Merge tag '16.0' into vyos/current

shim-16.0

What's Changed
* Validate that a supplied vendor cert is not in PEM format by @steve-mcintyre in https://github.com/rhboot/shim/pull/646
* sbat: Add grub.peimage,2 to latest (CVE-2024-2312) by @julian-klode in https://github.com/rhboot/shim/pull/651
* sbat: Also bump latest for grub,4 (and to todays date) by @julian-klode in https://github.com/rhboot/shim/pull/653
* undo change that limits certificate files to a single file by @jsetje in https://github.com/rhboot/shim/pull/659
* shim: don't set second_stage to the empty string by @jjd27 in https://github.com/rhboot/shim/pull/640
* Fix SBAT.md for today's consensus about numbers by @aronowski in https://github.com/rhboot/shim/pull/672
* Update Code of Conduct contact address by @aronowski in https://github.com/rhboot/shim/pull/683
* make-certs: Handle missing OpenSSL installation by @aronowski in https://github.com/rhboot/shim/pull/595
* Update MokVars.txt by @mikebeaton in https://github.com/rhboot/shim/pull/598
* export DEFINES for sub makefile by @bryteise in https://github.com/rhboot/shim/pull/600
* Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition by @vittyvk in https://github.com/rhboot/shim/pull/609
* Null-terminate 'arguments' in fallback by @vittyvk in https://github.com/rhboot/shim/pull/611
* Fix "Verifiying" typo in error message by @chrisbainbridge in https://github.com/rhboot/shim/pull/706
* Update Fedora CI targets by @vathpela in https://github.com/rhboot/shim/pull/708
* Force gcc to produce DWARF4 so that gdb can use it by @mikebeaton in https://github.com/rhboot/shim/pull/607
* Minor housekeeping 2024121700 by @vathpela in https://github.com/rhboot/shim/pull/709
* Discard load-options that start with WINDOWS by @Metabolix in https://github.com/rhboot/shim/pull/621
* Fix the issue that the gBS->LoadImage pointer was empty. by @15058718379 in https://github.com/rhboot/shim/pull/703
* shim: Allow data after the end of device path node in load options by @dbnicholson in https://github.com/rhboot/shim/pull/694
* Handle network file not found like disks by @dbnicholson in https://github.com/rhboot/shim/pull/695
* Update gnu-efi submodule for EFI_HTTP_ERROR by @vathpela in https://github.com/rhboot/shim/pull/674
* Increase EFI file alignment by @lumag in https://github.com/rhboot/shim/pull/673
* avoid EFIv2 runtime services on Apple x86 machines by @eduardacatrinei in https://github.com/rhboot/shim/pull/690
* Improve shortcut performance when comparing two boolean expressions by @dennis-tseng99 in https://github.com/rhboot/shim/pull/667
* Provide better error message when MokManager is not found by @rmetrich in https://github.com/rhboot/shim/pull/663
* tpm: Boot with a warning if the event log is full by @kukrimate in https://github.com/rhboot/shim/pull/657
* MokManager: remove redundant logical constraints by @xypron in https://github.com/rhboot/shim/pull/409
* Test import_mok_state() when MokListRT would be bigger than available size by @vathpela in https://github.com/rhboot/shim/pull/417
* test-mok-mirror: minor bug fix by @vathpela in https://github.com/rhboot/shim/pull/715
* Fix file system browser hang when enrolling MOK from disk by @miczyg1 in https://github.com/rhboot/shim/pull/622
* Ignore a minor clang-tidy nit by @vathpela in https://github.com/rhboot/shim/pull/716
* Allow fallback to default loader when encountering errors on network boot by @nathan-omeara in https://github.com/rhboot/shim/pull/666
* test.mk: don't use a temporary random.bin by @vathpela in https://github.com/rhboot/shim/pull/718
* pe: Enhance debug report for update_mem_attrs by @jongwu in https://github.com/rhboot/shim/pull/594
* Multiple certificate handling improvements by @rosslagerwall in https://github.com/rhboot/shim/pull/644
* Generate SbatLevel Metadata from SbatLevel_Variable.txt by @jsetje in https://github.com/rhboot/shim/pull/711
* Apply EKU check with compile option by @dennis-tseng99 in https://github.com/rhboot/shim/pull/664
* Add configuration option to boot an alternative 2nd stage by @esnowberg in https://github.com/rhboot/shim/pull/608
* Loader protocol (with Device Path resolution support) by @kukrimate in https://github.com/rhboot/shim/pull/656
* netboot cleanup for additional files by @jsetje in https://github.com/rhboot/shim/pull/686
* Document how revocations can be delivered by @jsetje in https://github.com/rhboot/shim/pull/722
* post-process-pe: add tests to validate NX compliance by @vathpela in https://github.com/rhboot/shim/pull/705
* regression: CopyMem() in ad8692e copies out of bounds by @jsetje in https://github.com/rhboot/shim/pull/725
* Save the debug and error logs in mok-variables by @vathpela in https://github.com/rhboot/shim/pull/726
* Add features for the Host Security ID program by @vathpela in https://github.com/rhboot/shim/pull/660
* Mirror some more efi variables to mok-variables by @vathpela in https://github.com/rhboot/shim/pull/723
* This adds DXE Services measurements to HSI and uses them for NX by @vathpela in https://github.com/rhboot/shim/pull/724
* Add shim's current NX_COMPAT status to HSIStatus by @vathpela in https://github.com/rhboot/shim/pull/727
* README.tpm: reflect that vendor_db is in fact logged as "vendor_db" by @jsetje in https://github.com/rhboot/shim/pull/728
* Reject HTTP message with duplicate Content-Length header fields by @dennis-tseng99 in https://github.com/rhboot/shim/pull/637
* Disable log saving by @vathpela in https://github.com/rhboot/shim/pull/729
* fallback: don't add new boot order entries backwards by @vathpela in https://github.com/rhboot/shim/pull/730
* Misc fixes... by @vathpela in https://github.com/rhboot/shim/pull/735
* README.tpm: Update MokList entry to MokListRT by @trungams in https://github.com/rhboot/shim/pull/732
* SBAT Level update for February 2025 GRUB CVEs by @jsetje in https://github.com/rhboot/shim/pull/736

