Merge tag '16.0' into vyos/current

shim-16.0

What's Changed
* Validate that a supplied vendor cert is not in PEM format by @steve-mcintyre in https://github.com/rhboot/shim/pull/646
* sbat: Add grub.peimage,2 to latest (CVE-2024-2312) by @julian-klode in https://github.com/rhboot/shim/pull/651
* sbat: Also bump latest for grub,4 (and to todays date) by @julian-klode in https://github.com/rhboot/shim/pull/653
* undo change that limits certificate files to a single file by @jsetje in https://github.com/rhboot/shim/pull/659
* shim: don't set second_stage to the empty string by @jjd27 in https://github.com/rhboot/shim/pull/640
* Fix SBAT.md for today's consensus about numbers by @aronowski in https://github.com/rhboot/shim/pull/672
* Update Code of Conduct contact address by @aronowski in https://github.com/rhboot/shim/pull/683
* make-certs: Handle missing OpenSSL installation by @aronowski in https://github.com/rhboot/shim/pull/595
* Update MokVars.txt by @mikebeaton in https://github.com/rhboot/shim/pull/598
* export DEFINES for sub makefile by @bryteise in https://github.com/rhboot/shim/pull/600
* Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition by @vittyvk in https://github.com/rhboot/shim/pull/609
* Null-terminate 'arguments' in fallback by @vittyvk in https://github.com/rhboot/shim/pull/611
* Fix "Verifiying" typo in error message by @chrisbainbridge in https://github.com/rhboot/shim/pull/706
* Update Fedora CI targets by @vathpela in https://github.com/rhboot/shim/pull/708
* Force gcc to produce DWARF4 so that gdb can use it by @mikebeaton in https://github.com/rhboot/shim/pull/607
* Minor housekeeping 2024121700 by @vathpela in https://github.com/rhboot/shim/pull/709
* Discard load-options that start with WINDOWS by @Metabolix in https://github.com/rhboot/shim/pull/621
* Fix the issue that the gBS->LoadImage pointer was empty. by @15058718379 in https://github.com/rhboot/shim/pull/703
* shim: Allow data after the end of device path node in load options by @dbnicholson in https://github.com/rhboot/shim/pull/694
* Handle network file not found like disks by @dbnicholson in https://github.com/rhboot/shim/pull/695
* Update gnu-efi submodule for EFI_HTTP_ERROR by @vathpela in https://github.com/rhboot/shim/pull/674
* Increase EFI file alignment by @lumag in https://github.com/rhboot/shim/pull/673
* avoid EFIv2 runtime services on Apple x86 machines by @eduardacatrinei in https://github.com/rhboot/shim/pull/690
* Improve shortcut performance when comparing two boolean expressions by @dennis-tseng99 in https://github.com/rhboot/shim/pull/667
* Provide better error message when MokManager is not found by @rmetrich in https://github.com/rhboot/shim/pull/663
* tpm: Boot with a warning if the event log is full by @kukrimate in https://github.com/rhboot/shim/pull/657
* MokManager: remove redundant logical constraints by @xypron in https://github.com/rhboot/shim/pull/409
* Test import_mok_state() when MokListRT would be bigger than available size by @vathpela in https://github.com/rhboot/shim/pull/417
* test-mok-mirror: minor bug fix by @vathpela in https://github.com/rhboot/shim/pull/715
* Fix file system browser hang when enrolling MOK from disk by @miczyg1 in https://github.com/rhboot/shim/pull/622
* Ignore a minor clang-tidy nit by @vathpela in https://github.com/rhboot/shim/pull/716
* Allow fallback to default loader when encountering errors on network boot by @nathan-omeara in https://github.com/rhboot/shim/pull/666
* test.mk: don't use a temporary random.bin by @vathpela in https://github.com/rhboot/shim/pull/718
* pe: Enhance debug report for update_mem_attrs by @jongwu in https://github.com/rhboot/shim/pull/594
* Multiple certificate handling improvements by @rosslagerwall in https://github.com/rhboot/shim/pull/644
* Generate SbatLevel Metadata from SbatLevel_Variable.txt by @jsetje in https://github.com/rhboot/shim/pull/711
* Apply EKU check with compile option by @dennis-tseng99 in https://github.com/rhboot/shim/pull/664
* Add configuration option to boot an alternative 2nd stage by @esnowberg in https://github.com/rhboot/shim/pull/608
* Loader protocol (with Device Path resolution support) by @kukrimate in https://github.com/rhboot/shim/pull/656
* netboot cleanup for additional files by @jsetje in https://github.com/rhboot/shim/pull/686
* Document how revocations can be delivered by @jsetje in https://github.com/rhboot/shim/pull/722
* post-process-pe: add tests to validate NX compliance by @vathpela in https://github.com/rhboot/shim/pull/705
* regression: CopyMem() in ad8692e copies out of bounds by @jsetje in https://github.com/rhboot/shim/pull/725
* Save the debug and error logs in mok-variables by @vathpela in https://github.com/rhboot/shim/pull/726
* Add features for the Host Security ID program by @vathpela in https://github.com/rhboot/shim/pull/660
* Mirror some more efi variables to mok-variables by @vathpela in https://github.com/rhboot/shim/pull/723
* This adds DXE Services measurements to HSI and uses them for NX by @vathpela in https://github.com/rhboot/shim/pull/724
* Add shim's current NX_COMPAT status to HSIStatus by @vathpela in https://github.com/rhboot/shim/pull/727
* README.tpm: reflect that vendor_db is in fact logged as "vendor_db" by @jsetje in https://github.com/rhboot/shim/pull/728
* Reject HTTP message with duplicate Content-Length header fields by @dennis-tseng99 in https://github.com/rhboot/shim/pull/637
* Disable log saving by @vathpela in https://github.com/rhboot/shim/pull/729
* fallback: don't add new boot order entries backwards by @vathpela in https://github.com/rhboot/shim/pull/730
* Misc fixes... by @vathpela in https://github.com/rhboot/shim/pull/735
* README.tpm: Update MokList entry to MokListRT by @trungams in https://github.com/rhboot/shim/pull/732
* SBAT Level update for February 2025 GRUB CVEs by @jsetje in https://github.com/rhboot/shim/pull/736

