be overwritten. Before the function returns, the stack
+cookie value will be checked and if there is a mismatch then `StackCheckLib` handles
+the failure.
+
+Because UEFI doesn't use the C runtime libraries provided by MSVC, the stack
+check code is written in assembly within this library. GCC and Clang compilers
+have built-in support for stack cookie checking, so this library only handles failures.
+
+### StackCheckLibStaticInit
+
+`StackCheckLibStaticInit` is an instance of `StackCheckLib` which does not update the
+stack cookie value for the module at runtime. It's always preferable to use
+`StackCheckLibDynamicInit` for improved security but there are cases where the stack
+cookie global cannot be written to such as in execute-in-place (XIP) modules and during
+the Cache-as-RAM (CAR) phase of the boot process. The stack cookie value is initialized
+at compile time via updates to the AutoGen process. Each module will define
+`STACK_COOKIE_VALUE` which is used for the module stack cookie value.
+
+### StackCheckLibDynamicInit
+
+This section is future work. The below is the proposed instance.
+
+`StackCheckLibDynamicInit` is an instance of `StackCheckLib` which updates the stack
+cookie value for the module at runtime. This is the preferred method for stack cookie
+initialization as it provides improved security. The stack cookie value is initialized
+at runtime by calling `GetRandomNumber32()` or `GetRandomNumber64()` to generate a random
+value via the platform's random number generator protocol. If the random number generator
+returns an error, then the value will still have the build-time randomized value to fall
+back on.
+
+### StackCheckLibNull
+
+`StackCheckLibNull` is an instance of `StackCheckLib` which does not perform any stack
+cookie checks. This is useful for modules which will fail if stack cookie checks are
+inserted. Of course, this is not recommended for production code.
+
+## How Failures are Handled
+
+When a stack cookie check fails, the `StackCheckLib` library will first call into a hook
+function `StackCheckFailureHook()` which only has a NULL implementation in edk2.
+The NULL implementation will simply print the failure address and return, but a platform
+can implement their own instance of this library which can perform additional actions
+before the system triggers an interrupt.
+
+After `StackCheckFailureHook()` returns, the library will trigger an interrupt with
+PcdStackCookieExceptionVector.
+
+- On IA32 and X64 platforms, PcdStackCookieExceptionVector is used as an index into the
+Interrupt Descriptor Table.
+- On ARM platforms, a software interrupt (`SWI`) is called with the value of
+PcdStackCookieExceptionVector. The value can be retrieved by the handler by reading
+bits [7:0] of the instruction opcode which will allow the handler to determine if the
+interrupt was triggered by the stack cookie check. Reference:
+[Arm A64 Instruction Set Architecture Version 2024-3](https://developer.arm.com/documentation/ddi0597/2024-03/Base-Instructions/SVC--Supervisor-Call-?lang=en)
+- On AARCH64 platforms, a supervisor call (`SVC`) is called with the value
+of PcdStackCookieExceptionVector. This value can similarly be retrieved by the
+handler to determine if the interrupt was triggered by the stack cookie check. Reference:
+[Arm A64 Instruction Set Architecture Version 2024-3](https://developer.arm.com/documentation/ddi0602/2024-03/Base-Instructions/SVC--Supervisor-Call-?lang=en)
+
+## Debugging Stack Cookie Check Failures
+
+Tracking down the origin of stack cookie failures can be difficult. Programmers may attempt
+printf debugging to determine which function has an overflow only to find that the failure
+disappears on the next boot. This curiosity is usually due to the black-box heuristic used
+by compilers to determine where to put stack cookie checks or compiler optimization features
+removing the failing check. The address where the failed stack cookie check occurred will
+be printed using DebugLib. If .map files are available, the address combined with the image
+offset can be used to determine the function which failed.
+
+GNU-based compilers have the `-fstack-protector-all` flag to force stack cookie checks on
+all functions which could create a more consistent environment for debugging assuming an
+earlier failure doesn't mask the targeted one and the flash space can accommodate the
+increased size.
+
+The Visual Studio (MSVC) toolchain has the ability to generate `.cod` files during compilation
+which interleave C and the generated assembly code. These files will contain the stack cookie
+checks and are useful for determining where the checks are placed. To generate these files,
+append `/FAcs` to the build options for each target module. The easiest way to do this is to
+update the tools_def file so the `<TARGET>_<TOOLCHAIN>_<ARCH>_CC_FLAGS` includes `/FAcs`.
+
+## Usage
+
+edk2 updated the tools_def to add `/GS` to VS2022 and VS2019 IA32/X64 builds and
+`-fstack-protector` to GCC builds. This will cause stack cookie references to be inserted
+throughout the code. Every module should have a `StackCheckLib` instances linked to satisfy
+these references. So every module doesn't need to add `StackCheckLib` to the LibraryClasses
+section of the INF file, `StackCheckLib` instances should be linked as NULL in the platform
+DSC fies. The only exception to this is host-based unit tests as they will be compiled with
+the runtime libraries which already contain the stack cookie definitions and will collide
+with `StackCheckLib`.
+
+SEC and PEI_CORE modules should always use `StackCheckLibNull` and pre-memory modules
+should use `StackCheckLibStaticInit`. All other modules should use `StackCheckLibDynamicInit`.
+Below is an **example** of how to link the `StackCheckLib` instances in the platform DSC file
+but it may need customization based on the platform's requirements:
+
+```text
+[LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
+[LibraryClasses.common.PEIM]
+  NULL|MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf
+
+[LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+  NULL|MdePkg/Library/StackCheckLib/StackCheckLibDynamicInit.inf
+```
diff --git a/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c b/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c
new file mode 100644
index 000000000000..4146012b905c
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/StackCheckLibCommonGcc.c
@@ -0,0 +1,38 @@
+/** @file
+  Provides the required functionality for handling stack
+  cookie check failures in GCC.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Base.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+#include <Library/StackCheckFailureHookLib.h>
+
+/**
+  Triggers an interrupt using the vector specified by PcdStackCookieExceptionVector
+**/
+VOID
+TriggerStackCookieInterrupt (
+  VOID
+  );
+
+VOID  *__stack_chk_guard = (VOID *)(UINTN)STACK_COOKIE_VALUE;
+
+/**
+  This function gets called when a gcc/clang generated stack cookie fails. This implementation calls into a platform
+  failure hook lib and then triggers the stack cookie interrupt.
+
+**/
+VOID
+__stack_chk_fail (
+  VOID
+  )
+{
+  DEBUG ((DEBUG_ERROR, "Stack cookie check failed at address 0x%llx!\n", RETURN_ADDRESS (0)));
+  StackCheckFailureHook (RETURN_ADDRESS (0));
+  TriggerStackCookieInterrupt ();
+}
diff --git a/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c b/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c
new file mode 100644
index 000000000000..406b2d01169b
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/StackCheckLibCommonMsvc.c
@@ -0,0 +1,40 @@
+/** @file
+  Provides the required functionality for handling stack
+  cookie check failures for MSVC.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Base.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseLib.h>
+#include <Library/StackCheckFailureHookLib.h>
+
+/**
+  Triggers an interrupt using the vector specified by PcdStackCookieExceptionVector
+**/
+VOID
+TriggerStackCookieInterrupt (
+  VOID
+  );
+
+VOID  *__security_cookie = (VOID *)(UINTN)STACK_COOKIE_VALUE;
+
+/**
+  This function gets called when an MSVC generated stack cookie fails. This implementation calls into a platform
+  failure hook lib and then triggers the stack cookie interrupt.
+
+  @param[in] ActualCookieValue  The value that was written onto the stack, corrupting the stack cookie.
+
+**/
+VOID
+StackCheckFailure (
+  VOID  *ActualCookieValue
+  )
+{
+  DEBUG ((DEBUG_ERROR, "Stack cookie check failed at address 0x%llx!\n", RETURN_ADDRESS (0)));
+  StackCheckFailureHook (RETURN_ADDRESS (0));
+  TriggerStackCookieInterrupt ();
+}
diff --git a/MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf b/MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf
new file mode 100644
index 000000000000..ce8bc11f2bb0
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf
@@ -0,0 +1,58 @@
+## @file
+#  Provides the required functionality for checking the stack cookie.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = StackCheckLibStaticInit
+  FILE_GUID                      = 2b24dc50-e33d-4c9f-8b62-e826f06e483f
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+
+[Sources]
+  StackCheckLibCommonMsvc.c | MSFT
+  StackCheckLibCommonGcc.c  | GCC
+
+[Sources.IA32]
+  IA32/CheckCookieMsvc.nasm | MSFT
+
+[Sources.X64]
+  X64/CheckCookieMsvc.nasm | MSFT
+
+[Sources.IA32, Sources.X64]
+  IA32/StackCookieInterrupt.nasm
+
+[Sources.ARM]
+  Arm/StackCookieInterrupt.S   |GCC
+  Arm/StackCookieInterrupt.asm |MSFT
+
+[Sources.AARCH64]
+  AArch64/StackCookieInterrupt.S   |GCC
+  AArch64/StackCookieInterrupt.asm |MSFT
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[LibraryClasses]
+  StackCheckFailureHookLib
+  BaseLib
+  DebugLib
+
+[FixedPcd]
+  gEfiMdePkgTokenSpaceGuid.PcdStackCookieExceptionVector
+
+[BuildOptions]
+  # We cannot build the MSVC version with /GL (whole program optimization) because we run into linker error
+  # LNK1237, which is a failure to link against a symbol from a library compiled with /GL. The whole program
+  # optimization tries to do away with references to this symbol. The solution is to not compile the stack
