Merge tag '16.0' into vyos/current

shim-16.0

What's Changed
* Validate that a supplied vendor cert is not in PEM format by @steve-mcintyre in https://github.com/rhboot/shim/pull/646
* sbat: Add grub.peimage,2 to latest (CVE-2024-2312) by @julian-klode in https://github.com/rhboot/shim/pull/651
* sbat: Also bump latest for grub,4 (and to todays date) by @julian-klode in https://github.com/rhboot/shim/pull/653
* undo change that limits certificate files to a single file by @jsetje in https://github.com/rhboot/shim/pull/659
* shim: don't set second_stage to the empty string by @jjd27 in https://github.com/rhboot/shim/pull/640
* Fix SBAT.md for today's consensus about numbers by @aronowski in https://github.com/rhboot/shim/pull/672
* Update Code of Conduct contact address by @aronowski in https://github.com/rhboot/shim/pull/683
* make-certs: Handle missing OpenSSL installation by @aronowski in https://github.com/rhboot/shim/pull/595
* Update MokVars.txt by @mikebeaton in https://github.com/rhboot/shim/pull/598
* export DEFINES for sub makefile by @bryteise in https://github.com/rhboot/shim/pull/600
* Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition by @vittyvk in https://github.com/rhboot/shim/pull/609
* Null-terminate 'arguments' in fallback by @vittyvk in https://github.com/rhboot/shim/pull/611
* Fix "Verifiying" typo in error message by @chrisbainbridge in https://github.com/rhboot/shim/pull/706
* Update Fedora CI targets by @vathpela in https://github.com/rhboot/shim/pull/708
* Force gcc to produce DWARF4 so that gdb can use it by @mikebeaton in https://github.com/rhboot/shim/pull/607
* Minor housekeeping 2024121700 by @vathpela in https://github.com/rhboot/shim/pull/709
* Discard load-options that start with WINDOWS by @Metabolix in https://github.com/rhboot/shim/pull/621
* Fix the issue that the gBS->LoadImage pointer was empty. by @15058718379 in https://github.com/rhboot/shim/pull/703
* shim: Allow data after the end of device path node in load options by @dbnicholson in https://github.com/rhboot/shim/pull/694
* Handle network file not found like disks by @dbnicholson in https://github.com/rhboot/shim/pull/695
* Update gnu-efi submodule for EFI_HTTP_ERROR by @vathpela in https://github.com/rhboot/shim/pull/674
* Increase EFI file alignment by @lumag in https://github.com/rhboot/shim/pull/673
* avoid EFIv2 runtime services on Apple x86 machines by @eduardacatrinei in https://github.com/rhboot/shim/pull/690
* Improve shortcut performance when comparing two boolean expressions by @dennis-tseng99 in https://github.com/rhboot/shim/pull/667
* Provide better error message when MokManager is not found by @rmetrich in https://github.com/rhboot/shim/pull/663
* tpm: Boot with a warning if the event log is full by @kukrimate in https://github.com/rhboot/shim/pull/657
* MokManager: remove redundant logical constraints by @xypron in https://github.com/rhboot/shim/pull/409
* Test import_mok_state() when MokListRT would be bigger than available size by @vathpela in https://github.com/rhboot/shim/pull/417
* test-mok-mirror: minor bug fix by @vathpela in https://github.com/rhboot/shim/pull/715
* Fix file system browser hang when enrolling MOK from disk by @miczyg1 in https://github.com/rhboot/shim/pull/622
* Ignore a minor clang-tidy nit by @vathpela in https://github.com/rhboot/shim/pull/716
* Allow fallback to default loader when encountering errors on network boot by @nathan-omeara in https://github.com/rhboot/shim/pull/666
* test.mk: don't use a temporary random.bin by @vathpela in https://github.com/rhboot/shim/pull/718
* pe: Enhance debug report for update_mem_attrs by @jongwu in https://github.com/rhboot/shim/pull/594
* Multiple certificate handling improvements by @rosslagerwall in https://github.com/rhboot/shim/pull/644
* Generate SbatLevel Metadata from SbatLevel_Variable.txt by @jsetje in https://github.com/rhboot/shim/pull/711
* Apply EKU check with compile option by @dennis-tseng99 in https://github.com/rhboot/shim/pull/664
* Add configuration option to boot an alternative 2nd stage by @esnowberg in https://github.com/rhboot/shim/pull/608
* Loader protocol (with Device Path resolution support) by @kukrimate in https://github.com/rhboot/shim/pull/656
* netboot cleanup for additional files by @jsetje in https://github.com/rhboot/shim/pull/686
* Document how revocations can be delivered by @jsetje in https://github.com/rhboot/shim/pull/722
* post-process-pe: add tests to validate NX compliance by @vathpela in https://github.com/rhboot/shim/pull/705
* regression: CopyMem() in ad8692e copies out of bounds by @jsetje in https://github.com/rhboot/shim/pull/725
* Save the debug and error logs in mok-variables by @vathpela in https://github.com/rhboot/shim/pull/726
* Add features for the Host Security ID program by @vathpela in https://github.com/rhboot/shim/pull/660
* Mirror some more efi variables to mok-variables by @vathpela in https://github.com/rhboot/shim/pull/723
* This adds DXE Services measurements to HSI and uses them for NX by @vathpela in https://github.com/rhboot/shim/pull/724
* Add shim's current NX_COMPAT status to HSIStatus by @vathpela in https://github.com/rhboot/shim/pull/727
* README.tpm: reflect that vendor_db is in fact logged as "vendor_db" by @jsetje in https://github.com/rhboot/shim/pull/728
* Reject HTTP message with duplicate Content-Length header fields by @dennis-tseng99 in https://github.com/rhboot/shim/pull/637
* Disable log saving by @vathpela in https://github.com/rhboot/shim/pull/729
* fallback: don't add new boot order entries backwards by @vathpela in https://github.com/rhboot/shim/pull/730
* Misc fixes... by @vathpela in https://github.com/rhboot/shim/pull/735
* README.tpm: Update MokList entry to MokListRT by @trungams in https://github.com/rhboot/shim/pull/732
* SBAT Level update for February 2025 GRUB CVEs by @jsetje in https://github.com/rhboot/shim/pull/736