New Contributors
* @jjd27 made their first contribution in https://github.com/rhboot/shim/pull/640
* @mikebeaton made their first contribution in https://github.com/rhboot/shim/pull/598
* @bryteise made their first contribution in https://github.com/rhboot/shim/pull/600
* @vittyvk made their first contribution in https://github.com/rhboot/shim/pull/609
* @chrisbainbridge made their first contribution in https://github.com/rhboot/shim/pull/706
* @Metabolix made their first contribution in https://github.com/rhboot/shim/pull/621
* @15058718379 made their first contribution in https://github.com/rhboot/shim/pull/703
* @dbnicholson made their first contribution in https://github.com/rhboot/shim/pull/694
* @lumag made their first contribution in https://github.com/rhboot/shim/pull/673
* @eduardacatrinei made their first contribution in https://github.com/rhboot/shim/pull/690
* @kukrimate made their first contribution in https://github.com/rhboot/shim/pull/657
* @miczyg1 made their first contribution in https://github.com/rhboot/shim/pull/622
* @nathan-omeara made their first contribution in https://github.com/rhboot/shim/pull/666
* @jongwu made their first contribution in https://github.com/rhboot/shim/pull/594
* @rosslagerwall made their first contribution in https://github.com/rhboot/shim/pull/644
* @trungams made their first contribution in https://github.com/rhboot/shim/pull/732

**Full Changelog**: https://github.com/rhboot/shim/compare/15.8...16.0

* tag '16.0': (451 commits)
  Update version to 16.0
  SBAT Level update for February 2025 GRUB CVEs
  README.tpm: Update MokList entry to MokListRT
  Make 'make fanalyzer' work again.
  simple_dir_filter(): test our 'next' pointer
  shim_load_image(): initialize the buffer fully
  mirror_mok_db(): Free our mok variable name correctly
  mirror_one_mok_variable(): fix a memory leak on TPM log error.
  mirror_mok_db(): get rid of an unused variable+allocation
  generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
  generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
  generate_sbat_var_defs: run clang-format on readfile()
  SetSecureVariable(): free Cert on failure
  Update version to 16.0~rc1
  make-archive: some minor housekeeping
  makefiles: Make GITTAG swizzle tildes to dashes
  fallback: don't add new boot order entries backwards
  Disable log saving for now.
  Some save_logs() improvements.
  reject message with different values in multiple Content-Length header field
  ...

4 files changed, 145 insertions, 1 deletions

diff --git a/gnu-efi/inc/efiapi.h b/gnu-efi/inc/efiapi.h
index 96e9e4a0..9d399a28 100644
--- a/gnu-efi/inc/efiapi.h
+++ b/gnu-efi/inc/efiapi.h
@@ -971,5 +971,75 @@ typedef struct _EFI_SYSTEM_TABLE {
 
 } EFI_SYSTEM_TABLE;
 
