8 files changed, 118 insertions, 16 deletions

diff --git a/include/compiler.h b/include/compiler.h
index 18576724..b4bf1031 100644
--- a/include/compiler.h
+++ b/include/compiler.h
@@ -47,8 +47,12 @@
 #define ALIAS(x) __attribute__((weak, alias (#x)))
 #endif
 #ifndef ALLOCFUNC
+#if defined(__COVERITY__)
+#define ALLOCFUNC(a, b)
+#else
 #define ALLOCFUNC(dealloc, dealloc_arg) __attribute__((__malloc__(dealloc, dealloc_arg)))
 #endif
+#endif
 #ifndef PRINTF
 #define PRINTF(first, args...) __attribute__((__format__(printf, first, ## args)))
 #endif
diff --git a/include/guid.h b/include/guid.h
index 07a19a91..d9910ff1 100644
--- a/include/guid.h
+++ b/include/guid.h
@@ -33,8 +33,8 @@ extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
 extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
 extern EFI_GUID SECURITY_PROTOCOL_GUID;
 extern EFI_GUID SECURITY2_PROTOCOL_GUID;
+extern EFI_GUID EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
 extern EFI_GUID SHIM_LOCK_GUID;
-
 extern EFI_GUID MOK_VARIABLE_STORE;
 
 #endif /* SHIM_GUID_H */
diff --git a/include/mok.h b/include/mok.h
index 96da397a..fb19423b 100644
--- a/include/mok.h
+++ b/include/mok.h
@@ -59,6 +59,9 @@ struct mok_state_variable {
 	UINT8 **addend;
 	UINT32 *addend_size;
 
+	UINT8 **user_cert;
+	UINT32 *user_cert_size;
+
 	/*
 	 * build_cert is our build-time cert.  Like addend, this is added
 	 * to the input variable, as part of the runtime variable, so that
@@ -97,5 +100,10 @@ struct mok_variable_config_entry {
 	UINT8 data[];
 };
 
+/*
+ * bit definitions for MokPolicy
+ */
+#define MOK_POLICY_REQUIRE_NX	1
+
 #endif /* !SHIM_MOK_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/include/pe.h b/include/pe.h
index 43727f5e..ccc8798b 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -14,8 +14,12 @@ EFI_STATUS
 read_header(void *data, unsigned int datasize,
 	    PE_COFF_LOADER_IMAGE_CONTEXT *context);
 
+EFI_STATUS verify_image(void *data, unsigned int datasize,
+			EFI_LOADED_IMAGE *li,
+			PE_COFF_LOADER_IMAGE_CONTEXT *context);
+
 EFI_STATUS
-handle_sbat(char *SBATBase, size_t SBATSize);
+verify_sbat_section(char *SBATBase, size_t SBATSize);
 
 EFI_STATUS
 handle_image (void *data, unsigned int datasize,
diff --git a/include/peimage.h b/include/peimage.h
index 3b3f01a7..e97b29c4 100644
--- a/include/peimage.h
+++ b/include/peimage.h
@@ -17,10 +17,14 @@
 

 #include "wincert.h"

 

-#define SIGNATURE_16(A, B)        ((A) | (B << 8))

-#define SIGNATURE_32(A, B, C, D)  (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16))

-#define SIGNATURE_64(A, B, C, D, E, F, G, H) \

-	(SIGNATURE_32 (A, B, C, D) | ((UINT64) (SIGNATURE_32 (E, F, G, H)) << 32))

+#define SIGNATURE_16(A, B) \

+	((UINT16)(((UINT16)(A)) | (((UINT16)(B)) << ((UINT16)8))))

+#define SIGNATURE_32(A, B, C, D)                 \

+	((UINT32)(((UINT32)SIGNATURE_16(A, B)) | \

+	          (((UINT32)SIGNATURE_16(C, D)) << (UINT32)16)))

+#define SIGNATURE_64(A, B, C, D, E, F, G, H)         \

+	((UINT64)((UINT64)SIGNATURE_32(A, B, C, D) | \

+	          ((UINT64)(SIGNATURE_32(E, F, G, H)) << (UINT64)32)))

 

 #define ALIGN_VALUE(Value, Alignment) ((Value) + (((Alignment) - (Value)) & ((Alignment) - 1)))

 #define ALIGN_POINTER(Pointer, Alignment) ((VOID *) (ALIGN_VALUE ((UINTN)(Pointer), (Alignment))))

@@ -236,6 +240,24 @@ typedef struct {
   EFI_IMAGE_DATA_DIRECTORY  DataDirectory[EFI_IMAGE_NUMBER_OF_DIRECTORY_ENTRIES];

 } EFI_IMAGE_OPTIONAL_HEADER64;

 