New Contributors
* @jjd27 made their first contribution in https://github.com/rhboot/shim/pull/640
* @mikebeaton made their first contribution in https://github.com/rhboot/shim/pull/598
* @bryteise made their first contribution in https://github.com/rhboot/shim/pull/600
* @vittyvk made their first contribution in https://github.com/rhboot/shim/pull/609
* @chrisbainbridge made their first contribution in https://github.com/rhboot/shim/pull/706
* @Metabolix made their first contribution in https://github.com/rhboot/shim/pull/621
* @15058718379 made their first contribution in https://github.com/rhboot/shim/pull/703
* @dbnicholson made their first contribution in https://github.com/rhboot/shim/pull/694
* @lumag made their first contribution in https://github.com/rhboot/shim/pull/673
* @eduardacatrinei made their first contribution in https://github.com/rhboot/shim/pull/690
* @kukrimate made their first contribution in https://github.com/rhboot/shim/pull/657
* @miczyg1 made their first contribution in https://github.com/rhboot/shim/pull/622
* @nathan-omeara made their first contribution in https://github.com/rhboot/shim/pull/666
* @jongwu made their first contribution in https://github.com/rhboot/shim/pull/594
* @rosslagerwall made their first contribution in https://github.com/rhboot/shim/pull/644
* @trungams made their first contribution in https://github.com/rhboot/shim/pull/732

**Full Changelog**: https://github.com/rhboot/shim/compare/15.8...16.0

* tag '16.0': (451 commits)
  Update version to 16.0
  SBAT Level update for February 2025 GRUB CVEs
  README.tpm: Update MokList entry to MokListRT
  Make 'make fanalyzer' work again.
  simple_dir_filter(): test our 'next' pointer
  shim_load_image(): initialize the buffer fully
  mirror_mok_db(): Free our mok variable name correctly
  mirror_one_mok_variable(): fix a memory leak on TPM log error.
  mirror_mok_db(): get rid of an unused variable+allocation
  generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
  generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
  generate_sbat_var_defs: run clang-format on readfile()
  SetSecureVariable(): free Cert on failure
  Update version to 16.0~rc1
  make-archive: some minor housekeeping
  makefiles: Make GITTAG swizzle tildes to dashes
  fallback: don't add new boot order entries backwards
  Disable log saving for now.
  Some save_logs() improvements.
  reject message with different values in multiple Content-Length header field
  ...

1 files changed, 74 insertions, 3 deletions

diff --git a/test-load-options.c b/test-load-options.c
index daf02d93..dfabe861 100644
--- a/test-load-options.c
+++ b/test-load-options.c
@@ -68,9 +68,12 @@ test_parse_load_options(char *load_option_data,
 	assert_false_goto(EFI_ERROR(status), err, "\n");
 
 	assert_nonzero_goto(second_stage, err, "\n");
-	assert_not_equal_goto(second_stage, dummy_second_stage, err, "%p == %p\n");
-	assert_zero_goto(StrnCmp(second_stage, target_second_stage, 90),
-			 err_print_second_stage, "%d != 0\n");
+	if (target_second_stage) {
+		assert_not_equal_goto(second_stage, dummy_second_stage, err, "%p == %p\n");
+		assert_zero_goto(StrnCmp(second_stage, target_second_stage, 90),
+				 err_print_second_stage, "%d != 0\n");
+	} else
+		assert_equal_goto(second_stage, dummy_second_stage, err, "%p != %p\n");
 
 	assert_equal_goto(load_options_size, target_remaining_size, err_remaining, "%zu != %zu\n");
 	assert_equal_goto(load_options, target_remaining, err_remaining, "%p != %p\n");
@@ -256,6 +259,73 @@ test_bds_2(void)
 }
 