+  # check libs with /GL
+  MSFT:*_*_*_CC_FLAGS = /GL-
+
+  # We cannot build the GCC version with LTO (link time optimization) because we run into linker errors where
+  # the stack cookie variable has been optimized away, as it looks to GCC like the variable is not used, because
+  # the compiler inserts the usage.
+  GCC:*_*_*_CC_FLAGS = -fno-lto
diff --git a/MdePkg/Library/StackCheckLib/X64/CheckCookieMsvc.nasm b/MdePkg/Library/StackCheckLib/X64/CheckCookieMsvc.nasm
new file mode 100644
index 000000000000..ebc4f75712e1
--- /dev/null
+++ b/MdePkg/Library/StackCheckLib/X64/CheckCookieMsvc.nasm
@@ -0,0 +1,43 @@
+;------------------------------------------------------------------------------
+; X64/CheckCookieMsvc.nasm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+extern ASM_PFX(StackCheckFailure)
+extern ASM_PFX(__security_cookie)
+extern ASM_PFX(CpuDeadLoop)
+
+; Called when a buffer check fails. This functionality is dependent on MSVC
+; C runtime libraries and so is unsupported in UEFI.
+global ASM_PFX(__report_rangecheckfailure)
+ASM_PFX(__report_rangecheckfailure):
+    jmp ASM_PFX(CpuDeadLoop)
+    ret
+
+; The GS handler is for checking the stack cookie during SEH or
+; EH exceptions and is unsupported in UEFI.
+global ASM_PFX(__GSHandlerCheck)
+ASM_PFX(__GSHandlerCheck):
+    jmp ASM_PFX(CpuDeadLoop)
+    ret
+
+;------------------------------------------------------------------------------
+; Checks the stack cookie value against __security_cookie and calls the
+; stack cookie failure handler if there is a mismatch.
+;
+; VOID
+; EFIAPI
+; __security_check_cookie (
+;   IN UINTN CheckValue
+;   );
+;------------------------------------------------------------------------------
+global ASM_PFX(__security_check_cookie)
+ASM_PFX(__security_check_cookie):
+    cmp    rcx, [ASM_PFX(__security_cookie)]
+    jne    ASM_PFX(StackCheckFailure)
+    ret
diff --git a/MdePkg/Library/StackCheckLibNull/IA32/StackCheckFunctionsMsvc.nasm b/MdePkg/Library/StackCheckLibNull/IA32/StackCheckFunctionsMsvc.nasm
new file mode 100644
index 000000000000..510d500847a8
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/IA32/StackCheckFunctionsMsvc.nasm
@@ -0,0 +1,21 @@
+;------------------------------------------------------------------------------
+; IA32/StackCheckFunctionsMsvc.nasm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+global ASM_PFX(__report_rangecheckfailure)
+ASM_PFX(__report_rangecheckfailure):
+    ret
+
+global ASM_PFX(__GSHandlerCheck)
+ASM_PFX(__GSHandlerCheck):
+    ret
+
+global @__security_check_cookie@4
+@__security_check_cookie@4:
+    ret
diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibHostApplicationMsvc.c b/MdePkg/Library/StackCheckLibNull/StackCheckLibHostApplicationMsvc.c
new file mode 100644
index 000000000000..6af9891c3907
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibHostApplicationMsvc.c
@@ -0,0 +1,13 @@
+/** @file
+  This file is empty to allow host applications
+  to use the MSVC C runtime lib that provides
+  stack cookie definitions without breaking the
+  build.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+
+extern VOID  *__security_cookie;
diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf b/MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
new file mode 100644
index 000000000000..bb42833d02df
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
@@ -0,0 +1,41 @@
+## @file
+#  Null library instance for StackCheckLib which can be included
+#  when a build needs to include stack check functions but does
+#  not want to generate stack check failures.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = StackCheckLibNull
+  FILE_GUID                      = f6ef2763-ca3b-4c6f-a931-2a48de3ce352
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = StackCheckLib
+
+[Sources]
+  StackCheckLibNullGcc.c  | GCC
+  StackCheckLibNullMsvc.c | MSFT
+
+[Sources.IA32]
+  IA32/StackCheckFunctionsMsvc.nasm | MSFT
+
+[Sources.X64]
+  X64/StackCheckFunctionsMsvc.nasm | MSFT
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[BuildOptions]
+  # We cannot build the MSVC version with /GL (whole program optimization) because we run into linker error
+  # LNK1237, which is a failure to link against a symbol from a library compiled with /GL. The whole program
+  # optimization tries to do away with references to this symbol. The solution is to not compile the stack
+  # check libs with /GL
+  MSFT:*_*_*_CC_FLAGS = /GL-
+
+  # We cannot build the GCC version with LTO (link time optimization) because we run into linker errors where
+  # the stack cookie variable has been optimized away, as it looks to GCC like the variable is not used, because
+  # the compiler inserts the usage.
+  GCC:*_*_*_CC_FLAGS = -fno-lto
diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c
new file mode 100644
index 000000000000..cc30632761ea
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullGcc.c
@@ -0,0 +1,23 @@
+/** @file
+  Defines the stack cookie variable for GCC and Clang compilers.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+
+VOID  *__stack_chk_guard = (VOID *)(UINTN)0x0;
+
+/**
+  This function gets called when a gcc/clang generated stack cookie fails. This implementation does nothing when
+  a stack cookie failure occurs.
+
+**/
+VOID
+EFIAPI
+__stack_chk_fail (
+  VOID
+  )
+{
+}
diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf
new file mode 100644
index 000000000000..3e898263c2ac
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf
@@ -0,0 +1,34 @@
+## @file
+#  Null library instance for StackCheckLib which can be included
+#  when a build needs to include stack check functions but does
+#  not want to generate stack check failures. This instance is used
+#  for HOST_APPLICATIONS specifically, as MSVC host applications link
+#  to the C runtime lib that contains the stack cookie definitions, so
+#  must link to a completely null version of this lib, whereas GCC host
+#  host applications do not link to a C runtime lib that contains the stack
+#  cookie definitions, so we must link against our version.
+#
+#  Copyright (c) Microsoft Corporation.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 1.29
+  BASE_NAME                      = StackCheckLibNullHostApplication
+  FILE_GUID                      = 7EBE7BD1-0D92-4609-89AA-6EA3815CB844
+  MODULE_TYPE                    = HOST_APPLICATION
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = StackCheckLib|HOST_APPLICATION
+
+[Sources]
+  StackCheckLibHostApplicationMsvc.c | MSFT
+  StackCheckLibNullGcc.c             | GCC
+
+[Packages]
+  MdePkg/MdePkg.dec
+
+[BuildOptions]
+  # We cannot build the GCC version with LTO (link time optimization) because we run into linker errors where
+  # the stack cookie variable has been optimized away, as it looks to GCC like the variable is not used, because
+  # the compiler inserts the usage. We do not worry about the MSVC version here as it is a no-op.
+  GCC:*_*_*_CC_FLAGS = -fno-lto
diff --git a/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c
new file mode 100644
index 000000000000..ba9a4e6f3ceb
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/StackCheckLibNullMsvc.c
@@ -0,0 +1,10 @@
+/** @file
+  Defines the stack cookie variable for GCC, Clang and MSVC compilers.
+
+  Copyright (c) Microsoft Corporation.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi.h>
+
+VOID  *__security_cookie = (VOID *)(UINTN)0x0;
diff --git a/MdePkg/Library/StackCheckLibNull/X64/StackCheckFunctionsMsvc.nasm b/MdePkg/Library/StackCheckLibNull/X64/StackCheckFunctionsMsvc.nasm
new file mode 100644
index 000000000000..f4639a03d2ea
--- /dev/null
+++ b/MdePkg/Library/StackCheckLibNull/X64/StackCheckFunctionsMsvc.nasm
@@ -0,0 +1,21 @@
+;------------------------------------------------------------------------------
+; X64/StackCheckFunctionsMsvc.nasm
+;
+; Copyright (c) Microsoft Corporation.
+; SPDX-License-Identifier: BSD-2-Clause-Patent
+;------------------------------------------------------------------------------
+
+    DEFAULT REL
+    SECTION .text
+
+global ASM_PFX(__report_rangecheckfailure)
+ASM_PFX(__report_rangecheckfailure):
+    ret
+
+global ASM_PFX(__GSHandlerCheck)
+ASM_PFX(__GSHandlerCheck):
+    ret
+
+global ASM_PFX(__security_check_cookie)
+ASM_PFX(__security_check_cookie):
+    ret
diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc
index a8c8f4ef3639..4e3858edb627 100644
--- a/MdePkg/MdeLibs.dsc.inc
+++ b/MdePkg/MdeLibs.dsc.inc
@@ -20,3 +20,19 @@
   SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
   SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
   MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf
+
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
+  #
+  # It is not possible to prevent the ARM/AARCH64 compilers from inserting generic intrinsic functions.
+  # This library provides the intrinsic functions generated by these compilers.
+  #
+  # Linking this here as a null library will cause all ARM/AARCH64 files to link against it and have
+  # definitions for the intrinsic functions.
+  #
+  NULL|MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
+
+# Stack Cookies cannot be generically applied to SEC modules because they may not define _ModuleEntryPoint and when we
+# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can
+# apply a library class override to get StackCheckLibNull.inf
+[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
diff --git a/MdePkg/MdePkg.ci.yaml b/MdePkg/MdePkg.ci.yaml
index f2d81af080ee..cebccba59d29 100644
--- a/MdePkg/MdePkg.ci.yaml
+++ b/MdePkg/MdePkg.ci.yaml
@@ -61,7 +61,9 @@
             "7007", "_EFI_SPI_NOR_FLASH_PROTOCOL",
             "7007", "_EFI_SPI_HC_PROTOCOL",
             "8002", "aligned (",
-            "4002", "_ReturnAddress"
+            "4002", "_ReturnAddress",
+            "8005", "__security_cookie",
+            "8006", "__stack_chk_fail"
         ],
         ## Both file path and directory path are accepted.
         "IgnoreFiles": [
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index d36bd2eda37e..b542d6d83235 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -303,6 +303,10 @@
   #
   TraceHubDebugSysTLib|Include/Library/TraceHubDebugSysTLib.h
 
