New upstream version 15.7upstream/15.7

7 files changed, 138 insertions, 51 deletions

diff --git a/include/cc.h b/include/cc.h
new file mode 100644
index 00000000..8b127208
--- /dev/null
+++ b/include/cc.h
@@ -0,0 +1,85 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+
+#ifndef SHIM_CC_H
+#define SHIM_CC_H
+
+typedef struct {
+	uint8_t Major;
+	uint8_t Minor;
+} EFI_CC_VERSION;
+
+#define EFI_CC_TYPE_NONE 0
+#define EFI_CC_TYPE_SEV  1
+#define EFI_CC_TYPE_TDX  2
+
+typedef struct {
+	uint8_t Type;
+	uint8_t SubType;
+} EFI_CC_TYPE;
+
+typedef uint32_t EFI_CC_EVENT_LOG_BITMAP;
+typedef uint32_t EFI_CC_EVENT_LOG_FORMAT;
+typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP;
+typedef uint32_t EFI_CC_MR_INDEX;
+
+#define TDX_MR_INDEX_MRTD  0
+#define TDX_MR_INDEX_RTMR0 1
+#define TDX_MR_INDEX_RTMR1 2
+#define TDX_MR_INDEX_RTMR2 3
+#define TDX_MR_INDEX_RTMR3 4
+
+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
+#define EFI_CC_BOOT_HASH_ALG_SHA384   0x00000004
+#define EFI_CC_EVENT_HEADER_VERSION   1
+
+typedef struct tdEFI_CC_EVENT_HEADER {
+	uint32_t HeaderSize;
+	uint16_t HeaderVersion;
+	EFI_CC_MR_INDEX MrIndex;
+	uint32_t EventType;
+} __attribute__((packed)) EFI_CC_EVENT_HEADER;
+
+typedef struct tdEFI_CC_EVENT {
+	uint32_t Size;
+	EFI_CC_EVENT_HEADER Header;
+	uint8_t Event[1];
+} __attribute__((packed)) EFI_CC_EVENT;
+
+typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY {
+	uint8_t Size;
+	EFI_CC_VERSION StructureVersion;
+	EFI_CC_VERSION ProtocolVersion;
+	EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
+	EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs;
+	EFI_CC_TYPE CcType;
+} EFI_CC_BOOT_SERVICE_CAPABILITY;
+
+struct efi_cc_protocol
+{
+	EFI_STATUS (EFIAPI *get_capability) (
+		struct efi_cc_protocol *this,
+		EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
+	EFI_STATUS (EFIAPI *get_event_log) (
+		struct efi_cc_protocol *this,
+		EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
+		EFI_PHYSICAL_ADDRESS *EventLogLocation,
+		EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
+		BOOLEAN *EventLogTruncated);
+	EFI_STATUS (EFIAPI *hash_log_extend_event) (
+		struct efi_cc_protocol *this,
+		uint64_t Flags,
+		EFI_PHYSICAL_ADDRESS DataToHash,
+		uint64_t DataToHashLen,
+		EFI_CC_EVENT *EfiCcEvent);
+	EFI_STATUS (EFIAPI *map_pcr_to_mr_index) (
+		struct efi_cc_protocol *this,
+		uint32_t PcrIndex,
+		EFI_CC_MR_INDEX *MrIndex);
+};
+
+typedef struct efi_cc_protocol efi_cc_protocol_t;
+
+#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010
+
+#endif /* SHIM_CC_H */
+// vim:fenc=utf-8:tw=75
diff --git a/include/compiler.h b/include/compiler.h
index b4bf1031..b0d595f3 100644
--- a/include/compiler.h
+++ b/include/compiler.h
@@ -192,5 +192,11 @@
  */
 #define unreachable() __builtin_unreachable()
 
+#if defined(__GNUC__)
+#define cache_invalidate(begin, end)  __builtin___clear_cache(begin, end)
+#else /* __GNUC__ */
+#error shim has no cache_invalidate() implementation for this compiler
+#endif /* __GNUC__ */
+
 #endif /* !COMPILER_H_ */
 // vim:fenc=utf-8:tw=75:et
diff --git a/include/guid.h b/include/guid.h
index d9910ff1..dad63f0f 100644
--- a/include/guid.h
+++ b/include/guid.h
@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID;
 extern EFI_GUID EFI_LOADED_IMAGE_GUID;
 extern EFI_GUID EFI_TPM_GUID;
 extern EFI_GUID EFI_TPM2_GUID;
+extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID;
 extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
 extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
 extern EFI_GUID SECURITY_PROTOCOL_GUID;
diff --git a/include/sbat.h b/include/sbat.h
index aca43598..c94c4fba 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -6,38 +6,6 @@
 #ifndef SBAT_H_
 #define SBAT_H_
 