 int
+test_multi_end_dp(void)
+{
+	/*
+00000000  01 00 00 00 d0 00 4f 00  6e 00 62 00 6f 00 61 00  |......O.n.b.o.a.|
+00000010  72 00 64 00 20 00 4e 00  49 00 43 00 28 00 49 00  |r.d. .N.I.C.(.I.|
+00000020  50 00 56 00 34 00 29 00  00 00 02 01 0c 00 d0 41  |P.V.4.)........A|
+00000030  03 0a 00 00 00 00 01 01  06 00 06 1f 03 0b 25 00  |..............%.|
+00000040  2c ea 7f 0a 9f 69 00 00  00 00 00 00 00 00 00 00  |,....i..........|
+00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000060  00 03 0c 1b 00 00 00 00  00 00 00 00 00 00 00 00  |................|
+00000070  00 00 00 00 00 00 00 00  00 00 00 00 7f ff 04 00  |................|
+00000080  01 04 76 00 ef 47 64 2d  c9 3b a0 41 ac 19 4d 51  |..v..Gd-.;.A..MQ|
+00000090  d0 1b 4c e6 50 00 58 00  45 00 20 00 49 00 50 00  |..L.P.X.E. .I.P.|
+000000a0  34 00 20 00 49 00 6e 00  74 00 65 00 6c 00 28 00  |4. .I.n.t.e.l.(.|
+000000b0  52 00 29 00 20 00 45 00  74 00 68 00 65 00 72 00  |R.). .E.t.h.e.r.|
+000000c0  6e 00 65 00 74 00 20 00  43 00 6f 00 6e 00 6e 00  |n.e.t. .C.o.n.n.|
+000000d0  65 00 63 00 74 00 69 00  6f 00 6e 00 20 00 28 00  |e.c.t.i.o.n. .(.|
+000000e0  36 00 29 00 20 00 49 00  32 00 31 00 39 00 2d 00  |6.). .I.2.1.9.-.|
+000000f0  4c 00 4d 00 00 00 7f ff  04 00 00 00 42 4f        |L.M.........BO|
+	 */
+	char load_option_data [] = {
+		0x01, 0x00, 0x00, 0x00, 0xd0, 0x00, 0x4f, 0x00,
+		0x6e, 0x00, 0x62, 0x00, 0x6f, 0x00, 0x61, 0x00,
+		0x72, 0x00, 0x64, 0x00, 0x20, 0x00, 0x4e, 0x00,
+		0x49, 0x00, 0x43, 0x00, 0x28, 0x00, 0x49, 0x00,
+		0x50, 0x00, 0x56, 0x00, 0x34, 0x00, 0x29, 0x00,
+		0x00, 0x00, 0x02, 0x01, 0x0c, 0x00, 0xd0, 0x41,
+		0x03, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01,
+		0x06, 0x00, 0x06, 0x1f, 0x03, 0x0b, 0x25, 0x00,
+		0x2c, 0xea, 0x7f, 0x0a, 0x9f, 0x69, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x03, 0x0c, 0x1b, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+		0x00, 0x00, 0x00, 0x00, 0x7f, 0xff, 0x04, 0x00,
+		0x01, 0x04, 0x76, 0x00, 0xef, 0x47, 0x64, 0x2d,
+		0xc9, 0x3b, 0xa0, 0x41, 0xac, 0x19, 0x4d, 0x51,
+		0xd0, 0x1b, 0x4c, 0xe6, 0x50, 0x00, 0x58, 0x00,
+		0x45, 0x00, 0x20, 0x00, 0x49, 0x00, 0x50, 0x00,
+		0x34, 0x00, 0x20, 0x00, 0x49, 0x00, 0x6e, 0x00,
+		0x74, 0x00, 0x65, 0x00, 0x6c, 0x00, 0x28, 0x00,
+		0x52, 0x00, 0x29, 0x00, 0x20, 0x00, 0x45, 0x00,
+		0x74, 0x00, 0x68, 0x00, 0x65, 0x00, 0x72, 0x00,
+		0x6e, 0x00, 0x65, 0x00, 0x74, 0x00, 0x20, 0x00,
+		0x43, 0x00, 0x6f, 0x00, 0x6e, 0x00, 0x6e, 0x00,
+		0x65, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00,
+		0x6f, 0x00, 0x6e, 0x00, 0x20, 0x00, 0x28, 0x00,
+		0x36, 0x00, 0x29, 0x00, 0x20, 0x00, 0x49, 0x00,
+		0x32, 0x00, 0x31, 0x00, 0x39, 0x00, 0x2d, 0x00,
+		0x4c, 0x00, 0x4d, 0x00, 0x00, 0x00, 0x7f, 0xff,
+		0x04, 0x00, 0x00, 0x00, 0x42, 0x4f
+	};
+	size_t load_option_data_size = sizeof(load_option_data);
+	char *target_remaining = &load_option_data[load_option_data_size - 2];
+	size_t target_remaining_size = 2;
+
+	return test_parse_load_options(load_option_data,
+				       load_option_data_size,
+				       "test.efi",
+				       NULL,
+				       target_remaining,
+				       target_remaining_size);
+}
+
+int
 main(void)
 {
 	int status = 0;
@@ -263,6 +333,7 @@ main(void)
 	test(test_bds_0);
 	test(test_bds_1);
 	test(test_bds_2);
+	test(test_multi_end_dp);
 	return status;
 }