+  ##  @libraryclass  Provides a hook called when a stack cookie check fails.
+  #
+  StackCheckFailureHookLib|Include/Library/StackCheckFailureHookLib.h
+
 [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64]
   ##  @libraryclass  Provides services to generate random number.
   #
@@ -2259,6 +2263,9 @@
   # @Prompt Speculation Barrier Type.
   gEfiMdePkgTokenSpaceGuid.PcdSpeculationBarrierType|0x01|UINT8|0x30001018
 
+  ## This PCD specifies the interrupt vector for stack cookie check failures
+  gEfiMdePkgTokenSpaceGuid.PcdStackCookieExceptionVector|0x42|UINT8|0x30001019
+
 [PcdsFixedAtBuild,PcdsPatchableInModule]
   ## Indicates the maximum length of unicode string used in the following
   #  BaseLib functions: StrLen(), StrSize(), StrCmp(), StrnCmp(), StrCpy(), StrnCpy()<BR><BR>
diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
index 109224c527f7..0f00172be100 100644
--- a/MdePkg/MdePkg.dsc
+++ b/MdePkg/MdePkg.dsc
@@ -139,6 +139,10 @@
   MdePkg/Library/JedecJep106Lib/JedecJep106Lib.inf
   MdePkg/Library/BaseFdtLib/BaseFdtLib.inf
 
+  MdePkg/Library/StackCheckFailureHookLibNull/StackCheckFailureHookLibNull.inf
+  MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+  MdePkg/Library/StackCheckLib/StackCheckLibStaticInit.inf
+
 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
   #
   # Add UEFI Target Based Unit Tests
@@ -193,7 +197,7 @@
 
 [Components.ARM, Components.AARCH64]
   MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsicArmVirt.inf
-  MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+  MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
 
 [Components.RISCV64]
   MdePkg/Library/BaseRiscVSbiLib/BaseRiscVSbiLib.inf
diff --git a/MdePkg/Test/MdePkgHostTest.dsc b/MdePkg/Test/MdePkgHostTest.dsc
index 6a85d02236a0..1351d191575e 100644
--- a/MdePkg/Test/MdePkgHostTest.dsc
+++ b/MdePkg/Test/MdePkgHostTest.dsc
@@ -47,3 +47,5 @@
   MdePkg/Test/Mock/Library/GoogleTest/MockPeiServicesLib/MockPeiServicesLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockHobLib/MockHobLib.inf
   MdePkg/Test/Mock/Library/GoogleTest/MockFdtLib/MockFdtLib.inf
+
+  MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf
diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.c b/NetworkPkg/HttpBootDxe/HttpBootClient.c
index 40f64fcb6bf8..858e7c21034c 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootClient.c
+++ b/NetworkPkg/HttpBootDxe/HttpBootClient.c
@@ -923,6 +923,9 @@ HttpBootGetBootFileCallback (
                                    BufferSize has been updated with the size needed to complete
                                    the request.
   @retval EFI_ACCESS_DENIED        The server needs to authenticate the client.
+  @retval EFI_NOT_READY            Data transfer has timed-out, call HttpBootGetBootFile again to resume
+                                   the download operation using HTTP Range headers.
+  @retval EFI_UNSUPPORTED          Some HTTP response header is not supported.
   @retval Others                   Unexpected error happened.
 
 **/
@@ -955,6 +958,10 @@ HttpBootGetBootFile (
   CHAR8                    BaseAuthValue[80];
   EFI_HTTP_HEADER          *HttpHeader;
   CHAR8                    *Data;
+  UINTN                    HeadersCount;
+  BOOLEAN                  ResumingOperation;
+  CHAR8                    *ContentRangeResponseValue;
+  CHAR8                    RangeValue[64];
 
   ASSERT (Private != NULL);
   ASSERT (Private->HttpCreated);
@@ -985,6 +992,16 @@ HttpBootGetBootFile (
     }
   }
 
+  // Check if this is a previous download that has failed and need to be resumed
+  if ((!HeaderOnly) &&
+      (Private->PartialTransferredSize > 0) &&
+      (Private->BootFileSize == *BufferSize))
+  {
+    ResumingOperation = TRUE;
+  } else {
+    ResumingOperation = FALSE;
+  }
+
   //
   // Not found in cache, try to download it through HTTP.
   //
@@ -1014,8 +1031,23 @@ HttpBootGetBootFile (
   //       Accept
   //       User-Agent
   //       [Authorization]
+  //       [Range]
+  //       [If-Match]|[If-Unmodified-Since]
   //
-  HttpIoHeader = HttpIoCreateHeader ((Private->AuthData != NULL) ? 4 : 3);
+  HeadersCount = 3;
+  if (Private->AuthData != NULL) {
+    HeadersCount++;
+  }
+
+  if (ResumingOperation) {
+    HeadersCount++;
+    if (Private->LastModifiedOrEtag) {
+      HeadersCount++;
+    }
+  }
+
+  HttpIoHeader = HttpIoCreateHeader (HeadersCount);
+
   if (HttpIoHeader == NULL) {
     Status = EFI_OUT_OF_RESOURCES;
     goto ERROR_2;
@@ -1097,6 +1129,62 @@ HttpBootGetBootFile (
     }
   }
 