-#endif
 
+//
+// Not technically EFI, but oh well.
+//
+
+#define EFI_DXE_SERVICES_TABLE_SIGNATURE        0x565245535f455844ULL
+
+typedef enum {
+    EFI_GCD_MEMORY_TYPE_NON_EXISTENT,
+    EFI_GCD_MEMORY_TYPE_RESERVED,
+    EFI_GCD_MEMORY_TYPE_SYSTEM_MEMORY,
+    EFI_GCD_MEMORY_TYPE_MEMORY_MAPPED_IO,
+    EFI_GCD_MEMORY_TYPE_PERSISTENT,
+    EFI_GCD_MEMORY_TYPE_MORE_RELIABLE,
+    EFI_GCD_MEMORY_TYPE_MAXIMUM
+} EFI_GCD_MEMORY_TYPE_T;
+
+#define DXE_SERVICES_TABLE_GUID \
+  { \
+    0x5ad34ba, 0x6f02, 0x4214, {0x95, 0x2e, 0x4d, 0xa0, 0x39, 0x8e, 0x2b, 0xb9 } \
+  }
+
+struct _EFI_GCD_MEMORY_SPACE_DESCRIPTOR {
+    EFI_PHYSICAL_ADDRESS            BaseAddress;
+    UINT64                          Length;
+    UINT64                          Capabilities;
+    UINT64                          Attributes;
+    EFI_GCD_MEMORY_TYPE_T           GcdMemoryType;
+    EFI_HANDLE                      ImageHandle;
+    EFI_HANDLE                      DeviceHandle;
+} __attribute__((__packed__));
+
+typedef struct _EFI_GCD_MEMORY_SPACE_DESCRIPTOR EFI_GCD_MEMORY_SPACE_DESCRIPTOR;
+
+typedef
+EFI_STATUS
+(EFIAPI *GET_MEMORY_SPACE_DESCRIPTOR) (
+    IN EFI_PHYSICAL_ADDRESS     BaseAddress,
+    OUT EFI_GCD_MEMORY_SPACE_DESCRIPTOR *Desc
+    );
+
+typedef
+EFI_STATUS
+(EFIAPI *SET_MEMORY_SPACE_ATTRIBUTES) (
+    IN EFI_PHYSICAL_ADDRESS     BaseAddress,
+    IN UINT64                   Length,
+    IN UINT64                   Attributes
+    );
+
+typedef struct _EFI_DXE_SERVICES_TABLE {
+    EFI_TABLE_HEADER                Hdr;
+    VOID                            *AddMemorySpace;
+    VOID                            *AllocateMemorySpace;
+    VOID                            *FreeMemorySpace;
+    VOID                            *RemoveMemorySpace;
+    GET_MEMORY_SPACE_DESCRIPTOR	    GetMemorySpaceDescriptor;
+    SET_MEMORY_SPACE_ATTRIBUTES	    SetMemorySpaceAttributes;
+    VOID                            *GetMemorySpaceMap;
+    VOID                            *AddIoSpace;
+    VOID                            *AllocateIoSpace;
+    VOID                            *FreeIoSpace;
+    VOID                            *RemoveIoSpace;
+    VOID                            *GetIoSpaceDescriptor;
+    VOID                            *GetIoSpaceMap;
+    VOID                            *Dispatch;
+    VOID                            *Schedule;
+    VOID                            *Trust;
+    VOID                            *ProcessFirmwareVolume;
+    VOID                            *SetMemorySpaceCapabilities;
+} EFI_DXE_SERVICES_TABLE;
+
+#endif
diff --git a/gnu-efi/inc/efierr.h b/gnu-efi/inc/efierr.h
index 5a66e1a0..ac9ef7ba 100644
--- a/gnu-efi/inc/efierr.h
+++ b/gnu-efi/inc/efierr.h
@@ -57,12 +57,17 @@ Revision History
 #define EFI_END_OF_FILE                 EFIERR(31)
 #define EFI_INVALID_LANGUAGE            EFIERR(32)
 #define EFI_COMPROMISED_DATA            EFIERR(33)
+#define EFI_IP_ADDRESS_CONFLICT         EFIERR(34)
+#define EFI_HTTP_ERROR                  EFIERR(35)
 
 #define EFI_WARN_UNKOWN_GLYPH           EFIWARN(1)
 #define EFI_WARN_UNKNOWN_GLYPH          EFIWARN(1)
 #define EFI_WARN_DELETE_FAILURE         EFIWARN(2)
 #define EFI_WARN_WRITE_FAILURE          EFIWARN(3)
 #define EFI_WARN_BUFFER_TOO_SMALL       EFIWARN(4)
+#define EFI_WARN_STALE_DATA             EFIWARN(5)
+#define EFI_WARN_FILE_SYSTEM            EFIWARN(6)
+#define EFI_WARN_RESET_REQUIRED         EFIWARN(7)
 