New Contributors
* @jjd27 made their first contribution in https://github.com/rhboot/shim/pull/640
* @mikebeaton made their first contribution in https://github.com/rhboot/shim/pull/598
* @bryteise made their first contribution in https://github.com/rhboot/shim/pull/600
* @vittyvk made their first contribution in https://github.com/rhboot/shim/pull/609
* @chrisbainbridge made their first contribution in https://github.com/rhboot/shim/pull/706
* @Metabolix made their first contribution in https://github.com/rhboot/shim/pull/621
* @15058718379 made their first contribution in https://github.com/rhboot/shim/pull/703
* @dbnicholson made their first contribution in https://github.com/rhboot/shim/pull/694
* @lumag made their first contribution in https://github.com/rhboot/shim/pull/673
* @eduardacatrinei made their first contribution in https://github.com/rhboot/shim/pull/690
* @kukrimate made their first contribution in https://github.com/rhboot/shim/pull/657
* @miczyg1 made their first contribution in https://github.com/rhboot/shim/pull/622
* @nathan-omeara made their first contribution in https://github.com/rhboot/shim/pull/666
* @jongwu made their first contribution in https://github.com/rhboot/shim/pull/594
* @rosslagerwall made their first contribution in https://github.com/rhboot/shim/pull/644
* @trungams made their first contribution in https://github.com/rhboot/shim/pull/732

**Full Changelog**: https://github.com/rhboot/shim/compare/15.8...16.0

* tag '16.0': (451 commits)
  Update version to 16.0
  SBAT Level update for February 2025 GRUB CVEs
  README.tpm: Update MokList entry to MokListRT
  Make 'make fanalyzer' work again.
  simple_dir_filter(): test our 'next' pointer
  shim_load_image(): initialize the buffer fully
  mirror_mok_db(): Free our mok variable name correctly
  mirror_one_mok_variable(): fix a memory leak on TPM log error.
  mirror_mok_db(): get rid of an unused variable+allocation
  generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
  generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
  generate_sbat_var_defs: run clang-format on readfile()
  SetSecureVariable(): free Cert on failure
  Update version to 16.0~rc1
  make-archive: some minor housekeeping
  makefiles: Make GITTAG swizzle tildes to dashes
  fallback: don't add new boot order entries backwards
  Disable log saving for now.
  Some save_logs() improvements.
  reject message with different values in multiple Content-Length header field
  ...