+  //
+  // Add HTTP header field 5 (optional): Range
+  //
+  if (ResumingOperation) {
+    // Resuming a failed download. Prepare the HTTP Range Header
+    Status = AsciiSPrint (
+               RangeValue,
+               sizeof (RangeValue),
+               "bytes=%lu-%lu",
+               Private->PartialTransferredSize,
+               Private->BootFileSize - 1
+               );
+    if (EFI_ERROR (Status)) {
+      goto ERROR_3;
+    }
+
+    Status = HttpIoSetHeader (HttpIoHeader, "Range", RangeValue);
+    if (EFI_ERROR (Status)) {
+      goto ERROR_3;
+    }
+
+    DEBUG (
+      (DEBUG_WARN | DEBUG_INFO,
+       "HttpBootGetBootFile: Resuming failed download. Range: %a\n",
+       RangeValue)
+      );
+
+    //
+    // Add HTTP header field 6 (optional): If-Match or If-Unmodified-Since
+    //
+    if (Private->LastModifiedOrEtag) {
+      if (Private->LastModifiedOrEtag[0] == '"') {
+        // An ETag value starts with "
+        DEBUG (
+          (DEBUG_WARN | DEBUG_INFO,
+           "HttpBootGetBootFile: If-Match=%a\n",
+           Private->LastModifiedOrEtag)
+          );
+        // Add If-Match header with the ETag value got from the first request.
+        Status = HttpIoSetHeader (HttpIoHeader, HTTP_HEADER_IF_MATCH, Private->LastModifiedOrEtag);
+      } else {
+        DEBUG (
+          (DEBUG_WARN | DEBUG_INFO,
+           "HttpBootGetBootFile: If-Unmodified-Since=%a\n",
+           Private->LastModifiedOrEtag)
+          );
+        // Add If-Unmodified-Since header with the timestamp value (Last-Modified) got from the first request.
+        Status = HttpIoSetHeader (HttpIoHeader, HTTP_HEADER_IF_UNMODIFIED_SINCE, Private->LastModifiedOrEtag);
+      }
+
+      if (EFI_ERROR (Status)) {
+        goto ERROR_3;
+      }
+    }
+  }
+
   //
   // 2.2 Build the rest of HTTP request info.
   //
@@ -1245,6 +1333,62 @@ HttpBootGetBootFile (
     Cache->ImageType    = *ImageType;
   }
 
+  // Cache ETag or Last-Modified response header value to
+  // be used when resuming an interrupted download.
+  HttpHeader = HttpFindHeader (
+                 ResponseData->HeaderCount,
+                 ResponseData->Headers,
+                 HTTP_HEADER_ETAG
+                 );
+  if (HttpHeader == NULL) {
+    HttpHeader = HttpFindHeader (
+                   ResponseData->HeaderCount,
+                   ResponseData->Headers,
+                   HTTP_HEADER_LAST_MODIFIED
+                   );
+  }
+
+  if (HttpHeader) {
+    if (Private->LastModifiedOrEtag) {
+      FreePool (Private->LastModifiedOrEtag);
+    }
+
+    Private->LastModifiedOrEtag = AllocateCopyPool (AsciiStrSize (HttpHeader->FieldValue), HttpHeader->FieldValue);
+  }
+
+  //
+  // 3.2.2 Validate the range response. If operation is being resumed,
+  // server must respond with Content-Range.
+  //
+  if (ResumingOperation) {
+    HttpHeader = HttpFindHeader (
+                   ResponseData->HeaderCount,
+                   ResponseData->Headers,
+                   HTTP_HEADER_CONTENT_RANGE
+                   );
+    if ((HttpHeader == NULL) ||
+        (AsciiStrnCmp (HttpHeader->FieldValue, "bytes", 5) != 0))
+    {
+      Status = EFI_UNSUPPORTED;
+      goto ERROR_5;
+    }
+
+    // Gets the total size of ranged data (Content-Range: <unit> <range-start>-<range-end>/<size>)
+    // and check if it remains the same
+    ContentRangeResponseValue = AsciiStrStr (HttpHeader->FieldValue, "/");
+    if (ContentRangeResponseValue == NULL) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR_5;
+    }
+
+    ContentRangeResponseValue++;
+    ContentLength = AsciiStrDecimalToUintn (ContentRangeResponseValue);
+    if (ContentLength != *BufferSize) {
+      Status = EFI_INVALID_PARAMETER;
+      goto ERROR_5;
+    }
+  }
+
   //
   // 3.3 Init a message-body parser from the header information.
   //
@@ -1295,10 +1439,15 @@ HttpBootGetBootFile (
       // In identity transfer-coding there is no need to parse the message body,
       // just download the message body to the user provided buffer directly.
       //
+      if (ResumingOperation && ((ContentLength + Private->PartialTransferredSize) > *BufferSize)) {
+        Status = EFI_INVALID_PARAMETER;
+        goto ERROR_6;
+      }
+
       ReceivedSize = 0;
       while (ReceivedSize < ContentLength) {
-        ResponseBody.Body       = (CHAR8 *)Buffer + ReceivedSize;
-        ResponseBody.BodyLength = *BufferSize - ReceivedSize;
+        ResponseBody.Body       = (CHAR8 *)Buffer + (ReceivedSize + Private->PartialTransferredSize);
+        ResponseBody.BodyLength = *BufferSize - (ReceivedSize + Private->PartialTransferredSize);
         Status                  = HttpIoRecvResponse (
                                     &Private->HttpIo,
                                     FALSE,
@@ -1309,6 +1458,20 @@ HttpBootGetBootFile (
             Status = ResponseBody.Status;
           }
 
+          if ((Status == EFI_TIMEOUT) || (Status == EFI_DEVICE_ERROR)) {
+            // For EFI_TIMEOUT and EFI_DEVICE_ERROR errors, we may resume the operation.
+            // We will not check if server sent Accept-Ranges header, because some back-ends
+            // do not report this header, even when supporting it. Know example: CloudFlare CDN Cache.
+            Private->PartialTransferredSize = ReceivedSize;
+            DEBUG (
+              (
+               DEBUG_WARN | DEBUG_INFO,
+               "HttpBootGetBootFile: Transfer error. Bytes transferred so far: %lu.\n",
+               ReceivedSize
+              )
+              );
+          }
+
           goto ERROR_6;
         }
 
@@ -1326,6 +1489,9 @@ HttpBootGetBootFile (
           }
         }
       }
+
+      // download completed, there is no more partial data
+      Private->PartialTransferredSize = 0;
     } else {
       //
       // In "chunked" transfer-coding mode, so we need to parse the received
@@ -1385,9 +1551,13 @@ HttpBootGetBootFile (
   //
   // 3.5 Message-body receive & parse is completed, we should be able to get the file size now.
   //
-  Status = HttpGetEntityLength (Parser, &ContentLength);
-  if (EFI_ERROR (Status)) {
-    goto ERROR_6;
+  if (!ResumingOperation) {
+    Status = HttpGetEntityLength (Parser, &ContentLength);
+    if (EFI_ERROR (Status)) {
+      goto ERROR_6;
+    }
+  } else {
+    ContentLength = Private->BootFileSize;
   }
 
   if (*BufferSize < ContentLength) {
diff --git a/NetworkPkg/HttpBootDxe/HttpBootClient.h b/NetworkPkg/HttpBootDxe/HttpBootClient.h
index 86a28bc91aa2..406eefb54298 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootClient.h
+++ b/NetworkPkg/HttpBootDxe/HttpBootClient.h
@@ -108,6 +108,7 @@ HttpBootCreateHttpIo (
                                    BufferSize has been updated with the size needed to complete
                                    the request.
   @retval EFI_ACCESS_DENIED        The server needs to authenticate the client.
+  @retval EFI_UNSUPPORTED          Some HTTP response header is not supported.
   @retval Others                   Unexpected error happened.
 
 **/
diff --git a/NetworkPkg/HttpBootDxe/HttpBootDxe.h b/NetworkPkg/HttpBootDxe/HttpBootDxe.h
index 5ff8ad4698b2..193235dabbfc 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootDxe.h
+++ b/NetworkPkg/HttpBootDxe/HttpBootDxe.h
@@ -214,6 +214,8 @@ struct _HTTP_BOOT_PRIVATE_DATA {
   CHAR8                                        *BootFileUri;
   VOID                                         *BootFileUriParser;
   UINTN                                        BootFileSize;
+  UINTN                                        PartialTransferredSize;
+  CHAR8                                        *LastModifiedOrEtag;
   BOOLEAN                                      NoGateway;
   HTTP_BOOT_IMAGE_TYPE                         ImageType;
 
diff --git a/NetworkPkg/HttpBootDxe/HttpBootDxe.inf b/NetworkPkg/HttpBootDxe/HttpBootDxe.inf
index cffa642a4bf7..3f87e58a14a9 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootDxe.inf
+++ b/NetworkPkg/HttpBootDxe/HttpBootDxe.inf
@@ -95,8 +95,10 @@
   gEfiAdapterInfoUndiIpv6SupportGuid             ## SOMETIMES_CONSUMES ## GUID
 