+#define EFI_IMAGE_DLLCHARACTERISTICS_RESERVED_0001         0x0001

+#define EFI_IMAGE_DLLCHARACTERISTICS_RESERVED_0002         0x0002

+#define EFI_IMAGE_DLLCHARACTERISTICS_RESERVED_0004         0x0004

+#define EFI_IMAGE_DLLCHARACTERISTICS_RESERVED_0008         0x0008

+#if 0 /* This is not in the PE spec. */

+#define EFI_IMAGE_DLLCHARACTERISTICS_RESERVED_0010         0x0010

+#endif

+#define EFI_IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA       0x0020

+#define EFI_IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE          0x0040

+#define EFI_IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY       0x0080

+#define EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT             0x0100

+#define EFI_IMAGE_DLLCHARACTERISTICS_NO_ISOLATION          0x0200

+#define EFI_IMAGE_DLLCHARACTERISTICS_NO_SEH                0x0400

+#define EFI_IMAGE_DLLCHARACTERISTICS_NO_BIND               0x0800

+#define EFI_IMAGE_DLLCHARACTERISTICS_APPCONTAINER          0x1000

+#define EFI_IMAGE_DLLCHARACTERISTICS_WDM_DRIVER            0x2000

+#define EFI_IMAGE_DLLCHARACTERISTICS_GUARD_CF              0x4000

+#define EFI_IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE 0x8000

 

 ///

 /// @attention

@@ -303,16 +325,31 @@ typedef struct {
 //

 // Section Flags Values

 //

-#define EFI_IMAGE_SCN_TYPE_NO_PAD                  0x00000008  ///< Reserved.

+#define EFI_IMAGE_SCN_RESERVED_00000000            0x00000000

+#define EFI_IMAGE_SCN_RESERVED_00000001            0x00000001

+#define EFI_IMAGE_SCN_RESERVED_00000002            0x00000002

+#define EFI_IMAGE_SCN_RESERVED_00000004            0x00000004

+#define EFI_IMAGE_SCN_TYPE_NO_PAD                  0x00000008

+#define EFI_IMAGE_SCN_RESERVED_00000010            0x00000010

 #define EFI_IMAGE_SCN_CNT_CODE                     0x00000020

 #define EFI_IMAGE_SCN_CNT_INITIALIZED_DATA         0x00000040

 #define EFI_IMAGE_SCN_CNT_UNINITIALIZED_DATA       0x00000080

-

-#define EFI_IMAGE_SCN_LNK_OTHER                    0x00000100  ///< Reserved.

-#define EFI_IMAGE_SCN_LNK_INFO                     0x00000200  ///< Section contains comments or some other type of information.

-#define EFI_IMAGE_SCN_LNK_REMOVE                   0x00000800  ///< Section contents will not become part of image.

+#define EFI_IMAGE_SCN_LNK_OTHER                    0x00000100

+#define EFI_IMAGE_SCN_LNK_INFO                     0x00000200

+#define EFI_IMAGE_SCN_RESERVED_00000400            0x00000400

+#define EFI_IMAGE_SCN_LNK_REMOVE                   0x00000800

 #define EFI_IMAGE_SCN_LNK_COMDAT                   0x00001000

-

+#define EFI_IMAGE_SCN_RESERVED_00002000            0x00002000

+#define EFI_IMAGE_SCN_RESERVED_00004000            0x00004000

+#define EFI_IMAGE_SCN_GPREL                        0x00008000

+/*

+ * PE 9.3 says both IMAGE_SCN_MEM_PURGEABLE and IMAGE_SCN_MEM_16BIT are

+ * 0x00020000, but I think it's wrong. --pjones

+ */

+#define EFI_IMAGE_SCN_MEM_PURGEABLE                0x00010000 // "Reserved for future use."

+#define EFI_IMAGE_SCN_MEM_16BIT                    0x00020000 // "Reserved for future use."

+#define EFI_IMAGE_SCN_MEM_LOCKED                   0x00040000 // "Reserved for future use."

+#define EFI_IMAGE_SCN_MEM_PRELOAD                  0x00080000 // "Reserved for future use."

 #define EFI_IMAGE_SCN_ALIGN_1BYTES                 0x00100000

 #define EFI_IMAGE_SCN_ALIGN_2BYTES                 0x00200000

 #define EFI_IMAGE_SCN_ALIGN_4BYTES                 0x00300000

@@ -320,7 +357,14 @@ typedef struct {
 #define EFI_IMAGE_SCN_ALIGN_16BYTES                0x00500000