1 files changed, 173 insertions, 0 deletions

diff --git a/generate_sbat_var_defs.c b/generate_sbat_var_defs.c
new file mode 100644
index 00000000..1258e1b2
--- /dev/null
+++ b/generate_sbat_var_defs.c
@@ -0,0 +1,173 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+
+/*
+ * This generates the header files that produce the actual revocation
+ * string payload. On the one hand this grabs the defintions from the
+ * human readable SbatLevel_Variable.txt file which is nice. On the other
+ * hand it's one off c code.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+typedef struct sbat_revocation sbat_revocation;
+
+struct sbat_revocation {
+	int date;
+	char *revocations;
+	sbat_revocation *next;
+};
+
+static sbat_revocation *revlisthead;
+
+int
+readfile(char *SbatLevel_Variable)
+{
+	FILE *varfilep;
+	char line[1024];
+	int date;
+	int ret = -1;
+
+	unsigned int revocationsp = 0;
+
+	sbat_revocation *revlistlast = NULL;
+	sbat_revocation *revlistentry = NULL;
+
+	revlisthead = NULL;
+
+	varfilep = fopen(SbatLevel_Variable, "r");
+	if (varfilep == NULL)
+		return -1;
+
+	while (fgets(line, sizeof(line), varfilep) != NULL) {
+		if (sscanf(line, "sbat,1,%d\n", &date) && strlen(line) == 18) {
+			revlistentry = calloc(1, sizeof(sbat_revocation));
+			if (revlistentry == NULL)
+				goto err;
+			if (revlisthead == NULL)
+				revlisthead = revlistentry;
+			else
+				revlistlast->next = revlistentry;
+
+			revlistlast = revlistentry;
+
+			revlistentry->date = date;
+			while (line[0] != '\n' &&
+			       fgets(line, sizeof(line), varfilep) != NULL) {
+				char *new = NULL;
+				new = realloc(revlistentry->revocations,
+				              revocationsp + strlen(line) + 1);
+				if (new == NULL) {
+					ret = -1;
+					goto err;
+				}
+				revlistentry->revocations = new;
+				if (strlen(line) > 1) {
+					line[strlen(line) - 1] = 0;
+					sprintf(revlistentry->revocations +
+					                revocationsp,
+					        "%s\\n", line);
+					revocationsp =
+						revocationsp + strlen(line) + 2;
+				}
+			}
+			revocationsp = 0;
+		}
+	}
+
+	ret = 1;
+err:
+	if (ret < 0 && revlisthead) {
+		sbat_revocation *rle = revlisthead;
+		while (rle) {
+			sbat_revocation *next = rle->next;
+			if (rle->revocations)
+				free(rle->revocations);
+			free(rle);
+			rle = next;
+		}
+		revlisthead = NULL;
+	}
+	fclose(varfilep);
+	return ret;
+}
+
+int
+writefile()
+{
+	int epochfound = 0;
+	int epochdate = 2021030218;
+	int latestdate = 0;
+
+	sbat_revocation *revlistentry;
+	sbat_revocation *latest_revlistentry = NULL;
+
+	revlistentry = revlisthead;
+
+	while (revlistentry != NULL) {
+		if (revlistentry->date == epochdate) {
+			printf("#ifndef GEN_SBAT_VAR_DEFS_H_\n"
+			       "#define GEN_SBAT_VAR_DEFS_H_\n"
+			       "#ifndef ENABLE_SHIM_DEVEL\n\n"
+			       "#ifndef SBAT_AUTOMATIC_DATE\n"
+			       "#define SBAT_AUTOMATIC_DATE 2024040900\n"
+			       "#endif /* SBAT_AUTOMATIC_DATE */\n"
+			       "#if SBAT_AUTOMATIC_DATE == %d\n"
+			       "#define SBAT_VAR_AUTOMATIC_REVOCATIONS\n",
+			       revlistentry->date);
+			epochfound = 1;
+		} else if (epochfound == 1) {
+			printf("#elif SBAT_AUTOMATIC_DATE == %d\n"
+			       "#define SBAT_VAR_AUTOMATIC_REVOCATIONS \"%s\"\n",
+			       revlistentry->date,
+			       revlistentry->revocations);
+		}
+		if (revlistentry->date > latestdate) {
+			latest_revlistentry = revlistentry;
+			latestdate = revlistentry->date;
+		}
+		revlistentry = revlistentry->next;
+	}
+
+	if (epochfound == 0 || !latest_revlistentry)
+		return -1;
+
+	printf("#else\n"
+	       "#error \"Unknown SBAT_AUTOMATIC_DATE\"\n"
+	       "#endif /* SBAT_AUTOMATIC_DATE == */\n\n"
+	       "#define SBAT_VAR_AUTOMATIC_DATE QUOTEVAL(SBAT_AUTOMATIC_DATE)\n"
+	       "#define SBAT_VAR_AUTOMATIC \\\n"
+               "	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_AUTOMATIC_DATE \"\\n\" \\\n"
+               "	SBAT_VAR_AUTOMATIC_REVOCATIONS\n\n");
+
+	printf("#define SBAT_VAR_LATEST_DATE \"%d\"\n"
+	       "#define SBAT_VAR_LATEST_REVOCATIONS \"%s\"\n",
+	       latest_revlistentry->date,
+	       latest_revlistentry->revocations);
+
+	printf("#define SBAT_VAR_LATEST \\\n"
+               "	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE \"\\n\" \\\n"
+               "	SBAT_VAR_LATEST_REVOCATIONS\n\n"
+	       "#endif /* !ENABLE_SHIM_DEVEL */\n"
+	       "#endif /* !GEN_SBAT_VAR_DEFS_H_ */\n");
+
+	return 0;
+}
+
+
+int
+main(int argc, char *argv[])
+{
+	char SbatLevel_Variable[2048];
+
+	if (argc == 2)
+		snprintf(SbatLevel_Variable, 2048, "%s/SbatLevel_Variable.txt", argv[1]);
+	else
+		snprintf(SbatLevel_Variable, 2048, "SbatLevel_Variable.txt");
+
+	if (readfile(SbatLevel_Variable))
+		return writefile();
+	else
+		return -1;
+}