 [Pcd]
-  gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections       ## CONSUMES
-  gEfiNetworkPkgTokenSpaceGuid.PcdHttpIoTimeout              ## CONSUMES
+  gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections           ## CONSUMES
+  gEfiNetworkPkgTokenSpaceGuid.PcdHttpIoTimeout                  ## CONSUMES
+  gEfiNetworkPkgTokenSpaceGuid.PcdMaxHttpResumeRetries           ## CONSUMES
+  gEfiNetworkPkgTokenSpaceGuid.PcdHttpDelayBetweenResumeRetries  ## CONSUMES
 
 [UserExtensions.TianoCore."ExtraFiles"]
   HttpBootDxeExtra.uni
diff --git a/NetworkPkg/HttpBootDxe/HttpBootImpl.c b/NetworkPkg/HttpBootDxe/HttpBootImpl.c
index fa27941f8050..4f84e59a2183 100644
--- a/NetworkPkg/HttpBootDxe/HttpBootImpl.c
+++ b/NetworkPkg/HttpBootDxe/HttpBootImpl.c
@@ -304,6 +304,7 @@ HttpBootGetBootFileCaller (
 {
   HTTP_GET_BOOT_FILE_STATE  State;
   EFI_STATUS                Status;
+  UINT32                    Retries;
 
   if (Private->BootFileSize == 0) {
     State = GetBootFileHead;
@@ -370,13 +371,40 @@ HttpBootGetBootFileCaller (
         //
         // Load the boot file into Buffer
         //
-        Status = HttpBootGetBootFile (
-                   Private,
-                   FALSE,
-                   BufferSize,
-                   Buffer,
-                   ImageType
-                   );
+        for (Retries = 1; Retries <= PcdGet32 (PcdMaxHttpResumeRetries); Retries++) {
+          Status = HttpBootGetBootFile (
+                     Private,
+                     FALSE,
+                     BufferSize,
+                     Buffer,
+                     ImageType
+                     );
+          if (!EFI_ERROR (Status) ||
+              ((Status != EFI_TIMEOUT) && (Status != EFI_DEVICE_ERROR)))
+          {
+            break;
+          }
+
+          //
+          // HttpBootGetBootFile returned EFI_TIMEOUT or EFI_DEVICE_ERROR.
+          // We may attempt to resume the interrupted download.
+          //
+
+          Private->HttpCreated = FALSE;
+          HttpIoDestroyIo (&Private->HttpIo);
+          Status = HttpBootCreateHttpIo (Private);
+          if (EFI_ERROR (Status)) {
+            break;
+          }
+
+          DEBUG ((DEBUG_WARN | DEBUG_INFO, "HttpBootGetBootFileCaller: NBP file download interrupted, will try to resume the operation.\n"));
+          gBS->Stall (1000 * 1000 * PcdGet32 (PcdHttpDelayBetweenResumeRetries));
+        }
+
+        if (EFI_ERROR (Status) && (Retries >= PcdGet32 (PcdMaxHttpResumeRetries))) {
+          DEBUG ((DEBUG_ERROR, "HttpBootGetBootFileCaller: Error downloading NBP file, even after trying to resume %d times.\n", Retries));
+        }
+
         return Status;
 
       case GetBootFileError:
@@ -522,12 +550,13 @@ HttpBootStop (
   ZeroMem (&Private->StationIp, sizeof (EFI_IP_ADDRESS));
   ZeroMem (&Private->SubnetMask, sizeof (EFI_IP_ADDRESS));
   ZeroMem (&Private->GatewayIp, sizeof (EFI_IP_ADDRESS));
-  Private->Port              = 0;
-  Private->BootFileUri       = NULL;
-  Private->BootFileUriParser = NULL;
-  Private->BootFileSize      = 0;
-  Private->SelectIndex       = 0;
-  Private->SelectProxyType   = HttpOfferTypeMax;
+  Private->Port                   = 0;
+  Private->BootFileUri            = NULL;
+  Private->BootFileUriParser      = NULL;
+  Private->BootFileSize           = 0;
+  Private->SelectIndex            = 0;
+  Private->SelectProxyType        = HttpOfferTypeMax;
+  Private->PartialTransferredSize = 0;
 
   if (!Private->UsingIpv6) {
     //
@@ -577,6 +606,11 @@ HttpBootStop (
     Private->FilePathUriParser = NULL;
   }
 
+  if (Private->LastModifiedOrEtag != NULL) {
+    FreePool (Private->LastModifiedOrEtag);
+    Private->LastModifiedOrEtag = NULL;
+  }
+
   ZeroMem (Private->OfferBuffer, sizeof (Private->OfferBuffer));
   Private->OfferNum = 0;
   ZeroMem (Private->OfferCount, sizeof (Private->OfferCount));
@@ -765,7 +799,8 @@ HttpBootCallback (
       if (Data != NULL) {
         HttpMessage = (EFI_HTTP_MESSAGE *)Data;
         if ((HttpMessage->Data.Request->Method == HttpMethodGet) &&
-            (HttpMessage->Data.Request->Url != NULL))
+            (HttpMessage->Data.Request->Url != NULL) &&
+            (Private->PartialTransferredSize == 0))
         {
           Print (L"\n  URI: %s\n", HttpMessage->Data.Request->Url);
         }
@@ -797,6 +832,16 @@ HttpBootCallback (
           }
         }
 
+        // If download was resumed, do not change progress variables
+        HttpHeader = HttpFindHeader (
+                       HttpMessage->HeaderCount,
+                       HttpMessage->Headers,
+                       HTTP_HEADER_CONTENT_RANGE
+                       );
+        if (HttpHeader) {
+          break;
+        }
+
         HttpHeader = HttpFindHeader (
                        HttpMessage->HeaderCount,
                        HttpMessage->Headers,
diff --git a/NetworkPkg/NetworkPcds.dsc.inc b/NetworkPkg/NetworkPcds.dsc.inc
index f874b382efc3..c6299ad6ed0f 100644
--- a/NetworkPkg/NetworkPcds.dsc.inc
+++ b/NetworkPkg/NetworkPcds.dsc.inc
@@ -11,6 +11,6 @@
 #
 ##
 
-!if $(NETWORK_ALLOW_HTTP_CONNECTIONS) == TRUE
+!if ($(NETWORK_ENABLE) == TRUE) AND ($(NETWORK_ALLOW_HTTP_CONNECTIONS) == TRUE)
   gEfiNetworkPkgTokenSpaceGuid.PcdAllowHttpConnections|TRUE
 !endif
diff --git a/NetworkPkg/NetworkPkg.dec b/NetworkPkg/NetworkPkg.dec
index 7c4289b77b21..29fc0c046c5b 100644
--- a/NetworkPkg/NetworkPkg.dec
+++ b/NetworkPkg/NetworkPkg.dec
@@ -104,6 +104,16 @@
   # @Prompt Max size of total HTTP chunk transfer. the default value is 12MB.
   gEfiNetworkPkgTokenSpaceGuid.PcdMaxHttpChunkTransfer|0x0C00000|UINT32|0x0000000E
 
+  ## The maximum number of retries while attempting to resume an
+  # interrupted HTTP download using a HTTP Range request header.
+  # @Prompt Max number of HTTP download resume retries. Default value is 5.
+  gEfiNetworkPkgTokenSpaceGuid.PcdMaxHttpResumeRetries|0x00000005|UINT32|0x00000012
+
+  ## Delay in seconds between each attempt to resume an
+  # interrupted HTTP download.
+  # @Prompt Delay in seconds between each HTTP resume retry. Default value is 2s.
+  gEfiNetworkPkgTokenSpaceGuid.PcdHttpDelayBetweenResumeRetries|0x00000002|UINT32|0x00000013
+
 [PcdsFixedAtBuild, PcdsPatchableInModule]
   ## Indicates whether HTTP connections (i.e., unsecured) are permitted or not.
   # TRUE  - HTTP connections are allowed. Both the "https://" and "http://" URI schemes are permitted.
diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc
index 808c6bffce2c..f008790f30f8 100644
--- a/NetworkPkg/NetworkPkg.dsc
+++ b/NetworkPkg/NetworkPkg.dsc
@@ -62,6 +62,10 @@
   FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
   SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.UEFI_DRIVER]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
@@ -72,13 +76,6 @@
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
 