 #define EFI_IMAGE_SCN_ALIGN_32BYTES                0x00600000

 #define EFI_IMAGE_SCN_ALIGN_64BYTES                0x00700000

-

+#define EFI_IMAGE_SCN_ALIGN_128BYTES               0x00800000

+#define EFI_IMAGE_SCN_ALIGN_256BYTES               0x00900000

+#define EFI_IMAGE_SCN_ALIGN_512BYTES               0x00a00000

+#define EFI_IMAGE_SCN_ALIGN_1024BYTES              0x00b00000

+#define EFI_IMAGE_SCN_ALIGN_2048BYTES              0x00c00000

+#define EFI_IMAGE_SCN_ALIGN_4096BYTES              0x00d00000

+#define EFI_IMAGE_SCN_ALIGN_8192BYTES              0x00e00000

+#define EFI_IMAGE_SCN_LNK_NRELOC_OVFL              0x01000000

 #define EFI_IMAGE_SCN_MEM_DISCARDABLE              0x02000000

 #define EFI_IMAGE_SCN_MEM_NOT_CACHED               0x04000000

 #define EFI_IMAGE_SCN_MEM_NOT_PAGED                0x08000000

diff --git a/include/sbat.h b/include/sbat.h
index 8551b74a..aca43598 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -8,8 +8,35 @@
 
 #define SBAT_VAR_SIG "sbat,"
 #define SBAT_VAR_VERSION "1,"
-#define SBAT_VAR_DATE "2021030218"
-#define SBAT_VAR SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_DATE "\n"
+#define SBAT_VAR_ORIGINAL_DATE "2021030218"
+#define SBAT_VAR_ORIGINAL \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
+
+#if defined(ENABLE_SHIM_DEVEL)
+#define SBAT_VAR_PREVIOUS_DATE "2022020101"
+#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
+#define SBAT_VAR_PREVIOUS \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+	SBAT_VAR_PREVIOUS_REVOCATIONS
+
+#define SBAT_VAR_LATEST_DATE "2022050100"
+#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
+#define SBAT_VAR_LATEST \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+	SBAT_VAR_LATEST_REVOCATIONS
+#else /* !ENABLE_SHIM_DEVEL */
+#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
+#define SBAT_VAR_PREVIOUS_REVOCATIONS
+#define SBAT_VAR_PREVIOUS \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
+	SBAT_VAR_PREVIOUS_REVOCATIONS
+
+#define SBAT_VAR_LATEST_DATE "2022052400"
+#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
+#define SBAT_VAR_LATEST \
+	SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
+	SBAT_VAR_LATEST_REVOCATIONS
+#endif /* ENABLE_SHIM_DEVEL */
 
 #define UEFI_VAR_NV_BS \
 	(EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
@@ -33,6 +60,13 @@
 #define SBAT_VAR_ATTRS UEFI_VAR_NV_BS
 #endif
 
+#define SBAT_POLICY L"SbatPolicy"
+#define SBAT_POLICY8 "SbatPolicy"
+
+#define SBAT_POLICY_LATEST	1
+#define SBAT_POLICY_PREVIOUS	2
+#define SBAT_POLICY_RESET	3
+
 extern UINTN _sbat, _esbat;
 
 struct sbat_var_entry {
@@ -51,7 +85,8 @@ extern list_t sbat_var;
 EFI_STATUS parse_sbat_var(list_t *entries);
 void cleanup_sbat_var(list_t *entries);
 EFI_STATUS set_sbat_uefi_variable(void);
-bool preserve_sbat_uefi_variable(UINT8 *sbat, UINTN sbatsize, UINT32 attributes);
+bool preserve_sbat_uefi_variable(UINT8 *sbat, UINTN sbatsize,
+				 UINT32 attributes, char *sbar_var);
 
 struct sbat_section_entry {
 	const CHAR8 *component_name;
diff --git a/include/test-data-efivars-1.h b/include/test-data-efivars-1.h
index 55090ede..2831bd23 100644
--- a/include/test-data-efivars-1.h
+++ b/include/test-data-efivars-1.h
@@ -102,5 +102,9 @@ static const unsigned char test_data_efivars_1_SbatLevelRT[] = {
 	0x32, 0x31, 0x30, 0x33, 0x30, 0x32, 0x31, 0x38, 0x0a
 };
 
+static const unsigned char test_data_efivars_1_MokListTrustedRT[] ={
+	0x01
+};
+
 #endif /* !TEST_DATA_EFIVARS_1_H_ */
 // vim:fenc=utf-8:tw=75:noet
diff --git a/include/test.mk b/include/test.mk
index 1a4fc220..e965c600 100644
--- a/include/test.mk
+++ b/include/test.mk
@@ -50,6 +50,9 @@ CFLAGS = $(OPTIMIZATIONS) -std=gnu11 \
 # of the "include" directory
 CFLAGS += -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include-fixed)
 
+# And on Debian also check the multi-arch include path
+CFLAGS += -isystem /usr/include/$(shell $(CC) $(ARCH_CFLAGS) -print-multiarch)
+
 export CFLAGS_LTO CFLAGS_GCOV
 
 libefi-test.a :