-#define SBAT_VAR_SIG "sbat,"
-#define SBAT_VAR_VERSION "1,"
-#define SBAT_VAR_ORIGINAL_DATE "2021030218"
-#define SBAT_VAR_ORIGINAL \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
-
-#if defined(ENABLE_SHIM_DEVEL)
-#define SBAT_VAR_PREVIOUS_DATE "2022020101"
-#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
-#define SBAT_VAR_PREVIOUS \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-	SBAT_VAR_PREVIOUS_REVOCATIONS
-
-#define SBAT_VAR_LATEST_DATE "2022050100"
-#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
-#define SBAT_VAR_LATEST \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-	SBAT_VAR_LATEST_REVOCATIONS
-#else /* !ENABLE_SHIM_DEVEL */
-#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
-#define SBAT_VAR_PREVIOUS_REVOCATIONS
-#define SBAT_VAR_PREVIOUS \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-	SBAT_VAR_PREVIOUS_REVOCATIONS
-
-#define SBAT_VAR_LATEST_DATE "2022052400"
-#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
-#define SBAT_VAR_LATEST \
-	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-	SBAT_VAR_LATEST_REVOCATIONS
-#endif /* ENABLE_SHIM_DEVEL */
-
 #define UEFI_VAR_NV_BS \
 	(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
 #define UEFI_VAR_NV_BS_RT                                              \
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
new file mode 100644
index 00000000..6b01573e
--- /dev/null
+++ b/include/sbat_var_defs.h
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+
+#ifndef SBAT_VAR_DEFS_H_
+#define SBAT_VAR_DEFS_H_
+
+/*
+ * This is the entry for the sbat data format
+ */
+#define SBAT_VAR_SIG "sbat,"
+#define SBAT_VAR_VERSION "1,"
+#define SBAT_VAR_ORIGINAL_DATE "2021030218"
+#define SBAT_VAR_ORIGINAL \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
+
+#if defined(ENABLE_SHIM_DEVEL)
+#define SBAT_VAR_PREVIOUS_DATE "2022020101"
+#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
+#define SBAT_VAR_PREVIOUS \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+	SBAT_VAR_PREVIOUS_REVOCATIONS
+
+#define SBAT_VAR_LATEST_DATE "2022050100"
+#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
+#define SBAT_VAR_LATEST \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+	SBAT_VAR_LATEST_REVOCATIONS
+#else /* !ENABLE_SHIM_DEVEL */
+/*
+ * As of 2022-11-16, most folks (including Ubuntu, SUSE, openSUSE) don't have
+ * a "shim,2" yet, so adding that here would end up unbootable.
+ */
+#define SBAT_VAR_PREVIOUS_DATE "2022052400"
+#define SBAT_VAR_PREVIOUS_REVOCATIONS "grub,2\n"
+#define SBAT_VAR_PREVIOUS \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+	SBAT_VAR_PREVIOUS_REVOCATIONS
+
+#define SBAT_VAR_LATEST_DATE "2022111500"
+#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,3\n"
+#define SBAT_VAR_LATEST \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+	SBAT_VAR_LATEST_REVOCATIONS
+#endif /* ENABLE_SHIM_DEVEL */
+
+#endif /* !SBAT_VAR_DEFS_H_ */
diff --git a/include/test.mk b/include/test.mk
index e965c600..c0e24095 100644
--- a/include/test.mk
+++ b/include/test.mk
@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
 test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
 test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
 
-test-sbat_FILES = csv.c lib/variables.c lib/guid.c
+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
 test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
 
 test-str_FILES = lib/string.c
diff --git a/include/ucs2.h b/include/ucs2.h
index ee038ce7..87eab32f 100644
--- a/include/ucs2.h
+++ b/include/ucs2.h
@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject)
 	return ret;
 }
 
-/*
- * Test if an entire buffer is nothing but NUL characters.  This
- * implementation "gracefully" ignores the difference between the
- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL.
- */
-static inline bool
-__attribute__((__unused__))
-is_all_nuls(UINT8 *data, UINTN data_size)
-{
-	UINTN i;
-
-	for (i = 0; i < data_size; i++) {
-		if (data[i] != 0)
-			return false;
-	}
-	return true;
-}
-
 #endif /* SHIM_UCS2_H */