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-  # This library provides the instrinsic functions generated by a given compiler.
-  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
 [LibraryClasses.ARM]
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 1772afb05815..667be9558724 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -83,21 +83,14 @@
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
   ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
   DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
+
 [LibraryClasses.common.UEFI_APPLICATION]
   DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
   ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-  # This library provides the instrinsic functions generated by a given compiler.
-  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-  #
-!if $(TOOL_CHAIN_TAG) != VS2017 and $(TOOL_CHAIN_TAG) != VS2015 and $(TOOL_CHAIN_TAG) != VS2019
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-!endif
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+
 [LibraryClasses.ARM]
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+
 [LibraryClasses.RISCV64]
   RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index 61736ff79e83..e529bc6daf1d 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -290,15 +290,9 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptUnderflowTest) {
 // Test Description
 // Test that we can handle recursive dns (multiple dns entries)
 TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
-  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
+  EFI_DHCP6_PACKET_OPTION   *Option = NULL;
   PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
 
-  Private.SelectIndex                         = 1; // SelectIndex is 1-based
-  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
-  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
-  // Setup the DHCPv6 offer packet
-  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
-
   EFI_IPv6_ADDRESS  addresses[2] = {
     // 2001:db8:85a3::8a2e:370:7334
     { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x00, 0x00, 0x00, 0x00, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34 },
@@ -306,7 +300,18 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
     { 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd4, 0x78, 0x91, 0xc3, 0xec, 0xd7, 0x4f, 0xf9 }
   };
 
-  CopyMem (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, &addresses, sizeof (addresses));
+  Option = (EFI_DHCP6_PACKET_OPTION *)AllocatePool (sizeof (*Option) + sizeof (addresses));
+  if (Option == NULL) {
+    ASSERT_NE (Option, nullptr);
+  }
+
+  Private.SelectIndex                         = 1; // SelectIndex is 1-based
+  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = Option;
+  // Setup the DHCPv6 offer packet
+  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
+
+  CopyMem (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, addresses, sizeof (addresses));
 
   Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen = NTOHS (sizeof (addresses));
 
@@ -327,6 +332,10 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
   if (Private.DnsServer) {
     FreePool (Private.DnsServer);
   }
+
+  if (Option) {
+    FreePool (Option);
+  }
 }
 
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
index 40553c00198d..1f5837d6e723 100644
--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
+++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
@@ -232,6 +232,9 @@
   CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc
index 0689d6442f69..2f5fb46a2e67 100644
--- a/OvmfPkg/Bhyve/BhyveX64.dsc
+++ b/OvmfPkg/Bhyve/BhyveX64.dsc
@@ -256,6 +256,9 @@
   CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc
index 0ad495545c8f..1a8d3c4911cf 100644
--- a/OvmfPkg/CloudHv/CloudHvX64.dsc
+++ b/OvmfPkg/CloudHv/CloudHvX64.dsc
@@ -269,6 +269,9 @@
   CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
@@ -632,9 +635,11 @@
 
 !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
 
+!if $(NETWORK_ENABLE) == TRUE
   # IPv4 and IPv6 PXE Boot support.
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index fc1332598e24..fbda01bd7582 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -240,6 +240,9 @@
   PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
   CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.DXE_CORE]
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
   DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf
diff --git a/OvmfPkg/LoongArchVirt/LoongArchVirt.fdf.inc b/OvmfPkg/LoongArchVirt/LoongArchVirt.fdf.inc
index 22373bec6a43..6d68a9e3a60e 100644
--- a/OvmfPkg/LoongArchVirt/LoongArchVirt.fdf.inc
+++ b/OvmfPkg/LoongArchVirt/LoongArchVirt.fdf.inc
@@ -15,18 +15,8 @@ DEFINE FW_BLOCKS                  = 0x400
 DEFINE FW_SIZE                    = 0x400000
 
 ############################################################################
-#Flash code layout
-#Set Sec size in flash
-DEFINE SECFV_SIZE                 = 0x00010000
-
-#Set Pei size in flash
-DEFINE PEIFV_SIZE                 = 0x00040000
-
-#Set Dxe size in flash
-DEFINE DXEFV_SIZE                 = 0x00350000
-
 #Set FVMAIN size
-DEFINE FVMAIN_SIZE                = $(SECFV_SIZE) + $(PEIFV_SIZE) +$(DXEFV_SIZE)
+DEFINE FVMAIN_SIZE                = $(FW_SIZE)
 
 #Set Memory layout
 DEFINE SEC_PEI_TEMP_RAM_BASE      = 0x10000
diff --git a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
index 29c945b0ee34..755892737b12 100644
--- a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
+++ b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc
@@ -102,9 +102,6 @@
   TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
 !endif
 
-  # For stack protector support
-  NULL                             | MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
   BaseLib                          | MdePkg/Library/BaseLib/BaseLib.inf
   SafeIntLib                       | MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
   TimeBaseLib                      | EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf
@@ -197,6 +194,9 @@
   PlatformHookLib                  | OvmfPkg/LoongArchVirt/Library/Fdt16550SerialPortHookLib/EarlyFdt16550SerialPortHookLib.inf
   CpuExceptionHandlerLib           | UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL                             | MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   PcdLib                           | MdePkg/Library/PeiPcdLib/PeiPcdLib.inf
   HobLib                           | MdePkg/Library/PeiHobLib/PeiHobLib.inf
@@ -417,8 +417,10 @@
   #
   # IPv4 and IPv6 PXE Boot support.
   #
+!if $(NETWORK_ENABLE) == TRUE
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport                       | 0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport                       | 0x01
+!endif
 
   #
   # SMBIOS entry point version
diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc
index 3b2312ddbcc7..6fe8dfd2880e 100644
--- a/OvmfPkg/Microvm/MicrovmX64.dsc
+++ b/OvmfPkg/Microvm/MicrovmX64.dsc
@@ -277,6 +277,9 @@
   CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf
   MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEI_CORE]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf
@@ -647,9 +650,11 @@
 
   gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00
 
+!if $(NETWORK_ENABLE) == TRUE
   # IPv4 and IPv6 PXE Boot support.
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 974ab6236211..5e2086eb3309 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -658,9 +658,11 @@
 
 !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
 
+!if $(NETWORK_ENABLE) == TRUE
   # IPv4 and IPv6 PXE Boot support.
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
@@ -684,6 +686,7 @@
   OvmfPkg/Sec/SecMain.inf {
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
   }
 
   #
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index c0e3210a8340..ef04ae21a734 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -676,9 +676,11 @@
   gEfiMdePkgTokenSpaceGuid.PcdFSBClock|1000000000
 
 [PcdsDynamicDefault.X64]
+!if $(NETWORK_ENABLE) == TRUE
   # IPv4 and IPv6 PXE Boot support.
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
 [PcdsDynamicHii]
 !include OvmfPkg/Include/Dsc/OvmfTpmPcdsHii.dsc.inc
@@ -697,6 +699,7 @@
   OvmfPkg/Sec/SecMain.inf {
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
   }
 
   #
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index efb0eedb0459..e7fc7a9410f2 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -690,9 +690,11 @@
 
 !include OvmfPkg/Include/Dsc/OvmfTpmPcds.dsc.inc
 
+!if $(NETWORK_ENABLE) == TRUE
   # IPv4 and IPv6 PXE Boot support.
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   # Set ConfidentialComputing defaults
   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0
@@ -718,6 +720,7 @@
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
       NULL|OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf
       BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
   }
 
   #
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index f6846c20ff40..ac7d18196909 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -525,6 +525,7 @@
   OvmfPkg/Sec/SecMain.inf {
     <LibraryClasses>
       NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
   }
 
   #
diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc
index 30e51790aca1..9cf743c842bc 100644
--- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc
+++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc
@@ -76,10 +76,6 @@
   TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
 !endif
 
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
   # RISC-V Architectural Libraries
   CpuExceptionHandlerLib|UefiCpuPkg/Library/BaseRiscV64CpuExceptionHandlerLib/BaseRiscV64CpuExceptionHandlerLib.inf
   RiscVSbiLib|MdePkg/Library/BaseRiscVSbiLib/BaseRiscVSbiLib.inf
@@ -156,6 +152,9 @@
   PrePiHobListPointerLib|OvmfPkg/RiscVVirt/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf
   MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.DXE_CORE]
   PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf
   HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
diff --git a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
index e0ed6fb9bcd8..63d896587b4a 100644
--- a/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
+++ b/OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc
@@ -217,11 +217,13 @@
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwWorkingBase|0
   gEfiMdeModulePkgTokenSpaceGuid.PcdFlashNvStorageFtwSpareBase|0
 
+!if $(NETWORK_ENABLE) == TRUE
   #
   # IPv4 and IPv6 PXE Boot support.
   #
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01
   gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01
+!endif
 