 #endif
 
diff --git a/gnu-efi/inc/efilib.h b/gnu-efi/inc/efilib.h
index af470191..a8316661 100644
--- a/gnu-efi/inc/efilib.h
+++ b/gnu-efi/inc/efilib.h
@@ -79,10 +79,16 @@ extern EFI_GUID gEfiDiskIoProtocolGuid;
 #define DiskIoProtocol gEfiDiskIoProtocolGuid
 extern EFI_GUID gEfiDiskIo2ProtocolGuid;
 #define DiskIo2Protocol gEfiDiskIo2ProtocolGuid
+extern EFI_GUID gEfiDxeServicesTableGuid;
+#define DxeServicesTable gEfiDxeServicesTableGuid
 extern EFI_GUID gEfiSimpleFileSystemProtocolGuid;
 #define FileSystemProtocol gEfiSimpleFileSystemProtocolGuid
+extern EFI_GUID gEfiLoadedImageDevicePathProtocolGuid;
+#define LoadedImageDevicePathProtocol gEfiLoadedImageDevicePathProtocolGuid
 extern EFI_GUID gEfiLoadFileProtocolGuid;
 #define LoadFileProtocol gEfiLoadFileProtocolGuid
+extern EFI_GUID gEfiLoadFile2ProtocolGuid;
+#define LoadFile2Protocol gEfiLoadFile2ProtocolGuid
 extern EFI_GUID gEfiDeviceIoProtocolGuid;
 #define DeviceIoProtocol gEfiDeviceIoProtocolGuid
 extern EFI_GUID VariableStoreProtocol;
diff --git a/gnu-efi/inc/efiprot.h b/gnu-efi/inc/efiprot.h
index 4013ab25..db291579 100644
--- a/gnu-efi/inc/efiprot.h
+++ b/gnu-efi/inc/efiprot.h
@@ -554,6 +554,69 @@ typedef struct _EFI_LOAD_FILE_PROTOCOL {
 typedef struct _EFI_LOAD_FILE_PROTOCOL _EFI_LOAD_FILE_INTERFACE;
 typedef EFI_LOAD_FILE_PROTOCOL EFI_LOAD_FILE_INTERFACE;
 
+
+//
+// Load File 2 Protocol
+//
+
+#define EFI_LOAD_FILE2_PROTOCOL_GUID \
+  { \
+    0x4006c0c1, 0xfcb3, 0x403e, {0x99, 0x6d, 0x4a, 0x6c, 0x87, 0x24, 0xe0, 0x6d } \
+  }
+
+///
+/// Protocol Guid defined by UEFI2.1.
+///
+#define LOAD_FILE2_PROTOCOL  EFI_LOAD_FILE2_PROTOCOL_GUID
+
+typedef struct _EFI_LOAD_FILE2_PROTOCOL EFI_LOAD_FILE2_PROTOCOL;
+
+/**
+  Causes the driver to load a specified file.
+
+  @param  This       Protocol instance pointer.
+  @param  FilePath   The device specific path of the file to load.
+  @param  BootPolicy Should always be FALSE.
+  @param  BufferSize On input the size of Buffer in bytes. On output with a return
+                     code of EFI_SUCCESS, the amount of data transferred to
+                     Buffer. On output with a return code of EFI_BUFFER_TOO_SMALL,
+                     the size of Buffer required to retrieve the requested file.
+  @param  Buffer     The memory buffer to transfer the file to. IF Buffer is NULL,
+                     then no the size of the requested file is returned in
+                     BufferSize.
+
+  @retval EFI_SUCCESS           The file was loaded.
+  @retval EFI_UNSUPPORTED       BootPolicy is TRUE.
+  @retval EFI_INVALID_PARAMETER FilePath is not a valid device path, or
+                                BufferSize is NULL.
+  @retval EFI_NO_MEDIA          No medium was present to load the file.
+  @retval EFI_DEVICE_ERROR      The file was not loaded due to a device error.
+  @retval EFI_NO_RESPONSE       The remote system did not respond.
+  @retval EFI_NOT_FOUND         The file was not found
+  @retval EFI_ABORTED           The file load process was manually canceled.
+  @retval EFI_BUFFER_TOO_SMALL  The BufferSize is too small to read the current
+                                directory entry. BufferSize has been updated with
+                                the size needed to complete the request.
+
+
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_LOAD_FILE2)(
+  IN EFI_LOAD_FILE2_PROTOCOL          *This,
+  IN EFI_DEVICE_PATH_PROTOCOL         *FilePath,
+  IN BOOLEAN                          BootPolicy,
+  IN OUT UINTN                        *BufferSize,
+  IN VOID                             *Buffer OPTIONAL
+  );
+
+///
+/// The EFI_LOAD_FILE_PROTOCOL is a simple protocol used to obtain files from arbitrary devices.
+///
+struct _EFI_LOAD_FILE2_PROTOCOL {
+  EFI_LOAD_FILE2    LoadFile;
+};
+
 //
 // Device IO protocol
 //