   #
   # TPM2 support
diff --git a/PcAtChipsetPkg/PcAtChipsetPkg.dsc b/PcAtChipsetPkg/PcAtChipsetPkg.dsc
index 2f02ecf6fd11..73f8198f68fd 100644
--- a/PcAtChipsetPkg/PcAtChipsetPkg.dsc
+++ b/PcAtChipsetPkg/PcAtChipsetPkg.dsc
@@ -45,6 +45,10 @@
   ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [Components]
   PcAtChipsetPkg/HpetTimerDxe/HpetTimerDxe.inf
   PcAtChipsetPkg/Bus/Pci/IdeControllerDxe/IdeControllerDxe.inf
diff --git a/PrmPkg/PrmPkg.ci.yaml b/PrmPkg/PrmPkg.ci.yaml
index b4b5aad67fbd..a55abd221662 100644
--- a/PrmPkg/PrmPkg.ci.yaml
+++ b/PrmPkg/PrmPkg.ci.yaml
@@ -49,7 +49,6 @@
     ## options defined .pytool/Plugin/DependencyCheck
     "DependencyCheck": {
         "AcceptableDependencies": [
-            "ArmPkg/ArmPkg.dec",
             "MdeModulePkg/MdeModulePkg.dec",
             "MdePkg/MdePkg.dec",
             "PrmPkg/PrmPkg.dec",
diff --git a/PrmPkg/PrmPkg.dsc b/PrmPkg/PrmPkg.dsc
index 677100504584..8eeb393cd19c 100644
--- a/PrmPkg/PrmPkg.dsc
+++ b/PrmPkg/PrmPkg.dsc
@@ -18,6 +18,8 @@
 
   DEFINE  PLATFORM_PACKAGE       = $(PLATFORM_NAME)Pkg
 
+!include MdePkg/MdeLibs.dsc.inc
+
 [LibraryClasses.common]
   #
   # EDK II Packages
@@ -38,13 +40,13 @@
   UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
   UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.IA32, LibraryClasses.X64]
   MtrrLib|UefiCpuPkg/Library/MtrrLib/MtrrLib.inf
 
-[LibraryClasses.AARCH64]
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
   #
   # EDK II Packages
@@ -148,12 +150,6 @@
   #
   $(PLATFORM_PACKAGE)/Samples/PrmSampleHardwareAccessModule/PrmSampleHardwareAccessModule.inf
 
-[Components.AARCH64]
-  ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [BuildOptions]
 # Force deprecated interfaces off
   *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES
diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc
index b0150043a9c6..97f20597d244 100644
--- a/RedfishPkg/RedfishPkg.dsc
+++ b/RedfishPkg/RedfishPkg.dsc
@@ -52,12 +52,11 @@
   IpmiLib|MdeModulePkg/Library/BaseIpmiLibNull/BaseIpmiLibNull.inf
   IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # This library provides the instrinsic functions generated by a given compiler.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
 [Components]
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 70981da36109..f6a3f49f12aa 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -89,17 +89,11 @@
   PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf
   MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the intrinsic functions generate by a given compiler.
-  # And NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
+[LibraryClasses.ARM, LibraryClasses.AARCH64]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
   ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
index 6427ea7d8a5d..32816242fc23 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h
@@ -1006,6 +1006,29 @@ ParseAcpiPptt (
   IN UINT8    AcpiTableRevision
   );
 
+/**
+  This function parses the ACPI RAS2 table.
+  When trace is enabled this function parses the RAS2 table and
+  traces the ACPI table fields.
+
+  This function parses the RAS2 ACPI table along with PCC Entries
+
+  This function also performs validation of the ACPI table fields.
+
+  @param [in] Trace              If TRUE, trace the ACPI fields.
+  @param [in] Ptr                Pointer to the start of the buffer.
+  @param [in] AcpiTableLength    Length of the ACPI table.
+  @param [in] AcpiTableRevision  Revision of the ACPI table.
+**/
+VOID
+EFIAPI
+ParseAcpiRas2 (
+  IN BOOLEAN  Trace,
+  IN UINT8    *Ptr,
+  IN UINT32   AcpiTableLength,
+  IN UINT8    AcpiTableRevision
+  );
+
 /**
   This function parses the ACPI RSDP table.
 
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Ras2/Ras2Parser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Ras2/Ras2Parser.c
new file mode 100644
index 000000000000..9c61b96817ab
--- /dev/null
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Ras2/Ras2Parser.c
@@ -0,0 +1,118 @@
+/** @file
+  RAS2 table parser
+
+  Copyright (c) 2024, Arm Limited. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+  @par Reference(s):
+    - ACPI 6.5 Specification - August 2022
+**/
+
+#include <Library/PrintLib.h>
+#include <Library/BaseLib.h>
+#include <Library/UefiLib.h>
+#include "AcpiParser.h"
+#include "AcpiView.h"
+
+// Maximum Memory Domain matrix print size.
+#define MAX_MEMORY_DOMAIN_TARGET_PRINT_MATRIX  10
+
+// Local variables
+STATIC CONST UINT16  *Ras2PccDescriptors;
+
+STATIC ACPI_DESCRIPTION_HEADER_INFO  AcpiHdrInfo;
+
+/**
+  An ACPI_PARSER array describing the ACPI RAS2 Table.
+*/
+STATIC CONST ACPI_PARSER  Ras2Parser[] = {
+  PARSE_ACPI_HEADER (&AcpiHdrInfo),
+  { L"Reserved",                   2,  36, L"0x%x", NULL, NULL,                         NULL, NULL },
+  { L"PCC Descriptors",            2,  38, L"%d",   NULL, (VOID **)&Ras2PccDescriptors, NULL, NULL }
+};
+
+/**
+  An ACPI_PARSER array describing the RAS2 PCC ID Entry
+*/
+STATIC CONST ACPI_PARSER  Ras2StructurePccDescriptor[] = {
+  { L"PCC ID",       1, 0, L"0x%x", NULL, NULL, NULL, NULL },
+  { L"Reserved",     1, 1, L"0x%x", NULL, NULL, NULL, NULL },
+  { L"Reserved",     1, 2, L"0x%x", NULL, NULL, NULL, NULL },
+  { L"Feature Type", 1, 3, L"0x%x", NULL, NULL, NULL, NULL },
+  { L"Instance",     4, 4, L"0x%x", NULL, NULL, NULL, NULL }
+};
+
+STATIC
+VOID
+DumpPccEntry (
+  IN UINT8   *Ptr,
+  IN UINT32  Length
+  )
+{
+  ParseAcpi (
+    TRUE,
+    2,
+    "PCC Descriptor Entry",
+    Ptr,
+    Length,
+    PARSER_PARAMS (Ras2StructurePccDescriptor)
+    );
+}
+
+/**
+  This function parses the ACPI RAS2 table.
+  When trace is enabled this function parses the RAS2 table and
+  traces the ACPI table fields.
+
+  This function parses the following RAS2 structures:
+    - Pcc Instries
+    - Entry Pcc ID
+    - Entry Feature Type
+    - Entry Pcc Instance
+
+  This function also performs validation of the ACPI table fields.
+
+  @param [in] Trace              If TRUE, trace the ACPI fields.
+  @param [in] Ptr                Pointer to the start of the buffer.
+  @param [in] AcpiTableLength    Length of the ACPI table.
+  @param [in] AcpiTableRevision  Revision of the ACPI table.
+**/
+VOID
+EFIAPI
+ParseAcpiRas2 (
+  IN BOOLEAN  Trace,
+  IN UINT8    *Ptr,
+  IN UINT32   AcpiTableLength,
+  IN UINT8    AcpiTableRevision
+  )
+{
+  UINT32  Offset;
+
+  if (!Trace) {
+    return;
+  }
+
+  // Parse ACPI Header + RAS2 "fixed" fields
+  Offset = ParseAcpi (
+             Trace,
+             0,
+             "RAS2",
+             Ptr,
+             AcpiTableLength,
+             PARSER_PARAMS (Ras2Parser)
+             );
+
+  // Table is too small to contain data
+  if (Offset >= AcpiTableLength) {
+    return;
+  }
+
+  // Loop over rest of table for PCC Entries and dump them
+  while (Offset <= (AcpiTableLength - sizeof (EFI_ACPI_RAS2_PCC_DESCRIPTOR))) {
+    DumpPccEntry (
+      Ptr + Offset,
+      sizeof (EFI_ACPI_RAS2_PCC_DESCRIPTOR)
+      );
+    Offset += sizeof (EFI_ACPI_RAS2_PCC_DESCRIPTOR);
+  } // while
+}
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.c
index 4f4254ac40d5..5e73a3909543 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.c
@@ -71,6 +71,7 @@ ACPI_TABLE_PARSER  ParserList[] = {
     ParseAcpiPcct },
   { EFI_ACPI_6_4_PROCESSOR_PROPERTIES_TOPOLOGY_TABLE_STRUCTURE_SIGNATURE,
     ParseAcpiPptt },
+  { EFI_ACPI_6_5_ACPI_RAS2_FEATURE_TABLE_SIGNATURE,                                                      ParseAcpiRas2 },
   { RSDP_TABLE_INFO,                                                                                     ParseAcpiRsdp },
   { EFI_ACPI_6_2_SYSTEM_LOCALITY_INFORMATION_TABLE_SIGNATURE,                                            ParseAcpiSlit },
   { EFI_ACPI_6_2_SERIAL_PORT_CONSOLE_REDIRECTION_TABLE_SIGNATURE,                                        ParseAcpiSpcr },
diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
index 54dddd0ee26d..7ef8b0afb7b2 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/UefiShellAcpiViewCommandLib.inf
@@ -50,6 +50,7 @@
   Parsers/Pcct/PcctParser.h
   Parsers/Pptt/PpttParser.c
   Parsers/Pptt/PpttParser.h
+  Parsers/Ras2/Ras2Parser.c
   Parsers/Rsdp/RsdpParser.c
   Parsers/Slit/SlitParser.c
   Parsers/Spcr/SpcrParser.c
diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc
index 720288e2f55c..029a22fc7997 100644
--- a/ShellPkg/ShellPkg.dsc
+++ b/ShellPkg/ShellPkg.dsc
@@ -65,16 +65,9 @@
   DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
   ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
 
-[LibraryClasses.ARM,LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the instrinsic functions generate by a given compiler.
-  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [PcdsFixedAtBuild]
   gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0xFF
diff --git a/SignedCapsulePkg/SignedCapsulePkg.dsc b/SignedCapsulePkg/SignedCapsulePkg.dsc
index 4c656666e981..1217d24b8adc 100644
--- a/SignedCapsulePkg/SignedCapsulePkg.dsc
+++ b/SignedCapsulePkg/SignedCapsulePkg.dsc
@@ -95,20 +95,13 @@
   PlatformFlashAccessLib|SignedCapsulePkg/Library/PlatformFlashAccessLibNull/PlatformFlashAccessLibNull.inf
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.ARM]
   ArmSoftFloatLib|ArmPkg/Library/ArmSoftFloatLib/ArmSoftFloatLib.inf
 
-[LibraryClasses.AARCH64, LibraryClasses.ARM]
-  #
-  # It is not possible to prevent the ARM compiler for generic intrinsic functions.
-  # This library provides the instrinsic functions generate by a given compiler.
-  # And NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  # Add support for GCC stack protector
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.ARM]
   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
 
diff --git a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc
index 986dd5a769d3..1b9a99b6ab57 100644
--- a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc
+++ b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc
@@ -52,6 +52,10 @@
 !endif
 !endif
 
+# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+[LibraryClasses.common.SEC]
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.PEIM]
   PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
   PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
diff --git a/StandaloneMmPkg/StandaloneMmPkg.dsc b/StandaloneMmPkg/StandaloneMmPkg.dsc
index 02ab3d749e40..51dd134ef9da 100644
--- a/StandaloneMmPkg/StandaloneMmPkg.dsc
+++ b/StandaloneMmPkg/StandaloneMmPkg.dsc
@@ -79,9 +79,6 @@
   CacheMaintenanceLib|ArmPkg/Library/ArmCacheMaintenanceLib/ArmCacheMaintenanceLib.inf
   PeCoffExtraActionLib|StandaloneMmPkg/Library/StandaloneMmPeCoffExtraActionLib/StandaloneMmPeCoffExtraActionLib.inf
 
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.common.MM_CORE_STANDALONE]
   HobLib|StandaloneMmPkg/Library/StandaloneMmCoreHobLib/StandaloneMmCoreHobLib.inf
 
diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc
index 6459ba8f1ab2..f173bba87e4b 100644
--- a/UefiCpuPkg/UefiCpuPkg.dsc
+++ b/UefiCpuPkg/UefiCpuPkg.dsc
@@ -173,8 +173,14 @@
   UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf
   UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationPei.inf
   UefiCpuPkg/PiSmmCommunication/PiSmmCommunicationSmm.inf
-  UefiCpuPkg/SecCore/SecCore.inf
-  UefiCpuPkg/SecCore/SecCoreNative.inf
+  UefiCpuPkg/SecCore/SecCore.inf {
+    <LibraryClasses>
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+  }
+  UefiCpuPkg/SecCore/SecCoreNative.inf {
+    <LibraryClasses>
+      NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+  }
   UefiCpuPkg/SecMigrationPei/SecMigrationPei.inf
   UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
   UefiCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf {
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 9a73c7fd80aa..3c0f2d699b0b 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -352,6 +352,9 @@
   SerialPortLib|UefiPayloadPkg/Library/BaseSerialPortLibHob/BaseSerialPortLibHob.inf
 !endif
 
+  # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
+
 [LibraryClasses.common.DXE_CORE]
   DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLibNull/DxeHobListLibNull.inf
   PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
diff --git a/UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc b/UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc
new file mode 100644
index 000000000000..0de6e4362bf4
--- /dev/null
+++ b/UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc
@@ -0,0 +1,22 @@
+## @file
+# UnitTestFrameworkPkg DSC include file for host and target based test DSC
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[LibraryClasses]
+  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
+  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
+  UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
+  UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf
+  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
+
+[PcdsFixedAtBuild]
+  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
+
+[BuildOptions]
+  MSFT:*_*_*_CC_FLAGS  = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED
+  GCC:*_*_*_CC_FLAGS   = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED
+  XCODE:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED
diff --git a/UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc b/UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
index 83d3205b636c..c56db1819c40 100644
--- a/UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
+++ b/UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
@@ -6,7 +6,7 @@
 #
 ##
 
-!include UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc
 
 [LibraryClasses.common.HOST_APPLICATION]
   BaseLib|MdePkg/Library/BaseLib/UnitTestHostBaseLib.inf
@@ -23,6 +23,7 @@
   UefiBootServicesTableLib|UnitTestFrameworkPkg/Library/UnitTestUefiBootServicesTableLib/UnitTestUefiBootServicesTableLib.inf
   PeiServicesTablePointerLib|UnitTestFrameworkPkg/Library/UnitTestPeiServicesTablePointerLib/UnitTestPeiServicesTablePointerLib.inf
   NULL|UnitTestFrameworkPkg/Library/UnitTestDebugAssertLib/UnitTestDebugAssertLibHost.inf
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNullHostApplication.inf
 
 [BuildOptions]
   MSFT:*_*_*_CC_FLAGS = /MT
diff --git a/UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc b/UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
index 1a059ed4aad2..c0c546db5371 100644
--- a/UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
+++ b/UnitTestFrameworkPkg/UnitTestFrameworkPkgTarget.dsc.inc
@@ -6,6 +6,8 @@
 #
 ##
 
+!include UnitTestFrameworkPkg/UnitTestFrameworkPkgCommon.dsc.inc
+
 [LibraryClasses]
   #
   # Entry point
@@ -15,20 +17,18 @@
   UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
 
   BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
-  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
   DebugLib|MdeModulePkg/Library/PeiDxeDebugLibReportStatusCode/PeiDxeDebugLibReportStatusCode.inf
   ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf
   DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
   MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
-  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
   PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
   PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
-  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
   UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
 
   UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
   UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
   UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibDebugLib.inf
+  NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf
 
 [LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
   NULL|UnitTestFrameworkPkg/Library/UnitTestDebugAssertLib/UnitTestDebugAssertLib.inf
@@ -45,20 +45,6 @@
 [LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION]
   NULL|UnitTestFrameworkPkg/Library/UnitTestDebugAssertLib/UnitTestDebugAssertLib.inf
 
-[LibraryClasses.ARM, LibraryClasses.AARCH64]
-  #
-  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
-  # This library provides the instrinsic functions generated by a given compiler.
-  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
-  #
-  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
-
-  #
-  # Since software stack checking may be heuristically enabled by the compiler
-  # include BaseStackCheckLib unconditionally.
-  #
-  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
-
 [LibraryClasses.common.PEIM]
   HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
   MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
@@ -66,11 +52,3 @@
 
 [LibraryClasses.common.UEFI_APPLICATION]
   UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.inf
-
-[PcdsFixedAtBuild]
-  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x17
-
-[BuildOptions]
-  MSFT:*_*_*_CC_FLAGS  = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED
-  GCC:*_*_*_CC_FLAGS   = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED
-  XCODE:*_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES -D EDKII_UNIT_TEST_FRAMEWORK_ENABLED